From bd107eabc4d275dddf2e49af4b3882cc5308c55c Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 25 Oct 2022 23:25:50 +0530 Subject: [PATCH 001/103] migrate 1password to by_value --- .../1password-item-usages-full-dashboard.json | 645 +++++++++++---- ...ssword-signin-attempts-full-dashboard.json | 765 ++++++++++++++---- .../1password-item-usages-source-IPs-map.json | 144 ---- ...ssword-signin-attempts-source-IPs-map.json | 144 ---- .../1password-item-usages-hot-items.json | 82 -- .../1password-item-usages-hot-users.json | 100 --- .../1password-item-usages-hot-vaults.json | 86 -- .../1password-item-usages-over-time.json | 149 ---- ...-signin-attempts-categories-over-time.json | 176 ---- ...sword-signin-attempts-count-over-time.json | 149 ---- ...password-signin-attempts-failed-gauge.json | 113 --- .../1password-signin-attempts-hot-users.json | 100 --- 12 files changed, 1109 insertions(+), 1544 deletions(-) delete mode 100644 packages/1password/kibana/map/1password-item-usages-source-IPs-map.json delete mode 100644 packages/1password/kibana/map/1password-signin-attempts-source-IPs-map.json delete mode 100644 packages/1password/kibana/visualization/1password-item-usages-hot-items.json delete mode 100644 packages/1password/kibana/visualization/1password-item-usages-hot-users.json delete mode 100644 packages/1password/kibana/visualization/1password-item-usages-hot-vaults.json delete mode 100644 packages/1password/kibana/visualization/1password-item-usages-over-time.json delete mode 100644 packages/1password/kibana/visualization/1password-signin-attempts-categories-over-time.json delete mode 100644 packages/1password/kibana/visualization/1password-signin-attempts-count-over-time.json delete mode 100644 packages/1password/kibana/visualization/1password-signin-attempts-failed-gauge.json delete mode 100644 packages/1password/kibana/visualization/1password-signin-attempts-hot-users.json diff --git a/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json b/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json index 4b66ba7e6b7..be83f27e010 100644 --- a/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json +++ b/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json @@ -1,173 +1,516 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "1password-item-usages-full-dashboard", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T17:55:08.573Z", + "version": "WzYxNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" + }, + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.15.0-SNAPSHOT", + "type": "search", + "gridData": { + "x": 0, + "y": 0, + "w": 31, + "h": 15, + "i": "33e47a7b-72d2-4721-818c-8df8d710c5ea" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "panelIndex": "33e47a7b-72d2-4721-818c-8df8d710c5ea", + "embeddableConfig": { + "enhancements": {} }, - "panelsJSON": [ - { - "version": "7.15.0-SNAPSHOT", - "type": "search", - "gridData": { - "x": 0, - "y": 0, - "w": 31, - "h": 15, - "i": "33e47a7b-72d2-4721-818c-8df8d710c5ea" - }, - "panelIndex": "33e47a7b-72d2-4721-818c-8df8d710c5ea", - "embeddableConfig": { - "enhancements": {} - }, - "panelRefName": "panel_33e47a7b-72d2-4721-818c-8df8d710c5ea" + "panelRefName": "panel_33e47a7b-72d2-4721-818c-8df8d710c5ea" + }, + { + "version": "7.14.0", + "type": "map", + "gridData": { + "x": 31, + "y": 0, + "w": 17, + "h": 15, + "i": "5270ad02-a029-4aab-a42a-b0b38988d36d" + }, + "panelIndex": "5270ad02-a029-4aab-a42a-b0b38988d36d", + "embeddableConfig": { + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 0.5 + }, + "mapBuffer": { + "minLon": -360, + "minLat": -85.05113, + "maxLon": 360, + "maxLat": 85.05113 + }, + "isLayerTOCOpen": true, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "Audit item usages Source Locations [1Password]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"11a86591-809c-4c7b-9668-0d0cc31980c9\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"55025914-752d-4a12-88f4-c9fe89ddbb9d\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.item_usages\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"ae93e398-4d52-4616-99c3-783c0f34d767\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 15, + "w": 24, + "h": 11, + "i": "1591a01e-b61e-4f3a-88d5-f825e39e60b6" + }, + "panelIndex": "1591a01e-b61e-4f3a-88d5-f825e39e60b6", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages over time [1Password]", + "description": "", + "uiState": {}, + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal", + "defaultYExtents": true + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "Count" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "linear", + "times": [], + "addTimeMarker": false, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 31, - "y": 0, - "w": 17, - "h": 15, - "i": "5270ad02-a029-4aab-a42a-b0b38988d36d" + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "5270ad02-a029-4aab-a42a-b0b38988d36d", - "embeddableConfig": { - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 0.5 + { + "id": "2", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-7d/d", + "to": "now" }, - "mapBuffer": { - "minLon": -360, - "minLat": -85.05113, - "maxLon": 360, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "3h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {} + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_5270ad02-a029-4aab-a42a-b0b38988d36d" + "filter": [] + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 15, + "w": 24, + "h": 11, + "i": "3e1ea7df-1443-41c2-a4b4-45389042d2d4" + }, + "panelIndex": "3e1ea7df-1443-41c2-a4b4-45389042d2d4", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages hot users [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 24, - "h": 11, - "i": "1591a01e-b61e-4f3a-88d5-f825e39e60b6" + "type": "table", + "data": { + "aggs": [ + { + "id": "3", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.full_name", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Name" + }, + "schema": "metric" }, - "panelIndex": "1591a01e-b61e-4f3a-88d5-f825e39e60b6", - "embeddableConfig": { - "enhancements": {} + { + "id": "4", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.email", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Email" + }, + "schema": "metric" }, - "panelRefName": "panel_1591a01e-b61e-4f3a-88d5-f825e39e60b6" - }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 15, - "w": 24, - "h": 11, - "i": "3e1ea7df-1443-41c2-a4b4-45389042d2d4" + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" }, - "panelIndex": "3e1ea7df-1443-41c2-a4b4-45389042d2d4", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user.id", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "User UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_3e1ea7df-1443-41c2-a4b4-45389042d2d4" + "filter": [] + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 26, + "w": 24, + "h": 12, + "i": "36297d46-8bb5-476c-b772-479be5811393" + }, + "panelIndex": "36297d46-8bb5-476c-b772-479be5811393", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages hot items [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 26, - "w": 24, - "h": 12, - "i": "36297d46-8bb5-476c-b772-479be5811393" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" + }, + { + "id": "3", + "enabled": true, + "type": "max", + "params": { + "field": "@timestamp", + "customLabel": "Last usage" + }, + "schema": "metric" }, - "panelIndex": "36297d46-8bb5-476c-b772-479be5811393", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "onepassword.item_uuid", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Item UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "language": "kuery", + "query": "" }, - "panelRefName": "panel_36297d46-8bb5-476c-b772-479be5811393" + "filter": [] + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 26, + "w": 24, + "h": 12, + "i": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988" + }, + "panelIndex": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages hot vaults [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 26, - "w": 24, - "h": 12, - "i": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" + }, + { + "id": "3", + "enabled": true, + "type": "top_hits", + "params": { + "field": "onepassword.item_uuid", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc", + "customLabel": "Top Item UUID" + }, + "schema": "metric" }, - "panelIndex": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "onepassword.vault_uuid", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Vault UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "language": "kuery", + "query": "" }, - "panelRefName": "panel_d7f0be27-d6ed-4ef6-a217-3ee1837a7988" + "filter": [] + } } - ], - "timeRestore": false, - "title": "Item Usages [1Password]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-full-dashboard", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "33e47a7b-72d2-4721-818c-8df8d710c5ea:panel_33e47a7b-72d2-4721-818c-8df8d710c5ea", - "type": "search" - }, - { - "id": "1password-item-usages-source-IPs-map", - "name": "5270ad02-a029-4aab-a42a-b0b38988d36d:panel_5270ad02-a029-4aab-a42a-b0b38988d36d", - "type": "map" - }, - { - "id": "1password-item-usages-over-time", - "name": "1591a01e-b61e-4f3a-88d5-f825e39e60b6:panel_1591a01e-b61e-4f3a-88d5-f825e39e60b6", - "type": "visualization" - }, - { - "id": "1password-item-usages-hot-users", - "name": "3e1ea7df-1443-41c2-a4b4-45389042d2d4:panel_3e1ea7df-1443-41c2-a4b4-45389042d2d4", - "type": "visualization" - }, - { - "id": "1password-item-usages-hot-items", - "name": "36297d46-8bb5-476c-b772-479be5811393:panel_36297d46-8bb5-476c-b772-479be5811393", - "type": "visualization" - }, - { - "id": "1password-item-usages-hot-vaults", - "name": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988:panel_d7f0be27-d6ed-4ef6-a217-3ee1837a7988", - "type": "visualization" + } } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Item Usages [1Password]", + "version": 1 + }, + "references": [ + { + "id": "1password-item-usages", + "name": "33e47a7b-72d2-4721-818c-8df8d710c5ea:panel_33e47a7b-72d2-4721-818c-8df8d710c5ea", + "type": "search" + }, + { + "type": "index-pattern", + "name": "5270ad02-a029-4aab-a42a-b0b38988d36d:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "1591a01e-b61e-4f3a-88d5-f825e39e60b6:search_0", + "id": "1password-item-usages" + }, + { + "type": "search", + "name": "3e1ea7df-1443-41c2-a4b4-45389042d2d4:search_0", + "id": "1password-item-usages" + }, + { + "type": "search", + "name": "36297d46-8bb5-476c-b772-479be5811393:search_0", + "id": "1password-item-usages" + }, + { + "type": "search", + "name": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988:search_0", + "id": "1password-item-usages" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json b/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json index 62b2344d622..3a11c0e9452 100644 --- a/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json +++ b/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json @@ -1,173 +1,638 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "1password-signin-attempts-full-dashboard", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T17:55:08.573Z", + "version": "WzYxNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" + }, + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.15.0-SNAPSHOT", + "type": "search", + "gridData": { + "x": 0, + "y": 0, + "w": 31, + "h": 15, + "i": "944e346e-36df-430b-9734-5d91da79bdc1" + }, + "panelIndex": "944e346e-36df-430b-9734-5d91da79bdc1", + "embeddableConfig": { + "enhancements": {} + }, + "panelRefName": "panel_944e346e-36df-430b-9734-5d91da79bdc1" + }, + { + "version": "7.14.0", + "type": "map", + "gridData": { + "x": 31, + "y": 0, + "w": 17, + "h": 15, + "i": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "panelIndex": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f", + "embeddableConfig": { + "mapCenter": { + "lat": 18.69679, + "lon": -18.18807, + "zoom": 0.62 + }, + "mapBuffer": { + "minLon": -360, + "minLat": -85.05113, + "maxLon": 360, + "maxLat": 85.05113 + }, + "isLayerTOCOpen": false, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "Audit sign-in attempts Source Locations [1Password]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"db596930-2b43-4b31-b555-5bfb2ef9a3b3\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a912dae9-61dd-4f45-96d4-15968e14aa79\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.signin_attempts\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"98b57871-9ec7-49ce-b371-bd052adaf795\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 15, + "w": 11, + "h": 9, + "i": "1249ea4b-cf49-4d87-8125-7f1dba37353f" }, - "panelsJSON": [ - { - "version": "7.15.0-SNAPSHOT", - "type": "search", - "gridData": { - "x": 0, - "y": 0, - "w": 31, - "h": 15, - "i": "944e346e-36df-430b-9734-5d91da79bdc1" + "panelIndex": "1249ea4b-cf49-4d87-8125-7f1dba37353f", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts unsuccessful gauge [1Password]", + "description": "", + "uiState": {}, + "params": { + "type": "gauge", + "addTooltip": true, + "addLegend": true, + "isDisplayWarning": false, + "gauge": { + "alignment": "automatic", + "extendRange": true, + "percentageMode": false, + "gaugeType": "Arc", + "gaugeStyle": "Full", + "backStyle": "Full", + "orientation": "vertical", + "colorSchema": "Green to Red", + "gaugeColorMode": "Labels", + "colorsRange": [ + { + "from": 0, + "to": 10 + }, + { + "from": 10, + "to": 30 + }, + { + "from": 30, + "to": 100 + } + ], + "invertColors": false, + "labels": { + "show": true, + "color": "black" }, - "panelIndex": "944e346e-36df-430b-9734-5d91da79bdc1", - "embeddableConfig": { - "enhancements": {} + "scale": { + "show": true, + "labels": false, + "color": "rgba(105,112,125,0.2)" }, - "panelRefName": "panel_944e346e-36df-430b-9734-5d91da79bdc1" + "type": "meter", + "style": { + "bgWidth": 0.9, + "width": 0.9, + "mask": false, + "bgMask": false, + "maskBars": 50, + "bgFill": "rgba(105,112,125,0.2)", + "bgColor": true, + "subText": "", + "fontSize": 60 + } + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 31, - "y": 0, - "w": 17, - "h": 15, - "i": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f" + "type": "gauge", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "schema": "metric", + "params": {} }, - "panelIndex": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f", - "embeddableConfig": { - "mapCenter": { - "lat": 18.69679, - "lon": -18.18807, - "zoom": 0.62 - }, - "mapBuffer": { - "minLon": -360, - "minLat": -85.05113, - "maxLon": 360, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": false, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "filters", + "schema": "group", + "params": { + "filters": [ + { + "input": { + "query": "NOT event.action: (\"success\" \"firewall_reported_success\")", + "language": "lucene" + }, + "label": "Failed Sign-in attempts" + } + ] + } + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_5a635dbb-4cb6-46f8-9d4c-dd12078b184f" + "filter": [] + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 11, + "y": 15, + "w": 20, + "h": 9, + "i": "51433376-546a-492a-906e-9ca7f5d34f68" + }, + "panelIndex": "51433376-546a-492a-906e-9ca7f5d34f68", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts over time [1Password]", + "description": "", + "uiState": {}, + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal", + "defaultYExtents": true + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "Count" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "linear", + "times": [], + "addTimeMarker": false, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 11, - "h": 9, - "i": "1249ea4b-cf49-4d87-8125-7f1dba37353f" + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "1249ea4b-cf49-4d87-8125-7f1dba37353f", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-7d/d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "3h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {} + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_1249ea4b-cf49-4d87-8125-7f1dba37353f" + "filter": [] + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 31, + "y": 15, + "w": 17, + "h": 9, + "i": "8f8ae43c-e8d4-4425-b418-224a7db57e86" + }, + "panelIndex": "8f8ae43c-e8d4-4425-b418-224a7db57e86", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts categories over time [1Password]", + "description": "", + "uiState": { + "vis": { + "colors": { + "success": "#54b399", + "credentials_failed": "#e7664c", + "mfa_failed": "#9170b8", + "modern_version_failed": "#d6bf57", + "firewall_failed": "#d36086", + "firewall_reported_success": "#6092c0" + } + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 11, - "y": 15, - "w": 20, - "h": 9, - "i": "51433376-546a-492a-906e-9ca7f5d34f68" + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal", + "defaultYExtents": true + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "Count" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "zero", + "times": [], + "addTimeMarker": false, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } + }, + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" + }, + { + "id": "4", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-7d/d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "3h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {} + }, + "schema": "segment" }, - "panelIndex": "51433376-546a-492a-906e-9ca7f5d34f68", - "embeddableConfig": { - "enhancements": {} + { + "id": "3", + "enabled": true, + "type": "terms", + "params": { + "field": "event.action", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing" + }, + "schema": "group" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_51433376-546a-492a-906e-9ca7f5d34f68" + "filter": [] + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 24, + "w": 48, + "h": 9, + "i": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd" + }, + "panelIndex": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts hot users [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 31, - "y": 15, - "w": 17, - "h": 9, - "i": "8f8ae43c-e8d4-4425-b418-224a7db57e86" + "type": "table", + "data": { + "aggs": [ + { + "id": "3", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.full_name", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Name" + }, + "schema": "metric" }, - "panelIndex": "8f8ae43c-e8d4-4425-b418-224a7db57e86", - "embeddableConfig": { - "enhancements": {} + { + "id": "4", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.email", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Email" + }, + "schema": "metric" }, - "panelRefName": "panel_8f8ae43c-e8d4-4425-b418-224a7db57e86" - }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 24, - "w": 48, - "h": 9, - "i": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd" + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" }, - "panelIndex": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user.id", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Target User UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd" + "filter": [] + } } - ], - "timeRestore": false, - "title": "Sign-in Attempts [1Password]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-full-dashboard", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "944e346e-36df-430b-9734-5d91da79bdc1:panel_944e346e-36df-430b-9734-5d91da79bdc1", - "type": "search" - }, - { - "id": "1password-signin-attempts-source-IPs-map", - "name": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f:panel_5a635dbb-4cb6-46f8-9d4c-dd12078b184f", - "type": "map" - }, - { - "id": "1password-signin-attempts-failed-gauge", - "name": "1249ea4b-cf49-4d87-8125-7f1dba37353f:panel_1249ea4b-cf49-4d87-8125-7f1dba37353f", - "type": "visualization" - }, - { - "id": "1password-signin-attempts-count-over-time", - "name": "51433376-546a-492a-906e-9ca7f5d34f68:panel_51433376-546a-492a-906e-9ca7f5d34f68", - "type": "visualization" - }, - { - "id": "1password-signin-attempts-categories-over-time", - "name": "8f8ae43c-e8d4-4425-b418-224a7db57e86:panel_8f8ae43c-e8d4-4425-b418-224a7db57e86", - "type": "visualization" - }, - { - "id": "1password-signin-attempts-hot-users", - "name": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd:panel_683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd", - "type": "visualization" + } } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Sign-in Attempts [1Password]", + "version": 1 + }, + "references": [ + { + "id": "1password-signin-attempts", + "name": "944e346e-36df-430b-9734-5d91da79bdc1:panel_944e346e-36df-430b-9734-5d91da79bdc1", + "type": "search" + }, + { + "type": "index-pattern", + "name": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "1249ea4b-cf49-4d87-8125-7f1dba37353f:search_0", + "id": "1password-signin-attempts" + }, + { + "type": "search", + "name": "51433376-546a-492a-906e-9ca7f5d34f68:search_0", + "id": "1password-signin-attempts" + }, + { + "type": "search", + "name": "8f8ae43c-e8d4-4425-b418-224a7db57e86:search_0", + "id": "1password-signin-attempts" + }, + { + "type": "search", + "name": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd:search_0", + "id": "1password-signin-attempts" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/1password/kibana/map/1password-item-usages-source-IPs-map.json b/packages/1password/kibana/map/1password-item-usages-source-IPs-map.json deleted file mode 100644 index de425225ebe..00000000000 --- a/packages/1password/kibana/map/1password-item-usages-source-IPs-map.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "11a86591-809c-4c7b-9668-0d0cc31980c9", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "55025914-752d-4a12-88f4-c9fe89ddbb9d", - "joins": [], - "label": "Source Locations", - "maxZoom": 24, - "minZoom": 0, - "query": { - "language": "kuery", - "query": "data_stream.dataset:1password.item_usages" - }, - "sourceDescriptor": { - "applyGlobalQuery": true, - "filterByMapBounds": true, - "geoField": "source.geo.location", - "id": "ae93e398-4d52-4616-99c3-783c0f34d767", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "LIMIT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "title": "Audit item usages Source Locations [1Password]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "1password-item-usages-source-IPs-map", - "migrationVersion": { - "map": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/1password/kibana/map/1password-signin-attempts-source-IPs-map.json b/packages/1password/kibana/map/1password-signin-attempts-source-IPs-map.json deleted file mode 100644 index cf8b5107cad..00000000000 --- a/packages/1password/kibana/map/1password-signin-attempts-source-IPs-map.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "db596930-2b43-4b31-b555-5bfb2ef9a3b3", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "a912dae9-61dd-4f45-96d4-15968e14aa79", - "joins": [], - "label": "Source Locations", - "maxZoom": 24, - "minZoom": 0, - "query": { - "language": "kuery", - "query": "data_stream.dataset:1password.signin_attempts" - }, - "sourceDescriptor": { - "applyGlobalQuery": true, - "filterByMapBounds": true, - "geoField": "source.geo.location", - "id": "98b57871-9ec7-49ce-b371-bd052adaf795", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "LIMIT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "title": "Audit sign-in attempts Source Locations [1Password]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "1password-signin-attempts-source-IPs-map", - "migrationVersion": { - "map": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-hot-items.json b/packages/1password/kibana/visualization/1password-item-usages-hot-items.json deleted file mode 100644 index abf1aff1e2f..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-hot-items.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "language": "kuery", - "query": "" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages hot items [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "3", - "enabled": true, - "type": "max", - "params": { - "field": "@timestamp", - "customLabel": "Last usage" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "onepassword.item_uuid", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Item UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-hot-items", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-hot-users.json b/packages/1password/kibana/visualization/1password-item-usages-hot-users.json deleted file mode 100644 index c4fe181f6d6..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-hot-users.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages hot users [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "3", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.full_name", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Name" - }, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.email", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Email" - }, - "schema": "metric" - }, - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.id", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "User UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-hot-users", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-hot-vaults.json b/packages/1password/kibana/visualization/1password-item-usages-hot-vaults.json deleted file mode 100644 index 15221667f79..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-hot-vaults.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "language": "kuery", - "query": "" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages hot vaults [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "3", - "enabled": true, - "type": "top_hits", - "params": { - "field": "onepassword.item_uuid", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "Top Item UUID" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "onepassword.vault_uuid", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Vault UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-hot-vaults", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-over-time.json b/packages/1password/kibana/visualization/1password-item-usages-over-time.json deleted file mode 100644 index 399a821dd10..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-over-time.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages over time [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-7d/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "3h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {} - }, - "schema": "segment" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal", - "defaultYExtents": true - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-over-time", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-categories-over-time.json b/packages/1password/kibana/visualization/1password-signin-attempts-categories-over-time.json deleted file mode 100644 index cb1335908aa..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-categories-over-time.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts categories over time [1Password]", - "uiStateJSON": { - "vis": { - "colors": { - "success": "#54b399", - "credentials_failed": "#e7664c", - "mfa_failed": "#9170b8", - "modern_version_failed": "#d6bf57", - "firewall_failed": "#d36086", - "firewall_reported_success": "#6092c0" - } - } - }, - "version": 1, - "visState": { - "title": "", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-7d/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "3h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {} - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "event.action", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" - }, - "schema": "group" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal", - "defaultYExtents": true - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "zero", - "times": [], - "addTimeMarker": false, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-categories-over-time", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-count-over-time.json b/packages/1password/kibana/visualization/1password-signin-attempts-count-over-time.json deleted file mode 100644 index 1dc3e20e093..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-count-over-time.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts over time [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-7d/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "3h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {} - }, - "schema": "segment" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal", - "defaultYExtents": true - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-count-over-time", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-failed-gauge.json b/packages/1password/kibana/visualization/1password-signin-attempts-failed-gauge.json deleted file mode 100644 index 6cf0cfb6e5c..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-failed-gauge.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts unsuccessful gauge [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "type": "gauge", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "schema": "metric", - "params": {} - }, - { - "id": "2", - "enabled": true, - "type": "filters", - "schema": "group", - "params": { - "filters": [ - { - "input": { - "query": "NOT event.action: (\"success\" \"firewall_reported_success\")", - "language": "lucene" - }, - "label": "Failed Sign-in attempts" - } - ] - } - } - ], - "params": { - "type": "gauge", - "addTooltip": true, - "addLegend": true, - "isDisplayWarning": false, - "gauge": { - "alignment": "automatic", - "extendRange": true, - "percentageMode": false, - "gaugeType": "Arc", - "gaugeStyle": "Full", - "backStyle": "Full", - "orientation": "vertical", - "colorSchema": "Green to Red", - "gaugeColorMode": "Labels", - "colorsRange": [ - { - "from": 0, - "to": 10 - }, - { - "from": 10, - "to": 30 - }, - { - "from": 30, - "to": 100 - } - ], - "invertColors": false, - "labels": { - "show": true, - "color": "black" - }, - "scale": { - "show": true, - "labels": false, - "color": "rgba(105,112,125,0.2)" - }, - "type": "meter", - "style": { - "bgWidth": 0.9, - "width": 0.9, - "mask": false, - "bgMask": false, - "maskBars": 50, - "bgFill": "rgba(105,112,125,0.2)", - "bgColor": true, - "subText": "", - "fontSize": 60 - } - } - }, - "title": "" - } - }, - "id": "1password-signin-attempts-failed-gauge", - "migrationVersion": { - "visualization": "7.7.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-hot-users.json b/packages/1password/kibana/visualization/1password-signin-attempts-hot-users.json deleted file mode 100644 index b3160218bae..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-hot-users.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts hot users [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "3", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.full_name", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Name" - }, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.email", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Email" - }, - "schema": "metric" - }, - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.id", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Target User UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-hot-users", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From c82464c03690fea820645630b8efbcecb5918f7f Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 25 Oct 2022 23:32:42 +0530 Subject: [PATCH 002/103] migrate auditd to by_value --- ...-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json | 518 ++++++++++++------ ...-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json | 27 - ...-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json | 79 --- ...-6295bdd0-0a0e-11e7-825f-6748cda7d858.json | 68 --- ...-c5411910-0a87-11e7-8b04-eb22a5669f27.json | 67 --- 5 files changed, 341 insertions(+), 418 deletions(-) delete mode 100644 packages/auditd/kibana/visualization/auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json delete mode 100644 packages/auditd/kibana/visualization/auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json delete mode 100644 packages/auditd/kibana/visualization/auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858.json delete mode 100644 packages/auditd/kibana/visualization/auditd-c5411910-0a87-11e7-8b04-eb22a5669f27.json diff --git a/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json b/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json index a403da1b226..4a746834a7c 100644 --- a/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json +++ b/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json @@ -1,197 +1,361 @@ { - "attributes": { - "description": "Dashboard for the Auditd Logs integration", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:01:54.874Z", + "version": "WzYzMSwxXQ==", + "attributes": { + "description": "Dashboard for the Auditd Logs integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:auditd.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event types breakdown [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd.log" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 16, + "i": "1", + "w": 16, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "1", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 16, - "i": "2", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Exec Commands [Logs Auditd]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 16 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "6", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Command (arg 0)", + "field": "auditd.log.a0", + "order": "desc", + "orderBy": "1", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.action:\"EXECVE\" or event.action:\"execve\"" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "2", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Results [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(q=\"data_stream.dataset:auditd.log NOT event.outcome:failure\").label(\"Success\"), .es(q=\"event.outcome:failed\").label(\"Failure\").title(\"Audit Event Results\")", + "interval": "auto" }, - { - "embeddableConfig": { - "columns": [ - "event.action", - "auditd.log.sequence", - "user.name" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] - }, - "gridData": { - "h": 12, - "i": "7", - "w": 48, - "x": 0, - "y": 28 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "search", - "version": "8.0.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Account Tag Cloud [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 42, + "minFontSize": 15, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"623a62b9-8745-4fec-8738-bbe6fb8c16aa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"efef3e71-f9ce-4a8e-8c27-68ad0d047d9b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Event Address Geo Location [Logs Auditd]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"8155deb8-6760-42ad-b14a-dd20958bcb52\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Event Address Geo Location [Logs Auditd]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "09f4ba02-a62c-410f-8d43-31e9e5278826", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "09f4ba02-a62c-410f-8d43-31e9e5278826", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Auditd] Audit Events", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858", - "name": "1:panel_1", - "type": "visualization" + } + }, + "gridData": { + "h": 16, + "i": "6", + "w": 16, + "x": 16, + "y": 0 }, - { - "id": "auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858", - "name": "2:panel_2", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "columns": [ + "event.action", + "auditd.log.sequence", + "user.name" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "id": "auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7", - "name": "3:panel_3", - "type": "visualization" + "gridData": { + "h": 12, + "i": "7", + "w": 48, + "x": 0, + "y": 28 }, - { - "id": "auditd-c5411910-0a87-11e7-8b04-eb22a5669f27", - "name": "6:panel_6", - "type": "visualization" + "panelIndex": "7", + "panelRefName": "panel_7", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"623a62b9-8745-4fec-8738-bbe6fb8c16aa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"efef3e71-f9ce-4a8e-8c27-68ad0d047d9b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Event Address Geo Location [Logs Auditd]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"8155deb8-6760-42ad-b14a-dd20958bcb52\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Event Address Geo Location [Logs Auditd]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "auditd-4ac0a370-0a11-11e7-8b04-eb22a5669f27", - "name": "7:panel_7", - "type": "search" + "gridData": { + "h": 12, + "i": "09f4ba02-a62c-410f-8d43-31e9e5278826", + "w": 24, + "x": 24, + "y": 16 }, - { - "id": "logs-*", - "name": "09f4ba02-a62c-410f-8d43-31e9e5278826:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "09f4ba02-a62c-410f-8d43-31e9e5278826", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Auditd] Audit Events", + "version": 1 + }, + "references": [ + { + "id": "auditd-4ac0a370-0a11-11e7-8b04-eb22a5669f27", + "name": "7:panel_7", + "type": "search" + }, + { + "id": "logs-*", + "name": "09f4ba02-a62c-410f-8d43-31e9e5278826:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json b/packages/auditd/kibana/visualization/auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json deleted file mode 100644 index fd6b1b27e9d..00000000000 --- a/packages/auditd/kibana/visualization/auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Event Results [Logs Auditd]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "expression": ".es(q=\"data_stream.dataset:auditd.log NOT event.outcome:failure\").label(\"Success\"), .es(q=\"event.outcome:failed\").label(\"Failure\").title(\"Audit Event Results\")", - "interval": "auto" - }, - "title": "Event Results [Logs Auditd]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json b/packages/auditd/kibana/visualization/auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json deleted file mode 100644 index 95d5f66ffe9..00000000000 --- a/packages/auditd/kibana/visualization/auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.action:\"EXECVE\" or event.action:\"execve\"" - } - } - }, - "title": "Top Exec Commands [Logs Auditd]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Command (arg 0)", - "field": "auditd.log.a0", - "order": "desc", - "orderBy": "1", - "size": 30 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Audit Top Exec Commands", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858.json b/packages/auditd/kibana/visualization/auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858.json deleted file mode 100644 index 7add67b674b..00000000000 --- a/packages/auditd/kibana/visualization/auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Event types breakdown [Logs Auditd]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Audit Event Types", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-c5411910-0a87-11e7-8b04-eb22a5669f27.json b/packages/auditd/kibana/visualization/auditd-c5411910-0a87-11e7-8b04-eb22a5669f27.json deleted file mode 100644 index 461480fff0b..00000000000 --- a/packages/auditd/kibana/visualization/auditd-c5411910-0a87-11e7-8b04-eb22a5669f27.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Event Account Tag Cloud [Logs Auditd]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 42, - "minFontSize": 15, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Audit Event Account Tag Cloud", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-c5411910-0a87-11e7-8b04-eb22a5669f27", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From 333fb171c133f926712ca54514a3353ecb7a6b70 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 25 Oct 2022 23:41:00 +0530 Subject: [PATCH 003/103] migrate auditd_manager to by_value --- ...-693a5f40-c243-11e7-8692-232bd1143e8a.json | 1257 +++++++++-------- ...-7de391b0-c1ca-11e7-8995-936807a28b16.json | 627 ++++---- ...-c0ac2c00-c1c0-11e7-8995-936807a28b16.json | 561 ++++---- 3 files changed, 1230 insertions(+), 1215 deletions(-) diff --git a/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json b/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json index fa68cd21aaf..9da0124256d 100644 --- a/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json +++ b/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json @@ -1,651 +1,656 @@ { - "attributes": { - "description": "Summary of socket related syscall events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:09:46.476Z", + "version": "WzU3NCwxXQ==", + "attributes": { + "description": "Summary of socket related syscall events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:auditd_manager.auditd" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd_manager.auditd" - }, - "version": true - } + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - **Sockets** - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false + "gridData": { + "h": 4, + "i": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - **Sockets** - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", - "type": "visualization", - "version": "8.2.0" + "panelIndex": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "95b603d0-c252-11e7-8a68-93ffe9ec5950" - } - ], - "bar_color_rules": [ - { - "id": "2cebb0c0-c252-11e7-8a68-93ffe9ec5950" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "auditd.summary.object.type:socket" - }, - "gauge_color_rules": [ - { - "id": "6c891740-c252-11e7-8a68-93ffe9ec5950" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "legend_position": "left", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "syscall", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "auditd.data.syscall" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "uiState": {} + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "95b603d0-c252-11e7-8a68-93ffe9ec5950" + } + ], + "bar_color_rules": [ + { + "id": "2cebb0c0-c252-11e7-8a68-93ffe9ec5950" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "auditd.summary.object.type:socket" + }, + "gauge_color_rules": [ + { + "id": "6c891740-c252-11e7-8a68-93ffe9ec5950" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "left", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "syscall", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" } - }, - "gridData": { - "h": 12, - "i": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", - "title": "[Auditd Manager] Socket Syscalls Time Series", - "type": "visualization", - "version": "8.2.0" + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "auditd.data.syscall" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Socket Family", - "field": "auditd.data.socket.family", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Syscall", - "field": "auditd.data.syscall", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendDisplay": "show", - "legendPosition": "left", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", + "title": "[Auditd Manager] Socket Syscalls Time Series", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "843ccc25-3963-4bd5-838e-b40019bcf3c5", - "w": 24, - "x": 0, - "y": 16 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Socket Family", + "field": "auditd.data.socket.family", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "843ccc25-3963-4bd5-838e-b40019bcf3c5", - "title": "[Auditd Manager] Socket Families", - "type": "visualization", - "version": "8.2.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Syscall", + "field": "auditd.data.syscall", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Exe", - "field": "auditd.summary.how", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Address", - "field": "auditd.summary.object.primary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Port", - "field": "auditd.summary.object.secondary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "apply": true, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "auditd.summary.object.secondary", - "negate": true, - "params": { - "query": "0", - "type": "phrase" - }, - "type": "phrase", - "value": "0" - }, - "query": { - "match": { - "auditd.summary.object.secondary": { - "query": "0", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - } - }, - "gridData": { - "h": 16, - "i": "1e9272d7-090a-443b-bc0c-3d8afae53e76", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "1e9272d7-090a-443b-bc0c-3d8afae53e76", - "title": "[Auditd Manager] Bind (non-ephemeral)", - "type": "visualization", - "version": "8.2.0" + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendDisplay": "show", + "legendPosition": "left", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Exe", - "field": "process.executable", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Address", - "field": "auditd.summary.object.primary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Port", - "field": "auditd.summary.object.secondary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - } + "type": "pie", + "uiState": {} + } + }, + "gridData": { + "h": 16, + "i": "843ccc25-3963-4bd5-838e-b40019bcf3c5", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "843ccc25-3963-4bd5-838e-b40019bcf3c5", + "title": "[Auditd Manager] Socket Families", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", - "w": 24, - "x": 0, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Exe", + "field": "auditd.summary.how", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", - "title": "[Auditd Manager] Connect", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Addresses", - "emptyAsNull": false, - "field": "auditd.summary.object.primary" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Exe", - "field": "process.executable", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Syscall", - "field": "auditd.data.syscall", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "spy": { - "mode": { - "fill": false, - "name": null - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Address", + "field": "auditd.summary.object.primary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Port", + "field": "auditd.summary.object.secondary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "apply": true, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "auditd.summary.object.secondary", + "negate": true, + "params": { + "query": "0", + "type": "phrase" + }, + "type": "phrase", + "value": "0" + }, + "query": { + "match": { + "auditd.summary.object.secondary": { + "query": "0", + "type": "phrase" } + } } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "1e9272d7-090a-443b-bc0c-3d8afae53e76", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "1e9272d7-090a-443b-bc0c-3d8afae53e76", + "title": "[Auditd Manager] Bind (non-ephemeral)", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "cd08c022-92e5-4012-a94d-6e459948c42c", - "w": 24, - "x": 24, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Exe", + "field": "process.executable", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "cd08c022-92e5-4012-a94d-6e459948c42c", - "title": "[Auditd Manager] Accept / Recvfrom Unique Address Table", - "type": "visualization", - "version": "8.2.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Address", + "field": "auditd.summary.object.primary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Port", + "field": "auditd.summary.object.secondary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } } - ], - "timeRestore": false, - "title": "[Auditd Manager] Sockets", - "version": 1 - }, - "coreMigrationVersion": "8.2.0", - "id": "auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "843ccc25-3963-4bd5-838e-b40019bcf3c5:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" + } }, - { - "id": "auditd_manager-b4c93470-c240-11e7-8692-232bd1143e8a", - "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:search_0", - "type": "search" + "gridData": { + "h": 20, + "i": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", + "w": 24, + "x": 0, + "y": 32 }, - { - "id": "logs-*", - "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", + "title": "[Auditd Manager] Connect", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Addresses", + "emptyAsNull": false, + "field": "auditd.summary.object.primary" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Exe", + "field": "process.executable", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Syscall", + "field": "auditd.data.syscall", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "spy": { + "mode": { + "fill": false, + "name": null + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + } }, - { - "id": "auditd_manager-5438b030-c246-11e7-8692-232bd1143e8a", - "name": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e:search_0", - "type": "search" + "gridData": { + "h": 20, + "i": "cd08c022-92e5-4012-a94d-6e459948c42c", + "w": 24, + "x": 24, + "y": 32 }, - { - "id": "auditd_manager-e8734160-c24c-11e7-8692-232bd1143e8a", - "name": "cd08c022-92e5-4012-a94d-6e459948c42c:search_0", - "type": "search" - } + "panelIndex": "cd08c022-92e5-4012-a94d-6e459948c42c", + "title": "[Auditd Manager] Accept / Recvfrom Unique Address Table", + "type": "visualization", + "version": "8.2.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Auditd Manager] Sockets", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "843ccc25-3963-4bd5-838e-b40019bcf3c5:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "auditd_manager-b4c93470-c240-11e7-8692-232bd1143e8a", + "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "auditd_manager-5438b030-c246-11e7-8692-232bd1143e8a", + "name": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e:search_0", + "type": "search" + }, + { + "id": "auditd_manager-e8734160-c24c-11e7-8692-232bd1143e8a", + "name": "cd08c022-92e5-4012-a94d-6e459948c42c:search_0", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json b/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json index da1deead6e9..165442f51ec 100644 --- a/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json +++ b/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json @@ -1,327 +1,332 @@ { - "attributes": { - "description": "Overview of kernel executions", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:09:46.476Z", + "version": "WzU3NSwxXQ==", + "attributes": { + "description": "Overview of kernel executions", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:auditd_manager.auditd" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 20, + "i": "6", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "6", + "panelRefName": "panel_6", + "type": "search", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd_manager.auditd" - }, - "version": true - } + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - **Executions**", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false + "gridData": { + "h": 4, + "i": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "6", - "w": 48, - "x": 0, - "y": 16 + "panelIndex": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "search", - "version": "8.2.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "auditd.summary.actor.primary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - **Executions**", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", - "type": "visualization", - "version": "8.2.0" + "description": "", + "params": { + "maxFontSize": 45, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "auditd.summary.actor.primary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 45, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "type": "tagcloud", - "uiState": {} - } - }, - "gridData": { - "h": 12, - "i": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", - "w": 16, - "x": 32, - "y": 4 + "type": "tagcloud", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", + "title": "[Auditd Manager] Primary Username Tag Cloud", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", - "title": "[Auditd Manager] Primary Username Tag Cloud", - "type": "visualization", - "version": "8.2.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "process.executable", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "process.executable", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 45, - "minFontSize": 14, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "type": "tagcloud", - "uiState": {} - } - }, - "gridData": { - "h": 12, - "i": "459f779e-e668-4048-a1d5-fa5806262646", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "459f779e-e668-4048-a1d5-fa5806262646", - "title": "[Auditd Manager] Executable Name Tag Cloud", - "type": "visualization", - "version": "8.2.0" + "description": "", + "params": { + "maxFontSize": 45, + "minFontSize": 14, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "auditd.data.exit", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "Command executions", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } - }, - "gridData": { - "h": 12, - "i": "b65a07a2-a0d7-4dab-921a-8afbe066d025", - "w": 16, - "x": 16, - "y": 4 - }, - "panelIndex": "b65a07a2-a0d7-4dab-921a-8afbe066d025", - "title": "[Auditd Manager] Error Codes", - "type": "visualization", - "version": "8.2.0" - } - ], - "timeRestore": false, - "title": "[Auditd Manager] Executions", - "version": 1 - }, - "coreMigrationVersion": "8.2.0", - "id": "auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", - "name": "6:panel_6", - "type": "search" + "type": "tagcloud", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "459f779e-e668-4048-a1d5-fa5806262646", + "w": 16, + "x": 0, + "y": 4 }, - { - "id": "logs-*", - "name": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" + "panelIndex": "459f779e-e668-4048-a1d5-fa5806262646", + "title": "[Auditd Manager] Executable Name Tag Cloud", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auditd.data.exit", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "Command executions", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } }, - { - "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", - "name": "459f779e-e668-4048-a1d5-fa5806262646:search_0", - "type": "search" + "gridData": { + "h": 12, + "i": "b65a07a2-a0d7-4dab-921a-8afbe066d025", + "w": 16, + "x": 16, + "y": 4 }, - { - "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", - "name": "b65a07a2-a0d7-4dab-921a-8afbe066d025:search_0", - "type": "search" - } + "panelIndex": "b65a07a2-a0d7-4dab-921a-8afbe066d025", + "title": "[Auditd Manager] Error Codes", + "type": "visualization", + "version": "8.2.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Auditd Manager] Executions", + "version": 1 + }, + "references": [ + { + "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", + "name": "6:panel_6", + "type": "search" + }, + { + "id": "logs-*", + "name": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", + "name": "459f779e-e668-4048-a1d5-fa5806262646:search_0", + "type": "search" + }, + { + "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", + "name": "b65a07a2-a0d7-4dab-921a-8afbe066d025:search_0", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json b/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json index 0a6c0b20a2b..c0d24f1b994 100644 --- a/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json +++ b/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json @@ -1,293 +1,298 @@ { - "attributes": { - "description": "Summary of Linux kernel audit events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:09:46.476Z", + "version": "WzU3NiwxXQ==", + "attributes": { + "description": "Summary of Linux kernel audit events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:auditd_manager.auditd" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 20, + "i": "5", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd_manager.auditd" - }, - "version": true - } + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "#### **Overview** - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false + "gridData": { + "h": 4, + "i": "7969164a-3810-485c-b3ad-948b1930f6d0", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "5", - "w": 48, - "x": 0, - "y": 16 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "8.2.0" + "panelIndex": "7969164a-3810-485c-b3ad-948b1930f6d0", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "#### **Overview** - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "58c95a20-c1bd-11e7-938f-ab0645b6c431" + } + ], + "bar_color_rules": [ + { + "id": "5bfc71a0-c1bd-11e7-938f-ab0645b6c431" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "5d20a650-c1bd-11e7-938f-ab0645b6c431" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "left", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Actions", + "line_width": 1, + "metrics": [ + { + "id": "6b9fb2d0-c1bc-11e7-938f-ab0645b6c431", + "type": "count" } - }, - "gridData": { - "h": 4, - "i": "7969164a-3810-485c-b3ad-948b1930f6d0", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "7969164a-3810-485c-b3ad-948b1930f6d0", - "type": "visualization", - "version": "8.2.0" + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "event.action" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "58c95a20-c1bd-11e7-938f-ab0645b6c431" - } - ], - "bar_color_rules": [ - { - "id": "5bfc71a0-c1bd-11e7-938f-ab0645b6c431" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "" - }, - "gauge_color_rules": [ - { - "id": "5d20a650-c1bd-11e7-938f-ab0645b6c431" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "legend_position": "left", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "Actions", - "line_width": 1, - "metrics": [ - { - "id": "6b9fb2d0-c1bc-11e7-938f-ab0645b6c431", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "event.action" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "uiState": {} - } + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", + "w": 28, + "x": 0, + "y": 4 + }, + "panelIndex": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", + "title": "[Auditd Manager] Event Actions", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", - "w": 28, - "x": 0, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "event.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", - "title": "[Auditd Manager] Event Actions", - "type": "visualization", - "version": "8.2.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category", - "field": "event.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } - }, - "gridData": { - "h": 12, - "i": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", - "w": 20, - "x": 28, - "y": 4 - }, - "panelIndex": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", - "title": "[Auditd Manager] Event Categories", - "type": "visualization", - "version": "8.2.0" - } - ], - "timeRestore": false, - "title": "[Auditd Manager] Overview", - "version": 1 - }, - "coreMigrationVersion": "8.2.0", - "id": "auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", - "name": "5:panel_5", - "type": "search" + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } }, - { - "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", - "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:search_0", - "type": "search" + "gridData": { + "h": 12, + "i": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", + "w": 20, + "x": 28, + "y": 4 }, - { - "id": "logs-*", - "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } + "panelIndex": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", + "title": "[Auditd Manager] Event Categories", + "type": "visualization", + "version": "8.2.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Auditd Manager] Overview", + "version": 1 + }, + "references": [ + { + "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", + "name": "5:panel_5", + "type": "search" + }, + { + "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", + "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file From 859bc3e3c1a7917eff520d7bf96e5934cf3a021e Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 25 Oct 2022 23:51:05 +0530 Subject: [PATCH 004/103] migrate auth0 to by_value --- ...-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json | 2011 +++++++++-------- ...-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json | 124 - 2 files changed, 1060 insertions(+), 1075 deletions(-) delete mode 100644 packages/auth0/kibana/visualization/auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json diff --git a/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json b/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json index 36f9e50349a..3af479954cf 100644 --- a/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json +++ b/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json @@ -1,989 +1,1098 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c9215ac0-57f7-4fbb-af81-9f5bb365a238": { - "columnOrder": [ - "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31", - "becf928d-1e95-4cf0-a37f-e4eb735dcc27" - ], - "columns": { - "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.category" - }, - "becf928d-1e95-4cf0-a37f-e4eb735dcc27": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "id": "auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:20:35.737Z", + "version": "WzYwOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c9215ac0-57f7-4fbb-af81-9f5bb365a238": { + "columnOrder": [ + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31", + "becf928d-1e95-4cf0-a37f-e4eb735dcc27" + ], + "columns": { + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31" - ], - "layerId": "c9215ac0-57f7-4fbb-af81-9f5bb365a238", - "layerType": "data", - "legendDisplay": "default", - "metric": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.category" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" + "becf928d-1e95-4cf0-a37f-e4eb735dcc27": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 10, - "i": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", - "w": 15, - "x": 0, - "y": 0 - }, - "panelIndex": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", - "title": "Auth0 Log Stream Event Types", - "type": "lens", - "version": "7.15.1" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31" + ], + "layerId": "c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "layerType": "data", + "legendDisplay": "default", + "metric": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35": { - "columnOrder": [ - "234dec72-0dd2-42cb-b486-059fa3e0a077", - "9fb2da13-fb8b-4041-b60e-0840068dc570" - ], - "columns": { - "234dec72-0dd2-42cb-b486-059fa3e0a077": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "9fb2da13-fb8b-4041-b60e-0840068dc570": { - "dataType": "number", - "isBucketed": false, - "label": "Unique count of event.type", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "event.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "9fb2da13-fb8b-4041-b60e-0840068dc570" - ], - "layerId": "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "234dec72-0dd2-42cb-b486-059fa3e0a077" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", + "title": "Auth0 Log Stream Event Types", + "type": "lens", + "version": "7.15.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35": { + "columnOrder": [ + "234dec72-0dd2-42cb-b486-059fa3e0a077", + "9fb2da13-fb8b-4041-b60e-0840068dc570" + ], + "columns": { + "234dec72-0dd2-42cb-b486-059fa3e0a077": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "9fb2da13-fb8b-4041-b60e-0840068dc570": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of event.type", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "event.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "9fb2da13-fb8b-4041-b60e-0840068dc570" + ], + "layerId": "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "234dec72-0dd2-42cb-b486-059fa3e0a077" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 10, - "i": "6089a77e-3c96-4414-9932-eda55ced3d07", - "w": 14, - "x": 15, - "y": 0 + "preferredSeriesType": "line", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "6089a77e-3c96-4414-9932-eda55ced3d07", - "title": "Rate of events", - "type": "lens", - "version": "7.15.1" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Failure" - } - } - } - ], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "", - "type": "metric", - "uiState": {} + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "6089a77e-3c96-4414-9932-eda55ced3d07", + "w": 14, + "x": 15, + "y": 0 + }, + "panelIndex": "6089a77e-3c96-4414-9932-eda55ced3d07", + "title": "Rate of events", + "type": "lens", + "version": "7.15.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 10, - "i": "5124c723-8890-477e-aad5-bc4fd529bd46", - "w": 9, - "x": 29, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "5124c723-8890-477e-aad5-bc4fd529bd46", - "title": "Number of Failed Logins", - "type": "visualization", - "version": "7.15.1" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "event.category", - "negate": false, - "params": { - "query": "Signup - Success" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Signup - Success" - } - } - } - ], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "", - "type": "metric", - "uiState": {} + "title": "", + "type": "metric", + "uiState": {} + } + }, + "gridData": { + "h": 10, + "i": "5124c723-8890-477e-aad5-bc4fd529bd46", + "w": 9, + "x": 29, + "y": 0 + }, + "panelIndex": "5124c723-8890-477e-aad5-bc4fd529bd46", + "title": "Number of Failed Logins", + "type": "visualization", + "version": "7.15.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "event.category", + "negate": false, + "params": { + "query": "Signup - Success" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Signup - Success" + } + } + } + ], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 10, - "i": "cb337534-d263-480b-b6a3-80cc4f14d73b", - "w": 10, - "x": 38, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "cb337534-d263-480b-b6a3-80cc4f14d73b", - "title": "Number of Successful Signups", - "type": "visualization", - "version": "7.15.1" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e7270679-c5d0-496a-9fd2-7409b402bdb0": { - "columnOrder": [ - "60724141-ecf4-4f42-b263-d12cd64fe1a3", - "14ed1312-1743-452e-89e9-52018d6db787" - ], - "columns": { - "14ed1312-1743-452e-89e9-52018d6db787": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "60724141-ecf4-4f42-b263-d12cd64fe1a3": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Success" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Success" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "14ed1312-1743-452e-89e9-52018d6db787" - ], - "layerId": "e7270679-c5d0-496a-9fd2-7409b402bdb0", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "60724141-ecf4-4f42-b263-d12cd64fe1a3" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "", + "type": "metric", + "uiState": {} + } + }, + "gridData": { + "h": 10, + "i": "cb337534-d263-480b-b6a3-80cc4f14d73b", + "w": 10, + "x": 38, + "y": 0 + }, + "panelIndex": "cb337534-d263-480b-b6a3-80cc4f14d73b", + "title": "Number of Successful Signups", + "type": "visualization", + "version": "7.15.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e7270679-c5d0-496a-9fd2-7409b402bdb0": { + "columnOrder": [ + "60724141-ecf4-4f42-b263-d12cd64fe1a3", + "14ed1312-1743-452e-89e9-52018d6db787" + ], + "columns": { + "14ed1312-1743-452e-89e9-52018d6db787": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "60724141-ecf4-4f42-b263-d12cd64fe1a3": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "d00429d4-502f-41d8-8a2b-7300859930ea", - "w": 15, - "x": 0, - "y": 10 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } }, - "panelIndex": "d00429d4-502f-41d8-8a2b-7300859930ea", - "title": "Rate of Successful Logins", - "type": "lens", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e": { - "columnOrder": [ - "56478895-2ad9-4541-9b3c-debffe3de81d", - "d8ee79e4-d617-4809-9065-217bcd1f628c" - ], - "columns": { - "56478895-2ad9-4541-9b3c-debffe3de81d": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "d8ee79e4-d617-4809-9065-217bcd1f628c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Failure" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "d8ee79e4-d617-4809-9065-217bcd1f628c" - ], - "layerId": "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "56478895-2ad9-4541-9b3c-debffe3de81d" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Success" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Success" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 12, - "i": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", - "w": 14, - "x": 15, - "y": 10 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", - "title": "Rate of Failed Logins", - "type": "lens", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 12, - "i": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "w": 19, - "x": 29, - "y": 10 + "layers": [ + { + "accessors": [ + "14ed1312-1743-452e-89e9-52018d6db787" + ], + "layerId": "e7270679-c5d0-496a-9fd2-7409b402bdb0", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "60724141-ecf4-4f42-b263-d12cd64fe1a3" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "panelRefName": "panel_d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "type": "visualization", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "enhancements": {} + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 11, - "i": "253f1007-1537-4012-a663-48bccf233f4c", - "w": 48, - "x": 0, - "y": 22 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "253f1007-1537-4012-a663-48bccf233f4c", - "panelRefName": "panel_253f1007-1537-4012-a663-48bccf233f4c", - "type": "search", - "version": "7.15.1" - } - ], - "timeRestore": false, - "title": "Auth0", - "version": 1 - }, - "coreMigrationVersion": "7.15.1", - "id": "auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "logs-*", - "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6089a77e-3c96-4414-9932-eda55ced3d07:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 12, + "i": "d00429d4-502f-41d8-8a2b-7300859930ea", + "w": 15, + "x": 0, + "y": 10 }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-1", - "type": "index-pattern" + "panelIndex": "d00429d4-502f-41d8-8a2b-7300859930ea", + "title": "Rate of Successful Logins", + "type": "lens", + "version": "7.15.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e": { + "columnOrder": [ + "56478895-2ad9-4541-9b3c-debffe3de81d", + "d8ee79e4-d617-4809-9065-217bcd1f628c" + ], + "columns": { + "56478895-2ad9-4541-9b3c-debffe3de81d": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d8ee79e4-d617-4809-9065-217bcd1f628c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "d8ee79e4-d617-4809-9065-217bcd1f628c" + ], + "layerId": "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "56478895-2ad9-4541-9b3c-debffe3de81d" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 12, + "i": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", + "w": 14, + "x": 15, + "y": 10 }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", - "type": "index-pattern" + "panelIndex": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", + "title": "Rate of Failed Logins", + "type": "lens", + "version": "7.15.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Addresses of failed logins", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "default", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auth0.logs.data.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 12, + "i": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", + "w": 19, + "x": 29, + "y": 10 }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-1", - "type": "index-pattern" + "panelIndex": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9", - "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:panel_d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "type": "visualization" + "gridData": { + "h": 11, + "i": "253f1007-1537-4012-a663-48bccf233f4c", + "w": 48, + "x": 0, + "y": 22 }, - { - "id": "auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf", - "name": "253f1007-1537-4012-a663-48bccf233f4c:panel_253f1007-1537-4012-a663-48bccf233f4c", - "type": "search" - } + "panelIndex": "253f1007-1537-4012-a663-48bccf233f4c", + "panelRefName": "panel_253f1007-1537-4012-a663-48bccf233f4c", + "type": "search", + "version": "7.15.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Auth0", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf", + "name": "253f1007-1537-4012-a663-48bccf233f4c:panel_253f1007-1537-4012-a663-48bccf233f4c", + "type": "search" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/auth0/kibana/visualization/auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json b/packages/auth0/kibana/visualization/auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json deleted file mode 100644 index 66c0f143051..00000000000 --- a/packages/auth0/kibana/visualization/auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Failure" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "IP Addresses of failed logins", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "auth0.logs.data.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "default", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "IP Addresses of failed logins", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.15.1", - "id": "auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From 3e56c3342567278c3b0fa7eb9c6c70d90ea41c19 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 25 Oct 2022 23:57:22 +0530 Subject: [PATCH 005/103] migrate carbon_black_cloud to by_value --- ...-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json | 3425 ++++++++++++++--- ...-869252c0-8d71-11ec-ac12-4bc77fa14e95.json | 402 +- ...-a94cd3a0-962a-11ec-864c-3332b2a355f7.json | 1692 ++++++-- ...-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json | 972 +++-- ...-e226d530-9554-11ec-96f0-8de26c63c826.json | 2028 ++++++---- ...-0296fef0-955d-11ec-96f0-8de26c63c826.json | 71 - ...-0a8f5e90-8d79-11ec-ac12-4bc77fa14e95.json | 108 - ...-0f420ad0-8d71-11ec-ac12-4bc77fa14e95.json | 73 - ...-10f699d0-8d8b-11ec-ac12-4bc77fa14e95.json | 149 - ...-11df3480-9630-11ec-864c-3332b2a355f7.json | 149 - ...-17537cc0-955c-11ec-96f0-8de26c63c826.json | 85 - ...-1b554010-8d73-11ec-ac12-4bc77fa14e95.json | 87 - ...-28323940-955d-11ec-96f0-8de26c63c826.json | 71 - ...-2be6ad50-962f-11ec-864c-3332b2a355f7.json | 71 - ...-2d1eedf0-9629-11ec-8b9d-35e42c3f7fcf.json | 85 - ...-2d324250-963e-11ec-864c-3332b2a355f7.json | 147 - ...-2eafd430-8d83-11ec-ac12-4bc77fa14e95.json | 149 - ...-3aa59c50-955a-11ec-96f0-8de26c63c826.json | 71 - ...-3afe1750-9630-11ec-864c-3332b2a355f7.json | 89 - ...-4dc9e690-955c-11ec-96f0-8de26c63c826.json | 71 - ...-52fde850-8d73-11ec-ac12-4bc77fa14e95.json | 91 - ...-53d65ef0-962f-11ec-864c-3332b2a355f7.json | 71 - ...-56130b90-954a-11ec-8b9d-35e42c3f7fcf.json | 103 - ...-5c122d10-8d83-11ec-ac12-4bc77fa14e95.json | 149 - ...-5c6ce550-8d85-11ec-ac12-4bc77fa14e95.json | 149 - ...-68a6c080-954a-11ec-8b9d-35e42c3f7fcf.json | 72 - ...-6bfd1770-954a-11ec-8b9d-35e42c3f7fcf.json | 74 - ...-6efc6240-8d8a-11ec-ac12-4bc77fa14e95.json | 91 - ...-6fcd17f0-955a-11ec-96f0-8de26c63c826.json | 71 - ...-70cdb250-954a-11ec-8b9d-35e42c3f7fcf.json | 89 - ...-71058370-e323-11ec-8642-e7f3d8b25a9b.json | 71 - ...-715f3ec0-955c-11ec-96f0-8de26c63c826.json | 71 - ...-750fefe0-954a-11ec-8b9d-35e42c3f7fcf.json | 74 - ...-76fe1db0-962e-11ec-864c-3332b2a355f7.json | 71 - ...-792a3310-954a-11ec-8b9d-35e42c3f7fcf.json | 89 - ...-7a6261e0-962f-11ec-864c-3332b2a355f7.json | 71 - ...-7caf3b20-954a-11ec-8b9d-35e42c3f7fcf.json | 89 - ...-89932a20-8d86-11ec-ac12-4bc77fa14e95.json | 73 - ...-8af47260-8d87-11ec-ac12-4bc77fa14e95.json | 149 - ...-906f65c0-8d81-11ec-ac12-4bc77fa14e95.json | 149 - ...-928cff80-8d8a-11ec-ac12-4bc77fa14e95.json | 73 - ...-949c1d00-9628-11ec-864c-3332b2a355f7.json | 71 - ...-97ab53f0-8d84-11ec-ac12-4bc77fa14e95.json | 91 - ...-993b8650-8d83-11ec-ac12-4bc77fa14e95.json | 149 - ...-9a533f40-8d80-11ec-ac12-4bc77fa14e95.json | 149 - ...-a5d6fa30-8d8c-11ec-ac12-4bc77fa14e95.json | 73 - ...-a6d2a900-8d70-11ec-ac12-4bc77fa14e95.json | 91 - ...-a7ce1420-9630-11ec-864c-3332b2a355f7.json | 71 - ...-ae34ca40-962e-11ec-864c-3332b2a355f7.json | 71 - ...-bb323db0-955a-11ec-96f0-8de26c63c826.json | 71 - ...-c3786990-9555-11ec-96f0-8de26c63c826.json | 71 - ...-c6cfa8d0-962f-11ec-864c-3332b2a355f7.json | 147 - ...-cb70a610-955c-11ec-96f0-8de26c63c826.json | 147 - ...-cc2d3630-8d83-11ec-ac12-4bc77fa14e95.json | 149 - ...-d33296f0-8d79-11ec-ac12-4bc77fa14e95.json | 73 - ...-d49a3710-8d96-11ec-ac12-4bc77fa14e95.json | 73 - ...-de59dff0-955a-11ec-96f0-8de26c63c826.json | 71 - ...-ee2098d0-8d70-11ec-ac12-4bc77fa14e95.json | 73 - ...-ee670e50-8d89-11ec-ac12-4bc77fa14e95.json | 149 - ...-ee77a260-8d84-11ec-ac12-4bc77fa14e95.json | 149 - ...-f28910d0-9628-11ec-864c-3332b2a355f7.json | 71 - ...-f3f635b0-8d72-11ec-ac12-4bc77fa14e95.json | 91 - ...-f7681be0-962e-11ec-864c-3332b2a355f7.json | 71 - ...-f93958c0-8d83-11ec-ac12-4bc77fa14e95.json | 91 - ...-ff34eaa0-8d79-11ec-ac12-4bc77fa14e95.json | 91 - 65 files changed, 6557 insertions(+), 7732 deletions(-) delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0296fef0-955d-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0a8f5e90-8d79-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0f420ad0-8d71-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-10f699d0-8d8b-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-11df3480-9630-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-17537cc0-955c-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-1b554010-8d73-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-28323940-955d-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2be6ad50-962f-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d1eedf0-9629-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d324250-963e-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2eafd430-8d83-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3aa59c50-955a-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3afe1750-9630-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-4dc9e690-955c-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-52fde850-8d73-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-53d65ef0-962f-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-56130b90-954a-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c122d10-8d83-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c6ce550-8d85-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-68a6c080-954a-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6bfd1770-954a-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6efc6240-8d8a-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6fcd17f0-955a-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-70cdb250-954a-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-71058370-e323-11ec-8642-e7f3d8b25a9b.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-715f3ec0-955c-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-750fefe0-954a-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-76fe1db0-962e-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-792a3310-954a-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7a6261e0-962f-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7caf3b20-954a-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-89932a20-8d86-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-8af47260-8d87-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-906f65c0-8d81-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-928cff80-8d8a-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-949c1d00-9628-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-97ab53f0-8d84-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-993b8650-8d83-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-9a533f40-8d80-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a5d6fa30-8d8c-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a6d2a900-8d70-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a7ce1420-9630-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ae34ca40-962e-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-bb323db0-955a-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c3786990-9555-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c6cfa8d0-962f-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cb70a610-955c-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cc2d3630-8d83-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d33296f0-8d79-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d49a3710-8d96-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-de59dff0-955a-11ec-96f0-8de26c63c826.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee2098d0-8d70-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee670e50-8d89-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee77a260-8d84-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f28910d0-9628-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f3f635b0-8d72-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f7681be0-962e-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f93958c0-8d83-11ec-ac12-4bc77fa14e95.json delete mode 100644 packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ff34eaa0-8d79-11ec-ac12-4bc77fa14e95.json diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json index 1ffeed9cc42..2f661b37b33 100644 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json @@ -1,588 +1,2909 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:26:25.990Z", + "version": "WzY4NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Category", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "carbon_black_cloud.alert.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "c54d9223-56ad-42b4-9452-a44657dbcd6e", + "w": 16, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c54d9223-56ad-42b4-9452-a44657dbcd6e", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "c54d9223-56ad-42b4-9452-a44657dbcd6e", - "panelRefName": "panel_c54d9223-56ad-42b4-9452-a44657dbcd6e", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "d3728fd5-5390-4448-8f26-277521569f30", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "d3728fd5-5390-4448-8f26-277521569f30", - "panelRefName": "panel_d3728fd5-5390-4448-8f26-277521569f30", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", - "panelRefName": "panel_f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5f57acd4-74a8-4d97-9e7b-d7b069efc867", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5f57acd4-74a8-4d97-9e7b-d7b069efc867", - "panelRefName": "panel_5f57acd4-74a8-4d97-9e7b-d7b069efc867", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "909c2914-4695-42dd-aa36-93e043a5c025", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "909c2914-4695-42dd-aa36-93e043a5c025", - "panelRefName": "panel_909c2914-4695-42dd-aa36-93e043a5c025", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", - "panelRefName": "panel_c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9e320d15-f9df-4aea-9564-ac1c4257b51b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "9e320d15-f9df-4aea-9564-ac1c4257b51b", - "panelRefName": "panel_9e320d15-f9df-4aea-9564-ac1c4257b51b", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", - "panelRefName": "panel_5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", - "panelRefName": "panel_7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ed2de824-c493-4240-a6b5-329889c40c43", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "ed2de824-c493-4240-a6b5-329889c40c43", - "panelRefName": "panel_ed2de824-c493-4240-a6b5-329889c40c43", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a", - "panelRefName": "panel_a6d4e61e-57bc-413a-8c68-5f55ab59e16a", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "bf749130-3138-45fe-a010-5b30b4636e7b", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "bf749130-3138-45fe-a010-5b30b4636e7b", - "panelRefName": "panel_bf749130-3138-45fe-a010-5b30b4636e7b", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "44ed553e-d5cc-4841-85e9-0d8af122086a", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "44ed553e-d5cc-4841-85e9-0d8af122086a", - "panelRefName": "panel_44ed553e-d5cc-4841-85e9-0d8af122086a", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "cd3cb74e-b13e-4a52-a48c-82d13a59421a", - "w": 24, - "x": 0, - "y": 90 + "panelIndex": "c54d9223-56ad-42b4-9452-a44657dbcd6e", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Alert Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "cd3cb74e-b13e-4a52-a48c-82d13a59421a", - "panelRefName": "panel_cd3cb74e-b13e-4a52-a48c-82d13a59421a", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "carbon_black_cloud.alert.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d3728fd5-5390-4448-8f26-277521569f30", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "d3728fd5-5390-4448-8f26-277521569f30", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Target Value", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "42b64f1c-9526-4430-8f62-cc6596cf07d7", - "w": 24, - "x": 24, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target Value", + "field": "carbon_black_cloud.alert.target_value", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Sensor Action", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "42b64f1c-9526-4430-8f62-cc6596cf07d7", - "panelRefName": "panel_42b64f1c-9526-4430-8f62-cc6596cf07d7", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sensor Action", + "field": "carbon_black_cloud.alert.sensor_action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5f57acd4-74a8-4d97-9e7b-d7b069efc867", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5f57acd4-74a8-4d97-9e7b-d7b069efc867", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Severity", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494", - "w": 24, - "x": 0, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "event.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "909c2914-4695-42dd-aa36-93e043a5c025", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "909c2914-4695-42dd-aa36-93e043a5c025", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Cause Reputation", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494", - "panelRefName": "panel_b2fe20be-cad5-4bfa-abd1-c9b069fd2494", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Cause Reputation", + "field": "carbon_black_cloud.alert.threat_cause.reputation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by OS, OS version", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": true, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "ef6af3c0-10e9-46af-933c-a032464bdecf", - "w": 24, - "x": 24, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS", + "field": "host.os.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "ef6af3c0-10e9-46af-933c-a032464bdecf", - "panelRefName": "panel_ef6af3c0-10e9-46af-933c-a032464bdecf", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Version", + "field": "host.os.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "9e320d15-f9df-4aea-9564-ac1c4257b51b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "9e320d15-f9df-4aea-9564-ac1c4257b51b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Source of the Threat Cause", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", - "w": 24, - "x": 0, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source of the Threat Cause", + "field": "carbon_black_cloud.alert.threat_cause.vector", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Category of the Threat Cause", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", - "panelRefName": "panel_f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category of the Threat Cause", + "field": "carbon_black_cloud.alert.threat_cause.threat_category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Not Blocked Threat Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "247ad399-6383-4bf0-910e-9cb6767781c3", - "w": 24, - "x": 24, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Not Blocked Threat Category", + "field": "carbon_black_cloud.alert.not_blocked_threat_category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ed2de824-c493-4240-a6b5-329889c40c43", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "ed2de824-c493-4240-a6b5-329889c40c43", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Blocked Threat Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "247ad399-6383-4bf0-910e-9cb6767781c3", - "panelRefName": "panel_247ad399-6383-4bf0-910e-9cb6767781c3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Blocked Threat Category", + "field": "carbon_black_cloud.alert.blocked_threat_category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Run State", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5c60fc1b-5ad1-4036-8adc-ce9adf455758", - "w": 24, - "x": 0, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Run State", + "field": "carbon_black_cloud.alert.run_state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bf749130-3138-45fe-a010-5b30b4636e7b", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "bf749130-3138-45fe-a010-5b30b4636e7b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Watchlist Hit", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "5c60fc1b-5ad1-4036-8adc-ce9adf455758", - "panelRefName": "panel_5c60fc1b-5ad1-4036-8adc-ce9adf455758", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Watchlist Hit", + "field": "carbon_black_cloud.alert.watchlists.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "44ed553e-d5cc-4841-85e9-0d8af122086a", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "44ed553e-d5cc-4841-85e9-0d8af122086a", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Policy Names", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "0a228399-6f69-4803-b4cd-65f30dca5890", - "w": 24, - "x": 24, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Name", + "field": "carbon_black_cloud.alert.policy.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cd3cb74e-b13e-4a52-a48c-82d13a59421a", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "cd3cb74e-b13e-4a52-a48c-82d13a59421a", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Policy Applied", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "0a228399-6f69-4803-b4cd-65f30dca5890", - "panelRefName": "panel_0a228399-6f69-4803-b4cd-65f30dca5890", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Applied", + "field": "carbon_black_cloud.alert.policy.applied", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "42b64f1c-9526-4430-8f62-cc6596cf07d7", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "42b64f1c-9526-4430-8f62-cc6596cf07d7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by IOC field", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5b015940-3fee-411a-be82-661078ead366", - "w": 24, - "x": 0, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IOC Field", + "field": "carbon_black_cloud.alert.ioc.field", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Process Name", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "5b015940-3fee-411a-be82-661078ead366", - "panelRefName": "panel_5b015940-3fee-411a-be82-661078ead366", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Name", + "field": "process.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ef6af3c0-10e9-46af-933c-a032464bdecf", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "ef6af3c0-10e9-46af-933c-a032464bdecf", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Workflow State", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "655bc1d2-5c31-4a38-9759-ab72f88bdb92", - "w": 24, - "x": 24, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Workflow State", + "field": "carbon_black_cloud.alert.workflow.state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Kill Chain Status", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "655bc1d2-5c31-4a38-9759-ab72f88bdb92", - "panelRefName": "panel_655bc1d2-5c31-4a38-9759-ab72f88bdb92", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Kill Chain Status", + "field": "carbon_black_cloud.alert.kill_chain_status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "247ad399-6383-4bf0-910e-9cb6767781c3", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "247ad399-6383-4bf0-910e-9cb6767781c3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Indicators TTPS", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8cdf7cdc-1858-4561-9e3b-5b5c73498586", - "w": 24, - "x": 0, - "y": 165 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Indicators TTPS", + "field": "carbon_black_cloud.alert.threat_indicators.ttps", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5c60fc1b-5ad1-4036-8adc-ce9adf455758", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "5c60fc1b-5ad1-4036-8adc-ce9adf455758", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Threat Cause Actor Name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8cdf7cdc-1858-4561-9e3b-5b5c73498586", - "panelRefName": "panel_8cdf7cdc-1858-4561-9e3b-5b5c73498586", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Cause Actor Name", + "field": "carbon_black_cloud.alert.threat_cause.actor.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "0a228399-6f69-4803-b4cd-65f30dca5890", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "0a228399-6f69-4803-b4cd-65f30dca5890", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Reason Codes", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c", - "w": 24, - "x": 24, - "y": 165 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Reason Codes", + "field": "carbon_black_cloud.alert.reason_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5b015940-3fee-411a-be82-661078ead366", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "5b015940-3fee-411a-be82-661078ead366", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Device Username", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c", - "panelRefName": "panel_2d6c60e3-32cc-4746-bc7d-3fa40b80447c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Username", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "655bc1d2-5c31-4a38-9759-ab72f88bdb92", + "w": 24, + "x": 24, + "y": 150 + }, + "panelIndex": "655bc1d2-5c31-4a38-9759-ab72f88bdb92", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 IOC Hit", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 23, - "i": "bc34dc1a-ba27-489e-a950-90a978974351", - "w": 48, - "x": 0, - "y": 180 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IOC Hit", + "field": "carbon_black_cloud.alert.ioc.hit", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8cdf7cdc-1858-4561-9e3b-5b5c73498586", + "w": 24, + "x": 0, + "y": 165 + }, + "panelIndex": "8cdf7cdc-1858-4561-9e3b-5b5c73498586", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Threat Indicators Process Name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "bc34dc1a-ba27-489e-a950-90a978974351", - "panelRefName": "panel_bc34dc1a-ba27-489e-a950-90a978974351", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Indicators Process Name", + "field": "carbon_black_cloud.alert.threat_indicators.process_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + } + } } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-1h", - "timeRestore": true, - "timeTo": "now", - "title": "[Carbon Black Cloud] Alert", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c", + "w": 24, + "x": 24, + "y": 165 + }, + "panelIndex": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 23, + "i": "bc34dc1a-ba27-489e-a950-90a978974351", + "w": 48, + "x": 0, + "y": 180 + }, + "panelIndex": "bc34dc1a-ba27-489e-a950-90a978974351", + "panelRefName": "panel_bc34dc1a-ba27-489e-a950-90a978974351", + "type": "search", + "version": "7.17.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b", - "migrationVersion": { - "dashboard": "7.17.0" + "timeFrom": "now-1h", + "timeRestore": true, + "timeTo": "now", + "title": "[Carbon Black Cloud] Alert", + "version": 1 + }, + "references": [ + { + "id": "carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95", + "name": "bc34dc1a-ba27-489e-a950-90a978974351:panel_bc34dc1a-ba27-489e-a950-90a978974351", + "type": "search" }, - "references": [ - { - "id": "carbon_black_cloud-52fde850-8d73-11ec-ac12-4bc77fa14e95", - "name": "c54d9223-56ad-42b4-9452-a44657dbcd6e:panel_c54d9223-56ad-42b4-9452-a44657dbcd6e", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-f3f635b0-8d72-11ec-ac12-4bc77fa14e95", - "name": "d3728fd5-5390-4448-8f26-277521569f30:panel_d3728fd5-5390-4448-8f26-277521569f30", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-ff34eaa0-8d79-11ec-ac12-4bc77fa14e95", - "name": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c:panel_f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-9a533f40-8d80-11ec-ac12-4bc77fa14e95", - "name": "5f57acd4-74a8-4d97-9e7b-d7b069efc867:panel_5f57acd4-74a8-4d97-9e7b-d7b069efc867", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-1b554010-8d73-11ec-ac12-4bc77fa14e95", - "name": "909c2914-4695-42dd-aa36-93e043a5c025:panel_909c2914-4695-42dd-aa36-93e043a5c025", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-906f65c0-8d81-11ec-ac12-4bc77fa14e95", - "name": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5:panel_c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-0a8f5e90-8d79-11ec-ac12-4bc77fa14e95", - "name": "9e320d15-f9df-4aea-9564-ac1c4257b51b:panel_9e320d15-f9df-4aea-9564-ac1c4257b51b", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-5c122d10-8d83-11ec-ac12-4bc77fa14e95", - "name": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c:panel_5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-2eafd430-8d83-11ec-ac12-4bc77fa14e95", - "name": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24:panel_7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-cc2d3630-8d83-11ec-ac12-4bc77fa14e95", - "name": "ed2de824-c493-4240-a6b5-329889c40c43:panel_ed2de824-c493-4240-a6b5-329889c40c43", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-993b8650-8d83-11ec-ac12-4bc77fa14e95", - "name": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a:panel_a6d4e61e-57bc-413a-8c68-5f55ab59e16a", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-97ab53f0-8d84-11ec-ac12-4bc77fa14e95", - "name": "bf749130-3138-45fe-a010-5b30b4636e7b:panel_bf749130-3138-45fe-a010-5b30b4636e7b", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-8af47260-8d87-11ec-ac12-4bc77fa14e95", - "name": "44ed553e-d5cc-4841-85e9-0d8af122086a:panel_44ed553e-d5cc-4841-85e9-0d8af122086a", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-d33296f0-8d79-11ec-ac12-4bc77fa14e95", - "name": "cd3cb74e-b13e-4a52-a48c-82d13a59421a:panel_cd3cb74e-b13e-4a52-a48c-82d13a59421a", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-f93958c0-8d83-11ec-ac12-4bc77fa14e95", - "name": "42b64f1c-9526-4430-8f62-cc6596cf07d7:panel_42b64f1c-9526-4430-8f62-cc6596cf07d7", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-5c6ce550-8d85-11ec-ac12-4bc77fa14e95", - "name": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494:panel_b2fe20be-cad5-4bfa-abd1-c9b069fd2494", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-ee77a260-8d84-11ec-ac12-4bc77fa14e95", - "name": "ef6af3c0-10e9-46af-933c-a032464bdecf:panel_ef6af3c0-10e9-46af-933c-a032464bdecf", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-6efc6240-8d8a-11ec-ac12-4bc77fa14e95", - "name": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc:panel_f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-ee670e50-8d89-11ec-ac12-4bc77fa14e95", - "name": "247ad399-6383-4bf0-910e-9cb6767781c3:panel_247ad399-6383-4bf0-910e-9cb6767781c3", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-10f699d0-8d8b-11ec-ac12-4bc77fa14e95", - "name": "5c60fc1b-5ad1-4036-8adc-ce9adf455758:panel_5c60fc1b-5ad1-4036-8adc-ce9adf455758", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-71058370-e323-11ec-8642-e7f3d8b25a9b", - "name": "0a228399-6f69-4803-b4cd-65f30dca5890:panel_0a228399-6f69-4803-b4cd-65f30dca5890", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-d49a3710-8d96-11ec-ac12-4bc77fa14e95", - "name": "5b015940-3fee-411a-be82-661078ead366:panel_5b015940-3fee-411a-be82-661078ead366", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-a5d6fa30-8d8c-11ec-ac12-4bc77fa14e95", - "name": "655bc1d2-5c31-4a38-9759-ab72f88bdb92:panel_655bc1d2-5c31-4a38-9759-ab72f88bdb92", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-89932a20-8d86-11ec-ac12-4bc77fa14e95", - "name": "8cdf7cdc-1858-4561-9e3b-5b5c73498586:panel_8cdf7cdc-1858-4561-9e3b-5b5c73498586", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-928cff80-8d8a-11ec-ac12-4bc77fa14e95", - "name": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c:panel_2d6c60e3-32cc-4746-bc7d-3fa40b80447c", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95", - "name": "bc34dc1a-ba27-489e-a950-90a978974351:panel_bc34dc1a-ba27-489e-a950-90a978974351", - "type": "search" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "c54d9223-56ad-42b4-9452-a44657dbcd6e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d3728fd5-5390-4448-8f26-277521569f30:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5f57acd4-74a8-4d97-9e7b-d7b069efc867:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "909c2914-4695-42dd-aa36-93e043a5c025:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9e320d15-f9df-4aea-9564-ac1c4257b51b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ed2de824-c493-4240-a6b5-329889c40c43:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bf749130-3138-45fe-a010-5b30b4636e7b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "44ed553e-d5cc-4841-85e9-0d8af122086a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cd3cb74e-b13e-4a52-a48c-82d13a59421a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "42b64f1c-9526-4430-8f62-cc6596cf07d7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ef6af3c0-10e9-46af-933c-a032464bdecf:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "247ad399-6383-4bf0-910e-9cb6767781c3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5c60fc1b-5ad1-4036-8adc-ce9adf455758:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0a228399-6f69-4803-b4cd-65f30dca5890:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5b015940-3fee-411a-be82-661078ead366:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "655bc1d2-5c31-4a38-9759-ab72f88bdb92:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8cdf7cdc-1858-4561-9e3b-5b5c73498586:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json index 5ccbec6f44f..e74d2d94997 100644 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json @@ -1,128 +1,310 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:26:25.990Z", + "version": "WzY4NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 831 + } + ] + } + }, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Request URLs", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "URL", + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "c8d90872-b3b3-447d-a9fc-ada6409efeb2", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "table": null, - "vis": { - "params": { - "colWidth": [ - { - "colIndex": 0, - "width": 831 - } - ] - } - } - }, - "gridData": { - "h": 15, - "i": "c8d90872-b3b3-447d-a9fc-ada6409efeb2", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "c8d90872-b3b3-447d-a9fc-ada6409efeb2", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "c8d90872-b3b3-447d-a9fc-ada6409efeb2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Client IPs", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "16128cf1-2134-46a9-9fd3-19889a2a6c9e", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "16128cf1-2134-46a9-9fd3-19889a2a6c9e", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client IPs", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "16128cf1-2134-46a9-9fd3-19889a2a6c9e", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "16128cf1-2134-46a9-9fd3-19889a2a6c9e", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Audit Logs by Flag Status", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "84a10ea8-959c-4fe7-852d-835b3786ed17", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "84a10ea8-959c-4fe7-852d-835b3786ed17", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "cd3e5a79-3640-47ff-95cd-c54debb5ee2d", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "cd3e5a79-3640-47ff-95cd-c54debb5ee2d", - "panelRefName": "panel_3", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flagged", + "field": "carbon_black_cloud.audit.flagged", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" + } + } } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Audit Logs", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "carbon_black_cloud-ee2098d0-8d70-11ec-ac12-4bc77fa14e95", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "carbon_black_cloud-0f420ad0-8d71-11ec-ac12-4bc77fa14e95", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "84a10ea8-959c-4fe7-852d-835b3786ed17", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "carbon_black_cloud-a6d2a900-8d70-11ec-ac12-4bc77fa14e95", - "name": "panel_2", - "type": "visualization" + "panelIndex": "84a10ea8-959c-4fe7-852d-835b3786ed17", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95", - "name": "panel_3", - "type": "search" - } + "gridData": { + "h": 18, + "i": "cd3e5a79-3640-47ff-95cd-c54debb5ee2d", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "cd3e5a79-3640-47ff-95cd-c54debb5ee2d", + "panelRefName": "panel_3", + "type": "search", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Carbon Black Cloud] Audit Logs", + "version": 1 + }, + "references": [ + { + "id": "carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95", + "name": "panel_3", + "type": "search" + }, + { + "type": "index-pattern", + "name": "c8d90872-b3b3-447d-a9fc-ada6409efeb2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16128cf1-2134-46a9-9fd3-19889a2a6c9e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "84a10ea8-959c-4fe7-852d-835b3786ed17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json index fa3ad82ca89..fcf427f8b59 100644 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json @@ -1,429 +1,1345 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:26:25.990Z", + "version": "WzY4NywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "carbon_black_cloud.endpoint_event.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "index": "logs-*", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" } + } + }, + "description": "", + "id": "", + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "", + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } } + }, + "vis": { + "legendOpen": true + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "carbon_black_cloud.endpoint_event.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8", - "title": "[Carbon Black Cloud] Top 10 Event Types", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8", + "title": "[Carbon Black Cloud] Top 10 Event Types", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Endpoint Events by OS", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "bee43023-c427-4176-ba31-2c4831cbc44e", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "bee43023-c427-4176-ba31-2c4831cbc44e", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1727b9fb-4ba0-4f78-aa54-0d52db62b624", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "1727b9fb-4ba0-4f78-aa54-0d52db62b624", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "10a11498-6416-4b72-adc6-78a5d7937428", - "w": 24, - "x": 24, - "y": 15 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "10a11498-6416-4b72-adc6-78a5d7937428", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "719006b6-32b2-4ed0-aecd-a1a1f37b471b", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "719006b6-32b2-4ed0-aecd-a1a1f37b471b", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "735f366c-91c5-4f33-961f-4db200acc05c", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "735f366c-91c5-4f33-961f-4db200acc05c", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "14a95a5a-61e8-459c-95bc-d1b11eed9054", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "14a95a5a-61e8-459c-95bc-d1b11eed9054", - "panelRefName": "panel_5", - "title": "[Carbon Black Cloud] Top 10 Device External IP", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3cc67760-3bba-4282-b91e-db120e8abe4e", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "3cc67760-3bba-4282-b91e-db120e8abe4e", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device OS", + "field": "carbon_black_cloud.endpoint_event.device.os", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bee43023-c427-4176-ba31-2c4831cbc44e", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "bee43023-c427-4176-ba31-2c4831cbc44e", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Actions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "9df5251e-52af-4509-b30e-d62f8ef9a3a3", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "9df5251e-52af-4509-b30e-d62f8ef9a3a3", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Actions", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1727b9fb-4ba0-4f78-aa54-0d52db62b624", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "1727b9fb-4ba0-4f78-aa54-0d52db62b624", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Sensor Actions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "04d664de-8814-4314-8f6e-2774b11ab572", - "w": 24, - "x": 24, - "y": 60 + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "04d664de-8814-4314-8f6e-2774b11ab572", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sensor Action", + "field": "carbon_black_cloud.endpoint_event.sensor_action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "10a11498-6416-4b72-adc6-78a5d7937428", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "10a11498-6416-4b72-adc6-78a5d7937428", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Event Origin", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Origin", + "field": "carbon_black_cloud.endpoint_event.event_origin", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "719006b6-32b2-4ed0-aecd-a1a1f37b471b", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "719006b6-32b2-4ed0-aecd-a1a1f37b471b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Devices", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f57a7bf6-bc25-433b-8019-6489124907b6", - "w": 24, - "x": 24, - "y": 75 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "f57a7bf6-bc25-433b-8019-6489124907b6", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Name", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "735f366c-91c5-4f33-961f-4db200acc05c", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "735f366c-91c5-4f33-961f-4db200acc05c", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Device External IP", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c9984aec-8f3f-456a-aa80-b1fc314eb681", - "w": 24, - "x": 0, - "y": 90 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "c9984aec-8f3f-456a-aa80-b1fc314eb681", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device External IP", + "field": "carbon_black_cloud.endpoint_event.device.external_ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "14a95a5a-61e8-459c-95bc-d1b11eed9054", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "14a95a5a-61e8-459c-95bc-d1b11eed9054", + "title": "[Carbon Black Cloud] Top 10 Device External IP", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3232147b-0914-4432-ba42-0c6c03414e4b", - "w": 24, - "x": 24, - "y": 90 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "3232147b-0914-4432-ba42-0c6c03414e4b", - "panelRefName": "panel_12", - "title": "[Carbon Black Cloud] Top 10 Effective Reputation of Loaded Modules", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Publisher Name", + "field": "carbon_black_cloud.endpoint_event.process.publisher.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3cc67760-3bba-4282-b91e-db120e8abe4e", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "3cc67760-3bba-4282-b91e-db120e8abe4e", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Child Process Publisher Name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "391470e2-57a0-46c7-86bd-f66c6eb2ed66", - "w": 48, - "x": 0, - "y": 105 - }, - "panelIndex": "391470e2-57a0-46c7-86bd-f66c6eb2ed66", - "panelRefName": "panel_13", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Child Process Publisher Name", + "field": "carbon_black_cloud.endpoint_event.childproc.publisher.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 8 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Endpoint Event", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" + } }, - { - "id": "carbon_black_cloud-3afe1750-9630-11ec-864c-3332b2a355f7", - "name": "panel_0", - "type": "visualization" + "gridData": { + "h": 15, + "i": "9df5251e-52af-4509-b30e-d62f8ef9a3a3", + "w": 24, + "x": 0, + "y": 60 }, - { - "id": "carbon_black_cloud-11df3480-9630-11ec-864c-3332b2a355f7", - "name": "panel_1", - "type": "visualization" + "panelIndex": "9df5251e-52af-4509-b30e-d62f8ef9a3a3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Process Username", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Username", + "field": "carbon_black_cloud.endpoint_event.process.username", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } }, - { - "id": "carbon_black_cloud-c6cfa8d0-962f-11ec-864c-3332b2a355f7", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "04d664de-8814-4314-8f6e-2774b11ab572", + "w": 24, + "x": 24, + "y": 60 }, - { - "id": "carbon_black_cloud-2d324250-963e-11ec-864c-3332b2a355f7", - "name": "panel_3", - "type": "visualization" + "panelIndex": "04d664de-8814-4314-8f6e-2774b11ab572", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Child Process Username", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Child Process Username", + "field": "carbon_black_cloud.endpoint_event.childproc.username", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 9 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } }, - { - "id": "carbon_black_cloud-949c1d00-9628-11ec-864c-3332b2a355f7", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba", + "w": 24, + "x": 0, + "y": 75 }, - { - "id": "carbon_black_cloud-f28910d0-9628-11ec-864c-3332b2a355f7", - "name": "panel_5", - "type": "visualization" + "panelIndex": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Process Publisher State", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Publisher State", + "field": "carbon_black_cloud.endpoint_event.process.publisher.state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } }, - { - "id": "carbon_black_cloud-76fe1db0-962e-11ec-864c-3332b2a355f7", - "name": "panel_6", - "type": "visualization" + "gridData": { + "h": 15, + "i": "f57a7bf6-bc25-433b-8019-6489124907b6", + "w": 24, + "x": 24, + "y": 75 }, - { - "id": "carbon_black_cloud-ae34ca40-962e-11ec-864c-3332b2a355f7", - "name": "panel_7", - "type": "visualization" + "panelIndex": "f57a7bf6-bc25-433b-8019-6489124907b6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Child Process Publisher State", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Child Process Publisher State", + "field": "carbon_black_cloud.endpoint_event.childproc.publisher.state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } }, - { - "id": "carbon_black_cloud-f7681be0-962e-11ec-864c-3332b2a355f7", - "name": "panel_8", - "type": "visualization" + "gridData": { + "h": 15, + "i": "c9984aec-8f3f-456a-aa80-b1fc314eb681", + "w": 24, + "x": 0, + "y": 90 }, - { - "id": "carbon_black_cloud-2be6ad50-962f-11ec-864c-3332b2a355f7", - "name": "panel_9", - "type": "visualization" + "panelIndex": "c9984aec-8f3f-456a-aa80-b1fc314eb681", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Effective reputation of the loaded modules", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Effective Reputation of Loaded Modules", + "field": "carbon_black_cloud.endpoint_event.modload.effective_reputation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + } + } + } + } }, - { - "id": "carbon_black_cloud-53d65ef0-962f-11ec-864c-3332b2a355f7", - "name": "panel_10", - "type": "visualization" + "gridData": { + "h": 15, + "i": "3232147b-0914-4432-ba42-0c6c03414e4b", + "w": 24, + "x": 24, + "y": 90 }, - { - "id": "carbon_black_cloud-7a6261e0-962f-11ec-864c-3332b2a355f7", - "name": "panel_11", - "type": "visualization" + "panelIndex": "3232147b-0914-4432-ba42-0c6c03414e4b", + "title": "[Carbon Black Cloud] Top 10 Effective Reputation of Loaded Modules", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "carbon_black_cloud-a7ce1420-9630-11ec-864c-3332b2a355f7", - "name": "panel_12", - "type": "visualization" + "gridData": { + "h": 16, + "i": "391470e2-57a0-46c7-86bd-f66c6eb2ed66", + "w": 48, + "x": 0, + "y": 105 }, - { - "id": "carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7", - "name": "panel_13", - "type": "search" - } + "panelIndex": "391470e2-57a0-46c7-86bd-f66c6eb2ed66", + "panelRefName": "panel_13", + "type": "search", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Carbon Black Cloud] Endpoint Event", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7", + "name": "panel_13", + "type": "search" + }, + { + "type": "index-pattern", + "name": "bee43023-c427-4176-ba31-2c4831cbc44e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1727b9fb-4ba0-4f78-aa54-0d52db62b624:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "10a11498-6416-4b72-adc6-78a5d7937428:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "719006b6-32b2-4ed0-aecd-a1a1f37b471b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "735f366c-91c5-4f33-961f-4db200acc05c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14a95a5a-61e8-459c-95bc-d1b11eed9054:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3cc67760-3bba-4282-b91e-db120e8abe4e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9df5251e-52af-4509-b30e-d62f8ef9a3a3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "04d664de-8814-4314-8f6e-2774b11ab572:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f57a7bf6-bc25-433b-8019-6489124907b6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c9984aec-8f3f-456a-aa80-b1fc314eb681:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3232147b-0914-4432-ba42-0c6c03414e4b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json index dbe28f79a83..c4a99142a69 100644 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json @@ -1,257 +1,777 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:26:25.990Z", + "version": "WzY4OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "table": null, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "Distribution of Asset Vulnerability Summary by OS Type, OS Version", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "row": true, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Type", + "field": "host.os.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Version", + "field": "host.os.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "604c7824-2086-4750-bd55-42ffffa9fc11", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "604c7824-2086-4750-bd55-42ffffa9fc11", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "604c7824-2086-4750-bd55-42ffffa9fc11", - "panelRefName": "panel_0", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by OS Type, OS Version", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "604c7824-2086-4750-bd55-42ffffa9fc11", + "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by OS Type, OS Version", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "table": null, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Asset Vulnerability Summary by Sync Status", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "bd12665d-43af-45c1-b05e-556ed72556fa", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "bd12665d-43af-45c1-b05e-556ed72556fa", - "panelRefName": "panel_1", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Sync Status", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "fab676af-f870-4fd6-ac5d-3e17a224aaa8", - "w": 24, - "x": 0, - "y": 15 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "fab676af-f870-4fd6-ac5d-3e17a224aaa8", - "panelRefName": "panel_2", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Severity", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sync Status", + "field": "carbon_black_cloud.asset_vulnerability_summary.sync.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bd12665d-43af-45c1-b05e-556ed72556fa", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "bd12665d-43af-45c1-b05e-556ed72556fa", + "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Sync Status", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "table": null, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Asset Vulnerability Summary by Severity", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e3d4c200-17e9-4303-9073-b9dc8c95a790", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "e3d4c200-17e9-4303-9073-b9dc8c95a790", - "panelRefName": "panel_3", - "title": "[Carbon Black Cloud] Top 10 Hosts with Highest Vulnerability Count", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "624500b9-5f23-4c1c-b84b-83c5f20b72bb", - "w": 24, - "x": 0, - "y": 30 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "624500b9-5f23-4c1c-b84b-83c5f20b72bb", - "panelRefName": "panel_4", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Sync Type", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "vulnerability.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "fab676af-f870-4fd6-ac5d-3e17a224aaa8", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "fab676af-f870-4fd6-ac5d-3e17a224aaa8", + "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Severity", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Hosts with Highest Vulnerability Count", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "0ec67461-93e2-49df-bcd9-3407fabd5832", - "w": 24, - "x": 24, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Vulnerability Count", + "field": "carbon_black_cloud.asset_vulnerability_summary.vuln_count" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "0ec67461-93e2-49df-bcd9-3407fabd5832", - "panelRefName": "panel_5", - "title": "[Carbon Black Cloud] Top 10 Hosts with Highest Risk Score", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Hostname", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e3d4c200-17e9-4303-9073-b9dc8c95a790", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "e3d4c200-17e9-4303-9073-b9dc8c95a790", + "title": "[Carbon Black Cloud] Top 10 Hosts with Highest Vulnerability Count", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "table": null, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Asset Vulnerability Summary by Sync Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "66d4f664-5644-48c9-b179-ddd94e1a3e46", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "66d4f664-5644-48c9-b179-ddd94e1a3e46", - "panelRefName": "panel_6", - "title": "[Carbon Black Cloud] Top 10 OS Names", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "6e5579cc-cd91-4f7b-a221-e9bed77aa2b5", - "w": 48, - "x": 0, - "y": 60 - }, - "panelIndex": "6e5579cc-cd91-4f7b-a221-e9bed77aa2b5", - "panelRefName": "panel_7", - "title": "[Carbon Black Cloud] Asset Vulnerability Assessment Essential Details", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sync type", + "field": "carbon_black_cloud.asset_vulnerability_summary.sync.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "624500b9-5f23-4c1c-b84b-83c5f20b72bb", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "624500b9-5f23-4c1c-b84b-83c5f20b72bb", + "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Sync Type", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Hosts with Highest Risk Score", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Risk Score", + "field": "vulnerability.score.base" + }, + "schema": "metric", + "type": "max" }, - "gridData": { - "h": 15, - "i": "244dc3ee-7810-4f22-b915-bc0a8118fb2a", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "244dc3ee-7810-4f22-b915-bc0a8118fb2a", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Hostname", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Asset Vulnerability Summary", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "carbon_black_cloud-56130b90-954a-11ec-8b9d-35e42c3f7fcf", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "carbon_black_cloud-7caf3b20-954a-11ec-8b9d-35e42c3f7fcf", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "0ec67461-93e2-49df-bcd9-3407fabd5832", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "carbon_black_cloud-70cdb250-954a-11ec-8b9d-35e42c3f7fcf", - "name": "panel_2", - "type": "visualization" + "panelIndex": "0ec67461-93e2-49df-bcd9-3407fabd5832", + "title": "[Carbon Black Cloud] Top 10 Hosts with Highest Risk Score", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 OS Names", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "row": false, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Names", + "field": "host.os.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } + } + } }, - { - "id": "carbon_black_cloud-6bfd1770-954a-11ec-8b9d-35e42c3f7fcf", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "66d4f664-5644-48c9-b179-ddd94e1a3e46", + "w": 24, + "x": 24, + "y": 45 }, - { - "id": "carbon_black_cloud-792a3310-954a-11ec-8b9d-35e42c3f7fcf", - "name": "panel_4", - "type": "visualization" + "panelIndex": "66d4f664-5644-48c9-b179-ddd94e1a3e46", + "title": "[Carbon Black Cloud] Top 10 OS Names", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "carbon_black_cloud-750fefe0-954a-11ec-8b9d-35e42c3f7fcf", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 20, + "i": "6e5579cc-cd91-4f7b-a221-e9bed77aa2b5", + "w": 48, + "x": 0, + "y": 60 }, - { - "id": "carbon_black_cloud-68a6c080-954a-11ec-8b9d-35e42c3f7fcf", - "name": "panel_6", - "type": "visualization" + "panelIndex": "6e5579cc-cd91-4f7b-a221-e9bed77aa2b5", + "panelRefName": "panel_7", + "title": "[Carbon Black Cloud] Asset Vulnerability Assessment Essential Details", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "carbon_black_cloud.asset_vulnerability_summary.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + } + } + } + } }, - { - "id": "carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf", - "name": "panel_7", - "type": "search" + "gridData": { + "h": 15, + "i": "244dc3ee-7810-4f22-b915-bc0a8118fb2a", + "w": 24, + "x": 0, + "y": 45 }, - { - "id": "carbon_black_cloud-2d1eedf0-9629-11ec-8b9d-35e42c3f7fcf", - "name": "panel_8", - "type": "visualization" - } + "panelIndex": "244dc3ee-7810-4f22-b915-bc0a8118fb2a", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Carbon Black Cloud] Asset Vulnerability Summary", + "version": 1 + }, + "references": [ + { + "id": "carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf", + "name": "panel_7", + "type": "search" + }, + { + "type": "index-pattern", + "name": "604c7824-2086-4750-bd55-42ffffa9fc11:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bd12665d-43af-45c1-b05e-556ed72556fa:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fab676af-f870-4fd6-ac5d-3e17a224aaa8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e3d4c200-17e9-4303-9073-b9dc8c95a790:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "624500b9-5f23-4c1c-b84b-83c5f20b72bb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0ec67461-93e2-49df-bcd9-3407fabd5832:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "66d4f664-5644-48c9-b179-ddd94e1a3e46:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "244dc3ee-7810-4f22-b915-bc0a8118fb2a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json index 54addd44ae2..65affa24f81 100644 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json @@ -1,728 +1,1384 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:26:25.990Z", + "version": "WzY4OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Device Names", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Name", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "8dc3cf12-046a-4901-b213-c29985291e77", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8dc3cf12-046a-4901-b213-c29985291e77", - "w": 24, - "x": 0, - "y": 0 + "panelIndex": "8dc3cf12-046a-4901-b213-c29985291e77", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8dc3cf12-046a-4901-b213-c29985291e77", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device External IP", + "field": "carbon_black_cloud.watchlist_hit.device.external_ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device External IP", - "field": "carbon_black_cloud.watchlist_hit.device.external_ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "", - "type": "table", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4", - "title": "[Carbon Black Cloud] Top 10 Device External IPs", - "type": "visualization", - "version": "7.17.0" + "description": "", + "id": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Watchlist Hit Name", - "field": "carbon_black_cloud.watchlist_hit.watchlists.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Watchlist Hit Names", - "type": "table", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "3d454d18-6baa-40de-aa94-4ebfaee9a759", - "w": 24, - "x": 0, - "y": 15 + "title": "", + "type": "table", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4", + "title": "[Carbon Black Cloud] Top 10 Device External IPs", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "3d454d18-6baa-40de-aa94-4ebfaee9a759", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Watchlist Hit Name", + "field": "carbon_black_cloud.watchlist_hit.watchlists.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Severity", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "b0289aae-02bb-472e-8a22-07ff9f5d2372", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "b0289aae-02bb-472e-8a22-07ff9f5d2372", - "type": "visualization", - "version": "7.17.0" + "description": "", + "id": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Reputation", - "field": "carbon_black_cloud.watchlist_hit.process.reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "d29f5a98-736d-4f47-877e-b4552d15f889", - "w": 24, - "x": 0, - "y": 30 + "title": "[Carbon Black Cloud] Top 10 Watchlist Hit Names", + "type": "table", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "3d454d18-6baa-40de-aa94-4ebfaee9a759", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3d454d18-6baa-40de-aa94-4ebfaee9a759", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "d29f5a98-736d-4f47-877e-b4552d15f889", - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Process Reputation", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "event.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Reputation", - "field": "carbon_black_cloud.watchlist_hit.process.parent.reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Process Reputation", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b", - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Parent Process Reputation", - "type": "visualization", - "version": "7.17.0" + "description": "", + "id": "", + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0", - "w": 24, - "x": 0, - "y": 45 + "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Severity", + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } + } + }, + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "b0289aae-02bb-472e-8a22-07ff9f5d2372", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "b0289aae-02bb-472e-8a22-07ff9f5d2372", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0", - "panelRefName": "panel_1", - "title": "[Carbon Black Cloud] Top 10 Process Publisher Names", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Reputation", + "field": "carbon_black_cloud.watchlist_hit.process.reputation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5271fb1f-64a6-461e-b2de-4abc76736af6", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "5271fb1f-64a6-461e-b2de-4abc76736af6", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + "description": "", + "id": "", + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9c2fdcbe-43cb-4070-88ef-03e6e5082636", - "w": 24, - "x": 0, - "y": 60 + "title": "", + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } + } + }, + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "d29f5a98-736d-4f47-877e-b4552d15f889", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "d29f5a98-736d-4f47-877e-b4552d15f889", + "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Process Reputation", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "9c2fdcbe-43cb-4070-88ef-03e6e5082636", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Parent Process Reputation", + "field": "carbon_black_cloud.watchlist_hit.process.parent.reputation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.17.0" + "description": "", + "id": "", + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "d02cda3a-ceef-4766-b25b-456733be2a66", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "d02cda3a-ceef-4766-b25b-456733be2a66", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.17.0" + "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Process Reputation", + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } + } + }, + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b", + "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Parent Process Reputation", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5b66a72e-ce08-441c-8705-bb632b896745", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "5b66a72e-ce08-441c-8705-bb632b896745", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Publisher Name", + "field": "carbon_black_cloud.watchlist_hit.process.publisher.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0", + "title": "[Carbon Black Cloud] Top 10 Process Publisher Names", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher Names", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6bff08c7-8ffb-423e-87de-f7585aa6bc86", - "w": 24, - "x": 0, - "y": 90 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "6bff08c7-8ffb-423e-87de-f7585aa6bc86", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Parent Process Publisher Name", + "field": "carbon_black_cloud.watchlist_hit.process.parent.publisher.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5271fb1f-64a6-461e-b2de-4abc76736af6", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "5271fb1f-64a6-461e-b2de-4abc76736af6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Process Usernames", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "437c123b-c447-476e-a28b-f3d965a50968", - "w": 24, - "x": 24, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Username", + "field": "carbon_black_cloud.watchlist_hit.process.username", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "9c2fdcbe-43cb-4070-88ef-03e6e5082636", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "9c2fdcbe-43cb-4070-88ef-03e6e5082636", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Parent Process Usernames", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "437c123b-c447-476e-a28b-f3d965a50968", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Parent Process Username", + "field": "carbon_black_cloud.watchlist_hit.process.parent.username", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by OS", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "33d80097-0089-4b48-8fd9-5dcda9e58e48", - "w": 24, - "x": 0, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS", + "field": "carbon_black_cloud.watchlist_hit.device.os", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d02cda3a-ceef-4766-b25b-456733be2a66", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "d02cda3a-ceef-4766-b25b-456733be2a66", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 IOC Hits", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "33d80097-0089-4b48-8fd9-5dcda9e58e48", - "panelRefName": "panel_9", - "title": "[Carbon Black Cloud] Top 10 Process Publisher States", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IOC Hit", + "field": "carbon_black_cloud.watchlist_hit.ioc.hit", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5b66a72e-ce08-441c-8705-bb632b896745", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "5b66a72e-ce08-441c-8705-bb632b896745", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Report Names", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "50a006ac-7108-47e5-adef-876c15fc8b44", - "w": 24, - "x": 24, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Report Name", + "field": "carbon_black_cloud.watchlist_hit.report.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6bff08c7-8ffb-423e-87de-f7585aa6bc86", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "6bff08c7-8ffb-423e-87de-f7585aa6bc86", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Report Tags", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "50a006ac-7108-47e5-adef-876c15fc8b44", - "panelRefName": "panel_10", - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher States", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Watchlist Hit by Report Tag", + "field": "carbon_black_cloud.watchlist_hit.report.tags", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "437c123b-c447-476e-a28b-f3d965a50968", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "437c123b-c447-476e-a28b-f3d965a50968", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Process Publisher State", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 31, - "i": "cfec84cb-87af-4b98-b855-17372eee70c8", - "w": 48, - "x": 0, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process Publisher State", + "field": "carbon_black_cloud.watchlist_hit.process.publisher.state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "33d80097-0089-4b48-8fd9-5dcda9e58e48", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "33d80097-0089-4b48-8fd9-5dcda9e58e48", + "title": "[Carbon Black Cloud] Top 10 Process Publisher States", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher State", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "cfec84cb-87af-4b98-b855-17372eee70c8", - "panelRefName": "panel_11", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Parent Process Publisher State", + "field": "carbon_black_cloud.watchlist_hit.process.parent.publisher.state", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" + } + } } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Watchlist Hit", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "50a006ac-7108-47e5-adef-876c15fc8b44", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "50a006ac-7108-47e5-adef-876c15fc8b44", + "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher States", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 31, + "i": "cfec84cb-87af-4b98-b855-17372eee70c8", + "w": 48, + "x": 0, + "y": 120 + }, + "panelIndex": "cfec84cb-87af-4b98-b855-17372eee70c8", + "panelRefName": "panel_11", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Carbon Black Cloud] Watchlist Hit", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826", - "migrationVersion": { - "dashboard": "7.17.0" + { + "id": "logs-*", + "name": "3d454d18-6baa-40de-aa94-4ebfaee9a759:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" }, - "references": [ - { - "id": "carbon_black_cloud-c3786990-9555-11ec-96f0-8de26c63c826", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3d454d18-6baa-40de-aa94-4ebfaee9a759:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0289aae-02bb-472e-8a22-07ff9f5d2372:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d29f5a98-736d-4f47-877e-b4552d15f889:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "carbon_black_cloud-3aa59c50-955a-11ec-96f0-8de26c63c826", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-6fcd17f0-955a-11ec-96f0-8de26c63c826", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-bb323db0-955a-11ec-96f0-8de26c63c826", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-de59dff0-955a-11ec-96f0-8de26c63c826", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-17537cc0-955c-11ec-96f0-8de26c63c826", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-4dc9e690-955c-11ec-96f0-8de26c63c826", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-715f3ec0-955c-11ec-96f0-8de26c63c826", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-cb70a610-955c-11ec-96f0-8de26c63c826", - "name": "panel_8", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-0296fef0-955d-11ec-96f0-8de26c63c826", - "name": "panel_9", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-28323940-955d-11ec-96f0-8de26c63c826", - "name": "panel_10", - "type": "visualization" - }, - { - "id": "carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826", - "name": "panel_11", - "type": "search" - } - ], - "type": "dashboard" + { + "id": "logs-*", + "name": "b0289aae-02bb-472e-8a22-07ff9f5d2372:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d29f5a98-736d-4f47-877e-b4552d15f889:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826", + "name": "panel_11", + "type": "search" + }, + { + "type": "index-pattern", + "name": "8dc3cf12-046a-4901-b213-c29985291e77:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5271fb1f-64a6-461e-b2de-4abc76736af6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9c2fdcbe-43cb-4070-88ef-03e6e5082636:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d02cda3a-ceef-4766-b25b-456733be2a66:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5b66a72e-ce08-441c-8705-bb632b896745:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6bff08c7-8ffb-423e-87de-f7585aa6bc86:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "437c123b-c447-476e-a28b-f3d965a50968:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "33d80097-0089-4b48-8fd9-5dcda9e58e48:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "50a006ac-7108-47e5-adef-876c15fc8b44:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0296fef0-955d-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0296fef0-955d-11ec-96f0-8de26c63c826.json deleted file mode 100644 index 29ea1b12f17..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0296fef0-955d-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher State", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher State", - "field": "carbon_black_cloud.watchlist_hit.process.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher State", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-0296fef0-955d-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0a8f5e90-8d79-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0a8f5e90-8d79-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index d4c7c3e1293..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0a8f5e90-8d79-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by OS, OS version", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS", - "field": "host.os.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Version", - "field": "host.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": true, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by OS, OS version", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-0a8f5e90-8d79-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0f420ad0-8d71-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0f420ad0-8d71-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 2b251ff1ade..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-0f420ad0-8d71-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Client IPs", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client IPs", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Client IPs", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-0f420ad0-8d71-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-10f699d0-8d8b-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-10f699d0-8d8b-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 727c0553d9a..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-10f699d0-8d8b-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Indicators TTPS", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Indicators TTPS", - "field": "carbon_black_cloud.alert.threat_indicators.ttps", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Indicators TTPS", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-10f699d0-8d8b-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-11df3480-9630-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-11df3480-9630-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 6a767c2cf76..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-11df3480-9630-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Actions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Actions", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Top 10 Actions", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-11df3480-9630-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-17537cc0-955c-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-17537cc0-955c-11ec-96f0-8de26c63c826.json deleted file mode 100644 index d42021ae6f4..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-17537cc0-955c-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by OS", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS", - "field": "carbon_black_cloud.watchlist_hit.device.os", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by OS", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-17537cc0-955c-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-1b554010-8d73-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-1b554010-8d73-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 9be61e23491..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-1b554010-8d73-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Severity", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Severity", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-1b554010-8d73-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-28323940-955d-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-28323940-955d-11ec-96f0-8de26c63c826.json deleted file mode 100644 index 3870497c36f..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-28323940-955d-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher State", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Publisher State", - "field": "carbon_black_cloud.watchlist_hit.process.parent.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher State", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-28323940-955d-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2be6ad50-962f-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2be6ad50-962f-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 6d981efc6d8..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2be6ad50-962f-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Child Process Username", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Child Process Username", - "field": "carbon_black_cloud.endpoint_event.childproc.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 9 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Child Process Username", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-2be6ad50-962f-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d1eedf0-9629-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d1eedf0-9629-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index e8eedf048e5..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d1eedf0-9629-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Type", - "field": "carbon_black_cloud.asset_vulnerability_summary.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-2d1eedf0-9629-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d324250-963e-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d324250-963e-11ec-864c-3332b2a355f7.json deleted file mode 100644 index c37f5d960db..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2d324250-963e-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Event Origin", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Origin", - "field": "carbon_black_cloud.endpoint_event.event_origin", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Event Origin", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-2d324250-963e-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2eafd430-8d83-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2eafd430-8d83-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 80649a317a6..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-2eafd430-8d83-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Category of the Threat Cause", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category of the Threat Cause", - "field": "carbon_black_cloud.alert.threat_cause.threat_category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Category of the Threat Cause", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-2eafd430-8d83-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3aa59c50-955a-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3aa59c50-955a-11ec-96f0-8de26c63c826.json deleted file mode 100644 index da336fb6913..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3aa59c50-955a-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher Name", - "field": "carbon_black_cloud.watchlist_hit.process.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-3aa59c50-955a-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3afe1750-9630-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3afe1750-9630-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 73f22bd87a6..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-3afe1750-9630-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by OS", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device OS", - "field": "carbon_black_cloud.endpoint_event.device.os", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by OS", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-3afe1750-9630-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-4dc9e690-955c-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-4dc9e690-955c-11ec-96f0-8de26c63c826.json deleted file mode 100644 index 1809e02b6ab..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-4dc9e690-955c-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 IOC Hits", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IOC Hit", - "field": "carbon_black_cloud.watchlist_hit.ioc.hit", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 IOC Hits", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-4dc9e690-955c-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-52fde850-8d73-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-52fde850-8d73-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 4c73b7ae9a4..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-52fde850-8d73-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Category", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category", - "field": "carbon_black_cloud.alert.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Category", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-52fde850-8d73-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-53d65ef0-962f-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-53d65ef0-962f-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 6b14c3f32ac..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-53d65ef0-962f-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher State", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher State", - "field": "carbon_black_cloud.endpoint_event.process.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher State", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-53d65ef0-962f-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-56130b90-954a-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-56130b90-954a-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index 9b52e952901..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-56130b90-954a-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "Distribution of Asset Vulnerability Summary by OS Type, OS Version", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Type", - "field": "host.os.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Version", - "field": "host.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Asset Vulnerability Summary by OS Type, OS Version", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-56130b90-954a-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c122d10-8d83-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c122d10-8d83-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 961a992f570..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c122d10-8d83-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Source of the Threat Cause", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source of the Threat Cause", - "field": "carbon_black_cloud.alert.threat_cause.vector", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Source of the Threat Cause", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-5c122d10-8d83-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c6ce550-8d85-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c6ce550-8d85-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 43d402f2796..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-5c6ce550-8d85-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by IOC field", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IOC Field", - "field": "carbon_black_cloud.alert.ioc.field", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by IOC field", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-5c6ce550-8d85-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-68a6c080-954a-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-68a6c080-954a-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index 4087949eb63..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-68a6c080-954a-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "Top 10 OS Names", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Names", - "field": "host.os.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "row": false, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 OS Names", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-68a6c080-954a-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6bfd1770-954a-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6bfd1770-954a-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index f8502e12dca..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6bfd1770-954a-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "Top 10 Hosts with Highest Vulnerability Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Vulnerability Count", - "field": "carbon_black_cloud.asset_vulnerability_summary.vuln_count" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Hosts with Highest Vulnerability Count", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-6bfd1770-954a-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6efc6240-8d8a-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6efc6240-8d8a-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index cd00763c2c6..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6efc6240-8d8a-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Workflow State", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Workflow State", - "field": "carbon_black_cloud.alert.workflow.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Workflow State", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-6efc6240-8d8a-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6fcd17f0-955a-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6fcd17f0-955a-11ec-96f0-8de26c63c826.json deleted file mode 100644 index c9efe326eb0..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-6fcd17f0-955a-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher Names", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Publisher Name", - "field": "carbon_black_cloud.watchlist_hit.process.parent.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher Names", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-6fcd17f0-955a-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-70cdb250-954a-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-70cdb250-954a-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index 693bcd862fc..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-70cdb250-954a-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "Distribution of Asset Vulnerability Summary by Severity", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "vulnerability.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Asset Vulnerability Summary by Severity", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-70cdb250-954a-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-71058370-e323-11ec-8642-e7f3d8b25a9b.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-71058370-e323-11ec-8642-e7f3d8b25a9b.json deleted file mode 100644 index da715105245..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-71058370-e323-11ec-8642-e7f3d8b25a9b.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Threat Cause Actor Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Cause Actor Name", - "field": "carbon_black_cloud.alert.threat_cause.actor.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Threat Cause Actor Name", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-71058370-e323-11ec-8642-e7f3d8b25a9b", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-715f3ec0-955c-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-715f3ec0-955c-11ec-96f0-8de26c63c826.json deleted file mode 100644 index e1d50e85ba8..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-715f3ec0-955c-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Report Names", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Report Name", - "field": "carbon_black_cloud.watchlist_hit.report.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Report Names", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-715f3ec0-955c-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-750fefe0-954a-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-750fefe0-954a-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index af806f25bef..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-750fefe0-954a-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "Top 10 Hosts with Highest Risk Score", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Risk Score", - "field": "vulnerability.score.base" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Hosts with Highest Risk Score", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-750fefe0-954a-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-76fe1db0-962e-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-76fe1db0-962e-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 54295b4645b..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-76fe1db0-962e-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher Name", - "field": "carbon_black_cloud.endpoint_event.process.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-76fe1db0-962e-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-792a3310-954a-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-792a3310-954a-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index 28d9fb632dd..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-792a3310-954a-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "Distribution of Asset Vulnerability Summary by Sync Type", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sync type", - "field": "carbon_black_cloud.asset_vulnerability_summary.sync.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Asset Vulnerability Summary by Sync Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-792a3310-954a-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7a6261e0-962f-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7a6261e0-962f-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 7cc9dde4ec2..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7a6261e0-962f-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Child Process Publisher State", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Child Process Publisher State", - "field": "carbon_black_cloud.endpoint_event.childproc.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Child Process Publisher State", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-7a6261e0-962f-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7caf3b20-954a-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7caf3b20-954a-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index 8cd37cef59c..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-7caf3b20-954a-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "title": "Distribution of Asset Vulnerability Summary by Sync Status", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sync Status", - "field": "carbon_black_cloud.asset_vulnerability_summary.sync.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Asset Vulnerability Summary by Sync Status", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-7caf3b20-954a-11ec-8b9d-35e42c3f7fcf", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-89932a20-8d86-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-89932a20-8d86-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index bcca24ba9b8..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-89932a20-8d86-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 IOC Hit", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IOC Hit", - "field": "carbon_black_cloud.alert.ioc.hit", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 IOC Hit", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-89932a20-8d86-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-8af47260-8d87-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-8af47260-8d87-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index fd732a95312..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-8af47260-8d87-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Watchlist Hit", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Watchlist Hit", - "field": "carbon_black_cloud.alert.watchlists.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Watchlist Hit", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-8af47260-8d87-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-906f65c0-8d81-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-906f65c0-8d81-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 29c5590c54e..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-906f65c0-8d81-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Cause Reputation", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Cause Reputation", - "field": "carbon_black_cloud.alert.threat_cause.reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Cause Reputation", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-906f65c0-8d81-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-928cff80-8d8a-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-928cff80-8d8a-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 332ada0f74b..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-928cff80-8d8a-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Threat Indicators Process Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Indicators Process Name", - "field": "carbon_black_cloud.alert.threat_indicators.process_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Threat Indicators Process Name", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-928cff80-8d8a-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-949c1d00-9628-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-949c1d00-9628-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 8943140cadf..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-949c1d00-9628-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Devices", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Name", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Devices", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-949c1d00-9628-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-97ab53f0-8d84-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-97ab53f0-8d84-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index fa4f4772d4d..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-97ab53f0-8d84-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Run State", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Run State", - "field": "carbon_black_cloud.alert.run_state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Run State", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-97ab53f0-8d84-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-993b8650-8d83-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-993b8650-8d83-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 0e6b75aefbb..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-993b8650-8d83-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Blocked Threat Category", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Blocked Threat Category", - "field": "carbon_black_cloud.alert.blocked_threat_category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Blocked Threat Category", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-993b8650-8d83-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-9a533f40-8d80-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-9a533f40-8d80-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 1222b39f94c..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-9a533f40-8d80-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Sensor Action", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sensor Action", - "field": "carbon_black_cloud.alert.sensor_action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Sensor Action", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-9a533f40-8d80-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a5d6fa30-8d8c-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a5d6fa30-8d8c-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 75d72b46434..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a5d6fa30-8d8c-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Device Username", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Username", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Device Username", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-a5d6fa30-8d8c-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a6d2a900-8d70-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a6d2a900-8d70-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index f70839ee183..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a6d2a900-8d70-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Audit Logs by Flag Status", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Flagged", - "field": "carbon_black_cloud.audit.flagged", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Audit Logs by Flag Status", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-a6d2a900-8d70-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a7ce1420-9630-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a7ce1420-9630-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 0f4ac83f2c9..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-a7ce1420-9630-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Effective reputation of the loaded modules", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Effective Reputation of Loaded Modules", - "field": "carbon_black_cloud.endpoint_event.modload.effective_reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Effective reputation of the loaded modules", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-a7ce1420-9630-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ae34ca40-962e-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ae34ca40-962e-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 56e6ec48878..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ae34ca40-962e-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Child Process Publisher Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Child Process Publisher Name", - "field": "carbon_black_cloud.endpoint_event.childproc.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 8 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Child Process Publisher Name", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-ae34ca40-962e-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-bb323db0-955a-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-bb323db0-955a-11ec-96f0-8de26c63c826.json deleted file mode 100644 index e9eb15f35a0..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-bb323db0-955a-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Process Usernames", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Username", - "field": "carbon_black_cloud.watchlist_hit.process.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Process Usernames", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-bb323db0-955a-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c3786990-9555-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c3786990-9555-11ec-96f0-8de26c63c826.json deleted file mode 100644 index b7c6dd371f8..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c3786990-9555-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Device Names", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Name", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Device Names", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-c3786990-9555-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c6cfa8d0-962f-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c6cfa8d0-962f-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 32178a13b52..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-c6cfa8d0-962f-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Sensor Actions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sensor Action", - "field": "carbon_black_cloud.endpoint_event.sensor_action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Sensor Actions", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-c6cfa8d0-962f-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cb70a610-955c-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cb70a610-955c-11ec-96f0-8de26c63c826.json deleted file mode 100644 index 6abea69efe3..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cb70a610-955c-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Report Tags", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Watchlist Hit by Report Tag", - "field": "carbon_black_cloud.watchlist_hit.report.tags", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Report Tags", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-cb70a610-955c-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cc2d3630-8d83-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cc2d3630-8d83-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 4962dc90289..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-cc2d3630-8d83-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Not Blocked Threat Category", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Not Blocked Threat Category", - "field": "carbon_black_cloud.alert.not_blocked_threat_category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Not Blocked Threat Category", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-cc2d3630-8d83-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d33296f0-8d79-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d33296f0-8d79-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 0862b2d1bca..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d33296f0-8d79-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Policy Names", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Name", - "field": "carbon_black_cloud.alert.policy.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Policy Names", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-d33296f0-8d79-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d49a3710-8d96-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d49a3710-8d96-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 3cf8a62cab9..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-d49a3710-8d96-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Reason Codes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Reason Codes", - "field": "carbon_black_cloud.alert.reason_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Reason Codes", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-d49a3710-8d96-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-de59dff0-955a-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-de59dff0-955a-11ec-96f0-8de26c63c826.json deleted file mode 100644 index 2284f8961ad..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-de59dff0-955a-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Parent Process Usernames", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Username", - "field": "carbon_black_cloud.watchlist_hit.process.parent.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Parent Process Usernames", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-de59dff0-955a-11ec-96f0-8de26c63c826", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee2098d0-8d70-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee2098d0-8d70-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 39ffc9984d8..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee2098d0-8d70-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Request URLs", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "URL", - "field": "url.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Request URLs", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-ee2098d0-8d70-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee670e50-8d89-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee670e50-8d89-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 8885c2cabe7..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee670e50-8d89-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Kill Chain Status", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Kill Chain Status", - "field": "carbon_black_cloud.alert.kill_chain_status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Kill Chain Status", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-ee670e50-8d89-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee77a260-8d84-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee77a260-8d84-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 40135fbf074..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ee77a260-8d84-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Process Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Name", - "field": "process.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Process Name", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-ee77a260-8d84-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f28910d0-9628-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f28910d0-9628-11ec-864c-3332b2a355f7.json deleted file mode 100644 index f1194608268..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f28910d0-9628-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Device External IP", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device External IP", - "field": "carbon_black_cloud.endpoint_event.device.external_ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Device External IP", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-f28910d0-9628-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f3f635b0-8d72-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f3f635b0-8d72-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index bba31378db0..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f3f635b0-8d72-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Alert Type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Type", - "field": "carbon_black_cloud.alert.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Alert Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-f3f635b0-8d72-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f7681be0-962e-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f7681be0-962e-11ec-864c-3332b2a355f7.json deleted file mode 100644 index 30a4b0590a8..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f7681be0-962e-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "title": "[Carbon Black Cloud] Top 10 Process Username", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Username", - "field": "carbon_black_cloud.endpoint_event.process.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Process Username", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-f7681be0-962e-11ec-864c-3332b2a355f7", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f93958c0-8d83-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f93958c0-8d83-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index d22e9286376..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-f93958c0-8d83-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Policy Applied", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Applied", - "field": "carbon_black_cloud.alert.policy.applied", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Policy Applied", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-f93958c0-8d83-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ff34eaa0-8d79-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ff34eaa0-8d79-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index 80c03f048a3..00000000000 --- a/packages/carbon_black_cloud/kibana/visualization/carbon_black_cloud-ff34eaa0-8d79-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Target Value", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target Value", - "field": "carbon_black_cloud.alert.target_value", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Alerts by Target Value", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-ff34eaa0-8d79-11ec-ac12-4bc77fa14e95", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From a06f850b09a432f62e2d489c0bfa5f14042cc4fc Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 26 Oct 2022 00:22:30 +0530 Subject: [PATCH 006/103] migrate cef to by_value --- ...-04749697-de8d-49b3-8eca-c873ab2c5ac9.json | 1386 ++++++++-- ...-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json | 1974 +++++++++++--- ...-56428e01-0c47-4770-8ba4-9345a029ea41.json | 1689 +++++++++--- ...-607f756e-288d-499a-8f8a-33791354ffaf.json | 1689 +++++++++--- ...-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json | 2026 ++++++++++++--- ...-9e352900-89c3-4c1b-863e-249e24d0dac9.json | 2026 ++++++++++++--- ...-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json | 1327 +++++++--- ...-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json | 1763 ++++++++++--- ...-db1e1aca-279e-4ecc-b84e-fe58644f7619.json | 1562 +++++++++--- ...-dd0bc9af-2e89-4150-9b42-62517ea56b71.json | 2271 +++++++++++++---- ...-013ff153-7b80-490b-8fec-6e56cba785ed.json | 63 - ...-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json | 133 - ...-04096ec6-9644-4da7-bba3-35da7882f87d.json | 63 - ...-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json | 63 - ...-07a4a351-d282-44a1-85b0-bc7e846f8471.json | 87 - ...-0959df23-10c9-47fd-bebd-c382007b3584.json | 34 - ...-0a202432-3dbd-49c0-af57-623ffb90211d.json | 150 -- ...-0a5276a2-907b-4319-88ab-86fe5ade8b38.json | 116 - ...-0abfc226-535b-45a2-b534-e9bc87e5584f.json | 115 - ...-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json | 121 - ...-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json | 116 - ...-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json | 138 - ...-118af639-1f37-4541-a960-5a3ff0613e0e.json | 148 -- ...-1204cf27-05e0-4905-bfa1-688aaaaaa840.json | 64 - ...-1479b35b-1bf3-4767-a510-9d210e010342.json | 64 - ...-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json | 123 - ...-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json | 122 - ...-19e44299-4e2a-4da4-a9e5-595b428d49dd.json | 155 -- ...-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json | 97 - ...-1bd44f46-e28d-4a2d-8245-6994372155ab.json | 129 - ...-1c869759-1d3e-4898-b9c7-d2604ed38655.json | 113 - ...-249e2737-b41f-4115-b303-88bc9d279655.json | 121 - ...-255c0885-6349-4ab4-ba00-f055c6cc8000.json | 64 - ...-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json | 155 -- ...-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json | 178 -- ...-2726382e-638a-4dcc-94fc-0ffdc0f92048.json | 115 - ...-291cd92f-52c4-421b-b354-468318ba3e65.json | 133 - ...-295986d4-d2ea-4541-8e82-7dc95c0cd830.json | 106 - ...-2a0a7692-9a08-449f-bcef-b85de1855fd5.json | 102 - ...-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json | 78 - ...-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json | 63 - ...-316fdc75-7215-4c6b-8e1b-70a097b34e28.json | 78 - ...-33290695-4eb1-4270-9e63-7083e7b132ed.json | 116 - ...-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json | 109 - ...-38061262-edbe-4ccc-8c5c-d22c480b3c64.json | 63 - ...-38fd061a-0976-4005-b0d3-729d693cdd5d.json | 122 - ...-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json | 65 - ...-490c415c-b859-4ed0-a2a4-5c4968084985.json | 178 -- ...-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json | 141 - ...-499f50ba-2f84-4f7c-9021-73a4efc47921.json | 167 -- ...-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json | 64 - ...-4c86b51e-6886-4484-98a2-508e92b455bb.json | 123 - ...-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json | 64 - ...-535a7bf8-a701-4016-86c0-038bc6d9d069.json | 107 - ...-56247c19-7aa5-475d-b074-5b0cd4794f0c.json | 64 - ...-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json | 129 - ...-589fec8c-336e-4122-8fef-a450bddf84f6.json | 64 - ...-59ad829b-12b8-4256-95a5-e7078eda628b.json | 199 -- ...-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json | 104 - ...-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json | 201 -- ...-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json | 109 - ...-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json | 78 - ...-655beadd-2678-4495-8793-72b5780f6283.json | 64 - ...-677891a1-90c4-4273-b126-f0e54689bd76.json | 34 - ...-718b074e-3dd1-4d03-ba11-7f869cdcd703.json | 138 - ...-7454c034-c5f3-48fe-8fce-ef4385c80350.json | 133 - ...-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json | 63 - ...-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json | 63 - ...-769e3f37-2b08-4edb-9013-09140a520e69.json | 64 - ...-76c088c3-486e-4420-8840-5ede667edffe.json | 102 - ...-77ee0e91-010b-4897-b483-7e9a907d2afe.json | 111 - ...-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json | 115 - ...-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json | 109 - ...-82a333a7-d9d3-4752-b564-160d4b9f188b.json | 78 - ...-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json | 87 - ...-841a5d3f-c201-4499-a0fd-883247360640.json | 107 - ...-85818e02-7a16-4afa-8278-99c4059ddd82.json | 118 - ...-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json | 199 -- ...-86bd5f13-ca6b-43fa-b209-54e7460344bb.json | 64 - ...-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json | 97 - ...-89998099-9a39-44cf-beba-5b97f0524cf9.json | 149 -- ...-8cd00d20-957d-4663-be4d-ea80b1609586.json | 64 - ...-8f38607c-eb10-410e-aec5-15d8b474211e.json | 138 - ...-8f6075c5-f525-4173-92a4-3a56e96e362d.json | 107 - ...-92aecea0-a632-4a55-bb56-50e4cdaca036.json | 78 - ...-9457ee67-895f-4b78-a543-268f9687a745.json | 101 - ...-98729301-9b46-4169-b99e-1392af8fa563.json | 106 - ...-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json | 113 - ...-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json | 201 -- ...-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json | 63 - ...-a729c249-8d34-4eb1-bbb0-5d25cf224114.json | 107 - ...-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json | 166 -- ...-acc915fe-b971-4795-9040-3fbfdf62abe1.json | 64 - ...-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json | 150 -- ...-b25e0340-0e97-4849-9b89-959b9ad8c958.json | 109 - ...-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json | 133 - ...-b4ac112e-809a-437d-a805-3ff44a67c21c.json | 78 - ...-b7227081-e125-49cb-a580-1be363f06be0.json | 87 - ...-baa6c9ee-dffe-4ea5-bedd-91962700f450.json | 145 -- ...-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json | 64 - ...-c394e650-b16c-407c-b305-bd409d69d433.json | 34 - ...-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json | 63 - ...-cbde6788-7371-4712-b2e0-3eb07e0841f4.json | 64 - ...-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json | 111 - ...-d02dd523-ce91-40e9-9209-83797f80ed45.json | 138 - ...-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json | 133 - ...-d2332147-4293-4422-930b-0a319ebeb958.json | 78 - ...-d3ce586b-d372-4e03-9c19-b768b1b953f3.json | 167 -- ...-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json | 34 - ...-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json | 133 - ...-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json | 106 - ...-daa1fe0b-a698-4429-8e5d-db251502276c.json | 115 - ...-dd339ff5-6b26-4455-ae06-f3b5591479e3.json | 149 -- ...-df056709-2deb-4363-ae7a-b0148ea456c6.json | 150 -- ...-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json | 78 - ...-e513c269-350c-40c3-ac20-16c5782103b8.json | 145 -- ...-e89a64e8-928c-41fc-8745-3c8157b21cdb.json | 118 - ...-efa710e7-907c-4723-92cd-2bd2276f44dd.json | 166 -- ...-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json | 87 - ...-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json | 116 - ...-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json | 106 - ...-f5258de9-71f7-410f-b713-201007f77470.json | 63 - ...-f57734dd-0f32-42b4-94dd-5d597f6735e1.json | 78 - ...-f856a77c-a0fd-4047-afa6-e21a912814c5.json | 101 - ...-fa8b26c1-6973-4381-adb3-bcde0d03a520.json | 178 -- ...-fcf798a8-db8f-4492-827b-8fa7581108a9.json | 178 -- ...-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json | 141 - ...-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json | 150 -- 128 files changed, 14160 insertions(+), 16376 deletions(-) delete mode 100644 packages/cef/kibana/visualization/cef-013ff153-7b80-490b-8fec-6e56cba785ed.json delete mode 100644 packages/cef/kibana/visualization/cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json delete mode 100644 packages/cef/kibana/visualization/cef-04096ec6-9644-4da7-bba3-35da7882f87d.json delete mode 100644 packages/cef/kibana/visualization/cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json delete mode 100644 packages/cef/kibana/visualization/cef-07a4a351-d282-44a1-85b0-bc7e846f8471.json delete mode 100644 packages/cef/kibana/visualization/cef-0959df23-10c9-47fd-bebd-c382007b3584.json delete mode 100644 packages/cef/kibana/visualization/cef-0a202432-3dbd-49c0-af57-623ffb90211d.json delete mode 100644 packages/cef/kibana/visualization/cef-0a5276a2-907b-4319-88ab-86fe5ade8b38.json delete mode 100644 packages/cef/kibana/visualization/cef-0abfc226-535b-45a2-b534-e9bc87e5584f.json delete mode 100644 packages/cef/kibana/visualization/cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json delete mode 100644 packages/cef/kibana/visualization/cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json delete mode 100644 packages/cef/kibana/visualization/cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json delete mode 100644 packages/cef/kibana/visualization/cef-118af639-1f37-4541-a960-5a3ff0613e0e.json delete mode 100644 packages/cef/kibana/visualization/cef-1204cf27-05e0-4905-bfa1-688aaaaaa840.json delete mode 100644 packages/cef/kibana/visualization/cef-1479b35b-1bf3-4767-a510-9d210e010342.json delete mode 100644 packages/cef/kibana/visualization/cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json delete mode 100644 packages/cef/kibana/visualization/cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json delete mode 100644 packages/cef/kibana/visualization/cef-19e44299-4e2a-4da4-a9e5-595b428d49dd.json delete mode 100644 packages/cef/kibana/visualization/cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json delete mode 100644 packages/cef/kibana/visualization/cef-1bd44f46-e28d-4a2d-8245-6994372155ab.json delete mode 100644 packages/cef/kibana/visualization/cef-1c869759-1d3e-4898-b9c7-d2604ed38655.json delete mode 100644 packages/cef/kibana/visualization/cef-249e2737-b41f-4115-b303-88bc9d279655.json delete mode 100644 packages/cef/kibana/visualization/cef-255c0885-6349-4ab4-ba00-f055c6cc8000.json delete mode 100644 packages/cef/kibana/visualization/cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json delete mode 100644 packages/cef/kibana/visualization/cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json delete mode 100644 packages/cef/kibana/visualization/cef-2726382e-638a-4dcc-94fc-0ffdc0f92048.json delete mode 100644 packages/cef/kibana/visualization/cef-291cd92f-52c4-421b-b354-468318ba3e65.json delete mode 100644 packages/cef/kibana/visualization/cef-295986d4-d2ea-4541-8e82-7dc95c0cd830.json delete mode 100644 packages/cef/kibana/visualization/cef-2a0a7692-9a08-449f-bcef-b85de1855fd5.json delete mode 100644 packages/cef/kibana/visualization/cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json delete mode 100644 packages/cef/kibana/visualization/cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json delete mode 100644 packages/cef/kibana/visualization/cef-316fdc75-7215-4c6b-8e1b-70a097b34e28.json delete mode 100644 packages/cef/kibana/visualization/cef-33290695-4eb1-4270-9e63-7083e7b132ed.json delete mode 100644 packages/cef/kibana/visualization/cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json delete mode 100644 packages/cef/kibana/visualization/cef-38061262-edbe-4ccc-8c5c-d22c480b3c64.json delete mode 100644 packages/cef/kibana/visualization/cef-38fd061a-0976-4005-b0d3-729d693cdd5d.json delete mode 100644 packages/cef/kibana/visualization/cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json delete mode 100644 packages/cef/kibana/visualization/cef-490c415c-b859-4ed0-a2a4-5c4968084985.json delete mode 100644 packages/cef/kibana/visualization/cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json delete mode 100644 packages/cef/kibana/visualization/cef-499f50ba-2f84-4f7c-9021-73a4efc47921.json delete mode 100644 packages/cef/kibana/visualization/cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json delete mode 100644 packages/cef/kibana/visualization/cef-4c86b51e-6886-4484-98a2-508e92b455bb.json delete mode 100644 packages/cef/kibana/visualization/cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json delete mode 100644 packages/cef/kibana/visualization/cef-535a7bf8-a701-4016-86c0-038bc6d9d069.json delete mode 100644 packages/cef/kibana/visualization/cef-56247c19-7aa5-475d-b074-5b0cd4794f0c.json delete mode 100644 packages/cef/kibana/visualization/cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json delete mode 100644 packages/cef/kibana/visualization/cef-589fec8c-336e-4122-8fef-a450bddf84f6.json delete mode 100644 packages/cef/kibana/visualization/cef-59ad829b-12b8-4256-95a5-e7078eda628b.json delete mode 100644 packages/cef/kibana/visualization/cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json delete mode 100644 packages/cef/kibana/visualization/cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json delete mode 100644 packages/cef/kibana/visualization/cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json delete mode 100644 packages/cef/kibana/visualization/cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json delete mode 100644 packages/cef/kibana/visualization/cef-655beadd-2678-4495-8793-72b5780f6283.json delete mode 100644 packages/cef/kibana/visualization/cef-677891a1-90c4-4273-b126-f0e54689bd76.json delete mode 100644 packages/cef/kibana/visualization/cef-718b074e-3dd1-4d03-ba11-7f869cdcd703.json delete mode 100644 packages/cef/kibana/visualization/cef-7454c034-c5f3-48fe-8fce-ef4385c80350.json delete mode 100644 packages/cef/kibana/visualization/cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json delete mode 100644 packages/cef/kibana/visualization/cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json delete mode 100644 packages/cef/kibana/visualization/cef-769e3f37-2b08-4edb-9013-09140a520e69.json delete mode 100644 packages/cef/kibana/visualization/cef-76c088c3-486e-4420-8840-5ede667edffe.json delete mode 100644 packages/cef/kibana/visualization/cef-77ee0e91-010b-4897-b483-7e9a907d2afe.json delete mode 100644 packages/cef/kibana/visualization/cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json delete mode 100644 packages/cef/kibana/visualization/cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json delete mode 100644 packages/cef/kibana/visualization/cef-82a333a7-d9d3-4752-b564-160d4b9f188b.json delete mode 100644 packages/cef/kibana/visualization/cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json delete mode 100644 packages/cef/kibana/visualization/cef-841a5d3f-c201-4499-a0fd-883247360640.json delete mode 100644 packages/cef/kibana/visualization/cef-85818e02-7a16-4afa-8278-99c4059ddd82.json delete mode 100644 packages/cef/kibana/visualization/cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json delete mode 100644 packages/cef/kibana/visualization/cef-86bd5f13-ca6b-43fa-b209-54e7460344bb.json delete mode 100644 packages/cef/kibana/visualization/cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json delete mode 100644 packages/cef/kibana/visualization/cef-89998099-9a39-44cf-beba-5b97f0524cf9.json delete mode 100644 packages/cef/kibana/visualization/cef-8cd00d20-957d-4663-be4d-ea80b1609586.json delete mode 100644 packages/cef/kibana/visualization/cef-8f38607c-eb10-410e-aec5-15d8b474211e.json delete mode 100644 packages/cef/kibana/visualization/cef-8f6075c5-f525-4173-92a4-3a56e96e362d.json delete mode 100644 packages/cef/kibana/visualization/cef-92aecea0-a632-4a55-bb56-50e4cdaca036.json delete mode 100644 packages/cef/kibana/visualization/cef-9457ee67-895f-4b78-a543-268f9687a745.json delete mode 100644 packages/cef/kibana/visualization/cef-98729301-9b46-4169-b99e-1392af8fa563.json delete mode 100644 packages/cef/kibana/visualization/cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json delete mode 100644 packages/cef/kibana/visualization/cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json delete mode 100644 packages/cef/kibana/visualization/cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json delete mode 100644 packages/cef/kibana/visualization/cef-a729c249-8d34-4eb1-bbb0-5d25cf224114.json delete mode 100644 packages/cef/kibana/visualization/cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json delete mode 100644 packages/cef/kibana/visualization/cef-acc915fe-b971-4795-9040-3fbfdf62abe1.json delete mode 100644 packages/cef/kibana/visualization/cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json delete mode 100644 packages/cef/kibana/visualization/cef-b25e0340-0e97-4849-9b89-959b9ad8c958.json delete mode 100644 packages/cef/kibana/visualization/cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json delete mode 100644 packages/cef/kibana/visualization/cef-b4ac112e-809a-437d-a805-3ff44a67c21c.json delete mode 100644 packages/cef/kibana/visualization/cef-b7227081-e125-49cb-a580-1be363f06be0.json delete mode 100644 packages/cef/kibana/visualization/cef-baa6c9ee-dffe-4ea5-bedd-91962700f450.json delete mode 100644 packages/cef/kibana/visualization/cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json delete mode 100644 packages/cef/kibana/visualization/cef-c394e650-b16c-407c-b305-bd409d69d433.json delete mode 100644 packages/cef/kibana/visualization/cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json delete mode 100644 packages/cef/kibana/visualization/cef-cbde6788-7371-4712-b2e0-3eb07e0841f4.json delete mode 100644 packages/cef/kibana/visualization/cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json delete mode 100644 packages/cef/kibana/visualization/cef-d02dd523-ce91-40e9-9209-83797f80ed45.json delete mode 100644 packages/cef/kibana/visualization/cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json delete mode 100644 packages/cef/kibana/visualization/cef-d2332147-4293-4422-930b-0a319ebeb958.json delete mode 100644 packages/cef/kibana/visualization/cef-d3ce586b-d372-4e03-9c19-b768b1b953f3.json delete mode 100644 packages/cef/kibana/visualization/cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json delete mode 100644 packages/cef/kibana/visualization/cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json delete mode 100644 packages/cef/kibana/visualization/cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json delete mode 100644 packages/cef/kibana/visualization/cef-daa1fe0b-a698-4429-8e5d-db251502276c.json delete mode 100644 packages/cef/kibana/visualization/cef-dd339ff5-6b26-4455-ae06-f3b5591479e3.json delete mode 100644 packages/cef/kibana/visualization/cef-df056709-2deb-4363-ae7a-b0148ea456c6.json delete mode 100644 packages/cef/kibana/visualization/cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json delete mode 100644 packages/cef/kibana/visualization/cef-e513c269-350c-40c3-ac20-16c5782103b8.json delete mode 100644 packages/cef/kibana/visualization/cef-e89a64e8-928c-41fc-8745-3c8157b21cdb.json delete mode 100644 packages/cef/kibana/visualization/cef-efa710e7-907c-4723-92cd-2bd2276f44dd.json delete mode 100644 packages/cef/kibana/visualization/cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json delete mode 100644 packages/cef/kibana/visualization/cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json delete mode 100644 packages/cef/kibana/visualization/cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json delete mode 100644 packages/cef/kibana/visualization/cef-f5258de9-71f7-410f-b713-201007f77470.json delete mode 100644 packages/cef/kibana/visualization/cef-f57734dd-0f32-42b4-94dd-5d597f6735e1.json delete mode 100644 packages/cef/kibana/visualization/cef-f856a77c-a0fd-4047-afa6-e21a912814c5.json delete mode 100644 packages/cef/kibana/visualization/cef-fa8b26c1-6973-4381-adb3-bcde0d03a520.json delete mode 100644 packages/cef/kibana/visualization/cef-fcf798a8-db8f-4492-827b-8fa7581108a9.json delete mode 100644 packages/cef/kibana/visualization/cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json delete mode 100644 packages/cef/kibana/visualization/cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json diff --git a/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json b/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json index 87ff8a2f9cf..ea79ce357b7 100644 --- a/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json +++ b/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json @@ -1,308 +1,1150 @@ { - "attributes": { - "description": "Suspicious network activity overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false + "id": "cef-04749697-de8d-49b3-8eca-c873ab2c5ac9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc0NSwxXQ==", + "attributes": { + "description": "Suspicious network activity overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Addresses": "#E0752D", - "Destination Ports": "#E24D42" - }, - "legendOpen": false - } - }, - "gridData": { - "h": 12, - "i": "1", - "w": 48, - "x": 0, - "y": 28 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Addresses": "#E0752D", + "Destination Ports": "#E24D42" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "legendOpen": false + }, + "savedVis": { + "title": "Unique Destinations and Ports by Source [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" }, - "gridData": { - "h": 12, - "i": "2", - "w": 16, - "x": 0, - "y": 40 + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 12, - "i": "3", - "w": 16, - "x": 16, - "y": 40 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 48, + "x": 0, + "y": 28 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Addresses [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 8, - "i": "11", - "w": 48, - "x": 0, - "y": 12 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 40 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Ports [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "12", - "w": 24, - "x": 0, - "y": 52 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 24, - "y": 52 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 40 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Severity [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "hide_last_value_indicator": true, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Low\" OR severity:\"0\"" + }, + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Medium\"" + }, + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"High\"" + }, + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Very-High\"" + }, + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "14", - "w": 16, - "x": 32, - "y": 40 + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "11", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "16", - "w": 40, - "x": 0, - "y": 4 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "12", + "w": 24, + "x": 0, + "y": 52 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 50": "rgb(255,255,204)", - "100 - 200": "rgb(253,141,60)", - "200 - 300": "rgb(227,27,28)", - "300 - 400": "rgb(128,0,38)", - "50 - 100": "rgb(254,217,118)" - } - } - }, - "gridData": { - "h": 8, - "i": "17", - "w": 8, - "x": 40, - "y": 4 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Network Suspicious Activity Dashboard", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-04749697-de8d-49b3-8eca-c873ab2c5ac9", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cef-07a4a351-d282-44a1-85b0-bc7e846f8471", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 24, + "y": 52 }, - { - "id": "cef-b7227081-e125-49cb-a580-1be363f06be0", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Ports [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-1c869759-1d3e-4898-b9c7-d2604ed38655", - "name": "5:panel_5", - "type": "visualization" + "gridData": { + "h": 12, + "i": "14", + "w": 16, + "x": 32, + "y": 40 }, - { - "id": "cef-8f38607c-eb10-410e-aec5-15d8b474211e", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "id": "cef-655beadd-2678-4495-8793-72b5780f6283", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "cef-769e3f37-2b08-4edb-9013-09140a520e69", - "name": "13:panel_13", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-cbde6788-7371-4712-b2e0-3eb07e0841f4", - "name": "14:panel_14", - "type": "visualization" + "gridData": { + "h": 8, + "i": "16", + "w": 40, + "x": 0, + "y": 4 }, - { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "15:panel_15", - "type": "visualization" + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 50": "rgb(255,255,204)", + "100 - 200": "rgb(253,141,60)", + "200 - 300": "rgb(227,27,28)", + "300 - 400": "rgb(128,0,38)", + "50 - 100": "rgb(254,217,118)" + } + }, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652", - "name": "16:panel_16", - "type": "visualization" + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 4 }, - { - "id": "cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa", - "name": "17:panel_17", - "type": "visualization" - } + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Network Suspicious Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "16:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json b/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json index 8c6fadd74db..53c77416a12 100644 --- a/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json +++ b/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json @@ -1,436 +1,1644 @@ { - "attributes": { - "description": "Network data overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" + "id": "cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc0NiwxXQ==", + "attributes": { + "description": "Network data overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Application Protocols [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "version": true + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "1", + "w": 48, + "x": 0, + "y": 32 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 48, - "x": 0, - "y": 32 + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bandwidth Utilization [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound > 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "2", - "w": 48, - "x": 0, - "y": 56 + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 48, + "x": 0, + "y": 56 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcome [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "event.outcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 48 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - }, - "legendOpen": false - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + "legendOpen": false + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51", - "unknown": "#0A50A1" - } - } + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true }, - "gridData": { - "h": 12, - "i": "11", - "w": 16, - "x": 16, - "y": 20 + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" }, - "gridData": { - "h": 12, - "i": "13", - "w": 16, - "x": 0, - "y": 20 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - }, - "legendOpen": false - } + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "15", - "w": 16, - "x": 32, - "y": 20 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 8, - "i": "17", - "w": 48, - "x": 0, - "y": 40 + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51", + "unknown": "#0A50A1" + } + }, + "savedVis": { + "title": "Destination Ports by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "18", - "w": 24, - "x": 0, - "y": 64 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Devices by Bandwidth [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 16, - "i": "19", - "w": 24, - "x": 24, - "y": 64 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 8, - "i": "20", - "w": 8, - "x": 40, - "y": 4 + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "13", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" }, - { - "embeddableConfig": { - "enhancements": {} + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Devices by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "21", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "15", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device Types [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" }, - "openTOCDetails": [] + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Events [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 24, - "i": "49de47fb-1382-4009-89d2-b96a4161e12d", - "w": 24, - "x": 0, - "y": 80 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", - "type": "map", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Source Locations by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 24, - "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "w": 24, - "x": 24, - "y": 80 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Network Overview Dashboard", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cef-38061262-edbe-4ccc-8c5c-d22c480b3c64", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cef-daa1fe0b-a698-4429-8e5d-db251502276c", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 16, + "i": "18", + "w": 24, + "x": 0, + "y": 64 }, - { - "id": "cef-efa710e7-907c-4723-92cd-2bd2276f44dd", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-d3ce586b-d372-4e03-9c19-b768b1b953f3", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cef-291cd92f-52c4-421b-b354-468318ba3e65", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 20 Source Countries [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-0a202432-3dbd-49c0-af57-623ffb90211d", - "name": "11:panel_11", - "type": "visualization" + "gridData": { + "h": 16, + "i": "19", + "w": 24, + "x": 24, + "y": 64 }, - { - "id": "cef-85818e02-7a16-4afa-8278-99c4059ddd82", - "name": "13:panel_13", - "type": "visualization" + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "cef-841a5d3f-c201-4499-a0fd-883247360640", - "name": "15:panel_15", - "type": "visualization" + "gridData": { + "h": 8, + "i": "20", + "w": 8, + "x": 40, + "y": 4 }, - { - "id": "cef-baa6c9ee-dffe-4ea5-bedd-91962700f450", - "name": "17:panel_17", - "type": "visualization" + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "id": "cef-535a7bf8-a701-4016-86c0-038bc6d9d069", - "name": "18:panel_18", - "type": "visualization" + "gridData": { + "h": 4, + "i": "21", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9", - "name": "19:panel_19", - "type": "visualization" + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa", - "name": "20:panel_20", - "type": "visualization" + "gridData": { + "h": 24, + "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "w": 24, + "x": 0, + "y": 80 }, - { - "id": "cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e", - "name": "21:panel_21", - "type": "visualization" + "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", + "type": "map", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Source Locations by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", - "type": "index-pattern" + "gridData": { + "h": 24, + "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "w": 24, + "x": 24, + "y": 80 }, - { - "id": "logs-*", - "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Network Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json b/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json index 0619b62d392..7888256bb31 100644 --- a/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json +++ b/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json @@ -1,390 +1,1393 @@ { - "attributes": { - "description": "Overview of Microsoft DNS activity via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true + "id": "cef-56428e01-0c47-4770-8ba4-9345a029ea41", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc0NywxXQ==", + "attributes": { + "description": "Overview of Microsoft DNS activity via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DNS - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "DNS Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "3", - "w": 40, - "x": 0, - "y": 4 + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - }, - "legendOpen": false - } + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "gridData": { - "h": 16, - "i": "5", - "w": 24, - "x": 0, - "y": 32 + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 48 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "7", - "w": 24, - "x": 24, - "y": 32 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "9", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "8.0.0" + "legendOpen": false + }, + "savedVis": { + "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 16, - "i": "11", - "w": 24, - "x": 24, - "y": 56 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 4, - "i": "12", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Event Types [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 0, - "y": 56 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Types by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" }, - "gridData": { - "h": 12, - "i": "14", - "w": 24, - "x": 0, - "y": 20 + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "8.0.0" + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "15", - "w": 24, - "x": 24, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Sources by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events Types by Severity [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" + }, + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" + }, + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" }, - "openTOCDetails": [] - }, - "gridData": { - "h": 12, - "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "w": 24, - "x": 0, - "y": 72 + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" + }, + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" }, - "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "type": "map", - "version": "8.0.0" + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destinations by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 12, - "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "w": 24, - "x": 24, - "y": 72 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "pause": true, - "value": 0 + } }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Microsoft DNS Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-56428e01-0c47-4770-8ba4-9345a029ea41", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f", - "name": "1:panel_1", - "type": "visualization" + "gridData": { + "h": 16, + "i": "11", + "w": 24, + "x": 24, + "y": 56 }, - { - "id": "cef-249e2737-b41f-4115-b303-88bc9d279655", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "id": "cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", - "name": "5:panel_5", - "type": "visualization" + "gridData": { + "h": 4, + "i": "12", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", - "name": "6:panel_6", - "type": "visualization" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Sources by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-fcf798a8-db8f-4492-827b-8fa7581108a9", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 0, + "y": 56 }, - { - "id": "cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Direction [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound > 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716", - "name": "11:panel_11", - "type": "visualization" + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 0, + "y": 20 }, - { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "12:panel_12", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Size [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes >= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b", - "name": "13:panel_13", - "type": "visualization" + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 24, + "y": 20 }, - { - "id": "cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", - "name": "14:panel_14", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Sources by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", - "name": "15:panel_15", - "type": "visualization" + "gridData": { + "h": 12, + "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "w": 24, + "x": 0, + "y": 72 }, - { - "id": "logs-*", - "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "type": "map", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destinations by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", - "type": "index-pattern" - } + "gridData": { + "h": 12, + "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "w": 24, + "x": 24, + "y": 72 + }, + "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Microsoft DNS Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json b/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json index c6fc8891bb8..8ac247b7848 100644 --- a/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json +++ b/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json @@ -1,390 +1,1393 @@ { - "attributes": { - "description": "Overview of Microsoft DNS activity", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true + "id": "cef-607f756e-288d-499a-8f8a-33791354ffaf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc0OCwxXQ==", + "attributes": { + "description": "Overview of Microsoft DNS activity", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DNS - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "DNS Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "3", - "w": 40, - "x": 0, - "y": 4 + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - }, - "legendOpen": false - } + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "gridData": { - "h": 16, - "i": "5", - "w": 24, - "x": 0, - "y": 32 + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 48 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "7", - "w": 24, - "x": 24, - "y": 32 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "9", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "8.0.0" + "legendOpen": false + }, + "savedVis": { + "title": "Top Destinations by Traffic Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 16, - "i": "11", - "w": 24, - "x": 24, - "y": 56 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 4, - "i": "12", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Event Types [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 0, - "y": 56 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Types by Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" }, - "gridData": { - "h": 12, - "i": "14", - "w": 24, - "x": 0, - "y": 20 + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "8.0.0" + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "15", - "w": 24, - "x": 24, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Sources by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events Types by Severity [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" + }, + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" + }, + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" }, - "openTOCDetails": [] - }, - "gridData": { - "h": 12, - "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "w": 24, - "x": 0, - "y": 72 + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" + }, + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" }, - "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "type": "map", - "version": "8.0.0" + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destinations by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Destinations by Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 12, - "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "w": 24, - "x": 24, - "y": 72 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "pause": true, - "value": 0 + } }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Microsoft DNS Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-607f756e-288d-499a-8f8a-33791354ffaf", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cef-b25e0340-0e97-4849-9b89-959b9ad8c958", - "name": "1:panel_1", - "type": "visualization" + "gridData": { + "h": 16, + "i": "11", + "w": 24, + "x": 24, + "y": 56 }, - { - "id": "cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "id": "cef-1bd44f46-e28d-4a2d-8245-6994372155ab", - "name": "5:panel_5", - "type": "visualization" + "gridData": { + "h": 4, + "i": "12", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "cef-04096ec6-9644-4da7-bba3-35da7882f87d", - "name": "6:panel_6", - "type": "visualization" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Sources by Size [Logs CEF]", + "description": "", + "uiState": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-490c415c-b859-4ed0-a2a4-5c4968084985", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 0, + "y": 56 }, - { - "id": "cef-33290695-4eb1-4270-9e63-7083e7b132ed", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Direction [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound > 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da", - "name": "11:panel_11", - "type": "visualization" + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 0, + "y": 20 }, - { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "12:panel_12", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Size [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes >= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "cef-19e44299-4e2a-4da4-a9e5-595b428d49dd", - "name": "13:panel_13", - "type": "visualization" + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 24, + "y": 20 }, - { - "id": "cef-38fd061a-0976-4005-b0d3-729d693cdd5d", - "name": "14:panel_14", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Sources by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3", - "name": "15:panel_15", - "type": "visualization" + "gridData": { + "h": 12, + "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "w": 24, + "x": 0, + "y": 72 }, - { - "id": "logs-*", - "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "type": "map", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destinations by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", - "type": "index-pattern" - } + "gridData": { + "h": 12, + "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "w": 24, + "x": 24, + "y": 72 + }, + "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Microsoft DNS Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json b/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json index cf70b47d138..05fc740159a 100644 --- a/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json +++ b/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json @@ -1,431 +1,1659 @@ { - "attributes": { - "description": "Operating system activity from endpoints", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" + "id": "cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc0OSwxXQ==", + "attributes": { + "description": "Operating system activity from endpoints", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Count": "#64B0C8", + "Destination User Names": "#E24D42", + "Event Types": "#EF843C" + }, + "legendOpen": true + }, + "savedVis": { + "title": "Source Users by Event Type and Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" }, - "version": true + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "event.action" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } } + } }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Count": "#64B0C8", - "Destination User Names": "#E24D42", - "Event Types": "#EF843C" - }, - "legendOpen": true - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 28 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint OS Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" }, - "gridData": { - "h": 8, - "i": "4", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 55k": "rgb(255,255,204)", - "110k - 165k": "rgb(254,225,135)", - "165k - 220k": "rgb(254,201,101)", - "220k - 275k": "rgb(254,171,73)", - "275k - 330k": "rgb(253,141,60)", - "330k - 385k": "rgb(252,91,46)", - "385k - 440k": "rgb(237,47,34)", - "440k - 495k": "rgb(212,16,32)", - "495k - 550k": "rgb(176,0,38)", - "55k - 110k": "rgb(255,241,170)" - }, - "legendOpen": false - } + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "event.action" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 12, - "i": "5", - "w": 24, - "x": 24, - "y": 28 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "event.outcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 55k": "rgb(255,255,204)", + "110k - 165k": "rgb(254,225,135)", + "165k - 220k": "rgb(254,201,101)", + "220k - 275k": "rgb(254,171,73)", + "275k - 330k": "rgb(253,141,60)", + "330k - 385k": "rgb(252,91,46)", + "385k - 440k": "rgb(237,47,34)", + "440k - 495k": "rgb(212,16,32)", + "495k - 550k": "rgb(176,0,38)", + "55k - 110k": "rgb(255,241,170)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Behaviors by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#E24D42", - "success": "#7EB26D", - "unknown": "#447EBC" - } + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcomes [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "event.outcome", + "terms_size": "3" }, - "gridData": { - "h": 12, - "i": "8", - "w": 24, - "x": 24, - "y": 52 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#7EB26D", + "unknown": "#447EBC" + } + }, + "savedVis": { + "title": "Top 20 Behaviors by Outcome [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 24, - "i": "9", - "w": 24, - "x": 0, - "y": 40 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 15 Event Types by Events [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "10", - "w": 24, - "x": 24, - "y": 40 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "11", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 24, + "i": "9", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Vendors by Product [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "12", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 24, + "y": 40 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Users": "#E24D42", - "Event Count": "#64B0C8" - } + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "11", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint - Average EPS [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "12", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Users": "#E24D42", + "Event Count": "#64B0C8" + } + }, + "savedVis": { + "title": "Events by Source and Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" }, - "gridData": { - "h": 8, - "i": "13", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 20, - "i": "14", - "w": 16, - "x": 32, - "y": 64 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Sources by Destinations [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 24, - "i": "15", - "w": 16, - "x": 32, - "y": 84 - }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 20, + "i": "14", + "w": 16, + "x": 32, + "y": 64 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Source Users by Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "16", - "w": 32, - "x": 0, - "y": 80 - }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 24, + "i": "15", + "w": 16, + "x": 32, + "y": 84 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destinations [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "17", - "w": 32, - "x": 0, - "y": 100 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "16", + "w": 32, + "x": 0, + "y": 80 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 32, + "x": 0, + "y": 100 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Sources [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "18", - "w": 32, - "x": 0, - "y": 64 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "18", + "w": 32, + "x": 0, + "y": 64 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "19", - "w": 32, - "x": 0, - "y": 92 - }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Endpoint Activity Dashboard", - "version": 1 + } + }, + "gridData": { + "h": 8, + "i": "19", + "w": 32, + "x": 0, + "y": 92 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf", - "migrationVersion": { - "dashboard": "8.0.0" + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Endpoint Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "3:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "references": [ - { - "id": "cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-4c86b51e-6886-4484-98a2-508e92b455bb", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-0a5276a2-907b-4319-88ab-86fe5ade8b38", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cef-d2332147-4293-4422-930b-0a319ebeb958", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "cef-2a0a7692-9a08-449f-bcef-b85de1855fd5", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cef-82a333a7-d9d3-4752-b564-160d4b9f188b", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "cef-b4ac112e-809a-437d-a805-3ff44a67c21c", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cef-1479b35b-1bf3-4767-a510-9d210e010342", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cef-255c0885-6349-4ab4-ba00-f055c6cc8000", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cef-56247c19-7aa5-475d-b074-5b0cd4794f0c", - "name": "19:panel_19", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "16:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "17:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json b/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json index f0f4a66e471..f4c6290c0f3 100644 --- a/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json +++ b/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json @@ -1,431 +1,1659 @@ { - "attributes": { - "description": "Operating system activity from endpoints via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" + "id": "cef-9e352900-89c3-4c1b-863e-249e24d0dac9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc1MCwxXQ==", + "attributes": { + "description": "Operating system activity from endpoints via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Count": "#64B0C8", + "Destination User Names": "#E24D42", + "Event Types": "#EF843C" + }, + "legendOpen": true + }, + "savedVis": { + "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" }, - "version": true + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } } + } }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Count": "#64B0C8", - "Destination User Names": "#E24D42", - "Event Types": "#EF843C" - }, - "legendOpen": true - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 28 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 28 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" }, - "gridData": { - "h": 8, - "i": "4", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 55k": "rgb(255,255,204)", - "110k - 165k": "rgb(254,225,135)", - "165k - 220k": "rgb(254,201,101)", - "220k - 275k": "rgb(254,171,73)", - "275k - 330k": "rgb(253,141,60)", - "330k - 385k": "rgb(252,91,46)", - "385k - 440k": "rgb(237,47,34)", - "440k - 495k": "rgb(212,16,32)", - "495k - 550k": "rgb(176,0,38)", - "55k - 110k": "rgb(255,241,170)" - }, - "legendOpen": false - } + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 12, - "i": "5", - "w": 24, - "x": 24, - "y": 28 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "cef.extensions.categoryOutcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 55k": "rgb(255,255,204)", + "110k - 165k": "rgb(254,225,135)", + "165k - 220k": "rgb(254,201,101)", + "220k - 275k": "rgb(254,171,73)", + "275k - 330k": "rgb(253,141,60)", + "330k - 385k": "rgb(252,91,46)", + "385k - 440k": "rgb(237,47,34)", + "440k - 495k": "rgb(212,16,32)", + "495k - 550k": "rgb(176,0,38)", + "55k - 110k": "rgb(255,241,170)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#447EBC", - "/Failure": "#E24D42", - "/Success": "#7EB26D" - } + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 28 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcomes [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" }, - "gridData": { - "h": 12, - "i": "8", - "w": 24, - "x": 24, - "y": 52 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#447EBC", + "/Failure": "#E24D42", + "/Success": "#7EB26D" + } + }, + "savedVis": { + "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 24, - "i": "9", - "w": 24, - "x": 0, - "y": 40 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "10", - "w": 24, - "x": 24, - "y": 40 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "11", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 24, + "i": "9", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "12", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 24, + "y": 40 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Users": "#E24D42", - "Event Count": "#64B0C8" - } + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "11", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "12", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Users": "#E24D42", + "Event Count": "#64B0C8" + } + }, + "savedVis": { + "title": "Events by Source and Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" }, - "gridData": { - "h": 8, - "i": "13", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 20, - "i": "14", - "w": 16, - "x": 32, - "y": 64 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 24, - "i": "15", - "w": 16, - "x": 32, - "y": 84 - }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 20, + "i": "14", + "w": 16, + "x": 32, + "y": 64 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "16", - "w": 32, - "x": 0, - "y": 80 - }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 24, + "i": "15", + "w": 16, + "x": 32, + "y": 84 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destinations [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "17", - "w": 32, - "x": 0, - "y": 100 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "16", + "w": 32, + "x": 0, + "y": 80 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 32, + "x": 0, + "y": 100 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Sources [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "18", - "w": 32, - "x": 0, - "y": 64 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "18", + "w": 32, + "x": 0, + "y": 64 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "19", - "w": 32, - "x": 0, - "y": 92 - }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Endpoint OS Activity Dashboard", - "version": 1 + } + }, + "gridData": { + "h": 8, + "i": "19", + "w": 32, + "x": 0, + "y": 92 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-9e352900-89c3-4c1b-863e-249e24d0dac9", - "migrationVersion": { - "dashboard": "8.0.0" + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Endpoint OS Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "3:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "references": [ - { - "id": "cef-59ad829b-12b8-4256-95a5-e7078eda628b", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "cef-77ee0e91-010b-4897-b483-7e9a907d2afe", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cef-2726382e-638a-4dcc-94fc-0ffdc0f92048", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cef-92aecea0-a632-4a55-bb56-50e4cdaca036", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "cef-76c088c3-486e-4420-8840-5ede667edffe", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cef-316fdc75-7215-4c6b-8e1b-70a097b34e28", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cef-acc915fe-b971-4795-9040-3fbfdf62abe1", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cef-8cd00d20-957d-4663-be4d-ea80b1609586", - "name": "19:panel_19", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "16:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "17:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json b/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json index b0ccfc431a9..8e1dd799188 100644 --- a/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json +++ b/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json @@ -1,332 +1,1073 @@ { - "attributes": { - "description": "Summary of endpoint event data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true + "id": "cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc1MSwxXQ==", + "attributes": { + "description": "Summary of endpoint event data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint Average EPS [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.2.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51", + "unknown": "#0A50A1" + } + }, + "savedVis": { + "title": "Destination Ports by Outcomes [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51", - "unknown": "#0A50A1" - } - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "2", - "w": 24, - "x": 24, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51", - "unknown": "#0A50A1" - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51", + "unknown": "#0A50A1" + } + }, + "savedVis": { + "title": "Outcomes Breakdown [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "unknown": "#3F2B5B" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "6", - "w": 24, - "x": 24, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " + }, + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" + }, + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" + } + ], + "split_mode": "filters", + "stacked": "none" }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "columns": [ - "cef.extensions.categoryDeviceGroup", - "cef.extensions.categoryTechnique", - "event.outcome", - "event.category", - "event.type", - "cef.extensions.categoryObject", - "event.action", - "cef.extensions.categoryDeviceType" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] - }, - "gridData": { - "h": 20, - "i": "9", - "w": 48, - "x": 0, - "y": 72 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "search", - "version": "8.0.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Port [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 24, - "y": 44 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "gridData": { - "h": 20, - "i": "12", - "w": 24, - "x": 0, - "y": 32 + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "8.0.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Event [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -180 - }, - "mapCenter": { - "lat": 20.86831, - "lon": -12.2843, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 20, - "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "w": 48, - "x": 0, - "y": 52 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "pause": true, - "value": 0 + } }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Endpoint Overview Dashboard", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cef-f856a77c-a0fd-4047-afa6-e21a912814c5", - "name": "1:panel_1", - "type": "visualization" + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 }, - { - "id": "cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d", - "name": "2:panel_2", - "type": "visualization" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "event.outcome", + "event.category", + "event.type", + "cef.extensions.categoryObject", + "event.action", + "cef.extensions.categoryDeviceType" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "id": "cef-dd339ff5-6b26-4455-ae06-f3b5591479e3", - "name": "3:panel_3", - "type": "visualization" + "gridData": { + "h": 20, + "i": "9", + "w": 48, + "x": 0, + "y": 72 }, - { - "id": "cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "9", + "panelRefName": "panel_9", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Source Countries [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Event [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 20, + "i": "12", + "w": 24, + "x": 0, + "y": 32 }, - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "9:panel_9", - "type": "search" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "id": "cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "cef-98729301-9b46-4169-b99e-1392af8fa563", - "name": "12:panel_12", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Event [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -180 + }, + "mapCenter": { + "lat": 20.86831, + "lon": -12.2843, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "15:panel_15", - "type": "visualization" + "gridData": { + "h": 20, + "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "w": 48, + "x": 0, + "y": 52 }, - { - "id": "logs-*", - "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Endpoint Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", + "name": "9:panel_9", + "type": "search" + }, + { + "id": "logs-*", + "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json b/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json index 38350eb6cfe..a1c46341d5a 100644 --- a/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json +++ b/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json @@ -1,426 +1,1431 @@ { - "attributes": { - "description": "Summary of ArcSight endpoint event data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true + "id": "cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc1MiwxXQ==", + "attributes": { + "description": "Summary of ArcSight endpoint event data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint Average EPS [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "gridData": { - "h": 12, - "i": "2", - "w": 24, - "x": 24, - "y": 32 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 32 + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Outcomes Breakdown [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Attempt": "#3F2B5B", + "/Failure": "#BF1B00" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "6", - "w": 24, - "x": 24, - "y": 44 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " + }, + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" + }, + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" } + ], + "split_mode": "filters", + "stacked": "none" }, - "gridData": { - "h": 12, - "i": "8", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "columns": [ - "cef.extensions.categoryDeviceGroup", - "cef.extensions.categoryTechnique", - "cef.extensions.categoryOutcome", - "cef.extensions.categorySignificance", - "cef.extensions.categoryObject", - "cef.extensions.categoryBehavior", - "cef.extensions.categoryDeviceType" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] - }, - "gridData": { - "h": 20, - "i": "9", - "w": 48, - "x": 0, - "y": 76 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "search", - "version": "8.0.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Port [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 24, - "y": 56 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Anti-Virus": "#EAB839", - "Database": "#629E51", - "Host-based IDS/IPS": "#E0752D", - "Operating System": "#BF1B00", - "Security Mangement": "#64B0C8" - } - } - }, - "gridData": { - "h": 12, - "i": "11", - "w": 24, - "x": 0, - "y": 20 + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "gridData": { - "h": 20, - "i": "12", - "w": 24, - "x": 0, - "y": 56 + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "8.0.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Informational": "#7EB26D", - "/Informational/Warning": "#EF843C", - "/Success": "#629E51", - "Anti-Virus": "#EAB839", - "Database": "#629E51", - "Host-based IDS/IPS": "#E0752D", - "Log Consolidator": "#E0F9D7", - "Operating System": "#BF1B00", - "Recon": "#BF1B00", - "Security Mangement": "#64B0C8" - } - } + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "14", - "w": 24, - "x": 24, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Outcomes by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00" + }, + "legendOpen": true + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Event [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "cef.extensions.categoryDeviceType: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "w": 24, - "x": 24, - "y": 64 + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "pause": true, - "value": 0 + } }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Endpoint Overview Dashboard", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cef-9457ee67-895f-4b78-a543-268f9687a745", - "name": "1:panel_1", - "type": "visualization" + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "cef.extensions.categoryOutcome", + "cef.extensions.categorySignificance", + "cef.extensions.categoryObject", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryDeviceType" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 20, + "i": "9", + "w": 48, + "x": 0, + "y": 76 }, - { - "id": "cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", - "name": "2:panel_2", - "type": "visualization" + "panelIndex": "9", + "panelRefName": "panel_9", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Source Countries [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-89998099-9a39-44cf-beba-5b97f0524cf9", - "name": "3:panel_3", - "type": "visualization" + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 56 }, - { - "id": "cef-718b074e-3dd1-4d03-ba11-7f869cdcd703", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Operating System": "#BF1B00", + "Security Mangement": "#64B0C8" + } + }, + "savedVis": { + "title": "Device Types by Vendor [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "exclude": "", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 12, + "i": "11", + "w": 24, + "x": 0, + "y": 20 }, - { - "id": "cef-7454c034-c5f3-48fe-8fce-ef4385c80350", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-118af639-1f37-4541-a960-5a3ff0613e0e", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 20, + "i": "12", + "w": 24, + "x": 0, + "y": 56 }, - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "9:panel_9", - "type": "search" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#629E51", + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Log Consolidator": "#E0F9D7", + "Operating System": "#BF1B00", + "Recon": "#BF1B00", + "Security Mangement": "#64B0C8" + } + }, + "savedVis": { + "title": "Outcomes by User Names [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#64B0C8", + "Anti-Virus": "#B7DBAB", + "Host-based IDS/IPS": "#629E51", + "Log Consolidator": "#E0F9D7", + "Operating System": "#3F6833", + "Recon": "#BF1B00", + "Security Mangement": "#CFFAFF" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 24, + "y": 20 }, - { - "id": "cef-f57734dd-0f32-42b4-94dd-5d597f6735e1", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "id": "cef-295986d4-d2ea-4541-8e82-7dc95c0cd830", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53", - "name": "14:panel_14", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Event [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "15:panel_15", - "type": "visualization" + "gridData": { + "h": 12, + "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "w": 24, + "x": 24, + "y": 64 }, - { - "id": "logs-*", - "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Endpoint Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "9:panel_9", + "type": "search" + }, + { + "id": "logs-*", + "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json b/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json index ca4bb5af53b..b9489652183 100644 --- a/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json +++ b/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json @@ -1,336 +1,1306 @@ { - "attributes": { - "description": "Suspicious network activity overview via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false + "id": "cef-db1e1aca-279e-4ecc-b84e-fe58644f7619", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc1MywxXQ==", + "attributes": { + "description": "Suspicious network activity overview via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Addresses": "#E0752D", - "Destination Ports": "#E24D42" - }, - "legendOpen": false - } - }, - "gridData": { - "h": 12, - "i": "1", - "w": 32, - "x": 0, - "y": 28 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Addresses": "#E0752D", + "Destination Ports": "#E24D42" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "legendOpen": false + }, + "savedVis": { + "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" }, - "gridData": { - "h": 12, - "i": "2", - "w": 16, - "x": 0, - "y": 40 + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 12, - "i": "3", - "w": 16, - "x": 16, - "y": 40 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 32, + "x": 0, + "y": 28 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 12, - "i": "9", - "w": 16, - "x": 32, - "y": 28 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 40 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "11", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 16, - "i": "12", - "w": 24, - "x": 0, - "y": 52 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 40 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Severity [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "hide_last_value_indicator": true, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Low\" OR severity:\"0\"" + }, + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Medium\"" + }, + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"High\"" + }, + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Very-High\"" + }, + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 24, - "y": 52 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Outcome by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "14", - "w": 16, - "x": 32, - "y": 40 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 32, + "y": 28 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" }, - "gridData": { - "h": 8, - "i": "16", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 50": "rgb(255,255,204)", - "100 - 200": "rgb(253,141,60)", - "200 - 300": "rgb(227,27,28)", - "300 - 400": "rgb(128,0,38)", - "50 - 100": "rgb(254,217,118)" - } + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "11", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "17", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } - ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 + } }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Network Suspicious Activity Dashboard", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-db1e1aca-279e-4ecc-b84e-fe58644f7619", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cef-fa8b26c1-6973-4381-adb3-bcde0d03a520", - "name": "1:panel_1", - "type": "visualization" + "gridData": { + "h": 16, + "i": "12", + "w": 24, + "x": 0, + "y": 52 }, - { - "id": "cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", - "name": "2:panel_2", - "type": "visualization" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3", - "name": "3:panel_3", - "type": "visualization" + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 24, + "y": 52 }, - { - "id": "cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Ports [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7", - "name": "9:panel_9", - "type": "visualization" + "gridData": { + "h": 12, + "i": "14", + "w": 16, + "x": 32, + "y": 40 }, - { - "id": "cef-d02dd523-ce91-40e9-9209-83797f80ed45", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "id": "cef-589fec8c-336e-4122-8fef-a450bddf84f6", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "cef-86bd5f13-ca6b-43fa-b209-54e7460344bb", - "name": "13:panel_13", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "cef-1204cf27-05e0-4905-bfa1-688aaaaaa840", - "name": "14:panel_14", - "type": "visualization" + "gridData": { + "h": 8, + "i": "16", + "w": 40, + "x": 0, + "y": 4 }, - { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "15:panel_15", - "type": "visualization" + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 50": "rgb(255,255,204)", + "100 - 200": "rgb(253,141,60)", + "200 - 300": "rgb(227,27,28)", + "300 - 400": "rgb(128,0,38)", + "50 - 100": "rgb(254,217,118)" + } + }, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba", - "name": "16:panel_16", - "type": "visualization" + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 4 }, - { - "id": "cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db", - "name": "17:panel_17", - "type": "visualization" - } + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Network Suspicious Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "16:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json b/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json index b4f81e3075d..dd92694ea92 100644 --- a/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json +++ b/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json @@ -1,496 +1,1875 @@ { - "attributes": { - "description": "Network data overview via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" + "id": "cef-dd0bc9af-2e89-4150-9b42-62517ea56b71", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-25T18:51:20.968Z", + "version": "Wzc1NCwxXQ==", + "attributes": { + "description": "Network data overview via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Application Protocols [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "version": true + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "1", + "w": 48, + "x": 0, + "y": 44 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 48, - "x": 0, - "y": 44 + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bandwidth Utilization [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound > 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "2", - "w": 48, - "x": 0, - "y": 68 + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 48, + "x": 0, + "y": 68 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 60 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 60 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - }, - "legendOpen": false - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + "legendOpen": false + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "gridData": { - "h": 12, - "i": "9", - "w": 16, - "x": 0, - "y": 20 + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "8.0.0" + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "11", - "w": 16, - "x": 16, - "y": 20 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 12, - "i": "13", - "w": 32, - "x": 0, - "y": 32 + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Outcome by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - }, - "legendOpen": false - } + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "15", - "w": 16, - "x": 32, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Destination Ports by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Anti-Virus": "#EF843C", - "Content Security": "#7EB26D", - "Firewall": "#E24D42", - "Integrated Security": "#962D82", - "Network-based IDS/IPS": "#1F78C1", - "Operating System": "#1F78C1", - "VPN": "#EAB839" - } - } + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "16", - "w": 16, - "x": 32, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 8, - "i": "17", - "w": 48, - "x": 0, - "y": 52 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 16, - "i": "18", - "w": 24, - "x": 0, - "y": 76 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "13", + "w": 32, + "x": 0, + "y": 32 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "19", - "w": 24, - "x": 24, - "y": 76 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "15", + "w": 16, + "x": 32, + "y": 32 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Anti-Virus": "#EF843C", + "Content Security": "#7EB26D", + "Firewall": "#E24D42", + "Integrated Security": "#962D82", + "Network-based IDS/IPS": "#1F78C1", + "Operating System": "#1F78C1", + "VPN": "#EAB839" + } + }, + "savedVis": { + "title": "Device Type Breakdown [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "20", - "w": 8, - "x": 40, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "16", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device Types [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "8.0.0" + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 48, + "x": 0, + "y": 52 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "21", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 24, - "i": "49de47fb-1382-4009-89d2-b96a4161e12d", - "w": 24, - "x": 0, - "y": 92 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "18", + "w": 24, + "x": 0, + "y": 76 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 20 Source Countries [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Source Locations by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "19", + "w": 24, + "x": 24, + "y": 76 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" }, - "openTOCDetails": [] - }, - "gridData": { - "h": 24, - "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "w": 24, - "x": 24, - "y": 92 - }, - "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "type": "map", - "version": "8.0.0" + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 8, + "i": "20", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Network Overview Dashboard", - "version": 1 + } + }, + "gridData": { + "h": 4, + "i": "21", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 24, + "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "w": 24, + "x": 0, + "y": 92 + }, + "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", + "type": "map", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Source Locations by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 24, + "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "w": 24, + "x": 24, + "y": 92 + }, + "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "type": "map", + "version": "8.0.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-dd0bc9af-2e89-4150-9b42-62517ea56b71", - "migrationVersion": { - "dashboard": "8.0.0" + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Network Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", + "type": "index-pattern" }, - "references": [ - { - "id": "cef-f5258de9-71f7-410f-b713-201007f77470", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cef-0abfc226-535b-45a2-b534-e9bc87e5584f", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-499f50ba-2f84-4f7c-9021-73a4efc47921", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cef-df056709-2deb-4363-ae7a-b0148ea456c6", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "cef-e89a64e8-928c-41fc-8745-3c8157b21cdb", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cef-a729c249-8d34-4eb1-bbb0-5d25cf224114", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cef-e513c269-350c-40c3-ac20-16c5782103b8", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cef-8f6075c5-f525-4173-92a4-3a56e96e362d", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cef-013ff153-7b80-490b-8fec-6e56cba785ed", - "name": "19:panel_19", - "type": "visualization" - }, - { - "id": "cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db", - "name": "20:panel_20", - "type": "visualization" - }, - { - "id": "cef-c394e650-b16c-407c-b305-bd409d69d433", - "name": "21:panel_21", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "dashboard" + { + "id": "logs-*", + "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "16:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-013ff153-7b80-490b-8fec-6e56cba785ed.json b/packages/cef/kibana/visualization/cef-013ff153-7b80-490b-8fec-6e56cba785ed.json deleted file mode 100644 index 728bac69b38..00000000000 --- a/packages/cef/kibana/visualization/cef-013ff153-7b80-490b-8fec-6e56cba785ed.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Source Countries [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 20 Source Countries [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-013ff153-7b80-490b-8fec-6e56cba785ed", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json b/packages/cef/kibana/visualization/cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json deleted file mode 100644 index ee60f36e52b..00000000000 --- a/packages/cef/kibana/visualization/cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-04096ec6-9644-4da7-bba3-35da7882f87d.json b/packages/cef/kibana/visualization/cef-04096ec6-9644-4da7-bba3-35da7882f87d.json deleted file mode 100644 index 6a786957e5e..00000000000 --- a/packages/cef/kibana/visualization/cef-04096ec6-9644-4da7-bba3-35da7882f87d.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Event Types [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 50, - "minFontSize": 12, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Event Types [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-04096ec6-9644-4da7-bba3-35da7882f87d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json b/packages/cef/kibana/visualization/cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json deleted file mode 100644 index 2e04aeca96d..00000000000 --- a/packages/cef/kibana/visualization/cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Port [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Port [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-07a4a351-d282-44a1-85b0-bc7e846f8471.json b/packages/cef/kibana/visualization/cef-07a4a351-d282-44a1-85b0-bc7e846f8471.json deleted file mode 100644 index 093689fbd52..00000000000 --- a/packages/cef/kibana/visualization/cef-07a4a351-d282-44a1-85b0-bc7e846f8471.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Addresses [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Addresses [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-07a4a351-d282-44a1-85b0-bc7e846f8471", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0959df23-10c9-47fd-bebd-c382007b3584.json b/packages/cef/kibana/visualization/cef-0959df23-10c9-47fd-bebd-c382007b3584.json deleted file mode 100644 index 861b9809e3c..00000000000 --- a/packages/cef/kibana/visualization/cef-0959df23-10c9-47fd-bebd-c382007b3584.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" - }, - "title": " Dashboard Navigation [Logs CEF]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0a202432-3dbd-49c0-af57-623ffb90211d.json b/packages/cef/kibana/visualization/cef-0a202432-3dbd-49c0-af57-623ffb90211d.json deleted file mode 100644 index f0def332354..00000000000 --- a/packages/cef/kibana/visualization/cef-0a202432-3dbd-49c0-af57-623ffb90211d.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcome [Logs CEF]", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocols", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Protocols" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcome [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0a202432-3dbd-49c0-af57-623ffb90211d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0a5276a2-907b-4319-88ab-86fe5ade8b38.json b/packages/cef/kibana/visualization/cef-0a5276a2-907b-4319-88ab-86fe5ade8b38.json deleted file mode 100644 index f5e9353dedd..00000000000 --- a/packages/cef/kibana/visualization/cef-0a5276a2-907b-4319-88ab-86fe5ade8b38.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcomes [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "formatter": "number", - "hide_in_legend": 0, - "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", - "label": "Event Outcomes", - "line_width": "3", - "metrics": [ - { - "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", - "label": "Failure" - }, - { - "color": "rgba(104,188,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "31564794-9278-4f2e-bb20-557f5cfbea79", - "label": "Success" - }, - { - "color": "rgba(251,158,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "none", - "terms_field": "event.outcome", - "terms_size": "3" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,182,204,1)", - "fill": 0.5, - "formatter": "number", - "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", - "label": "Event Count", - "line_width": 1, - "metrics": [ - { - "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcomes [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0a5276a2-907b-4319-88ab-86fe5ade8b38", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0abfc226-535b-45a2-b534-e9bc87e5584f.json b/packages/cef/kibana/visualization/cef-0abfc226-535b-45a2-b534-e9bc87e5584f.json deleted file mode 100644 index 6efca4f2520..00000000000 --- a/packages/cef/kibana/visualization/cef-0abfc226-535b-45a2-b534-e9bc87e5584f.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Bandwidth Utilization [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "" - }, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "d27f09dc-b07e-493f-a223-a85033ad6548", - "label": "Inbound", - "line_width": 1, - "metrics": [ - { - "field": "source.bytes", - "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", - "type": "sum" - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_order_by": "_count" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", - "label": "Outbound", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "type": "sum" - }, - { - "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", - "name": "outbound" - } - ] - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0 - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Bandwidth Utilization [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0abfc226-535b-45a2-b534-e9bc87e5584f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json b/packages/cef/kibana/visualization/cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json deleted file mode 100644 index c8ce2feeae4..00000000000 --- a/packages/cef/kibana/visualization/cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "DNS Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threads", - "field": "cef.extensions.deviceCustomString1" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OpCodes", - "field": "cef.extensions.deviceCustomString2" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Activity Types", - "field": "cef.device.event_class_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "32", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "type": "gauge" - }, - "title": "DNS Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json b/packages/cef/kibana/visualization/cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json deleted file mode 100644 index 9d87e22c28a..00000000000 --- a/packages/cef/kibana/visualization/cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcomes [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" - }, - "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "formatter": "number", - "hide_in_legend": 0, - "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", - "label": "Event Outcomes", - "line_width": "3", - "metrics": [ - { - "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", - "label": "Failure" - }, - { - "color": "rgba(104,188,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "31564794-9278-4f2e-bb20-557f5cfbea79", - "label": "Success" - }, - { - "color": "rgba(251,158,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "none", - "terms_field": "cef.extensions.categoryOutcome", - "terms_size": "3" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,182,204,1)", - "fill": 0.5, - "formatter": "number", - "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", - "label": "Event Count", - "line_width": 1, - "metrics": [ - { - "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcomes [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json b/packages/cef/kibana/visualization/cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json deleted file mode 100644 index cac7363c6db..00000000000 --- a/packages/cef/kibana/visualization/cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(254,37,37,1)", - "fill": "0", - "formatter": "number", - "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "gamma": 0.3, - "id": "59675e84-1a8e-41df-9f63-875109bd795a", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " - }, - "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", - "label": "Operating System" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" - }, - "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", - "label": "Host IDS" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", - "label": "Application" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", - "label": "Moving Average by Device HostNames", - "line_width": 1, - "metrics": [ - { - "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "gamma": 0.3, - "id": "9765367a-0fc2-45ba-88a8-e87991210edd", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-118af639-1f37-4541-a960-5a3ff0613e0e.json b/packages/cef/kibana/visualization/cef-118af639-1f37-4541-a960-5a3ff0613e0e.json deleted file mode 100644 index b89210fb2d8..00000000000 --- a/packages/cef/kibana/visualization/cef-118af639-1f37-4541-a960-5a3ff0613e0e.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes by Device Type [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "cef.extensions.categoryDeviceType: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcomes by Device Type [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-118af639-1f37-4541-a960-5a3ff0613e0e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1204cf27-05e0-4905-bfa1-688aaaaaa840.json b/packages/cef/kibana/visualization/cef-1204cf27-05e0-4905-bfa1-688aaaaaa840.json deleted file mode 100644 index 1543246686c..00000000000 --- a/packages/cef/kibana/visualization/cef-1204cf27-05e0-4905-bfa1-688aaaaaa840.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Ports [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Ports [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1204cf27-05e0-4905-bfa1-688aaaaaa840", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1479b35b-1bf3-4767-a510-9d210e010342.json b/packages/cef/kibana/visualization/cef-1479b35b-1bf3-4767-a510-9d210e010342.json deleted file mode 100644 index d0c9cc86b9c..00000000000 --- a/packages/cef/kibana/visualization/cef-1479b35b-1bf3-4767-a510-9d210e010342.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destinations [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1479b35b-1bf3-4767-a510-9d210e010342", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json b/packages/cef/kibana/visualization/cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json deleted file mode 100644 index 3999dce5a3e..00000000000 --- a/packages/cef/kibana/visualization/cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Outcomes", - "field": "cef.extensions.categoryOutcome" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "20", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json b/packages/cef/kibana/visualization/cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json deleted file mode 100644 index 608da3398aa..00000000000 --- a/packages/cef/kibana/visualization/cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Direction [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "be556a57-cd1c-496c-8714-0bd210947c85", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "filter": { - "language": "lucene", - "query": "device" - }, - "formatter": "number", - "id": "9aae7344-9de9-4378-b21d-296cb964f93b", - "label": "Inbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", - "label": "Inbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "formatter": "number", - "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", - "label": "Outbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "type": "count" - }, - { - "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", - "name": "outbound" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(211,49,21,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", - "label": "Outbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Direction [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-19e44299-4e2a-4da4-a9e5-595b428d49dd.json b/packages/cef/kibana/visualization/cef-19e44299-4e2a-4da4-a9e5-595b428d49dd.json deleted file mode 100644 index c199c5f33b5..00000000000 --- a/packages/cef/kibana/visualization/cef-19e44299-4e2a-4da4-a9e5-595b428d49dd.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Size [Logs CEF]", - "uiStateJSON": { - "P-11": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-13": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-2": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-3": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-4": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-5": { - "vis": { - "defaultColors": { - "0 - 18,000": "rgb(247,251,255)", - "108,000 - 126,000": "rgb(74,152,201)", - "126,000 - 144,000": "rgb(46,126,188)", - "144,000 - 162,000": "rgb(23,100,171)", - "162,000 - 180,000": "rgb(8,74,145)", - "18,000 - 36,000": "rgb(227,238,249)", - "36,000 - 54,000": "rgb(208,225,242)", - "54,000 - 72,000": "rgb(182,212,233)", - "72,000 - 90,000": "rgb(148,196,223)", - "90,000 - 108,000": "rgb(107,174,214)" - }, - "legendOpen": false - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sources", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destinations", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Sources by Size [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-19e44299-4e2a-4da4-a9e5-595b428d49dd", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json b/packages/cef/kibana/visualization/cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json deleted file mode 100644 index 880b3ff4a01..00000000000 --- a/packages/cef/kibana/visualization/cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destinations", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1bd44f46-e28d-4a2d-8245-6994372155ab.json b/packages/cef/kibana/visualization/cef-1bd44f46-e28d-4a2d-8245-6994372155ab.json deleted file mode 100644 index d459414feb6..00000000000 --- a/packages/cef/kibana/visualization/cef-1bd44f46-e28d-4a2d-8245-6994372155ab.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top Destinations by Traffic Size [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "label": "Inbound" - }, - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "label": "Outbound" - } - ] - }, - "schema": "segment", - "type": "filters" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Blues", - "colorsNumber": 10, - "colorsRange": [ - { - "from": 0, - "to": null - } - ], - "enableHover": true, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top Destinations by Traffic Size [Logs CEF]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1bd44f46-e28d-4a2d-8245-6994372155ab", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1c869759-1d3e-4898-b9c7-d2604ed38655.json b/packages/cef/kibana/visualization/cef-1c869759-1d3e-4898-b9c7-d2604ed38655.json deleted file mode 100644 index 80e0bdbccea..00000000000 --- a/packages/cef/kibana/visualization/cef-1c869759-1d3e-4898-b9c7-d2604ed38655.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Severity [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "hide_last_value_indicator": true, - "id": "c39a76e5-f613-41a9-8335-c442747791e0", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "0.0[0]a", - "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", - "label": "Event by Severities", - "line_width": 1, - "metrics": [ - { - "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "type": "count" - }, - { - "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", - "sigma": "", - "type": "sum_bucket" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,204,202,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Low\" OR severity:\"0\"" - }, - "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", - "label": "LOW" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Medium\"" - }, - "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", - "label": "MEDIUM" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"High\"" - }, - "id": "e142c55b-6ee5-416a-8bd3-d10398044864", - "label": "HIGH" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Very-High\"" - }, - "id": "4b05b562-c419-4214-b814-d4c242251521", - "label": "VERY HIGH" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Events by Severity [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1c869759-1d3e-4898-b9c7-d2604ed38655", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-249e2737-b41f-4115-b303-88bc9d279655.json b/packages/cef/kibana/visualization/cef-249e2737-b41f-4115-b303-88bc9d279655.json deleted file mode 100644 index 8ed662e7131..00000000000 --- a/packages/cef/kibana/visualization/cef-249e2737-b41f-4115-b303-88bc9d279655.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "DNS Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threads", - "field": "cef.extensions.deviceCustomString1" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OpCodes", - "field": "cef.extensions.deviceCustomString2" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Activity Types", - "field": "cef.device.event_class_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "32", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "type": "gauge" - }, - "title": "DNS Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-249e2737-b41f-4115-b303-88bc9d279655", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-255c0885-6349-4ab4-ba00-f055c6cc8000.json b/packages/cef/kibana/visualization/cef-255c0885-6349-4ab4-ba00-f055c6cc8000.json deleted file mode 100644 index 4b5d8c515a7..00000000000 --- a/packages/cef/kibana/visualization/cef-255c0885-6349-4ab4-ba00-f055c6cc8000.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Sources [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-255c0885-6349-4ab4-ba00-f055c6cc8000", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json b/packages/cef/kibana/visualization/cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json deleted file mode 100644 index bbe61459afe..00000000000 --- a/packages/cef/kibana/visualization/cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Size [Logs CEF ArcSight]", - "uiStateJSON": { - "P-11": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-13": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-2": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-3": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-4": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-5": { - "vis": { - "defaultColors": { - "0 - 18,000": "rgb(247,251,255)", - "108,000 - 126,000": "rgb(74,152,201)", - "126,000 - 144,000": "rgb(46,126,188)", - "144,000 - 162,000": "rgb(23,100,171)", - "162,000 - 180,000": "rgb(8,74,145)", - "18,000 - 36,000": "rgb(227,238,249)", - "36,000 - 54,000": "rgb(208,225,242)", - "54,000 - 72,000": "rgb(182,212,233)", - "72,000 - 90,000": "rgb(148,196,223)", - "90,000 - 108,000": "rgb(107,174,214)" - }, - "legendOpen": false - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sources", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destinations", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Sources by Size [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json b/packages/cef/kibana/visualization/cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json deleted file mode 100644 index 4f31eac1620..00000000000 --- a/packages/cef/kibana/visualization/cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Unique Destinations and Ports by Source [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Addresses" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Addresses" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Destination Ports" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Addresses" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Ports" - }, - "type": "value" - } - ] - }, - "title": "Unique Destinations and Ports by Source [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2726382e-638a-4dcc-94fc-0ffdc0f92048.json b/packages/cef/kibana/visualization/cef-2726382e-638a-4dcc-94fc-0ffdc0f92048.json deleted file mode 100644 index e10f3cbe7c7..00000000000 --- a/packages/cef/kibana/visualization/cef-2726382e-638a-4dcc-94fc-0ffdc0f92048.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 15, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2726382e-638a-4dcc-94fc-0ffdc0f92048", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-291cd92f-52c4-421b-b354-468318ba3e65.json b/packages/cef/kibana/visualization/cef-291cd92f-52c4-421b-b354-468318ba3e65.json deleted file mode 100644 index 15b850b85d6..00000000000 --- a/packages/cef/kibana/visualization/cef-291cd92f-52c4-421b-b354-468318ba3e65.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-291cd92f-52c4-421b-b354-468318ba3e65", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-295986d4-d2ea-4541-8e82-7dc95c0cd830.json b/packages/cef/kibana/visualization/cef-295986d4-d2ea-4541-8e82-7dc95c0cd830.json deleted file mode 100644 index 84b4e12ce48..00000000000 --- a/packages/cef/kibana/visualization/cef-295986d4-d2ea-4541-8e82-7dc95c0cd830.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 35 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-295986d4-d2ea-4541-8e82-7dc95c0cd830", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2a0a7692-9a08-449f-bcef-b85de1855fd5.json b/packages/cef/kibana/visualization/cef-2a0a7692-9a08-449f-bcef-b85de1855fd5.json deleted file mode 100644 index aae5bc30168..00000000000 --- a/packages/cef/kibana/visualization/cef-2a0a7692-9a08-449f-bcef-b85de1855fd5.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint - Average EPS [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "type": "cumulative_sum" - }, - { - "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "gamma": 0.3, - "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "offset_time": "1m", - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint - Average EPS [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2a0a7692-9a08-449f-bcef-b85de1855fd5", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json b/packages/cef/kibana/visualization/cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json deleted file mode 100644 index 9f1bfa0f2b6..00000000000 --- a/packages/cef/kibana/visualization/cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Behaviors by Outcome [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Behavior", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 20 Behaviors by Outcome [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json b/packages/cef/kibana/visualization/cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json deleted file mode 100644 index a101255f21d..00000000000 --- a/packages/cef/kibana/visualization/cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Source Countries [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 5 Source Countries [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-316fdc75-7215-4c6b-8e1b-70a097b34e28.json b/packages/cef/kibana/visualization/cef-316fdc75-7215-4c6b-8e1b-70a097b34e28.json deleted file mode 100644 index a5b9787191e..00000000000 --- a/packages/cef/kibana/visualization/cef-316fdc75-7215-4c6b-8e1b-70a097b34e28.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Host", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Host", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-316fdc75-7215-4c6b-8e1b-70a097b34e28", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-33290695-4eb1-4270-9e63-7083e7b132ed.json b/packages/cef/kibana/visualization/cef-33290695-4eb1-4270-9e63-7083e7b132ed.json deleted file mode 100644 index cd7ed7854a6..00000000000 --- a/packages/cef/kibana/visualization/cef-33290695-4eb1-4270-9e63-7083e7b132ed.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events Types by Severity [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", - "label": "Cumulative Bytes", - "line_width": "3", - "metrics": [ - { - "field": "source.bytes", - "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", - "type": "count" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" - }, - "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", - "label": "HIGH" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" - }, - "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", - "label": "MEDIUM" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" - }, - "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", - "label": "LOW" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", - "label": "Count by Event Type", - "line_width": 1, - "metrics": [ - { - "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.device.event_class_id", - "terms_size": "20" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events Types by Severity [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-33290695-4eb1-4270-9e63-7083e7b132ed", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json b/packages/cef/kibana/visualization/cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json deleted file mode 100644 index 704eb7201b1..00000000000 --- a/packages/cef/kibana/visualization/cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Network - Event Throughput [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" - }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Network - Event Throughput [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-38061262-edbe-4ccc-8c5c-d22c480b3c64.json b/packages/cef/kibana/visualization/cef-38061262-edbe-4ccc-8c5c-d22c480b3c64.json deleted file mode 100644 index de558bce467..00000000000 --- a/packages/cef/kibana/visualization/cef-38061262-edbe-4ccc-8c5c-d22c480b3c64.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Application Protocols [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.application", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Application Protocols [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-38061262-edbe-4ccc-8c5c-d22c480b3c64", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-38fd061a-0976-4005-b0d3-729d693cdd5d.json b/packages/cef/kibana/visualization/cef-38fd061a-0976-4005-b0d3-729d693cdd5d.json deleted file mode 100644 index 21386c53b13..00000000000 --- a/packages/cef/kibana/visualization/cef-38fd061a-0976-4005-b0d3-729d693cdd5d.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Direction [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "be556a57-cd1c-496c-8714-0bd210947c85", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "filter": { - "language": "lucene", - "query": "device" - }, - "formatter": "number", - "id": "9aae7344-9de9-4378-b21d-296cb964f93b", - "label": "Inbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", - "label": "Inbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "formatter": "number", - "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", - "label": "Outbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "type": "count" - }, - { - "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", - "name": "outbound" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(211,49,21,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", - "label": "Outbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Direction [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-38fd061a-0976-4005-b0d3-729d693cdd5d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json b/packages/cef/kibana/visualization/cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json deleted file mode 100644 index 719788cfc07..00000000000 --- a/packages/cef/kibana/visualization/cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Type Breakdown [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Device Type Breakdown [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-490c415c-b859-4ed0-a2a4-5c4968084985.json b/packages/cef/kibana/visualization/cef-490c415c-b859-4ed0-a2a4-5c4968084985.json deleted file mode 100644 index 6cefab46d78..00000000000 --- a/packages/cef/kibana/visualization/cef-490c415c-b859-4ed0-a2a4-5c4968084985.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Event Types by Size [Logs CEF]", - "uiStateJSON": { - "vis": { - "colors": { - "Count": "#64B0C8", - "Total (Bytes)": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total (Bytes)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Type" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "legendPosition": "right", - "orderBucketsBySum": false, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Total (Bytes)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": false, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (Bytes)" - }, - "type": "value" - } - ] - }, - "title": "Event Types by Size [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-490c415c-b859-4ed0-a2a4-5c4968084985", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json b/packages/cef/kibana/visualization/cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json deleted file mode 100644 index 383f61d0343..00000000000 --- a/packages/cef/kibana/visualization/cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcomes [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "destination.port: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcomes [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-499f50ba-2f84-4f7c-9021-73a4efc47921.json b/packages/cef/kibana/visualization/cef-499f50ba-2f84-4f7c-9021-73a4efc47921.json deleted file mode 100644 index 67eabeb364d..00000000000 --- a/packages/cef/kibana/visualization/cef-499f50ba-2f84-4f7c-9021-73a4efc47921.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcome [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "bar_color": null, - "id": "23db5bf6-f787-474e-86ab-76362432e984", - "value": 0 - } - ], - "drilldown_url": "", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", - "label": "Firewall" - } - ], - "split_mode": "filter", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "1", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Event Outcome", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,188,0,0.35)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", - "label": "Success" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", - "label": "Failure" - }, - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "2ff1e859-b178-4824-a0f2-69a115932b98", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "stacked", - "terms_field": "cef.extensions.categoryOutcome", - "terms_size": "3" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcome [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-499f50ba-2f84-4f7c-9021-73a4efc47921", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json b/packages/cef/kibana/visualization/cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json deleted file mode 100644 index f1787d1acc7..00000000000 --- a/packages/cef/kibana/visualization/cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destinations [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4c86b51e-6886-4484-98a2-508e92b455bb.json b/packages/cef/kibana/visualization/cef-4c86b51e-6886-4484-98a2-508e92b455bb.json deleted file mode 100644 index 4f8adcffeeb..00000000000 --- a/packages/cef/kibana/visualization/cef-4c86b51e-6886-4484-98a2-508e92b455bb.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint OS Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Event Types", - "field": "event.action" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Outcomes", - "field": "event.outcome" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "20", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint OS Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4c86b51e-6886-4484-98a2-508e92b455bb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json b/packages/cef/kibana/visualization/cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json deleted file mode 100644 index cdd54f42732..00000000000 --- a/packages/cef/kibana/visualization/cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Sources [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-535a7bf8-a701-4016-86c0-038bc6d9d069.json b/packages/cef/kibana/visualization/cef-535a7bf8-a701-4016-86c0-038bc6d9d069.json deleted file mode 100644 index dcdaab4a185..00000000000 --- a/packages/cef/kibana/visualization/cef-535a7bf8-a701-4016-86c0-038bc6d9d069.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Events [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Events [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-535a7bf8-a701-4016-86c0-038bc6d9d069", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-56247c19-7aa5-475d-b074-5b0cd4794f0c.json b/packages/cef/kibana/visualization/cef-56247c19-7aa5-475d-b074-5b0cd4794f0c.json deleted file mode 100644 index 074ad5c3689..00000000000 --- a/packages/cef/kibana/visualization/cef-56247c19-7aa5-475d-b074-5b0cd4794f0c.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Users [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-56247c19-7aa5-475d-b074-5b0cd4794f0c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json b/packages/cef/kibana/visualization/cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json deleted file mode 100644 index ae1c1365be4..00000000000 --- a/packages/cef/kibana/visualization/cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "label": "Inbound" - }, - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "label": "Outbound" - } - ] - }, - "schema": "segment", - "type": "filters" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Blues", - "colorsNumber": 10, - "colorsRange": [ - { - "from": 0, - "to": null - } - ], - "enableHover": true, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-589fec8c-336e-4122-8fef-a450bddf84f6.json b/packages/cef/kibana/visualization/cef-589fec8c-336e-4122-8fef-a450bddf84f6.json deleted file mode 100644 index 284b53f6a5d..00000000000 --- a/packages/cef/kibana/visualization/cef-589fec8c-336e-4122-8fef-a450bddf84f6.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Addresses [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Addresses [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-589fec8c-336e-4122-8fef-a450bddf84f6", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-59ad829b-12b8-4256-95a5-e7078eda628b.json b/packages/cef/kibana/visualization/cef-59ad829b-12b8-4256-95a5-e7078eda628b.json deleted file mode 100644 index 34f4356a59b..00000000000 --- a/packages/cef/kibana/visualization/cef-59ad829b-12b8-4256-95a5-e7078eda628b.json +++ /dev/null @@ -1,199 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination User Names", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Users" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Event Types" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination User Names" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-59ad829b-12b8-4256-95a5-e7078eda628b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json b/packages/cef/kibana/visualization/cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json deleted file mode 100644 index 1d491cba80b..00000000000 --- a/packages/cef/kibana/visualization/cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes by User Names [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Informational": "#7EB26D", - "/Informational/Warning": "#EF843C", - "/Success": "#64B0C8", - "Anti-Virus": "#B7DBAB", - "Host-based IDS/IPS": "#629E51", - "Log Consolidator": "#E0F9D7", - "Operating System": "#3F6833", - "Recon": "#BF1B00", - "Security Mangement": "#CFFAFF" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "Network-based IDS/IPS", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Outcomes by User Names [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json b/packages/cef/kibana/visualization/cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json deleted file mode 100644 index 553391cc263..00000000000 --- a/packages/cef/kibana/visualization/cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json +++ /dev/null @@ -1,201 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Events by Source and Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Timestamp" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Event Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Source Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Events by Source and Destination Users [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json b/packages/cef/kibana/visualization/cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json deleted file mode 100644 index c7b70db2c78..00000000000 --- a/packages/cef/kibana/visualization/cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Network - Event Throughput [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" - }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Network - Event Throughput [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json b/packages/cef/kibana/visualization/cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json deleted file mode 100644 index 4e3ddb3e435..00000000000 --- a/packages/cef/kibana/visualization/cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-655beadd-2678-4495-8793-72b5780f6283.json b/packages/cef/kibana/visualization/cef-655beadd-2678-4495-8793-72b5780f6283.json deleted file mode 100644 index 33564a0204a..00000000000 --- a/packages/cef/kibana/visualization/cef-655beadd-2678-4495-8793-72b5780f6283.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Addresses [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Addresses [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-655beadd-2678-4495-8793-72b5780f6283", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-677891a1-90c4-4273-b126-f0e54689bd76.json b/packages/cef/kibana/visualization/cef-677891a1-90c4-4273-b126-f0e54689bd76.json deleted file mode 100644 index e8c067d2e0e..00000000000 --- a/packages/cef/kibana/visualization/cef-677891a1-90c4-4273-b126-f0e54689bd76.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-718b074e-3dd1-4d03-ba11-7f869cdcd703.json b/packages/cef/kibana/visualization/cef-718b074e-3dd1-4d03-ba11-7f869cdcd703.json deleted file mode 100644 index 3e60d25e70a..00000000000 --- a/packages/cef/kibana/visualization/cef-718b074e-3dd1-4d03-ba11-7f869cdcd703.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(254,37,37,1)", - "fill": "0", - "formatter": "number", - "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "gamma": 0.3, - "id": "59675e84-1a8e-41df-9f63-875109bd795a", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " - }, - "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", - "label": "Operating System" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" - }, - "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", - "label": "Host IDS" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", - "label": "Application" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", - "label": "Moving Average by Device HostNames", - "line_width": 1, - "metrics": [ - { - "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "gamma": 0.3, - "id": "9765367a-0fc2-45ba-88a8-e87991210edd", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-718b074e-3dd1-4d03-ba11-7f869cdcd703", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-7454c034-c5f3-48fe-8fce-ef4385c80350.json b/packages/cef/kibana/visualization/cef-7454c034-c5f3-48fe-8fce-ef4385c80350.json deleted file mode 100644 index 7e0a0b41e91..00000000000 --- a/packages/cef/kibana/visualization/cef-7454c034-c5f3-48fe-8fce-ef4385c80350.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Port", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-7454c034-c5f3-48fe-8fce-ef4385c80350", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json b/packages/cef/kibana/visualization/cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json deleted file mode 100644 index 9a220290397..00000000000 --- a/packages/cef/kibana/visualization/cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Source Countries [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 5 Source Countries [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json b/packages/cef/kibana/visualization/cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json deleted file mode 100644 index 05225db7133..00000000000 --- a/packages/cef/kibana/visualization/cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Event Types [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 50, - "minFontSize": 12, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Event Types [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-769e3f37-2b08-4edb-9013-09140a520e69.json b/packages/cef/kibana/visualization/cef-769e3f37-2b08-4edb-9013-09140a520e69.json deleted file mode 100644 index dc3d164f282..00000000000 --- a/packages/cef/kibana/visualization/cef-769e3f37-2b08-4edb-9013-09140a520e69.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Addresses [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Addresses [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-769e3f37-2b08-4edb-9013-09140a520e69", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-76c088c3-486e-4420-8840-5ede667edffe.json b/packages/cef/kibana/visualization/cef-76c088c3-486e-4420-8840-5ede667edffe.json deleted file mode 100644 index 821db3719cf..00000000000 --- a/packages/cef/kibana/visualization/cef-76c088c3-486e-4420-8840-5ede667edffe.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "type": "cumulative_sum" - }, - { - "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "gamma": 0.3, - "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "offset_time": "1m", - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-76c088c3-486e-4420-8840-5ede667edffe", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-77ee0e91-010b-4897-b483-7e9a907d2afe.json b/packages/cef/kibana/visualization/cef-77ee0e91-010b-4897-b483-7e9a907d2afe.json deleted file mode 100644 index 6fe585ae2d7..00000000000 --- a/packages/cef/kibana/visualization/cef-77ee0e91-010b-4897-b483-7e9a907d2afe.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 9,000": "rgb(255,255,204)", - "18,000 - 27,000": "rgb(254,225,135)", - "27,000 - 36,000": "rgb(254,201,101)", - "36,000 - 45,000": "rgb(254,171,73)", - "45,000 - 54,000": "rgb(253,141,60)", - "54,000 - 63,000": "rgb(252,91,46)", - "63,000 - 72,000": "rgb(237,47,34)", - "72,000 - 81,000": "rgb(212,16,32)", - "81,000 - 90,000": "rgb(176,0,38)", - "9,000 - 18,000": "rgb(255,241,170)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-77ee0e91-010b-4897-b483-7e9a907d2afe", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json b/packages/cef/kibana/visualization/cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json deleted file mode 100644 index 1a0111469d7..00000000000 --- a/packages/cef/kibana/visualization/cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 15 Event Types by Events [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Types", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 15, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 15 Event Types by Events [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json b/packages/cef/kibana/visualization/cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json deleted file mode 100644 index 73225f25f4a..00000000000 --- a/packages/cef/kibana/visualization/cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "DNS - Event Throughput [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "type": "cumulative_sum" - }, - { - "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "gamma": 0.3, - "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "DNS - Event Throughput [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-82a333a7-d9d3-4752-b564-160d4b9f188b.json b/packages/cef/kibana/visualization/cef-82a333a7-d9d3-4752-b564-160d4b9f188b.json deleted file mode 100644 index ed9bf58c550..00000000000 --- a/packages/cef/kibana/visualization/cef-82a333a7-d9d3-4752-b564-160d4b9f188b.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Destinations [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Host", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Host", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Sources by Destinations [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-82a333a7-d9d3-4752-b564-160d4b9f188b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json b/packages/cef/kibana/visualization/cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json deleted file mode 100644 index b82be49e174..00000000000 --- a/packages/cef/kibana/visualization/cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-841a5d3f-c201-4499-a0fd-883247360640.json b/packages/cef/kibana/visualization/cef-841a5d3f-c201-4499-a0fd-883247360640.json deleted file mode 100644 index c9ae50e1d97..00000000000 --- a/packages/cef/kibana/visualization/cef-841a5d3f-c201-4499-a0fd-883247360640.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Outcome [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Host Names", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 6, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": true, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Devices by Outcome [Logs CEF]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-841a5d3f-c201-4499-a0fd-883247360640", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-85818e02-7a16-4afa-8278-99c4059ddd82.json b/packages/cef/kibana/visualization/cef-85818e02-7a16-4afa-8278-99c4059ddd82.json deleted file mode 100644 index ee98ca2a874..00000000000 --- a/packages/cef/kibana/visualization/cef-85818e02-7a16-4afa-8278-99c4059ddd82.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Bandwidth [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source(s)", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination(s)", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bandwidth (Incoming)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bandwidth (Outgoing)", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Devices by Bandwidth [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-85818e02-7a16-4afa-8278-99c4059ddd82", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json b/packages/cef/kibana/visualization/cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json deleted file mode 100644 index 88a97165a69..00000000000 --- a/packages/cef/kibana/visualization/cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json +++ /dev/null @@ -1,199 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Source Users by Event Type and Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Types", - "field": "event.action" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination User Names", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Users" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Event Types" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination User Names" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Source Users by Event Type and Destination Users [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-86bd5f13-ca6b-43fa-b209-54e7460344bb.json b/packages/cef/kibana/visualization/cef-86bd5f13-ca6b-43fa-b209-54e7460344bb.json deleted file mode 100644 index 05b13544355..00000000000 --- a/packages/cef/kibana/visualization/cef-86bd5f13-ca6b-43fa-b209-54e7460344bb.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-86bd5f13-ca6b-43fa-b209-54e7460344bb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json b/packages/cef/kibana/visualization/cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json deleted file mode 100644 index 10491c9764f..00000000000 --- a/packages/cef/kibana/visualization/cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations by Size [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destinations", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Destinations by Size [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-89998099-9a39-44cf-beba-5b97f0524cf9.json b/packages/cef/kibana/visualization/cef-89998099-9a39-44cf-beba-5b97f0524cf9.json deleted file mode 100644 index b182815e69e..00000000000 --- a/packages/cef/kibana/visualization/cef-89998099-9a39-44cf-beba-5b97f0524cf9.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes Breakdown [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Attempt": "#3F2B5B", - "/Failure": "#BF1B00" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Time", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Time" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcomes Breakdown [Logs CEF ArcSight]", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-89998099-9a39-44cf-beba-5b97f0524cf9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8cd00d20-957d-4663-be4d-ea80b1609586.json b/packages/cef/kibana/visualization/cef-8cd00d20-957d-4663-be4d-ea80b1609586.json deleted file mode 100644 index d37d45ed9fb..00000000000 --- a/packages/cef/kibana/visualization/cef-8cd00d20-957d-4663-be4d-ea80b1609586.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Users [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8cd00d20-957d-4663-be4d-ea80b1609586", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8f38607c-eb10-410e-aec5-15d8b474211e.json b/packages/cef/kibana/visualization/cef-8f38607c-eb10-410e-aec5-15d8b474211e.json deleted file mode 100644 index dfd89566ad7..00000000000 --- a/packages/cef/kibana/visualization/cef-8f38607c-eb10-410e-aec5-15d8b474211e.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source Addresses [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "117fde19-e227-4fcb-8019-e82e6677c340", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostmessage", - "terms_order_by": null, - "value_template": "{{value}}" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "0.5", - "formatter": "number", - "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", - "label": "Top Source Addresses", - "line_width": "0", - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "source.ip", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source Addresses [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8f38607c-eb10-410e-aec5-15d8b474211e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8f6075c5-f525-4173-92a4-3a56e96e362d.json b/packages/cef/kibana/visualization/cef-8f6075c5-f525-4173-92a4-3a56e96e362d.json deleted file mode 100644 index 9a3bf7fde5f..00000000000 --- a/packages/cef/kibana/visualization/cef-8f6075c5-f525-4173-92a4-3a56e96e362d.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8f6075c5-f525-4173-92a4-3a56e96e362d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-92aecea0-a632-4a55-bb56-50e4cdaca036.json b/packages/cef/kibana/visualization/cef-92aecea0-a632-4a55-bb56-50e4cdaca036.json deleted file mode 100644 index 37ee9b1de2e..00000000000 --- a/packages/cef/kibana/visualization/cef-92aecea0-a632-4a55-bb56-50e4cdaca036.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Vendor", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Product", - "field": "cef.device.product", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-92aecea0-a632-4a55-bb56-50e4cdaca036", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-9457ee67-895f-4b78-a543-268f9687a745.json b/packages/cef/kibana/visualization/cef-9457ee67-895f-4b78-a543-268f9687a745.json deleted file mode 100644 index fc65f8d9d5b..00000000000 --- a/packages/cef/kibana/visualization/cef-9457ee67-895f-4b78-a543-268f9687a745.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint Average EPS [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "type": "cumulative_sum" - }, - { - "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "id": "215c5225-5368-40e6-8fcd-2b0026babba0", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "215c5225-5368-40e6-8fcd-2b0026babba0", - "gamma": 0.3, - "id": "f4dfe09a-e397-4287-ab99-3206516cded3", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint Average EPS [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-9457ee67-895f-4b78-a543-268f9687a745", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-98729301-9b46-4169-b99e-1392af8fa563.json b/packages/cef/kibana/visualization/cef-98729301-9b46-4169-b99e-1392af8fa563.json deleted file mode 100644 index 3112a916cd3..00000000000 --- a/packages/cef/kibana/visualization/cef-98729301-9b46-4169-b99e-1392af8fa563.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Event [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 35 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Event [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-98729301-9b46-4169-b99e-1392af8fa563", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json b/packages/cef/kibana/visualization/cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json deleted file mode 100644 index ff1acb311ce..00000000000 --- a/packages/cef/kibana/visualization/cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Severity [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "hide_last_value_indicator": true, - "id": "c39a76e5-f613-41a9-8335-c442747791e0", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "0.0[0]a", - "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", - "label": "Event by Severities", - "line_width": 1, - "metrics": [ - { - "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "type": "count" - }, - { - "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", - "sigma": "", - "type": "sum_bucket" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,204,202,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Low\" OR severity:\"0\"" - }, - "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", - "label": "LOW" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Medium\"" - }, - "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", - "label": "MEDIUM" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"High\"" - }, - "id": "e142c55b-6ee5-416a-8bd3-d10398044864", - "label": "HIGH" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Very-High\"" - }, - "id": "4b05b562-c419-4214-b814-d4c242251521", - "label": "VERY HIGH" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Events by Severity [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json b/packages/cef/kibana/visualization/cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json deleted file mode 100644 index 8efe5320bfa..00000000000 --- a/packages/cef/kibana/visualization/cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json +++ /dev/null @@ -1,201 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Events by Source and Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Timestamp" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Event Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Source Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Events by Source and Destination Users [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json b/packages/cef/kibana/visualization/cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json deleted file mode 100644 index d84cf1eb3bc..00000000000 --- a/packages/cef/kibana/visualization/cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Source Countries [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 20 Source Countries [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a729c249-8d34-4eb1-bbb0-5d25cf224114.json b/packages/cef/kibana/visualization/cef-a729c249-8d34-4eb1-bbb0-5d25cf224114.json deleted file mode 100644 index 5583b4eb124..00000000000 --- a/packages/cef/kibana/visualization/cef-a729c249-8d34-4eb1-bbb0-5d25cf224114.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Host Names", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 6, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": true, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a729c249-8d34-4eb1-bbb0-5d25cf224114", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json b/packages/cef/kibana/visualization/cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json deleted file mode 100644 index c145bc62216..00000000000 --- a/packages/cef/kibana/visualization/cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "0c929603-fc92-4ebc-a963-fe2795417d89", - "label": "Firewall Events" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" - }, - "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", - "label": "Intrusion Detection Events" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", - "label": "VPN" - } - ], - "split_mode": "filters", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": "0.5", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Device Hosts", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-acc915fe-b971-4795-9040-3fbfdf62abe1.json b/packages/cef/kibana/visualization/cef-acc915fe-b971-4795-9040-3fbfdf62abe1.json deleted file mode 100644 index 02f6855a893..00000000000 --- a/packages/cef/kibana/visualization/cef-acc915fe-b971-4795-9040-3fbfdf62abe1.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Users [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-acc915fe-b971-4795-9040-3fbfdf62abe1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json b/packages/cef/kibana/visualization/cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json deleted file mode 100644 index e273fb45445..00000000000 --- a/packages/cef/kibana/visualization/cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Firewall Types" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "orderBucketsBySum": true, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b25e0340-0e97-4849-9b89-959b9ad8c958.json b/packages/cef/kibana/visualization/cef-b25e0340-0e97-4849-9b89-959b9ad8c958.json deleted file mode 100644 index 4b50c94f20b..00000000000 --- a/packages/cef/kibana/visualization/cef-b25e0340-0e97-4849-9b89-959b9ad8c958.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "DNS - Event Throughput [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "type": "cumulative_sum" - }, - { - "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "gamma": 0.3, - "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "DNS - Event Throughput [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b25e0340-0e97-4849-9b89-959b9ad8c958", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json b/packages/cef/kibana/visualization/cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json deleted file mode 100644 index 923156193fc..00000000000 --- a/packages/cef/kibana/visualization/cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Port", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b4ac112e-809a-437d-a805-3ff44a67c21c.json b/packages/cef/kibana/visualization/cef-b4ac112e-809a-437d-a805-3ff44a67c21c.json deleted file mode 100644 index 9896195c51a..00000000000 --- a/packages/cef/kibana/visualization/cef-b4ac112e-809a-437d-a805-3ff44a67c21c.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users by Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Source Users by Destination Users [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b4ac112e-809a-437d-a805-3ff44a67c21c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b7227081-e125-49cb-a580-1be363f06be0.json b/packages/cef/kibana/visualization/cef-b7227081-e125-49cb-a580-1be363f06be0.json deleted file mode 100644 index 2d87157b237..00000000000 --- a/packages/cef/kibana/visualization/cef-b7227081-e125-49cb-a580-1be363f06be0.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Ports [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Ports [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b7227081-e125-49cb-a580-1be363f06be0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-baa6c9ee-dffe-4ea5-bedd-91962700f450.json b/packages/cef/kibana/visualization/cef-baa6c9ee-dffe-4ea5-bedd-91962700f450.json deleted file mode 100644 index 2c275406bfb..00000000000 --- a/packages/cef/kibana/visualization/cef-baa6c9ee-dffe-4ea5-bedd-91962700f450.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device Types [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": "", - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", - "label": "Firewall" - } - ], - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(251,158,0,1)", - "fill": 0.5, - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Top Device Types by Mvg Averages", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.extensions.categoryDeviceType", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device Types [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-baa6c9ee-dffe-4ea5-bedd-91962700f450", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json b/packages/cef/kibana/visualization/cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json deleted file mode 100644 index bf0b9c06482..00000000000 --- a/packages/cef/kibana/visualization/cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Users [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-c394e650-b16c-407c-b305-bd409d69d433.json b/packages/cef/kibana/visualization/cef-c394e650-b16c-407c-b305-bd409d69d433.json deleted file mode 100644 index 28573ff259f..00000000000 --- a/packages/cef/kibana/visualization/cef-c394e650-b16c-407c-b305-bd409d69d433.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-c394e650-b16c-407c-b305-bd409d69d433", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json b/packages/cef/kibana/visualization/cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json deleted file mode 100644 index ac1fc1fbcb3..00000000000 --- a/packages/cef/kibana/visualization/cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Port [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Port [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-cbde6788-7371-4712-b2e0-3eb07e0841f4.json b/packages/cef/kibana/visualization/cef-cbde6788-7371-4712-b2e0-3eb07e0841f4.json deleted file mode 100644 index be0214483c7..00000000000 --- a/packages/cef/kibana/visualization/cef-cbde6788-7371-4712-b2e0-3eb07e0841f4.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Ports [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Ports [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-cbde6788-7371-4712-b2e0-3eb07e0841f4", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json b/packages/cef/kibana/visualization/cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json deleted file mode 100644 index e9a8fa58bc6..00000000000 --- a/packages/cef/kibana/visualization/cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Behaviors by Outcome [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 9,000": "rgb(255,255,204)", - "18,000 - 27,000": "rgb(254,225,135)", - "27,000 - 36,000": "rgb(254,201,101)", - "36,000 - 45,000": "rgb(254,171,73)", - "45,000 - 54,000": "rgb(253,141,60)", - "54,000 - 63,000": "rgb(252,91,46)", - "63,000 - 72,000": "rgb(237,47,34)", - "72,000 - 81,000": "rgb(212,16,32)", - "81,000 - 90,000": "rgb(176,0,38)", - "9,000 - 18,000": "rgb(255,241,170)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Behaviors by Outcome [Logs CEF]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d02dd523-ce91-40e9-9209-83797f80ed45.json b/packages/cef/kibana/visualization/cef-d02dd523-ce91-40e9-9209-83797f80ed45.json deleted file mode 100644 index 8d7f74e0b44..00000000000 --- a/packages/cef/kibana/visualization/cef-d02dd523-ce91-40e9-9209-83797f80ed45.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source Addresses [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "117fde19-e227-4fcb-8019-e82e6677c340", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostmessage", - "terms_order_by": null, - "value_template": "{{value}}" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "0.5", - "formatter": "number", - "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", - "label": "Top Source Addresses", - "line_width": "0", - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "source.ip", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source Addresses [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d02dd523-ce91-40e9-9209-83797f80ed45", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json b/packages/cef/kibana/visualization/cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json deleted file mode 100644 index 9ca3d9d2d52..00000000000 --- a/packages/cef/kibana/visualization/cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d2332147-4293-4422-930b-0a319ebeb958.json b/packages/cef/kibana/visualization/cef-d2332147-4293-4422-930b-0a319ebeb958.json deleted file mode 100644 index 6bfca2012e1..00000000000 --- a/packages/cef/kibana/visualization/cef-d2332147-4293-4422-930b-0a319ebeb958.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Vendors by Product [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Vendor", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Product", - "field": "cef.device.product", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 5 Vendors by Product [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d2332147-4293-4422-930b-0a319ebeb958", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d3ce586b-d372-4e03-9c19-b768b1b953f3.json b/packages/cef/kibana/visualization/cef-d3ce586b-d372-4e03-9c19-b768b1b953f3.json deleted file mode 100644 index 5cc53570d55..00000000000 --- a/packages/cef/kibana/visualization/cef-d3ce586b-d372-4e03-9c19-b768b1b953f3.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcome [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "bar_color": null, - "id": "23db5bf6-f787-474e-86ab-76362432e984", - "value": 0 - } - ], - "drilldown_url": "", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", - "label": "Firewall" - } - ], - "split_mode": "filter", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "1", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Event Outcome", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,188,0,0.35)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", - "label": "Success" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", - "label": "Failure" - }, - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "2ff1e859-b178-4824-a0f2-69a115932b98", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "stacked", - "terms_field": "event.outcome", - "terms_size": "3" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcome [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d3ce586b-d372-4e03-9c19-b768b1b953f3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json b/packages/cef/kibana/visualization/cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json deleted file mode 100644 index aa5a727791c..00000000000 --- a/packages/cef/kibana/visualization/cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" - }, - "title": " Dashboard Navigation [Logs CEF]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json b/packages/cef/kibana/visualization/cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json deleted file mode 100644 index 53e6a17408b..00000000000 --- a/packages/cef/kibana/visualization/cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json b/packages/cef/kibana/visualization/cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json deleted file mode 100644 index 68431a38a10..00000000000 --- a/packages/cef/kibana/visualization/cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Size [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "6e634117-6b30-411c-b74c-75510befe42f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "formatter": "bytes", - "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", - "label": "Inbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", - "type": "sum" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "formatter": "bytes", - "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", - "label": "Outbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "type": "sum" - }, - { - "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", - "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", - "name": "outbound_bytes" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Size [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-daa1fe0b-a698-4429-8e5d-db251502276c.json b/packages/cef/kibana/visualization/cef-daa1fe0b-a698-4429-8e5d-db251502276c.json deleted file mode 100644 index f6aacf65f4c..00000000000 --- a/packages/cef/kibana/visualization/cef-daa1fe0b-a698-4429-8e5d-db251502276c.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Bandwidth Utilization [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "" - }, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "d27f09dc-b07e-493f-a223-a85033ad6548", - "label": "Inbound", - "line_width": 1, - "metrics": [ - { - "field": "source.bytes", - "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", - "type": "sum" - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_order_by": "_count" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", - "label": "Outbound", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "type": "sum" - }, - { - "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", - "name": "outbound" - } - ] - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0 - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Bandwidth Utilization [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-daa1fe0b-a698-4429-8e5d-db251502276c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-dd339ff5-6b26-4455-ae06-f3b5591479e3.json b/packages/cef/kibana/visualization/cef-dd339ff5-6b26-4455-ae06-f3b5591479e3.json deleted file mode 100644 index 9053cca57a0..00000000000 --- a/packages/cef/kibana/visualization/cef-dd339ff5-6b26-4455-ae06-f3b5591479e3.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes Breakdown [Logs CEF]", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#BF1B00", - "unknown": "#3F2B5B" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Time", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Time" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcomes Breakdown [Logs CEF]", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-dd339ff5-6b26-4455-ae06-f3b5591479e3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-df056709-2deb-4363-ae7a-b0148ea456c6.json b/packages/cef/kibana/visualization/cef-df056709-2deb-4363-ae7a-b0148ea456c6.json deleted file mode 100644 index 85d28f64008..00000000000 --- a/packages/cef/kibana/visualization/cef-df056709-2deb-4363-ae7a-b0148ea456c6.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcome [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocols", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Protocols" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcome [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-df056709-2deb-4363-ae7a-b0148ea456c6", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json b/packages/cef/kibana/visualization/cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json deleted file mode 100644 index c6b25abed1e..00000000000 --- a/packages/cef/kibana/visualization/cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Behavior", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-e513c269-350c-40c3-ac20-16c5782103b8.json b/packages/cef/kibana/visualization/cef-e513c269-350c-40c3-ac20-16c5782103b8.json deleted file mode 100644 index 675e6a5f437..00000000000 --- a/packages/cef/kibana/visualization/cef-e513c269-350c-40c3-ac20-16c5782103b8.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device Types [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": "", - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", - "label": "Firewall" - } - ], - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(251,158,0,1)", - "fill": 0.5, - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Top Device Types by Mvg Averages", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.extensions.categoryDeviceType", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device Types [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-e513c269-350c-40c3-ac20-16c5782103b8", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-e89a64e8-928c-41fc-8745-3c8157b21cdb.json b/packages/cef/kibana/visualization/cef-e89a64e8-928c-41fc-8745-3c8157b21cdb.json deleted file mode 100644 index c3c5b729389..00000000000 --- a/packages/cef/kibana/visualization/cef-e89a64e8-928c-41fc-8745-3c8157b21cdb.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source(s)", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination(s)", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bandwidth (Incoming)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bandwidth (Outgoing)", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-e89a64e8-928c-41fc-8745-3c8157b21cdb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-efa710e7-907c-4723-92cd-2bd2276f44dd.json b/packages/cef/kibana/visualization/cef-efa710e7-907c-4723-92cd-2bd2276f44dd.json deleted file mode 100644 index 46e33f4e890..00000000000 --- a/packages/cef/kibana/visualization/cef-efa710e7-907c-4723-92cd-2bd2276f44dd.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "0c929603-fc92-4ebc-a963-fe2795417d89", - "label": "Firewall Events" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" - }, - "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", - "label": "Intrusion Detection Events" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", - "label": "VPN" - } - ], - "split_mode": "filters", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": "0.5", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Device Hosts", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-efa710e7-907c-4723-92cd-2bd2276f44dd", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json b/packages/cef/kibana/visualization/cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json deleted file mode 100644 index c17a59847a0..00000000000 --- a/packages/cef/kibana/visualization/cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json b/packages/cef/kibana/visualization/cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json deleted file mode 100644 index 8bd6d5b5cfb..00000000000 --- a/packages/cef/kibana/visualization/cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events Types by Severity [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", - "label": "Cumulative Bytes", - "line_width": "3", - "metrics": [ - { - "field": "source.bytes", - "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", - "type": "count" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" - }, - "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", - "label": "HIGH" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" - }, - "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", - "label": "MEDIUM" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" - }, - "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", - "label": "LOW" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", - "label": "Count by Event Type", - "line_width": 1, - "metrics": [ - { - "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.device.event_class_id", - "terms_size": "20" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events Types by Severity [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json b/packages/cef/kibana/visualization/cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json deleted file mode 100644 index 056c89b2fca..00000000000 --- a/packages/cef/kibana/visualization/cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Size [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "6e634117-6b30-411c-b74c-75510befe42f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "formatter": "bytes", - "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", - "label": "Inbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", - "type": "sum" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "formatter": "bytes", - "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", - "label": "Outbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "type": "sum" - }, - { - "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", - "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", - "name": "outbound_bytes" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Size [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f5258de9-71f7-410f-b713-201007f77470.json b/packages/cef/kibana/visualization/cef-f5258de9-71f7-410f-b713-201007f77470.json deleted file mode 100644 index 8de22436f43..00000000000 --- a/packages/cef/kibana/visualization/cef-f5258de9-71f7-410f-b713-201007f77470.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Application Protocols [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.application", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Application Protocols [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f5258de9-71f7-410f-b713-201007f77470", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f57734dd-0f32-42b4-94dd-5d597f6735e1.json b/packages/cef/kibana/visualization/cef-f57734dd-0f32-42b4-94dd-5d597f6735e1.json deleted file mode 100644 index fa36f8a0e16..00000000000 --- a/packages/cef/kibana/visualization/cef-f57734dd-0f32-42b4-94dd-5d597f6735e1.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Types by Vendor [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "Network-based IDS/IPS", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "exclude": "", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Device Types by Vendor [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f57734dd-0f32-42b4-94dd-5d597f6735e1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f856a77c-a0fd-4047-afa6-e21a912814c5.json b/packages/cef/kibana/visualization/cef-f856a77c-a0fd-4047-afa6-e21a912814c5.json deleted file mode 100644 index 78390be9264..00000000000 --- a/packages/cef/kibana/visualization/cef-f856a77c-a0fd-4047-afa6-e21a912814c5.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint Average EPS [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "type": "cumulative_sum" - }, - { - "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "id": "215c5225-5368-40e6-8fcd-2b0026babba0", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "215c5225-5368-40e6-8fcd-2b0026babba0", - "gamma": 0.3, - "id": "f4dfe09a-e397-4287-ab99-3206516cded3", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint Average EPS [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f856a77c-a0fd-4047-afa6-e21a912814c5", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fa8b26c1-6973-4381-adb3-bcde0d03a520.json b/packages/cef/kibana/visualization/cef-fa8b26c1-6973-4381-adb3-bcde0d03a520.json deleted file mode 100644 index 300a1130cd2..00000000000 --- a/packages/cef/kibana/visualization/cef-fa8b26c1-6973-4381-adb3-bcde0d03a520.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Addresses" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Addresses" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Destination Ports" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Addresses" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Ports" - }, - "type": "value" - } - ] - }, - "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fa8b26c1-6973-4381-adb3-bcde0d03a520", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fcf798a8-db8f-4492-827b-8fa7581108a9.json b/packages/cef/kibana/visualization/cef-fcf798a8-db8f-4492-827b-8fa7581108a9.json deleted file mode 100644 index f21e80bc2c2..00000000000 --- a/packages/cef/kibana/visualization/cef-fcf798a8-db8f-4492-827b-8fa7581108a9.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Event Types by Size [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "Count": "#64B0C8", - "Total (Bytes)": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total (Bytes)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Type" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "legendPosition": "right", - "orderBucketsBySum": false, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Total (Bytes)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": false, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (Bytes)" - }, - "type": "value" - } - ] - }, - "title": "Event Types by Size [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fcf798a8-db8f-4492-827b-8fa7581108a9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json b/packages/cef/kibana/visualization/cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json deleted file mode 100644 index 9eb620dac63..00000000000 --- a/packages/cef/kibana/visualization/cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "destination.port: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json b/packages/cef/kibana/visualization/cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json deleted file mode 100644 index bb9910d7572..00000000000 --- a/packages/cef/kibana/visualization/cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Firewall Types" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "orderBucketsBySum": true, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 8a08a9213ff29d5da65a873b4df1705cef602d6e Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 14:31:11 +0530 Subject: [PATCH 007/103] migrate cisco to by_value --- ...-a555b160-4987-11e9-b8ce-ed898b5ef295.json | 922 +++++++++++++++--- ...-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json | 79 -- ...-118da960-4987-11e9-b8ce-ed898b5ef295.json | 85 -- ...-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json | 85 -- ...-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json | 126 --- ...-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json | 139 --- ...-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json | 78 -- ...-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json | 105 -- 8 files changed, 773 insertions(+), 846 deletions(-) delete mode 100644 packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json diff --git a/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json index 8a983e2f8de..cb0404f4078 100644 --- a/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json @@ -1,176 +1,800 @@ { - "attributes": { - "description": "Sample dashboard for Cisco ASA Firewall devices", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cisco-a555b160-4987-11e9-b8ce-ed898b5ef295", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:00:38.417Z", + "version": "WzYzMiwxXQ==", + "attributes": { + "description": "Sample dashboard for Cisco ASA Firewall devices", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Destination Port and Transport [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 12, + "x": 12, + "y": 15 }, - "panelsJSON": [ - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "1", - "w": 12, - "x": 12, - "y": 15 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "title": "Destination Port and Transport", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "title": "Destination Port and Transport", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Source Port and Transport [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "2", - "w": 12, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "title": "Source Port and Transport", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "3", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "title": "ASA Firewall Events Over Time", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "title": "Source Port and Transport", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "ASA Events Over Time [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100, + "filter": true + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "4", - "w": 24, - "x": 24, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "title": "ASA Flows by Network Bytes", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "title": "ASA Firewall Events Over Time", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "ASA Flows by Network Bytes [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100, + "filter": true + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "3", + "label": "Total bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total bytes" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 15, - "i": "5", - "w": 12, - "x": 24, - "y": 15 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "title": "Blocked by Source", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "title": "ASA Flows by Network Bytes", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "ASA Firewall Blocked by Source [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": {}, - "gridData": { - "h": 15, - "i": "8", - "w": 12, - "x": 36, - "y": 15 - }, - "panelIndex": "8", - "panelRefName": "panel_5", - "title": "Top ACL by Blocked", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "9", - "w": 48, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "9", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Cisco] ASA Firewall", - "version": 1 - }, - "id": "cisco-a555b160-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-118da960-4987-11e9-b8ce-ed898b5ef295", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 24, + "y": 15 }, - { - "id": "cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5", + "title": "Blocked by Source", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "ASA Top ACL by Blocked [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ACL ID", + "field": "cisco.asa.rule_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.outcome:\"deny\"" + } + } + } + } }, - { - "id": "cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "8", + "w": 12, + "x": 36, + "y": 15 }, - { - "id": "cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295", - "name": "panel_4", - "type": "visualization" + "panelIndex": "8", + "title": "Top ACL by Blocked", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "Top ASA Messages [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ID", + "field": "cisco.asa.message_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Severity", + "field": "log.level", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Sample message", + "field": "event.original", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 12, + "i": "9", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "9", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco] ASA Firewall", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cisco-14fce5e0-498f-11e9-b8ce-ed898b5ef295" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 52662f52adb..00000000000 --- a/packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.outcome:\"deny\"" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Top ACL by Blocked [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ACL ID", - "field": "cisco.asa.rule_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "ASA Top ACL by Blocked [Cisco]", - "type": "table" - } - }, - "id": "cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index e1febb0f087..00000000000 --- a/packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Port and Transport [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Destination Port and Transport [Cisco]", - "type": "pie" - } - }, - "id": "cisco-118da960-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 17925dd7046..00000000000 --- a/packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Source Port and Transport [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Source Port and Transport [Cisco]", - "type": "pie" - } - }, - "id": "cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 42de397939d..00000000000 --- a/packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Flows by Network Bytes [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "3", - "label": "Total bytes" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Total bytes" - }, - "type": "value" - } - ] - }, - "title": "ASA Flows by Network Bytes [Cisco]", - "type": "histogram" - } - }, - "id": "cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 6bbd768adec..00000000000 --- a/packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Events Over Time [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "ASA Events Over Time [Cisco]", - "type": "histogram" - } - }, - "id": "cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 4f3206ffe6c..00000000000 --- a/packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Firewall Blocked by Source [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "ASA Firewall Blocked by Source [Cisco]", - "type": "table" - } - }, - "id": "cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 9a4cbdf1957..00000000000 --- a/packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top ASA Messages [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 1, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ID", - "field": "cisco.asa.message_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "aggregate": "concat", - "customLabel": "Severity", - "field": "log.level", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Sample message", - "field": "event.original", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top ASA Messages [Cisco]", - "type": "table" - } - }, - "id": "cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco-14fce5e0-498f-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From d0767ba928ff2821193a3ff8294976eb55180b3a Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 14:32:17 +0530 Subject: [PATCH 008/103] migrate cisco_asa to by_value --- ...-a555b160-4987-11e9-b8ce-ed898b5ef295.json | 922 +++++++++++++++--- ...-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json | 79 -- ...-118da960-4987-11e9-b8ce-ed898b5ef295.json | 85 -- ...-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json | 85 -- ...-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json | 126 --- ...-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json | 139 --- ...-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json | 78 -- ...-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json | 105 -- 8 files changed, 773 insertions(+), 846 deletions(-) delete mode 100644 packages/cisco_asa/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco_asa/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco_asa/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco_asa/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco_asa/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco_asa/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json delete mode 100644 packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json diff --git a/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json index dad07ff5bda..9d1263e7354 100644 --- a/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json @@ -1,176 +1,800 @@ { - "attributes": { - "description": "Sample dashboard for Cisco ASA Firewall devices", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:02:02.521Z", + "version": "WzY0NCwxXQ==", + "attributes": { + "description": "Sample dashboard for Cisco ASA Firewall devices", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Destination Port and Transport [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 12, + "x": 12, + "y": 15 }, - "panelsJSON": [ - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "1", - "w": 12, - "x": 12, - "y": 15 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "title": "Destination Port and Transport", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "title": "Destination Port and Transport", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Source Port and Transport [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "2", - "w": 12, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "title": "Source Port and Transport", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "3", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "title": "ASA Firewall Events Over Time", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "title": "Source Port and Transport", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "ASA Events Over Time [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100, + "filter": true + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "4", - "w": 24, - "x": 24, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "title": "ASA Flows by Network Bytes", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "title": "ASA Firewall Events Over Time", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "ASA Flows by Network Bytes [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100, + "filter": true + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "3", + "label": "Total bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total bytes" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 15, - "i": "5", - "w": 12, - "x": 24, - "y": 15 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "title": "Blocked by Source", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "title": "ASA Flows by Network Bytes", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "ASA Firewall Blocked by Source [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": {}, - "gridData": { - "h": 15, - "i": "8", - "w": 12, - "x": 36, - "y": 15 - }, - "panelIndex": "8", - "panelRefName": "panel_5", - "title": "Top ACL by Blocked", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "9", - "w": 48, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "9", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Cisco] ASA Firewall", - "version": 1 - }, - "id": "cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 24, + "y": 15 }, - { - "id": "cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5", + "title": "Blocked by Source", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "ASA Top ACL by Blocked [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ACL ID", + "field": "cisco.asa.rule_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.outcome:\"deny\"" + } + } + } + } }, - { - "id": "cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "8", + "w": 12, + "x": 36, + "y": 15 }, - { - "id": "cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295", - "name": "panel_4", - "type": "visualization" + "panelIndex": "8", + "title": "Top ACL by Blocked", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "Top ASA Messages [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ID", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Severity", + "field": "log.level", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Sample message", + "field": "event.original", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 12, + "i": "9", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "9", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco] ASA Firewall", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 1fa1f62ad93..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.outcome:\"deny\"" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Top ACL by Blocked [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ACL ID", - "field": "cisco.asa.rule_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "ASA Top ACL by Blocked [Cisco]", - "type": "table" - } - }, - "id": "cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index f4a51ede5d4..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Port and Transport [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Destination Port and Transport [Cisco]", - "type": "pie" - } - }, - "id": "cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 01e0a561836..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Source Port and Transport [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Source Port and Transport [Cisco]", - "type": "pie" - } - }, - "id": "cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index d5cdb5af85f..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Flows by Network Bytes [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "3", - "label": "Total bytes" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Total bytes" - }, - "type": "value" - } - ] - }, - "title": "ASA Flows by Network Bytes [Cisco]", - "type": "histogram" - } - }, - "id": "cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 4711e2a90a7..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Events Over Time [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "ASA Events Over Time [Cisco]", - "type": "histogram" - } - }, - "id": "cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index f8e790856f0..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Firewall Blocked by Source [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "ASA Firewall Blocked by Source [Cisco]", - "type": "table" - } - }, - "id": "cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index e43aad55aa9..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top ASA Messages [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 1, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ID", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "aggregate": "concat", - "customLabel": "Severity", - "field": "log.level", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Sample message", - "field": "event.original", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top ASA Messages [Cisco]", - "type": "table" - } - }, - "id": "cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 3cf79f3b03b601fe89110639ca23709910b9765e Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 14:47:18 +0530 Subject: [PATCH 009/103] migrate cisco_duo by_value --- ...-6b585210-0faa-11ec-8b4b-67126a72b1d4.json | 596 ++++-- ...-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json | 377 +++- ...-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json | 1661 +++++++++++------ ...-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json | 781 ++++++-- ...-158c0e80-148c-11ec-9386-31989719f9db.json | 117 -- ...-10edf670-1088-11ec-8b4b-67126a72b1d4.json | 75 - ...-1952e300-1085-11ec-8b4b-67126a72b1d4.json | 74 - ...-1b1c61d0-0fa8-11ec-8b4b-67126a72b1d4.json | 79 - ...-1e9e23a0-0faa-11ec-8b4b-67126a72b1d4.json | 79 - ...-2c710c70-0fbb-11ec-8b4b-67126a72b1d4.json | 90 - ...-2e81b860-1089-11ec-8b4b-67126a72b1d4.json | 85 - ...-315d3b40-0fdf-11ec-8b4b-67126a72b1d4.json | 87 - ...-32c97410-0fa0-11ec-8b4b-67126a72b1d4.json | 79 - ...-3c0a89a0-0fba-11ec-8b4b-67126a72b1d4.json | 90 - ...-43e47440-0fb7-11ec-8b4b-67126a72b1d4.json | 92 - ...-66ca2220-0fd0-11ec-8b4b-67126a72b1d4.json | 198 -- ...-6872e680-1088-11ec-8b4b-67126a72b1d4.json | 75 - ...-692d5e20-0fde-11ec-8b4b-67126a72b1d4.json | 87 - ...-7633dff0-0fd3-11ec-8b4b-67126a72b1d4.json | 105 -- ...-7a1ff1c0-0fd4-11ec-8b4b-67126a72b1d4.json | 100 - ...-8342fad0-0fa8-11ec-8b4b-67126a72b1d4.json | 79 - ...-8e8d9a00-0fd8-11ec-8b4b-67126a72b1d4.json | 106 -- ...-9818eda0-1063-11ec-8b4b-67126a72b1d4.json | 90 - ...-c228b5c0-1087-11ec-8b4b-67126a72b1d4.json | 75 - ...-d1ba6030-1085-11ec-8b4b-67126a72b1d4.json | 75 - ...-dfdd2050-0fde-11ec-8b4b-67126a72b1d4.json | 92 - ...-e2482680-0fd6-11ec-8b4b-67126a72b1d4.json | 93 - ...-f14ab7b0-0fd1-11ec-8b4b-67126a72b1d4.json | 100 - ...-f7bdbe50-0fd9-11ec-8b4b-67126a72b1d4.json | 93 - 29 files changed, 2421 insertions(+), 3309 deletions(-) delete mode 100644 packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-10edf670-1088-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-1952e300-1085-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-1b1c61d0-0fa8-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-1e9e23a0-0faa-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-2c710c70-0fbb-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-2e81b860-1089-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-315d3b40-0fdf-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-32c97410-0fa0-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-3c0a89a0-0fba-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-43e47440-0fb7-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-66ca2220-0fd0-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-6872e680-1088-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-692d5e20-0fde-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-7633dff0-0fd3-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-7a1ff1c0-0fd4-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-8342fad0-0fa8-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-8e8d9a00-0fd8-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-9818eda0-1063-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-c228b5c0-1087-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-d1ba6030-1085-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-dfdd2050-0fde-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-e2482680-0fd6-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-f14ab7b0-0fd1-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/visualization/cisco_duo-f7bdbe50-0fd9-11ec-8b4b-67126a72b1d4.json diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json index f3522cf8959..bd71fa8279f 100644 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json @@ -1,167 +1,479 @@ { - "attributes": { - "description": "This dashboard shows summary logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "id": "cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:16:56.550Z", + "version": "WzY1MiwxXQ==", + "attributes": { + "description": "This dashboard shows summary logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_duo.summary" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_duo.summary" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Remaining telephony credits over time", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "f05fb810-0fa8-11ec-8382-e117c2442b42" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "4a31a4d0-81c1-4705-879d-f5d196dacbd2", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_bars": 30, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "94a8c66d-6999-46aa-a647-20789ed9bdc1", + "label": "Remaining telephony credits", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cisco_duo.summary" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cisco_duo.summary" - } - } + "agg_with": "avg", + "field": "cisco_duo.summary.telephony_credits_remaining", + "id": "ef27c46b-0bb7-44cc-b819-331c4abb7798", + "order": "desc", + "order_by": "@timestamp", + "size": 1, + "type": "top_hit" } - ], + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.summary\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true + "gridData": { + "h": 13, + "i": "3b33c381-80ab-4111-ab09-fcc73e3f9a0b", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "3b33c381-80ab-4111-ab09-fcc73e3f9a0b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Admin Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 13, - "i": "3b33c381-80ab-4111-ab09-fcc73e3f9a0b", - "w": 48, - "x": 0, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "3b33c381-80ab-4111-ab09-fcc73e3f9a0b", - "panelRefName": "panel_3b33c381-80ab-4111-ab09-fcc73e3f9a0b", - "type": "visualization", - "version": "7.17.2" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Number of Admin", + "field": "cisco_duo.summary.admin_count", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c", + "w": 12, + "x": 0, + "y": 13 + }, + "panelIndex": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "[Cisco Duo] Number of Integration", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 9, - "i": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c", - "w": 12, - "x": 0, - "y": 13 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c", - "panelRefName": "panel_e6ac6ace-57bd-4d11-b92b-a051cece0d4c", - "type": "visualization", - "version": "7.17.2" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Number of Integrations", + "field": "cisco_duo.summary.integration_count", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "b31e0b4a-7166-421d-bb0a-e02cc3def401", + "w": 12, + "x": 12, + "y": 13 + }, + "panelIndex": "b31e0b4a-7166-421d-bb0a-e02cc3def401", + "title": "[Cisco Duo] Integrations Count", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] User Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 9, - "i": "b31e0b4a-7166-421d-bb0a-e02cc3def401", - "w": 12, - "x": 12, - "y": 13 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "b31e0b4a-7166-421d-bb0a-e02cc3def401", - "panelRefName": "panel_b31e0b4a-7166-421d-bb0a-e02cc3def401", - "title": "[Cisco Duo] Integrations Count", - "type": "visualization", - "version": "7.17.2" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Number of Users", + "field": "cisco_duo.summary.user_count", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "85c0ed49-374f-448d-a9b4-88f4600d6ad8", + "w": 12, + "x": 24, + "y": 13 + }, + "panelIndex": "85c0ed49-374f-448d-a9b4-88f4600d6ad8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Telephony credits remaining", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 9, - "i": "85c0ed49-374f-448d-a9b4-88f4600d6ad8", - "w": 12, - "x": 24, - "y": 13 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "85c0ed49-374f-448d-a9b4-88f4600d6ad8", - "panelRefName": "panel_85c0ed49-374f-448d-a9b4-88f4600d6ad8", - "type": "visualization", - "version": "7.17.2" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "80fb20e4-3445-450f-8b05-bcf29c015d7a", - "w": 12, - "x": 36, - "y": 13 - }, - "panelIndex": "80fb20e4-3445-450f-8b05-bcf29c015d7a", - "panelRefName": "panel_80fb20e4-3445-450f-8b05-bcf29c015d7a", - "type": "visualization", - "version": "7.17.2" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Telephony Credits remaining", + "field": "cisco_duo.summary.telephony_credits_remaining", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Cisco Duo] Summary Logs", - "version": 1 - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "cisco_duo-9818eda0-1063-11ec-8b4b-67126a72b1d4", - "name": "3b33c381-80ab-4111-ab09-fcc73e3f9a0b:panel_3b33c381-80ab-4111-ab09-fcc73e3f9a0b", - "type": "visualization" - }, - { - "id": "cisco_duo-32c97410-0fa0-11ec-8b4b-67126a72b1d4", - "name": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c:panel_e6ac6ace-57bd-4d11-b92b-a051cece0d4c", - "type": "visualization" + } }, - { - "id": "cisco_duo-1b1c61d0-0fa8-11ec-8b4b-67126a72b1d4", - "name": "b31e0b4a-7166-421d-bb0a-e02cc3def401:panel_b31e0b4a-7166-421d-bb0a-e02cc3def401", - "type": "visualization" + "gridData": { + "h": 9, + "i": "80fb20e4-3445-450f-8b05-bcf29c015d7a", + "w": 12, + "x": 36, + "y": 13 }, - { - "id": "cisco_duo-8342fad0-0fa8-11ec-8b4b-67126a72b1d4", - "name": "85c0ed49-374f-448d-a9b4-88f4600d6ad8:panel_85c0ed49-374f-448d-a9b4-88f4600d6ad8", - "type": "visualization" - }, - { - "id": "cisco_duo-1e9e23a0-0faa-11ec-8b4b-67126a72b1d4", - "name": "80fb20e4-3445-450f-8b05-bcf29c015d7a:panel_80fb20e4-3445-450f-8b05-bcf29c015d7a", - "type": "visualization" - } + "panelIndex": "80fb20e4-3445-450f-8b05-bcf29c015d7a", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco Duo] Summary Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b31e0b4a-7166-421d-bb0a-e02cc3def401:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85c0ed49-374f-448d-a9b4-88f4600d6ad8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "80fb20e4-3445-450f-8b05-bcf29c015d7a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.2" } \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json index a313ddcc60a..8c7ef4ec7c9 100644 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json @@ -1,96 +1,313 @@ { - "attributes": { - "description": "This dashboard shows telephony logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:16:56.550Z", + "version": "WzY1MywxXQ==", + "attributes": { + "description": "This dashboard shows telephony logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.telephony\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Telephony credits used by Users", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "row": true, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Telephony credits used by user", + "field": "cisco_duo.telephony.credits" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cisco_duo.telephony.phone_number", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.telephony\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true + "gridData": { + "h": 18, + "i": "4109bbba-072c-4f73-8530-39f86d6b732d", + "w": 25, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "4109bbba-072c-4f73-8530-39f86d6b732d", - "w": 25, - "x": 0, - "y": 0 - }, - "panelIndex": "4109bbba-072c-4f73-8530-39f86d6b732d", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "panelIndex": "4109bbba-072c-4f73-8530-39f86d6b732d", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Telephony credits used by types of telephony event", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "afbddd10-9ee9-4e14-b984-cf15e057b9ce", - "w": 23, - "x": 25, - "y": 0 - }, - "panelIndex": "afbddd10-9ee9-4e14-b984-cf15e057b9ce", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "cisco_duo.telephony.credits" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "fd25e144-12c2-4668-ac09-eadf51b0acfb", - "w": 25, - "x": 0, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "field": "cisco_duo.telephony.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.telephony\"" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "afbddd10-9ee9-4e14-b984-cf15e057b9ce", + "w": 23, + "x": 25, + "y": 0 + }, + "panelIndex": "afbddd10-9ee9-4e14-b984-cf15e057b9ce", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Telephony credits used by telephony type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "cisco_duo.telephony.credits" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "fd25e144-12c2-4668-ac09-eadf51b0acfb", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "cisco_duo.telephony.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.telephony\"" + } + } } - ], - "timeRestore": false, - "title": "[Cisco Duo] Telephony Logs", - "version": 1 - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "cisco_duo-43e47440-0fb7-11ec-8b4b-67126a72b1d4", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "cisco_duo-3c0a89a0-0fba-11ec-8b4b-67126a72b1d4", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "fd25e144-12c2-4668-ac09-eadf51b0acfb", + "w": 25, + "x": 0, + "y": 18 }, - { - "id": "cisco_duo-2c710c70-0fbb-11ec-8b4b-67126a72b1d4", - "name": "panel_2", - "type": "visualization" - } + "panelIndex": "fd25e144-12c2-4668-ac09-eadf51b0acfb", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco Duo] Telephony Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "4109bbba-072c-4f73-8530-39f86d6b732d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "afbddd10-9ee9-4e14-b984-cf15e057b9ce:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd25e144-12c2-4668-ac09-eadf51b0acfb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.2" } \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json index 1bf476a639f..1d31955d084 100644 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json @@ -1,623 +1,1104 @@ { - "attributes": { - "description": "This dashboard shows authentication logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:16:56.550Z", + "version": "WzY1NCwxXQ==", + "attributes": { + "description": "This dashboard shows authentication logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_duo.auth" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_duo.auth" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 180, + "minLat": -85.05113, + "minLon": -180 + }, + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 0.99 + }, + "openTOCDetails": [], + "attributes": { + "title": "[Cisco Duo] Failed Login attempts", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset : \\\"cisco_duo.auth\\\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"zoom\":0.99}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"ce0cde1e-240f-4a56-bc83-60374450e029\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"4e14ab8b-6ac0-4c0d-92e4-56b7074b28f6\",\"includeInFitToBounds\":true,\"label\":\"Failed login attempts\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"768d716e-4cb1-435c-b301-f26d08954838\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]" + } + }, + "gridData": { + "h": 20, + "i": "25031c05-54c2-4d92-a275-1fa3a2bdf399", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "25031c05-54c2-4d92-a275-1fa3a2bdf399", + "type": "map", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Authentication Failed login attempts by Source IP", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": false, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "valueAxis": "" + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "orderBucketsBySum": true, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "5", + "label": "Number of failed attempts" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Number of failed attempts" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Number of failed attempts" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Source IPs", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "5", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Source IPs", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "5", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cisco_duo.auth" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cisco_duo.auth" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true + "gridData": { + "h": 17, + "i": "14cc4daa-2411-4927-be9d-20fc287bd46f", + "w": 24, + "x": 0, + "y": 20 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 180, - "minLat": -85.05113, - "minLon": -180 - }, - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 0.99 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 20, - "i": "25031c05-54c2-4d92-a275-1fa3a2bdf399", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "25031c05-54c2-4d92-a275-1fa3a2bdf399", - "panelRefName": "panel_25031c05-54c2-4d92-a275-1fa3a2bdf399", - "type": "map", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Number of failed attempts" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Source IPs", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "5", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Source IPs", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "5", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"cisco_duo.auth\"" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": false, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "valueAxis": "" - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "orderBucketsBySum": true, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "5", - "label": "Number of failed attempts" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Number of failed attempts" - }, - "type": "value" - } - ] - }, - "title": "", - "type": "histogram", - "uiState": {} - } - }, - "gridData": { - "h": 17, - "i": "14cc4daa-2411-4927-be9d-20fc287bd46f", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "14cc4daa-2411-4927-be9d-20fc287bd46f", - "panelRefName": "panel_14cc4daa-2411-4927-be9d-20fc287bd46f", - "type": "visualization", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "988a5cf4-cba9-4437-9323-fe7f37e2beba", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "988a5cf4-cba9-4437-9323-fe7f37e2beba", - "panelRefName": "panel_988a5cf4-cba9-4437-9323-fe7f37e2beba", - "type": "visualization", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "410d1a65-1a7a-4680-95a9-1ecac80433b2", - "w": 24, - "x": 0, - "y": 37 - }, - "panelIndex": "410d1a65-1a7a-4680-95a9-1ecac80433b2", - "panelRefName": "panel_410d1a65-1a7a-4680-95a9-1ecac80433b2", - "type": "visualization", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", - "w": 24, - "x": 24, - "y": 37 - }, - "panelIndex": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", - "panelRefName": "panel_f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", - "type": "visualization", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "90ee91c4-ebe8-4a2e-898b-e3492f302162", - "w": 24, - "x": 0, - "y": 54 - }, - "panelIndex": "90ee91c4-ebe8-4a2e-898b-e3492f302162", - "panelRefName": "panel_90ee91c4-ebe8-4a2e-898b-e3492f302162", - "type": "visualization", - "version": "7.17.2" + "panelIndex": "14cc4daa-2411-4927-be9d-20fc287bd46f", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Login Attempts by OS", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", - "w": 24, - "x": 24, - "y": 54 - }, - "panelIndex": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", - "panelRefName": "panel_d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", - "type": "visualization", - "version": "7.17.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": true, + "palette": { + "name": "default", + "type": "palette" + }, + "row": true, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 17, - "i": "2c3d7bcf-27ad-4fa0-9db2-a19282133333", - "w": 24, - "x": 0, - "y": 71 + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.os.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "2c3d7bcf-27ad-4fa0-9db2-a19282133333", - "panelRefName": "panel_2c3d7bcf-27ad-4fa0-9db2-a19282133333", - "type": "visualization", - "version": "7.17.2" + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.os.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 17, + "i": "988a5cf4-cba9-4437-9323-fe7f37e2beba", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "988a5cf4-cba9-4437-9323-fe7f37e2beba", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Top 10 Failed login attempts by username", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "", - "field": "cisco_duo.auth.access_device.is_firewall_enabled", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - } - }, - "gridData": { - "h": 17, - "i": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", - "w": 24, - "x": 24, - "y": 71 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Number of failed attempts" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", - "panelRefName": "panel_42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", - "type": "visualization", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.auth.access_device.is_password_set", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.auth\"" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Username", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } } - }, - "gridData": { - "h": 15, - "i": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff", - "w": 24, - "x": 0, - "y": 88 - }, - "panelIndex": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff", - "panelRefName": "panel_bbabe39a-d588-40c3-81d5-fcfe6448b0ff", - "type": "visualization", - "version": "7.17.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Cisco Duo] Authentication Logs", - "version": 1 - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "cisco_duo-158c0e80-148c-11ec-9386-31989719f9db", - "name": "25031c05-54c2-4d92-a275-1fa3a2bdf399:panel_25031c05-54c2-4d92-a275-1fa3a2bdf399", - "type": "map" + "gridData": { + "h": 17, + "i": "410d1a65-1a7a-4680-95a9-1ecac80433b2", + "w": 24, + "x": 0, + "y": 37 }, - { - "id": "cisco_duo-66ca2220-0fd0-11ec-8b4b-67126a72b1d4", - "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:panel_14cc4daa-2411-4927-be9d-20fc287bd46f", - "type": "visualization" + "panelIndex": "410d1a65-1a7a-4680-95a9-1ecac80433b2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Top 10 successful login attempts by Application name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Successful Login attempts" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Application Name", + "field": "cisco_duo.auth.application.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.outcome", + "negate": false, + "params": { + "query": "success" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "success" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "logs-*", - "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" + "gridData": { + "h": 17, + "i": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", + "w": 24, + "x": 24, + "y": 37 }, - { - "id": "logs-*", - "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Failed login attempts by reason over time", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "d8f092a5-ae66-4065-b008-32c860c6981a", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.auth\" and event.outcome : \"failure\"" + }, + "formatter": "number", + "id": "28cb790c-2e1a-4805-84aa-1ed88babbed1", + "label": "", + "line_width": 1, + "metrics": [ + { + "id": "14432c40-0fd5-11ec-921c-81166521206e", + "type": "count" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.auth\"" + }, + "id": "f284b6f0-0fd4-11ec-921c-81166521206e", + "label": "" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "event.reason", + "terms_size": "100", + "time_range_mode": "entire_time_range", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_duo-7633dff0-0fd3-11ec-8b4b-67126a72b1d4", - "name": "988a5cf4-cba9-4437-9323-fe7f37e2beba:panel_988a5cf4-cba9-4437-9323-fe7f37e2beba", - "type": "visualization" + "gridData": { + "h": 17, + "i": "90ee91c4-ebe8-4a2e-898b-e3492f302162", + "w": 24, + "x": 0, + "y": 54 }, - { - "id": "cisco_duo-f14ab7b0-0fd1-11ec-8b4b-67126a72b1d4", - "name": "410d1a65-1a7a-4680-95a9-1ecac80433b2:panel_410d1a65-1a7a-4680-95a9-1ecac80433b2", - "type": "visualization" + "panelIndex": "90ee91c4-ebe8-4a2e-898b-e3492f302162", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Login attempts by authentication factor", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "row": true, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Factor of authentication", + "field": "cisco_duo.auth.factor", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Others", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_duo-7a1ff1c0-0fd4-11ec-8b4b-67126a72b1d4", - "name": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547:panel_f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", - "type": "visualization" + "gridData": { + "h": 17, + "i": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", + "w": 24, + "x": 24, + "y": 54 }, - { - "id": "cisco_duo-e2482680-0fd6-11ec-8b4b-67126a72b1d4", - "name": "90ee91c4-ebe8-4a2e-898b-e3492f302162:panel_90ee91c4-ebe8-4a2e-898b-e3492f302162", - "type": "visualization" + "panelIndex": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Encryption enabled in user devices", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Username", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cisco_duo.auth.access_device.is_encryption_enabled", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_duo-8e8d9a00-0fd8-11ec-8b4b-67126a72b1d4", - "name": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae:panel_d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", - "type": "visualization" + "gridData": { + "h": 17, + "i": "2c3d7bcf-27ad-4fa0-9db2-a19282133333", + "w": 24, + "x": 0, + "y": 71 }, - { - "id": "cisco_duo-692d5e20-0fde-11ec-8b4b-67126a72b1d4", - "name": "2c3d7bcf-27ad-4fa0-9db2-a19282133333:panel_2c3d7bcf-27ad-4fa0-9db2-a19282133333", - "type": "visualization" + "panelIndex": "2c3d7bcf-27ad-4fa0-9db2-a19282133333", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Firewall enabled in user devices", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Username", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "field": "cisco_duo.auth.access_device.is_firewall_enabled", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_duo-dfdd2050-0fde-11ec-8b4b-67126a72b1d4", - "name": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9:panel_42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", - "type": "visualization" + "gridData": { + "h": 17, + "i": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", + "w": 24, + "x": 24, + "y": 71 }, - { - "id": "logs-*", - "name": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" + "panelIndex": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Password set in user devices", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Username", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cisco_duo.auth.access_device.is_password_set", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_duo-315d3b40-0fdf-11ec-8b4b-67126a72b1d4", - "name": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff:panel_bbabe39a-d588-40c3-81d5-fcfe6448b0ff", - "type": "visualization" + "gridData": { + "h": 15, + "i": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff", + "w": 24, + "x": 0, + "y": 88 }, - { - "id": "logs-*", - "name": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } + "panelIndex": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco Duo] Authentication Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "25031c05-54c2-4d92-a275-1fa3a2bdf399:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "988a5cf4-cba9-4437-9323-fe7f37e2beba:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "410d1a65-1a7a-4680-95a9-1ecac80433b2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "410d1a65-1a7a-4680-95a9-1ecac80433b2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2c3d7bcf-27ad-4fa0-9db2-a19282133333:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.2" } \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json index 0669d8720a5..a102b85c423 100644 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json @@ -1,210 +1,627 @@ { - "attributes": { - "description": "This dashboard shows offline enrollment logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cisco_duo.offline_enrollment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cisco_duo.offline_enrollment" - } - } - } + "id": "cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:16:56.550Z", + "version": "WzY1NSwxXQ==", + "attributes": { + "description": "This dashboard shows offline enrollment logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_duo.offline_enrollment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_duo.offline_enrollment" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Unique integration count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique integration count", + "field": "cisco_duo.offline_enrollment.object" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true + "gridData": { + "h": 15, + "i": "9e1a3121-6df9-41a0-b167-3f837016650a", + "w": 9, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "9e1a3121-6df9-41a0-b167-3f837016650a", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Unique action count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 15, - "i": "9e1a3121-6df9-41a0-b167-3f837016650a", - "w": 9, - "x": 0, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "9e1a3121-6df9-41a0-b167-3f837016650a", - "panelRefName": "panel_9e1a3121-6df9-41a0-b167-3f837016650a", - "type": "visualization", - "version": "7.17.2" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", - "w": 9, - "x": 9, - "y": 0 - }, - "panelIndex": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", - "panelRefName": "panel_fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", - "type": "visualization", - "version": "7.17.2" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique action count", + "field": "cisco_duo.offline_enrollment.action" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", + "w": 9, + "x": 9, + "y": 0 + }, + "panelIndex": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Cisco Duo] Factor used for offline enrollment", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "73433d45-2afb-45aa-b823-e048841115c2", - "w": 12, - "x": 18, - "y": 0 - }, - "panelIndex": "73433d45-2afb-45aa-b823-e048841115c2", - "panelRefName": "panel_73433d45-2afb-45aa-b823-e048841115c2", - "type": "visualization", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Factor", + "field": "cisco_duo.offline_enrollment.description.factor", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "73433d45-2afb-45aa-b823-e048841115c2", + "w": 12, + "x": 18, + "y": 0 + }, + "panelIndex": "73433d45-2afb-45aa-b823-e048841115c2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Unique user count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 15, - "i": "a0546004-8d4b-444d-af9d-23a249df93e3", - "w": 9, - "x": 30, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "a0546004-8d4b-444d-af9d-23a249df93e3", - "panelRefName": "panel_a0546004-8d4b-444d-af9d-23a249df93e3", - "type": "visualization", - "version": "7.17.2" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb", - "panelRefName": "panel_68f7d41f-43dd-49d6-88ac-afa36a19ebeb", - "type": "visualization", - "version": "7.17.2" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique user count", + "field": "cisco_duo.offline_enrollment.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a0546004-8d4b-444d-af9d-23a249df93e3", + "w": 9, + "x": 30, + "y": 0 + }, + "panelIndex": "a0546004-8d4b-444d-af9d-23a249df93e3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Top 10 Offline Enrollment actions", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Action", + "field": "cisco_duo.offline_enrollment.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 15, - "i": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3", - "w": 9, - "x": 39, - "y": 0 - }, - "panelIndex": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3", - "panelRefName": "panel_cc8c06d5-4825-4b25-9d69-e6fec23d07b3", - "type": "visualization", - "version": "7.17.2" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Number of unique hosts", + "field": "cisco_duo.offline_enrollment.description.hostname" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 17, - "i": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Number of unique integrations", + "field": "cisco_duo.offline_enrollment.object" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198", - "panelRefName": "panel_91d1ac3b-5cec-4e60-9179-18aaf7ce6198", - "type": "visualization", - "version": "7.17.2" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total count of action execution" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Cisco Duo] Offline Enrollment Logs", - "version": 1 - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "cisco_duo-10edf670-1088-11ec-8b4b-67126a72b1d4", - "name": "9e1a3121-6df9-41a0-b167-3f837016650a:panel_9e1a3121-6df9-41a0-b167-3f837016650a", - "type": "visualization" + "gridData": { + "h": 17, + "i": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "cisco_duo-d1ba6030-1085-11ec-8b4b-67126a72b1d4", - "name": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536:panel_fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", - "type": "visualization" - }, - { - "id": "cisco_duo-2e81b860-1089-11ec-8b4b-67126a72b1d4", - "name": "73433d45-2afb-45aa-b823-e048841115c2:panel_73433d45-2afb-45aa-b823-e048841115c2", - "type": "visualization" + "panelIndex": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Unique hostname count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique hostname count", + "field": "cisco_duo.offline_enrollment.description.hostname" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_duo-6872e680-1088-11ec-8b4b-67126a72b1d4", - "name": "a0546004-8d4b-444d-af9d-23a249df93e3:panel_a0546004-8d4b-444d-af9d-23a249df93e3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3", + "w": 9, + "x": 39, + "y": 0 }, - { - "id": "cisco_duo-f7bdbe50-0fd9-11ec-8b4b-67126a72b1d4", - "name": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb:panel_68f7d41f-43dd-49d6-88ac-afa36a19ebeb", - "type": "visualization" + "panelIndex": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Cisco Duo] Top 10 Offline Enrollment Actions by user", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Username", + "field": "cisco_duo.offline_enrollment.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Action", + "field": "cisco_duo.offline_enrollment.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_duo-c228b5c0-1087-11ec-8b4b-67126a72b1d4", - "name": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3:panel_cc8c06d5-4825-4b25-9d69-e6fec23d07b3", - "type": "visualization" + "gridData": { + "h": 17, + "i": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "cisco_duo-1952e300-1085-11ec-8b4b-67126a72b1d4", - "name": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198:panel_91d1ac3b-5cec-4e60-9179-18aaf7ce6198", - "type": "visualization" - } + "panelIndex": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco Duo] Offline Enrollment Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "9e1a3121-6df9-41a0-b167-3f837016650a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "73433d45-2afb-45aa-b823-e048841115c2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a0546004-8d4b-444d-af9d-23a249df93e3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.2" } \ No newline at end of file diff --git a/packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json b/packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json deleted file mode 100644 index 5fba1321533..00000000000 --- a/packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "ce0cde1e-240f-4a56-bc83-60374450e029", - "includeInFitToBounds": true, - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": { - "type": "TILE" - }, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "4e14ab8b-6ac0-4c0d-92e4-56b7074b28f6", - "includeInFitToBounds": true, - "label": "Failed login attempts", - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "applyGlobalQuery": true, - "applyGlobalTime": true, - "geoField": "source.geo.location", - "id": "768d716e-4cb1-435c-b301-f26d08954838", - "indexPatternRefName": "layer_1_source_index_pattern", - "metrics": [ - { - "type": "count" - } - ], - "requestType": "heatmap", - "resolution": "COARSE", - "type": "ES_GEO_GRID" - }, - "style": { - "colorRampName": "theclassic", - "type": "HEATMAP" - }, - "type": "HEATMAP", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 19.94277, - "lon": 0 - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_duo.auth\"" - }, - "refreshConfig": { - "interval": 0, - "isPaused": true - }, - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "browserLocation": { - "zoom": 2 - }, - "disableInteractive": false, - "disableTooltipControl": false, - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "hideLayerControl": false, - "hideToolbarOverlay": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - }, - "timeFilters": { - "from": "now-15m", - "to": "now" - }, - "zoom": 0.99 - }, - "title": "[Cisco Duo] Failed Login attempts", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-158c0e80-148c-11ec-9386-31989719f9db", - "migrationVersion": { - "map": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-10edf670-1088-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-10edf670-1088-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 721ab5e42cd..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-10edf670-1088-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Unique integration count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique integration count", - "field": "cisco_duo.offline_enrollment.object" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] Unique integration count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-10edf670-1088-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-1952e300-1085-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-1952e300-1085-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 39e327d66f7..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-1952e300-1085-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Top 10 Offline Enrollment Actions by user", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "cisco_duo.offline_enrollment.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Action", - "field": "cisco_duo.offline_enrollment.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Cisco Duo] Top 10 Offline Enrollment Actions by user", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-1952e300-1085-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-1b1c61d0-0fa8-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-1b1c61d0-0fa8-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index dffe1d6a2f3..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-1b1c61d0-0fa8-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Number of Integration", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Number of Integrations", - "field": "cisco_duo.summary.integration_count", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] Number of Integration", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-1b1c61d0-0fa8-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-1e9e23a0-0faa-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-1e9e23a0-0faa-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 61947bf865f..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-1e9e23a0-0faa-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Telephony credits remaining", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Telephony Credits remaining", - "field": "cisco_duo.summary.telephony_credits_remaining", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] Telephony credits remaining", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-1e9e23a0-0faa-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-2c710c70-0fbb-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-2c710c70-0fbb-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index c549c8ad292..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-2c710c70-0fbb-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" - } - } - }, - "title": "[Cisco Duo] Telephony credits used by telephony type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cisco_duo.telephony.credits" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.telephony.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Telephony credits used by telephony type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-2c710c70-0fbb-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-2e81b860-1089-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-2e81b860-1089-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 3c3d300ef53..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-2e81b860-1089-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Factor used for offline enrollment", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Factor", - "field": "cisco_duo.offline_enrollment.description.factor", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Factor used for offline enrollment", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-2e81b860-1089-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-315d3b40-0fdf-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-315d3b40-0fdf-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index fec2561556c..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-315d3b40-0fdf-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Password set in user devices", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.auth.access_device.is_password_set", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Password set in user devices", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-315d3b40-0fdf-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-32c97410-0fa0-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-32c97410-0fa0-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 844af7bbdbb..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-32c97410-0fa0-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Admin Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Number of Admin", - "field": "cisco_duo.summary.admin_count", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] Admin Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-32c97410-0fa0-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-3c0a89a0-0fba-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-3c0a89a0-0fba-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 770f0c79309..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-3c0a89a0-0fba-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" - } - } - }, - "title": "[Cisco Duo] Telephony credits used by types of telephony event", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cisco_duo.telephony.credits" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.telephony.event_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Telephony credits used by types of telephony event", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-3c0a89a0-0fba-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-43e47440-0fb7-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-43e47440-0fb7-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 2a1b54c7e68..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-43e47440-0fb7-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" - } - } - }, - "title": "[Cisco Duo] Telephony credits used by Users", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Telephony credits used by user", - "field": "cisco_duo.telephony.credits" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.telephony.phone_number", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Telephony credits used by Users", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-43e47440-0fb7-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-66ca2220-0fd0-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-66ca2220-0fd0-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index e0f037289c4..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-66ca2220-0fd0-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,198 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Authentication Failed login attempts by Source IP", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Number of failed attempts" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Source IPs", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "5", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Source IPs", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "5", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": false, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "valueAxis": "" - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "orderBucketsBySum": true, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "5", - "label": "Number of failed attempts" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Number of failed attempts" - }, - "type": "value" - } - ] - }, - "title": "[Cisco Duo] Authentication Failed login attempts by Source IP", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-66ca2220-0fd0-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-6872e680-1088-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-6872e680-1088-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index a403fa687d2..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-6872e680-1088-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Unique user count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique user count", - "field": "cisco_duo.offline_enrollment.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] Unique user count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-6872e680-1088-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-692d5e20-0fde-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-692d5e20-0fde-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 2bc563ac8cd..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-692d5e20-0fde-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Encryption enabled in user devices", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.auth.access_device.is_encryption_enabled", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Encryption enabled in user devices", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-692d5e20-0fde-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-7633dff0-0fd3-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-7633dff0-0fd3-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 547b8df40dc..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-7633dff0-0fd3-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Login Attempts by OS", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.os.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "user_agent.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": true, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Login Attempts by OS", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-7633dff0-0fd3-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-7a1ff1c0-0fd4-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-7a1ff1c0-0fd4-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index dfd52ab59f2..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-7a1ff1c0-0fd4-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.outcome", - "negate": false, - "params": { - "query": "success" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "success" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Top 10 successful login attempts by Application name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Successful Login attempts" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Application Name", - "field": "cisco_duo.auth.application.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Cisco Duo] Top 10 successful login attempts by Application name", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-7a1ff1c0-0fd4-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-8342fad0-0fa8-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-8342fad0-0fa8-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 5bf35513bd1..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-8342fad0-0fa8-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] User Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Number of Users", - "field": "cisco_duo.summary.user_count", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] User Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-8342fad0-0fa8-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-8e8d9a00-0fd8-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-8e8d9a00-0fd8-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 8eff3083203..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-8e8d9a00-0fd8-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Login attempts by authentication factor", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 2 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Factor of authentication", - "field": "cisco_duo.auth.factor", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Others", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Login attempts by authentication factor", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-8e8d9a00-0fd8-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-9818eda0-1063-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-9818eda0-1063-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 2f8f9d2abbd..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-9818eda0-1063-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.summary\"" - } - } - }, - "title": "[Cisco Duo] Remaining telephony credits over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "gauge_color_rules": [ - { - "id": "f05fb810-0fa8-11ec-8382-e117c2442b42" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "4a31a4d0-81c1-4705-879d-f5d196dacbd2", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_bars": 30, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "94a8c66d-6999-46aa-a647-20789ed9bdc1", - "label": "Remaining telephony credits", - "line_width": 1, - "metrics": [ - { - "agg_with": "avg", - "field": "cisco_duo.summary.telephony_credits_remaining", - "id": "ef27c46b-0bb7-44cc-b819-331c4abb7798", - "order": "desc", - "order_by": "@timestamp", - "size": 1, - "type": "top_hit" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": true - }, - "title": "[Cisco Duo] Remaining telephony credits over time", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-9818eda0-1063-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-c228b5c0-1087-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-c228b5c0-1087-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 3d1276628be..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-c228b5c0-1087-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Unique hostname count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique hostname count", - "field": "cisco_duo.offline_enrollment.description.hostname" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] Unique hostname count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-c228b5c0-1087-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-d1ba6030-1085-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-d1ba6030-1085-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 51446a792df..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-d1ba6030-1085-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Unique action count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique action count", - "field": "cisco_duo.offline_enrollment.action" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Cisco Duo] Unique action count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-d1ba6030-1085-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-dfdd2050-0fde-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-dfdd2050-0fde-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index ff35d103708..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-dfdd2050-0fde-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Firewall enabled in user devices", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "", - "field": "cisco_duo.auth.access_device.is_firewall_enabled", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Cisco Duo] Firewall enabled in user devices", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-dfdd2050-0fde-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-e2482680-0fd6-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-e2482680-0fd6-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 1cc29d6131e..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-e2482680-0fd6-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Failed login attempts by reason over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "d8f092a5-ae66-4065-b008-32c860c6981a", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.auth\" and event.outcome : \"failure\"" - }, - "formatter": "number", - "id": "28cb790c-2e1a-4805-84aa-1ed88babbed1", - "label": "", - "line_width": 1, - "metrics": [ - { - "id": "14432c40-0fd5-11ec-921c-81166521206e", - "type": "count" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.auth\"" - }, - "id": "f284b6f0-0fd4-11ec-921c-81166521206e", - "label": "" - } - ], - "split_mode": "terms", - "stacked": "none", - "terms_field": "event.reason", - "terms_size": "100", - "time_range_mode": "entire_time_range", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": true - }, - "title": "[Cisco Duo] Failed login attempts by reason over time", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-e2482680-0fd6-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-f14ab7b0-0fd1-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-f14ab7b0-0fd1-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 3b99e42eef3..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-f14ab7b0-0fd1-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Top 10 Failed login attempts by username", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Number of failed attempts" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Username", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Cisco Duo] Top 10 Failed login attempts by username", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-f14ab7b0-0fd1-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/visualization/cisco_duo-f7bdbe50-0fd9-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/visualization/cisco_duo-f7bdbe50-0fd9-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 7d618e1a916..00000000000 --- a/packages/cisco_duo/kibana/visualization/cisco_duo-f7bdbe50-0fd9-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Cisco Duo] Top 10 Offline Enrollment actions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Action", - "field": "cisco_duo.offline_enrollment.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Number of unique hosts", - "field": "cisco_duo.offline_enrollment.description.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Number of unique integrations", - "field": "cisco_duo.offline_enrollment.object" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total count of action execution" - }, - "schema": "metric", - "type": "count" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Cisco Duo] Top 10 Offline Enrollment actions", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.2", - "id": "cisco_duo-f7bdbe50-0fd9-11ec-8b4b-67126a72b1d4", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From 79b00a784919d633d3d4b71ea3b4728b48634ab7 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 15:00:09 +0530 Subject: [PATCH 010/103] migrate cisco_ise to by_value --- ...-04d54380-a100-11ec-a0a2-1598702abf83.json | 623 ++++-- ...-1eaf5e30-a114-11ec-a0a2-1598702abf83.json | 462 ++-- ...-2506b030-a100-11ec-a0a2-1598702abf83.json | 508 +++-- ...-92227880-a0ff-11ec-a0a2-1598702abf83.json | 1414 ++++++++++--- ...-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json | 1880 +++++++++++++---- ...-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json | 1052 ++++++--- ...-d320a780-a0ff-11ec-a0a2-1598702abf83.json | 743 +++++-- ...-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json | 247 ++- ...-012b7990-a0f9-11ec-a0a2-1598702abf83.json | 149 -- ...-027d6310-a0fb-11ec-a0a2-1598702abf83.json | 71 - ...-050c3630-a0f9-11ec-a0a2-1598702abf83.json | 89 - ...-06ba9790-a0fb-11ec-a0a2-1598702abf83.json | 71 - ...-0750e560-a2c2-11ec-a0a2-1598702abf83.json | 77 - ...-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json | 149 -- ...-0b577980-a2c2-11ec-a0a2-1598702abf83.json | 34 - ...-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json | 71 - ...-2228ff30-a2c2-11ec-a0a2-1598702abf83.json | 85 - ...-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json | 85 - ...-3153bf90-a2c2-11ec-a0a2-1598702abf83.json | 85 - ...-34024e70-a0f9-11ec-a0a2-1598702abf83.json | 71 - ...-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json | 71 - ...-581310d0-a0fc-11ec-a0a2-1598702abf83.json | 71 - ...-59f3a390-a0ef-11ec-a0a2-1598702abf83.json | 82 - ...-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json | 78 - ...-61fad860-a0ef-11ec-a0a2-1598702abf83.json | 78 - ...-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json | 85 - ...-65d46910-a0ef-11ec-a0a2-1598702abf83.json | 79 - ...-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json | 71 - ...-6d984060-a0fc-11ec-a0a2-1598702abf83.json | 85 - ...-6e302580-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-73fafee0-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-78c07630-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-80d71450-a0fa-11ec-a0a2-1598702abf83.json | 149 -- ...-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json | 149 -- ...-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json | 71 - ...-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json | 149 -- ...-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json | 85 - ...-8dad8470-a0fa-11ec-a0a2-1598702abf83.json | 85 - ...-941348d0-a0fb-11ec-a0a2-1598702abf83.json | 90 - ...-944f35d0-a0fa-11ec-a0a2-1598702abf83.json | 85 - ...-984ddab0-a0fa-11ec-a0a2-1598702abf83.json | 85 - ...-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json | 85 - ...-9fe20260-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-a3da4930-a0fb-11ec-a0a2-1598702abf83.json | 89 - ...-af96b550-a502-11ec-ab9d-4b8e737a22d9.json | 89 - ...-b4f66430-a0f9-11ec-a0a2-1598702abf83.json | 71 - ...-b963a960-a0f9-11ec-a0a2-1598702abf83.json | 71 - ...-bee544c0-a0f9-11ec-a0a2-1598702abf83.json | 85 - ...-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-d6278da0-a0f9-11ec-a0a2-1598702abf83.json | 85 - ...-e419b180-a0fa-11ec-a0a2-1598702abf83.json | 85 - ...-e959b000-a0fa-11ec-a0a2-1598702abf83.json | 85 - ...-f03a5110-a0f8-11ec-a0a2-1598702abf83.json | 71 - ...-f0977a50-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json | 89 - ...-f5a39790-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-f8c64640-a0f8-11ec-a0a2-1598702abf83.json | 71 - ...-fb519a20-a0fa-11ec-a0a2-1598702abf83.json | 71 - ...-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json | 71 - ...-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json | 85 - 61 files changed, 5185 insertions(+), 6200 deletions(-) delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json delete mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json index 93747f39dc9..acd6549f2e9 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json @@ -1,213 +1,450 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_ise.log.category.name", - "negate": false, - "params": [ - "CISE_Internal_Operations_Diagnostics", - "CISE_Threat_Centric_NAC" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Internal_Operations_Diagnostics" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Threat_Centric_NAC" - } - } - ] - } - } + "id": "cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY3OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Internal_Operations_Diagnostics", + "CISE_Threat_Centric_NAC" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Internal_Operations_Diagnostics" } - ], - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Threat_Centric_NAC" + } + } + ] + } } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "9bd4d444-de17-43de-beb0-89d4d4ecc187", + "w": 48, + "x": 0, + "y": 45 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "9bd4d444-de17-43de-beb0-89d4d4ecc187", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "9bd4d444-de17-43de-beb0-89d4d4ecc187", - "panelRefName": "panel_0", - "title": "System Diagnostics Log Stream for Threat Centric NAC [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + "panelIndex": "9bd4d444-de17-43de-beb0-89d4d4ecc187", + "panelRefName": "panel_0", + "title": "System Diagnostics Log Stream for Threat Centric NAC [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Adapter Instance Name for Threat Centric NAC [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "3d8fa06f-bd70-438d-bbcb-778dc278d228", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "3d8fa06f-bd70-438d-bbcb-778dc278d228", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "7dd60577-882f-4428-adf4-9ec7048032dc", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "7dd60577-882f-4428-adf4-9ec7048032dc", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "db158b71-11fd-4950-b0e4-e9e4893aaebb", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "db158b71-11fd-4950-b0e4-e9e4893aaebb", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Adapter Instance Name", + "field": "cisco_ise.log.adapter_instance.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3d8fa06f-bd70-438d-bbcb-778dc278d228", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3d8fa06f-bd70-438d-bbcb-778dc278d228", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Threat Centric NAC by Connectivity [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "c6007a66-0f97-4948-a6f9-313a47c00f42", - "w": 24, - "x": 24, - "y": 0 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "c6007a66-0f97-4948-a6f9-313a47c00f42", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Connectivity", + "field": "cisco_ise.log.connectivity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7dd60577-882f-4428-adf4-9ec7048032dc", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "7dd60577-882f-4428-adf4-9ec7048032dc", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Logger Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "1a99a183-dc6e-4412-8d81-46f53eb295f5", - "w": 48, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "1a99a183-dc6e-4412-8d81-46f53eb295f5", - "panelRefName": "panel_5", - "title": "System Diagnostics Log Stream for Internal Operations Diagnostics [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Logger Name", + "field": "cisco_ise.log.logger.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] System Diagnostics", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "search" + "gridData": { + "h": 15, + "i": "db158b71-11fd-4950-b0e4-e9e4893aaebb", + "w": 24, + "x": 0, + "y": 0 }, - { - "id": "cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" + "panelIndex": "db158b71-11fd-4950-b0e4-e9e4893aaebb", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Threat Centric NAC by Status [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Status", + "field": "cisco_ise.log.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "c6007a66-0f97-4948-a6f9-313a47c00f42", + "w": 24, + "x": 24, + "y": 0 }, - { - "id": "cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83", - "name": "panel_3", - "type": "visualization" + "panelIndex": "c6007a66-0f97-4948-a6f9-313a47c00f42", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "1a99a183-dc6e-4412-8d81-46f53eb295f5", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9", - "name": "panel_5", - "type": "search" - } + "panelIndex": "1a99a183-dc6e-4412-8d81-46f53eb295f5", + "panelRefName": "panel_5", + "title": "System Diagnostics Log Stream for Internal Operations Diagnostics [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco ISE] System Diagnostics", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" + }, + { + "id": "cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9", + "name": "panel_5", + "type": "search" + }, + { + "type": "index-pattern", + "name": "3d8fa06f-bd70-438d-bbcb-778dc278d228:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7dd60577-882f-4428-adf4-9ec7048032dc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "db158b71-11fd-4950-b0e4-e9e4893aaebb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c6007a66-0f97-4948-a6f9-313a47c00f42:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json index 5bb7ac4b744..0f521a729b5 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json @@ -1,155 +1,341 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_ise.log.category.name", - "negate": false, - "params": { - "query": "CISE_Posture_and_Client_Provisioning_Audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Posture_and_Client_Provisioning_Audit" - } - } - } - ], + "id": "cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY3OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_Posture_and_Client_Provisioning_Audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Posture_and_Client_Provisioning_Audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Admin Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Admin Name", + "field": "client.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 14, + "i": "22a9db51-a883-4947-b41b-2c06ce7e492e", + "w": 16, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "22a9db51-a883-4947-b41b-2c06ce7e492e", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "22a9db51-a883-4947-b41b-2c06ce7e492e", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 14, - "i": "03ebbffc-5648-4560-9510-5f27f7c59da9", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "03ebbffc-5648-4560-9510-5f27f7c59da9", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "22a9db51-a883-4947-b41b-2c06ce7e492e", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Operation Status [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "ca7116cf-93be-4a75-99e2-3ee133c367aa", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "ca7116cf-93be-4a75-99e2-3ee133c367aa", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation Status", + "field": "cisco_ise.log.operation.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "03ebbffc-5648-4560-9510-5f27f7c59da9", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "03ebbffc-5648-4560-9510-5f27f7c59da9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Operation Type [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "b847c86c-1ef1-4ef4-afed-baac77ee2ce0", - "w": 48, - "x": 0, - "y": 14 - }, - "panelIndex": "b847c86c-1ef1-4ef4-afed-baac77ee2ce0", - "panelRefName": "panel_3", - "title": "Posture and Client Provisioning Audit Log Stream [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation Type", + "field": "cisco_ise.log.operation.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] Posture and Client Provisioning Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "visualization" + "gridData": { + "h": 14, + "i": "ca7116cf-93be-4a75-99e2-3ee133c367aa", + "w": 16, + "x": 32, + "y": 0 }, - { - "id": "cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" + "panelIndex": "ca7116cf-93be-4a75-99e2-3ee133c367aa", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "b847c86c-1ef1-4ef4-afed-baac77ee2ce0", + "w": 48, + "x": 0, + "y": 14 }, - { - "id": "cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83", - "name": "panel_3", - "type": "search" - } + "panelIndex": "b847c86c-1ef1-4ef4-afed-baac77ee2ce0", + "panelRefName": "panel_3", + "title": "Posture and Client Provisioning Audit Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco ISE] Posture and Client Provisioning Audit", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "search" + }, + { + "type": "index-pattern", + "name": "22a9db51-a883-4947-b41b-2c06ce7e492e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "03ebbffc-5648-4560-9510-5f27f7c59da9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ca7116cf-93be-4a75-99e2-3ee133c367aa:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json index 92f43cd4f17..3eb1fc0246c 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json @@ -1,148 +1,394 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "id": "cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY4MCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_System_Statistics" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_System_Statistics" + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "CPU Utilization Over Time [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "da582c56-5800-465a-a7e7-b2f0ab6df619", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "e6d7aa64-0073-4cf0-a69a-8eb06867f465", + "label": "CPU Utilization ", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_ise.log.category.name", - "negate": false, - "params": { - "query": "CISE_System_Statistics" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_System_Statistics" - } - } + "field": "cisco_ise.log.sysstats.utilization.cpu", + "id": "cf165805-c812-4988-9c1a-ea442e767edc", + "type": "avg" } - ], + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "d7a85d7c-eb7a-4f92-8f90-205c60ed892b", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d7a85d7c-eb7a-4f92-8f90-205c60ed892b", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "d7a85d7c-eb7a-4f92-8f90-205c60ed892b", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "0674168e-3642-43ed-8251-3a03f5880371", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "0674168e-3642-43ed-8251-3a03f5880371", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "d7a85d7c-eb7a-4f92-8f90-205c60ed892b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Memory Utilization Over Time [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "eb6e177b-8e7e-4d71-ac31-db9346ccb88b", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "b1c76318-e21a-4547-979f-45ab45e40dd6", + "label": "Memory Utilization", + "line_width": 1, + "metrics": [ + { + "field": "cisco_ise.log.sysstats.utilization.memory", + "id": "3ee7cec2-d8fd-4601-8b57-40922cddfc56", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "57265bb8-6c32-4d2f-a3e3-376d5ab35a8d", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "57265bb8-6c32-4d2f-a3e3-376d5ab35a8d", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "0674168e-3642-43ed-8251-3a03f5880371", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "0674168e-3642-43ed-8251-3a03f5880371", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Disk IO Utilization Over Time [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "ea254bb6-fa55-42c5-b3d6-39127b9d0901", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "18a38b8f-685b-4dce-b54a-d18a9b013d1d", + "label": "Disk IO Utilization", + "line_width": 1, + "metrics": [ + { + "field": "cisco_ise.log.sysstats.utilization.disk.io", + "id": "8d17df3d-e242-4871-b5f0-60a358e23361", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "b3238d64-db19-4274-ae79-e2870bf314e4", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "b3238d64-db19-4274-ae79-e2870bf314e4", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] System Statistics", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "visualization" + "gridData": { + "h": 15, + "i": "57265bb8-6c32-4d2f-a3e3-376d5ab35a8d", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" + "panelIndex": "57265bb8-6c32-4d2f-a3e3-376d5ab35a8d", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Utilization Load Average Over Time [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "3ec57505-d66e-4bb7-b331-42eb113c6268", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "fb9524f8-52cd-4bb1-9a96-90a0a600d3f6", + "label": "Utilization load average ", + "line_width": 1, + "metrics": [ + { + "field": "cisco_ise.log.sysstats.utilization.load_avg", + "id": "3ce8aa40-c99c-4760-9449-9a4e14cfe06d", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "terms_field": null, + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "b3238d64-db19-4274-ae79-e2870bf314e4", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83", - "name": "panel_3", - "type": "visualization" - } + "panelIndex": "b3238d64-db19-4274-ae79-e2870bf314e4", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco ISE] System Statistics", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json index e4cdfc28870..453e559374e 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json @@ -1,350 +1,1136 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_ise.log.category.name", - "negate": false, - "params": [ - "CISE_Failed_Attempts", - "CISE_Passed_Authentications" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Failed_Attempts" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Passed_Authentications" - } - } - ] - } - } + "id": "cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY4MSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Failed_Attempts", + "CISE_Passed_Authentications" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Failed_Attempts" } - ], + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Passed_Authentications" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Device IP Address [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device IP Address", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd", - "panelRefName": "panel_0", - "title": "Top 10 Device IP Address [Logs Cisco ISE]", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd", + "title": "Top 10 Device IP Address [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Protocol [Logs Cisco ISE]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "4232cb43-a1cb-45e2-8f8b-e523232e41bc", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "4232cb43-a1cb-45e2-8f8b-e523232e41bc", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a41df091-467a-48a5-a4c4-bfdda2c964ae", - "w": 16, - "x": 0, - "y": 15 - }, - "panelIndex": "a41df091-467a-48a5-a4c4-bfdda2c964ae", - "panelRefName": "panel_2", - "title": "Top 10 Network Device Names [Logs Cisco ISE]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46", - "w": 16, - "x": 16, - "y": 15 - }, - "panelIndex": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "85db9e7a-7390-4797-bef4-98b487427c43", - "w": 16, - "x": 32, - "y": 15 - }, - "panelIndex": "85db9e7a-7390-4797-bef4-98b487427c43", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocol", + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4232cb43-a1cb-45e2-8f8b-e523232e41bc", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4232cb43-a1cb-45e2-8f8b-e523232e41bc", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Network Device Names [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "1f6e0bdd-f67b-431e-8634-1299c4e5a605", - "w": 24, - "x": 24, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "1f6e0bdd-f67b-431e-8634-1299c4e5a605", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Name", + "field": "cisco_ise.log.network.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a41df091-467a-48a5-a4c4-bfdda2c964ae", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "a41df091-467a-48a5-a4c4-bfdda2c964ae", + "title": "Top 10 Network Device Names [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 User Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "64f258c3-4824-4d67-b083-e8e02ba926cc", - "w": 24, - "x": 0, - "y": 45 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "64f258c3-4824-4d67-b083-e8e02ba926cc", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46", + "w": 16, + "x": 16, + "y": 15 + }, + "panelIndex": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Portals Used [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d", - "panelRefName": "panel_8", - "title": " Distribution of Events by User Type [Logs Cisco ISE]", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Portal Name", + "field": "cisco_ise.log.portal.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "85db9e7a-7390-4797-bef4-98b487427c43", + "w": 16, + "x": 32, + "y": 15 + }, + "panelIndex": "85db9e7a-7390-4797-bef4-98b487427c43", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Distribution of Failed Attempts by Radius Packet Type [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "cc4bf643-08b2-4500-841d-ad8216532309", - "w": 24, - "x": 0, - "y": 60 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "cc4bf643-08b2-4500-841d-ad8216532309", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Radius Packet Type", + "field": "cisco_ise.log.radius_packet.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Distribution of Events by Authentication Method [Logs Cisco ISE]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5b616616-c8a5-44ed-ac39-cf94acf2d625", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "5b616616-c8a5-44ed-ac39-cf94acf2d625", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "c823be14-f41c-434a-98ed-434b7da90ac9", - "w": 48, - "x": 0, - "y": 75 - }, - "panelIndex": "c823be14-f41c-434a-98ed-434b7da90ac9", - "panelRefName": "panel_11", - "title": "AAA Audit Log Stream [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Authentication Method", + "field": "cisco_ise.log.authentication.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] AAA Audit ", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "visualization" + "gridData": { + "h": 15, + "i": "1f6e0bdd-f67b-431e-8634-1299c4e5a605", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" + "panelIndex": "1f6e0bdd-f67b-431e-8634-1299c4e5a605", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Distribution of Events by NAS Port Type [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "NAS Port Type", + "field": "cisco_ise.log.nas.port.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "64f258c3-4824-4d67-b083-e8e02ba926cc", + "w": 24, + "x": 0, + "y": 45 }, - { - "id": "cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83", - "name": "panel_3", - "type": "visualization" + "panelIndex": "64f258c3-4824-4d67-b083-e8e02ba926cc", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by User Type [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Type", + "field": "cisco_ise.log.user.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d", + "w": 24, + "x": 24, + "y": 45 }, - { - "id": "cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_5", - "type": "visualization" + "panelIndex": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d", + "title": " Distribution of Events by User Type [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Model Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Model Name", + "field": "cisco_ise.log.model.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_6", - "type": "visualization" + "gridData": { + "h": 15, + "i": "cc4bf643-08b2-4500-841d-ad8216532309", + "w": 24, + "x": 0, + "y": 60 }, - { - "id": "cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_7", - "type": "visualization" + "panelIndex": "cc4bf643-08b2-4500-841d-ad8216532309", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Network Device Profile Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Profile Name", + "field": "cisco_ise.log.network.device.profile_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_8", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5b616616-c8a5-44ed-ac39-cf94acf2d625", + "w": 24, + "x": 24, + "y": 60 }, - { - "id": "cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_9", - "type": "visualization" + "panelIndex": "5b616616-c8a5-44ed-ac39-cf94acf2d625", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_10", - "type": "visualization" + "gridData": { + "h": 14, + "i": "c823be14-f41c-434a-98ed-434b7da90ac9", + "w": 48, + "x": 0, + "y": 75 }, - { - "id": "cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83", - "name": "panel_11", - "type": "search" - } + "panelIndex": "c823be14-f41c-434a-98ed-434b7da90ac9", + "panelRefName": "panel_11", + "title": "AAA Audit Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco ISE] AAA Audit ", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83", + "name": "panel_11", + "type": "search" + }, + { + "type": "index-pattern", + "name": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4232cb43-a1cb-45e2-8f8b-e523232e41bc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a41df091-467a-48a5-a4c4-bfdda2c964ae:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85db9e7a-7390-4797-bef4-98b487427c43:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1f6e0bdd-f67b-431e-8634-1299c4e5a605:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "64f258c3-4824-4d67-b083-e8e02ba926cc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cc4bf643-08b2-4500-841d-ad8216532309:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5b616616-c8a5-44ed-ac39-cf94acf2d625:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json index 5f01184b0bb..8412c8b3303 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json @@ -1,474 +1,1484 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_ise.log.category.name", - "negate": false, - "params": [ - "CISE_Authentication_Flow_Diagnostics", - "CISE_Guest", - "CISE_MyDevices", - "CISE_Identity_Stores_Diagnostics", - "CISE_Policy_Diagnostics", - "CISE_RADIUS_Diagnostics", - "CISE_AD_Connector" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Authentication_Flow_Diagnostics" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Guest" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_MyDevices" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Identity_Stores_Diagnostics" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Policy_Diagnostics" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_RADIUS_Diagnostics" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_AD_Connector" - } - } - ] - } - } + "id": "cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY4MiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Authentication_Flow_Diagnostics", + "CISE_Guest", + "CISE_MyDevices", + "CISE_Identity_Stores_Diagnostics", + "CISE_Policy_Diagnostics", + "CISE_RADIUS_Diagnostics", + "CISE_AD_Connector" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Authentication_Flow_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Guest" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_MyDevices" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Identity_Stores_Diagnostics" } - ], + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Policy_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_RADIUS_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_AD_Connector" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "9bad5a17-973e-428d-a97e-35e870506076", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "9bad5a17-973e-428d-a97e-35e870506076", + "panelRefName": "panel_0", + "title": "AAA Diagnostics Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Guest User Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Guest User Name", + "field": "cisco_ise.log.guest.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "a711fab4-5b3c-4772-be34-ba329076bbc3", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "9bad5a17-973e-428d-a97e-35e870506076", - "w": 24, - "x": 24, - "y": 105 - }, - "panelIndex": "9bad5a17-973e-428d-a97e-35e870506076", - "panelRefName": "panel_0", - "title": "AAA Diagnostics Log Stream [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + "panelIndex": "a711fab4-5b3c-4772-be34-ba329076bbc3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Device Name for My Devices [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a711fab4-5b3c-4772-be34-ba329076bbc3", - "w": 24, - "x": 0, - "y": 0 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "a711fab4-5b3c-4772-be34-ba329076bbc3", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Name", + "field": "cisco_ise.log.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Policy Diagnostics by Policy Type [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Type", + "field": "cisco_ise.log.policy.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of AD Connector Events by AD Hostname [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b", - "w": 24, - "x": 0, - "y": 15 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "d10d59ee-c92b-4e28-81c4-1017be59bdfb", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "d10d59ee-c92b-4e28-81c4-1017be59bdfb", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AD Hostname", + "field": "cisco_ise.log.ad.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d10d59ee-c92b-4e28-81c4-1017be59bdfb", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "d10d59ee-c92b-4e28-81c4-1017be59bdfb", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 User Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "0e3b4705-dd8a-42d7-9992-eefe9239160b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "0e3b4705-dd8a-42d7-9992-eefe9239160b", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "0e3b4705-dd8a-42d7-9992-eefe9239160b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "0e3b4705-dd8a-42d7-9992-eefe9239160b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 AD IP Address for AD Connector [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "251e4695-f4fb-4f6d-98e0-4a822942b58d", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "251e4695-f4fb-4f6d-98e0-4a822942b58d", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AD IP Address", + "field": "cisco_ise.log.ad.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "251e4695-f4fb-4f6d-98e0-4a822942b58d", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "251e4695-f4fb-4f6d-98e0-4a822942b58d", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Device IP [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "94954f66-f728-4b2e-b7d3-024a4d21559a", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "94954f66-f728-4b2e-b7d3-024a4d21559a", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device IP Address", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "94954f66-f728-4b2e-b7d3-024a4d21559a", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "94954f66-f728-4b2e-b7d3-024a4d21559a", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 IP Address For AAA Diagnostics [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "1156a6e4-bf5a-4628-97c1-1d48296960e2", - "w": 24, - "x": 24, - "y": 45 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "1156a6e4-bf5a-4628-97c1-1d48296960e2", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source IP Address", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1156a6e4-bf5a-4628-97c1-1d48296960e2", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "1156a6e4-bf5a-4628-97c1-1d48296960e2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Distribution of Events by Authentication Method for AAA Diagnostics [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3db21693-851e-4584-8e01-92706e033703", - "w": 24, - "x": 0, - "y": 60 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "3db21693-851e-4584-8e01-92706e033703", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Authentication Method", + "field": "cisco_ise.log.authentication.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3db21693-851e-4584-8e01-92706e033703", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "3db21693-851e-4584-8e01-92706e033703", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Distribution of Events by Current ID Store Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "17cdfe86-a58c-4490-b253-7276fac9a458", - "w": 24, - "x": 24, - "y": 60 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "17cdfe86-a58c-4490-b253-7276fac9a458", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Current ID Store Name", + "field": "cisco_ise.log.currentid.store_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "17cdfe86-a58c-4490-b253-7276fac9a458", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "17cdfe86-a58c-4490-b253-7276fac9a458", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Selected Access Service [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "457e1c7e-32ae-4969-af38-81a02e0b0341", - "w": 24, - "x": 0, - "y": 75 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "457e1c7e-32ae-4969-af38-81a02e0b0341", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Selected Access Service", + "field": "cisco_ise.log.selected.access.service", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "457e1c7e-32ae-4969-af38-81a02e0b0341", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "457e1c7e-32ae-4969-af38-81a02e0b0341", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Authentication Identity Store [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "efaff3d9-6694-4adc-9b22-edd21d590852", - "w": 24, - "x": 24, - "y": 75 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "efaff3d9-6694-4adc-9b22-edd21d590852", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Authentication Identity Store", + "field": "cisco_ise.log.authentication.identity_store", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "efaff3d9-6694-4adc-9b22-edd21d590852", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "efaff3d9-6694-4adc-9b22-edd21d590852", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Radius Diagnostics by EAP Authentication [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "68e83de8-a2b3-4531-9e7a-80812495ef75", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "68e83de8-a2b3-4531-9e7a-80812495ef75", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "EAP Authentication", + "field": "cisco_ise.log.eap.authentication", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "68e83de8-a2b3-4531-9e7a-80812495ef75", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "68e83de8-a2b3-4531-9e7a-80812495ef75", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Radius Diagnostics by EAP Tunnel [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "9246074a-85cc-4cc3-a2df-6ebfe2db993e", - "w": 24, - "x": 24, - "y": 90 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "9246074a-85cc-4cc3-a2df-6ebfe2db993e", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "EAP Tunnel", + "field": "cisco_ise.log.eap.tunnel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "9246074a-85cc-4cc3-a2df-6ebfe2db993e", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "9246074a-85cc-4cc3-a2df-6ebfe2db993e", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Portal Name [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "49bb018b-cab3-41c8-91b7-cdc8e30453dc", - "w": 24, - "x": 0, - "y": 105 - }, - "panelIndex": "49bb018b-cab3-41c8-91b7-cdc8e30453dc", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Portal Name", + "field": "cisco_ise.log.portal.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] AAA Diagnostics", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "49bb018b-cab3-41c8-91b7-cdc8e30453dc", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "49bb018b-cab3-41c8-91b7-cdc8e30453dc", + "type": "visualization", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] AAA Diagnostics", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" + { + "id": "cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "search" - }, - { - "id": "cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_8", - "type": "visualization" - }, - { - "id": "cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_9", - "type": "visualization" - }, - { - "id": "cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_10", - "type": "visualization" - }, - { - "id": "cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_11", - "type": "visualization" - }, - { - "id": "cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_12", - "type": "visualization" - }, - { - "id": "cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_13", - "type": "visualization" - }, - { - "id": "cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_14", - "type": "visualization" - }, - { - "id": "cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_15", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "a711fab4-5b3c-4772-be34-ba329076bbc3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d10d59ee-c92b-4e28-81c4-1017be59bdfb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0e3b4705-dd8a-42d7-9992-eefe9239160b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "251e4695-f4fb-4f6d-98e0-4a822942b58d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "94954f66-f728-4b2e-b7d3-024a4d21559a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1156a6e4-bf5a-4628-97c1-1d48296960e2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3db21693-851e-4584-8e01-92706e033703:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17cdfe86-a58c-4490-b253-7276fac9a458:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "457e1c7e-32ae-4969-af38-81a02e0b0341:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "efaff3d9-6694-4adc-9b22-edd21d590852:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "68e83de8-a2b3-4531-9e7a-80812495ef75:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9246074a-85cc-4cc3-a2df-6ebfe2db993e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "49bb018b-cab3-41c8-91b7-cdc8e30453dc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json index 0a2c516e467..0d3bad3c0db 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json @@ -1,303 +1,809 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_ise.log.category.name", - "negate": false, - "params": [ - "CISE_RADIUS_Accounting", - "CISE_TACACS_Accounting" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_RADIUS_Accounting" - } - }, - { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_TACACS_Accounting" - } - } - ] - } - } + "id": "cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY4MywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_RADIUS_Accounting", + "CISE_TACACS_Accounting" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_RADIUS_Accounting" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_TACACS_Accounting" } - ], + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 NAS IP Address for Radius Accounting [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "NAS IP Address", + "field": "cisco_ise.log.nas.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "c9b722c7-e508-4447-8112-230e3858b5b8", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c9b722c7-e508-4447-8112-230e3858b5b8", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "c9b722c7-e508-4447-8112-230e3858b5b8", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "216c30b3-1a72-498f-939b-11462bb0adb7", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "216c30b3-1a72-498f-939b-11462bb0adb7", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "b6b0bc79-1ddb-461b-97c4-f814c1267e58", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "b6b0bc79-1ddb-461b-97c4-f814c1267e58", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "77492870-ccbf-400a-ae2e-97fe9f39cd0d", - "w": 16, - "x": 0, - "y": 30 - }, - "panelIndex": "77492870-ccbf-400a-ae2e-97fe9f39cd0d", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "c9b722c7-e508-4447-8112-230e3858b5b8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Radius Accounting by NAS Port Type [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "9abde76e-d49b-409c-924b-dd9c81c1dcea", - "w": 16, - "x": 16, - "y": 30 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "9abde76e-d49b-409c-924b-dd9c81c1dcea", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "NAS Port Type", + "field": "cisco_ise.log.nas.port.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "216c30b3-1a72-498f-939b-11462bb0adb7", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "216c30b3-1a72-498f-939b-11462bb0adb7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Radius Accounting by Accounting Terminate Cause [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ec663b72-467e-4ec0-ae7f-f023109ea50f", - "w": 16, - "x": 32, - "y": 30 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "ec663b72-467e-4ec0-ae7f-f023109ea50f", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Accounting Terminate Cause", + "field": "cisco_ise.log.acct.terminate_cause", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Device IP Address for Accounting [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "044c8085-11e7-40e3-a09b-bd994ce198aa", - "w": 24, - "x": 0, - "y": 45 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "044c8085-11e7-40e3-a09b-bd994ce198aa", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device IP Address", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b6b0bc79-1ddb-461b-97c4-f814c1267e58", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "b6b0bc79-1ddb-461b-97c4-f814c1267e58", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Network Device Name for Accounting [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6e5ca98d-df46-45a1-8014-cf16a3028dc2", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "6e5ca98d-df46-45a1-8014-cf16a3028dc2", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Name", + "field": "cisco_ise.log.network.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "77492870-ccbf-400a-ae2e-97fe9f39cd0d", + "w": 16, + "x": 0, + "y": 30 + }, + "panelIndex": "77492870-ccbf-400a-ae2e-97fe9f39cd0d", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 User Name for Accounting [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "371949ed-d67c-438f-a91a-3875e86edaf8", - "w": 48, - "x": 0, - "y": 60 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "371949ed-d67c-438f-a91a-3875e86edaf8", - "panelRefName": "panel_9", - "title": "Accounting Log Stream [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] Accounting", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "visualization" + "gridData": { + "h": 15, + "i": "9abde76e-d49b-409c-924b-dd9c81c1dcea", + "w": 16, + "x": 16, + "y": 30 }, - { - "id": "cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" + "panelIndex": "9abde76e-d49b-409c-924b-dd9c81c1dcea", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Network Device Profile for TACACS Accounting [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Profile ", + "field": "cisco_ise.log.network.device.profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "ec663b72-467e-4ec0-ae7f-f023109ea50f", + "w": 16, + "x": 32, + "y": 30 }, - { - "id": "cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_3", - "type": "visualization" + "panelIndex": "ec663b72-467e-4ec0-ae7f-f023109ea50f", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Selected Access Service for Accounting [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Selected Access Service", + "field": "cisco_ise.log.selected.access.service", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "044c8085-11e7-40e3-a09b-bd994ce198aa", + "w": 24, + "x": 0, + "y": 45 }, - { - "id": "cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_5", - "type": "visualization" + "panelIndex": "044c8085-11e7-40e3-a09b-bd994ce198aa", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Service for TACACS Accounting [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Service Name", + "field": "cisco_ise.log.service.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83", - "name": "panel_6", - "type": "visualization" + "gridData": { + "h": 15, + "i": "6e5ca98d-df46-45a1-8014-cf16a3028dc2", + "w": 24, + "x": 24, + "y": 45 }, - { - "id": "cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83", - "name": "panel_7", - "type": "visualization" + "panelIndex": "6e5ca98d-df46-45a1-8014-cf16a3028dc2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83", - "name": "panel_8", - "type": "visualization" + "gridData": { + "h": 15, + "i": "371949ed-d67c-438f-a91a-3875e86edaf8", + "w": 48, + "x": 0, + "y": 60 }, - { - "id": "cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83", - "name": "panel_9", - "type": "search" - } + "panelIndex": "371949ed-d67c-438f-a91a-3875e86edaf8", + "panelRefName": "panel_9", + "title": "Accounting Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco ISE] Accounting", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83", + "name": "panel_9", + "type": "search" + }, + { + "type": "index-pattern", + "name": "c9b722c7-e508-4447-8112-230e3858b5b8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "216c30b3-1a72-498f-939b-11462bb0adb7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b6b0bc79-1ddb-461b-97c4-f814c1267e58:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "77492870-ccbf-400a-ae2e-97fe9f39cd0d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9abde76e-d49b-409c-924b-dd9c81c1dcea:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ec663b72-467e-4ec0-ae7f-f023109ea50f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "044c8085-11e7-40e3-a09b-bd994ce198aa:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6e5ca98d-df46-45a1-8014-cf16a3028dc2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json index 82a68304912..8c94c50b3ab 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json @@ -1,196 +1,589 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_ise.log.category.name", - "negate": false, - "params": { - "query": "CISE_Administrative_and_Operational_Audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_ise.log.category.name": "CISE_Administrative_and_Operational_Audit" - } - } - } - ], + "id": "cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY4NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_Administrative_and_Operational_Audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Administrative_and_Operational_Audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "70611ce1-8cc4-4e59-bca1-2f60acd5603f", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "70611ce1-8cc4-4e59-bca1-2f60acd5603f", + "panelRefName": "panel_0", + "title": "Administrative and Operational Audit Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Distribution of Events by Admin Interface [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Admin Interface", + "field": "cisco_ise.log.admin.interface", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "973be120-1985-476b-939a-b0b82e570d33", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "70611ce1-8cc4-4e59-bca1-2f60acd5603f", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "70611ce1-8cc4-4e59-bca1-2f60acd5603f", - "panelRefName": "panel_0", - "title": "Administrative and Operational Audit Log Stream [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + "panelIndex": "973be120-1985-476b-939a-b0b82e570d33", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Top 10 Client IP for Administrative and Operational Audit [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "973be120-1985-476b-939a-b0b82e570d33", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "973be120-1985-476b-939a-b0b82e570d33", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client IP", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "755e7622-d79b-4ffc-a60f-df3b3dddeb86", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "755e7622-d79b-4ffc-a60f-df3b3dddeb86", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Distribution of Events by Object Type [Logs Cisco ISE]", + "description": "", + "uiState": { + "table": null, + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "755e7622-d79b-4ffc-a60f-df3b3dddeb86", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "755e7622-d79b-4ffc-a60f-df3b3dddeb86", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "e63be268-5af1-469b-aba7-89d3d43e2d00", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "e63be268-5af1-469b-aba7-89d3d43e2d00", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "cisco_ise.log.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e63be268-5af1-469b-aba7-89d3d43e2d00", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "e63be268-5af1-469b-aba7-89d3d43e2d00", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Distribution of Events by Failure Flag [Logs Cisco ISE]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "09a67f64-cb54-4976-a2a4-3fe6d891a44b", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "09a67f64-cb54-4976-a2a4-3fe6d891a44b", - "panelRefName": "panel_4", - "title": " Distribution of Events by Failure Flag [Logs Cisco ISE]", - "type": "visualization", - "version": "7.17.0" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Failure Flag", + "field": "cisco_ise.log.failure.flag", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] Administrative and Operational Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "search" - }, - { - "id": "cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "09a67f64-cb54-4976-a2a4-3fe6d891a44b", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83", - "name": "panel_3", - "type": "visualization" + "panelIndex": "09a67f64-cb54-4976-a2a4-3fe6d891a44b", + "title": " Distribution of Events by Failure Flag [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Distribution of Events by Admin Name [Logs Cisco ISE]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Admin Name", + "field": "client.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + } + } }, - { - "id": "cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9", - "name": "panel_5", - "type": "visualization" - } + "panelIndex": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco ISE] Administrative and Operational Audit", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" + }, + { + "type": "index-pattern", + "name": "973be120-1985-476b-939a-b0b82e570d33:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "755e7622-d79b-4ffc-a60f-df3b3dddeb86:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e63be268-5af1-469b-aba7-89d3d43e2d00:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "09a67f64-cb54-4976-a2a4-3fe6d891a44b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json index d964b2a8d08..b8f295fcffc 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json @@ -1,98 +1,175 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:29:36.506Z", + "version": "WzY4NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "5034ffff-f024-4fac-94c2-8aa800dfe04d", + "w": 48, + "x": 0, + "y": 13 + }, + "panelIndex": "5034ffff-f024-4fac-94c2-8aa800dfe04d", + "panelRefName": "panel_0", + "title": "Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Controls [Logs Cisco ISE]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cisco_ise.log.category.name", + "id": "1646939756945", + "indexPatternRefName": "control_0_index_pattern", + "label": "Log Category", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "log.level", + "id": "1646939807026", + "indexPatternRefName": "control_1_index_pattern", + "label": "Log Severity", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 10, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 13, + "i": "5864db90-ff57-40e6-b605-b6d86b7fea43", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5034ffff-f024-4fac-94c2-8aa800dfe04d", - "w": 48, - "x": 0, - "y": 13 - }, - "panelIndex": "5034ffff-f024-4fac-94c2-8aa800dfe04d", - "panelRefName": "panel_0", - "title": "Log Stream [Logs Cisco ISE]", - "type": "search", - "version": "7.17.0" + "panelIndex": "5864db90-ff57-40e6-b605-b6d86b7fea43", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboards", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "**[AAA Audit](<#/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83>)**\n\n**[AAA Diagnostics](<#/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83>)**\n\n**[Accounting](<#/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83>)**\n\n**[Administrative and Operational Audit](<#/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83>)**\n\n**[Posture and Client Provisioning Audit](<#/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83>)**\n\n**[System Diagnostics](<#/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83>)**\n\n**[System Statistics](<#/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83>)**\n\n", + "openLinksInNewTab": true }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "5864db90-ff57-40e6-b605-b6d86b7fea43", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "5864db90-ff57-40e6-b605-b6d86b7fea43", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "06cec002-64bd-4f18-a966-1b6fc2bfd4cf", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "06cec002-64bd-4f18-a966-1b6fc2bfd4cf", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Cisco ISE] Cisco ISE Overview", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83", - "name": "panel_0", - "type": "search" + } }, - { - "id": "cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 13, + "i": "06cec002-64bd-4f18-a966-1b6fc2bfd4cf", + "w": 24, + "x": 24, + "y": 0 }, - { - "id": "cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83", - "name": "panel_2", - "type": "visualization" - } + "panelIndex": "06cec002-64bd-4f18-a966-1b6fc2bfd4cf", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco ISE] Cisco ISE Overview", + "version": 1 + }, + "references": [ + { + "id": "cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" + }, + { + "type": "index-pattern", + "name": "5864db90-ff57-40e6-b605-b6d86b7fea43:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5864db90-ff57-40e6-b605-b6d86b7fea43:control_1_index_pattern", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 3725291c8a5..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Failed Attempts by Radius Packet Type [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Radius Packet Type", - "field": "cisco_ise.log.radius_packet.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Distribution of Failed Attempts by Radius Packet Type [Logs Cisco ISE]", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 1510a47a1e6..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Network Device Profile for TACACS Accounting [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Network Device Profile ", - "field": "cisco_ise.log.network.device.profile", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Network Device Profile for TACACS Accounting [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 1e1f32c7be9..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Authentication Method [Logs Cisco ISE]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Authentication Method", - "field": "cisco_ise.log.authentication.method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Authentication Method [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json deleted file mode 100644 index a180b3f6ca5..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Service for TACACS Accounting [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Service Name", - "field": "cisco_ise.log.service.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Service for TACACS Accounting [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 39b654ccbd4..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Controls [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "cisco_ise.log.category.name", - "id": "1646939756945", - "indexPatternRefName": "control_0_index_pattern", - "label": "Log Category", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "log.level", - "id": "1646939807026", - "indexPatternRefName": "control_1_index_pattern", - "label": "Log Severity", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 10, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "Controls [Logs Cisco ISE]", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 28376e6828a..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by NAS Port Type [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "NAS Port Type", - "field": "cisco_ise.log.nas.port.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Distribution of Events by NAS Port Type [Logs Cisco ISE]", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json deleted file mode 100644 index c19955d0a7d..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Dashboards", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "**[AAA Audit](\u003c#/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[AAA Diagnostics](\u003c#/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[Accounting](\u003c#/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[Administrative and Operational Audit](\u003c#/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[Posture and Client Provisioning Audit](\u003c#/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83\u003e)**\n\n**[System Diagnostics](\u003c#/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83\u003e)**\n\n**[System Statistics](\u003c#/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83\u003e)**\n\n", - "openLinksInNewTab": true - }, - "title": "Dashboards", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 2405fb61a29..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Admin Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Admin Name", - "field": "client.user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Admin Name [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 9448a27b9f1..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Operation Status [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation Status", - "field": "cisco_ise.log.operation.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Operation Status [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 8c34cbe9d1d..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Model Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Model Name", - "field": "cisco_ise.log.model.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Model Name [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json deleted file mode 100644 index faaf2cd7b10..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Operation Type [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation Type", - "field": "cisco_ise.log.operation.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Operation Type [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index d8385f1b6d9..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Network Device Profile Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Network Device Profile Name", - "field": "cisco_ise.log.network.device.profile_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Network Device Profile Name [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index dfecdba0916..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Portals Used [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Portal Name", - "field": "cisco_ise.log.portal.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Portals Used [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 91b26557de8..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Adapter Instance Name for Threat Centric NAC [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Adapter Instance Name", - "field": "cisco_ise.log.adapter_instance.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Adapter Instance Name for Threat Centric NAC [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 1845b25e14a..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "CPU Utilization Over Time [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "filter": { - "language": "kuery", - "query": "" - }, - "id": "da582c56-5800-465a-a7e7-b2f0ab6df619", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "e6d7aa64-0073-4cf0-a69a-8eb06867f465", - "label": "CPU Utilization ", - "line_width": 1, - "metrics": [ - { - "field": "cisco_ise.log.sysstats.utilization.cpu", - "id": "cf165805-c812-4988-9c1a-ea442e767edc", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "CPU Utilization Over Time [Logs Cisco ISE]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 525b268b6aa..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Memory Utilization Over Time [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "eb6e177b-8e7e-4d71-ac31-db9346ccb88b", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "b1c76318-e21a-4547-979f-45ab45e40dd6", - "label": "Memory Utilization", - "line_width": 1, - "metrics": [ - { - "field": "cisco_ise.log.sysstats.utilization.memory", - "id": "3ee7cec2-d8fd-4601-8b57-40922cddfc56", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Memory Utilization Over Time [Logs Cisco ISE]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 672b753011c..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Disk IO Utilization Over Time [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "ea254bb6-fa55-42c5-b3d6-39127b9d0901", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "18a38b8f-685b-4dce-b54a-d18a9b013d1d", - "label": "Disk IO Utilization", - "line_width": 1, - "metrics": [ - { - "field": "cisco_ise.log.sysstats.utilization.disk.io", - "id": "8d17df3d-e242-4871-b5f0-60a358e23361", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Disk IO Utilization Over Time [Logs Cisco ISE]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 3c61a3483df..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Threat Centric NAC by Connectivity [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Connectivity", - "field": "cisco_ise.log.connectivity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Threat Centric NAC by Connectivity [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 94daf2ccf6a..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Utilization Load Average Over Time [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "3ec57505-d66e-4bb7-b331-42eb113c6268", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "fb9524f8-52cd-4bb1-9a96-90a0a600d3f6", - "label": "Utilization load average ", - "line_width": 1, - "metrics": [ - { - "field": "cisco_ise.log.sysstats.utilization.load_avg", - "id": "3ce8aa40-c99c-4760-9449-9a4e14cfe06d", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "terms_field": null, - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Utilization Load Average Over Time [Logs Cisco ISE]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index c1517a10177..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 User Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Name", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 User Name [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json deleted file mode 100644 index d4b499147bf..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Logger Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Logger Name", - "field": "cisco_ise.log.logger.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Logger Name [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 7d3a959f903..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Threat Centric NAC by Status [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Status", - "field": "cisco_ise.log.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Threat Centric NAC by Status [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index dd645a73d77..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 AD IP Address for AD Connector [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "AD IP Address", - "field": "cisco_ise.log.ad.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 AD IP Address for AD Connector [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 2ab128e935b..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Device IP [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device IP Address", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Device IP [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 1a88e77b5bc..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 IP Address For AAA Diagnostics [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source IP Address", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 IP Address For AAA Diagnostics [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 9a1fbbabfe1..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Authentication Method for AAA Diagnostics [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Authentication Method", - "field": "cisco_ise.log.authentication.method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Distribution of Events by Authentication Method for AAA Diagnostics [Logs Cisco ISE]", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json deleted file mode 100644 index bd6d2b40c41..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Admin Interface [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Admin Interface", - "field": "cisco_ise.log.admin.interface", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Distribution of Events by Admin Interface [Logs Cisco ISE]", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 93993647c4f..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Client IP for Administrative and Operational Audit [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client IP", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Client IP for Administrative and Operational Audit [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 40d87999d27..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Current ID Store Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Current ID Store Name", - "field": "cisco_ise.log.currentid.store_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Distribution of Events by Current ID Store Name [Logs Cisco ISE]", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index b33b95d3b2c..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by User Type [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Type", - "field": "cisco_ise.log.user.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by User Type [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index bdfc776b633..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Selected Access Service [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Selected Access Service", - "field": "cisco_ise.log.selected.access.service", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Selected Access Service [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json deleted file mode 100644 index e99a4350366..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Object Type [Logs Cisco ISE]", - "uiStateJSON": { - "table": null, - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Object Type", - "field": "cisco_ise.log.object.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Object Type [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index cc0dc8740a8..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Authentication Identity Store [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Authentication Identity Store", - "field": "cisco_ise.log.authentication.identity_store", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Authentication Identity Store [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index e490bc47282..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Radius Diagnostics by EAP Authentication [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "EAP Authentication", - "field": "cisco_ise.log.eap.authentication", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Radius Diagnostics by EAP Authentication [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index b0a45277f32..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Radius Diagnostics by EAP Tunnel [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "EAP Tunnel", - "field": "cisco_ise.log.eap.tunnel", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Radius Diagnostics by EAP Tunnel [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index cd2b7ee74b4..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Portal Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Portal Name", - "field": "cisco_ise.log.portal.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Portal Name [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json deleted file mode 100644 index bebf9363400..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Failure Flag [Logs Cisco ISE]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Failure Flag", - "field": "cisco_ise.log.failure.flag", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Failure Flag [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json b/packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json deleted file mode 100644 index 336ca593bab..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Admin Name [Logs Cisco ISE]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Admin Name", - "field": "client.user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Admin Name [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 31c5b04a296..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Guest User Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Guest User Name", - "field": "cisco_ise.log.guest.user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Guest User Name [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 14acc536067..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Device Name for My Devices [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Name", - "field": "cisco_ise.log.device.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Device Name for My Devices [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index b36d0f7726f..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Policy Diagnostics by Policy Type [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Type", - "field": "cisco_ise.log.policy.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Policy Diagnostics by Policy Type [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index c6f8a5a2dd8..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 NAS IP Address for Radius Accounting [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "NAS IP Address", - "field": "cisco_ise.log.nas.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 NAS IP Address for Radius Accounting [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 717352e568b..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of AD Connector Events by AD Hostname [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "AD Hostname", - "field": "cisco_ise.log.ad.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of AD Connector Events by AD Hostname [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 7568d223738..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Radius Accounting by NAS Port Type [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "NAS Port Type", - "field": "cisco_ise.log.nas.port.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Radius Accounting by NAS Port Type [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 13dad2d27c3..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Radius Accounting by Accounting Terminate Cause [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Accounting Terminate Cause", - "field": "cisco_ise.log.acct.terminate_cause", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Radius Accounting by Accounting Terminate Cause [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 231252df1cf..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Device IP Address [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device IP Address", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Device IP Address [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index cb3adacde0f..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Device IP Address for Accounting [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device IP Address", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Device IP Address for Accounting [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 78301070676..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Protocol [Logs Cisco ISE]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocol", - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Protocol [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 2cc417aa02c..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Network Device Name for Accounting [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Network Device Name", - "field": "cisco_ise.log.network.device.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Network Device Name for Accounting [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 0863e10dee1..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 Network Device Names [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Network Device Name", - "field": "cisco_ise.log.network.device.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Network Device Names [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index 610872dfbe3..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 User Name for Accounting [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Name", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 User Name for Accounting [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json deleted file mode 100644 index f94ea82be40..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Top 10 User Name [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Name", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 User Name [Logs Cisco ISE]", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json deleted file mode 100644 index dd80bd9bec2..00000000000 --- a/packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset : \"cisco_ise.log\" " - } - } - }, - "title": "Distribution of Events by Selected Access Service for Accounting [Logs Cisco ISE]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Selected Access Service", - "field": "cisco_ise.log.selected.access.service", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Distribution of Events by Selected Access Service for Accounting [Logs Cisco ISE]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From 865f6213db9ecbe137ff394ea9a56bd31b9341a2 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 15:01:25 +0530 Subject: [PATCH 011/103] migrate cisco_secure_email_gateway to by_value --- ...-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json | 933 ++++++--- ...-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json | 966 +++++++--- ...-97ab0d40-b63e-11ec-b665-f79f0daaad54.json | 586 ++++-- ...-a1060e90-b025-11ec-8a45-8d83ac55242a.json | 942 +++++++-- ...-b9591cf0-b640-11ec-b665-f79f0daaad54.json | 732 +++++-- ...-be7e9c00-b055-11ec-8a45-8d83ac55242a.json | 1687 ++++++++++++++--- ...-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json | 1280 ++++++++++--- ...-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json | 606 ++++-- ...-159f1460-b579-11ec-aa3c-afc0e710666b.json | 123 -- ...-17219320-b520-11ec-aa3c-afc0e710666b.json | 92 - ...-1c1ef970-b517-11ec-aa3c-afc0e710666b.json | 92 - ...-23bc6030-b528-11ec-aa3c-afc0e710666b.json | 92 - ...-272885e0-b524-11ec-aa3c-afc0e710666b.json | 89 - ...-2ada7910-b51e-11ec-aa3c-afc0e710666b.json | 92 - ...-2bfd5260-b517-11ec-aa3c-afc0e710666b.json | 92 - ...-31a12320-b514-11ec-aa3c-afc0e710666b.json | 92 - ...-39138ed0-b510-11ec-aa3c-afc0e710666b.json | 89 - ...-3e387e10-b57a-11ec-aa3c-afc0e710666b.json | 89 - ...-4079ce10-b523-11ec-aa3c-afc0e710666b.json | 92 - ...-40ba5f40-b580-11ec-b665-f79f0daaad54.json | 89 - ...-4312b680-b525-11ec-aa3c-afc0e710666b.json | 89 - ...-50401f90-b63e-11ec-b665-f79f0daaad54.json | 89 - ...-567de1b0-b50f-11ec-aa3c-afc0e710666b.json | 92 - ...-5a647440-b51b-11ec-aa3c-afc0e710666b.json | 89 - ...-5eabfa40-b521-11ec-aa3c-afc0e710666b.json | 92 - ...-5f08da90-b511-11ec-aa3c-afc0e710666b.json | 92 - ...-60df7e90-b63e-11ec-b665-f79f0daaad54.json | 92 - ...-69210db0-b514-11ec-aa3c-afc0e710666b.json | 89 - ...-69897df0-b58c-11ec-b665-f79f0daaad54.json | 89 - ...-6b544d80-b579-11ec-aa3c-afc0e710666b.json | 92 - ...-6e7a9920-b58c-11ec-b665-f79f0daaad54.json | 92 - ...-72f24920-b58d-11ec-b665-f79f0daaad54.json | 113 -- ...-76438ce0-b512-11ec-aa3c-afc0e710666b.json | 92 - ...-7b61ca30-b520-11ec-aa3c-afc0e710666b.json | 92 - ...-80cc7570-b510-11ec-aa3c-afc0e710666b.json | 89 - ...-8309a9e0-b581-11ec-b665-f79f0daaad54.json | 123 -- ...-8944e4d0-b51f-11ec-aa3c-afc0e710666b.json | 87 - ...-955c42b0-b577-11ec-aa3c-afc0e710666b.json | 123 -- ...-973c1ee0-b57a-11ec-aa3c-afc0e710666b.json | 87 - ...-9c04dc70-b578-11ec-aa3c-afc0e710666b.json | 92 - ...-ac56b620-b514-11ec-aa3c-afc0e710666b.json | 89 - ...-b15a0680-b524-11ec-aa3c-afc0e710666b.json | 123 -- ...-bab80b00-b51f-11ec-aa3c-afc0e710666b.json | 89 - ...-bd88e8d0-b520-11ec-aa3c-afc0e710666b.json | 92 - ...-c6ecc5d0-b580-11ec-b665-f79f0daaad54.json | 121 -- ...-d26c0e90-b579-11ec-aa3c-afc0e710666b.json | 92 - ...-d2d9b860-b514-11ec-aa3c-afc0e710666b.json | 87 - ...-d4a2bdf0-b527-11ec-aa3c-afc0e710666b.json | 92 - ...-dabd1310-b578-11ec-aa3c-afc0e710666b.json | 88 - ...-dd1c3e90-b511-11ec-aa3c-afc0e710666b.json | 123 -- ...-e36fdf40-b57a-11ec-aa3c-afc0e710666b.json | 92 - ...-e4b913a0-b523-11ec-aa3c-afc0e710666b.json | 92 - ...-fdc9a620-b51e-11ec-aa3c-afc0e710666b.json | 92 - ...-fdee0eb0-b579-11ec-aa3c-afc0e710666b.json | 92 - ...-0007c200-b00b-11ec-8a45-8d83ac55242a.json | 78 - ...-18e16930-b00a-11ec-8a45-8d83ac55242a.json | 78 - ...-239adcd0-aff6-11ec-8a45-8d83ac55242a.json | 80 - ...-607f8060-b000-11ec-8a45-8d83ac55242a.json | 78 - ...-8e557710-b00a-11ec-8a45-8d83ac55242a.json | 78 - ...-8f476740-b001-11ec-8a45-8d83ac55242a.json | 78 - ...-a6ccb720-b002-11ec-8a45-8d83ac55242a.json | 78 - ...-e5d96bd0-b001-11ec-8a45-8d83ac55242a.json | 78 - 62 files changed, 6186 insertions(+), 6554 deletions(-) delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-159f1460-b579-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-17219320-b520-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-1c1ef970-b517-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-23bc6030-b528-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-272885e0-b524-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2ada7910-b51e-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2bfd5260-b517-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-31a12320-b514-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-39138ed0-b510-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-3e387e10-b57a-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4079ce10-b523-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-40ba5f40-b580-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4312b680-b525-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-50401f90-b63e-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-567de1b0-b50f-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5a647440-b51b-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5eabfa40-b521-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5f08da90-b511-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-60df7e90-b63e-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69210db0-b514-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69897df0-b58c-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6b544d80-b579-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6e7a9920-b58c-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-72f24920-b58d-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-76438ce0-b512-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-7b61ca30-b520-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-80cc7570-b510-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8309a9e0-b581-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8944e4d0-b51f-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-955c42b0-b577-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-973c1ee0-b57a-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-9c04dc70-b578-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-ac56b620-b514-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-b15a0680-b524-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bab80b00-b51f-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bd88e8d0-b520-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-c6ecc5d0-b580-11ec-b665-f79f0daaad54.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d26c0e90-b579-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d2d9b860-b514-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d4a2bdf0-b527-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dabd1310-b578-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dd1c3e90-b511-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e36fdf40-b57a-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e4b913a0-b523-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdc9a620-b51e-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdee0eb0-b579-11ec-aa3c-afc0e710666b.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-0007c200-b00b-11ec-8a45-8d83ac55242a.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-18e16930-b00a-11ec-8a45-8d83ac55242a.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-239adcd0-aff6-11ec-8a45-8d83ac55242a.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-607f8060-b000-11ec-8a45-8d83ac55242a.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8e557710-b00a-11ec-8a45-8d83ac55242a.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8f476740-b001-11ec-8a45-8d83ac55242a.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-a6ccb720-b002-11ec-8a45-8d83ac55242a.json delete mode 100644 packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-e5d96bd0-b001-11ec-8a45-8d83ac55242a.json diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json index 2700ac411ab..feae768c292 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json @@ -1,244 +1,723 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "id": "cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc0NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "status" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "status" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1af71592-86d8-4efb-b424-d6ecf7944ace", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "b509ab9e-7f7b-44f2-8ee6-258b88e17dfa", + "label": "Count", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "status" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "status" - } - } + "field": "cisco_secure_email_gateway.log.cpu.utilization", + "id": "4deb212e-daed-4c60-b947-aa33baeaa2a9", + "type": "avg" } - ], + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "terms_field": "cisco_secure_email_gateway.log.cpu.utilization", + "terms_order_by": "_count", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "95a6ae87-13d5-4ada-bd77-bec597a81714", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "95a6ae87-13d5-4ada-bd77-bec597a81714", - "panelRefName": "panel_0", - "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "gridData": { + "h": 14, + "i": "95a6ae87-13d5-4ada-bd77-bec597a81714", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "95a6ae87-13d5-4ada-bd77-bec597a81714", + "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "ba00a756-2315-4580-8c44-8daa6a4fe42c", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "a579bc05-7302-4698-a465-cc9c33326c93", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.disk_io", + "id": "bfc3259d-32c5-4aea-9581-14ae6945e2b0", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "fac9251f-8b75-46fa-94ff-2a004fd15099", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "fac9251f-8b75-46fa-94ff-2a004fd15099", - "panelRefName": "panel_1", - "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "fac9251f-8b75-46fa-94ff-2a004fd15099", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "fac9251f-8b75-46fa-94ff-2a004fd15099", + "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Ram Utilization Over Time [Logs Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "f3f0956a-14bb-45c8-b03d-9bae49240821", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "cbb2c4b6-0c49-4fc3-814e-68a7c117ad7b", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.ram.utilization", + "id": "d665c81d-8a7d-48fd-9ff4-697bbd4dbceb", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "de2943f1-1708-4fd3-bb0d-99903395cc32", - "w": 24, - "x": 0, - "y": 14 - }, - "panelIndex": "de2943f1-1708-4fd3-bb0d-99903395cc32", - "panelRefName": "panel_2", - "title": "RAM Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "de2943f1-1708-4fd3-bb0d-99903395cc32", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "de2943f1-1708-4fd3-bb0d-99903395cc32", + "title": "RAM Utilization Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Sophos Anti-Virus Scanning Over Time [Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "e8547150-1b72-456e-abb0-1f63a4c82e4a", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "4e1b5734-d731-4efe-85f7-cb7a6812819b", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.sophos_ld", + "id": "5b85a7fb-52f0-4f23-a808-07a23ae8157d", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3ff28fc7-0158-4901-baf2-797e2686c180", - "w": 24, - "x": 24, - "y": 14 - }, - "panelIndex": "3ff28fc7-0158-4901-baf2-797e2686c180", - "panelRefName": "panel_3", - "title": "Sophos Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3ff28fc7-0158-4901-baf2-797e2686c180", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "3ff28fc7-0158-4901-baf2-797e2686c180", + "title": "Sophos Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "0f2aec48-9a36-4fe0-a4ad-5922a129b4c3", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "2c4e6b49-e60c-4d4d-b2c4-c443928f93d7", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.mcafee_ld", + "id": "4a343f0d-2f6d-437d-a702-9707ee05de91", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "01d7f54a-0bfd-444a-99ca-ea799c11d342", - "w": 24, - "x": 0, - "y": 29 - }, - "panelIndex": "01d7f54a-0bfd-444a-99ca-ea799c11d342", - "panelRefName": "panel_4", - "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "01d7f54a-0bfd-444a-99ca-ea799c11d342", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "01d7f54a-0bfd-444a-99ca-ea799c11d342", + "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1ca757e4-9986-4109-82f8-a18e8f68cd35", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "c9ea79ff-857a-4c19-8864-dd32d5ecb80d", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.case_ld", + "id": "633c2888-96a2-4c24-a93b-e647ced942ed", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "cc5ddff9-fb90-4f24-a98c-3a2b3957f8c6", - "w": 24, - "x": 24, - "y": 29 - }, - "panelIndex": "cc5ddff9-fb90-4f24-a98c-3a2b3957f8c6", - "panelRefName": "panel_5", - "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cc5ddff9-fb90-4f24-a98c-3a2b3957f8c6", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "cc5ddff9-fb90-4f24-a98c-3a2b3957f8c6", + "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Reporting Process Over Time [Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "706b3574-bdb3-4b5e-b60c-535ecba9d3ea", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "6a5040fa-12e2-4a8f-a1da-51c6a6dcf2cb", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.reporting_load", + "id": "4c616f23-37ef-433f-9642-8bf6502b479a", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "0ef7de46-c487-40c7-856a-3bbd89bbcf7b", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "0ef7de46-c487-40c7-856a-3bbd89bbcf7b", - "panelRefName": "panel_6", - "title": "Reporting Process Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "0ef7de46-c487-40c7-856a-3bbd89bbcf7b", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "0ef7de46-c487-40c7-856a-3bbd89bbcf7b", + "title": "Reporting Process Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "867a9950-5f15-460a-98b4-9bb0eeec0d8d", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "e6a4bd49-6b02-49dc-8204-b4e4cee693b0", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.quarantine.load", + "id": "ad8aab01-a047-4608-9587-73f25a02c850", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7ce2069e-5789-451a-8980-5c1efa0ea8b9", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "7ce2069e-5789-451a-8980-5c1efa0ea8b9", - "panelRefName": "panel_7", - "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Status", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "cisco_secure_email_gateway-239adcd0-aff6-11ec-8a45-8d83ac55242a", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "cisco_secure_email_gateway-607f8060-b000-11ec-8a45-8d83ac55242a", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "cisco_secure_email_gateway-8f476740-b001-11ec-8a45-8d83ac55242a", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "cisco_secure_email_gateway-e5d96bd0-b001-11ec-8a45-8d83ac55242a", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "cisco_secure_email_gateway-a6ccb720-b002-11ec-8a45-8d83ac55242a", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "cisco_secure_email_gateway-18e16930-b00a-11ec-8a45-8d83ac55242a", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "cisco_secure_email_gateway-8e557710-b00a-11ec-8a45-8d83ac55242a", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "cisco_secure_email_gateway-0007c200-b00b-11ec-8a45-8d83ac55242a", - "name": "panel_7", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "7ce2069e-5789-451a-8980-5c1efa0ea8b9", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "7ce2069e-5789-451a-8980-5c1efa0ea8b9", + "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Status", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json index 349f2f21e36..753325ca1dc 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json @@ -1,266 +1,752 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "id": "cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc0NywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "amp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "amp" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc": { + "columnOrder": [ + "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285", + "40ee8622-c392-4ec5-bc21-d912f381c282" + ], + "columns": { + "40ee8622-c392-4ec5-bc21-d912f381c282": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "amp" + "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "40ee8622-c392-4ec5-bc21-d912f381c282", + "type": "column" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "amp" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.content_type" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285" + ], + "layerId": "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", + "layerType": "data", + "legendDisplay": "default", + "metric": "40ee8622-c392-4ec5-bc21-d912f381c282", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", + "type": "index-pattern" + } + ] + }, + "enhancements": {}, + "hidePanelTitles": false }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 13, + "i": "9dee5b6f-f892-4227-9472-22fb7d514271", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc": { - "columnOrder": [ - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285", - "40ee8622-c392-4ec5-bc21-d912f381c282" - ], - "columns": { - "40ee8622-c392-4ec5-bc21-d912f381c282": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "40ee8622-c392-4ec5-bc21-d912f381c282", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.content_type" - } - }, - "incompleteColumns": {} - } - } - } + "panelIndex": "9dee5b6f-f892-4227-9472-22fb7d514271", + "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "da50ed80-3cbc-4559-bef0-e3db5de2fb16": { + "columnOrder": [ + "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", + "722a910a-7f85-47f2-9eea-8a13c4faaed5" + ], + "columns": { + "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Malware Threat", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.malware" + }, + "722a910a-7f85-47f2-9eea-8a13c4faaed5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", + "isTransposed": false + }, + { + "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", + "isTransposed": false + } + ], + "layerId": "da50ed80-3cbc-4559-bef0-e3db5de2fb16", + "layerType": "data" + } + }, + "title": "Top 10 Malware Threat [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-da50ed80-3cbc-4559-bef0-e3db5de2fb16", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "dc47e71b-52ce-41ad-bbba-60c0b7205f20", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "dc47e71b-52ce-41ad-bbba-60c0b7205f20", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc97ded6-1926-428a-a6d3-d13b3b47b8ba": { + "columnOrder": [ + "50f68a81-af9c-4a46-8f31-49957891f03e", + "536e9932-8f25-4096-a1f1-cc40da5e099b" + ], + "columns": { + "50f68a81-af9c-4a46-8f31-49957891f03e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Spy Name ", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285" - ], - "layerId": "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", - "layerType": "data", - "legendDisplay": "default", - "metric": "40ee8622-c392-4ec5-bc21-d912f381c282", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.spy_name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "9dee5b6f-f892-4227-9472-22fb7d514271", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "9dee5b6f-f892-4227-9472-22fb7d514271", - "panelRefName": "panel_0", - "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "536e9932-8f25-4096-a1f1-cc40da5e099b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "50f68a81-af9c-4a46-8f31-49957891f03e", + "isTransposed": false + }, + { + "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", + "isTransposed": false + } + ], + "layerId": "cc97ded6-1926-428a-a6d3-d13b3b47b8ba", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "dc47e71b-52ce-41ad-bbba-60c0b7205f20", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "dc47e71b-52ce-41ad-bbba-60c0b7205f20", - "panelRefName": "panel_1", - "type": "lens", - "version": "7.17.0" + "title": "Top 10 Spy Name [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc97ded6-1926-428a-a6d3-d13b3b47b8ba", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "ca17fa14-0065-4dc5-87e2-3166254da30a", + "w": 24, + "x": 0, + "y": 13 + }, + "panelIndex": "ca17fa14-0065-4dc5-87e2-3166254da30a", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8b6d5f6d-b1c9-4860-917a-ecac06f34b10": { + "columnOrder": [ + "a3111dae-5b02-4296-88ff-61197bd0f3f9", + "c3597c7d-4468-4194-8f2d-a453ced98438" + ], + "columns": { + "a3111dae-5b02-4296-88ff-61197bd0f3f9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Mime Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c3597c7d-4468-4194-8f2d-a453ced98438", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.attachments.file.mime_type" + }, + "c3597c7d-4468-4194-8f2d-a453ced98438": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a3111dae-5b02-4296-88ff-61197bd0f3f9" + ], + "layerId": "8b6d5f6d-b1c9-4860-917a-ecac06f34b10", + "layerType": "data", + "legendDisplay": "default", + "metric": "c3597c7d-4468-4194-8f2d-a453ced98438", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} + "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8b6d5f6d-b1c9-4860-917a-ecac06f34b10", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1", + "w": 24, + "x": 24, + "y": 13 + }, + "panelIndex": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1", + "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "209d92c9-a130-4ba9-8e21-35662ea8c98e": { + "columnOrder": [ + "1a4f6e44-23c6-4726-988a-6706f595eda1", + "6fa0fc6c-efc2-42b1-96a1-78623735199e" + ], + "columns": { + "1a4f6e44-23c6-4726-988a-6706f595eda1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Upload Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6fa0fc6c-efc2-42b1-96a1-78623735199e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.upload.action" + }, + "6fa0fc6c-efc2-42b1-96a1-78623735199e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "ca17fa14-0065-4dc5-87e2-3166254da30a", - "w": 24, - "x": 0, - "y": 13 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "ca17fa14-0065-4dc5-87e2-3166254da30a", - "panelRefName": "panel_2", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 13, - "i": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1", - "w": 24, - "x": 24, - "y": 13 + "layers": [ + { + "accessors": [ + "6fa0fc6c-efc2-42b1-96a1-78623735199e" + ], + "layerId": "209d92c9-a130-4ba9-8e21-35662ea8c98e", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "1a4f6e44-23c6-4726-988a-6706f595eda1" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1", - "panelRefName": "panel_3", - "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "38a471f6-9731-4071-9d91-b3ec1564349b", - "w": 24, - "x": 0, - "y": 26 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "38a471f6-9731-4071-9d91-b3ec1564349b", - "panelRefName": "panel_4", - "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "aa7dfa01-c596-466e-8296-1608d666cd1e", - "w": 24, - "x": 24, - "y": 26 - }, - "panelIndex": "aa7dfa01-c596-466e-8296-1608d666cd1e", - "panelRefName": "panel_5", - "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] AMP Engine", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-209d92c9-a130-4ba9-8e21-35662ea8c98e", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-567de1b0-b50f-11ec-aa3c-afc0e710666b", - "name": "panel_0", - "type": "lens" + "gridData": { + "h": 13, + "i": "38a471f6-9731-4071-9d91-b3ec1564349b", + "w": 24, + "x": 0, + "y": 26 }, - { - "id": "cisco_secure_email_gateway-39138ed0-b510-11ec-aa3c-afc0e710666b", - "name": "panel_1", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-80cc7570-b510-11ec-aa3c-afc0e710666b", - "name": "panel_2", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-5f08da90-b511-11ec-aa3c-afc0e710666b", - "name": "panel_3", - "type": "lens" + "panelIndex": "38a471f6-9731-4071-9d91-b3ec1564349b", + "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "52251872-020b-4855-9c01-fbebd4df0064": { + "columnOrder": [ + "585842e9-697b-43a6-99cb-e905245ce2e2", + "1c89cec4-799f-407c-a53c-d4f2332d7966" + ], + "columns": { + "1c89cec4-799f-407c-a53c-d4f2332d7966": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "585842e9-697b-43a6-99cb-e905245ce2e2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1c89cec4-799f-407c-a53c-d4f2332d7966", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "585842e9-697b-43a6-99cb-e905245ce2e2" + ], + "layerId": "52251872-020b-4855-9c01-fbebd4df0064", + "layerType": "data", + "legendDisplay": "default", + "metric": "1c89cec4-799f-407c-a53c-d4f2332d7966", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-52251872-020b-4855-9c01-fbebd4df0064", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-dd1c3e90-b511-11ec-aa3c-afc0e710666b", - "name": "panel_4", - "type": "lens" + "gridData": { + "h": 13, + "i": "aa7dfa01-c596-466e-8296-1608d666cd1e", + "w": 24, + "x": 24, + "y": 26 }, - { - "id": "cisco_secure_email_gateway-76438ce0-b512-11ec-aa3c-afc0e710666b", - "name": "panel_5", - "type": "lens" - } + "panelIndex": "aa7dfa01-c596-466e-8296-1608d666cd1e", + "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] AMP Engine", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "9dee5b6f-f892-4227-9472-22fb7d514271:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9dee5b6f-f892-4227-9472-22fb7d514271:indexpattern-datasource-layer-42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dc47e71b-52ce-41ad-bbba-60c0b7205f20:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dc47e71b-52ce-41ad-bbba-60c0b7205f20:indexpattern-datasource-layer-da50ed80-3cbc-4559-bef0-e3db5de2fb16", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ca17fa14-0065-4dc5-87e2-3166254da30a:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ca17fa14-0065-4dc5-87e2-3166254da30a:indexpattern-datasource-layer-cc97ded6-1926-428a-a6d3-d13b3b47b8ba", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1:indexpattern-datasource-layer-8b6d5f6d-b1c9-4860-917a-ecac06f34b10", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "38a471f6-9731-4071-9d91-b3ec1564349b:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "38a471f6-9731-4071-9d91-b3ec1564349b:indexpattern-datasource-layer-209d92c9-a130-4ba9-8e21-35662ea8c98e", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aa7dfa01-c596-466e-8296-1608d666cd1e:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aa7dfa01-c596-466e-8296-1608d666cd1e:indexpattern-datasource-layer-52251872-020b-4855-9c01-fbebd4df0064", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json index d8cbc7b2ad3..2709c96afb5 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json @@ -1,128 +1,482 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + "id": "cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc0OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6a329d99-3de7-4396-9481-07cff7118b75": { + "columnOrder": [ + "94df3128-28b6-4f27-897f-bcb44d3c7196", + "2eeef2a5-4721-49f0-bdf3-e39e05c95999" + ], + "columns": { + "2eeef2a5-4721-49f0-bdf3-e39e05c95999": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "94df3128-28b6-4f27-897f-bcb44d3c7196": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"antispam\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "94df3128-28b6-4f27-897f-bcb44d3c7196" + ], + "layerId": "6a329d99-3de7-4396-9481-07cff7118b75", + "layerType": "data", + "legendDisplay": "default", + "metric": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6a329d99-3de7-4396-9481-07cff7118b75", + "type": "index-pattern" + } + ] + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "7cc45c02-44e8-438c-aa38-a007d252b940", + "w": 23, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7cc45c02-44e8-438c-aa38-a007d252b940", - "w": 23, - "x": 0, - "y": 0 - }, - "panelIndex": "7cc45c02-44e8-438c-aa38-a007d252b940", - "panelRefName": "panel_0", - "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3", - "w": 25, - "x": 23, - "y": 0 - }, - "panelIndex": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3", - "panelRefName": "panel_1", - "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "panelIndex": "7cc45c02-44e8-438c-aa38-a007d252b940", + "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d11b7b35-4452-4d96-aedb-cfa76248e087": { + "columnOrder": [ + "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885", + "9d948240-967b-4c51-828f-3b950b5beca5" + ], + "columns": { + "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9d948240-967b-4c51-828f-3b950b5beca5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object_category" + }, + "9d948240-967b-4c51-828f-3b950b5beca5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"antispam\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885" + ], + "layerId": "d11b7b35-4452-4d96-aedb-cfa76248e087", + "layerType": "data", + "legendDisplay": "default", + "metric": "9d948240-967b-4c51-828f-3b950b5beca5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "d14a4980-fa97-483e-ad10-ad6ff134dd23", - "w": 23, - "x": 0, - "y": 15 - }, - "panelIndex": "d14a4980-fa97-483e-ad10-ad6ff134dd23", - "panelRefName": "panel_2", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d11b7b35-4452-4d96-aedb-cfa76248e087", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3", + "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3580df6b-ad09-48fd-a1a5-82f760b16cdd": { + "columnOrder": [ + "eeafffce-6abd-40c9-9615-6707e18801b6", + "31ca0397-55c6-4109-a00c-b79e85754ffa" + ], + "columns": { + "31ca0397-55c6-4109-a00c-b79e85754ffa": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "eeafffce-6abd-40c9-9615-6707e18801b6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"authentication\"" + }, + "visualization": { + "columns": [ + { + "columnId": "eeafffce-6abd-40c9-9615-6707e18801b6", + "isTransposed": false + }, + { + "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", + "isTransposed": false + } + ], + "layerId": "3580df6b-ad09-48fd-a1a5-82f760b16cdd", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "1db1d475-764a-431d-abb5-9ab291f69e33", - "w": 25, - "x": 23, - "y": 15 - }, - "panelIndex": "1db1d475-764a-431d-abb5-9ab291f69e33", - "panelRefName": "panel_3", - "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Anti-Spam and Authentication", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3580df6b-ad09-48fd-a1a5-82f760b16cdd", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-2bfd5260-b517-11ec-aa3c-afc0e710666b", - "name": "panel_0", - "type": "lens" + "gridData": { + "h": 15, + "i": "d14a4980-fa97-483e-ad10-ad6ff134dd23", + "w": 23, + "x": 0, + "y": 15 }, - { - "id": "cisco_secure_email_gateway-1c1ef970-b517-11ec-aa3c-afc0e710666b", - "name": "panel_1", - "type": "lens" + "panelIndex": "d14a4980-fa97-483e-ad10-ad6ff134dd23", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0c19b962-3c1b-47bd-b455-08fe74f0d713": { + "columnOrder": [ + "5633dc67-ee99-44e0-9fc9-1eeb069871a7", + "df66b654-83dc-4985-830d-a241adefbc2c" + ], + "columns": { + "5633dc67-ee99-44e0-9fc9-1eeb069871a7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "df66b654-83dc-4985-830d-a241adefbc2c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + }, + "df66b654-83dc-4985-830d-a241adefbc2c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"authentication\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "5633dc67-ee99-44e0-9fc9-1eeb069871a7" + ], + "layerId": "0c19b962-3c1b-47bd-b455-08fe74f0d713", + "layerType": "data", + "legendDisplay": "default", + "metric": "df66b654-83dc-4985-830d-a241adefbc2c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0c19b962-3c1b-47bd-b455-08fe74f0d713", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-50401f90-b63e-11ec-b665-f79f0daaad54", - "name": "panel_2", - "type": "lens" + "gridData": { + "h": 15, + "i": "1db1d475-764a-431d-abb5-9ab291f69e33", + "w": 25, + "x": 23, + "y": 15 }, - { - "id": "cisco_secure_email_gateway-60df7e90-b63e-11ec-b665-f79f0daaad54", - "name": "panel_3", - "type": "lens" - } + "panelIndex": "1db1d475-764a-431d-abb5-9ab291f69e33", + "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Anti-Spam and Authentication", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "7cc45c02-44e8-438c-aa38-a007d252b940:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7cc45c02-44e8-438c-aa38-a007d252b940:indexpattern-datasource-layer-6a329d99-3de7-4396-9481-07cff7118b75", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3:indexpattern-datasource-layer-d11b7b35-4452-4d96-aedb-cfa76248e087", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d14a4980-fa97-483e-ad10-ad6ff134dd23:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d14a4980-fa97-483e-ad10-ad6ff134dd23:indexpattern-datasource-layer-3580df6b-ad09-48fd-a1a5-82f760b16cdd", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1db1d475-764a-431d-abb5-9ab291f69e33:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1db1d475-764a-431d-abb5-9ab291f69e33:indexpattern-datasource-layer-0c19b962-3c1b-47bd-b455-08fe74f0d713", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json index cf7577704f1..fb24fc01d6d 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json @@ -1,196 +1,804 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "gui_logs" + "id": "cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc0OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "gui_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "gui_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "deefc302-2a9c-4c62-8b64-db0656a1e201": { + "columnOrder": [ + "1a75a065-b075-4708-974f-e4460b593062", + "47d341a9-66d9-478c-83ed-faf1b8e6142f" + ], + "columns": { + "1a75a065-b075-4708-974f-e4460b593062": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Host IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.ip" }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "gui_logs" - } + "47d341a9-66d9-478c-83ed-faf1b8e6142f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "1a75a065-b075-4708-974f-e4460b593062", + "isTransposed": false + }, + { + "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", + "isTransposed": false + } + ], + "layerId": "deefc302-2a9c-4c62-8b64-db0656a1e201", + "layerType": "data" + } + }, + "title": "Top 10 Host IP [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-deefc302-2a9c-4c62-8b64-db0656a1e201", + "type": "index-pattern" + } + ] + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1dd36832-31f8-43d2-a00c-49d24108eaa4", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1dd36832-31f8-43d2-a00c-49d24108eaa4", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "92246eb5-8cb8-441e-b9fe-ff56c6ff0997": { + "columnOrder": [ + "172c29b9-e8bc-48f2-aa9c-796d076a7895", + "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" + ], + "columns": { + "172c29b9-e8bc-48f2-aa9c-796d076a7895": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Request", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5ea232ac-12df-4c6e-af79-0d1b41d3e34c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "http.request.method" + }, + "5ea232ac-12df-4c6e-af79-0d1b41d3e34c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "1dd36832-31f8-43d2-a00c-49d24108eaa4", - "w": 24, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "1dd36832-31f8-43d2-a00c-49d24108eaa4", - "panelRefName": "panel_0", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5", - "w": 24, - "x": 24, - "y": 0 + "layers": [ + { + "accessors": [ + "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" + ], + "layerId": "92246eb5-8cb8-441e-b9fe-ff56c6ff0997", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "172c29b9-e8bc-48f2-aa9c-796d076a7895" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5", - "panelRefName": "panel_1", - "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "ac4a3508-065d-4610-8358-684e5d9e82c2", - "w": 24, - "x": 0, - "y": 15 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "ac4a3508-065d-4610-8358-684e5d9e82c2", - "panelRefName": "panel_2", - "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-92246eb5-8cb8-441e-b9fe-ff56c6ff0997", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5", + "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "316330ba-0c74-48a8-a005-a83d62b22825": { + "columnOrder": [ + "49ecc95f-4e3e-4886-b6a9-f877f37aa93d", + "190364eb-0f7a-4409-b39e-761d5f9bd865" + ], + "columns": { + "190364eb-0f7a-4409-b39e-761d5f9bd865": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "49ecc95f-4e3e-4886-b6a9-f877f37aa93d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Status Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "190364eb-0f7a-4409-b39e-761d5f9bd865", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "http.response.status_code" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe", - "w": 24, - "x": 24, - "y": 15 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe", - "panelRefName": "panel_3", - "title": "Distribution of GUI Events by User Agent [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "b6700711-d823-4afa-9ce0-b119917ed1b8", - "w": 24, - "x": 0, - "y": 30 + "layers": [ + { + "accessors": [ + "190364eb-0f7a-4409-b39e-761d5f9bd865" + ], + "layerId": "316330ba-0c74-48a8-a005-a83d62b22825", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "49ecc95f-4e3e-4886-b6a9-f877f37aa93d" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "b6700711-d823-4afa-9ce0-b119917ed1b8", - "panelRefName": "panel_4", - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "79ad4619-4274-4344-925b-281f6c35df63", - "w": 24, - "x": 24, - "y": 30 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "79ad4619-4274-4344-925b-281f6c35df63", - "panelRefName": "panel_5", - "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] GUI", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-316330ba-0c74-48a8-a005-a83d62b22825", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-40ba5f40-b580-11ec-b665-f79f0daaad54", - "name": "panel_0", - "type": "lens" + "gridData": { + "h": 15, + "i": "ac4a3508-065d-4610-8358-684e5d9e82c2", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "cisco_secure_email_gateway-c6ecc5d0-b580-11ec-b665-f79f0daaad54", - "name": "panel_1", - "type": "lens" + "panelIndex": "ac4a3508-065d-4610-8358-684e5d9e82c2", + "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0c3a1ff3-eb26-42fd-8196-49c12251bd49": { + "columnOrder": [ + "cebc1213-bb3f-4000-b747-5f0b0c608b4b", + "e1416011-657e-40b0-9af8-ff3bcbdf0617" + ], + "columns": { + "cebc1213-bb3f-4000-b747-5f0b0c608b4b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Agent Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1416011-657e-40b0-9af8-ff3bcbdf0617", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.name" + }, + "e1416011-657e-40b0-9af8-ff3bcbdf0617": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "cebc1213-bb3f-4000-b747-5f0b0c608b4b" + ], + "layerId": "0c3a1ff3-eb26-42fd-8196-49c12251bd49", + "layerType": "data", + "legendDisplay": "default", + "metric": "e1416011-657e-40b0-9af8-ff3bcbdf0617", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of GUI Events by User Agent Name [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0c3a1ff3-eb26-42fd-8196-49c12251bd49", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-8309a9e0-b581-11ec-b665-f79f0daaad54", - "name": "panel_2", - "type": "lens" + "gridData": { + "h": 15, + "i": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "cisco_secure_email_gateway-6e7a9920-b58c-11ec-b665-f79f0daaad54", - "name": "panel_3", - "type": "lens" + "panelIndex": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe", + "title": "Distribution of GUI Events by User Agent [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "57751ffc-a4b1-4c64-88ce-1e692814b206": { + "columnOrder": [ + "23017c0a-ce72-475c-a40c-9f98f6036ea5", + "43da0051-67fe-4cab-9dcd-acd44e8eede1" + ], + "columns": { + "23017c0a-ce72-475c-a40c-9f98f6036ea5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "43da0051-67fe-4cab-9dcd-acd44e8eede1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "23017c0a-ce72-475c-a40c-9f98f6036ea5", + "isTransposed": false + }, + { + "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", + "isTransposed": false + } + ], + "layerId": "57751ffc-a4b1-4c64-88ce-1e692814b206", + "layerType": "data" + } + }, + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-57751ffc-a4b1-4c64-88ce-1e692814b206", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-69897df0-b58c-11ec-b665-f79f0daaad54", - "name": "panel_4", - "type": "lens" + "gridData": { + "h": 15, + "i": "b6700711-d823-4afa-9ce0-b119917ed1b8", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "cisco_secure_email_gateway-72f24920-b58d-11ec-b665-f79f0daaad54", - "name": "panel_5", - "type": "lens" - } + "panelIndex": "b6700711-d823-4afa-9ce0-b119917ed1b8", + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "58c79990-e129-4e1d-a7c5-2f663c86109f": { + "columnOrder": [ + "7e1dc911-a513-41bd-9e56-5366699d06e0", + "9a441fcb-5153-497e-85dc-6d3efb3b54cc", + "1abb990c-1e38-4ba3-b160-b0cea323aefc" + ], + "columns": { + "1abb990c-1e38-4ba3-b160-b0cea323aefc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "7e1dc911-a513-41bd-9e56-5366699d06e0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.name" + }, + "9a441fcb-5153-497e-85dc-6d3efb3b54cc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.version" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7e1dc911-a513-41bd-9e56-5366699d06e0", + "9a441fcb-5153-497e-85dc-6d3efb3b54cc" + ], + "layerId": "58c79990-e129-4e1d-a7c5-2f663c86109f", + "layerType": "data", + "legendDisplay": "default", + "metric": "1abb990c-1e38-4ba3-b160-b0cea323aefc", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-58c79990-e129-4e1d-a7c5-2f663c86109f", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "79ad4619-4274-4344-925b-281f6c35df63", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "79ad4619-4274-4344-925b-281f6c35df63", + "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] GUI", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "1dd36832-31f8-43d2-a00c-49d24108eaa4:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1dd36832-31f8-43d2-a00c-49d24108eaa4:indexpattern-datasource-layer-deefc302-2a9c-4c62-8b64-db0656a1e201", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5:indexpattern-datasource-layer-92246eb5-8cb8-441e-b9fe-ff56c6ff0997", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ac4a3508-065d-4610-8358-684e5d9e82c2:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ac4a3508-065d-4610-8358-684e5d9e82c2:indexpattern-datasource-layer-316330ba-0c74-48a8-a005-a83d62b22825", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe:indexpattern-datasource-layer-0c3a1ff3-eb26-42fd-8196-49c12251bd49", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b6700711-d823-4afa-9ce0-b119917ed1b8:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b6700711-d823-4afa-9ce0-b119917ed1b8:indexpattern-datasource-layer-57751ffc-a4b1-4c64-88ce-1e692814b206", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "79ad4619-4274-4344-925b-281f6c35df63:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "79ad4619-4274-4344-925b-281f6c35df63:indexpattern-datasource-layer-58c79990-e129-4e1d-a7c5-2f663c86109f", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json index 61c2aa811be..d387a3dcd7e 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json @@ -1,147 +1,617 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + "id": "cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc1MCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "818edf56-0abd-4454-a40a-9c48a9ccb60b": { + "columnOrder": [ + "30d4769c-2c7b-492d-bd13-dbd0be6331ae", + "4b2b840d-b0c8-4b5d-838a-6419d2679e57" + ], + "columns": { + "30d4769c-2c7b-492d-bd13-dbd0be6331ae": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + }, + "4b2b840d-b0c8-4b5d-838a-6419d2679e57": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"error_logs\"" + }, + "visualization": { + "columns": [ + { + "columnId": "30d4769c-2c7b-492d-bd13-dbd0be6331ae", + "isTransposed": false + }, + { + "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", + "isTransposed": false + } + ], + "layerId": "818edf56-0abd-4454-a40a-9c48a9ccb60b", + "layerType": "data" + } + }, + "title": "Top 10 Recipients [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-818edf56-0abd-4454-a40a-9c48a9ccb60b", + "type": "index-pattern" + } + ] + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97", - "panelRefName": "panel_0", - "type": "lens", - "version": "7.17.0" + "panelIndex": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b6923de3-cac2-47e3-b36f-2bd1f4821098": { + "columnOrder": [ + "2002d5eb-0345-4f25-88e9-cac1c904bc99", + "d61dcbdd-2a90-4b16-85f1-070dc0ba109d" + ], + "columns": { + "2002d5eb-0345-4f25-88e9-cac1c904bc99": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "d61dcbdd-2a90-4b16-85f1-070dc0ba109d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"system\"" + }, + "visualization": { + "columns": [ + { + "columnId": "2002d5eb-0345-4f25-88e9-cac1c904bc99", + "isTransposed": false + }, + { + "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", + "isTransposed": false + } + ], + "layerId": "b6923de3-cac2-47e3-b36f-2bd1f4821098", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b", - "panelRefName": "panel_1", - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b6923de3-cac2-47e3-b36f-2bd1f4821098", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b", + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "29be06db-aa85-4914-8578-266c2829069c": { + "columnOrder": [ + "4b6916be-5bf4-49da-80ec-16fab2491238", + "d135bce7-6aed-4a4b-9550-6d1bcfa5b134" + ], + "columns": { + "4b6916be-5bf4-49da-80ec-16fab2491238": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Vendor Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.vendor_action" + }, + "d135bce7-6aed-4a4b-9550-6d1bcfa5b134": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"content_scanner\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "4b6916be-5bf4-49da-80ec-16fab2491238" + ], + "layerId": "29be06db-aa85-4914-8578-266c2829069c", + "layerType": "data", + "legendDisplay": "default", + "metric": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Content Scanner Events by Vendor Action [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-29be06db-aa85-4914-8578-266c2829069c", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 16, + "i": "f4b68a6e-421b-42b1-866c-100f504735d4", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "f4b68a6e-421b-42b1-866c-100f504735d4", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8cc04732-d3e2-4b65-aeac-fee7492adee6": { + "columnOrder": [ + "64ec49a9-78fd-4cb4-8c2b-e183f50b0526", + "4b3854d5-8b24-4472-a3b3-e2484749d658" + ], + "columns": { + "4b3854d5-8b24-4472-a3b3-e2484749d658": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "64ec49a9-78fd-4cb4-8c2b-e183f50b0526": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4b3854d5-8b24-4472-a3b3-e2484749d658", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object_category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"content_scanner\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "64ec49a9-78fd-4cb4-8c2b-e183f50b0526" + ], + "layerId": "8cc04732-d3e2-4b65-aeac-fee7492adee6", + "layerType": "data", + "legendDisplay": "default", + "metric": "4b3854d5-8b24-4472-a3b3-e2484749d658", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} + "title": "Distribution of Content Scanner Events by Object Category [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8cc04732-d3e2-4b65-aeac-fee7492adee6", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 16, + "i": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46", + "w": 15, + "x": 16, + "y": 15 + }, + "panelIndex": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b": { + "columnOrder": [ + "c6d33863-6a91-474c-891b-0a0930325222", + "08f66015-bfdb-489f-aea0-65ba4323e2f0" + ], + "columns": { + "08f66015-bfdb-489f-aea0-65ba4323e2f0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c6d33863-6a91-474c-891b-0a0930325222": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Alert Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "08f66015-bfdb-489f-aea0-65ba4323e2f0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.alert_category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"error_logs\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 16, - "i": "f4b68a6e-421b-42b1-866c-100f504735d4", - "w": 16, - "x": 0, - "y": 15 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "f4b68a6e-421b-42b1-866c-100f504735d4", - "panelRefName": "panel_2", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 16, - "i": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46", - "w": 15, - "x": 16, - "y": 15 + "layers": [ + { + "accessors": [ + "08f66015-bfdb-489f-aea0-65ba4323e2f0" + ], + "layerId": "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "c6d33863-6a91-474c-891b-0a0930325222" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46", - "panelRefName": "panel_3", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 16, - "i": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e", - "w": 17, - "x": 31, - "y": 15 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e", - "panelRefName": "panel_4", - "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Error, Content Scanner and System", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "cisco_secure_email_gateway-4312b680-b525-11ec-aa3c-afc0e710666b", - "name": "panel_0", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-5a647440-b51b-11ec-aa3c-afc0e710666b", - "name": "panel_1", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-d4a2bdf0-b527-11ec-aa3c-afc0e710666b", - "name": "panel_2", - "type": "lens" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-23bc6030-b528-11ec-aa3c-afc0e710666b", - "name": "panel_3", - "type": "lens" + "gridData": { + "h": 16, + "i": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e", + "w": 17, + "x": 31, + "y": 15 }, - { - "id": "cisco_secure_email_gateway-955c42b0-b577-11ec-aa3c-afc0e710666b", - "name": "panel_4", - "type": "lens" - } + "panelIndex": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e", + "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Error, Content Scanner and System", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97:indexpattern-datasource-layer-818edf56-0abd-4454-a40a-9c48a9ccb60b", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b:indexpattern-datasource-layer-b6923de3-cac2-47e3-b36f-2bd1f4821098", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f4b68a6e-421b-42b1-866c-100f504735d4:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f4b68a6e-421b-42b1-866c-100f504735d4:indexpattern-datasource-layer-29be06db-aa85-4914-8578-266c2829069c", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46:indexpattern-datasource-layer-8cc04732-d3e2-4b65-aeac-fee7492adee6", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e:indexpattern-datasource-layer-d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json index bef665766b9..5b878fe6dd5 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json @@ -1,332 +1,1413 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "id": "cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc1MSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "consolidated_event" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "consolidated_event" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0fcbd198-453c-4d42-9e5d-4920321e8cbb": { + "columnOrder": [ + "da5e80d9-05f2-4ffe-a208-fb3cb59702c7", + "63a10371-dab3-4bcc-8c94-9deb9ad801db" + ], + "columns": { + "63a10371-dab3-4bcc-8c94-9deb9ad801db": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "consolidated_event" + "da5e80d9-05f2-4ffe-a208-fb3cb59702c7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Listener Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "63a10371-dab3-4bcc-8c94-9deb9ad801db", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.direction" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "da5e80d9-05f2-4ffe-a208-fb3cb59702c7" + ], + "layerId": "0fcbd198-453c-4d42-9e5d-4920321e8cbb", + "layerType": "data", + "legendDisplay": "default", + "metric": "63a10371-dab3-4bcc-8c94-9deb9ad801db", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0fcbd198-453c-4d42-9e5d-4920321e8cbb", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "b11261c4-5064-4f70-9297-35e354c35e59", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "b11261c4-5064-4f70-9297-35e354c35e59", + "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5534c705-73de-4482-818b-4b48acea0af1": { + "columnOrder": [ + "11a0d6ef-3389-4d51-9658-7ae3d39462a8", + "50ecfbc3-6f73-409e-8445-c8254e49b032" + ], + "columns": { + "11a0d6ef-3389-4d51-9658-7ae3d39462a8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Outbreak Filters Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "50ecfbc3-6f73-409e-8445-c8254e49b032", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.outbreak_filter_verdict" }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "consolidated_event" - } + "50ecfbc3-6f73-409e-8445-c8254e49b032": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "11a0d6ef-3389-4d51-9658-7ae3d39462a8" + ], + "layerId": "5534c705-73de-4482-818b-4b48acea0af1", + "layerType": "data", + "legendDisplay": "default", + "metric": "50ecfbc3-6f73-409e-8445-c8254e49b032", + "nestedLegend": false, + "numberDisplay": "percent" + } ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + "shape": "pie" + } + }, + "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5534c705-73de-4482-818b-4b48acea0af1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad", + "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77": { + "columnOrder": [ + "764bb009-19ef-4869-aa16-a7eb988b2fa5", + "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" + ], + "columns": { + "764bb009-19ef-4869-aa16-a7eb988b2fa5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mail Flow Policy Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.mail_flow_policy" + }, + "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "764bb009-19ef-4869-aa16-a7eb988b2fa5" + }, + { + "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" + } + ], + "layerId": "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", + "layerType": "data" + } + }, + "title": "Top 10 Mail Flow Policy Name [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", + "type": "index-pattern" + } + ] + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "14f54d7b-75bc-44eb-a15f-c79876f5edb4", + "w": 24, + "x": 0, + "y": 15 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "b11261c4-5064-4f70-9297-35e354c35e59", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "b11261c4-5064-4f70-9297-35e354c35e59", - "panelRefName": "panel_0", - "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "panelIndex": "14f54d7b-75bc-44eb-a15f-c79876f5edb4", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "266b7fe0-231d-4c2a-973a-fc88a87f6b0e": { + "columnOrder": [ + "65aa90e8-5709-41df-aa29-56880e3b66a3", + "a2f6bdea-fd70-4b8d-9452-416c7b5840c7" + ], + "columns": { + "65aa90e8-5709-41df-aa29-56880e3b66a3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Helo Domain IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.helo.ip" + }, + "a2f6bdea-fd70-4b8d-9452-416c7b5840c7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "65aa90e8-5709-41df-aa29-56880e3b66a3", + "isTransposed": false + }, + { + "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", + "isTransposed": false + } + ], + "layerId": "266b7fe0-231d-4c2a-973a-fc88a87f6b0e", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad", - "panelRefName": "panel_1", - "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "title": "Top 10 Helo Domain IP [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-266b7fe0-231d-4c2a-973a-fc88a87f6b0e", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ef2e966e-52e1-4aa5-97d4-4f415bd80272": { + "columnOrder": [ + "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a", + "f4642514-e457-4c19-a2f4-802311e3a3fa" + ], + "columns": { + "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Graymail Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f4642514-e457-4c19-a2f4-802311e3a3fa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.graymail_verdict" + }, + "f4642514-e457-4c19-a2f4-802311e3a3fa": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a" + ], + "layerId": "ef2e966e-52e1-4aa5-97d4-4f415bd80272", + "layerType": "data", + "legendDisplay": "default", + "metric": "f4642514-e457-4c19-a2f4-802311e3a3fa", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "14f54d7b-75bc-44eb-a15f-c79876f5edb4", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "14f54d7b-75bc-44eb-a15f-c79876f5edb4", - "panelRefName": "panel_2", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ef2e966e-52e1-4aa5-97d4-4f415bd80272", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf", + "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9d0f1c67-8726-4c33-8c99-5c6616fd273c": { + "columnOrder": [ + "1e49a823-db00-4ed1-bdfd-63c58746120c", + "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0" + ], + "columns": { + "1e49a823-db00-4ed1-bdfd-63c58746120c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "AMP Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.amp_verdict" + }, + "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "1e49a823-db00-4ed1-bdfd-63c58746120c" + ], + "layerId": "9d0f1c67-8726-4c33-8c99-5c6616fd273c", + "layerType": "data", + "legendDisplay": "default", + "metric": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f", - "panelRefName": "panel_3", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9d0f1c67-8726-4c33-8c99-5c6616fd273c", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "fc2be34f-5ce2-48cc-a36d-8102d13f888f", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "fc2be34f-5ce2-48cc-a36d-8102d13f888f", + "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f": { + "columnOrder": [ + "d67f2de8-71ad-40c1-97da-732f12742c77", + "7599b0e8-574e-48da-8274-d0c65d2ee992" + ], + "columns": { + "7599b0e8-574e-48da-8274-d0c65d2ee992": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "d67f2de8-71ad-40c1-97da-732f12742c77": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "AS Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7599b0e8-574e-48da-8274-d0c65d2ee992", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.as_verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d67f2de8-71ad-40c1-97da-732f12742c77" + ], + "layerId": "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", + "layerType": "data", + "legendDisplay": "default", + "metric": "7599b0e8-574e-48da-8274-d0c65d2ee992", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf", - "panelRefName": "panel_4", - "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "a0228300-da78-48a7-9d70-cc93670887b5", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "a0228300-da78-48a7-9d70-cc93670887b5", + "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "11172da2-6f42-47a4-b1f4-cdbf8afdedd0": { + "columnOrder": [ + "567678aa-a7e3-4e65-93eb-68015622fc6a", + "4ce98a9d-67cd-44cc-96b8-b3d08f750b84" + ], + "columns": { + "4ce98a9d-67cd-44cc-96b8-b3d08f750b84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "567678aa-a7e3-4e65-93eb-68015622fc6a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "AV Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.av_verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "567678aa-a7e3-4e65-93eb-68015622fc6a" + ], + "layerId": "11172da2-6f42-47a4-b1f4-cdbf8afdedd0", + "layerType": "data", + "legendDisplay": "default", + "metric": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fc2be34f-5ce2-48cc-a36d-8102d13f888f", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "fc2be34f-5ce2-48cc-a36d-8102d13f888f", - "panelRefName": "panel_5", - "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-11172da2-6f42-47a4-b1f4-cdbf8afdedd0", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "0e21c3d8-a107-4c45-bb9e-c91763054347", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "0e21c3d8-a107-4c45-bb9e-c91763054347", + "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17b5a5b0-ab60-4ac9-918d-1471b17fc36a": { + "columnOrder": [ + "84b418b7-2bd5-473f-a0a9-6a15c5864123", + "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d" + ], + "columns": { + "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "84b418b7-2bd5-473f-a0a9-6a15c5864123": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "DLP Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.dlp_verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "84b418b7-2bd5-473f-a0a9-6a15c5864123" + ], + "layerId": "17b5a5b0-ab60-4ac9-918d-1471b17fc36a", + "layerType": "data", + "legendDisplay": "default", + "metric": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a0228300-da78-48a7-9d70-cc93670887b5", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "a0228300-da78-48a7-9d70-cc93670887b5", - "panelRefName": "panel_6", - "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17b5a5b0-ab60-4ac9-918d-1471b17fc36a", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "466b3df7-c128-470a-b24e-c83257b58e86", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "466b3df7-c128-470a-b24e-c83257b58e86", + "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cd9e61a8-35d1-4605-b150-d09bf82d3f00": { + "columnOrder": [ + "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5", + "31cee9bf-5352-45fa-8574-6cec1a2790c3" + ], + "columns": { + "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Content Filters Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "31cee9bf-5352-45fa-8574-6cec1a2790c3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.content_filter_verdict" + }, + "31cee9bf-5352-45fa-8574-6cec1a2790c3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5" + ], + "layerId": "cd9e61a8-35d1-4605-b150-d09bf82d3f00", + "layerType": "data", + "legendDisplay": "default", + "metric": "31cee9bf-5352-45fa-8574-6cec1a2790c3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "0e21c3d8-a107-4c45-bb9e-c91763054347", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "0e21c3d8-a107-4c45-bb9e-c91763054347", - "panelRefName": "panel_7", - "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cd9e61a8-35d1-4605-b150-d09bf82d3f00", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "dca786a1-5cf1-432b-b645-65378e3c4249", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "dca786a1-5cf1-432b-b645-65378e3c4249", + "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1f0830ca-67f7-48e3-8356-4495026c941d": { + "columnOrder": [ + "350b5032-a217-4f5b-afe2-13d5ed62a26e", + "6769baa6-3cdd-4ba5-a406-b5b10ae1a427" + ], + "columns": { + "350b5032-a217-4f5b-afe2-13d5ed62a26e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Appliance vendor", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.appliance.vendor" + }, + "6769baa6-3cdd-4ba5-a406-b5b10ae1a427": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "350b5032-a217-4f5b-afe2-13d5ed62a26e", + "isTransposed": false + }, + { + "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", + "isTransposed": false + } + ], + "layerId": "1f0830ca-67f7-48e3-8356-4495026c941d", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "title": "Top 10 Appliance vendor [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1f0830ca-67f7-48e3-8356-4495026c941d", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f", + "title": "Top 10 Appliance Vendor [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4315e942-ba49-474d-af76-6710ec550ad6": { + "columnOrder": [ + "e083e8f2-9f3a-4a86-9da1-5d14ac1653db", + "08e67d54-9697-4721-9ddc-ac4846ab92e6" + ], + "columns": { + "08e67d54-9697-4721-9ddc-ac4846ab92e6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e083e8f2-9f3a-4a86-9da1-5d14ac1653db": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Message Final Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "08e67d54-9697-4721-9ddc-ac4846ab92e6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.act" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "466b3df7-c128-470a-b24e-c83257b58e86", - "w": 24, - "x": 0, - "y": 60 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "466b3df7-c128-470a-b24e-c83257b58e86", - "panelRefName": "panel_8", - "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "dca786a1-5cf1-432b-b645-65378e3c4249", - "w": 24, - "x": 24, - "y": 60 + "layers": [ + { + "accessors": [ + "08e67d54-9697-4721-9ddc-ac4846ab92e6" + ], + "layerId": "4315e942-ba49-474d-af76-6710ec550ad6", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "e083e8f2-9f3a-4a86-9da1-5d14ac1653db" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "dca786a1-5cf1-432b-b645-65378e3c4249", - "panelRefName": "panel_9", - "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f", - "w": 24, - "x": 0, - "y": 75 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f", - "panelRefName": "panel_10", - "title": "Top 10 Appliance Vendor [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ab44d98a-a6f9-46db-93b5-8d982bb8164d", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "ab44d98a-a6f9-46db-93b5-8d982bb8164d", - "panelRefName": "panel_11", - "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Consolidated Event", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "cisco_secure_email_gateway-2ada7910-b51e-11ec-aa3c-afc0e710666b", - "name": "panel_0", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-fdc9a620-b51e-11ec-aa3c-afc0e710666b", - "name": "panel_1", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-8944e4d0-b51f-11ec-aa3c-afc0e710666b", - "name": "panel_2", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-bab80b00-b51f-11ec-aa3c-afc0e710666b", - "name": "panel_3", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-17219320-b520-11ec-aa3c-afc0e710666b", - "name": "panel_4", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-7b61ca30-b520-11ec-aa3c-afc0e710666b", - "name": "panel_5", - "type": "lens" + "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4315e942-ba49-474d-af76-6710ec550ad6", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-bd88e8d0-b520-11ec-aa3c-afc0e710666b", - "name": "panel_6", - "type": "lens" + "gridData": { + "h": 15, + "i": "ab44d98a-a6f9-46db-93b5-8d982bb8164d", + "w": 24, + "x": 24, + "y": 75 }, - { - "id": "cisco_secure_email_gateway-5eabfa40-b521-11ec-aa3c-afc0e710666b", - "name": "panel_7", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-4079ce10-b523-11ec-aa3c-afc0e710666b", - "name": "panel_8", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-e4b913a0-b523-11ec-aa3c-afc0e710666b", - "name": "panel_9", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-272885e0-b524-11ec-aa3c-afc0e710666b", - "name": "panel_10", - "type": "lens" - }, - { - "id": "cisco_secure_email_gateway-b15a0680-b524-11ec-aa3c-afc0e710666b", - "name": "panel_11", - "type": "lens" - } + "panelIndex": "ab44d98a-a6f9-46db-93b5-8d982bb8164d", + "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Consolidated Event", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "b11261c4-5064-4f70-9297-35e354c35e59:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b11261c4-5064-4f70-9297-35e354c35e59:indexpattern-datasource-layer-0fcbd198-453c-4d42-9e5d-4920321e8cbb", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad:indexpattern-datasource-layer-5534c705-73de-4482-818b-4b48acea0af1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14f54d7b-75bc-44eb-a15f-c79876f5edb4:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14f54d7b-75bc-44eb-a15f-c79876f5edb4:indexpattern-datasource-layer-fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f:indexpattern-datasource-layer-266b7fe0-231d-4c2a-973a-fc88a87f6b0e", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf:indexpattern-datasource-layer-ef2e966e-52e1-4aa5-97d4-4f415bd80272", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fc2be34f-5ce2-48cc-a36d-8102d13f888f:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fc2be34f-5ce2-48cc-a36d-8102d13f888f:indexpattern-datasource-layer-9d0f1c67-8726-4c33-8c99-5c6616fd273c", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a0228300-da78-48a7-9d70-cc93670887b5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a0228300-da78-48a7-9d70-cc93670887b5:indexpattern-datasource-layer-aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0e21c3d8-a107-4c45-bb9e-c91763054347:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0e21c3d8-a107-4c45-bb9e-c91763054347:indexpattern-datasource-layer-11172da2-6f42-47a4-b1f4-cdbf8afdedd0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "466b3df7-c128-470a-b24e-c83257b58e86:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "466b3df7-c128-470a-b24e-c83257b58e86:indexpattern-datasource-layer-17b5a5b0-ab60-4ac9-918d-1471b17fc36a", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dca786a1-5cf1-432b-b645-65378e3c4249:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dca786a1-5cf1-432b-b645-65378e3c4249:indexpattern-datasource-layer-cd9e61a8-35d1-4605-b150-d09bf82d3f00", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f:indexpattern-datasource-layer-1f0830ca-67f7-48e3-8356-4495026c941d", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab44d98a-a6f9-46db-93b5-8d982bb8164d:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab44d98a-a6f9-46db-93b5-8d982bb8164d:indexpattern-datasource-layer-4315e942-ba49-474d-af76-6710ec550ad6", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json index d1904128305..67c8f0b3f27 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json @@ -1,261 +1,1077 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "mail_logs" + "id": "cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc1MiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "mail_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "mail_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "779692f9-3e0c-4c4b-833f-ab67b6d44a95": { + "columnOrder": [ + "011d4b64-1db3-447f-896e-a198dd74186c", + "ae49f917-e61b-4cd6-b8fc-998b0802347d" + ], + "columns": { + "011d4b64-1db3-447f-896e-a198dd74186c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae49f917-e61b-4cd6-b8fc-998b0802347d", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.severity" }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "mail_logs" - } + "ae49f917-e61b-4cd6-b8fc-998b0802347d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "011d4b64-1db3-447f-896e-a198dd74186c" + ], + "layerId": "779692f9-3e0c-4c4b-833f-ab67b6d44a95", + "layerType": "data", + "legendDisplay": "default", + "metric": "ae49f917-e61b-4cd6-b8fc-998b0802347d", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-779692f9-3e0c-4c4b-833f-ab67b6d44a95", + "type": "index-pattern" + } + ] + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "964bf5b0-a59e-4378-856a-850bdfbad7bc", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "964bf5b0-a59e-4378-856a-850bdfbad7bc", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "964bf5b0-a59e-4378-856a-850bdfbad7bc", - "panelRefName": "panel_0", - "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a86df19f-3670-4f11-8c65-6f2a15ce360e", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "a86df19f-3670-4f11-8c65-6f2a15ce360e", - "panelRefName": "panel_1", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "61bc30e5-ddc7-4603-ae82-1b9da098f1be", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "61bc30e5-ddc7-4603-ae82-1b9da098f1be", - "panelRefName": "panel_2", - "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "panelIndex": "964bf5b0-a59e-4378-856a-850bdfbad7bc", + "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "28af0ace-bcd2-4e99-89aa-b01cac4be65f": { + "columnOrder": [ + "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", + "02da5f04-8364-4341-b24b-4e381bde6404" + ], + "columns": { + "02da5f04-8364-4341-b24b-4e381bde6404": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Receiver", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" + }, + "visualization": { + "columns": [ + { + "columnId": "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", + "isTransposed": false + }, + { + "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", + "isTransposed": false + } + ], + "layerId": "28af0ace-bcd2-4e99-89aa-b01cac4be65f", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "title": "Top 10 Receivers [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-28af0ace-bcd2-4e99-89aa-b01cac4be65f", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "a86df19f-3670-4f11-8c65-6f2a15ce360e", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "a86df19f-3670-4f11-8c65-6f2a15ce360e", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791": { + "columnOrder": [ + "775a45ba-8734-4350-9286-e0de448cbae2", + "e60ae8dd-f8ee-4d28-9051-64158ea09998" + ], + "columns": { + "775a45ba-8734-4350-9286-e0de448cbae2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Attribute", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e60ae8dd-f8ee-4d28-9051-64158ea09998", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object_attr" + }, + "e60ae8dd-f8ee-4d28-9051-64158ea09998": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "836dd851-3cec-4eb5-8995-651105e410f9", - "w": 24, - "x": 24, - "y": 15 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "836dd851-3cec-4eb5-8995-651105e410f9", - "panelRefName": "panel_3", - "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 16, - "i": "941b0a19-c57b-4888-bfc5-766bc30fe2fb", - "w": 17, - "x": 0, - "y": 30 + "layers": [ + { + "accessors": [ + "e60ae8dd-f8ee-4d28-9051-64158ea09998" + ], + "layerId": "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "775a45ba-8734-4350-9286-e0de448cbae2" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "941b0a19-c57b-4888-bfc5-766bc30fe2fb", - "panelRefName": "panel_4", - "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 16, - "i": "c550d9bb-f49b-420d-a583-96785a91f1d4", - "w": 15, - "x": 17, - "y": 30 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "c550d9bb-f49b-420d-a583-96785a91f1d4", - "panelRefName": "panel_5", - "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 16, - "i": "9421e841-9470-45c7-a3d4-7d4130a5c758", - "w": 16, - "x": 32, - "y": 30 - }, - "panelIndex": "9421e841-9470-45c7-a3d4-7d4130a5c758", - "panelRefName": "panel_6", - "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "61bc30e5-ddc7-4603-ae82-1b9da098f1be", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "61bc30e5-ddc7-4603-ae82-1b9da098f1be", + "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "28922e0d-d6e4-4a94-95f2-102ec6f181ac": { + "columnOrder": [ + "8a344e0b-f642-4c42-b815-60433dfbfbb9", + "c229ce5c-eb61-4540-853d-6cc2098ca1d2" + ], + "columns": { + "8a344e0b-f642-4c42-b815-60433dfbfbb9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Vendor Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.vendor_action" + }, + "c229ce5c-eb61-4540-853d-6cc2098ca1d2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "8a344e0b-f642-4c42-b815-60433dfbfbb9" + ], + "layerId": "28922e0d-d6e4-4a94-95f2-102ec6f181ac", + "layerType": "data", + "legendDisplay": "default", + "metric": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c", - "w": 24, - "x": 0, - "y": 46 - }, - "panelIndex": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c", - "panelRefName": "panel_7", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-28922e0d-d6e4-4a94-95f2-102ec6f181ac", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "836dd851-3cec-4eb5-8995-651105e410f9", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "836dd851-3cec-4eb5-8995-651105e410f9", + "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "103310a0-a5d9-4d8c-b1da-a8c57e13a563": { + "columnOrder": [ + "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa", + "1a58cfa2-a182-4a3f-8636-14e9474aa0ea" + ], + "columns": { + "1a58cfa2-a182-4a3f-8636-14e9474aa0ea": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connection Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.connection_status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa" + ], + "layerId": "103310a0-a5d9-4d8c-b1da-a8c57e13a563", + "layerType": "data", + "legendDisplay": "default", + "metric": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "48a59710-7086-459f-abef-72604a666d20", - "w": 24, - "x": 24, - "y": 46 - }, - "panelIndex": "48a59710-7086-459f-abef-72604a666d20", - "panelRefName": "panel_8", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Text Mail", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-103310a0-a5d9-4d8c-b1da-a8c57e13a563", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-9c04dc70-b578-11ec-aa3c-afc0e710666b", - "name": "panel_0", - "type": "lens" + "gridData": { + "h": 16, + "i": "941b0a19-c57b-4888-bfc5-766bc30fe2fb", + "w": 17, + "x": 0, + "y": 30 }, - { - "id": "cisco_secure_email_gateway-dabd1310-b578-11ec-aa3c-afc0e710666b", - "name": "panel_1", - "type": "lens" + "panelIndex": "941b0a19-c57b-4888-bfc5-766bc30fe2fb", + "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "71b0750f-93db-4016-9294-b408f583b750": { + "columnOrder": [ + "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b", + "45bb21c7-aa5f-4d67-a537-c878b32f0f23" + ], + "columns": { + "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Message Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.message_status" + }, + "45bb21c7-aa5f-4d67-a537-c878b32f0f23": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b" + ], + "layerId": "71b0750f-93db-4016-9294-b408f583b750", + "layerType": "data", + "legendDisplay": "default", + "metric": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-71b0750f-93db-4016-9294-b408f583b750", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-159f1460-b579-11ec-aa3c-afc0e710666b", - "name": "panel_2", - "type": "lens" + "gridData": { + "h": 16, + "i": "c550d9bb-f49b-420d-a583-96785a91f1d4", + "w": 15, + "x": 17, + "y": 30 }, - { - "id": "cisco_secure_email_gateway-6b544d80-b579-11ec-aa3c-afc0e710666b", - "name": "panel_3", - "type": "lens" + "panelIndex": "c550d9bb-f49b-420d-a583-96785a91f1d4", + "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4": { + "columnOrder": [ + "90afc0e9-dee1-46ee-8e96-31602ed929cb", + "f0096080-5bb8-4acd-b43d-a5d459fbae24" + ], + "columns": { + "90afc0e9-dee1-46ee-8e96-31602ed929cb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Network Protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f0096080-5bb8-4acd-b43d-a5d459fbae24", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "f0096080-5bb8-4acd-b43d-a5d459fbae24": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "90afc0e9-dee1-46ee-8e96-31602ed929cb" + ], + "layerId": "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", + "layerType": "data", + "legendDisplay": "default", + "metric": "f0096080-5bb8-4acd-b43d-a5d459fbae24", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-d26c0e90-b579-11ec-aa3c-afc0e710666b", - "name": "panel_4", - "type": "lens" + "gridData": { + "h": 16, + "i": "9421e841-9470-45c7-a3d4-7d4130a5c758", + "w": 16, + "x": 32, + "y": 30 }, - { - "id": "cisco_secure_email_gateway-fdee0eb0-b579-11ec-aa3c-afc0e710666b", - "name": "panel_5", - "type": "lens" + "panelIndex": "9421e841-9470-45c7-a3d4-7d4130a5c758", + "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "78976d98-602b-49ed-9fad-c111e8dd5d9c": { + "columnOrder": [ + "1246cdaf-b072-4a40-9ecc-4f0a83910265", + "a46515d5-4b24-47ee-bb4e-673b0c46d4db" + ], + "columns": { + "1246cdaf-b072-4a40-9ecc-4f0a83910265": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "DNS Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.name" + }, + "a46515d5-4b24-47ee-bb4e-673b0c46d4db": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "1246cdaf-b072-4a40-9ecc-4f0a83910265", + "isTransposed": false + }, + { + "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", + "isTransposed": false + } + ], + "layerId": "78976d98-602b-49ed-9fad-c111e8dd5d9c", + "layerType": "data" + } + }, + "title": "Top 10 DNS Host [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-78976d98-602b-49ed-9fad-c111e8dd5d9c", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-e36fdf40-b57a-11ec-aa3c-afc0e710666b", - "name": "panel_6", - "type": "lens" + "gridData": { + "h": 15, + "i": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c", + "w": 24, + "x": 0, + "y": 46 }, - { - "id": "cisco_secure_email_gateway-3e387e10-b57a-11ec-aa3c-afc0e710666b", - "name": "panel_7", - "type": "lens" + "panelIndex": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441": { + "columnOrder": [ + "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8", + "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" + ], + "columns": { + "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object" + }, + "9e9261cd-f646-4a17-acf9-b6fb69bf03e2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" + }, + "visualization": { + "columns": [ + { + "columnId": "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8" + }, + { + "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" + } + ], + "layerId": "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", + "layerType": "data" + } + }, + "title": "Top 10 Object [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-973c1ee0-b57a-11ec-aa3c-afc0e710666b", - "name": "panel_8", - "type": "lens" - } + "gridData": { + "h": 15, + "i": "48a59710-7086-459f-abef-72604a666d20", + "w": 24, + "x": 24, + "y": 46 + }, + "panelIndex": "48a59710-7086-459f-abef-72604a666d20", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Text Mail", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "964bf5b0-a59e-4378-856a-850bdfbad7bc:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "964bf5b0-a59e-4378-856a-850bdfbad7bc:indexpattern-datasource-layer-779692f9-3e0c-4c4b-833f-ab67b6d44a95", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a86df19f-3670-4f11-8c65-6f2a15ce360e:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a86df19f-3670-4f11-8c65-6f2a15ce360e:indexpattern-datasource-layer-28af0ace-bcd2-4e99-89aa-b01cac4be65f", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "61bc30e5-ddc7-4603-ae82-1b9da098f1be:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "61bc30e5-ddc7-4603-ae82-1b9da098f1be:indexpattern-datasource-layer-dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "836dd851-3cec-4eb5-8995-651105e410f9:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "836dd851-3cec-4eb5-8995-651105e410f9:indexpattern-datasource-layer-28922e0d-d6e4-4a94-95f2-102ec6f181ac", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "941b0a19-c57b-4888-bfc5-766bc30fe2fb:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "941b0a19-c57b-4888-bfc5-766bc30fe2fb:indexpattern-datasource-layer-103310a0-a5d9-4d8c-b1da-a8c57e13a563", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c550d9bb-f49b-420d-a583-96785a91f1d4:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c550d9bb-f49b-420d-a583-96785a91f1d4:indexpattern-datasource-layer-71b0750f-93db-4016-9294-b408f583b750", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9421e841-9470-45c7-a3d4-7d4130a5c758:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9421e841-9470-45c7-a3d4-7d4130a5c758:indexpattern-datasource-layer-cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c:indexpattern-datasource-layer-78976d98-602b-49ed-9fad-c111e8dd5d9c", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48a59710-7086-459f-abef-72604a666d20:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48a59710-7086-459f-abef-72604a666d20:indexpattern-datasource-layer-e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json index f91652e3358..58df3f70e41 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json @@ -1,146 +1,492 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "id": "cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:31:04.682Z", + "version": "Wzc1MywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "bounces" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "bounces" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f59bf14d-1826-4672-a636-96713e17bf3d": { + "columnOrder": [ + "c5045d93-c903-4f4f-a653-1ee275ee5f1f", + "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c" + ], + "columns": { + "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "bounces" + "c5045d93-c903-4f4f-a653-1ee275ee5f1f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Bounce Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", + "type": "column" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "bounces" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.bounce_type" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c5045d93-c903-4f4f-a653-1ee275ee5f1f" + ], + "layerId": "f59bf14d-1826-4672-a636-96713e17bf3d", + "layerType": "data", + "legendDisplay": "default", + "metric": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Bounce Events by Bounce type [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bf14d-1826-4672-a636-96713e17bf3d", + "type": "index-pattern" + } + ] + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "639d7ded-5352-4627-beb3-eb311f3318d8", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "639d7ded-5352-4627-beb3-eb311f3318d8", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "639d7ded-5352-4627-beb3-eb311f3318d8", - "panelRefName": "panel_0", - "title": "Distribution of Bounce Events by Bounce Type [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "85d72fcb-35a5-469f-b27d-1fb5e82ca891", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "85d72fcb-35a5-469f-b27d-1fb5e82ca891", - "panelRefName": "panel_1", - "type": "lens", - "version": "7.17.0" + "panelIndex": "639d7ded-5352-4627-beb3-eb311f3318d8", + "title": "Distribution of Bounce Events by Bounce Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5283a6c5-2dfa-4758-99c0-567b3c5b187c": { + "columnOrder": [ + "c606b455-7a81-4667-9520-2ae212768375", + "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe" + ], + "columns": { + "c606b455-7a81-4667-9520-2ae212768375": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sender", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.from.address" + }, + "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "c606b455-7a81-4667-9520-2ae212768375", + "isTransposed": false + }, + { + "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", + "isTransposed": false + } + ], + "layerId": "5283a6c5-2dfa-4758-99c0-567b3c5b187c", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3", - "panelRefName": "panel_2", - "type": "lens", - "version": "7.17.0" + "title": "Top 10 Sender [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5283a6c5-2dfa-4758-99c0-567b3c5b187c", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "85d72fcb-35a5-469f-b27d-1fb5e82ca891", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "85d72fcb-35a5-469f-b27d-1fb5e82ca891", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1aef4ea3-e481-42a1-b355-8c667e236324": { + "columnOrder": [ + "50a245e4-241d-429f-b5c4-c7144eb4f76c", + "0ec405bd-21bc-49e3-a131-7e54edae86db" + ], + "columns": { + "0ec405bd-21bc-49e3-a131-7e54edae86db": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "50a245e4-241d-429f-b5c4-c7144eb4f76c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Receiver", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "50a245e4-241d-429f-b5c4-c7144eb4f76c", + "isTransposed": false + }, + { + "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", + "isTransposed": false + } + ], + "layerId": "1aef4ea3-e481-42a1-b355-8c667e236324", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "78094ff3-8433-4298-9b15-cde20f055619", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "78094ff3-8433-4298-9b15-cde20f055619", - "panelRefName": "panel_3", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Bounce", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Top 10 Receiver [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1aef4ea3-e481-42a1-b355-8c667e236324", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-31a12320-b514-11ec-aa3c-afc0e710666b", - "name": "panel_0", - "type": "lens" + "gridData": { + "h": 15, + "i": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "cisco_secure_email_gateway-69210db0-b514-11ec-aa3c-afc0e710666b", - "name": "panel_1", - "type": "lens" + "panelIndex": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d9f68bb4-618e-4b30-814c-201e302ee9c9": { + "columnOrder": [ + "869adebc-36ff-411a-b8c0-b324b1faa097", + "e91fac87-d093-46e6-8ca9-65ed84915897" + ], + "columns": { + "869adebc-36ff-411a-b8c0-b324b1faa097": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.reason" + }, + "e91fac87-d093-46e6-8ca9-65ed84915897": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + }, + "visualization": { + "columns": [ + { + "columnId": "869adebc-36ff-411a-b8c0-b324b1faa097" + }, + { + "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897" + } + ], + "layerId": "d9f68bb4-618e-4b30-814c-201e302ee9c9", + "layerType": "data" + } + }, + "title": "Top 10 Reason [Logs Cisco Secure Email Gateway]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d9f68bb4-618e-4b30-814c-201e302ee9c9", + "type": "index-pattern" + } + ] + } }, - { - "id": "cisco_secure_email_gateway-ac56b620-b514-11ec-aa3c-afc0e710666b", - "name": "panel_2", - "type": "lens" + "gridData": { + "h": 15, + "i": "78094ff3-8433-4298-9b15-cde20f055619", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "cisco_secure_email_gateway-d2d9b860-b514-11ec-aa3c-afc0e710666b", - "name": "panel_3", - "type": "lens" - } + "panelIndex": "78094ff3-8433-4298-9b15-cde20f055619", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Bounce", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "639d7ded-5352-4627-beb3-eb311f3318d8:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "639d7ded-5352-4627-beb3-eb311f3318d8:indexpattern-datasource-layer-f59bf14d-1826-4672-a636-96713e17bf3d", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85d72fcb-35a5-469f-b27d-1fb5e82ca891:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85d72fcb-35a5-469f-b27d-1fb5e82ca891:indexpattern-datasource-layer-5283a6c5-2dfa-4758-99c0-567b3c5b187c", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3:indexpattern-datasource-layer-1aef4ea3-e481-42a1-b355-8c667e236324", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "78094ff3-8433-4298-9b15-cde20f055619:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "78094ff3-8433-4298-9b15-cde20f055619:indexpattern-datasource-layer-d9f68bb4-618e-4b30-814c-201e302ee9c9", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-159f1460-b579-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-159f1460-b579-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index e460db3f3ad..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-159f1460-b579-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791": { - "columnOrder": [ - "775a45ba-8734-4350-9286-e0de448cbae2", - "e60ae8dd-f8ee-4d28-9051-64158ea09998" - ], - "columns": { - "775a45ba-8734-4350-9286-e0de448cbae2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Attribute", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e60ae8dd-f8ee-4d28-9051-64158ea09998", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object_attr" - }, - "e60ae8dd-f8ee-4d28-9051-64158ea09998": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e60ae8dd-f8ee-4d28-9051-64158ea09998" - ], - "layerId": "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "775a45ba-8734-4350-9286-e0de448cbae2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-159f1460-b579-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-17219320-b520-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-17219320-b520-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 7db2c4a09db..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-17219320-b520-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ef2e966e-52e1-4aa5-97d4-4f415bd80272": { - "columnOrder": [ - "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a", - "f4642514-e457-4c19-a2f4-802311e3a3fa" - ], - "columns": { - "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Graymail Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f4642514-e457-4c19-a2f4-802311e3a3fa", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.graymail_verdict" - }, - "f4642514-e457-4c19-a2f4-802311e3a3fa": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a" - ], - "layerId": "ef2e966e-52e1-4aa5-97d4-4f415bd80272", - "layerType": "data", - "legendDisplay": "default", - "metric": "f4642514-e457-4c19-a2f4-802311e3a3fa", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-17219320-b520-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ef2e966e-52e1-4aa5-97d4-4f415bd80272", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-1c1ef970-b517-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-1c1ef970-b517-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index d620f86431e..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-1c1ef970-b517-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d11b7b35-4452-4d96-aedb-cfa76248e087": { - "columnOrder": [ - "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885", - "9d948240-967b-4c51-828f-3b950b5beca5" - ], - "columns": { - "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9d948240-967b-4c51-828f-3b950b5beca5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object_category" - }, - "9d948240-967b-4c51-828f-3b950b5beca5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"antispam\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885" - ], - "layerId": "d11b7b35-4452-4d96-aedb-cfa76248e087", - "layerType": "data", - "legendDisplay": "default", - "metric": "9d948240-967b-4c51-828f-3b950b5beca5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-1c1ef970-b517-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d11b7b35-4452-4d96-aedb-cfa76248e087", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-23bc6030-b528-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-23bc6030-b528-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 47197b71a2c..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-23bc6030-b528-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8cc04732-d3e2-4b65-aeac-fee7492adee6": { - "columnOrder": [ - "64ec49a9-78fd-4cb4-8c2b-e183f50b0526", - "4b3854d5-8b24-4472-a3b3-e2484749d658" - ], - "columns": { - "4b3854d5-8b24-4472-a3b3-e2484749d658": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "64ec49a9-78fd-4cb4-8c2b-e183f50b0526": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4b3854d5-8b24-4472-a3b3-e2484749d658", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object_category" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"content_scanner\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "64ec49a9-78fd-4cb4-8c2b-e183f50b0526" - ], - "layerId": "8cc04732-d3e2-4b65-aeac-fee7492adee6", - "layerType": "data", - "legendDisplay": "default", - "metric": "4b3854d5-8b24-4472-a3b3-e2484749d658", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Content Scanner Events by Object Category [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-23bc6030-b528-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8cc04732-d3e2-4b65-aeac-fee7492adee6", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-272885e0-b524-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-272885e0-b524-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 3539373e347..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-272885e0-b524-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1f0830ca-67f7-48e3-8356-4495026c941d": { - "columnOrder": [ - "350b5032-a217-4f5b-afe2-13d5ed62a26e", - "6769baa6-3cdd-4ba5-a406-b5b10ae1a427" - ], - "columns": { - "350b5032-a217-4f5b-afe2-13d5ed62a26e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Appliance vendor", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.appliance.vendor" - }, - "6769baa6-3cdd-4ba5-a406-b5b10ae1a427": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "350b5032-a217-4f5b-afe2-13d5ed62a26e", - "isTransposed": false - }, - { - "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", - "isTransposed": false - } - ], - "layerId": "1f0830ca-67f7-48e3-8356-4495026c941d", - "layerType": "data" - } - }, - "title": "Top 10 Appliance vendor [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-272885e0-b524-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1f0830ca-67f7-48e3-8356-4495026c941d", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2ada7910-b51e-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2ada7910-b51e-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index f1b80ae6e0a..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2ada7910-b51e-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0fcbd198-453c-4d42-9e5d-4920321e8cbb": { - "columnOrder": [ - "da5e80d9-05f2-4ffe-a208-fb3cb59702c7", - "63a10371-dab3-4bcc-8c94-9deb9ad801db" - ], - "columns": { - "63a10371-dab3-4bcc-8c94-9deb9ad801db": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "da5e80d9-05f2-4ffe-a208-fb3cb59702c7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Listener Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "63a10371-dab3-4bcc-8c94-9deb9ad801db", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.direction" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "da5e80d9-05f2-4ffe-a208-fb3cb59702c7" - ], - "layerId": "0fcbd198-453c-4d42-9e5d-4920321e8cbb", - "layerType": "data", - "legendDisplay": "default", - "metric": "63a10371-dab3-4bcc-8c94-9deb9ad801db", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-2ada7910-b51e-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0fcbd198-453c-4d42-9e5d-4920321e8cbb", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2bfd5260-b517-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2bfd5260-b517-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 4deaa68b802..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-2bfd5260-b517-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6a329d99-3de7-4396-9481-07cff7118b75": { - "columnOrder": [ - "94df3128-28b6-4f27-897f-bcb44d3c7196", - "2eeef2a5-4721-49f0-bdf3-e39e05c95999" - ], - "columns": { - "2eeef2a5-4721-49f0-bdf3-e39e05c95999": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "94df3128-28b6-4f27-897f-bcb44d3c7196": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"antispam\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "94df3128-28b6-4f27-897f-bcb44d3c7196" - ], - "layerId": "6a329d99-3de7-4396-9481-07cff7118b75", - "layerType": "data", - "legendDisplay": "default", - "metric": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-2bfd5260-b517-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6a329d99-3de7-4396-9481-07cff7118b75", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-31a12320-b514-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-31a12320-b514-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index d79d70e84e2..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-31a12320-b514-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f59bf14d-1826-4672-a636-96713e17bf3d": { - "columnOrder": [ - "c5045d93-c903-4f4f-a653-1ee275ee5f1f", - "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c" - ], - "columns": { - "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c5045d93-c903-4f4f-a653-1ee275ee5f1f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Bounce Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.bounce_type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c5045d93-c903-4f4f-a653-1ee275ee5f1f" - ], - "layerId": "f59bf14d-1826-4672-a636-96713e17bf3d", - "layerType": "data", - "legendDisplay": "default", - "metric": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Bounce Events by Bounce type [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-31a12320-b514-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f59bf14d-1826-4672-a636-96713e17bf3d", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-39138ed0-b510-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-39138ed0-b510-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 90b214a5879..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-39138ed0-b510-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "da50ed80-3cbc-4559-bef0-e3db5de2fb16": { - "columnOrder": [ - "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", - "722a910a-7f85-47f2-9eea-8a13c4faaed5" - ], - "columns": { - "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Malware Threat", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.malware" - }, - "722a910a-7f85-47f2-9eea-8a13c4faaed5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", - "isTransposed": false - }, - { - "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", - "isTransposed": false - } - ], - "layerId": "da50ed80-3cbc-4559-bef0-e3db5de2fb16", - "layerType": "data" - } - }, - "title": "Top 10 Malware Threat [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-39138ed0-b510-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-da50ed80-3cbc-4559-bef0-e3db5de2fb16", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-3e387e10-b57a-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-3e387e10-b57a-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 7b640de955d..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-3e387e10-b57a-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "78976d98-602b-49ed-9fad-c111e8dd5d9c": { - "columnOrder": [ - "1246cdaf-b072-4a40-9ecc-4f0a83910265", - "a46515d5-4b24-47ee-bb4e-673b0c46d4db" - ], - "columns": { - "1246cdaf-b072-4a40-9ecc-4f0a83910265": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "DNS Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.name" - }, - "a46515d5-4b24-47ee-bb4e-673b0c46d4db": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "1246cdaf-b072-4a40-9ecc-4f0a83910265", - "isTransposed": false - }, - { - "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", - "isTransposed": false - } - ], - "layerId": "78976d98-602b-49ed-9fad-c111e8dd5d9c", - "layerType": "data" - } - }, - "title": "Top 10 DNS Host [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-3e387e10-b57a-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-78976d98-602b-49ed-9fad-c111e8dd5d9c", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4079ce10-b523-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4079ce10-b523-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index c71cee27f98..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4079ce10-b523-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17b5a5b0-ab60-4ac9-918d-1471b17fc36a": { - "columnOrder": [ - "84b418b7-2bd5-473f-a0a9-6a15c5864123", - "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d" - ], - "columns": { - "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "84b418b7-2bd5-473f-a0a9-6a15c5864123": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "DLP Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.dlp_verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "84b418b7-2bd5-473f-a0a9-6a15c5864123" - ], - "layerId": "17b5a5b0-ab60-4ac9-918d-1471b17fc36a", - "layerType": "data", - "legendDisplay": "default", - "metric": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-4079ce10-b523-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17b5a5b0-ab60-4ac9-918d-1471b17fc36a", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-40ba5f40-b580-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-40ba5f40-b580-11ec-b665-f79f0daaad54.json deleted file mode 100644 index 9d226eafa05..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-40ba5f40-b580-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "deefc302-2a9c-4c62-8b64-db0656a1e201": { - "columnOrder": [ - "1a75a065-b075-4708-974f-e4460b593062", - "47d341a9-66d9-478c-83ed-faf1b8e6142f" - ], - "columns": { - "1a75a065-b075-4708-974f-e4460b593062": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Host IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.ip" - }, - "47d341a9-66d9-478c-83ed-faf1b8e6142f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "1a75a065-b075-4708-974f-e4460b593062", - "isTransposed": false - }, - { - "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", - "isTransposed": false - } - ], - "layerId": "deefc302-2a9c-4c62-8b64-db0656a1e201", - "layerType": "data" - } - }, - "title": "Top 10 Host IP [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-40ba5f40-b580-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-deefc302-2a9c-4c62-8b64-db0656a1e201", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4312b680-b525-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4312b680-b525-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 8889eb385a7..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-4312b680-b525-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "818edf56-0abd-4454-a40a-9c48a9ccb60b": { - "columnOrder": [ - "30d4769c-2c7b-492d-bd13-dbd0be6331ae", - "4b2b840d-b0c8-4b5d-838a-6419d2679e57" - ], - "columns": { - "30d4769c-2c7b-492d-bd13-dbd0be6331ae": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - }, - "4b2b840d-b0c8-4b5d-838a-6419d2679e57": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"error_logs\"" - }, - "visualization": { - "columns": [ - { - "columnId": "30d4769c-2c7b-492d-bd13-dbd0be6331ae", - "isTransposed": false - }, - { - "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", - "isTransposed": false - } - ], - "layerId": "818edf56-0abd-4454-a40a-9c48a9ccb60b", - "layerType": "data" - } - }, - "title": "Top 10 Recipients [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-4312b680-b525-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-818edf56-0abd-4454-a40a-9c48a9ccb60b", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-50401f90-b63e-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-50401f90-b63e-11ec-b665-f79f0daaad54.json deleted file mode 100644 index 36086672f1e..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-50401f90-b63e-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3580df6b-ad09-48fd-a1a5-82f760b16cdd": { - "columnOrder": [ - "eeafffce-6abd-40c9-9615-6707e18801b6", - "31ca0397-55c6-4109-a00c-b79e85754ffa" - ], - "columns": { - "31ca0397-55c6-4109-a00c-b79e85754ffa": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "eeafffce-6abd-40c9-9615-6707e18801b6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Username", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"authentication\"" - }, - "visualization": { - "columns": [ - { - "columnId": "eeafffce-6abd-40c9-9615-6707e18801b6", - "isTransposed": false - }, - { - "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", - "isTransposed": false - } - ], - "layerId": "3580df6b-ad09-48fd-a1a5-82f760b16cdd", - "layerType": "data" - } - }, - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-50401f90-b63e-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3580df6b-ad09-48fd-a1a5-82f760b16cdd", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-567de1b0-b50f-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-567de1b0-b50f-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index bc54edcab98..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-567de1b0-b50f-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc": { - "columnOrder": [ - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285", - "40ee8622-c392-4ec5-bc21-d912f381c282" - ], - "columns": { - "40ee8622-c392-4ec5-bc21-d912f381c282": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "40ee8622-c392-4ec5-bc21-d912f381c282", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.content_type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285" - ], - "layerId": "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", - "layerType": "data", - "legendDisplay": "default", - "metric": "40ee8622-c392-4ec5-bc21-d912f381c282", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-567de1b0-b50f-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5a647440-b51b-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5a647440-b51b-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index e9393c183d8..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5a647440-b51b-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b6923de3-cac2-47e3-b36f-2bd1f4821098": { - "columnOrder": [ - "2002d5eb-0345-4f25-88e9-cac1c904bc99", - "d61dcbdd-2a90-4b16-85f1-070dc0ba109d" - ], - "columns": { - "2002d5eb-0345-4f25-88e9-cac1c904bc99": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Username", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "d61dcbdd-2a90-4b16-85f1-070dc0ba109d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"system\"" - }, - "visualization": { - "columns": [ - { - "columnId": "2002d5eb-0345-4f25-88e9-cac1c904bc99", - "isTransposed": false - }, - { - "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", - "isTransposed": false - } - ], - "layerId": "b6923de3-cac2-47e3-b36f-2bd1f4821098", - "layerType": "data" - } - }, - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-5a647440-b51b-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b6923de3-cac2-47e3-b36f-2bd1f4821098", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5eabfa40-b521-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5eabfa40-b521-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 69fc6693fbc..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5eabfa40-b521-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "11172da2-6f42-47a4-b1f4-cdbf8afdedd0": { - "columnOrder": [ - "567678aa-a7e3-4e65-93eb-68015622fc6a", - "4ce98a9d-67cd-44cc-96b8-b3d08f750b84" - ], - "columns": { - "4ce98a9d-67cd-44cc-96b8-b3d08f750b84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "567678aa-a7e3-4e65-93eb-68015622fc6a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "AV Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.av_verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "567678aa-a7e3-4e65-93eb-68015622fc6a" - ], - "layerId": "11172da2-6f42-47a4-b1f4-cdbf8afdedd0", - "layerType": "data", - "legendDisplay": "default", - "metric": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-5eabfa40-b521-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-11172da2-6f42-47a4-b1f4-cdbf8afdedd0", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5f08da90-b511-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5f08da90-b511-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 4db14e271ec..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-5f08da90-b511-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8b6d5f6d-b1c9-4860-917a-ecac06f34b10": { - "columnOrder": [ - "a3111dae-5b02-4296-88ff-61197bd0f3f9", - "c3597c7d-4468-4194-8f2d-a453ced98438" - ], - "columns": { - "a3111dae-5b02-4296-88ff-61197bd0f3f9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Mime Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c3597c7d-4468-4194-8f2d-a453ced98438", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.attachments.file.mime_type" - }, - "c3597c7d-4468-4194-8f2d-a453ced98438": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a3111dae-5b02-4296-88ff-61197bd0f3f9" - ], - "layerId": "8b6d5f6d-b1c9-4860-917a-ecac06f34b10", - "layerType": "data", - "legendDisplay": "default", - "metric": "c3597c7d-4468-4194-8f2d-a453ced98438", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-5f08da90-b511-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8b6d5f6d-b1c9-4860-917a-ecac06f34b10", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-60df7e90-b63e-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-60df7e90-b63e-11ec-b665-f79f0daaad54.json deleted file mode 100644 index 1ddc45965a9..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-60df7e90-b63e-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0c19b962-3c1b-47bd-b455-08fe74f0d713": { - "columnOrder": [ - "5633dc67-ee99-44e0-9fc9-1eeb069871a7", - "df66b654-83dc-4985-830d-a241adefbc2c" - ], - "columns": { - "5633dc67-ee99-44e0-9fc9-1eeb069871a7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "df66b654-83dc-4985-830d-a241adefbc2c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - }, - "df66b654-83dc-4985-830d-a241adefbc2c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"authentication\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "5633dc67-ee99-44e0-9fc9-1eeb069871a7" - ], - "layerId": "0c19b962-3c1b-47bd-b455-08fe74f0d713", - "layerType": "data", - "legendDisplay": "default", - "metric": "df66b654-83dc-4985-830d-a241adefbc2c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-60df7e90-b63e-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0c19b962-3c1b-47bd-b455-08fe74f0d713", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69210db0-b514-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69210db0-b514-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 0e6fb078df8..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69210db0-b514-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5283a6c5-2dfa-4758-99c0-567b3c5b187c": { - "columnOrder": [ - "c606b455-7a81-4667-9520-2ae212768375", - "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe" - ], - "columns": { - "c606b455-7a81-4667-9520-2ae212768375": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Sender", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.from.address" - }, - "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "c606b455-7a81-4667-9520-2ae212768375", - "isTransposed": false - }, - { - "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", - "isTransposed": false - } - ], - "layerId": "5283a6c5-2dfa-4758-99c0-567b3c5b187c", - "layerType": "data" - } - }, - "title": "Top 10 Sender [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-69210db0-b514-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5283a6c5-2dfa-4758-99c0-567b3c5b187c", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69897df0-b58c-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69897df0-b58c-11ec-b665-f79f0daaad54.json deleted file mode 100644 index d5a2aa2d81e..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-69897df0-b58c-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "57751ffc-a4b1-4c64-88ce-1e692814b206": { - "columnOrder": [ - "23017c0a-ce72-475c-a40c-9f98f6036ea5", - "43da0051-67fe-4cab-9dcd-acd44e8eede1" - ], - "columns": { - "23017c0a-ce72-475c-a40c-9f98f6036ea5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "43da0051-67fe-4cab-9dcd-acd44e8eede1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "23017c0a-ce72-475c-a40c-9f98f6036ea5", - "isTransposed": false - }, - { - "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", - "isTransposed": false - } - ], - "layerId": "57751ffc-a4b1-4c64-88ce-1e692814b206", - "layerType": "data" - } - }, - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-69897df0-b58c-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-57751ffc-a4b1-4c64-88ce-1e692814b206", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6b544d80-b579-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6b544d80-b579-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index cab94ac252e..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6b544d80-b579-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "28922e0d-d6e4-4a94-95f2-102ec6f181ac": { - "columnOrder": [ - "8a344e0b-f642-4c42-b815-60433dfbfbb9", - "c229ce5c-eb61-4540-853d-6cc2098ca1d2" - ], - "columns": { - "8a344e0b-f642-4c42-b815-60433dfbfbb9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Vendor Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.vendor_action" - }, - "c229ce5c-eb61-4540-853d-6cc2098ca1d2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "8a344e0b-f642-4c42-b815-60433dfbfbb9" - ], - "layerId": "28922e0d-d6e4-4a94-95f2-102ec6f181ac", - "layerType": "data", - "legendDisplay": "default", - "metric": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-6b544d80-b579-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-28922e0d-d6e4-4a94-95f2-102ec6f181ac", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6e7a9920-b58c-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6e7a9920-b58c-11ec-b665-f79f0daaad54.json deleted file mode 100644 index 0cfe5a5b8d2..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-6e7a9920-b58c-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0c3a1ff3-eb26-42fd-8196-49c12251bd49": { - "columnOrder": [ - "cebc1213-bb3f-4000-b747-5f0b0c608b4b", - "e1416011-657e-40b0-9af8-ff3bcbdf0617" - ], - "columns": { - "cebc1213-bb3f-4000-b747-5f0b0c608b4b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Agent Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1416011-657e-40b0-9af8-ff3bcbdf0617", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user_agent.name" - }, - "e1416011-657e-40b0-9af8-ff3bcbdf0617": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "cebc1213-bb3f-4000-b747-5f0b0c608b4b" - ], - "layerId": "0c3a1ff3-eb26-42fd-8196-49c12251bd49", - "layerType": "data", - "legendDisplay": "default", - "metric": "e1416011-657e-40b0-9af8-ff3bcbdf0617", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of GUI Events by User Agent Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-6e7a9920-b58c-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0c3a1ff3-eb26-42fd-8196-49c12251bd49", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-72f24920-b58d-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-72f24920-b58d-11ec-b665-f79f0daaad54.json deleted file mode 100644 index d665143dc6a..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-72f24920-b58d-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "58c79990-e129-4e1d-a7c5-2f663c86109f": { - "columnOrder": [ - "7e1dc911-a513-41bd-9e56-5366699d06e0", - "9a441fcb-5153-497e-85dc-6d3efb3b54cc", - "1abb990c-1e38-4ba3-b160-b0cea323aefc" - ], - "columns": { - "1abb990c-1e38-4ba3-b160-b0cea323aefc": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7e1dc911-a513-41bd-9e56-5366699d06e0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user_agent.os.name" - }, - "9a441fcb-5153-497e-85dc-6d3efb3b54cc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Version", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user_agent.os.version" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7e1dc911-a513-41bd-9e56-5366699d06e0", - "9a441fcb-5153-497e-85dc-6d3efb3b54cc" - ], - "layerId": "58c79990-e129-4e1d-a7c5-2f663c86109f", - "layerType": "data", - "legendDisplay": "default", - "metric": "1abb990c-1e38-4ba3-b160-b0cea323aefc", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-72f24920-b58d-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-58c79990-e129-4e1d-a7c5-2f663c86109f", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-76438ce0-b512-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-76438ce0-b512-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index f630fb93480..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-76438ce0-b512-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "52251872-020b-4855-9c01-fbebd4df0064": { - "columnOrder": [ - "585842e9-697b-43a6-99cb-e905245ce2e2", - "1c89cec4-799f-407c-a53c-d4f2332d7966" - ], - "columns": { - "1c89cec4-799f-407c-a53c-d4f2332d7966": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "585842e9-697b-43a6-99cb-e905245ce2e2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1c89cec4-799f-407c-a53c-d4f2332d7966", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "585842e9-697b-43a6-99cb-e905245ce2e2" - ], - "layerId": "52251872-020b-4855-9c01-fbebd4df0064", - "layerType": "data", - "legendDisplay": "default", - "metric": "1c89cec4-799f-407c-a53c-d4f2332d7966", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-76438ce0-b512-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-52251872-020b-4855-9c01-fbebd4df0064", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-7b61ca30-b520-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-7b61ca30-b520-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index c40fe6807a0..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-7b61ca30-b520-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9d0f1c67-8726-4c33-8c99-5c6616fd273c": { - "columnOrder": [ - "1e49a823-db00-4ed1-bdfd-63c58746120c", - "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0" - ], - "columns": { - "1e49a823-db00-4ed1-bdfd-63c58746120c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "AMP Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.amp_verdict" - }, - "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "1e49a823-db00-4ed1-bdfd-63c58746120c" - ], - "layerId": "9d0f1c67-8726-4c33-8c99-5c6616fd273c", - "layerType": "data", - "legendDisplay": "default", - "metric": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-7b61ca30-b520-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9d0f1c67-8726-4c33-8c99-5c6616fd273c", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-80cc7570-b510-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-80cc7570-b510-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 939c91d10c0..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-80cc7570-b510-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc97ded6-1926-428a-a6d3-d13b3b47b8ba": { - "columnOrder": [ - "50f68a81-af9c-4a46-8f31-49957891f03e", - "536e9932-8f25-4096-a1f1-cc40da5e099b" - ], - "columns": { - "50f68a81-af9c-4a46-8f31-49957891f03e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Spy Name ", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.spy_name" - }, - "536e9932-8f25-4096-a1f1-cc40da5e099b": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "50f68a81-af9c-4a46-8f31-49957891f03e", - "isTransposed": false - }, - { - "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", - "isTransposed": false - } - ], - "layerId": "cc97ded6-1926-428a-a6d3-d13b3b47b8ba", - "layerType": "data" - } - }, - "title": "Top 10 Spy Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-80cc7570-b510-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc97ded6-1926-428a-a6d3-d13b3b47b8ba", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8309a9e0-b581-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8309a9e0-b581-11ec-b665-f79f0daaad54.json deleted file mode 100644 index 216d5229783..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8309a9e0-b581-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "316330ba-0c74-48a8-a005-a83d62b22825": { - "columnOrder": [ - "49ecc95f-4e3e-4886-b6a9-f877f37aa93d", - "190364eb-0f7a-4409-b39e-761d5f9bd865" - ], - "columns": { - "190364eb-0f7a-4409-b39e-761d5f9bd865": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "49ecc95f-4e3e-4886-b6a9-f877f37aa93d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Status Code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "190364eb-0f7a-4409-b39e-761d5f9bd865", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "http.response.status_code" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "190364eb-0f7a-4409-b39e-761d5f9bd865" - ], - "layerId": "316330ba-0c74-48a8-a005-a83d62b22825", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "49ecc95f-4e3e-4886-b6a9-f877f37aa93d" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-8309a9e0-b581-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-316330ba-0c74-48a8-a005-a83d62b22825", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8944e4d0-b51f-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8944e4d0-b51f-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 6f032319d4c..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-8944e4d0-b51f-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77": { - "columnOrder": [ - "764bb009-19ef-4869-aa16-a7eb988b2fa5", - "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" - ], - "columns": { - "764bb009-19ef-4869-aa16-a7eb988b2fa5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mail Flow Policy Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.mail_flow_policy" - }, - "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "764bb009-19ef-4869-aa16-a7eb988b2fa5" - }, - { - "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" - } - ], - "layerId": "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", - "layerType": "data" - } - }, - "title": "Top 10 Mail Flow Policy Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-8944e4d0-b51f-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-955c42b0-b577-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-955c42b0-b577-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 02cd38abc38..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-955c42b0-b577-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b": { - "columnOrder": [ - "c6d33863-6a91-474c-891b-0a0930325222", - "08f66015-bfdb-489f-aea0-65ba4323e2f0" - ], - "columns": { - "08f66015-bfdb-489f-aea0-65ba4323e2f0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c6d33863-6a91-474c-891b-0a0930325222": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Alert Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "08f66015-bfdb-489f-aea0-65ba4323e2f0", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.alert_category" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"error_logs\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "08f66015-bfdb-489f-aea0-65ba4323e2f0" - ], - "layerId": "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "c6d33863-6a91-474c-891b-0a0930325222" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-955c42b0-b577-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-973c1ee0-b57a-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-973c1ee0-b57a-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 00dc67a9a37..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-973c1ee0-b57a-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441": { - "columnOrder": [ - "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8", - "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" - ], - "columns": { - "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object" - }, - "9e9261cd-f646-4a17-acf9-b6fb69bf03e2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "columns": [ - { - "columnId": "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8" - }, - { - "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" - } - ], - "layerId": "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", - "layerType": "data" - } - }, - "title": "Top 10 Object [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-973c1ee0-b57a-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-9c04dc70-b578-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-9c04dc70-b578-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 5f27776ac44..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-9c04dc70-b578-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "779692f9-3e0c-4c4b-833f-ab67b6d44a95": { - "columnOrder": [ - "011d4b64-1db3-447f-896e-a198dd74186c", - "ae49f917-e61b-4cd6-b8fc-998b0802347d" - ], - "columns": { - "011d4b64-1db3-447f-896e-a198dd74186c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae49f917-e61b-4cd6-b8fc-998b0802347d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.severity" - }, - "ae49f917-e61b-4cd6-b8fc-998b0802347d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "011d4b64-1db3-447f-896e-a198dd74186c" - ], - "layerId": "779692f9-3e0c-4c4b-833f-ab67b6d44a95", - "layerType": "data", - "legendDisplay": "default", - "metric": "ae49f917-e61b-4cd6-b8fc-998b0802347d", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-9c04dc70-b578-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-779692f9-3e0c-4c4b-833f-ab67b6d44a95", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-ac56b620-b514-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-ac56b620-b514-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index b973ea612cc..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-ac56b620-b514-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1aef4ea3-e481-42a1-b355-8c667e236324": { - "columnOrder": [ - "50a245e4-241d-429f-b5c4-c7144eb4f76c", - "0ec405bd-21bc-49e3-a131-7e54edae86db" - ], - "columns": { - "0ec405bd-21bc-49e3-a131-7e54edae86db": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "50a245e4-241d-429f-b5c4-c7144eb4f76c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Receiver", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "50a245e4-241d-429f-b5c4-c7144eb4f76c", - "isTransposed": false - }, - { - "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", - "isTransposed": false - } - ], - "layerId": "1aef4ea3-e481-42a1-b355-8c667e236324", - "layerType": "data" - } - }, - "title": "Top 10 Receiver [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-ac56b620-b514-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1aef4ea3-e481-42a1-b355-8c667e236324", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-b15a0680-b524-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-b15a0680-b524-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index c13396de233..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-b15a0680-b524-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4315e942-ba49-474d-af76-6710ec550ad6": { - "columnOrder": [ - "e083e8f2-9f3a-4a86-9da1-5d14ac1653db", - "08e67d54-9697-4721-9ddc-ac4846ab92e6" - ], - "columns": { - "08e67d54-9697-4721-9ddc-ac4846ab92e6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e083e8f2-9f3a-4a86-9da1-5d14ac1653db": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Message Final Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "08e67d54-9697-4721-9ddc-ac4846ab92e6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.act" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "08e67d54-9697-4721-9ddc-ac4846ab92e6" - ], - "layerId": "4315e942-ba49-474d-af76-6710ec550ad6", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "e083e8f2-9f3a-4a86-9da1-5d14ac1653db" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-b15a0680-b524-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4315e942-ba49-474d-af76-6710ec550ad6", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bab80b00-b51f-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bab80b00-b51f-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index c98712fcfbc..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bab80b00-b51f-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "266b7fe0-231d-4c2a-973a-fc88a87f6b0e": { - "columnOrder": [ - "65aa90e8-5709-41df-aa29-56880e3b66a3", - "a2f6bdea-fd70-4b8d-9452-416c7b5840c7" - ], - "columns": { - "65aa90e8-5709-41df-aa29-56880e3b66a3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Helo Domain IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.helo.ip" - }, - "a2f6bdea-fd70-4b8d-9452-416c7b5840c7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "65aa90e8-5709-41df-aa29-56880e3b66a3", - "isTransposed": false - }, - { - "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", - "isTransposed": false - } - ], - "layerId": "266b7fe0-231d-4c2a-973a-fc88a87f6b0e", - "layerType": "data" - } - }, - "title": "Top 10 Helo Domain IP [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-bab80b00-b51f-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-266b7fe0-231d-4c2a-973a-fc88a87f6b0e", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bd88e8d0-b520-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bd88e8d0-b520-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 7170eb2ef86..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-bd88e8d0-b520-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f": { - "columnOrder": [ - "d67f2de8-71ad-40c1-97da-732f12742c77", - "7599b0e8-574e-48da-8274-d0c65d2ee992" - ], - "columns": { - "7599b0e8-574e-48da-8274-d0c65d2ee992": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d67f2de8-71ad-40c1-97da-732f12742c77": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "AS Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7599b0e8-574e-48da-8274-d0c65d2ee992", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.as_verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d67f2de8-71ad-40c1-97da-732f12742c77" - ], - "layerId": "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", - "layerType": "data", - "legendDisplay": "default", - "metric": "7599b0e8-574e-48da-8274-d0c65d2ee992", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-bd88e8d0-b520-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-c6ecc5d0-b580-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-c6ecc5d0-b580-11ec-b665-f79f0daaad54.json deleted file mode 100644 index 2e0fc32ada9..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-c6ecc5d0-b580-11ec-b665-f79f0daaad54.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "92246eb5-8cb8-441e-b9fe-ff56c6ff0997": { - "columnOrder": [ - "172c29b9-e8bc-48f2-aa9c-796d076a7895", - "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" - ], - "columns": { - "172c29b9-e8bc-48f2-aa9c-796d076a7895": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Request", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "5ea232ac-12df-4c6e-af79-0d1b41d3e34c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "http.request.method" - }, - "5ea232ac-12df-4c6e-af79-0d1b41d3e34c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" - ], - "layerId": "92246eb5-8cb8-441e-b9fe-ff56c6ff0997", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "172c29b9-e8bc-48f2-aa9c-796d076a7895" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-c6ecc5d0-b580-11ec-b665-f79f0daaad54", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-92246eb5-8cb8-441e-b9fe-ff56c6ff0997", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d26c0e90-b579-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d26c0e90-b579-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 758185c2e5c..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d26c0e90-b579-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "103310a0-a5d9-4d8c-b1da-a8c57e13a563": { - "columnOrder": [ - "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa", - "1a58cfa2-a182-4a3f-8636-14e9474aa0ea" - ], - "columns": { - "1a58cfa2-a182-4a3f-8636-14e9474aa0ea": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Connection Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.connection_status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa" - ], - "layerId": "103310a0-a5d9-4d8c-b1da-a8c57e13a563", - "layerType": "data", - "legendDisplay": "default", - "metric": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-d26c0e90-b579-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-103310a0-a5d9-4d8c-b1da-a8c57e13a563", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d2d9b860-b514-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d2d9b860-b514-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 030aac998a5..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d2d9b860-b514-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d9f68bb4-618e-4b30-814c-201e302ee9c9": { - "columnOrder": [ - "869adebc-36ff-411a-b8c0-b324b1faa097", - "e91fac87-d093-46e6-8ca9-65ed84915897" - ], - "columns": { - "869adebc-36ff-411a-b8c0-b324b1faa097": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.reason" - }, - "e91fac87-d093-46e6-8ca9-65ed84915897": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "869adebc-36ff-411a-b8c0-b324b1faa097" - }, - { - "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897" - } - ], - "layerId": "d9f68bb4-618e-4b30-814c-201e302ee9c9", - "layerType": "data" - } - }, - "title": "Top 10 Reason [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-d2d9b860-b514-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d9f68bb4-618e-4b30-814c-201e302ee9c9", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d4a2bdf0-b527-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d4a2bdf0-b527-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 7314563472a..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-d4a2bdf0-b527-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "29be06db-aa85-4914-8578-266c2829069c": { - "columnOrder": [ - "4b6916be-5bf4-49da-80ec-16fab2491238", - "d135bce7-6aed-4a4b-9550-6d1bcfa5b134" - ], - "columns": { - "4b6916be-5bf4-49da-80ec-16fab2491238": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Vendor Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.vendor_action" - }, - "d135bce7-6aed-4a4b-9550-6d1bcfa5b134": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"content_scanner\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "4b6916be-5bf4-49da-80ec-16fab2491238" - ], - "layerId": "29be06db-aa85-4914-8578-266c2829069c", - "layerType": "data", - "legendDisplay": "default", - "metric": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Content Scanner Events by Vendor Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-d4a2bdf0-b527-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-29be06db-aa85-4914-8578-266c2829069c", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dabd1310-b578-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dabd1310-b578-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index d4bc745225e..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dabd1310-b578-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "28af0ace-bcd2-4e99-89aa-b01cac4be65f": { - "columnOrder": [ - "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", - "02da5f04-8364-4341-b24b-4e381bde6404" - ], - "columns": { - "02da5f04-8364-4341-b24b-4e381bde6404": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Receiver", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "columns": [ - { - "columnId": "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", - "isTransposed": false - }, - { - "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", - "isTransposed": false - } - ], - "layerId": "28af0ace-bcd2-4e99-89aa-b01cac4be65f", - "layerType": "data" - } - }, - "title": "Top 10 Receivers [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-dabd1310-b578-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-28af0ace-bcd2-4e99-89aa-b01cac4be65f", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dd1c3e90-b511-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dd1c3e90-b511-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 3eacd714411..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-dd1c3e90-b511-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "209d92c9-a130-4ba9-8e21-35662ea8c98e": { - "columnOrder": [ - "1a4f6e44-23c6-4726-988a-6706f595eda1", - "6fa0fc6c-efc2-42b1-96a1-78623735199e" - ], - "columns": { - "1a4f6e44-23c6-4726-988a-6706f595eda1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Upload Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6fa0fc6c-efc2-42b1-96a1-78623735199e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.upload.action" - }, - "6fa0fc6c-efc2-42b1-96a1-78623735199e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "6fa0fc6c-efc2-42b1-96a1-78623735199e" - ], - "layerId": "209d92c9-a130-4ba9-8e21-35662ea8c98e", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "1a4f6e44-23c6-4726-988a-6706f595eda1" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-dd1c3e90-b511-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-209d92c9-a130-4ba9-8e21-35662ea8c98e", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e36fdf40-b57a-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e36fdf40-b57a-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 44aa491de9c..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e36fdf40-b57a-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4": { - "columnOrder": [ - "90afc0e9-dee1-46ee-8e96-31602ed929cb", - "f0096080-5bb8-4acd-b43d-a5d459fbae24" - ], - "columns": { - "90afc0e9-dee1-46ee-8e96-31602ed929cb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Network Protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f0096080-5bb8-4acd-b43d-a5d459fbae24", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" - }, - "f0096080-5bb8-4acd-b43d-a5d459fbae24": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "90afc0e9-dee1-46ee-8e96-31602ed929cb" - ], - "layerId": "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", - "layerType": "data", - "legendDisplay": "default", - "metric": "f0096080-5bb8-4acd-b43d-a5d459fbae24", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-e36fdf40-b57a-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e4b913a0-b523-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e4b913a0-b523-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 3a0a7570ec7..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-e4b913a0-b523-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cd9e61a8-35d1-4605-b150-d09bf82d3f00": { - "columnOrder": [ - "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5", - "31cee9bf-5352-45fa-8574-6cec1a2790c3" - ], - "columns": { - "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Content Filters Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "31cee9bf-5352-45fa-8574-6cec1a2790c3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.content_filter_verdict" - }, - "31cee9bf-5352-45fa-8574-6cec1a2790c3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5" - ], - "layerId": "cd9e61a8-35d1-4605-b150-d09bf82d3f00", - "layerType": "data", - "legendDisplay": "default", - "metric": "31cee9bf-5352-45fa-8574-6cec1a2790c3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-e4b913a0-b523-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cd9e61a8-35d1-4605-b150-d09bf82d3f00", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdc9a620-b51e-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdc9a620-b51e-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index 622bfe4ae29..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdc9a620-b51e-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5534c705-73de-4482-818b-4b48acea0af1": { - "columnOrder": [ - "11a0d6ef-3389-4d51-9658-7ae3d39462a8", - "50ecfbc3-6f73-409e-8445-c8254e49b032" - ], - "columns": { - "11a0d6ef-3389-4d51-9658-7ae3d39462a8": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Outbreak Filters Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "50ecfbc3-6f73-409e-8445-c8254e49b032", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.outbreak_filter_verdict" - }, - "50ecfbc3-6f73-409e-8445-c8254e49b032": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "11a0d6ef-3389-4d51-9658-7ae3d39462a8" - ], - "layerId": "5534c705-73de-4482-818b-4b48acea0af1", - "layerType": "data", - "legendDisplay": "default", - "metric": "50ecfbc3-6f73-409e-8445-c8254e49b032", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-fdc9a620-b51e-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5534c705-73de-4482-818b-4b48acea0af1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdee0eb0-b579-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdee0eb0-b579-11ec-aa3c-afc0e710666b.json deleted file mode 100644 index b59e622a5b3..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/lens/cisco_secure_email_gateway-fdee0eb0-b579-11ec-aa3c-afc0e710666b.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "71b0750f-93db-4016-9294-b408f583b750": { - "columnOrder": [ - "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b", - "45bb21c7-aa5f-4d67-a537-c878b32f0f23" - ], - "columns": { - "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Message Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.message_status" - }, - "45bb21c7-aa5f-4d67-a537-c878b32f0f23": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b" - ], - "layerId": "71b0750f-93db-4016-9294-b408f583b750", - "layerType": "data", - "legendDisplay": "default", - "metric": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-fdee0eb0-b579-11ec-aa3c-afc0e710666b", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-71b0750f-93db-4016-9294-b408f583b750", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-0007c200-b00b-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-0007c200-b00b-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index a212152ac55..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-0007c200-b00b-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "867a9950-5f15-460a-98b4-9bb0eeec0d8d", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "e6a4bd49-6b02-49dc-8204-b4e4cee693b0", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.quarantine.load", - "id": "ad8aab01-a047-4608-9587-73f25a02c850", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-0007c200-b00b-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-18e16930-b00a-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-18e16930-b00a-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index 94498a7210d..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-18e16930-b00a-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "1ca757e4-9986-4109-82f8-a18e8f68cd35", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "c9ea79ff-857a-4c19-8864-dd32d5ecb80d", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.case_ld", - "id": "633c2888-96a2-4c24-a93b-e647ced942ed", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-18e16930-b00a-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-239adcd0-aff6-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-239adcd0-aff6-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index 0890100cee7..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-239adcd0-aff6-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "1af71592-86d8-4efb-b424-d6ecf7944ace", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "b509ab9e-7f7b-44f2-8ee6-258b88e17dfa", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.cpu.utilization", - "id": "4deb212e-daed-4c60-b947-aa33baeaa2a9", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "terms_field": "cisco_secure_email_gateway.log.cpu.utilization", - "terms_order_by": "_count", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-239adcd0-aff6-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-607f8060-b000-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-607f8060-b000-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index 767336a5ebe..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-607f8060-b000-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "ba00a756-2315-4580-8c44-8daa6a4fe42c", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "a579bc05-7302-4698-a465-cc9c33326c93", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.disk_io", - "id": "bfc3259d-32c5-4aea-9581-14ae6945e2b0", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-607f8060-b000-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8e557710-b00a-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8e557710-b00a-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index dc1dcfd5314..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8e557710-b00a-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "Reporting Process Over Time [Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "706b3574-bdb3-4b5e-b60c-535ecba9d3ea", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "6a5040fa-12e2-4a8f-a1da-51c6a6dcf2cb", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.reporting_load", - "id": "4c616f23-37ef-433f-9642-8bf6502b479a", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Reporting Process Over Time [Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-8e557710-b00a-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8f476740-b001-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8f476740-b001-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index a97766cdff0..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-8f476740-b001-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "Ram Utilization Over Time [Logs Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "f3f0956a-14bb-45c8-b03d-9bae49240821", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "cbb2c4b6-0c49-4fc3-814e-68a7c117ad7b", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.ram.utilization", - "id": "d665c81d-8a7d-48fd-9ff4-697bbd4dbceb", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Ram Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-8f476740-b001-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-a6ccb720-b002-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-a6ccb720-b002-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index f6427c09620..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-a6ccb720-b002-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "0f2aec48-9a36-4fe0-a4ad-5922a129b4c3", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "2c4e6b49-e60c-4d4d-b2c4-c443928f93d7", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.mcafee_ld", - "id": "4a343f0d-2f6d-437d-a702-9707ee05de91", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-a6ccb720-b002-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-e5d96bd0-b001-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-e5d96bd0-b001-11ec-8a45-8d83ac55242a.json deleted file mode 100644 index 4f1e326c670..00000000000 --- a/packages/cisco_secure_email_gateway/kibana/visualization/cisco_secure_email_gateway-e5d96bd0-b001-11ec-8a45-8d83ac55242a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "title": "Sophos Anti-Virus Scanning Over Time [Cisco Secure Email Gateway]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "e8547150-1b72-456e-abb0-1f63a4c82e4a", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "4e1b5734-d731-4efe-85f7-cb7a6812819b", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.sophos_ld", - "id": "5b85a7fb-52f0-4f23-a808-07a23ae8157d", - "type": "avg" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Sophos Anti-Virus Scanning Over Time [Cisco Secure Email Gateway]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "cisco_secure_email_gateway-e5d96bd0-b001-11ec-8a45-8d83ac55242a", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file From d3187c6413e8e4f16e987fb019b0277049a7ffdb Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 15:14:56 +0530 Subject: [PATCH 012/103] migrate cloudflare dash to by_value --- ...-095f3a00-23d6-11e9-ba08-c19298cded24.json | 2966 ++++++- ...-532a64c0-293a-11e9-b959-4502c43b2e30.json | 7817 ++++++++++++++++- ...-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json | 1235 ++- ...-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json | 2494 +++++- ...-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json | 1824 +++- ...-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json | 1298 ++- ...-b221c710-2963-11e9-b959-4502c43b2e30.json | 1290 ++- ...-ded7e2c0-2955-11e9-b959-4502c43b2e30.json | 1603 +++- ...-04dda790-2328-11e9-ba08-c19298cded24.json | 97 - ...-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json | 97 - ...-08c86890-2323-11e9-ba08-c19298cded24.json | 82 - ...-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json | 970 -- ...-12308c30-499f-11e9-bd1f-75f359ac0c3f.json | 95 - ...-123b95b0-2953-11e9-b959-4502c43b2e30.json | 129 - ...-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json | 78 - ...-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json | 156 - ...-18490820-5bad-11e9-bd1f-75f359ac0c3f.json | 62 - ...-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json | 97 - ...-1bd60ba0-2327-11e9-ba08-c19298cded24.json | 81 - ...-23b58b50-2955-11e9-b959-4502c43b2e30.json | 166 - ...-24815750-39de-11e9-bd1f-75f359ac0c3f.json | 1028 --- ...-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json | 155 - ...-27809b60-2326-11e9-ba08-c19298cded24.json | 78 - ...-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json | 62 - ...-2962b6f0-2328-11e9-ba08-c19298cded24.json | 81 - ...-2a7aaf40-232b-11e9-ba08-c19298cded24.json | 134 - ...-3091d520-4991-11e9-bd1f-75f359ac0c3f.json | 139 - ...-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json | 62 - ...-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json | 62 - ...-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json | 111 - ...-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json | 113 - ...-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json | 62 - ...-3ef426c0-2963-11e9-b959-4502c43b2e30.json | 145 - ...-44f03e10-2328-11e9-ba08-c19298cded24.json | 72 - ...-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json | 62 - ...-46d7d4b0-2326-11e9-ba08-c19298cded24.json | 78 - ...-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json | 41 - ...-4c0a0420-2953-11e9-b959-4502c43b2e30.json | 129 - ...-4d637090-2327-11e9-ba08-c19298cded24.json | 81 - ...-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json | 151 - ...-58498820-5bab-11e9-bd1f-75f359ac0c3f.json | 62 - ...-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json | 98 - ...-70880ea0-2953-11e9-b959-4502c43b2e30.json | 113 - ...-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json | 954 -- ...-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json | 62 - ...-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json | 151 - ...-87c0c0f0-295b-11e9-b959-4502c43b2e30.json | 215 - ...-88d54e70-232a-11e9-ba08-c19298cded24.json | 75 - ...-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json | 945 -- ...-8b2c78d0-2954-11e9-b959-4502c43b2e30.json | 113 - ...-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json | 186 - ...-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json | 62 - ...-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json | 62 - ...-97ff6f60-2326-11e9-ba08-c19298cded24.json | 78 - ...-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json | 62 - ...-9a285cd0-295b-11e9-b959-4502c43b2e30.json | 150 - ...-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json | 78 - ...-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json | 156 - ...-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json | 133 - ...-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json | 954 -- ...-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json | 125 - ...-b7d29880-2952-11e9-b959-4502c43b2e30.json | 110 - ...-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json | 151 - ...-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json | 122 - ...-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json | 62 - ...-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json | 954 -- ...-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json | 97 - ...-c883c8c0-2326-11e9-ba08-c19298cded24.json | 81 - ...-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json | 62 - ...-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json | 97 - ...-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json | 78 - ...-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json | 188 - ...-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json | 954 -- ...-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json | 125 - ...-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json | 97 - ...-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json | 156 - ...-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json | 311 - ...-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json | 150 - ...-fbfdbb70-2326-11e9-ba08-c19298cded24.json | 81 - ...-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json | 155 - ...-fc9df390-293b-11e9-b959-4502c43b2e30.json | 103 - ...-fe404730-2962-11e9-b959-4502c43b2e30.json | 166 - ...-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json | 113 - 83 files changed, 18435 insertions(+), 16295 deletions(-) delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-04dda790-2328-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-08c86890-2323-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-27809b60-2326-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-44f03e10-2328-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-4d637090-2327-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-88d54e70-232a-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-fe404730-2962-11e9-b959-4502c43b2e30.json delete mode 100644 packages/cloudflare/kibana/visualization/cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json index 410e16011a7..d269d4f9894 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json @@ -1,461 +1,2611 @@ { - "attributes": { - "description": "Get a quick overview of the most important metrics from your websites and applications on the Cloudflare network.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwNiwxXQ==", + "attributes": { + "description": "Get a quick overview of the most important metrics from your websites and applications on the Cloudflare network.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Traffic Type [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.device_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "*" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "1", + "w": 11, + "x": 1, + "y": 26 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "1", - "w": 11, - "x": 1, - "y": 26 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + }, + "savedVis": { + "title": "Top Requested URI [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": 1, - "direction": "desc" - } - } - } - }, - "gridData": { - "h": 7, - "i": "2", - "w": 23, - "x": 1, - "y": 31 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "3", - "w": 18, - "x": 29, - "y": 13 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "2", + "w": 23, + "x": 1, + "y": 31 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Traffic Countries [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "4", - "w": 12, - "x": 12, - "y": 26 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 5, - "i": "5", - "w": 12, - "x": 35, - "y": 26 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "3", + "w": 18, + "x": 29, + "y": 13 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "HTTP Protocols [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "6", - "w": 11, - "x": 24, - "y": 26 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "http.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "4", + "w": 12, + "x": 12, + "y": 26 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Content Type [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "7", - "w": 23, - "x": 24, - "y": 31 + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.response.content_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "5", + "w": 12, + "x": 35, + "y": 26 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Request Methods [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "http.request.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "6", + "w": 11, + "x": 24, + "y": 26 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Referrer [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "8", - "w": 12, - "x": 1, - "y": 38 + { + "enabled": true, + "id": "2", + "params": { + "field": "http.request.referrer", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "7", + "w": 23, + "x": 24, + "y": 31 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Traffic Type [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.client.ip_class", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "8", + "w": 12, + "x": 1, + "y": 38 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Traffic IPs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "9", - "w": 16, - "x": 13, - "y": 38 + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "9", + "w": 16, + "x": 13, + "y": 38 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top User Agents [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "10", + "w": 18, + "x": 29, + "y": 38 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 7, - "i": "10", - "w": 18, - "x": 29, - "y": 38 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "11", + "w": 10, + "x": 1, + "y": 9 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "11", - "w": 10, - "x": 1, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "12", + "w": 13, + "x": 11, + "y": 9 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "12", - "w": 13, - "x": 11, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cached Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "hit", + "stale", + "updating", + "ignored", + "revalidated" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored, revalidated" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "revalidated" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "13", + "w": 11, + "x": 24, + "y": 9 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats Stopped [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "13", - "w": 11, - "x": 24, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "15", + "w": 12, + "x": 35, + "y": 9 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "16", + "w": 7, + "x": 1, + "y": 0 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Web Traffic Overview - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Web Traffic Overview**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "17", + "w": 39, + "x": 8, + "y": 0 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Web Traffic Types - Text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Web Traffic Types -\nGet insight into the various types of traffic and content**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "18", + "w": 46, + "x": 1, + "y": 22 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "15", - "w": 12, - "x": 35, - "y": 9 + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "16", - "w": 7, - "x": 1, - "y": 0 + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "17", - "w": 39, - "x": 8, - "y": 0 + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "18", - "w": 46, - "x": 1, - "y": 22 + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 5, - "i": "19", - "w": 46, - "x": 1, - "y": 4 + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "8.0.0" + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"84e94c8e-19d9-4dfe-8e37-c43c004c3f05\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"5f05840e-eb7e-45bd-9319-e6746cc4fa49\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Traffic Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"0f8532d1-8c6a-4c1d-900e-8d6eb49112df\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Traffic Countries Map [Cloudflare]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 9, - "i": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", - "w": 28, - "x": 1, - "y": 13 - }, - "panelIndex": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", - "type": "map", - "version": "8.0.0" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Snapshot", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-08c86890-2323-11e9-ba08-c19298cded24", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cloudflare-27809b60-2326-11e9-ba08-c19298cded24", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cloudflare-4d637090-2327-11e9-ba08-c19298cded24", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cloudflare-04dda790-2328-11e9-ba08-c19298cded24", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "cloudflare-88d54e70-232a-11e9-ba08-c19298cded24", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "19:panel_19", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "bdc0fa59-ea05-4976-983a-70567c1fd2d6:layer_1_source_index_pattern", - "type": "index-pattern" - } + } + }, + "gridData": { + "h": 5, + "i": "19", + "w": 46, + "x": 1, + "y": 4 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"84e94c8e-19d9-4dfe-8e37-c43c004c3f05\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"5f05840e-eb7e-45bd-9319-e6746cc4fa49\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Traffic Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"0f8532d1-8c6a-4c1d-900e-8d6eb49112df\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Traffic Countries Map [Cloudflare]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 9, + "i": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", + "w": 28, + "x": 1, + "y": 13 + }, + "panelIndex": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Snapshot", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "bdc0fa59-ea05-4976-983a-70567c1fd2d6:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "19:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json index 42f010edc34..b2b21c720e2 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json @@ -1,348 +1,7565 @@ { - "attributes": { - "description": "Get insights on threats to your websites and applications, including number of threats stopped, threats over time, top threat countries, and more.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwNywxXQ==", + "attributes": { + "description": "Get insights on threats to your websites and applications, including number of threats stopped, threats over time, top threat countries, and more.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "*" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "1", + "w": 16, + "x": 1, + "y": 9 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events Triggered [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 5, - "i": "1", - "w": 16, - "x": 1, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "2", + "w": 15, + "x": 17, + "y": 9 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats Stopped [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 5, - "i": "2", - "w": 15, - "x": 17, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "3", - "w": 15, - "x": 32, - "y": 9 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "3", + "w": 15, + "x": 32, + "y": 9 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat Client IPs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "4", - "w": 16, - "x": 31, - "y": 14 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "6", - "w": 17, - "x": 30, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 16, + "x": 31, + "y": 14 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat Target URIs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 29, - "x": 1, - "y": 32 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "8", - "w": 46, - "x": 1, - "y": 40 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "http.version", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.os.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 17, + "x": 30, + "y": 32 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat User Agents [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "9", - "w": 11, - "x": 20, - "y": 14 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "10", - "w": 29, - "x": 1, - "y": 24 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 29, + "x": 1, + "y": 32 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Pathing Statuses [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "11", - "w": 17, - "x": 30, - "y": 24 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 3, + "direction": "desc" + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "13", - "w": 7, - "x": 1, - "y": 0 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.pathing.src", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 4, - "i": "14", - "w": 39, - "x": 8, - "y": 0 + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.pathing.op", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "field": "cloudflare.edge.pathing.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "8", + "w": 46, + "x": 1, + "y": 40 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat Countries [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "15", - "w": 46, - "x": 1, - "y": 4 + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "9", + "w": 11, + "x": 20, + "y": 14 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"573a3d3e-987d-41b5-a714-2344535c0ca9\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4d50c3a6-72f9-46f4-bb21-4d54fe1c9842\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Threat Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"25e907ec-31fb-40fe-9a10-49f002b31bf0\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"bic\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"captchaFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"jschlFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"zl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"us\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"rateLimit\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ctry\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"terms\\\":{\\\"boost\\\":1,\\\"cloudflare.edge.pathing.status\\\":[\\\"ipr16\\\",\\\"ipr24\\\",\\\"ip6\\\",\\\"ip6r64\\\",\\\"ip6r48\\\",\\\"ip6r32\\\"]}}]}}]},\\\"_source\\\":{\\\"excludes\\\":[],\\\"includes\\\":[\\\"source.geo.region_name\\\",\\\"cloudflare.client.ip_class\\\",\\\"url.path\\\",\\\"cloudflare.client.request.protocol\\\",\\\"http.request.referrer\\\",\\\"url.full\\\",\\\"user_agent.original\\\",\\\"cloudflare.client.ssl.cipher\\\",\\\"cloudflare.client.ssl.protocol\\\",\\\"cloudflare.edge.rate_limit.action\\\",\\\"cloudflare.edge.response.content_type\\\",\\\"cloudflare.origin.response.http.expires\\\",\\\"cloudflare.origin.response.http.last_modified\\\",\\\"cloudflare.origin.ssl.protocol\\\",\\\"user_agent.os.full\\\",\\\"user_agent.name\\\",\\\"cloudflare.waf.action\\\",\\\"cloudflare.waf.flags\\\",\\\"cloudflare.waf.matched_var\\\",\\\"cloudflare.waf.profile\\\",\\\"cloudflare.waf.rule.id\\\",\\\"cloudflare.waf.rule.message\\\",\\\"cloudflare.worker.status\\\",\\\"message\\\",\\\"tags\\\"]},\\\"docvalue_fields\\\":[{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"@version\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.tiered.fill\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.as.number\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_iso_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.device_type\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.city_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.continent_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code2\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code3\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.dma_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.latitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.longitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.postal_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.region_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.timezone\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"url.domain\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.method\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.port\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.colo.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.end.timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.op\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.src\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.rate_limit.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.request.host\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"destination.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.response.compression_ratio\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"observer.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"destination.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.parent.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.security_level\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.build\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.device\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.patch\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.cpu_time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest_count\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.zone_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"}],\\\"size\\\":50,\\\"sort\\\":[{\\\"_doc\\\":{\\\"order\\\":\\\"asc\\\"}}]}\",\"index\":\"logs-*\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Threat Countries Map [Cloudflare]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "240814e0-fc79-4c27-af94-fa9df006d441", - "w": 19, - "x": 1, - "y": 14 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "240814e0-fc79-4c27-af94-fa9df006d441", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Security (Overview)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30", - "name": "2:panel_2", - "type": "visualization" + } }, - { - "id": "cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f", - "name": "3:panel_3", - "type": "visualization" + "gridData": { + "h": 8, + "i": "10", + "w": 29, + "x": 1, + "y": 24 }, - { - "id": "cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f", - "name": "4:panel_4", - "type": "visualization" + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threats Stopped [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 8, + "i": "11", + "w": 17, + "x": 30, + "y": 24 }, - { - "id": "cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 4, + "i": "13", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats - Review threat activity - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Threats - Review threat activity**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 4, + "i": "14", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "13:panel_13", - "type": "visualization" + "gridData": { + "h": 5, + "i": "15", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f", - "name": "14:panel_14", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"573a3d3e-987d-41b5-a714-2344535c0ca9\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4d50c3a6-72f9-46f4-bb21-4d54fe1c9842\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Threat Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"25e907ec-31fb-40fe-9a10-49f002b31bf0\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"bic\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"captchaFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"jschlFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"zl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"us\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"rateLimit\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ctry\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"terms\\\":{\\\"boost\\\":1,\\\"cloudflare.edge.pathing.status\\\":[\\\"ipr16\\\",\\\"ipr24\\\",\\\"ip6\\\",\\\"ip6r64\\\",\\\"ip6r48\\\",\\\"ip6r32\\\"]}}]}}]},\\\"_source\\\":{\\\"excludes\\\":[],\\\"includes\\\":[\\\"source.geo.region_name\\\",\\\"cloudflare.client.ip_class\\\",\\\"url.path\\\",\\\"cloudflare.client.request.protocol\\\",\\\"http.request.referrer\\\",\\\"url.full\\\",\\\"user_agent.original\\\",\\\"cloudflare.client.ssl.cipher\\\",\\\"cloudflare.client.ssl.protocol\\\",\\\"cloudflare.edge.rate_limit.action\\\",\\\"cloudflare.edge.response.content_type\\\",\\\"cloudflare.origin.response.http.expires\\\",\\\"cloudflare.origin.response.http.last_modified\\\",\\\"cloudflare.origin.ssl.protocol\\\",\\\"user_agent.os.full\\\",\\\"user_agent.name\\\",\\\"cloudflare.waf.action\\\",\\\"cloudflare.waf.flags\\\",\\\"cloudflare.waf.matched_var\\\",\\\"cloudflare.waf.profile\\\",\\\"cloudflare.waf.rule.id\\\",\\\"cloudflare.waf.rule.message\\\",\\\"cloudflare.worker.status\\\",\\\"message\\\",\\\"tags\\\"]},\\\"docvalue_fields\\\":[{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"@version\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.tiered.fill\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.as.number\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_iso_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.device_type\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.city_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.continent_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code2\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code3\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.dma_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.latitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.longitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.postal_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.region_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.timezone\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"url.domain\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.method\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.port\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.colo.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.end.timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.op\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.src\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.rate_limit.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.request.host\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"destination.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.response.compression_ratio\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"observer.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"destination.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.parent.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.security_level\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.build\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.device\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.patch\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.cpu_time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest_count\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.zone_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"}],\\\"size\\\":50,\\\"sort\\\":[{\\\"_doc\\\":{\\\"order\\\":\\\"asc\\\"}}]}\",\"index\":\"logs-*\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Threat Countries Map [Cloudflare]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "15:panel_15", - "type": "visualization" + "gridData": { + "h": 10, + "i": "240814e0-fc79-4c27-af94-fa9df006d441", + "w": 19, + "x": 1, + "y": 14 }, - { - "id": "logs-*", - "name": "240814e0-fc79-4c27-af94-fa9df006d441:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "240814e0-fc79-4c27-af94-fa9df006d441", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Security (Overview)", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "240814e0-fc79-4c27-af94-fa9df006d441:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json index c1e265c9222..0498ab94646 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json @@ -1,180 +1,1095 @@ { - "attributes": { - "description": "Get insights into your most popular hostnames, most requested content types, breakdown of request methods, and connection type.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwOCwxXQ==", + "attributes": { + "description": "Get insights into your most popular hostnames, most requested content types, breakdown of request methods, and connection type.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests by Content Type [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.response.content_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 12, + "i": "1", + "w": 46, + "x": 1, + "y": 21 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "1", - "w": 46, - "x": 1, - "y": 21 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "2", - "w": 46, - "x": 1, - "y": 33 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "3", - "w": 46, - "x": 1, - "y": 44 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests Methods Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "4", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.request.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "2", + "w": 46, + "x": 1, + "y": 33 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests by Connection Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.client.ssl.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "3", + "w": 46, + "x": 1, + "y": 44 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests by Hostname Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "6", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 46, + "x": 1, + "y": 9 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "8", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Performance (Hostname, Content Type, Request Methods, Connection Type)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 5, + "i": "6", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Origin Requests By Hostname - Content Type - Request Methods - Connection Type**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 4, + "i": "8", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" - } + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Performance (Hostname, Content Type, Request Methods, Connection Type)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json index 63a6ebda502..8134e71cacc 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json @@ -1,432 +1,2116 @@ { - "attributes": { - "description": "Identify and address performance issues and caching misconfigurations. Metrics include total vs. cached bandwidth, saved bandwidth, total requests, cache ratio, top uncached requests, and more.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwOSwxXQ==", + "attributes": { + "description": "Identify and address performance issues and caching misconfigurations. Metrics include total vs. cached bandwidth, saved bandwidth, total requests, cache ratio, top uncached requests, and more.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "*" } + } } + } + }, + "gridData": { + "h": 4, + "i": "1", + "w": 10, + "x": 1, + "y": 12 }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 10, - "x": 1, - "y": 12 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "2", - "w": 13, - "x": 11, - "y": 12 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "hit", + "stale", + "updating", + "ignored" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "2", + "w": 13, + "x": 11, + "y": 12 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Uncached Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "3", - "w": 13, - "x": 24, - "y": 12 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "hit", + "stale", + "updating", + "ignored" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "3", + "w": 13, + "x": 24, + "y": 12 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "4", - "w": 14, - "x": 1, - "y": 28 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "4", + "w": 14, + "x": 1, + "y": 28 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 14, - "x": 15, - "y": 28 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cached Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "hit", + "stale", + "updating", + "ignored", + "revalidated" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored, revalidated" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "revalidated" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "5", + "w": 14, + "x": 15, + "y": 28 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Uncached Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "6", - "w": 18, - "x": 29, - "y": 28 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "hit", + "stale", + "updating", + "ignored", + "revalidated" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored, revalidated" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "revalidated" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "6", + "w": 18, + "x": 29, + "y": 28 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cache status over time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "7", - "w": 25, - "x": 1, - "y": 44 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.cache.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 13, + "i": "7", + "w": 25, + "x": 1, + "y": 44 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cache Status Ratio [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "8", - "w": 21, - "x": 26, - "y": 44 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.cache.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "8", + "w": 21, + "x": 26, + "y": 44 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top URIs with Cache Status Miss [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "9", - "w": 21, - "x": 26, - "y": 50 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "12", - "w": 24, - "x": 1, - "y": 16 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": { + "query": "miss", + "type": "phrase" + }, + "type": "phrase", + "value": "miss" + }, + "query": { + "match": { + "cloudflare.cache.status": { + "query": "miss", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "9", + "w": 21, + "x": 26, + "y": 50 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total number of requests vs cached vs uncached over time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "total requests", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "lucene", + "query": "metricset.name:cloudflare.cache.status" + }, + "id": "e847cce0-4731-11e9-b6ee-0784825b4ddc", + "label": "cached requests" + } + ], + "split_mode": "filter", + "stacked": "none", + "terms_field": "cloudflare.cache.status", + "terms_order_by": "_term" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(hit OR stale OR updating OR ignored)" + }, + "formatter": "number", + "id": "0d45cce0-498f-11e9-b6ee-0784825b4ddc", + "label": "cached requests", + "line_width": 1, + "metrics": [ + { + "id": "0d45cce1-498f-11e9-b6ee-0784825b4ddc", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "14053f70-498f-11e9-b6ee-0784825b4ddc" + } + ], + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored)" + }, + "formatter": "number", + "id": "3edf18b0-498f-11e9-b6ee-0784825b4ddc", + "label": "uncached requests", + "line_width": 1, + "metrics": [ + { + "id": "3edf18b1-498f-11e9-b6ee-0784825b4ddc", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "13", - "w": 22, - "x": 25, - "y": 16 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "12", + "w": 24, + "x": 1, + "y": 16 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Requests vs. Origin Requests in rps last 24 hours [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "total requests", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(253,161,255,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.origin.response.status_code:>0" + }, + "formatter": "number", + "id": "fca6dbb0-4991-11e9-b6ee-0784825b4ddc", + "label": "origin requests", + "line_width": 1, + "metrics": [ + { + "id": "fca6dbb1-4991-11e9-b6ee-0784825b4ddc", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "14", - "w": 25, - "x": 1, - "y": 32 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "13", + "w": 22, + "x": 25, + "y": 16 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached vs Uncached Bandwidth Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "cloudflare.cache.status:(hit OR stale OR updating OR ignored OR revalidated)" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "saved bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored OR -revalidated)" + }, + "formatter": "bytes", + "id": "73f43510-49a0-11e9-8499-d5aa4562b1c7", + "label": "uncached bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "73f43511-49a0-11e9-8499-d5aa4562b1c7", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "15", - "w": 21, - "x": 26, - "y": 32 - }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "14", + "w": 25, + "x": 1, + "y": 32 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "c520c1a0-1c6e-11ea-9387-9362a5ae410a" + } + ], + "bar_color_rules": [ + { + "id": "c6258770-1c6e-11ea-9387-9362a5ae410a" + } + ], + "drop_last_bucket": 1, + "gauge_color_rules": [ + { + "id": "c7b83560-1c6e-11ea-9387-9362a5ae410a" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "total bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(253,161,255,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "cloudflare.origin.response.status_code:>0" + }, + "formatter": "bytes", + "id": "65f93df0-49a7-11e9-a870-03d340338f04", + "label": "origin bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "65f93df1-49a7-11e9-a870-03d340338f04", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "16", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "15", + "w": 21, + "x": 26, + "y": 32 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 3, - "i": "17", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "16", + "w": 7, + "x": 1, + "y": 0 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Requests - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Requests**", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 3, - "i": "18", - "w": 46, - "x": 1, - "y": 25 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 3, + "i": "17", + "w": 46, + "x": 1, + "y": 9 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bandwidth - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Bandwidth**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 3, + "i": "18", + "w": 46, + "x": 1, + "y": 25 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cache - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Cache**", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 3, - "i": "19", - "w": 46, - "x": 1, - "y": 41 - }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 3, + "i": "19", + "w": 46, + "x": 1, + "y": 41 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "20", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "7.3.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "20", + "w": 46, + "x": 1, + "y": 4 + }, + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Performance Overview - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Performance Overview**", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "21", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Performance (Requests, Bandwidth, Cache)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cloudflare-88d54e70-232a-11e9-ba08-c19298cded24", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f", - "name": "19:panel_19", - "type": "visualization" - }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "20:panel_20", - "type": "visualization" - }, - { - "id": "cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f", - "name": "21:panel_21", - "type": "visualization" - } + } + }, + "gridData": { + "h": 4, + "i": "21", + "w": 39, + "x": 8, + "y": 0 + }, + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Performance (Requests, Bandwidth, Cache)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "21:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json index b3b17b49edc..74d7a963465 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json @@ -1,327 +1,1605 @@ { - "attributes": { - "description": "Get insights on the availability of your websites and applications. Metrics include origin response error ratio, origin response status over time, percentage of 3xx/4xx/5xx errors over time, and more.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMCwxXQ==", + "attributes": { + "description": "Get insights on the availability of your websites and applications. Metrics include origin response error ratio, origin response status over time, percentage of 3xx/4xx/5xx errors over time, and more.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Edge Response Status Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 8, + "i": "1", + "w": 34, + "x": 1, + "y": 18 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin Response Status Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "1", - "w": 34, - "x": 1, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.origin.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 34, + "x": 1, + "y": 26 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Client IPs and AS Number - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "2", - "w": 34, - "x": 1, - "y": 26 + { + "enabled": true, + "id": "2", + "params": { + "exclude": "", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.as.number", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "3", + "w": 15, + "x": 31, + "y": 9 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Countries - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "3", - "w": 15, - "x": 31, - "y": 9 + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "4", + "w": 17, + "x": 29, + "y": 37 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Requested URI - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "4", - "w": 17, - "x": 29, - "y": 37 + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "6", + "w": 28, + "x": 1, + "y": 37 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top User Agents - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "6", - "w": 28, - "x": 1, - "y": 37 + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "7", + "w": 28, + "x": 1, + "y": 46 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Hostnames - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "7", - "w": 28, - "x": 1, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "8", + "w": 17, + "x": 29, + "y": 46 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Edge Response Error Ratio [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "8", - "w": 17, - "x": 29, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 11, + "x": 35, + "y": 26 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin Response Error Ratio [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.origin.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 11, + "x": 35, + "y": 18 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Errors Ratio (Edge) [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 50": "rgb(0,104,55)", + "50 - 75": "rgb(255,255,190)", + "75 - 100": "rgb(165,0,38)" + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTooltip": true, + "gauge": { + "alignment": "horizontal", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 50 + }, + { + "from": 50, + "to": 75 + }, + { + "from": 75, + "to": 100 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": true }, - "gridData": { - "h": 8, - "i": "9", - "w": 11, - "x": 35, - "y": 26 + "style": { + "bgColor": false, + "bgFill": "#eee", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "gauge", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "10", - "w": 11, - "x": 35, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "11", + "w": 30, + "x": 1, + "y": 9 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 9, - "i": "11", - "w": 30, - "x": 1, - "y": 9 + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 5, - "i": "12", - "w": 45, - "x": 1, - "y": 4 + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "13", - "w": 38, - "x": 8, - "y": 0 + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "14", - "w": 7, - "x": 1, - "y": 0 + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 3, - "i": "15", - "w": 45, - "x": 1, - "y": 34 + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Reliability", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f", - "name": "4:panel_4", - "type": "visualization" + } }, - { - "id": "cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 5, + "i": "12", + "w": 45, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Summary of Edge and Origin Response Status - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Summary of Edge and Origin Response Status**\n\nGet an overview of the edge and origin response status codes", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 4, + "i": "13", + "w": 38, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 4, + "i": "14", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f", - "name": "13:panel_13", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 14, + "markdown": "Detailed View\nBreakdown of Origin Response Status Codes by Various Metrics", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "14:panel_14", - "type": "visualization" + "gridData": { + "h": 3, + "i": "15", + "w": 45, + "x": 1, + "y": 34 }, - { - "id": "cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f", - "name": "15:panel_15", - "type": "visualization" - } + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Reliability", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "12:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json index de4015aed15..256a03bc15c 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json @@ -1,180 +1,1160 @@ { - "attributes": { - "description": "Get insights into the performance of your static and dynamic content, including slowest URLs.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMSwxXQ==", + "attributes": { + "description": "Get insights into the performance of your static and dynamic content, including slowest URLs.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin time to first byte dynamic requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of cloudflare.origin.response.time" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of OriginResponseTime" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 50, + 75, + 95 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-60d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "bypass", + "unknown" + ], + "type": "phrases", + "value": "bypass, unknown" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + } + ] + } + } + } + ], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 10, + "i": "1", + "w": 46, + "x": 1, + "y": 9 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin time to first byte static requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of cloudflare.origin.response.time" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "lineWidth": 1.5, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of OriginResponseTime" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "2", - "w": 46, - "x": 1, - "y": 19 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 50, + 75, + 95 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-60d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "bypass", + "unknown" + ], + "type": "phrases", + "value": "bypass, unknown" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "2", + "w": 46, + "x": 1, + "y": 19 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Slowest URIs by cumulative time to first byte for dynamic requests [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "3", - "w": 46, - "x": 1, - "y": 28 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "4", - "w": 46, - "x": 1, - "y": 42 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "average_response_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "wait_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "8", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 99, + 99.9 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "9", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "bypass", + "unknown" + ], + "type": "phrases", + "value": "bypass, unknown" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "3", + "w": 46, + "x": 1, + "y": 28 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Slowest URIs by cumulative time to first byte for static requests [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "6", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "average_response_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "wait_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 99, + 99.9 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "5", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "unknown", + "bypass" + ], + "type": "phrases", + "value": "unknown, bypass" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "4", + "w": 46, + "x": 1, + "y": 42 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "7", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Performance (Static vs. Dynamic Content)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Static vs Dynamic Content - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Static vs Dynamic Content**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 4, + "i": "6", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 5, + "i": "7", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - } + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Performance (Static vs. Dynamic Content)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json index 312f5df7535..8ff55d4a71a 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json @@ -1,180 +1,1152 @@ { - "attributes": { - "description": "Get insights on rate limiting protection against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeted at your websites or applications.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "cloudflare-b221c710-2963-11e9-b959-4502c43b2e30", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMiwxXQ==", + "attributes": { + "description": "Get insights on rate limiting protection against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeted at your websites or applications.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Rate Limit Over Time [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2.5, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-6M", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.rate_limit.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": [ + "ban", + "simulate", + "challenge", + "jsChallenge" + ], + "type": "phrases", + "value": "ban, simulate, challenge, jsChallenge" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "ban" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "simulate" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "challenge" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "jsChallenge" + } + } + ] + } + } + } + ], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 7, + "i": "1", + "w": 46, + "x": 1, + "y": 9 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "1", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Rate Limit Actions [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "2", - "w": 23, - "x": 1, - "y": 16 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "3", - "w": 46, - "x": 1, - "y": 25 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.rate_limit.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.rate_limit.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": [ + "ban", + "simulate", + "jsChallenge", + "challenge" + ], + "type": "phrases", + "value": "ban, simulate, jsChallenge, challenge" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "ban" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "simulate" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "jsChallenge" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "challenge" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "2", + "w": 23, + "x": 1, + "y": 16 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Rate Limit Countries [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "4", - "w": 23, - "x": 24, - "y": 16 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.rate_limit.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": [ + "ban", + "simulate", + "jsChallenge", + "challenge" + ], + "type": "phrases", + "value": "ban, simulate, jsChallenge, challenge" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "ban" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "simulate" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "jsChallenge" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "challenge" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "3", + "w": 46, + "x": 1, + "y": 25 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Banned Client IPs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "6", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "7", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": { + "query": "ban", + "type": "phrase" + }, + "type": "phrase", + "value": "ban" + }, + "query": { + "match": { + "cloudflare.edge.rate_limit.action": { + "query": "ban", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Security (Rate Limiting)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-b221c710-2963-11e9-b959-4502c43b2e30", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 9, + "i": "4", + "w": 23, + "x": 24, + "y": 16 }, - { - "id": "cloudflare-fe404730-2962-11e9-b959-4502c43b2e30", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Rate Limiting - Get insights into rate limiting events and banned IPs and URIs**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 4, + "i": "6", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - } + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "7", + "w": 46, + "x": 1, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Security (Rate Limiting)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json index 2d73423abc9..7336d190c6a 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json @@ -1,264 +1,1411 @@ { - "attributes": { - "description": "Get insights on threat identification and mitigation by our Web Application Firewall, including events like SQL injections, XSS, and more. Use this data to fine tune the firewall to target obvious threats and prevent false positives.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMywxXQ==", + "attributes": { + "description": "Get insights on threat identification and mitigation by our Web Application Firewall, including events like SQL injections, XSS, and more. Use this data to fine tune the firewall to target obvious threats and prevent false positives.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top User Agents [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.waf.rule.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 14, + "i": "1", + "w": 46, + "x": 1, + "y": 34 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "1", - "w": 46, - "x": 1, - "y": 34 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top WAF Rules Triggered [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "2", - "w": 29, - "x": 18, - "y": 23 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 11, - "i": "3", - "w": 17, - "x": 1, - "y": 23 + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.waf.rule.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.waf.rule.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "2", + "w": 29, + "x": 18, + "y": 23 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top Client IP [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "4", - "w": 18, - "x": 29, - "y": 9 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "5", - "w": 11, - "x": 18, - "y": 9 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "3", + "w": 17, + "x": 1, + "y": 23 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top Hosts [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "6", - "w": 8, - "x": 10, - "y": 9 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 46, - "x": 1, - "y": 15 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "4", + "w": 18, + "x": 29, + "y": 9 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top Countries [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 6, - "i": "8", - "w": 9, - "x": 1, - "y": 9 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "5", + "w": 11, + "x": 18, + "y": 9 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events Triggered [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "9", - "w": 7, - "x": 1, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "10", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "6", + "w": 8, + "x": 10, + "y": 9 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 5, - "i": "11", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Security (WAF)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 8, + "i": "7", + "w": 46, + "x": 1, + "y": 15 }, - { - "id": "cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } }, - { - "id": "cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 6, + "i": "8", + "w": 9, + "x": 1, + "y": 9 }, - { - "id": "cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 4, + "i": "9", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events triggered by the Web Application Firewall - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**WAF - Events triggered by the Web Application Firewall**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 4, + "i": "10", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 5, + "i": "11", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "11:panel_11", - "type": "visualization" - } + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Security (WAF)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-04dda790-2328-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-04dda790-2328-11e9-ba08-c19298cded24.json deleted file mode 100644 index 6eb0b305ac1..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-04dda790-2328-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Traffic IPs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Traffic IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-04dda790-2328-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index a06a99a388b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Countries - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Countries - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-08c86890-2323-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-08c86890-2323-11e9-ba08-c19298cded24.json deleted file mode 100644 index a4824b65a13..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-08c86890-2323-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Traffic Type [Cloudflare]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.device_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Traffic Type", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-08c86890-2323-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json b/packages/cloudflare/kibana/visualization/cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json deleted file mode 100644 index 1c36899ac92..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json +++ /dev/null @@ -1,970 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat Client IPs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat Client IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index a9f4401a3a7..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Total Requests vs. Origin Requests in rps last 24 hours [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(104,204,202,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\"" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "total requests", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(253,161,255,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.origin.response.status_code:\u003e0" - }, - "formatter": "number", - "id": "fca6dbb0-4991-11e9-b6ee-0784825b4ddc", - "label": "origin requests", - "line_width": 1, - "metrics": [ - { - "id": "fca6dbb1-4991-11e9-b6ee-0784825b4ddc", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Total Requests vs. Origin Requests in rps last 24 hours", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 65cbd238cc4..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top WAF Rules Triggered [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.waf.rule.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.waf.rule.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top WAF Rules Triggered", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index b03f046e8c3..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cache Status Ratio [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.cache.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Cache Status Ratio", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 49d442cfca3..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests by Hostname Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests by Hostname Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index cbdf2a5a690..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Origin Requests By Hostname - Content Type - Request Methods - Connection Type**", - "openLinksInNewTab": false - }, - "title": "Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 039611cc74e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Hostnames - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Hostnames - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24.json deleted file mode 100644 index f8078fff650..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Referrer [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.request.referrer", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Referrer", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 2f7aecc2754..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF Events Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "WAF Events Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 8f24b3e668e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,1028 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Threats Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Threats Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index ea14050a538..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "bypass", - "unknown" - ], - "type": "phrases", - "value": "bypass, unknown" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Slowest URIs by cumulative time to first byte for dynamic requests [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "average_response_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "wait_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "8", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 99, - 99.9 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "9", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Slowest URIs by cumulative time to first byte for dynamic requests", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-27809b60-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-27809b60-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index cb1fb084efd..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-27809b60-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "HTTP Protocols [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "HTTP Protocols", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-27809b60-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index de6ca031f17..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "WAF Events triggered by the Web Application Firewall - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**WAF - Events triggered by the Web Application Firewall**", - "openLinksInNewTab": false - }, - "title": "WAF Events triggered by the Web Application Firewall - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24.json deleted file mode 100644 index 6bfd19a2f09..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top User Agents [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top User Agents", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24.json deleted file mode 100644 index 21db0700c3d..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "hit", - "stale", - "updating", - "ignored", - "revalidated" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored, revalidated" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "revalidated" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cached Bandwidth [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Cached Bandwidth", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Cached Bandwidth", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 527d2b95705..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Total number of requests vs cached vs uncached over time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(104,204,202,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\"" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "total requests", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "lucene", - "query": "metricset.name:cloudflare.cache.status" - }, - "id": "e847cce0-4731-11e9-b6ee-0784825b4ddc", - "label": "cached requests" - } - ], - "split_mode": "filter", - "stacked": "none", - "terms_field": "cloudflare.cache.status", - "terms_order_by": "_term" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(hit OR stale OR updating OR ignored)" - }, - "formatter": "number", - "id": "0d45cce0-498f-11e9-b6ee-0784825b4ddc", - "label": "cached requests", - "line_width": 1, - "metrics": [ - { - "id": "0d45cce1-498f-11e9-b6ee-0784825b4ddc", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "#68BC00", - "id": "14053f70-498f-11e9-b6ee-0784825b4ddc" - } - ], - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored)" - }, - "formatter": "number", - "id": "3edf18b0-498f-11e9-b6ee-0784825b4ddc", - "label": "uncached requests", - "line_width": 1, - "metrics": [ - { - "id": "3edf18b1-498f-11e9-b6ee-0784825b4ddc", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Total number of requests vs cached vs uncached over time", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 9dd1bf4af91..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Bandwidth - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Bandwidth**", - "openLinksInNewTab": false - }, - "title": "Bandwidth - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 107627b15df..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Web Traffic Overview - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Web Traffic Overview**", - "openLinksInNewTab": false - }, - "title": "Web Traffic Overview - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 0fcd88d4b3a..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "c520c1a0-1c6e-11ea-9387-9362a5ae410a" - } - ], - "bar_color_rules": [ - { - "id": "c6258770-1c6e-11ea-9387-9362a5ae410a" - } - ], - "drop_last_bucket": 1, - "gauge_color_rules": [ - { - "id": "c7b83560-1c6e-11ea-9387-9362a5ae410a" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(104,204,202,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "total bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(253,161,255,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "cloudflare.origin.response.status_code:\u003e0" - }, - "formatter": "bytes", - "id": "65f93df0-49a7-11e9-a870-03d340338f04", - "label": "origin bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "65f93df1-49a7-11e9-a870-03d340338f04", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 6e887aeb699..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": { - "query": "miss", - "type": "phrase" - }, - "type": "phrase", - "value": "miss" - }, - "query": { - "match": { - "cloudflare.cache.status": { - "query": "miss", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top URIs with Cache Status Miss [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 30 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top URIs with Cache Status Miss", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index d614715a4e0..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Rate Limiting - Get insights into rate limiting events and banned IPs and URIs**", - "openLinksInNewTab": false - }, - "title": "Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 2eb07ac40fe..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": { - "query": "ban", - "type": "phrase" - }, - "type": "phrase", - "value": "ban" - }, - "query": { - "match": { - "cloudflare.edge.rate_limit.action": { - "query": "ban", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Banned Client IPs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Banned Client IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-44f03e10-2328-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-44f03e10-2328-11e9-ba08-c19298cded24.json deleted file mode 100644 index 8c418be835c..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-44f03e10-2328-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Total Number of Requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Total Number of Requests", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index fdc301693c0..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Cache - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Cache**", - "openLinksInNewTab": false - }, - "title": "Cache - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index 87bcb5356e5..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Request Methods [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.request.method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Request Methods", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 8f88da4b90f..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Web Traffic Types - Text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Web Traffic Types -\nGet insight into the various types of traffic and content**", - "openLinksInNewTab": false - }, - "title": "Web Traffic Types - Text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30.json deleted file mode 100644 index fde24ffe458..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top User Agents [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.waf.rule.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "WAF: Top User Agents", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4d637090-2327-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-4d637090-2327-11e9-ba08-c19298cded24.json deleted file mode 100644 index 29857e4d40e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4d637090-2327-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Traffic Type [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.client.ip_class", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Traffic Type", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4d637090-2327-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index d818a5715cf..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Edge Response Status Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Edge Response Status Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f88511537a9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Static vs Dynamic Content - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Static vs Dynamic Content**", - "openLinksInNewTab": false - }, - "title": "Static vs Dynamic Content - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 39ebe3df0d1..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Client IPs and AS Number - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.as.number", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Client IPs and AS Number - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 1c04d19c505..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top Hosts [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "WAF: Top Hosts", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index cd205689e99..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "http.version", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.os.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat Target URIs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat Target URIs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 6357dcf3259..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Summary of Edge and Origin Response Status - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Summary of Edge and Origin Response Status**\n\nGet an overview of the edge and origin response status codes", - "openLinksInNewTab": false - }, - "title": "Summary of Edge and Origin Response Status - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 9cda760282e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin Response Status Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.origin.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Origin Response Status Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30.json deleted file mode 100644 index b903ecef99b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,215 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": [ - "ban", - "simulate", - "challenge", - "jsChallenge" - ], - "type": "phrases", - "value": "ban, simulate, challenge, jsChallenge" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "ban" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "simulate" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "challenge" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "jsChallenge" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Rate Limit Over Time [Cloudflare]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-6M", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.rate_limit.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2.5, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Rate Limit Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-88d54e70-232a-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-88d54e70-232a-11e9-ba08-c19298cded24.json deleted file mode 100644 index dd2047ef4da..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-88d54e70-232a-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Total Bandwidth [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Bandwidth", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Total Bandwidth", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-88d54e70-232a-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json b/packages/cloudflare/kibana/visualization/cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json deleted file mode 100644 index 64126e16814..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json +++ /dev/null @@ -1,945 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Threats Stopped [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Threats Stopped", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 07c78334d23..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top Client IP [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "WAF: Top Client IP", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index c19762dd493..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,186 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "bypass", - "unknown" - ], - "type": "phrases", - "value": "bypass, unknown" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin time to first byte dynamic requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 50, - 75, - 95 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-60d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of cloudflare.origin.response.time" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of OriginResponseTime" - }, - "type": "value" - } - ] - }, - "title": "Origin time to first byte dynamic requests", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 9e9b9a2934b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Performance Overview - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Performance Overview**", - "openLinksInNewTab": false - }, - "title": "Performance Overview - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index e8391dc1e13..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Threats - Review threat activity - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Threats - Review threat activity**", - "openLinksInNewTab": false - }, - "title": "Threats - Review threat activity - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index 79810dd226e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Content Type [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.response.content_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Content Type", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index c048ec3b402..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Cloudflare logo [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", - "openLinksInNewTab": false - }, - "title": "Cloudflare logo", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30.json deleted file mode 100644 index e7895e25686..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": [ - "ban", - "simulate", - "jsChallenge", - "challenge" - ], - "type": "phrases", - "value": "ban, simulate, jsChallenge, challenge" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "ban" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "simulate" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "jsChallenge" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "challenge" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Rate Limit Actions [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.rate_limit.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.rate_limit.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Rate Limit Actions", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index e8356a58091..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin Response Error Ratio [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.origin.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Origin Response Error Ratio", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 5764800f388..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests by Content Type [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.response.content_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests by Content Type", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 83d4df8f27d..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "hit", - "stale", - "updating", - "ignored", - "revalidated" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored, revalidated" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "revalidated" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Uncached Bandwidth [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Uncached Bandwidth", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 027e6867788..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat Countries [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat Countries", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f0f0176c5be..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "hit", - "stale", - "updating", - "ignored" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cached Requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Cached Requests", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 8660549559a..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top Countries [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "WAF: Top Countries", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f0688fb0d89..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests Methods Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.request.method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests Methods Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f1b3cedee55..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Errors Ratio (Edge) [Cloudflare]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 50": "rgb(0,104,55)", - "50 - 75": "rgb(255,255,190)", - "75 - 100": "rgb(165,0,38)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "gauge": { - "alignment": "horizontal", - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 50 - }, - { - "from": 50, - "to": 75 - }, - { - "from": 75, - "to": 100 - } - ], - "extendRange": true, - "gaugeColorMode": "Labels", - "gaugeStyle": "Full", - "gaugeType": "Arc", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": true - }, - "style": { - "bgColor": false, - "bgFill": "#eee", - "bgMask": false, - "bgWidth": 0.9, - "fontSize": 60, - "labelColor": true, - "mask": false, - "maskBars": 50, - "subText": "", - "width": 0.9 - }, - "type": "meter" - }, - "isDisplayWarning": false, - "type": "gauge" - }, - "title": "Errors Ratio (Edge)", - "type": "gauge" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 8065d1f86a9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 14, - "markdown": "Detailed View\nBreakdown of Origin Response Status Codes by Various Metrics", - "openLinksInNewTab": false - }, - "title": "Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 83b563ce025..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat User Agents [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat User Agents", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index de5d96ddec9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Requested URI - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Requested URI - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index eaa802fe1a8..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Traffic Countries [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Traffic Countries", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index fca1f15386b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Requests - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Requests**", - "openLinksInNewTab": false - }, - "title": "Requests - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index d7189fbfa17..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Cached vs Uncached Bandwidth Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "cloudflare.cache.status:(hit OR stale OR updating OR ignored OR revalidated)" - }, - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "saved bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "sum" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored OR -revalidated)" - }, - "formatter": "bytes", - "id": "73f43510-49a0-11e9-8499-d5aa4562b1c7", - "label": "uncached bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "73f43511-49a0-11e9-8499-d5aa4562b1c7", - "type": "sum" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Cached vs Uncached Bandwidth Over Time", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 2c8d3509fde..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Edge Response Error Ratio [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Edge Response Error Ratio", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 7cbc70fb830..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,188 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "bypass", - "unknown" - ], - "type": "phrases", - "value": "bypass, unknown" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin time to first byte static requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 50, - 75, - 95 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-60d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of cloudflare.origin.response.time" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "lineWidth": 1.5, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of OriginResponseTime" - }, - "type": "value" - } - ] - }, - "title": "Origin time to first byte static requests", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 113bd0cecc9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threats Stopped [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threats Stopped", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 7adf49224a0..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "hit", - "stale", - "updating", - "ignored" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Uncached Requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Uncached Requests", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 29cff1b8b3e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top User Agents - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top User Agents - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 6ab5f4620b5..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests by Connection Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.client.ssl.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests by Connection Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index bc2e63bd7ae..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,311 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "cloudflare.logpull" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "cloudflare.logpull" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Filters [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "cloudflare.device_type", - "id": "1554899945457", - "indexPatternRefName": "control_0_index_pattern", - "label": "Device Type", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "source.geo.country_name", - "id": "1554900041526", - "indexPatternRefName": "control_1_index_pattern", - "label": "Country", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "url.domain", - "id": "1554900064098", - "indexPatternRefName": "control_2_index_pattern", - "label": "Hostname", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "client.ip", - "id": "1554900102344", - "indexPatternRefName": "control_3_index_pattern", - "label": "Client IP", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user_agent.original", - "id": "1554900136614", - "indexPatternRefName": "control_4_index_pattern", - "label": "User Agent", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "url.full", - "id": "1554900159944", - "indexPatternRefName": "control_5_index_pattern", - "label": "Request URI", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "http.response.status_code", - "id": "1554900185676", - "indexPatternRefName": "control_6_index_pattern", - "label": "Edge Response Status", - "options": { - "dynamicOptions": false, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "cloudflare.origin.response.status_code", - "id": "1554900211881", - "indexPatternRefName": "control_7_index_pattern", - "label": "Origin Response Status", - "options": { - "dynamicOptions": false, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "destination.ip", - "id": "1556549231725", - "indexPatternRefName": "control_8_index_pattern", - "label": "Origin IP", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "cloudflare.ray_id", - "id": "1554900244300", - "indexPatternRefName": "control_9_index_pattern", - "label": "RayID", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "cloudflare.worker.subrequest", - "id": "1554900268999", - "indexPatternRefName": "control_10_index_pattern", - "label": "Worker Subrequest", - "options": { - "dynamicOptions": false, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "http.request.method", - "id": "1554900324235", - "indexPatternRefName": "control_11_index_pattern", - "label": "Client Request Method", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": true, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "Filters", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_3_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_4_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_5_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_6_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_7_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_8_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_9_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_10_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_11_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 99dd8123f4f..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cache status over time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.cache.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Cache status over time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index 4874c371873..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Requested URI [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Requested URI", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index fda84c21df8..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "unknown", - "bypass" - ], - "type": "phrases", - "value": "unknown, bypass" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Slowest URIs by cumulative time to first byte for static requests [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "average_response_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "wait_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 99, - 99.9 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "5", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Slowest URIs by cumulative time to first byte for static requests", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 27aeaadeef6..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF Events Triggered [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "WAF Events Triggered", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fe404730-2962-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-fe404730-2962-11e9-b959-4502c43b2e30.json deleted file mode 100644 index aa992c74b8c..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fe404730-2962-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": [ - "ban", - "simulate", - "jsChallenge", - "challenge" - ], - "type": "phrases", - "value": "ban, simulate, jsChallenge, challenge" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "ban" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "simulate" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "jsChallenge" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "challenge" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Rate Limit Countries [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.rate_limit.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Rate Limit Countries", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fe404730-2962-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 1ce2d7df6fd..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Pathing Statuses [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 3, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.pathing.src", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.pathing.op", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "cloudflare.edge.pathing.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 3, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Pathing Statuses", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 1c79ed6f390bcf75a706cbcb875d7b24b9c3625f Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 15:19:04 +0530 Subject: [PATCH 013/103] migrate cyberarkpas to by_value --- ...-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json | 2666 +++++++++-------- 1 file changed, 1341 insertions(+), 1325 deletions(-) diff --git a/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json b/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json index b7e1d7eb255..e7175f6f88b 100644 --- a/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json +++ b/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json @@ -1,1376 +1,1392 @@ { - "attributes": { - "description": "Dashboard for CyberArk Privileged Access Security events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "id": "cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:48:32.339Z", + "version": "WzYyMiwxXQ==", + "attributes": { + "description": "Dashboard for CyberArk Privileged Access Security events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cyberarkpas.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cyberarkpas.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.16.0", + "type": "visualization", + "gridData": { + "h": 9, + "i": "1007fa0d-a6a1-4682-a346-a90acc179da5", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "1007fa0d-a6a1-4682-a346-a90acc179da5", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "controls": [ + { + "fieldName": "observer.hostname", + "id": "1617726994032", + "indexPattern": "logs-*", + "indexPatternRefName": "control_0_index_pattern", + "label": " By Vault host", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "event.code", + "id": "1617811797137", + "indexPattern": "logs-*", + "indexPatternRefName": "control_1_index_pattern", + "label": "By event code", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "", + "type": "input_control_vis", + "uiState": {} + }, + "type": "visualization" + }, + "title": "Filters" + }, + { + "version": "7.16.0", + "type": "visualization", + "gridData": { + "h": 13, + "i": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "data_stream.dataset:\"cyberarkpas.audit\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cyberarkpas.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cyberarkpas.audit" - } - } + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" } - ], - "query": { - "language": "kuery", - "query": "" + ], + "override_index_pattern": 0, + "palette": { + "name": "rainbow", + "params": { + "colors": [ + "#68BC00", + "#009CE0", + "#B0BC00", + "#16A5A5", + "#D33115", + "#E27300", + "#FCC400", + "#7B64FF", + "#FA28FF", + "#333333", + "#808080", + "#194D33", + "#0062B1", + "#808900", + "#0C797D", + "#9F0500", + "#C45100", + "#FB9E00", + "#653294", + "#AB149E", + "#0F1419", + "#666666" + ], + "gradient": false + }, + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "cyberarkpas.audit.desc", + "type": "timeseries" } - } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "title": "event types by time" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 4, + "i": "af9e9f0b-a40c-411e-b441-2a779983ed24", + "w": 10, + "x": 0, + "y": 9 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "controls": [ - { - "fieldName": "observer.hostname", - "id": "1617726994032", - "indexPattern": "logs-*", - "indexPatternRefName": "control_0_index_pattern", - "label": " By Vault host", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "event.code", - "id": "1617811797137", - "indexPattern": "logs-*", - "indexPatternRefName": "control_1_index_pattern", - "label": "By event code", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "", - "type": "input_control_vis", - "uiState": {} + "panelIndex": "af9e9f0b-a40c-411e-b441-2a779983ed24", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "33bc0096-e418-4f81-9c7c-7fdd16cc5203": { + "columnOrder": [ + "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12" + ], + "columns": { + "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": " ", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 9, - "i": "1007fa0d-a6a1-4682-a346-a90acc179da5", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "1007fa0d-a6a1-4682-a346-a90acc179da5", - "title": "Filters", - "type": "visualization", - "version": "7.12.0" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12", + "layerId": "33bc0096-e418-4f81-9c7c-7fdd16cc5203", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Count of events" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "7031905a-92ab-4e0e-aa58-72f1c07ff409", + "w": 10, + "x": 0, + "y": 13 + }, + "panelIndex": "7031905a-92ab-4e0e-aa58-72f1c07ff409", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "de047c06-a965-47aa-8a15-8b0266d5abc3": { + "columnOrder": [ + "b916e5f5-a64a-49f1-b37a-ee1825fc61a4", + "3effd03e-0ed9-4e2d-ba8e-d77ae505092e" + ], + "columns": { + "3effd03e-0ed9-4e2d-ba8e-d77ae505092e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "default_index_pattern": "logs-*", - "default_timefield": "@timestamp", - "filter": { - "language": "kuery", - "query": "data_stream.dataset:\"cyberarkpas.audit\" " + "b916e5f5-a64a-49f1-b37a-ee1825fc61a4": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", + "type": "column" }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "", - "interval": "", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "hide_in_legend": 0, - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "rainbow", - "params": { - "colors": [ - "#68BC00", - "#009CE0", - "#B0BC00", - "#16A5A5", - "#D33115", - "#E27300", - "#FCC400", - "#7B64FF", - "#FA28FF", - "#333333", - "#808080", - "#194D33", - "#0062B1", - "#808900", - "#0C797D", - "#9F0500", - "#C45100", - "#FB9E00", - "#653294", - "#AB149E", - "#0F1419", - "#666666" - ], - "gradient": false - }, - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_color_mode": null, - "split_mode": "terms", - "stacked": "stacked", - "terms_field": "cyberarkpas.audit.desc", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "type": "timeseries", - "use_kibana_indexes": true - }, - "title": "", - "type": "metrics", - "uiState": {} + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 13, - "i": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", - "w": 38, - "x": 10, - "y": 0 - }, - "panelIndex": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", - "title": "event types by time", - "type": "visualization", - "version": "7.12.0" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b916e5f5-a64a-49f1-b37a-ee1825fc61a4" + ], + "layerId": "de047c06-a965-47aa-8a15-8b0266d5abc3", + "legendDisplay": "default", + "metric": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", + "nestedLegend": false, + "numberDisplay": "percent", + "layerType": "data" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "33bc0096-e418-4f81-9c7c-7fdd16cc5203": { - "columnOrder": [ - "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12" - ], - "columns": { - "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": " ", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Breakdown by outcome" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "a24b9c0c-da95-4016-9fe5-2c0d34005832", + "w": 11, + "x": 10, + "y": 13 + }, + "panelIndex": "a24b9c0c-da95-4016-9fe5-2c0d34005832", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "19858811-84d1-4f50-901c-dc1451972324": { + "columnOrder": [ + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "e3526253-18e0-4122-b112-ee5b4b9e23d7" + ], + "columns": { + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.user.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "type": "alphabetical" }, - "visualization": { - "accessor": "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12", - "layerId": "33bc0096-e418-4f81-9c7c-7fdd16cc5203" - } + "orderDirection": "asc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.user.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "e3526253-18e0-4122-b112-ee5b4b9e23d7": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cyberarkpas.audit" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 4, - "i": "af9e9f0b-a40c-411e-b441-2a779983ed24", - "w": 10, - "x": 0, - "y": 9 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cyberarkpas.audit" + } + } }, - "panelIndex": "af9e9f0b-a40c-411e-b441-2a779983ed24", - "title": "Count of events", - "type": "lens", - "version": "7.12.0" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.code", + "negate": false, + "params": [ + "308", + "22", + "319", + "295" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "308" + } + }, + { + "match_phrase": { + "event.code": "22" + } + }, + { + "match_phrase": { + "event.code": "319" + } + }, + { + "match_phrase": { + "event.code": "295" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816" + ], + "layerId": "19858811-84d1-4f50-901c-dc1451972324", + "legendDisplay": "default", + "metric": "e3526253-18e0-4122-b112-ee5b4b9e23d7", + "nestedLegend": false, + "numberDisplay": "percent", + "layerType": "data" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "de047c06-a965-47aa-8a15-8b0266d5abc3": { - "columnOrder": [ - "b916e5f5-a64a-49f1-b37a-ee1825fc61a4", - "3effd03e-0ed9-4e2d-ba8e-d77ae505092e" - ], - "columns": { - "3effd03e-0ed9-4e2d-ba8e-d77ae505092e": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "b916e5f5-a64a-49f1-b37a-ee1825fc61a4": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 user credentials accessed" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", + "w": 27, + "x": 21, + "y": 13 + }, + "panelIndex": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "50325938-6a9e-4a26-946e-4468e68c6591": { + "columnOrder": [ + "8a965540-daa1-4848-80bb-96ddf53a328f", + "c05a39ad-2983-4f4a-900d-a939ecbda504", + "a808a872-71b5-4a76-a939-354f68991881" + ], + "columns": { + "8a965540-daa1-4848-80bb-96ddf53a328f": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a808a872-71b5-4a76-a939-354f68991881", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b916e5f5-a64a-49f1-b37a-ee1825fc61a4" - ], - "layerId": "de047c06-a965-47aa-8a15-8b0266d5abc3", - "legendDisplay": "default", - "metric": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 2 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + }, + "a808a872-71b5-4a76-a939-354f68991881": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Credentials accessed", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" + "c05a39ad-2983-4f4a-900d-a939ecbda504": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cyberarkpas.audit" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "7031905a-92ab-4e0e-aa58-72f1c07ff409", - "w": 10, - "x": 0, - "y": 13 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cyberarkpas.audit" + } + } }, - "panelIndex": "7031905a-92ab-4e0e-aa58-72f1c07ff409", - "title": "Breakdown by outcome", - "type": "lens", - "version": "7.12.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "19858811-84d1-4f50-901c-dc1451972324": { - "columnOrder": [ - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "e3526253-18e0-4122-b112-ee5b4b9e23d7" - ], - "columns": { - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.user.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.user.name" - }, - "e3526253-18e0-4122-b112-ee5b4b9e23d7": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cyberarkpas.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cyberarkpas.audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.code", - "negate": false, - "params": [ - "308", - "22", - "319", - "295" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "308" - } - }, - { - "match_phrase": { - "event.code": "22" - } - }, - { - "match_phrase": { - "event.code": "319" - } - }, - { - "match_phrase": { - "event.code": "295" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816" - ], - "layerId": "19858811-84d1-4f50-901c-dc1451972324", - "legendDisplay": "default", - "metric": "e3526253-18e0-4122-b112-ee5b4b9e23d7", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.code", + "negate": false, + "params": [ + "308", + "22", + "319", + "295", + "38" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "308" + } }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "match_phrase": { + "event.code": "22" + } + }, + { + "match_phrase": { + "event.code": "319" + } + }, + { + "match_phrase": { + "event.code": "295" + } + }, + { + "match_phrase": { + "event.code": "38" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "a24b9c0c-da95-4016-9fe5-2c0d34005832", - "w": 11, - "x": 10, - "y": 13 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "a24b9c0c-da95-4016-9fe5-2c0d34005832", - "title": "Top 10 user credentials accessed", - "type": "lens", - "version": "7.12.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "50325938-6a9e-4a26-946e-4468e68c6591": { - "columnOrder": [ - "8a965540-daa1-4848-80bb-96ddf53a328f", - "c05a39ad-2983-4f4a-900d-a939ecbda504", - "a808a872-71b5-4a76-a939-354f68991881" - ], - "columns": { - "8a965540-daa1-4848-80bb-96ddf53a328f": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a808a872-71b5-4a76-a939-354f68991881", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 2 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - }, - "a808a872-71b5-4a76-a939-354f68991881": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Credentials accessed", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c05a39ad-2983-4f4a-900d-a939ecbda504": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cyberarkpas.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cyberarkpas.audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.code", - "negate": false, - "params": [ - "308", - "22", - "319", - "295", - "38" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "308" - } - }, - { - "match_phrase": { - "event.code": "22" - } - }, - { - "match_phrase": { - "event.code": "319" - } - }, - { - "match_phrase": { - "event.code": "295" - } - }, - { - "match_phrase": { - "event.code": "38" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "a808a872-71b5-4a76-a939-354f68991881" - ], - "layerId": "50325938-6a9e-4a26-946e-4468e68c6591", - "position": "top", - "seriesType": "area_stacked", - "showGridlines": false, - "splitAccessor": "8a965540-daa1-4848-80bb-96ddf53a328f", - "xAccessor": "c05a39ad-2983-4f4a-900d-a939ecbda504" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "area_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "layers": [ + { + "accessors": [ + "a808a872-71b5-4a76-a939-354f68991881" + ], + "layerId": "50325938-6a9e-4a26-946e-4468e68c6591", + "position": "top", + "seriesType": "area_stacked", + "showGridlines": false, + "splitAccessor": "8a965540-daa1-4848-80bb-96ddf53a328f", + "xAccessor": "c05a39ad-2983-4f4a-900d-a939ecbda504", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 13, - "i": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", - "w": 27, - "x": 21, - "y": 13 + "preferredSeriesType": "area_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", - "title": "Credential access by time", - "type": "lens", - "version": "7.12.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "105faf70-8330-46b3-a82a-573a383068fa": { - "columnOrder": [ - "c51d6847-2fcc-4d13-a44f-49786cb979ed", - "d73b823b-ae68-4e73-bbe2-90a35bc825e7", - "c0147524-accc-4dee-a4fc-44199e3459f1" - ], - "columns": { - "c0147524-accc-4dee-a4fc-44199e3459f1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Authentications", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c51d6847-2fcc-4d13-a44f-49786cb979ed": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Users", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c0147524-accc-4dee-a4fc-44199e3459f1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 8 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "d73b823b-ae68-4e73-bbe2-90a35bc825e7": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 2 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.category", - "negate": false, - "params": [ - "authentication" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.category": "authentication" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Credential access by time" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 23, + "i": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", + "w": 15, + "x": 0, + "y": 26 + }, + "panelIndex": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "105faf70-8330-46b3-a82a-573a383068fa": { + "columnOrder": [ + "c51d6847-2fcc-4d13-a44f-49786cb979ed", + "d73b823b-ae68-4e73-bbe2-90a35bc825e7", + "c0147524-accc-4dee-a4fc-44199e3459f1" + ], + "columns": { + "c0147524-accc-4dee-a4fc-44199e3459f1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Authentications", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c51d6847-2fcc-4d13-a44f-49786cb979ed": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Users", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c0147524-accc-4dee-a4fc-44199e3459f1", + "type": "column" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "c0147524-accc-4dee-a4fc-44199e3459f1" - ], - "layerId": "105faf70-8330-46b3-a82a-573a383068fa", - "palette": { - "name": "status", - "type": "palette" - }, - "position": "top", - "seriesType": "bar_horizontal_stacked", - "showGridlines": false, - "splitAccessor": "d73b823b-ae68-4e73-bbe2-90a35bc825e7", - "xAccessor": "c51d6847-2fcc-4d13-a44f-49786cb979ed" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 8 + }, + "scale": "ordinal", + "sourceField": "user.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "d73b823b-ae68-4e73-bbe2-90a35bc825e7": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 2 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.category", + "negate": false, + "params": [ + "authentication" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.category": "authentication" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 23, - "i": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", - "w": 15, - "x": 0, - "y": 26 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", - "title": "Vault Authentication attempts", - "type": "lens", - "version": "7.12.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":null,\"isAutoSelect\":true},\"id\":\"a3734143-d6e1-4551-b0b1-8282a37e151b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"label\":\"logs-* | Source Point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"source.ip\",\"tooltipProperties\":[\"host.name\",\"source.ip\",\"source.domain\",\"source.geo.country_iso_code\",\"source.as.organization.name\"],\"id\":\"5f2b25a1-01ea-45ca-a4a2-f1a670c3b149\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":22},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"home\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"2ad8e318-4ef4-4e89-94f2-f37e395c488c\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Destination point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"destination.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"destination.ip\",\"tooltipProperties\":[\"host.name\",\"destination.ip\",\"destination.domain\",\"destination.geo.country_iso_code\",\"destination.as.organization.name\"],\"id\":\"bc95f479-964f-4498-be1e-376d34a01b0a\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":35},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#D36086\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"dbb878c8-4039-49f1-b2ff-ab7fb942ba55\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Line\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"destination.bytes\"}],\"id\":\"faf6884d-b7cb-41dd-ab86-95970d7c59d2\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":8,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"9c450fbf-b009-4b53-9810-2f47ca8dcfa8\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]}]", - "mapStateJSON": "{\"zoom\":1.24,\"center\":{\"lon\":-49.38072,\"lat\":7.87497},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 148.88690000000003, - "maxLon": 438.09868, - "minLat": -116.68142, - "minLon": -417.60444 - }, - "mapCenter": { - "lat": 43.83453, - "lon": 10.24712, - "zoom": 1 + "layers": [ + { + "accessors": [ + "c0147524-accc-4dee-a4fc-44199e3459f1" + ], + "layerId": "105faf70-8330-46b3-a82a-573a383068fa", + "palette": { + "name": "status", + "type": "palette" }, - "openTOCDetails": [] + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "splitAccessor": "d73b823b-ae68-4e73-bbe2-90a35bc825e7", + "xAccessor": "c51d6847-2fcc-4d13-a44f-49786cb979ed", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false }, - "gridData": { - "h": 23, - "i": "cd1e20e7-706f-4d02-949c-d9f5908bad67", - "w": 33, - "x": 15, - "y": 26 + "preferredSeriesType": "bar_horizontal_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "cd1e20e7-706f-4d02-949c-d9f5908bad67", - "title": "Network sources and destinations", - "type": "map", - "version": "7.12.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "028c5c1e-79f9-4999-8438-4889ac2b714c": { - "columnOrder": [ - "e55346c7-87bc-49f4-9215-8a36931d05f4", - "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" - ], - "columns": { - "e55346c7-87bc-49f4-9215-8a36931d05f4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Users", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "f2cd86e2-fb91-48b2-b8dd-e98395d28e00": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Failed authentications", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.category", - "negate": false, - "params": { - "query": "authentication" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "authentication" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Vault Authentication attempts" + }, + { + "version": "7.16.0", + "type": "map", + "gridData": { + "h": 23, + "i": "cd1e20e7-706f-4d02-949c-d9f5908bad67", + "w": 33, + "x": 15, + "y": 26 + }, + "panelIndex": "cd1e20e7-706f-4d02-949c-d9f5908bad67", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":null,\"isAutoSelect\":true},\"id\":\"a3734143-d6e1-4551-b0b1-8282a37e151b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"label\":\"logs-* | Source Point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"source.ip\",\"tooltipProperties\":[\"host.name\",\"source.ip\",\"source.domain\",\"source.geo.country_iso_code\",\"source.as.organization.name\"],\"id\":\"5f2b25a1-01ea-45ca-a4a2-f1a670c3b149\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":22},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"home\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"2ad8e318-4ef4-4e89-94f2-f37e395c488c\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Destination point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"destination.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"destination.ip\",\"tooltipProperties\":[\"host.name\",\"destination.ip\",\"destination.domain\",\"destination.geo.country_iso_code\",\"destination.as.organization.name\"],\"id\":\"bc95f479-964f-4498-be1e-376d34a01b0a\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":35},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#D36086\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"dbb878c8-4039-49f1-b2ff-ab7fb942ba55\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Line\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"destination.bytes\"}],\"id\":\"faf6884d-b7cb-41dd-ab86-95970d7c59d2\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":8,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"9c450fbf-b009-4b53-9810-2f47ca8dcfa8\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]}]", + "mapStateJSON": "{\"zoom\":1.24,\"center\":{\"lon\":-49.38072,\"lat\":7.87497},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 148.88690000000003, + "maxLon": 438.09868, + "minLat": -116.68142, + "minLon": -417.60444 + }, + "mapCenter": { + "lat": 43.83453, + "lon": 10.24712, + "zoom": 1 + }, + "openTOCDetails": [], + "type": "map" + }, + "title": "Network sources and destinations" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "c6305b30-a7e2-4cc3-b49b-db99031f150e", + "w": 15, + "x": 0, + "y": 49 + }, + "panelIndex": "c6305b30-a7e2-4cc3-b49b-db99031f150e", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "028c5c1e-79f9-4999-8438-4889ac2b714c": { + "columnOrder": [ + "e55346c7-87bc-49f4-9215-8a36931d05f4", + "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" + ], + "columns": { + "e55346c7-87bc-49f4-9215-8a36931d05f4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Users", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00", + "type": "column" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" - ], - "layerId": "028c5c1e-79f9-4999-8438-4889ac2b714c", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "e55346c7-87bc-49f4-9215-8a36931d05f4", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "f2cd86e2-fb91-48b2-b8dd-e98395d28e00": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Failed authentications", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c6305b30-a7e2-4cc3-b49b-db99031f150e", - "w": 15, - "x": 0, - "y": 49 + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } }, - "panelIndex": "c6305b30-a7e2-4cc3-b49b-db99031f150e", - "title": "Top users by failed authentications to Vault", - "type": "lens", - "version": "7.12.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "96a2c711-40a3-4dfc-87f5-4b193078e05a", - "w": 33, - "x": 15, - "y": 49 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "96a2c711-40a3-4dfc-87f5-4b193078e05a", - "panelRefName": "panel_9", - "title": "Credential Access", - "version": "7.12.0" - }, - { - "embeddableConfig": { - "columns": [ - "observer.hostname", - "cyberarkpas.audit.action", - "cyberarkpas.audit.issuer", - "cyberarkpas.audit.safe", - "file.path" + "layers": [ + { + "accessors": [ + "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" + ], + "layerId": "028c5c1e-79f9-4999-8438-4889ac2b714c", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "e55346c7-87bc-49f4-9215-8a36931d05f4", + "yConfig": [ + { + "color": "#d36086", + "forAccessor": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" + } ], - "enhancements": {}, - "hidePanelTitles": false + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 18, - "i": "6cd62115-65e7-416f-8da7-96b0d7a9d932", - "w": 48, - "x": 0, - "y": 64 + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "6cd62115-65e7-416f-8da7-96b0d7a9d932", - "panelRefName": "panel_10", - "title": "All logs", - "version": "7.12.0" - } - ], - "timeRestore": false, - "title": "[Logs CyberArk PAS] Overview", - "version": 1 - }, - "coreMigrationVersion": "7.12.0", - "id": "cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "layer_2_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "layer_3_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", - "type": "index-pattern" + "title": "Top users by failed authentications to Vault" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "96a2c711-40a3-4dfc-87f5-4b193078e05a", + "w": 33, + "x": 15, + "y": 49 }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" + "panelIndex": "96a2c711-40a3-4dfc-87f5-4b193078e05a", + "panelRefName": "panel_9", + "title": "Credential Access", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "columns": [ + "observer.hostname", + "cyberarkpas.audit.action", + "cyberarkpas.audit.issuer", + "cyberarkpas.audit.safe", + "file.path" + ], + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "cyberarkpas-a9b82df0-97a5-11eb-bbf8-d77aef8ad7a6", - "name": "panel_9", - "type": "search" + "gridData": { + "h": 18, + "i": "6cd62115-65e7-416f-8da7-96b0d7a9d932", + "w": 48, + "x": 0, + "y": 64 }, - { - "id": "cyberarkpas-fec0d170-96f7-11eb-bbf8-d77aef8ad7a6", - "name": "panel_10", - "type": "search" - } + "panelIndex": "6cd62115-65e7-416f-8da7-96b0d7a9d932", + "panelRefName": "panel_10", + "title": "All logs", + "version": "7.12.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs CyberArk PAS] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_3_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "cyberarkpas-a9b82df0-97a5-11eb-bbf8-d77aef8ad7a6", + "name": "panel_9", + "type": "search" + }, + { + "id": "cyberarkpas-fec0d170-96f7-11eb-bbf8-d77aef8ad7a6", + "name": "panel_10", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file From d60df91ac3584d1e7a185b204affa3a65e43e9cd Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 15:53:43 +0530 Subject: [PATCH 014/103] github already inlined --- ...-4da91aa0-12fc-11ed-af77-016e1a977d80.json | 6581 +++++++++-------- ...-591d69e0-17b6-11ed-809a-7b4be950fe9c.json | 5431 +++++++------- ...-6197be80-220c-11ed-88c4-e3caca48250a.json | 4857 ++++++------ ...-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json | 3699 ++++----- ...-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json | 920 +-- ...-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json | 1982 ++--- 6 files changed, 11745 insertions(+), 11725 deletions(-) diff --git a/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json b/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json index 10d04c87796..9c79ceca1f1 100644 --- a/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json +++ b/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json @@ -1,3408 +1,3413 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{}}},\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\",\"enhancements\":{}}}}" + "id": "github-4da91aa0-12fc-11ed-af77-016e1a977d80", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:22:26.869Z", + "version": "WzY4MywxXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{}}},\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\",\"enhancements\":{}}}}" + }, + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Code Scanning", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": [ + "code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.action": "code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } + }, + "title": "Total Alerts Created [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "gridData": { + "h": 5, + "i": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Found/Fixed Ratio", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } + }, + "formula": "count()/count(kql='github.state:dismissed')", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "scale": "ratio" }, - "meta": { - "alias": "Code Scanning", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": [ - "code_scanning" - ], - "type": "phrases" + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.state:dismissed" + }, + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.action": "code_scanning" - } - } - ] + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "location": { + "max": 43, + "min": 0 + }, + "name": "divide", + "text": "count()/count(kql='github.state:dismissed')", + "type": "function" } + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "scale": "ratio" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Alerts Found/Fixed Ratio [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "w": 14, + "x": 14, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b02c858-e981-4dc4-a3bc-1d563549180a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cbc5557e-f6b9-4140-90b2-3100f33083c4": { + "columnOrder": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc", + "4525c4ae-5f82-4b4d-9867-48e4aba462fd" + ], + "columns": { + "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Open vs Resolved", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.most_recent_instance.state" }, - "title": "Total Alerts Created [GitHub Code Scanning]", - "visualizationType": "lnsMetric" + "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "5b02c858-e981-4dc4-a3bc-1d563549180a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", - "w": 14, - "x": 0, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.54, + "groups": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc" + ], + "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", + "layerType": "data", + "legendDisplay": "show", + "legendPosition": "right", + "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" }, - "panelIndex": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", - "type": "lens", - "version": "8.4.1" + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Found/Fixed Ratio", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "count()/count(kql='github.state:dismissed')", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.state:dismissed" - }, - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "location": { - "max": 43, - "min": 0 - }, - "name": "divide", - "text": "count()/count(kql='github.state:dismissed')", - "type": "function" - } - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" + "title": "Open vs Resolved/Dismissed [GitHub Code Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "w": 20, + "x": 28, + "y": 0 + }, + "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5d417c98-6b80-42b4-9183-15bf539c9c46", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } } - }, - "title": "Alerts Found/Fixed Ratio [GitHub Code Scanning]", - "visualizationType": "lnsMetric" + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "5d417c98-6b80-42b4-9183-15bf539c9c46", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "key": "github.code_scanning.state", + "negate": false, + "params": { + "query": "open" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.code_scanning.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" }, - "gridData": { - "h": 5, - "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "w": 14, - "x": 14, - "y": 0 + "textAlign": "center" + } + }, + "title": "Open Alerts Count [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "w": 14, + "x": 0, + "y": 5 + }, + "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1d49d476-9ca6-44e0-8501-35c7f63ed984", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "e33d2853-5b3d-4be9-9312-2d8da64d9523" + ], + "columns": { + "e33d2853-5b3d-4be9-9312-2d8da64d9523": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Mean time to resolve an alert", + "operationType": "average", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "github.code_scanning.time_to_resolution.sec" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1d49d476-9ca6-44e0-8501-35c7f63ed984", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } }, - "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "type": "lens", - "version": "8.4.1" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "key": "github.code_scanning.time_to_resolution.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "github.code_scanning.time_to_resolution.sec" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5b02c858-e981-4dc4-a3bc-1d563549180a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cbc5557e-f6b9-4140-90b2-3100f33083c4": { - "columnOrder": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc", - "4525c4ae-5f82-4b4d-9867-48e4aba462fd" - ], - "columns": { - "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Open vs Resolved", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.most_recent_instance.state" - }, - "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "5b02c858-e981-4dc4-a3bc-1d563549180a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "Mean Time to Resolution [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 5, + "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "w": 14, + "x": 14, + "y": 5 + }, + "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "title": "Mean Time To Resolution [GitHub Code Scanning]", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "960abe90-416f-4075-aaef-2cc0a3af1707", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.54, - "groups": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc" - ], - "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", - "layerType": "data", - "legendDisplay": "show", - "legendPosition": "right", - "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "shape": "donut" - } + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" }, - "title": "Open vs Resolved/Dismissed [GitHub Code Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } }, - "gridData": { - "h": 15, - "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "w": 20, - "x": 28, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "960abe90-416f-4075-aaef-2cc0a3af1707", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" }, - "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "type": "lens", - "version": "8.4.1" + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5d417c98-6b80-42b4-9183-15bf539c9c46", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", - "type": "index-pattern" + "title": "Resolved/Dismissed Alerts Count [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 5, + "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "w": 14, + "x": 0, + "y": 10 + }, + "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2ce8a419-debd-4a37-85e6-c7b49e61604f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d8a21374-4117-4796-96e2-ecd47f2babd2": { + "columnOrder": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" + ], + "columns": { + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Ratio between the alerts generated and the number of commits", + "operationType": "formula", + "params": { + "formula": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", + "isFormulaBroken": false + }, + "references": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" + ], + "scale": "ratio" + }, + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Ratio between the alerts and the number of commits generated", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Ratio between the alerts and the number of commits generated", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "github.code_scanning.most_recent_instance.commit_sha" + }, + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Ratio between the alerts and the number of commits generated", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" + ], + "location": { + "max": 74, + "min": 0 + }, + "name": "divide", + "text": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", + "type": "function" } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + }, + "references": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2ce8a419-debd-4a37-85e6-c7b49e61604f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", + "layerId": "d8a21374-4117-4796-96e2-ecd47f2babd2", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Alert/Commit Ratio [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", + "w": 14, + "x": 14, + "y": 10 + }, + "panelIndex": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1d50dadb-a088-4e8b-842f-8d84e6378658", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "5d417c98-6b80-42b4-9183-15bf539c9c46", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", - "key": "github.code_scanning.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.code_scanning.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" }, - "title": "Open Alerts Count [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "w": 14, - "x": 0, - "y": 5 - }, - "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1d49d476-9ca6-44e0-8501-35c7f63ed984", - "type": "index-pattern" + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count ", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "logs-*", - "name": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "e33d2853-5b3d-4be9-9312-2d8da64d9523" - ], - "columns": { - "e33d2853-5b3d-4be9-9312-2d8da64d9523": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Mean time to resolve an alert", - "operationType": "average", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "github.code_scanning.time_to_resolution.sec" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1d49d476-9ca6-44e0-8501-35c7f63ed984", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", - "key": "github.code_scanning.time_to_resolution.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "github.code_scanning.time_to_resolution.sec" - } - } - } + "secondaryFields": [ + "github.repository.name" ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } - }, - "title": "Mean Time to Resolution [GitHub Code Scanning]", - "visualizationType": "lnsMetric" + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1d50dadb-a088-4e8b-842f-8d84e6378658", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "gridData": { - "h": 5, - "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "w": 14, - "x": 14, - "y": 5 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "title": "Mean Time To Resolution [GitHub Code Scanning]", - "type": "lens", - "version": "8.4.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" + "title": "Alerts count by owner and by repository [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "w": 25, + "x": 0, + "y": 15 + }, + "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "63aad513-3506-45e9-8c13-d2ee49f689ab", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top repositories contributing to alerts by owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - { - "id": "logs-*", - "name": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "960abe90-416f-4075-aaef-2cc0a3af1707", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "8cca4d83-a822-4b67-97cd-27649e1d7c68": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.repository.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "960abe90-416f-4075-aaef-2cc0a3af1707", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" }, - "title": "Resolved/Dismissed Alerts Count [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 5, - "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "w": 14, - "x": 0, - "y": 10 - }, - "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "type": "lens", - "version": "8.4.1" + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "63aad513-3506-45e9-8c13-d2ee49f689ab", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2ce8a419-debd-4a37-85e6-c7b49e61604f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d8a21374-4117-4796-96e2-ecd47f2babd2": { - "columnOrder": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" - ], - "columns": { - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Ratio between the alerts generated and the number of commits", - "operationType": "formula", - "params": { - "formula": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", - "isFormulaBroken": false - }, - "references": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" - ], - "scale": "ratio" - }, - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", - "operationType": "unique_count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "github.code_scanning.most_recent_instance.commit_sha" - }, - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" - ], - "location": { - "max": 74, - "min": 0 - }, - "name": "divide", - "text": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", - "type": "function" - } - }, - "references": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Aerts % by owner and by repository [GitHub Code Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "w": 23, + "x": 25, + "y": 15 + }, + "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "title": "Alerts % by owner and by repository [GitHub Code Scanning]", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14d80078-f238-406f-9a34-bae0f8616bc0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Tool", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2ce8a419-debd-4a37-85e6-c7b49e61604f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "accessor": "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", - "layerId": "d8a21374-4117-4796-96e2-ecd47f2babd2", - "layerType": "data", - "textAlign": "center" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.tool.name" }, - "title": "Alert/Commit Ratio [GitHub Code Scanning]", - "visualizationType": "lnsMetric" + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "14d80078-f238-406f-9a34-bae0f8616bc0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 5, - "i": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", - "w": 14, - "x": 14, - "y": 10 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1d50dadb-a088-4e8b-842f-8d84e6378658", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count ", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "github.repository.name" - ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1d50dadb-a088-4e8b-842f-8d84e6378658", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Alerts count by owner and by repository [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 12, - "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "w": 25, - "x": 0, - "y": 15 + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "type": "lens", - "version": "8.4.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" + "title": "Tool Contribution Count [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "4e77167a-4642-4cbb-8430-2197e2f31666", + "w": 14, + "x": 0, + "y": 27 + }, + "panelIndex": "4e77167a-4642-4cbb-8430-2197e2f31666", + "title": "Tool Contribution [GitHub Code Scanning]", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e696efc1-4a91-44d3-ad68-618f00d80703", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of github.code_scanning.tool.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" }, - { - "id": "logs-*", - "name": "63aad513-3506-45e9-8c13-d2ee49f689ab", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top repositories contributing to alerts by owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "8cca4d83-a822-4b67-97cd-27649e1d7c68": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.repository.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "63aad513-3506-45e9-8c13-d2ee49f689ab", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.tool.name" }, - "title": "Aerts % by owner and by repository [GitHub Code Scanning]", - "visualizationType": "lnsPie" + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "e696efc1-4a91-44d3-ad68-618f00d80703", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "w": 23, - "x": 25, - "y": 15 - }, - "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "title": "Alerts % by owner and by repository [GitHub Code Scanning]", - "type": "lens", - "version": "8.4.1" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 2, + "legendPosition": "right", + "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" + "title": "Tool Contribution [GitHub Code Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "5135da2a-0093-4b71-a35a-c2b8877d22dd", + "w": 11, + "x": 14, + "y": 27 + }, + "panelIndex": "5135da2a-0093-4b71-a35a-c2b8877d22dd", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a9c37a5a-574a-411d-9420-2e53045288f3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "00866684-5176-499e-9517-eff9e9102155", + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "00866684-5176-499e-9517-eff9e9102155": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.code_scanning.tool.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" }, - { - "id": "logs-*", - "name": "14d80078-f238-406f-9a34-bae0f8616bc0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Tool", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.tool.name" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "14d80078-f238-406f-9a34-bae0f8616bc0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.tool.name" }, - "title": "Tool Contribution Count [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "d" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a9c37a5a-574a-411d-9420-2e53045288f3", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "4e77167a-4642-4cbb-8430-2197e2f31666", - "w": 14, - "x": 0, - "y": 27 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "4e77167a-4642-4cbb-8430-2197e2f31666", - "title": "Tool Contribution [GitHub Code Scanning]", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e696efc1-4a91-44d3-ad68-618f00d80703", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of github.code_scanning.tool.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.tool.name" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "e696efc1-4a91-44d3-ad68-618f00d80703", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 2, - "legendPosition": "right", - "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "shape": "donut" - } - }, - "title": "Tool Contribution [GitHub Code Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 13, - "i": "5135da2a-0093-4b71-a35a-c2b8877d22dd", - "w": 11, - "x": 14, - "y": 27 + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "5135da2a-0093-4b71-a35a-c2b8877d22dd", - "type": "lens", - "version": "8.4.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a9c37a5a-574a-411d-9420-2e53045288f3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "00866684-5176-499e-9517-eff9e9102155", - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "00866684-5176-499e-9517-eff9e9102155": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.code_scanning.tool.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.tool.name" - }, - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": false, - "interval": "d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Daily Tool Contribution [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "7a3f8c53-407b-4862-9dc3-10dccfe06426", + "w": 23, + "x": 25, + "y": 27 + }, + "panelIndex": "7a3f8c53-407b-4862-9dc3-10dccfe06426", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a9c37a5a-574a-411d-9420-2e53045288f3", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Daily Tool Contribution [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "7a3f8c53-407b-4862-9dc3-10dccfe06426", - "w": 23, - "x": 25, - "y": 27 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "7a3f8c53-407b-4862-9dc3-10dccfe06426", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "yConfig": [ - { - "axisMode": "auto", - "color": "#b9a888", - "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "show" - } - }, - "title": "Alert Severity Count [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "yConfig": [ + { + "axisMode": "auto", + "color": "#b9a888", + "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false }, - "gridData": { - "h": 13, - "i": "9653b170-7606-461f-9ac4-bf58547f30db", - "w": 14, - "x": 0, - "y": 40 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", - "type": "lens", - "version": "8.4.1" + "valueLabels": "show" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ad0255d-c017-4880-b3dd-d60cb17375c1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Alert Severity Count [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "9653b170-7606-461f-9ac4-bf58547f30db", + "w": 14, + "x": 0, + "y": 40 + }, + "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ad0255d-c017-4880-b3dd-d60cb17375c1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "3ad0255d-c017-4880-b3dd-d60cb17375c1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "shape": "donut" - } - }, - "title": "Alert Severity % [GitHub Code Scanning]", - "visualizationType": "lnsPie" + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "3ad0255d-c017-4880-b3dd-d60cb17375c1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "563a073c-7de0-4095-b0ac-127caed562f2", - "w": 11, - "x": 14, - "y": 40 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "default", + "type": "palette" }, - "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", - "type": "lens", - "version": "8.4.1" + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a760085-cbc8-4b89-8401-4eb7f686cc80", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "00866684-5176-499e-9517-eff9e9102155", - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "00866684-5176-499e-9517-eff9e9102155": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - }, - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": false, - "interval": "d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Alert Severity % [GitHub Code Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "563a073c-7de0-4095-b0ac-127caed562f2", + "w": 11, + "x": 14, + "y": 40 + }, + "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a760085-cbc8-4b89-8401-4eb7f686cc80", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "00866684-5176-499e-9517-eff9e9102155", + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "00866684-5176-499e-9517-eff9e9102155": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8a760085-cbc8-4b89-8401-4eb7f686cc80", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + }, + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "d" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "Daily Alerts Count by Severity [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8a760085-cbc8-4b89-8401-4eb7f686cc80", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right" }, - "gridData": { - "h": 13, - "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "w": 23, - "x": 25, - "y": 40 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "type": "lens", - "version": "8.4.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.rule.severity" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Daily Alerts Count by Severity [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "w": 23, + "x": 25, + "y": 40 + }, + "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "yConfig": [ - { - "axisMode": "auto", - "color": "#f1ceb0", - "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "show" - } - }, - "title": "Rule Severity [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.rule.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "c8b71fb6-3611-4788-a05f-fc9336b277f5", - "w": 14, - "x": 0, - "y": 53 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "c8b71fb6-3611-4788-a05f-fc9336b277f5", - "type": "lens", - "version": "8.4.1" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "yConfig": [ + { + "axisMode": "auto", + "color": "#f1ceb0", + "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "show" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "68463b79-453f-4a36-a9a5-e747691dbbc9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a5a3e567-da48-48df-902a-28bb45019016": { - "columnOrder": [ - "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b", - "9797f885-5bd5-4511-8dba-7867ef8fd09a" - ], - "columns": { - "9797f885-5bd5-4511-8dba-7867ef8fd09a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 10 Rules", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9797f885-5bd5-4511-8dba-7867ef8fd09a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "rule.name" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Rule Severity [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "c8b71fb6-3611-4788-a05f-fc9336b277f5", + "w": 14, + "x": 0, + "y": 53 + }, + "panelIndex": "c8b71fb6-3611-4788-a05f-fc9336b277f5", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "68463b79-453f-4a36-a9a5-e747691dbbc9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a5a3e567-da48-48df-902a-28bb45019016": { + "columnOrder": [ + "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b", + "9797f885-5bd5-4511-8dba-7867ef8fd09a" + ], + "columns": { + "9797f885-5bd5-4511-8dba-7867ef8fd09a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top 10 Rules", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9797f885-5bd5-4511-8dba-7867ef8fd09a", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "68463b79-453f-4a36-a9a5-e747691dbbc9", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "9797f885-5bd5-4511-8dba-7867ef8fd09a" - ], - "layerId": "a5a3e567-da48-48df-902a-28bb45019016", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b" - } - ], - "legend": { - "floatingColumns": 1, - "horizontalAlignment": "right", - "isInside": true, - "isVisible": true, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": false, - "verticalAlignment": "top" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Top Rules [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "68463b79-453f-4a36-a9a5-e747691dbbc9", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "26c79a62-100e-4eb4-b878-621e2be8570d", - "w": 34, - "x": 14, - "y": 53 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "9797f885-5bd5-4511-8dba-7867ef8fd09a" + ], + "layerId": "a5a3e567-da48-48df-902a-28bb45019016", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b" + } + ], + "legend": { + "floatingColumns": 1, + "horizontalAlignment": "right", + "isInside": true, + "isVisible": true, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": false, + "verticalAlignment": "top" }, - "panelIndex": "26c79a62-100e-4eb4-b878-621e2be8570d", - "type": "lens", - "version": "8.4.1" + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17dc082e-1cb5-4483-901a-9c220d911bac": { - "columnOrder": [ - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "columns": { - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top files responsible for alerts", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.most_recent_instance.location.path" - }, - "b907d8f2-1395-4737-a7db-25bd080be94d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Top Rules [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "26c79a62-100e-4eb4-b878-621e2be8570d", + "w": 34, + "x": 14, + "y": 53 + }, + "panelIndex": "26c79a62-100e-4eb4-b878-621e2be8570d", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17dc082e-1cb5-4483-901a-9c220d911bac": { + "columnOrder": [ + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "columns": { + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top files responsible for alerts", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" - } - ], - "legend": { - "isInside": false, - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.most_recent_instance.location.path" }, - "title": "Top files [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "b907d8f2-1395-4737-a7db-25bd080be94d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "41578b87-d820-42df-92d5-69af2643d793", - "w": 36, - "x": 0, - "y": 66 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", - "type": "lens", - "version": "8.4.1" + "layers": [ + { + "accessors": [ + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" + } + ], + "legend": { + "isInside": false, + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" + "title": "Top files [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "41578b87-d820-42df-92d5-69af2643d793", + "w": 36, + "x": 0, + "y": 66 + }, + "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eeb76646-d085-43fb-bad2-e7e78e3470fa", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2321cd3f-039b-44be-90a5-03028195d49e": { + "columnOrder": [ + "37a962c0-4797-484d-b2e6-00a280b3edc2", + "871b560f-f208-41a2-978b-b97664f99807" + ], + "columns": { + "37a962c0-4797-484d-b2e6-00a280b3edc2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "871b560f-f208-41a2-978b-b97664f99807", + "type": "column" }, - { - "id": "logs-*", - "name": "eeb76646-d085-43fb-bad2-e7e78e3470fa", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2321cd3f-039b-44be-90a5-03028195d49e": { - "columnOrder": [ - "37a962c0-4797-484d-b2e6-00a280b3edc2", - "871b560f-f208-41a2-978b-b97664f99807" - ], - "columns": { - "37a962c0-4797-484d-b2e6-00a280b3edc2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "871b560f-f208-41a2-978b-b97664f99807", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.dismissed_by.login" - }, - "871b560f-f208-41a2-978b-b97664f99807": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "eeb76646-d085-43fb-bad2-e7e78e3470fa", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "871b560f-f208-41a2-978b-b97664f99807" - ], - "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.dismissed_by.login" }, - "title": "Top users dismissing alerts [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "871b560f-f208-41a2-978b-b97664f99807": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "eeb76646-d085-43fb-bad2-e7e78e3470fa", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "w": 12, - "x": 36, - "y": 66 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "871b560f-f208-41a2-978b-b97664f99807" + ], + "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "type": "lens", - "version": "8.4.1" + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "deab5558-7fec-4cfa-b152-24203a046301", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ebd4f001-671a-4772-a2c4-b07f94e34845": { - "columnOrder": [ - "fc40a758-e2ae-45db-88c1-439660cb7f66", - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "columns": { - "5caf7916-eab1-42d2-b591-41039ee8ed72": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "fc40a758-e2ae-45db-88c1-439660cb7f66": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "deab5558-7fec-4cfa-b152-24203a046301", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "title": "Top users dismissing alerts [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "w": 12, + "x": 36, + "y": 66 + }, + "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "deab5558-7fec-4cfa-b152-24203a046301", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ebd4f001-671a-4772-a2c4-b07f94e34845": { + "columnOrder": [ + "fc40a758-e2ae-45db-88c1-439660cb7f66", + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "columns": { + "5caf7916-eab1-42d2-b591-41039ee8ed72": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "Events Timeline [GitHub Code Scanning]", - "visualizationType": "lnsXY" + "fc40a758-e2ae-45db-88c1-439660cb7f66": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "deab5558-7fec-4cfa-b152-24203a046301", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 12, - "i": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", - "w": 48, - "x": 0, - "y": 81 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", - "type": "lens", - "version": "8.4.1" - } - ], - "timeRestore": false, - "title": "[GitHub] Code Scanning Alerts", - "version": 1 - }, - "coreMigrationVersion": "8.4.1", - "id": "github-4da91aa0-12fc-11ed-af77-016e1a977d80", - "migrationVersion": { - "dashboard": "8.4.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:4fa3d8de-226f-4ff3-ab95-b9167e6ff115", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:5b02c858-e981-4dc4-a3bc-1d563549180a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:5d417c98-6b80-42b4-9183-15bf539c9c46", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:c10f8d54-f8a4-45cf-8c17-527a0b914e14", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:1d49d476-9ca6-44e0-8501-35c7f63ed984", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:960abe90-416f-4075-aaef-2cc0a3af1707", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:2ce8a419-debd-4a37-85e6-c7b49e61604f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:1d50dadb-a088-4e8b-842f-8d84e6378658", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:63aad513-3506-45e9-8c13-d2ee49f689ab", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4e77167a-4642-4cbb-8430-2197e2f31666:14d80078-f238-406f-9a34-bae0f8616bc0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:e696efc1-4a91-44d3-ad68-618f00d80703", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:a9c37a5a-574a-411d-9420-2e53045288f3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:c1f5c308-cb41-49d7-9d2b-034ddea6eec8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:3ad0255d-c017-4880-b3dd-d60cb17375c1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:8a760085-cbc8-4b89-8401-4eb7f686cc80", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26c79a62-100e-4eb4-b878-621e2be8570d:indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26c79a62-100e-4eb4-b878-621e2be8570d:68463b79-453f-4a36-a9a5-e747691dbbc9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:eeb76646-d085-43fb-bad2-e7e78e3470fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:deab5558-7fec-4cfa-b152-24203a046301", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView", - "type": "index-pattern" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Events Timeline [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView", - "type": "index-pattern" + "gridData": { + "h": 12, + "i": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", + "w": 48, + "x": 0, + "y": 81 }, - { - "id": "logs-*", - "name": "controlGroup_3d506940-8d8f-4f4f-8fa8-5ac070d1dc36:optionsListDataView", - "type": "index-pattern" - } + "panelIndex": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", + "type": "lens", + "version": "8.4.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[GitHub] Code Scanning Alerts", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:5b02c858-e981-4dc4-a3bc-1d563549180a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:5d417c98-6b80-42b4-9183-15bf539c9c46", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:1d49d476-9ca6-44e0-8501-35c7f63ed984", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:960abe90-416f-4075-aaef-2cc0a3af1707", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:2ce8a419-debd-4a37-85e6-c7b49e61604f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:1d50dadb-a088-4e8b-842f-8d84e6378658", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:63aad513-3506-45e9-8c13-d2ee49f689ab", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:14d80078-f238-406f-9a34-bae0f8616bc0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:e696efc1-4a91-44d3-ad68-618f00d80703", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:a9c37a5a-574a-411d-9420-2e53045288f3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:3ad0255d-c017-4880-b3dd-d60cb17375c1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:8a760085-cbc8-4b89-8401-4eb7f686cc80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26c79a62-100e-4eb4-b878-621e2be8570d:indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26c79a62-100e-4eb4-b878-621e2be8570d:68463b79-453f-4a36-a9a5-e747691dbbc9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:eeb76646-d085-43fb-bad2-e7e78e3470fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:deab5558-7fec-4cfa-b152-24203a046301", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_3d506940-8d8f-4f4f-8fa8-5ac070d1dc36:optionsListDataView", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.4.0" + }, + "coreMigrationVersion": "8.4.1" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json b/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json index 96459148280..f83678486e0 100644 --- a/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json +++ b/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json @@ -1,2806 +1,2811 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"66d2324e-be32-41be-b685-54ba2cc58c2b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"66d2324e-be32-41be-b685-54ba2cc58c2b\",\"enhancements\":{}}},\"54e33c68-ad08-412f-852a-f669391018b0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"54e33c68-ad08-412f-852a-f669391018b0\",\"enhancements\":{}}},\"9fd25971-d168-4a50-985f-9e1bb266c93e\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"9fd25971-d168-4a50-985f-9e1bb266c93e\",\"enhancements\":{}}},\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\",\"enhancements\":{}}}}" + "id": "github-591d69e0-17b6-11ed-809a-7b4be950fe9c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:22:26.869Z", + "version": "WzY4NCwxXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"66d2324e-be32-41be-b685-54ba2cc58c2b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"66d2324e-be32-41be-b685-54ba2cc58c2b\",\"enhancements\":{}}},\"54e33c68-ad08-412f-852a-f669391018b0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"54e33c68-ad08-412f-852a-f669391018b0\",\"enhancements\":{}}},\"9fd25971-d168-4a50-985f-9e1bb266c93e\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"9fd25971-d168-4a50-985f-9e1bb266c93e\",\"enhancements\":{}}},\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\",\"enhancements\":{}}}}" + }, + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Secret Scanning", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": [ + "secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.action": "secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a27a9357-b353-46a3-9116-530f354b09b9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Secrets Found", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a27a9357-b353-46a3-9116-530f354b09b9", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } + }, + "title": "Total Secrets Found [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", + "w": 14, + "x": 0, + "y": 0 }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "panelIndex": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ef2a4614-151f-42d0-8707-257d009298ea", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Secrets Found/Fixed Ratio", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } + }, + "formula": "count()/count(kql='github.state:dismissed or github.state:resolved')", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "scale": "ratio" }, - "meta": { - "alias": "Secret Scanning", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": [ - "secret_scanning" - ], - "type": "phrases" + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Secrets Found/Fixed Ratio", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.state:dismissed or github.state:resolved" + }, + "isBucketed": false, + "label": "Part of Secrets Found/Fixed Ratio", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.action": "secret_scanning" - } - } - ] + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Secrets Found/Fixed Ratio", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "location": { + "max": 68, + "min": 0 + }, + "name": "divide", + "text": "count()/count(kql='github.state:dismissed or github.state:resolved')", + "type": "function" } + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "scale": "ratio" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ef2a4614-151f-42d0-8707-257d009298ea", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Secrets Found/Fixed Ratio [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "277a4af7-61c6-40d9-80a6-2d73df097618", + "w": 14, + "x": 14, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" + "panelIndex": "277a4af7-61c6-40d9-80a6-2d73df097618", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cbc5557e-f6b9-4140-90b2-3100f33083c4": { + "columnOrder": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc", + "4525c4ae-5f82-4b4d-9867-48e4aba462fd" + ], + "columns": { + "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Open vs Resolved", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "type": "column" }, - { - "id": "logs-*", - "name": "a27a9357-b353-46a3-9116-530f354b09b9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Secrets Found", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a27a9357-b353-46a3-9116-530f354b09b9", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.state" }, - "title": "Total Secrets Found [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", - "w": 14, - "x": 0, - "y": 0 + "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc" + ], + "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", + "layerType": "data", + "legendDisplay": "show", + "legendPosition": "right", + "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" }, - "panelIndex": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", - "type": "lens", - "version": "8.3.0" + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ef2a4614-151f-42d0-8707-257d009298ea", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Secrets Found/Fixed Ratio", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "count()/count(kql='github.state:dismissed or github.state:resolved')", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Secrets Found/Fixed Ratio", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.state:dismissed or github.state:resolved" - }, - "isBucketed": false, - "label": "Part of Secrets Found/Fixed Ratio", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Secrets Found/Fixed Ratio", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "location": { - "max": 68, - "min": 0 - }, - "name": "divide", - "text": "count()/count(kql='github.state:dismissed or github.state:resolved')", - "type": "function" - } - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ef2a4614-151f-42d0-8707-257d009298ea", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" + "title": "Open vs Fixed/Resolved Secrets[GitHub Secret Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "51a087d0-9c56-4047-9404-b4b7b37497b0", + "w": 20, + "x": 28, + "y": 0 + }, + "panelIndex": "51a087d0-9c56-4047-9404-b4b7b37497b0", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } } - }, - "title": "Secrets Found/Fixed Ratio [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", + "key": "github.state", + "negate": false, + "params": { + "query": "open" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" }, - "gridData": { - "h": 5, - "i": "277a4af7-61c6-40d9-80a6-2d73df097618", - "w": 14, - "x": 14, - "y": 0 + "textAlign": "center" + } + }, + "title": "Open Secrets Count [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", + "w": 14, + "x": 0, + "y": 5 + }, + "panelIndex": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9c0d6963-bc22-4d2d-9028-20e603d307e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dac33af7-8640-4326-8c95-afddf6194657", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "e33d2853-5b3d-4be9-9312-2d8da64d9523" + ], + "columns": { + "e33d2853-5b3d-4be9-9312-2d8da64d9523": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Mean time to resolve an alert", + "operationType": "average", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "github.secret_scanning.time_to_resolution.sec" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "9c0d6963-bc22-4d2d-9028-20e603d307e7", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } }, - "panelIndex": "277a4af7-61c6-40d9-80a6-2d73df097618", - "type": "lens", - "version": "8.3.0" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "dac33af7-8640-4326-8c95-afddf6194657", + "key": "github.secret_scanning.time_to_resolution.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "github.secret_scanning.time_to_resolution.sec" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cbc5557e-f6b9-4140-90b2-3100f33083c4": { - "columnOrder": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc", - "4525c4ae-5f82-4b4d-9867-48e4aba462fd" - ], - "columns": { - "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Open vs Resolved", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.state" - }, - "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "Mean Time to Resolution [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 10, + "i": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", + "w": 14, + "x": 14, + "y": 5 + }, + "panelIndex": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9f91f71-3727-4bf1-9d0a-2742347e223f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc" - ], - "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", - "layerType": "data", - "legendDisplay": "show", - "legendPosition": "right", - "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "shape": "donut" - } + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" }, - "title": "Open vs Fixed/Resolved Secrets[GitHub Secret Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "e9f91f71-3727-4bf1-9d0a-2742347e223f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } }, - "gridData": { - "h": 15, - "i": "51a087d0-9c56-4047-9404-b4b7b37497b0", - "w": 20, - "x": 28, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" }, - "panelIndex": "51a087d0-9c56-4047-9404-b4b7b37497b0", - "type": "lens", - "version": "8.3.0" + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" + "title": "Fixed Secrets Count [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "892ed6dd-afe7-4685-bebb-5f1a70b44692", + "w": 14, + "x": 0, + "y": 10 + }, + "panelIndex": "892ed6dd-afe7-4685-bebb-5f1a70b44692", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "89debdad-d323-4640-918b-2c38d061e212", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "logs-*", - "name": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", - "type": "index-pattern" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Found Secrets by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count by repository", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } - }, - "title": "Open Secrets Count [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" + "secondaryFields": [ + "github.repository.name" + ], + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "89debdad-d323-4640-918b-2c38d061e212", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" }, - "enhancements": {} + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "gridData": { - "h": 5, - "i": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", - "w": 14, - "x": 0, - "y": 5 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", - "type": "lens", - "version": "8.3.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" + "title": "Found Secrets count by owner and by repository [GitHub Secret Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "429f2ded-1aca-42cd-9190-9afddb03eabf", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "429f2ded-1aca-42cd-9190-9afddb03eabf", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "11287d36-4d96-447c-b336-56ae03fcbc16", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top repositories contributing to alerts by owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - { - "id": "logs-*", - "name": "9c0d6963-bc22-4d2d-9028-20e603d307e7", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "dac33af7-8640-4326-8c95-afddf6194657", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "e33d2853-5b3d-4be9-9312-2d8da64d9523" - ], - "columns": { - "e33d2853-5b3d-4be9-9312-2d8da64d9523": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Mean time to resolve an alert", - "operationType": "average", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "github.secret_scanning.time_to_resolution.sec" - } - }, - "incompleteColumns": {} - } - } - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "8cca4d83-a822-4b67-97cd-27649e1d7c68": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.repository.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "9c0d6963-bc22-4d2d-9028-20e603d307e7", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.secret_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "dac33af7-8640-4326-8c95-afddf6194657", - "key": "github.secret_scanning.time_to_resolution.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "github.secret_scanning.time_to_resolution.sec" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" }, - "title": "Mean Time to Resolution [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", - "w": 14, - "x": 14, - "y": 5 - }, - "panelIndex": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", - "type": "lens", - "version": "8.3.0" + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "11287d36-4d96-447c-b336-56ae03fcbc16", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9f91f71-3727-4bf1-9d0a-2742347e223f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Found Secrets % by owner and by repository [GitHub Secret Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "a7adc099-113f-4113-b592-24b5ceff484e", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "a7adc099-113f-4113-b592-24b5ceff484e", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "25c2db0c-d286-407e-9c0b-55252a2ad165", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Secret Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "e9f91f71-3727-4bf1-9d0a-2742347e223f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" }, - "title": "Fixed Secrets Count [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Found Secrets", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "25c2db0c-d286-407e-9c0b-55252a2ad165", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "key": "github.state", + "negate": false, + "params": { + "query": "open" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 5, - "i": "892ed6dd-afe7-4685-bebb-5f1a70b44692", - "w": 14, - "x": 0, - "y": 10 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "892ed6dd-afe7-4685-bebb-5f1a70b44692", - "type": "lens", - "version": "8.3.0" + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "89debdad-d323-4640-918b-2c38d061e212", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Found Secrets by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count by repository", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "github.repository.name" - ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Open Secrets Count by Type [GitHub Secret Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "883397dd-0064-48f2-b257-c8ed4295b0b9", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "883397dd-0064-48f2-b257-c8ed4295b0b9", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Secrets by Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "89debdad-d323-4640-918b-2c38d061e212", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" }, - "title": "Found Secrets count by owner and by repository [GitHub Secret Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "429f2ded-1aca-42cd-9190-9afddb03eabf", - "w": 24, - "x": 0, - "y": 15 + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } }, - "panelIndex": "429f2ded-1aca-42cd-9190-9afddb03eabf", - "type": "lens", - "version": "8.3.0" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 5, + "legendPosition": "right", + "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "11287d36-4d96-447c-b336-56ae03fcbc16", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top repositories contributing to alerts by owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "8cca4d83-a822-4b67-97cd-27649e1d7c68": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.repository.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Open Secrets % by Type [GitHub Secret Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "d0ec4a50-b9da-4775-9f64-5389f898aee3", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "d0ec4a50-b9da-4775-9f64-5389f898aee3", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "725aa594-f41c-4b3e-a6cf-8c115b602f57": { + "columnOrder": [ + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "197c6dc3-cb49-4482-8381-a89e27cc960f", + "e81fb515-1196-411c-818d-8f4d837ce000", + "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", + "753cfcd3-a745-4003-9d55-c19e0ffbd43f", + "5cf0999f-989a-465c-a12d-3549cad8584a", + "308e4990-dd31-471d-a467-d9c8a775476d", + "432976f9-4218-49dc-9922-f7dc093cbaa1" + ], + "columns": { + "197c6dc3-cb49-4482-8381-a89e27cc960f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner/Organization", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "11287d36-4d96-447c-b336-56ae03fcbc16", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" }, - "title": "Found Secrets % by owner and by repository [GitHub Secret Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "a7adc099-113f-4113-b592-24b5ceff484e", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "a7adc099-113f-4113-b592-24b5ceff484e", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" + "2059204b-f8ae-4a1f-911e-c7ed705f2ba9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - { - "id": "logs-*", - "name": "25c2db0c-d286-407e-9c0b-55252a2ad165", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Secret Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Found Secrets", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" + }, + "308e4990-dd31-471d-a467-d9c8a775476d": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "432976f9-4218-49dc-9922-f7dc093cbaa1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.secret_scanning.time_to_resolution.sec: *" + }, + "isBucketed": false, + "label": "Time To Resolution", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "github.secret_scanning.time_to_resolution.sec" + }, + "5cf0999f-989a-465c-a12d-3549cad8584a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Resolved By User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "25c2db0c-d286-407e-9c0b-55252a2ad165", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.resolved_by.login" }, - "title": "Open Secrets Count by Type [GitHub Secret Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "883397dd-0064-48f2-b257-c8ed4295b0b9", - "w": 24, - "x": 0, - "y": 27 - }, - "panelIndex": "883397dd-0064-48f2-b257-c8ed4295b0b9", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" + "753cfcd3-a745-4003-9d55-c19e0ffbd43f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Resolution", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - { - "id": "logs-*", - "name": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Secrets by Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.resolution" + }, + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Fixed Secret", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 5, - "legendPosition": "right", - "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "shape": "donut" - } + "size": 1000 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret" }, - "title": "Open Secrets % by Type [GitHub Secret Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "d0ec4a50-b9da-4775-9f64-5389f898aee3", - "w": 24, - "x": 24, - "y": 27 + "e81fb515-1196-411c-818d-8f4d837ce000": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Repository", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } }, - "panelIndex": "d0ec4a50-b9da-4775-9f64-5389f898aee3", - "type": "lens", - "version": "8.3.0" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "hidden": false, + "isTransposed": false, + "width": 242.75 + }, + { + "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", + "isTransposed": false + }, + { + "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", + "isTransposed": false + }, + { + "columnId": "753cfcd3-a745-4003-9d55-c19e0ffbd43f", + "isTransposed": false + }, + { + "columnId": "5cf0999f-989a-465c-a12d-3549cad8584a", + "isTransposed": false + }, + { + "columnId": "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", + "isTransposed": false + }, + { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "hidden": true, + "isTransposed": false + }, + { + "columnId": "432976f9-4218-49dc-9922-f7dc093cbaa1", + "isTransposed": false + } + ], + "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" + "title": "Fixed Secrets [GitHub Secret Scanning]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "725aa594-f41c-4b3e-a6cf-8c115b602f57": { + "columnOrder": [ + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "197c6dc3-cb49-4482-8381-a89e27cc960f", + "e81fb515-1196-411c-818d-8f4d837ce000", + "4b29a17b-d4c4-4d29-a120-296f69b2875e", + "3b3eb320-881a-4786-bcb3-d2400e38a3d3", + "308e4990-dd31-471d-a467-d9c8a775476d" + ], + "columns": { + "197c6dc3-cb49-4482-8381-a89e27cc960f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner/Organization", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - { - "id": "logs-*", - "name": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "725aa594-f41c-4b3e-a6cf-8c115b602f57": { - "columnOrder": [ - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "197c6dc3-cb49-4482-8381-a89e27cc960f", - "e81fb515-1196-411c-818d-8f4d837ce000", - "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", - "753cfcd3-a745-4003-9d55-c19e0ffbd43f", - "5cf0999f-989a-465c-a12d-3549cad8584a", - "308e4990-dd31-471d-a467-d9c8a775476d", - "432976f9-4218-49dc-9922-f7dc093cbaa1" - ], - "columns": { - "197c6dc3-cb49-4482-8381-a89e27cc960f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner/Organization", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2059204b-f8ae-4a1f-911e-c7ed705f2ba9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" - }, - "308e4990-dd31-471d-a467-d9c8a775476d": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "432976f9-4218-49dc-9922-f7dc093cbaa1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.secret_scanning.time_to_resolution.sec: *" - }, - "isBucketed": false, - "label": "Time To Resolution", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "github.secret_scanning.time_to_resolution.sec" - }, - "5cf0999f-989a-465c-a12d-3549cad8584a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Resolved By User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.resolved_by.login" - }, - "753cfcd3-a745-4003-9d55-c19e0ffbd43f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Resolution", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.resolution" - }, - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Fixed Secret", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 1000 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret" - }, - "e81fb515-1196-411c-818d-8f4d837ce000": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Repository", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - } - }, - "incompleteColumns": {} - } - } - } + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "308e4990-dd31-471d-a467-d9c8a775476d": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "3b3eb320-881a-4786-bcb3-d2400e38a3d3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Alert URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "hidden": false, - "isTransposed": false, - "width": 242.75 - }, - { - "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", - "isTransposed": false - }, - { - "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", - "isTransposed": false - }, - { - "columnId": "753cfcd3-a745-4003-9d55-c19e0ffbd43f", - "isTransposed": false - }, - { - "columnId": "5cf0999f-989a-465c-a12d-3549cad8584a", - "isTransposed": false - }, - { - "columnId": "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", - "isTransposed": false - }, - { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "hidden": true, - "isTransposed": false - }, - { - "columnId": "432976f9-4218-49dc-9922-f7dc093cbaa1", - "isTransposed": false - } - ], - "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", - "layerType": "data" - } + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.url" }, - "title": "Fixed Secrets [GitHub Secret Scanning]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", - "w": 48, - "x": 0, - "y": 40 - }, - "panelIndex": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" + "4b29a17b-d4c4-4d29-a120-296f69b2875e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - { - "id": "logs-*", - "name": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "725aa594-f41c-4b3e-a6cf-8c115b602f57": { - "columnOrder": [ - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "197c6dc3-cb49-4482-8381-a89e27cc960f", - "e81fb515-1196-411c-818d-8f4d837ce000", - "4b29a17b-d4c4-4d29-a120-296f69b2875e", - "3b3eb320-881a-4786-bcb3-d2400e38a3d3", - "308e4990-dd31-471d-a467-d9c8a775476d" - ], - "columns": { - "197c6dc3-cb49-4482-8381-a89e27cc960f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner/Organization", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "308e4990-dd31-471d-a467-d9c8a775476d": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "3b3eb320-881a-4786-bcb3-d2400e38a3d3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Alert URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.url" - }, - "4b29a17b-d4c4-4d29-a120-296f69b2875e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" - }, - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Found Secret", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 1000 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret" - }, - "e81fb515-1196-411c-818d-8f4d837ce000": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Repository", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - } - }, - "incompleteColumns": {} - } - } - } + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" + }, + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Found Secret", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", - "key": "github.state", - "negate": false, - "params": [ - "open" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "open" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "hidden": false, - "isTransposed": false, - "width": 242.75 - }, - { - "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", - "isTransposed": false - }, - { - "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", - "isTransposed": false - }, - { - "columnId": "3b3eb320-881a-4786-bcb3-d2400e38a3d3", - "isTransposed": false - }, - { - "columnId": "4b29a17b-d4c4-4d29-a120-296f69b2875e", - "isTransposed": false - }, - { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "hidden": true, - "isTransposed": false - } - ], - "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", - "layerType": "data", - "paging": { - "enabled": true, - "size": 10 - }, - "rowHeight": "custom", - "rowHeightLines": 2 - } + "size": 1000 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret" }, - "title": "Found Secrets [GitHub Secret Scanning]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "e81fb515-1196-411c-818d-8f4d837ce000": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Repository", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } }, - "gridData": { - "h": 15, - "i": "991aa388-e5d6-469b-911a-1cbcd1b84417", - "w": 48, - "x": 0, - "y": 55 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "key": "github.state", + "negate": false, + "params": [ + "open" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "open" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "hidden": false, + "isTransposed": false, + "width": 242.75 + }, + { + "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", + "isTransposed": false + }, + { + "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", + "isTransposed": false + }, + { + "columnId": "3b3eb320-881a-4786-bcb3-d2400e38a3d3", + "isTransposed": false + }, + { + "columnId": "4b29a17b-d4c4-4d29-a120-296f69b2875e", + "isTransposed": false + }, + { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "hidden": true, + "isTransposed": false + } + ], + "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 }, - "panelIndex": "991aa388-e5d6-469b-911a-1cbcd1b84417", - "type": "lens", - "version": "8.3.0" + "rowHeight": "custom", + "rowHeightLines": 2 + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8908ff94-5bd3-4a76-b219-1ba7128998c6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2321cd3f-039b-44be-90a5-03028195d49e": { - "columnOrder": [ - "37a962c0-4797-484d-b2e6-00a280b3edc2", - "871b560f-f208-41a2-978b-b97664f99807" - ], - "columns": { - "37a962c0-4797-484d-b2e6-00a280b3edc2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "871b560f-f208-41a2-978b-b97664f99807", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.resolved_by.login" - }, - "871b560f-f208-41a2-978b-b97664f99807": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Fixed Secrets Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Found Secrets [GitHub Secret Scanning]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "991aa388-e5d6-469b-911a-1cbcd1b84417", + "w": 48, + "x": 0, + "y": 55 + }, + "panelIndex": "991aa388-e5d6-469b-911a-1cbcd1b84417", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8908ff94-5bd3-4a76-b219-1ba7128998c6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2321cd3f-039b-44be-90a5-03028195d49e": { + "columnOrder": [ + "37a962c0-4797-484d-b2e6-00a280b3edc2", + "871b560f-f208-41a2-978b-b97664f99807" + ], + "columns": { + "37a962c0-4797-484d-b2e6-00a280b3edc2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "871b560f-f208-41a2-978b-b97664f99807", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8908ff94-5bd3-4a76-b219-1ba7128998c6", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "871b560f-f208-41a2-978b-b97664f99807" - ], - "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.resolved_by.login" }, - "title": "Top users resolving secrets [GitHub Secret Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "871b560f-f208-41a2-978b-b97664f99807": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Fixed Secrets Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8908ff94-5bd3-4a76-b219-1ba7128998c6", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "871b560f-f208-41a2-978b-b97664f99807" + ], + "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 11, - "i": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", - "w": 15, - "x": 33, - "y": 70 + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", - "type": "lens", - "version": "8.3.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ebd4f001-671a-4772-a2c4-b07f94e34845": { - "columnOrder": [ - "fc40a758-e2ae-45db-88c1-439660cb7f66", - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "columns": { - "5caf7916-eab1-42d2-b591-41039ee8ed72": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "fc40a758-e2ae-45db-88c1-439660cb7f66": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.secret_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "title": "Top users resolving secrets [GitHub Secret Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 11, + "i": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", + "w": 15, + "x": 33, + "y": 70 + }, + "panelIndex": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ebd4f001-671a-4772-a2c4-b07f94e34845": { + "columnOrder": [ + "fc40a758-e2ae-45db-88c1-439660cb7f66", + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "columns": { + "5caf7916-eab1-42d2-b591-41039ee8ed72": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "Events Timeline [GitHub Secret Scanning]", - "visualizationType": "lnsXY" + "fc40a758-e2ae-45db-88c1-439660cb7f66": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.secret_scanning" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 11, - "i": "36cee00b-70b3-4bb5-a4b3-2448061135f8", - "w": 33, - "x": 0, - "y": 70 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "36cee00b-70b3-4bb5-a4b3-2448061135f8", - "type": "lens", - "version": "8.3.0" - } - ], - "timeRestore": false, - "title": "[GitHub] Secret Scanning Alerts", - "version": 1 - }, - "coreMigrationVersion": "8.4.1", - "id": "github-591d69e0-17b6-11ed-809a-7b4be950fe9c", - "migrationVersion": { - "dashboard": "8.4.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:99882a8f-757f-4692-b7dd-56e561a7a5ac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:fac9d156-24f2-409d-9f1b-200dbd5a9b5a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_bcb03b9e-5278-4d66-a4da-762d41ec13cd:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:a27a9357-b353-46a3-9116-530f354b09b9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "277a4af7-61c6-40d9-80a6-2d73df097618:ef2a4614-151f-42d0-8707-257d009298ea", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:d7c9ae82-adc1-4169-a1ac-2fea90204f25", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:b2d41cbe-238c-4c90-994d-d8e8f1668a44", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:9c0d6963-bc22-4d2d-9028-20e603d307e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:dac33af7-8640-4326-8c95-afddf6194657", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:e9f91f71-3727-4bf1-9d0a-2742347e223f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:89debdad-d323-4640-918b-2c38d061e212", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7adc099-113f-4113-b592-24b5ceff484e:11287d36-4d96-447c-b336-56ae03fcbc16", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:25c2db0c-d286-407e-9c0b-55252a2ad165", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:acfd1c9a-be16-4275-ae7d-0ad42b060de0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:c26ebed6-b942-43ed-9f00-ccf3c5842f5f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:94bf6c5a-a948-40c1-95a7-52d11ef68bad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:8908ff94-5bd3-4a76-b219-1ba7128998c6", - "type": "index-pattern" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Events Timeline [GitHub Secret Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" + "gridData": { + "h": 11, + "i": "36cee00b-70b3-4bb5-a4b3-2448061135f8", + "w": 33, + "x": 0, + "y": 70 }, - { - "id": "logs-*", - "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", - "type": "index-pattern" - } + "panelIndex": "36cee00b-70b3-4bb5-a4b3-2448061135f8", + "type": "lens", + "version": "8.3.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[GitHub] Secret Scanning Alerts", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:99882a8f-757f-4692-b7dd-56e561a7a5ac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:fac9d156-24f2-409d-9f1b-200dbd5a9b5a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_bcb03b9e-5278-4d66-a4da-762d41ec13cd:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:a27a9357-b353-46a3-9116-530f354b09b9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "277a4af7-61c6-40d9-80a6-2d73df097618:ef2a4614-151f-42d0-8707-257d009298ea", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:d4cc48c0-fb83-4b1d-9c91-369a087165c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:9c0d6963-bc22-4d2d-9028-20e603d307e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:dac33af7-8640-4326-8c95-afddf6194657", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:e9f91f71-3727-4bf1-9d0a-2742347e223f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:f34d1f77-a34c-4ac9-ab7a-6892d9505a80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:89debdad-d323-4640-918b-2c38d061e212", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7adc099-113f-4113-b592-24b5ceff484e:11287d36-4d96-447c-b336-56ae03fcbc16", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:25c2db0c-d286-407e-9c0b-55252a2ad165", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:8908ff94-5bd3-4a76-b219-1ba7128998c6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.4.0" + }, + "coreMigrationVersion": "8.4.1" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json b/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json index e3240769f3a..135d96cb4e5 100644 --- a/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json +++ b/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json @@ -1,2512 +1,2517 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\",\"enhancements\":{},\"selectedOptions\":[]}},\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\",\"enhancements\":{},\"selectedOptions\":[]}},\"91415c25-696a-4928-92e3-2c578e14c7a3\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"91415c25-696a-4928-92e3-2c578e14c7a3\",\"enhancements\":{}}},\"a1e7b5ed-b636-4db8-87e1-779863061f45\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"a1e7b5ed-b636-4db8-87e1-779863061f45\",\"enhancements\":{},\"selectedOptions\":[]}}}" + "id": "github-6197be80-220c-11ed-88c4-e3caca48250a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:22:26.869Z", + "version": "WzY4NSwxXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\",\"enhancements\":{},\"selectedOptions\":[]}},\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\",\"enhancements\":{},\"selectedOptions\":[]}},\"91415c25-696a-4928-92e3-2c578e14c7a3\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"91415c25-696a-4928-92e3-2c578e14c7a3\",\"enhancements\":{}}},\"a1e7b5ed-b636-4db8-87e1-779863061f45\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"a1e7b5ed-b636-4db8-87e1-779863061f45\",\"enhancements\":{},\"selectedOptions\":[]}}}" + }, + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Dependabot", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": [ + "dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.action": "dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85aacdea-d37b-4e6a-ae32-81077ddccb60", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "85aacdea-d37b-4e6a-ae32-81077ddccb60", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } + }, + "title": "Total Alerts Created [GitHub Dependabot]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", + "w": 14, + "x": 0, + "y": 0 }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "panelIndex": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Found/Fixed Ratio", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } + }, + "formula": "count()/count(kql='github.state:dismissed')", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "scale": "ratio" }, - "meta": { - "alias": "Dependabot", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": [ - "dependabot" - ], - "type": "phrases" + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.state:dismissed" + }, + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.action": "dependabot" - } - } - ] + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "location": { + "max": 43, + "min": 0 + }, + "name": "divide", + "text": "count()/count(kql='github.state:dismissed')", + "type": "function" } + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "scale": "ratio" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Alerts Found/Fixed Ratio [GitHub Dependabot]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 8, + "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "w": 14, + "x": 14, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" + "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cbc5557e-f6b9-4140-90b2-3100f33083c4": { + "columnOrder": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc", + "4525c4ae-5f82-4b4d-9867-48e4aba462fd" + ], + "columns": { + "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Open vs Resolved", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "type": "column" }, - { - "id": "logs-*", - "name": "85aacdea-d37b-4e6a-ae32-81077ddccb60", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "85aacdea-d37b-4e6a-ae32-81077ddccb60", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.state" }, - "title": "Total Alerts Created [GitHub Dependabot]", - "visualizationType": "lnsMetric" + "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", - "w": 14, - "x": 0, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.54, + "groups": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc" + ], + "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", + "layerType": "data", + "legendDisplay": "show", + "legendPosition": "right", + "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" }, - "panelIndex": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", - "type": "lens", - "version": "8.3.0" + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Found/Fixed Ratio", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "count()/count(kql='github.state:dismissed')", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.state:dismissed" - }, - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "location": { - "max": 43, - "min": 0 - }, - "name": "divide", - "text": "count()/count(kql='github.state:dismissed')", - "type": "function" - } - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" + "title": "Open vs Resolved/Dismissed [GitHub Dependabot]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "w": 20, + "x": 28, + "y": 0 + }, + "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } } - }, - "title": "Alerts Found/Fixed Ratio [GitHub Dependabot]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "gridData": { - "h": 8, - "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "w": 14, - "x": 14, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "key": "github.state", + "negate": false, + "params": [ + "open" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "open" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" }, - "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "type": "lens", - "version": "8.3.0" + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cbc5557e-f6b9-4140-90b2-3100f33083c4": { - "columnOrder": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc", - "4525c4ae-5f82-4b4d-9867-48e4aba462fd" - ], - "columns": { - "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Open vs Resolved", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.state" - }, - "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "Open Alerts Count [GitHub Dependabot]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "w": 14, + "x": 0, + "y": 5 + }, + "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.54, - "groups": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc" - ], - "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", - "layerType": "data", - "legendDisplay": "show", - "legendPosition": "right", - "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "shape": "donut" - } + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" }, - "title": "Open vs Resolved/Dismissed [GitHub Dependabot]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "gridData": { - "h": 15, - "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "w": 20, - "x": 28, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" }, - "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "type": "lens", - "version": "8.3.0" + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", - "key": "github.state", - "negate": false, - "params": [ - "open" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "open" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } - }, - "title": "Open Alerts Count [GitHub Dependabot]", - "visualizationType": "lnsMetric" + "title": "Resolved/Dismissed Alerts Count [GitHub Dependabot]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 5, + "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "w": 14, + "x": 0, + "y": 10 + }, + "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "006ef10a-8064-4e48-8ff1-413c550d6204", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "e33d2853-5b3d-4be9-9312-2d8da64d9523" + ], + "columns": { + "e33d2853-5b3d-4be9-9312-2d8da64d9523": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Mean time to resolve an alert", + "operationType": "average", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "event.duration" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "w": 14, - "x": 0, - "y": 5 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } }, - "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "type": "lens", - "version": "8.3.0" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "006ef10a-8064-4e48-8ff1-413c550d6204", + "key": "event.duration", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "event.duration" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" + "title": "Mean Time to Resolution [GitHub Dependabot]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "w": 14, + "x": 14, + "y": 8 + }, + "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "title": "Mean Time To Resolution [GitHub Dependabot]", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d3e8e716-b6e8-4db6-8948-87e49827aebb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "logs-*", - "name": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", - "type": "index-pattern" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count by repository", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } - }, - "title": "Resolved/Dismissed Alerts Count [GitHub Dependabot]", - "visualizationType": "lnsMetric" + "secondaryFields": [ + "github.repository.name" + ], + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d3e8e716-b6e8-4db6-8948-87e49827aebb", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "gridData": { - "h": 5, - "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "w": 14, - "x": 0, - "y": 10 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "type": "lens", - "version": "8.3.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" + "title": "Alerts count by owner and by repository [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "w": 25, + "x": 0, + "y": 15 + }, + "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top repositories contributing to alerts by owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - { - "id": "logs-*", - "name": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "006ef10a-8064-4e48-8ff1-413c550d6204", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "e33d2853-5b3d-4be9-9312-2d8da64d9523" - ], - "columns": { - "e33d2853-5b3d-4be9-9312-2d8da64d9523": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Mean time to resolve an alert", - "operationType": "average", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "event.duration" - } - }, - "incompleteColumns": {} - } - } - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "8cca4d83-a822-4b67-97cd-27649e1d7c68": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.repository.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "006ef10a-8064-4e48-8ff1-413c550d6204", - "key": "event.duration", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "event.duration" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" }, - "title": "Mean Time to Resolution [GitHub Dependabot]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 7, - "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "w": 14, - "x": 14, - "y": 8 - }, - "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "title": "Mean Time To Resolution [GitHub Dependabot]", - "type": "lens", - "version": "8.3.0" + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" + "title": "Aerts % by owner and by repository [GitHub Dependabot]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "w": 23, + "x": 25, + "y": 15 + }, + "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc66a292-57a3-4510-b6f8-681eeb768e10", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" }, - { - "id": "logs-*", - "name": "d3e8e716-b6e8-4db6-8948-87e49827aebb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count by repository", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "github.repository.name" - ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d3e8e716-b6e8-4db6-8948-87e49827aebb", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Alerts count by owner and by repository [GitHub Dependabot]", - "visualizationType": "lnsXY" + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "fc66a292-57a3-4510-b6f8-681eeb768e10", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 12, - "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "w": 25, - "x": 0, - "y": 15 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top repositories contributing to alerts by owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "8cca4d83-a822-4b67-97cd-27649e1d7c68": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.repository.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Aerts % by owner and by repository [GitHub Dependabot]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "yConfig": [ + { + "axisMode": "auto", + "color": "#b9a888", + "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false }, - "gridData": { - "h": 12, - "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "w": 23, - "x": 25, - "y": 15 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "type": "lens", - "version": "8.3.0" + "valueLabels": "show" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fc66a292-57a3-4510-b6f8-681eeb768e10", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Alert Severity Count [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "9653b170-7606-461f-9ac4-bf58547f30db", + "w": 14, + "x": 0, + "y": 27 + }, + "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d7218e2e-18ae-4710-8364-1a4cbfee519c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "fc66a292-57a3-4510-b6f8-681eeb768e10", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "yConfig": [ - { - "axisMode": "auto", - "color": "#b9a888", - "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "show" - } - }, - "title": "Alert Severity Count [GitHub Dependabot]", - "visualizationType": "lnsXY" + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d7218e2e-18ae-4710-8364-1a4cbfee519c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "9653b170-7606-461f-9ac4-bf58547f30db", - "w": 14, - "x": 0, - "y": 27 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "default", + "type": "palette" }, - "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", - "type": "lens", - "version": "8.3.0" + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d7218e2e-18ae-4710-8364-1a4cbfee519c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Alert Severity % [GitHub Dependabot]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "563a073c-7de0-4095-b0ac-127caed562f2", + "w": 11, + "x": 14, + "y": 27 + }, + "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1f3f8544-c39b-4384-985e-d45107d279fb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "00866684-5176-499e-9517-eff9e9102155", + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "00866684-5176-499e-9517-eff9e9102155": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d7218e2e-18ae-4710-8364-1a4cbfee519c", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "shape": "donut" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" }, - "title": "Alert Severity % [GitHub Dependabot]", - "visualizationType": "lnsPie" + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "d" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1f3f8544-c39b-4384-985e-d45107d279fb", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "563a073c-7de0-4095-b0ac-127caed562f2", - "w": 11, - "x": 14, - "y": 27 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1f3f8544-c39b-4384-985e-d45107d279fb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "00866684-5176-499e-9517-eff9e9102155", - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "00866684-5176-499e-9517-eff9e9102155": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - }, - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": false, - "interval": "d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1f3f8544-c39b-4384-985e-d45107d279fb", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Daily Alerts Count by Severity [GitHub Dependabot]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right" }, - "gridData": { - "h": 13, - "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "w": 23, - "x": 25, - "y": 27 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "type": "lens", - "version": "8.3.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17dc082e-1cb5-4483-901a-9c220d911bac": { - "columnOrder": [ - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "columns": { - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top files responsible for alerts", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.dependabot.vulnerable_manifest_path" - }, - "b907d8f2-1395-4737-a7db-25bd080be94d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Daily Alerts Count by Severity [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "w": 23, + "x": 25, + "y": 27 + }, + "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17dc082e-1cb5-4483-901a-9c220d911bac": { + "columnOrder": [ + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "columns": { + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top files responsible for alerts", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" - } - ], - "legend": { - "isInside": false, - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.dependabot.vulnerable_manifest_path" }, - "title": "Top files [GitHub Dependabot]", - "visualizationType": "lnsXY" + "b907d8f2-1395-4737-a7db-25bd080be94d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "41578b87-d820-42df-92d5-69af2643d793", - "w": 36, - "x": 0, - "y": 40 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", - "type": "lens", - "version": "8.3.0" + "layers": [ + { + "accessors": [ + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" + } + ], + "legend": { + "isInside": false, + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2321cd3f-039b-44be-90a5-03028195d49e": { - "columnOrder": [ - "37a962c0-4797-484d-b2e6-00a280b3edc2", - "871b560f-f208-41a2-978b-b97664f99807" - ], - "columns": { - "37a962c0-4797-484d-b2e6-00a280b3edc2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "871b560f-f208-41a2-978b-b97664f99807", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.dependabot.dismisser.login" - }, - "871b560f-f208-41a2-978b-b97664f99807": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Top files [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "41578b87-d820-42df-92d5-69af2643d793", + "w": 36, + "x": 0, + "y": 40 + }, + "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2321cd3f-039b-44be-90a5-03028195d49e": { + "columnOrder": [ + "37a962c0-4797-484d-b2e6-00a280b3edc2", + "871b560f-f208-41a2-978b-b97664f99807" + ], + "columns": { + "37a962c0-4797-484d-b2e6-00a280b3edc2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "871b560f-f208-41a2-978b-b97664f99807", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "871b560f-f208-41a2-978b-b97664f99807" - ], - "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.dependabot.dismisser.login" }, - "title": "Top users dismissing alerts [GitHub Dependabot]", - "visualizationType": "lnsXY" + "871b560f-f208-41a2-978b-b97664f99807": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "w": 12, - "x": 36, - "y": 40 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "type": "lens", - "version": "8.3.0" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "871b560f-f208-41a2-978b-b97664f99807" + ], + "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "349014a7-1097-4c4b-9805-13b39d46d0bd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ebd4f001-671a-4772-a2c4-b07f94e34845": { - "columnOrder": [ - "fc40a758-e2ae-45db-88c1-439660cb7f66", - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "columns": { - "5caf7916-eab1-42d2-b591-41039ee8ed72": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "fc40a758-e2ae-45db-88c1-439660cb7f66": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "349014a7-1097-4c4b-9805-13b39d46d0bd", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "title": "Top users dismissing alerts [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "w": 12, + "x": 36, + "y": 40 + }, + "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "349014a7-1097-4c4b-9805-13b39d46d0bd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ebd4f001-671a-4772-a2c4-b07f94e34845": { + "columnOrder": [ + "fc40a758-e2ae-45db-88c1-439660cb7f66", + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "columns": { + "5caf7916-eab1-42d2-b591-41039ee8ed72": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "Events Timeline [GitHub Dependabot]", - "visualizationType": "lnsXY" + "fc40a758-e2ae-45db-88c1-439660cb7f66": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "349014a7-1097-4c4b-9805-13b39d46d0bd", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "12673c47-9148-47a4-a8ab-07a7f06304c7", - "w": 48, - "x": 0, - "y": 55 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "12673c47-9148-47a4-a8ab-07a7f06304c7", - "type": "lens", - "version": "8.3.0" - } - ], - "timeRestore": false, - "title": "[GitHub] Dependabot Alerts", - "version": 1 - }, - "coreMigrationVersion": "8.4.1", - "id": "github-6197be80-220c-11ed-88c4-e3caca48250a", - "migrationVersion": { - "dashboard": "8.4.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:960abe90-416f-4075-aaef-2cc0a3af1707", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:17e2088a-3bc2-4868-bc76-7cf83644301c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:ba32e691-eaea-469b-8dd5-3aeb2fbc2cd7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:dd40a269-9585-4d63-ad58-7a70f2bf3cfc", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:0922f2e7-6ee9-45a2-baa6-42dde24c181d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:6ff40899-6691-449c-afa9-e266b9f272f6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:351f20af-163e-47d3-831f-f02b469287b3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:a9c37a5a-574a-411d-9420-2e53045288f3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_2132f9ab-9cce-423a-beed-e02e6d4d5ed9:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_2f1b6c0b-96fc-479a-b7ef-145c84df585e:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_91415c25-696a-4928-92e3-2c578e14c7a3:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_a1e7b5ed-b636-4db8-87e1-779863061f45:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:85aacdea-d37b-4e6a-ae32-81077ddccb60", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:a849fd8c-6f48-4f51-9f6f-ab6e7862171c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:bbb4d277-741b-49c1-bc79-77a6ee15e94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:7196f033-fe4d-41cb-b3c7-4c45300d6a68", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:8977fa6e-37e6-4a2b-a032-d181646ef8cf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:006ef10a-8064-4e48-8ff1-413c550d6204", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:d3e8e716-b6e8-4db6-8948-87e49827aebb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:badbb3b4-d90f-44b5-bf22-2e47716a3e09", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:fc66a292-57a3-4510-b6f8-681eeb768e10", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:d7218e2e-18ae-4710-8364-1a4cbfee519c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:1f3f8544-c39b-4384-985e-d45107d279fb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:09303186-e13c-4afb-b6f1-bf3eeb7d1423", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:2074f8e1-7a11-4232-9ac4-09bfe773beb8", - "type": "index-pattern" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Events Timeline [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "12673c47-9148-47a4-a8ab-07a7f06304c7", + "w": 48, + "x": 0, + "y": 55 }, - { - "id": "logs-*", - "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:349014a7-1097-4c4b-9805-13b39d46d0bd", - "type": "index-pattern" - } + "panelIndex": "12673c47-9148-47a4-a8ab-07a7f06304c7", + "type": "lens", + "version": "8.3.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[GitHub] Dependabot Alerts", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:960abe90-416f-4075-aaef-2cc0a3af1707", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:17e2088a-3bc2-4868-bc76-7cf83644301c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:ba32e691-eaea-469b-8dd5-3aeb2fbc2cd7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:dd40a269-9585-4d63-ad58-7a70f2bf3cfc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:0922f2e7-6ee9-45a2-baa6-42dde24c181d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:6ff40899-6691-449c-afa9-e266b9f272f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:351f20af-163e-47d3-831f-f02b469287b3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:a9c37a5a-574a-411d-9420-2e53045288f3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_2132f9ab-9cce-423a-beed-e02e6d4d5ed9:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_2f1b6c0b-96fc-479a-b7ef-145c84df585e:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_91415c25-696a-4928-92e3-2c578e14c7a3:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_a1e7b5ed-b636-4db8-87e1-779863061f45:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:85aacdea-d37b-4e6a-ae32-81077ddccb60", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:006ef10a-8064-4e48-8ff1-413c550d6204", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:d3e8e716-b6e8-4db6-8948-87e49827aebb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:fc66a292-57a3-4510-b6f8-681eeb768e10", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:d7218e2e-18ae-4710-8364-1a4cbfee519c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:1f3f8544-c39b-4384-985e-d45107d279fb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:349014a7-1097-4c4b-9805-13b39d46d0bd", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.4.0" + }, + "coreMigrationVersion": "8.4.1" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json b/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json index d41423c1065..fb98eff47b5 100644 --- a/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json +++ b/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json @@ -1,1909 +1,1914 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/ Organization\",\"id\":\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\",\"enhancements\":{},\"selectedOptions\":[]}},\"05d7ed66-221a-437a-9e07-5094ce9d57e0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"05d7ed66-221a-437a-9e07-5094ce9d57e0\",\"enhancements\":{}}},\"b1a338bb-89af-425e-91eb-1c8a32641422\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"b1a338bb-89af-425e-91eb-1c8a32641422\",\"selectedOptions\":[],\"enhancements\":{}}},\"5c430006-8043-4e34-96dd-34b596dcba61\":{\"order\":4,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"5c430006-8043-4e34-96dd-34b596dcba61\",\"enhancements\":{},\"selectedOptions\":[]}},\"81297eab-88c0-477b-8132-39cbb430b6c7\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Alert Type\",\"id\":\"81297eab-88c0-477b-8132-39cbb430b6c7\",\"selectedOptions\":[],\"enhancements\":{}}}}" - }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" + "id": "github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:22:26.869Z", + "version": "WzY4NiwxXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/ Organization\",\"id\":\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\",\"enhancements\":{},\"selectedOptions\":[]}},\"05d7ed66-221a-437a-9e07-5094ce9d57e0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"05d7ed66-221a-437a-9e07-5094ce9d57e0\",\"enhancements\":{}}},\"b1a338bb-89af-425e-91eb-1c8a32641422\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"b1a338bb-89af-425e-91eb-1c8a32641422\",\"selectedOptions\":[],\"enhancements\":{}}},\"5c430006-8043-4e34-96dd-34b596dcba61\":{\"order\":4,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"5c430006-8043-4e34-96dd-34b596dcba61\",\"enhancements\":{},\"selectedOptions\":[]}},\"81297eab-88c0-477b-8132-39cbb430b6c7\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Alert Type\",\"id\":\"81297eab-88c0-477b-8132-39cbb430b6c7\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efd3c729-3f58-4e1f-b05f-4178051021ee", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "efd3c729-3f58-4e1f-b05f-4178051021ee", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } } - } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } + }, + "title": "Total Alerts Count [GitHub Advanced Security]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", + "w": 14, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "efd3c729-3f58-4e1f-b05f-4178051021ee", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, + "panelIndex": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "68c402d4-a28c-4161-9f6c-663cd4930df6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e125b149-a8ea-47b7-914c-508a7972c074": { + "columnOrder": [ + "25824925-c28e-4f16-b354-5e6e25ecea6a", + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "columns": { + "25824925-c28e-4f16-b354-5e6e25ecea6a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "efd3c729-3f58-4e1f-b05f-4178051021ee", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } + { + "input": { + "language": "kuery", + "query": "github.severity : \"critical\" " + }, + "label": "Critical" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"high\" " + }, + "label": "High" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"medium\" " + }, + "label": "Medium" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"low\"" + }, + "label": "Low" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"undefined\" " + }, + "label": "Undefined" + } + ] + }, + "scale": "ordinal" }, - "title": "Total Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "68c402d4-a28c-4161-9f6c-663cd4930df6", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "25824925-c28e-4f16-b354-5e6e25ecea6a", + "yConfig": [ + { + "color": "#ca8eae", + "forAccessor": "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 5, - "i": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", - "w": 14, - "x": 0, - "y": 0 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", - "type": "lens", - "version": "8.3.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "68c402d4-a28c-4161-9f6c-663cd4930df6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e125b149-a8ea-47b7-914c-508a7972c074": { - "columnOrder": [ - "25824925-c28e-4f16-b354-5e6e25ecea6a", - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "columns": { - "25824925-c28e-4f16-b354-5e6e25ecea6a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "github.severity : \"critical\" " - }, - "label": "Critical" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"high\" " - }, - "label": "High" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"medium\" " - }, - "label": "Medium" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"low\"" - }, - "label": "Low" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"undefined\" " - }, - "label": "Undefined" - } - ] - }, - "scale": "ordinal" - }, - "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, + "title": "Open Alerts Count by Severity [GitHub Advanced Security]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "84209174-8b73-47ed-9324-45e7713370d0", + "w": 16, + "x": 14, + "y": 0 + }, + "panelIndex": "84209174-8b73-47ed-9324-45e7713370d0", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "408457e7-219e-4fb4-9352-7dc82c8d514c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e125b149-a8ea-47b7-914c-508a7972c074": { + "columnOrder": [ + "25824925-c28e-4f16-b354-5e6e25ecea6a", + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "columns": { + "25824925-c28e-4f16-b354-5e6e25ecea6a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "68c402d4-a28c-4161-9f6c-663cd4930df6", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + { + "input": { + "language": "kuery", + "query": "github.severity : \"critical\" " }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "label": "Critical" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"high\" " }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "label": "High" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"medium\" " }, - "layers": [ - { - "accessors": [ - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "25824925-c28e-4f16-b354-5e6e25ecea6a", - "yConfig": [ - { - "color": "#ca8eae", - "forAccessor": "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" + "label": "Medium" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"low\"" }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "label": "Low" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"undefined\" " }, - "valueLabels": "hide" - } + "label": "Undefined" + } + ] + }, + "scale": "ordinal" }, - "title": "Open Alerts Count by Severity [GitHub Advanced Security]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "84209174-8b73-47ed-9324-45e7713370d0", - "w": 16, - "x": 14, - "y": 0 + "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "408457e7-219e-4fb4-9352-7dc82c8d514c", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "25824925-c28e-4f16-b354-5e6e25ecea6a" + ], + "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", + "layerType": "data", + "legendDisplay": "show", + "metric": "aaa67d72-aba4-4af4-a4f5-66e37fffed84", + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 1 + } + ], + "palette": { + "name": "default", + "type": "palette" }, - "panelIndex": "84209174-8b73-47ed-9324-45e7713370d0", - "type": "lens", - "version": "8.3.0" + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "408457e7-219e-4fb4-9352-7dc82c8d514c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e125b149-a8ea-47b7-914c-508a7972c074": { - "columnOrder": [ - "25824925-c28e-4f16-b354-5e6e25ecea6a", - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "columns": { - "25824925-c28e-4f16-b354-5e6e25ecea6a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "github.severity : \"critical\" " - }, - "label": "Critical" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"high\" " - }, - "label": "High" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"medium\" " - }, - "label": "Medium" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"low\"" - }, - "label": "Low" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"undefined\" " - }, - "label": "Undefined" - } - ] - }, - "scale": "ordinal" - }, - "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "408457e7-219e-4fb4-9352-7dc82c8d514c", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "25824925-c28e-4f16-b354-5e6e25ecea6a" - ], - "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", - "layerType": "data", - "legendDisplay": "show", - "metric": "aaa67d72-aba4-4af4-a4f5-66e37fffed84", - "nestedLegend": false, - "numberDisplay": "percent", - "percentDecimals": 1 - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "shape": "donut" + "title": "Open Alerts % by Severity [GitHub Advanced Security]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", + "w": 18, + "x": 30, + "y": 0 + }, + "panelIndex": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ab223632-68bc-4417-a2d3-0c3cd145a537", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8676bd1a-86f1-4fac-ab02-6c382be33410", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } } + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ab223632-68bc-4417-a2d3-0c3cd145a537", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } }, - "title": "Open Alerts % by Severity [GitHub Advanced Security]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "gridData": { - "h": 15, - "i": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", - "w": 18, - "x": 30, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8676bd1a-86f1-4fac-ab02-6c382be33410", + "key": "github.state", + "negate": false, + "params": [ + "open" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "open" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" }, - "panelIndex": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", - "type": "lens", - "version": "8.3.0" + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ab223632-68bc-4417-a2d3-0c3cd145a537", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8676bd1a-86f1-4fac-ab02-6c382be33410", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ab223632-68bc-4417-a2d3-0c3cd145a537", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8676bd1a-86f1-4fac-ab02-6c382be33410", - "key": "github.state", - "negate": false, - "params": [ - "open" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "open" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "Open Alerts Count [GitHub Advanced Security]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "c5e57455-3945-4457-973f-7b6a1e5579d8", + "w": 14, + "x": 0, + "y": 5 + }, + "panelIndex": "c5e57455-3945-4457-973f-7b6a1e5579d8", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "45e7ae11-a8b3-4f60-a280-de442326d1ec", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0753d483-b32c-441f-87dc-bb862221e11c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" }, - "title": "Open Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "45e7ae11-a8b3-4f60-a280-de442326d1ec", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "gridData": { - "h": 5, - "i": "c5e57455-3945-4457-973f-7b6a1e5579d8", - "w": 14, - "x": 0, - "y": 5 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "0753d483-b32c-441f-87dc-bb862221e11c", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" }, - "panelIndex": "c5e57455-3945-4457-973f-7b6a1e5579d8", - "type": "lens", - "version": "8.3.0" + "textAlign": "center" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" + "title": "Resolved/Dismissed Alerts Count [GitHub Advanced Security]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "c15d5d40-d18a-4960-8b6d-d47da3611f99", + "w": 14, + "x": 0, + "y": 10 + }, + "panelIndex": "c15d5d40-d18a-4960-8b6d-d47da3611f99", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3e44335-794f-455e-9e40-c22201daaa1c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "logs-*", - "name": "45e7ae11-a8b3-4f60-a280-de442326d1ec", - "type": "index-pattern" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "0753d483-b32c-441f-87dc-bb862221e11c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count by repository", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "45e7ae11-a8b3-4f60-a280-de442326d1ec", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "0753d483-b32c-441f-87dc-bb862221e11c", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" - } + "secondaryFields": [ + "github.repository.name" + ], + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } }, - "title": "Resolved/Dismissed Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsMetric" + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a3e44335-794f-455e-9e40-c22201daaa1c", + "key": "github.state", + "negate": false, + "params": { + "query": "open" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 5, - "i": "c15d5d40-d18a-4960-8b6d-d47da3611f99", - "w": 14, - "x": 0, - "y": 10 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "c15d5d40-d18a-4960-8b6d-d47da3611f99", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3e44335-794f-455e-9e40-c22201daaa1c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count by repository", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "github.repository.name" - ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a3e44335-794f-455e-9e40-c22201daaa1c", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Open Alerts count by owner and by repository [GitHub Advanced Security]", - "visualizationType": "lnsXY" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" }, - "enhancements": {} + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "gridData": { - "h": 15, - "i": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", - "w": 24, - "x": 0, - "y": 15 + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", - "type": "lens", - "version": "8.3.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" + "title": "Open Alerts count by owner and by repository [GitHub Advanced Security]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "e0343042-35ac-4a43-9fe5-639da6a8ee6e", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - { - "id": "logs-*", - "name": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "e0343042-35ac-4a43-9fe5-639da6a8ee6e", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "e0343042-35ac-4a43-9fe5-639da6a8ee6e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Repository", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - } - }, - "incompleteColumns": {} - } - } - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "e0343042-35ac-4a43-9fe5-639da6a8ee6e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Repository", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "e0343042-35ac-4a43-9fe5-639da6a8ee6e" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } }, - "title": "Open Alerts % by owner and by repository [GitHub Advanced Security]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", - "w": 24, - "x": 24, - "y": 15 + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "panelIndex": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", - "type": "lens", - "version": "8.3.0" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "e0343042-35ac-4a43-9fe5-639da6a8ee6e" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bbb675c9-c535-483e-9337-69a2a81eb2da", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "288f00c3-3a7a-4b8a-bb49-75818491a337", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a1e90df6-e435-44e9-b298-d77ce349f33b": { - "columnOrder": [ - "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", - "155686d5-4e87-48a3-b7d2-540deed5a270" - ], - "columns": { - "155686d5-4e87-48a3-b7d2-540deed5a270": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Alert Type", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.code_scanning\" " - }, - "label": "Code Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.secret_scanning\" " - }, - "label": "Secret Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.dependabot\" " - }, - "label": "Dependabot" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, + "title": "Open Alerts % by owner and by repository [GitHub Advanced Security]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bbb675c9-c535-483e-9337-69a2a81eb2da", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "288f00c3-3a7a-4b8a-bb49-75818491a337", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a1e90df6-e435-44e9-b298-d77ce349f33b": { + "columnOrder": [ + "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", + "155686d5-4e87-48a3-b7d2-540deed5a270" + ], + "columns": { + "155686d5-4e87-48a3-b7d2-540deed5a270": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Alert Type", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "bbb675c9-c535-483e-9337-69a2a81eb2da", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.code_scanning\" " }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "288f00c3-3a7a-4b8a-bb49-75818491a337", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "155686d5-4e87-48a3-b7d2-540deed5a270" - ], - "layerId": "a1e90df6-e435-44e9-b298-d77ce349f33b", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", - "yConfig": [ - { - "color": "#e9b78b", - "forAccessor": "155686d5-4e87-48a3-b7d2-540deed5a270" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" + "label": "Code Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.secret_scanning\" " }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide" - } + "label": "Secret Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.dependabot\" " + }, + "label": "Dependabot" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "bbb675c9-c535-483e-9337-69a2a81eb2da", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } }, - "title": "Open Alerts by Type [GitHub Advanced Security]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "gridData": { - "h": 15, - "i": "54ab8e3f-ba53-4cf0-8769-745688302f45", - "w": 24, - "x": 0, - "y": 30 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "288f00c3-3a7a-4b8a-bb49-75818491a337", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "155686d5-4e87-48a3-b7d2-540deed5a270" + ], + "layerId": "a1e90df6-e435-44e9-b298-d77ce349f33b", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", + "yConfig": [ + { + "color": "#e9b78b", + "forAccessor": "155686d5-4e87-48a3-b7d2-540deed5a270" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "54ab8e3f-ba53-4cf0-8769-745688302f45", - "type": "lens", - "version": "8.3.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "34b1f197-92c5-4838-ae73-3ba9e9260015", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.code_scanning\" " - }, - "label": "Code Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.secret_scanning\" " - }, - "label": "Secret Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.dependabot\" " - }, - "label": "Dependabot" - } - ] - }, - "scale": "ordinal" - }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, + "title": "Open Alerts by Type [GitHub Advanced Security]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "54ab8e3f-ba53-4cf0-8769-745688302f45", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "54ab8e3f-ba53-4cf0-8769-745688302f45", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "34b1f197-92c5-4838-ae73-3ba9e9260015", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "34b1f197-92c5-4838-ae73-3ba9e9260015", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.code_scanning\" " }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 5, - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent", - "percentDecimals": 1 - } - ], - "shape": "donut" - } + "label": "Code Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.secret_scanning\" " + }, + "label": "Secret Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.dependabot\" " + }, + "label": "Dependabot" + } + ] + }, + "scale": "ordinal" }, - "title": "Open Alerts % by Type [GitHub Advanced Security]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", - "w": 24, - "x": 24, - "y": 30 + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "34b1f197-92c5-4838-ae73-3ba9e9260015", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "panelIndex": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", - "type": "lens", - "version": "8.3.0" - } - ], - "timeRestore": false, - "title": "[GitHub] Advanced Security Overview", - "version": 1 - }, - "coreMigrationVersion": "8.4.1", - "id": "github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c", - "migrationVersion": { - "dashboard": "8.4.0" - }, - "references": [ - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:7593b627-5a3f-46a0-a8f9-33e6b6acc9a5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:3aea78d1-4e8f-47cb-a54b-11acf0506c06", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_b1a338bb-89af-425e-91eb-1c8a32641422:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_5c430006-8043-4e34-96dd-34b596dcba61:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:efd3c729-3f58-4e1f-b05f-4178051021ee", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "84209174-8b73-47ed-9324-45e7713370d0:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "84209174-8b73-47ed-9324-45e7713370d0:68c402d4-a28c-4161-9f6c-663cd4930df6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:408457e7-219e-4fb4-9352-7dc82c8d514c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:ab223632-68bc-4417-a2d3-0c3cd145a537", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:8676bd1a-86f1-4fac-ab02-6c382be33410", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:45e7ae11-a8b3-4f60-a280-de442326d1ec", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:0753d483-b32c-441f-87dc-bb862221e11c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:a3e44335-794f-455e-9e40-c22201daaa1c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:69dd980b-29ae-4a8c-b2e9-f4566786f5d3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:bbb675c9-c535-483e-9337-69a2a81eb2da", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:288f00c3-3a7a-4b8a-bb49-75818491a337", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 5, + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 1 + } + ], + "shape": "donut" + } + }, + "title": "Open Alerts % by Type [GitHub Advanced Security]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:34b1f197-92c5-4838-ae73-3ba9e9260015", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", - "type": "index-pattern" - } + "panelIndex": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", + "type": "lens", + "version": "8.3.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[GitHub] Advanced Security Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:7593b627-5a3f-46a0-a8f9-33e6b6acc9a5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:3aea78d1-4e8f-47cb-a54b-11acf0506c06", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_b1a338bb-89af-425e-91eb-1c8a32641422:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_5c430006-8043-4e34-96dd-34b596dcba61:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:efd3c729-3f58-4e1f-b05f-4178051021ee", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84209174-8b73-47ed-9324-45e7713370d0:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84209174-8b73-47ed-9324-45e7713370d0:68c402d4-a28c-4161-9f6c-663cd4930df6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:408457e7-219e-4fb4-9352-7dc82c8d514c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:ab223632-68bc-4417-a2d3-0c3cd145a537", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:8676bd1a-86f1-4fac-ab02-6c382be33410", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:45e7ae11-a8b3-4f60-a280-de442326d1ec", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:0753d483-b32c-441f-87dc-bb862221e11c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:656c4d05-b350-45a5-aa87-f83fbdbf2f26", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:a3e44335-794f-455e-9e40-c22201daaa1c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:e8ef33ad-82e2-4282-ae42-1ee5b478bde8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:bbb675c9-c535-483e-9337-69a2a81eb2da", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:288f00c3-3a7a-4b8a-bb49-75818491a337", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:34b1f197-92c5-4838-ae73-3ba9e9260015", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.4.0" + }, + "coreMigrationVersion": "8.4.1" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json b/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json index eee16a0936f..cc605803e22 100644 --- a/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json +++ b/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json @@ -1,480 +1,480 @@ { - "id": "github-8bfd8310-205c-11ec-8b10-11a4c5e322a0", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-09-06T09:28:45.116Z", - "version": "WzM3NzQsMV0=", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "id": "github-8bfd8310-205c-11ec-8b10-11a4c5e322a0", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:22:26.869Z", + "version": "WzY4NywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 7, + "i": "af01806a-78b1-4068-8d69-fa2ca952f365", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 7, - "i": "af01806a-78b1-4068-8d69-fa2ca952f365", - "w": 48, - "x": 0, - "y": 0 + "panelIndex": "af01806a-78b1-4068-8d69-fa2ca952f365", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Controls Audit [GitHub]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "github.org", + "id": "1632831213212", + "indexPatternRefName": "control_0_index_pattern", + "label": "Organization", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "af01806a-78b1-4068-8d69-fa2ca952f365", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Controls Audit [GitHub]", - "description": "", - "uiState": {}, - "params": { - "controls": [ - { - "fieldName": "github.org", - "id": "1632831213212", - "indexPatternRefName": "control_0_index_pattern", - "label": "Organization", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "github.repo", - "id": "1632831234336", - "indexPatternRefName": "control_1_index_pattern", - "label": "Repository", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.name", - "id": "1632872599896", - "indexPatternRefName": "control_2_index_pattern", - "label": "Actor", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.target.name", - "id": "1632872564349", - "indexPatternRefName": "control_3_index_pattern", - "label": "Users", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "event.action", - "id": "1632874177516", - "indexPatternRefName": "control_4_index_pattern", - "label": "Action", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "type": "input_control_vis", - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "fieldName": "github.repo", + "id": "1632831234336", + "indexPatternRefName": "control_1_index_pattern", + "label": "Repository", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.name", + "id": "1632872599896", + "indexPatternRefName": "control_2_index_pattern", + "label": "Actor", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.target.name", + "id": "1632872564349", + "indexPatternRefName": "control_3_index_pattern", + "label": "Users", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "event.action", + "id": "1632874177516", + "indexPatternRefName": "control_4_index_pattern", + "label": "Action", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 15, - "i": "7d42442c-83c9-420d-8ef4-883eeb150687", - "w": 24, - "x": 0, - "y": 7 - }, - "panelIndex": "7d42442c-83c9-420d-8ef4-883eeb150687", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.audit" + }, + "type": "phrase" }, - "savedVis": { - "title": "User Changes [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 0, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "value" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie", - "legendDisplay": "hide", - "legendSize": "auto" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } + "query": { + "match_phrase": { + "data_stream.dataset": "github.audit" + } } + } + ], + "query": { + "language": "kuery", + "query": "" } + } + } + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "7d42442c-83c9-420d-8ef4-883eeb150687", + "w": 24, + "x": 0, + "y": 7 + }, + "panelIndex": "7d42442c-83c9-420d-8ef4-883eeb150687", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "User Changes [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 0, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "value" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie", + "legendDisplay": "hide", + "legendSize": "auto" }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 15, - "i": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", - "w": 24, - "x": 24, - "y": 7 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "User Change Timeline [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "legendSize": "auto" - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-18M", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "1w" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", + "w": 24, + "x": 24, + "y": 7 + }, + "panelIndex": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Change Timeline [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" } + ], + "legendSize": "auto" }, - { - "version": "7.16.0", - "type": "search", - "gridData": { - "h": 15, - "i": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", - "w": 48, - "x": 0, - "y": 22 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-18M", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "1w" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelRefName": "panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[GitHub] User Change Audit", - "version": 1 - }, - "references": [ - { - "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0", - "name": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464:panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464", - "type": "search" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_1_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_2_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_3_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_4_index_pattern", - "id": "logs-*" + } + } + }, + { + "version": "7.16.0", + "type": "search", + "gridData": { + "h": 15, + "i": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", + "w": 48, + "x": 0, + "y": 22 }, - { - "type": "search", - "name": "7d42442c-83c9-420d-8ef4-883eeb150687:search_0", - "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" + "panelIndex": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", + "embeddableConfig": { + "enhancements": {} }, - { - "type": "search", - "name": "76db3a0d-7562-4436-acd5-3cbfd4f6d044:search_0", - "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" - } + "panelRefName": "panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464" + } ], - "migrationVersion": { - "dashboard": "8.4.0" + "timeRestore": false, + "title": "[GitHub] User Change Audit", + "version": 1 + }, + "references": [ + { + "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0", + "name": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464:panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464", + "type": "search" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "7d42442c-83c9-420d-8ef4-883eeb150687:search_0", + "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" }, - "coreMigrationVersion": "8.4.1" + { + "type": "search", + "name": "76db3a0d-7562-4436-acd5-3cbfd4f6d044:search_0", + "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" + } + ], + "migrationVersion": { + "dashboard": "8.4.0" + }, + "coreMigrationVersion": "8.4.1" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json b/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json index c0981d3916e..41c4f4be968 100644 --- a/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json +++ b/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json @@ -1,1021 +1,1021 @@ { - "id": "github-dcee84c0-2059-11ec-8b10-11a4c5e322a0", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-09-06T09:28:45.116Z", - "version": "WzM3NzUsMV0=", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "id": "github-dcee84c0-2059-11ec-8b10-11a4c5e322a0", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:22:26.869Z", + "version": "WzY4OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 7, + "i": "63210180-c999-4d93-8d7a-f2fcb810ad1b", + "w": 41, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 7, - "i": "63210180-c999-4d93-8d7a-f2fcb810ad1b", - "w": 41, - "x": 0, - "y": 0 + "panelIndex": "63210180-c999-4d93-8d7a-f2fcb810ad1b", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Controls Audit [GitHub]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "github.org", + "id": "1632831213212", + "indexPatternRefName": "control_0_index_pattern", + "label": "Organization", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "63210180-c999-4d93-8d7a-f2fcb810ad1b", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Controls Audit [GitHub]", - "description": "", - "uiState": {}, - "params": { - "controls": [ - { - "fieldName": "github.org", - "id": "1632831213212", - "indexPatternRefName": "control_0_index_pattern", - "label": "Organization", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "github.repo", - "id": "1632831234336", - "indexPatternRefName": "control_1_index_pattern", - "label": "Repository", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.name", - "id": "1632872599896", - "indexPatternRefName": "control_2_index_pattern", - "label": "Actor", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.target.name", - "id": "1632872564349", - "indexPatternRefName": "control_3_index_pattern", - "label": "Users", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "event.action", - "id": "1632874177516", - "indexPatternRefName": "control_4_index_pattern", - "label": "Action", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "type": "input_control_vis", - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 7, - "i": "b37e0c71-2cc3-4895-b839-383ce53561a8", - "w": 7, - "x": 41, - "y": 0 + { + "fieldName": "github.repo", + "id": "1632831234336", + "indexPatternRefName": "control_1_index_pattern", + "label": "Repository", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "b37e0c71-2cc3-4895-b839-383ce53561a8", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Total Events [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": " " - }, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 19, - "i": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", - "w": 48, - "x": 0, - "y": 7 + { + "fieldName": "user.name", + "id": "1632872599896", + "indexPatternRefName": "control_2_index_pattern", + "label": "Actor", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events over time [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "legendSize": "auto" - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-18M", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "1w" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "fieldName": "user.target.name", + "id": "1632872564349", + "indexPatternRefName": "control_3_index_pattern", + "label": "Users", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "event.action", + "id": "1632874177516", + "indexPatternRefName": "control_4_index_pattern", + "label": "Action", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "version": "8.4.0", - "type": "map", - "gridData": { - "h": 18, - "i": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", - "w": 37, - "x": 0, - "y": 26 - }, - "panelIndex": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", - "embeddableConfig": { - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 360, - "minLat": -85.05113, - "minLon": -540 + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" }, - "mapCenter": { - "lat": 27.08856, - "lon": -30.5613, - "zoom": 1 + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.audit" + }, + "type": "phrase" }, - "openTOCDetails": [], - "attributes": { - "title": "Activity Map by Actor Location [GitHub]", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"center\":{\"lat\":0,\"lon\":-29.82486},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-18M\",\"to\":\"now\"},\"zoom\":0.56}", - "layerListJSON": "[{\"alpha\":0.75,\"id\":\"a427cb7d-077b-4c8a-8741-74f8f03283e2\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#6092C0\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#4379aa\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a0ea096b-e0eb-43dd-8f75-c0d8c0e4ac9a\",\"includeInFitToBounds\":true,\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"id\":\"167d9148-ad58-4fa1-99eb-c3e75fc75f96\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\",\"indexPatternTitle\":\"logs-*\",\"term\":\"client.geo.country_iso_code\",\"type\":\"ES_TERM_SOURCE\"}}],\"label\":\"Events by Country\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" + "query": { + "match_phrase": { + "data_stream.dataset": "github.audit" + } } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 7, + "i": "b37e0c71-2cc3-4895-b839-383ce53561a8", + "w": 7, + "x": 41, + "y": 0 + }, + "panelIndex": "b37e0c71-2cc3-4895-b839-383ce53561a8", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Events [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": " " + }, + "schema": "metric", + "type": "count" } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 19, + "i": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", + "w": 48, + "x": 0, + "y": 7 + }, + "panelIndex": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events over time [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 18, - "i": "0c469087-fb3f-46d3-8962-c49d2e50f70c", - "w": 11, - "x": 37, - "y": 26 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "0c469087-fb3f-46d3-8962-c49d2e50f70c", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-18M", + "to": "now" }, - "savedVis": { - "title": "Events per Organization [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "value" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie", - "legendDisplay": "hide", - "legendSize": "auto" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "github.org", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + "useNormalizedEsInterval": true, + "used_interval": "1w" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" } + } + } + } + } + }, + { + "version": "8.4.0", + "type": "map", + "gridData": { + "h": 18, + "i": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", + "w": 37, + "x": 0, + "y": 26 + }, + "panelIndex": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", + "embeddableConfig": { + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 360, + "minLat": -85.05113, + "minLon": -540 + }, + "mapCenter": { + "lat": 27.08856, + "lon": -30.5613, + "zoom": 1 + }, + "openTOCDetails": [], + "attributes": { + "title": "Activity Map by Actor Location [GitHub]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":0,\"lon\":-29.82486},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-18M\",\"to\":\"now\"},\"zoom\":0.56}", + "layerListJSON": "[{\"alpha\":0.75,\"id\":\"a427cb7d-077b-4c8a-8741-74f8f03283e2\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#6092C0\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#4379aa\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a0ea096b-e0eb-43dd-8f75-c0d8c0e4ac9a\",\"includeInFitToBounds\":true,\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"id\":\"167d9148-ad58-4fa1-99eb-c3e75fc75f96\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\",\"indexPatternTitle\":\"logs-*\",\"term\":\"client.geo.country_iso_code\",\"type\":\"ES_TERM_SOURCE\"}}],\"label\":\"Events by Country\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 18, + "i": "0c469087-fb3f-46d3-8962-c49d2e50f70c", + "w": 11, + "x": 37, + "y": 26 + }, + "panelIndex": "0c469087-fb3f-46d3-8962-c49d2e50f70c", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Events per Organization [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "value" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie", + "legendDisplay": "hide", + "legendSize": "auto" }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 19, - "i": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", - "w": 25, - "x": 0, - "y": 44 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Event Types [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "legendSize": "auto" - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "enabled": true, + "id": "2", + "params": { + "field": "github.org", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 19, + "i": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", + "w": 25, + "x": 0, + "y": 44 + }, + "panelIndex": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Event Types [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 19, - "i": "9ed1cfce-9337-4813-8df5-14a1280bb351", - "w": 23, - "x": 25, - "y": 44 + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "9ed1cfce-9337-4813-8df5-14a1280bb351", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Active Users [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "legendSize": "auto" - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 19, + "i": "9ed1cfce-9337-4813-8df5-14a1280bb351", + "w": 23, + "x": 25, + "y": 44 + }, + "panelIndex": "9ed1cfce-9337-4813-8df5-14a1280bb351", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Active Users [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" } + ], + "legendSize": "auto" }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 17, - "i": "d48a66a5-50e7-4cab-9b16-767bfa427860", - "w": 48, - "x": 0, - "y": 63 + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "d48a66a5-50e7-4cab-9b16-767bfa427860", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Active Repositories [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "legendSize": "auto" - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Repository", - "field": "github.repo", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" } + } } - ], - "timeRestore": false, - "title": "[GitHub] Audit Log Activity", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_1_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_2_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_3_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_4_index_pattern", - "id": "logs-*" - }, - { - "type": "search", - "name": "b37e0c71-2cc3-4895-b839-383ce53561a8:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "search", - "name": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "index-pattern", - "name": "88887e58-b192-4c9b-85c7-14d18a6c1c0d:layer_1_join_0_index_pattern", - "id": "logs-*" - }, - { - "type": "search", - "name": "0c469087-fb3f-46d3-8962-c49d2e50f70c:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "search", - "name": "108cd1b7-ce79-4558-ae38-5f1bb93961fe:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "search", - "name": "9ed1cfce-9337-4813-8df5-14a1280bb351:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + } + } + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "d48a66a5-50e7-4cab-9b16-767bfa427860", + "w": 48, + "x": 0, + "y": 63 }, - { - "type": "search", - "name": "d48a66a5-50e7-4cab-9b16-767bfa427860:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + "panelIndex": "d48a66a5-50e7-4cab-9b16-767bfa427860", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Active Repositories [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Repository", + "field": "github.repo", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } + } ], - "migrationVersion": { - "dashboard": "8.4.0" + "timeRestore": false, + "title": "[GitHub] Audit Log Activity", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "b37e0c71-2cc3-4895-b839-383ce53561a8:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "index-pattern", + "name": "88887e58-b192-4c9b-85c7-14d18a6c1c0d:layer_1_join_0_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "0c469087-fb3f-46d3-8962-c49d2e50f70c:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "108cd1b7-ce79-4558-ae38-5f1bb93961fe:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "9ed1cfce-9337-4813-8df5-14a1280bb351:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" }, - "coreMigrationVersion": "8.4.1" + { + "type": "search", + "name": "d48a66a5-50e7-4cab-9b16-767bfa427860:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + } + ], + "migrationVersion": { + "dashboard": "8.4.0" + }, + "coreMigrationVersion": "8.4.1" } \ No newline at end of file From 1316d8c75ef5f90435d61cc604da2ed2f69232f9 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 16:12:08 +0530 Subject: [PATCH 015/103] hashicorp_vault already inlined --- ...-1f321db0-f4b8-11eb-a89a-7378b1713db5.json | 1933 ++++++------- ...-64b51280-f4ad-11eb-a89a-7378b1713db5.json | 2561 +++++++++-------- 2 files changed, 2252 insertions(+), 2242 deletions(-) diff --git a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json index 19e96c0ba00..17bbb0b58db 100644 --- a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json +++ b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json @@ -1,996 +1,1001 @@ { - "attributes": { - "description": "Hashicorp Vault operational logs.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27ad0671-d838-464d-9949-250e95bf8ebf": { - "columnOrder": [ - "ff94d2dd-fe92-4157-929c-cceb4aa400d2", - "fd82c7ab-1504-4210-a3bd-bdee3f875c72", - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "columns": { - "834ca219-ed3e-4a48-b865-ac6e9d562b36": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ff94d2dd-fe92-4157-929c-cceb4aa400d2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of agent.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "agent.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "ff94d2dd-fe92-4157-929c-cceb4aa400d2", - "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "id": "hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:40:37.628Z", + "version": "WzQ5MSwxXQ==", + "attributes": { + "description": "Hashicorp Vault operational logs.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27ad0671-d838-464d-9949-250e95bf8ebf": { + "columnOrder": [ + "ff94d2dd-fe92-4157-929c-cceb4aa400d2", + "fd82c7ab-1504-4210-a3bd-bdee3f875c72", + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "columns": { + "834ca219-ed3e-4a48-b865-ac6e9d562b36": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ff94d2dd-fe92-4157-929c-cceb4aa400d2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of agent.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "agent.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 9, - "i": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", - "w": 24, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", - "title": "Log Volume by Agent", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47ee6385-76b6-4b42-b35d-583cd8208fb4": { - "columnOrder": [ - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" - ], - "columns": { - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Logs", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", - "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", + "palette": { + "name": "default", + "type": "palette" }, - "enhancements": {} + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "ff94d2dd-fe92-4157-929c-cceb4aa400d2", + "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 6, - "i": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", - "w": 8, - "x": 24, - "y": 0 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47ee6385-76b6-4b42-b35d-583cd8208fb4": { - "columnOrder": [ - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" - ], - "columns": { - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Errors", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "log.level", - "negate": false, - "params": { - "query": "error" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.level": "error" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", - "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 9, + "i": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", + "title": "Log Volume by Agent", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47ee6385-76b6-4b42-b35d-583cd8208fb4": { + "columnOrder": [ + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" + ], + "columns": { + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Logs", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", + "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", + "w": 8, + "x": 24, + "y": 0 + }, + "panelIndex": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47ee6385-76b6-4b42-b35d-583cd8208fb4": { + "columnOrder": [ + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" + ], + "columns": { + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Errors", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } }, - "gridData": { - "h": 6, - "i": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", - "w": 8, - "x": 32, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "log.level", + "negate": false, + "params": { + "query": "error" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.level": "error" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", + "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", + "w": 8, + "x": 32, + "y": 0 + }, + "panelIndex": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47ee6385-76b6-4b42-b35d-583cd8208fb4": { + "columnOrder": [ + "85994c44-017f-4c95-9bec-f54add925f28" + ], + "columns": { + "85994c44-017f-4c95-9bec-f54add925f28": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Agents", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "agent.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } }, - "panelIndex": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "log.level", + "negate": false, + "params": { + "query": "error" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.level": "error" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "85994c44-017f-4c95-9bec-f54add925f28", + "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47ee6385-76b6-4b42-b35d-583cd8208fb4": { - "columnOrder": [ - "85994c44-017f-4c95-9bec-f54add925f28" - ], - "columns": { - "85994c44-017f-4c95-9bec-f54add925f28": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Agents", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "agent.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "log.level", - "negate": false, - "params": { - "query": "error" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.level": "error" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "759e3b76-90f0-453a-932c-5aee1c56ad73", + "w": 8, + "x": 40, + "y": 0 + }, + "panelIndex": "759e3b76-90f0-453a-932c-5aee1c56ad73", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "w": 24, + "x": 24, + "y": 6 + }, + "panelIndex": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "panelRefName": "panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "type": "search", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27ad0671-d838-464d-9949-250e95bf8ebf": { + "columnOrder": [ + "10b83fe4-fecd-4487-8a05-b7c4665a00bc", + "fd82c7ab-1504-4210-a3bd-bdee3f875c72", + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "columns": { + "10b83fe4-fecd-4487-8a05-b7c4665a00bc": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of log.level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", + "type": "column" }, - "visualization": { - "accessor": "85994c44-017f-4c95-9bec-f54add925f28", - "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "log.level" + }, + "834ca219-ed3e-4a48-b865-ac6e9d562b36": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 6, - "i": "759e3b76-90f0-453a-932c-5aee1c56ad73", - "w": 8, - "x": 40, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "759e3b76-90f0-453a-932c-5aee1c56ad73", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 21, - "i": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "w": 24, - "x": 24, - "y": 6 + "layers": [ + { + "accessors": [ + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "10b83fe4-fecd-4487-8a05-b7c4665a00bc", + "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "panelRefName": "panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "type": "search", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27ad0671-d838-464d-9949-250e95bf8ebf": { - "columnOrder": [ - "10b83fe4-fecd-4487-8a05-b7c4665a00bc", - "fd82c7ab-1504-4210-a3bd-bdee3f875c72", - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "columns": { - "10b83fe4-fecd-4487-8a05-b7c4665a00bc": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of log.level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "log.level" - }, - "834ca219-ed3e-4a48-b865-ac6e9d562b36": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "10b83fe4-fecd-4487-8a05-b7c4665a00bc", - "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 9, - "i": "58781719-8e14-400f-963a-8652bcf90d28", - "w": 24, - "x": 0, - "y": 9 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "58781719-8e14-400f-963a-8652bcf90d28", - "title": "Log Volume by Level", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27ad0671-d838-464d-9949-250e95bf8ebf": { - "columnOrder": [ - "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", - "fd82c7ab-1504-4210-a3bd-bdee3f875c72", - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "columns": { - "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of log.logger", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "log.logger" - }, - "834ca219-ed3e-4a48-b865-ac6e9d562b36": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 9, + "i": "58781719-8e14-400f-963a-8652bcf90d28", + "w": 24, + "x": 0, + "y": 9 + }, + "panelIndex": "58781719-8e14-400f-963a-8652bcf90d28", + "title": "Log Volume by Level", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27ad0671-d838-464d-9949-250e95bf8ebf": { + "columnOrder": [ + "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", + "fd82c7ab-1504-4210-a3bd-bdee3f875c72", + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "columns": { + "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of log.logger", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", + "type": "column" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", - "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.logger" + }, + "834ca219-ed3e-4a48-b865-ac6e9d562b36": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 9, - "i": "f9db514e-50b6-44bc-b142-252f6b11ba02", - "w": 24, - "x": 0, - "y": 18 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "f9db514e-50b6-44bc-b142-252f6b11ba02", - "title": "Log Volume by Logger", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - } - ], - "timeRestore": false, - "title": "[Hashicorp Vault] Operational Logs", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5", - "migrationVersion": { - "dashboard": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "hashicorp_vault-80603d50-f4b9-11eb-a89a-7378b1713db5", - "name": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6:panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "type": "search" - }, - { - "id": "logs-*", - "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "58781719-8e14-400f-963a-8652bcf90d28:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", + "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" + "gridData": { + "h": 9, + "i": "f9db514e-50b6-44bc-b142-252f6b11ba02", + "w": 24, + "x": 0, + "y": 18 }, - { - "id": "logs-*", - "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:filter-index-pattern-0", - "type": "index-pattern" - } + "panelIndex": "f9db514e-50b6-44bc-b142-252f6b11ba02", + "title": "Log Volume by Logger", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Hashicorp Vault] Operational Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "hashicorp_vault-80603d50-f4b9-11eb-a89a-7378b1713db5", + "name": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6:panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "type": "search" + }, + { + "id": "logs-*", + "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58781719-8e14-400f-963a-8652bcf90d28:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:filter-index-pattern-0", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.14.0" + }, + "coreMigrationVersion": "7.14.0" } \ No newline at end of file diff --git a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json index 077c90fbf32..d70c5526bd1 100644 --- a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json +++ b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json @@ -1,1322 +1,1327 @@ { - "attributes": { - "description": "Hashicorp Vault audit logs overview.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" + "id": "hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T10:40:37.628Z", + "version": "WzQ5MiwxXQ==", + "attributes": { + "description": "Hashicorp Vault audit logs overview.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { + "columnOrder": [ + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" + ], + "columns": { + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Requests", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { - "columnOrder": [ - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" - ], - "columns": { - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "hashicorp_vault.audit.type", - "negate": false, - "params": { - "query": "request" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.type": "request" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", - "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" }, - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "83f33557-0d9d-4e73-bb7e-227b39132484", - "w": 10, - "x": 0, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } }, - "panelIndex": "83f33557-0d9d-4e73-bb7e-227b39132484", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "hashicorp_vault.audit.type", + "negate": false, + "params": { + "query": "request" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.type": "request" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", + "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b847cacb-e41b-429c-8f53-8cdf53bea465": { - "columnOrder": [ - "6a4f3808-ff70-42b5-8357-752540a94412" - ], - "columns": { - "6a4f3808-ff70-42b5-8357-752540a94412": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests with root token policy", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "hashicorp_vault.audit.auth.policies", - "negate": false, - "params": { - "query": "root" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.auth.policies": "root" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "hashicorp_vault.audit.type", - "negate": false, - "params": { - "query": "request" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.type": "request" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "6a4f3808-ff70-42b5-8357-752540a94412", - "layerId": "b847cacb-e41b-429c-8f53-8cdf53bea465" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "83f33557-0d9d-4e73-bb7e-227b39132484", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "83f33557-0d9d-4e73-bb7e-227b39132484", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b847cacb-e41b-429c-8f53-8cdf53bea465": { + "columnOrder": [ + "6a4f3808-ff70-42b5-8357-752540a94412" + ], + "columns": { + "6a4f3808-ff70-42b5-8357-752540a94412": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Requests with root token policy", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } }, - "gridData": { - "h": 8, - "i": "0232f3be-806f-40d8-ae0b-40aa512e6541", - "w": 9, - "x": 10, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "hashicorp_vault.audit.auth.policies", + "negate": false, + "params": { + "query": "root" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.auth.policies": "root" + } + } }, - "panelIndex": "0232f3be-806f-40d8-ae0b-40aa512e6541", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "hashicorp_vault.audit.type", + "negate": false, + "params": { + "query": "request" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.type": "request" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "6a4f3808-ff70-42b5-8357-752540a94412", + "layerId": "b847cacb-e41b-429c-8f53-8cdf53bea465" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { - "columnOrder": [ - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" - ], - "columns": { - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Denied Requests", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "hashicorp_vault.audit.type", - "negate": false, - "params": { - "query": "request" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.type": "request" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.type", - "negate": false, - "params": { - "query": "denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.type": "denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", - "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "0232f3be-806f-40d8-ae0b-40aa512e6541", + "w": 9, + "x": 10, + "y": 0 + }, + "panelIndex": "0232f3be-806f-40d8-ae0b-40aa512e6541", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { + "columnOrder": [ + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" + ], + "columns": { + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Denied Requests", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } }, - "gridData": { - "h": 8, - "i": "23805a5e-7dde-403d-bc28-3314fd3db7d4", - "w": 9, - "x": 19, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "hashicorp_vault.audit.type", + "negate": false, + "params": { + "query": "request" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.type": "request" + } + } }, - "panelIndex": "23805a5e-7dde-403d-bc28-3314fd3db7d4", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.type", + "negate": false, + "params": { + "query": "denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", + "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "489fa819-f474-4d04-a6be-fe36193109b0": { - "columnOrder": [ - "300deebb-15ad-44be-98b7-1dbe04d6b19d", - "4463bb63-735c-4f2e-99d8-c0e71a836b13" - ], - "columns": { - "300deebb-15ad-44be-98b7-1dbe04d6b19d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mount Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4463bb63-735c-4f2e-99d8-c0e71a836b13", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "hashicorp_vault.audit.request.mount_type" - }, - "4463bb63-735c-4f2e-99d8-c0e71a836b13": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "23805a5e-7dde-403d-bc28-3314fd3db7d4", + "w": 9, + "x": 19, + "y": 0 + }, + "panelIndex": "23805a5e-7dde-403d-bc28-3314fd3db7d4", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "489fa819-f474-4d04-a6be-fe36193109b0": { + "columnOrder": [ + "300deebb-15ad-44be-98b7-1dbe04d6b19d", + "4463bb63-735c-4f2e-99d8-c0e71a836b13" + ], + "columns": { + "300deebb-15ad-44be-98b7-1dbe04d6b19d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mount Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4463bb63-735c-4f2e-99d8-c0e71a836b13", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "300deebb-15ad-44be-98b7-1dbe04d6b19d" - ], - "layerId": "489fa819-f474-4d04-a6be-fe36193109b0", - "legendDisplay": "show", - "metric": "4463bb63-735c-4f2e-99d8-c0e71a836b13", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "hashicorp_vault.audit.request.mount_type" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" + "4463bb63-735c-4f2e-99d8-c0e71a836b13": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "9087a437-92b3-4cb4-a750-ae68b0858e09", - "w": 11, - "x": 28, - "y": 0 - }, - "panelIndex": "9087a437-92b3-4cb4-a750-ae68b0858e09", - "title": "Mount Type", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "300deebb-15ad-44be-98b7-1dbe04d6b19d" + ], + "layerId": "489fa819-f474-4d04-a6be-fe36193109b0", + "legendDisplay": "show", + "metric": "4463bb63-735c-4f2e-99d8-c0e71a836b13", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2c264c26-91e6-4a34-aea3-01d6f88ed30b": { - "columnOrder": [ - "d5f83108-804a-43e1-860a-aa4a81914a1c", - "c3d83176-87df-4196-a0a4-c52050c7b024" - ], - "columns": { - "c3d83176-87df-4196-a0a4-c52050c7b024": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d5f83108-804a-43e1-860a-aa4a81914a1c": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of hashicorp_vault.audit.auth.token_policies", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c3d83176-87df-4196-a0a4-c52050c7b024", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "hashicorp_vault.audit.auth.token_policies" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d5f83108-804a-43e1-860a-aa4a81914a1c" - ], - "layerId": "2c264c26-91e6-4a34-aea3-01d6f88ed30b", - "legendDisplay": "default", - "metric": "c3d83176-87df-4196-a0a4-c52050c7b024", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shape": "treemap" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "9087a437-92b3-4cb4-a750-ae68b0858e09", + "w": 11, + "x": 28, + "y": 0 + }, + "panelIndex": "9087a437-92b3-4cb4-a750-ae68b0858e09", + "title": "Mount Type", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2c264c26-91e6-4a34-aea3-01d6f88ed30b": { + "columnOrder": [ + "d5f83108-804a-43e1-860a-aa4a81914a1c", + "c3d83176-87df-4196-a0a4-c52050c7b024" + ], + "columns": { + "c3d83176-87df-4196-a0a4-c52050c7b024": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" + "d5f83108-804a-43e1-860a-aa4a81914a1c": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of hashicorp_vault.audit.auth.token_policies", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c3d83176-87df-4196-a0a4-c52050c7b024", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "hashicorp_vault.audit.auth.token_policies" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 29, - "i": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", - "w": 9, - "x": 39, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d5f83108-804a-43e1-860a-aa4a81914a1c" + ], + "layerId": "2c264c26-91e6-4a34-aea3-01d6f88ed30b", + "legendDisplay": "default", + "metric": "c3d83176-87df-4196-a0a4-c52050c7b024", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "panelIndex": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", - "title": "Auth Token Policies", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + "shape": "treemap" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "791d2c5a-3c3a-4225-8221-6e03777579de": { - "columnOrder": [ - "31c54481-0421-4f67-8f39-659fa8cbc7fe", - "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6", - "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" - ], - "columns": { - "31c54481-0421-4f67-8f39-659fa8cbc7fe": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 4 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - }, - "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 29, + "i": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", + "w": 9, + "x": 39, + "y": 0 + }, + "panelIndex": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", + "title": "Auth Token Policies", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "791d2c5a-3c3a-4225-8221-6e03777579de": { + "columnOrder": [ + "31c54481-0421-4f67-8f39-659fa8cbc7fe", + "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6", + "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" + ], + "columns": { + "31c54481-0421-4f67-8f39-659fa8cbc7fe": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701", + "type": "column" }, - "visualization": { - "layers": [ - { - "accessors": [ - "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" - ], - "layerId": "791d2c5a-3c3a-4225-8221-6e03777579de", - "palette": { - "name": "status", - "type": "palette" - }, - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "31c54481-0421-4f67-8f39-659fa8cbc7fe", - "xAccessor": "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 4 + }, + "scale": "ordinal", + "sourceField": "event.outcome" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" + ], + "layerId": "791d2c5a-3c3a-4225-8221-6e03777579de", + "palette": { + "name": "status", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "31c54481-0421-4f67-8f39-659fa8cbc7fe", + "xAccessor": "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 8, - "i": "62d57354-4600-4729-a898-1b0e5eee57af", - "w": 19, - "x": 0, - "y": 8 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "62d57354-4600-4729-a898-1b0e5eee57af", - "title": "Event Outcome", - "type": "lens", - "version": "7.15.0-SNAPSHOT" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "874c0b4f-299a-4ae6-a04d-c06072907352": { - "columnOrder": [ - "1949c67d-972f-480f-a44e-a8efad60bc6f", - "d4a9db3d-1864-4a8e-b255-34f3516babd2" - ], - "columns": { - "1949c67d-972f-480f-a44e-a8efad60bc6f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operation", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d4a9db3d-1864-4a8e-b255-34f3516babd2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "hashicorp_vault.audit.request.operation" - }, - "d4a9db3d-1864-4a8e-b255-34f3516babd2": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "62d57354-4600-4729-a898-1b0e5eee57af", + "w": 19, + "x": 0, + "y": 8 + }, + "panelIndex": "62d57354-4600-4729-a898-1b0e5eee57af", + "title": "Event Outcome", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "874c0b4f-299a-4ae6-a04d-c06072907352": { + "columnOrder": [ + "1949c67d-972f-480f-a44e-a8efad60bc6f", + "d4a9db3d-1864-4a8e-b255-34f3516babd2" + ], + "columns": { + "1949c67d-972f-480f-a44e-a8efad60bc6f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operation", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d4a9db3d-1864-4a8e-b255-34f3516babd2", + "type": "column" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "d4a9db3d-1864-4a8e-b255-34f3516babd2" - ], - "layerId": "874c0b4f-299a-4ae6-a04d-c06072907352", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "1949c67d-972f-480f-a44e-a8efad60bc6f" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "hashicorp_vault.audit.request.operation" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "d4a9db3d-1864-4a8e-b255-34f3516babd2": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 8, - "i": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", - "w": 9, - "x": 19, - "y": 8 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", - "title": "Operation Type", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb": { - "columnOrder": [ - "602d11b6-cd45-45ba-b1fa-6430016e4eda", - "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b" - ], - "columns": { - "602d11b6-cd45-45ba-b1fa-6430016e4eda": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "event.type" - }, - "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "602d11b6-cd45-45ba-b1fa-6430016e4eda" - ], - "layerId": "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", - "legendDisplay": "show", - "metric": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 8, - "i": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", - "w": 11, - "x": 28, - "y": 8 + "layers": [ + { + "accessors": [ + "d4a9db3d-1864-4a8e-b255-34f3516babd2" + ], + "layerId": "874c0b4f-299a-4ae6-a04d-c06072907352", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "1949c67d-972f-480f-a44e-a8efad60bc6f" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", - "title": "Event Type", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"d6bce6c1-3b22-4697-ab6d-3073b7064328\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"4d111e7b-044b-44c0-a962-7dc284f4f0f2\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"58c4d1f7-a53b-4b96-be01-93fc8e8232cc\",\"label\":\"Source Location\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"query\":{\"query\":\"data_stream.dataset:\\\"hashicorp_vault.audit\\\" \",\"language\":\"kuery\"}}]", - "mapStateJSON": "{\"zoom\":1.53,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-30d/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 180, - "minLat": -66.51326, - "minLon": -180 - }, - "mapCenter": { - "lat": 44.16871, - "lon": -22.15634, - "zoom": 1.53 - }, - "openTOCDetails": [] + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "761dd3e0-7eb2-4738-a475-1007d78b900f", - "w": 39, - "x": 0, - "y": 16 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "761dd3e0-7eb2-4738-a475-1007d78b900f", - "title": "Source Locations", - "type": "map", - "version": "7.15.0-SNAPSHOT" - } - ], - "timeRestore": false, - "title": "[Hashicorp Vault] Audit Logs", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5", - "migrationVersion": { - "dashboard": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62d57354-4600-4729-a898-1b0e5eee57af:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", - "type": "index-pattern" + "gridData": { + "h": 8, + "i": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", + "w": 9, + "x": 19, + "y": 8 }, - { - "id": "logs-*", - "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", + "title": "Operation Type", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb": { + "columnOrder": [ + "602d11b6-cd45-45ba-b1fa-6430016e4eda", + "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b" + ], + "columns": { + "602d11b6-cd45-45ba-b1fa-6430016e4eda": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "event.type" + }, + "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "602d11b6-cd45-45ba-b1fa-6430016e4eda" + ], + "layerId": "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", + "legendDisplay": "show", + "metric": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 8, + "i": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", + "w": 11, + "x": 28, + "y": 8 }, - { - "id": "logs-*", - "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", - "type": "index-pattern" + "panelIndex": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", + "title": "Event Type", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"d6bce6c1-3b22-4697-ab6d-3073b7064328\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"4d111e7b-044b-44c0-a962-7dc284f4f0f2\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"58c4d1f7-a53b-4b96-be01-93fc8e8232cc\",\"label\":\"Source Location\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"query\":{\"query\":\"data_stream.dataset:\\\"hashicorp_vault.audit\\\" \",\"language\":\"kuery\"}}]", + "mapStateJSON": "{\"zoom\":1.53,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-30d/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 180, + "minLat": -66.51326, + "minLon": -180 + }, + "mapCenter": { + "lat": 44.16871, + "lon": -22.15634, + "zoom": 1.53 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 13, + "i": "761dd3e0-7eb2-4738-a475-1007d78b900f", + "w": 39, + "x": 0, + "y": 16 }, - { - "id": "logs-*", - "name": "761dd3e0-7eb2-4738-a475-1007d78b900f:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "761dd3e0-7eb2-4738-a475-1007d78b900f", + "title": "Source Locations", + "type": "map", + "version": "7.15.0-SNAPSHOT" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Hashicorp Vault] Audit Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62d57354-4600-4729-a898-1b0e5eee57af:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "761dd3e0-7eb2-4738-a475-1007d78b900f:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.14.0" + }, + "coreMigrationVersion": "7.14.0" } \ No newline at end of file From faa481945dab4abafed3d684f01ac5c927b32783 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 17:19:08 +0530 Subject: [PATCH 016/103] migrate hid_bravura_monitor to by_value --- ...-0665f160-f956-11eb-a1ab-1964dffd1499.json | 535 ++++++-- ...-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json | 386 +++++- ...-1a431f90-fa01-11eb-a1ab-1964dffd1499.json | 293 +++-- ...-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json | 829 +++++++++++-- ...-28db2060-fa02-11eb-a1ab-1964dffd1499.json | 579 +++++++-- ...-3f403100-f9f4-11eb-a1ab-1964dffd1499.json | 386 +++++- ...-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json | 562 +++++++-- ...-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json | 277 +++-- ...-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json | 391 +++--- ...-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json | 500 ++++++-- ...-578cb360-f9f3-11eb-a1ab-1964dffd1499.json | 372 ++++-- ...-6ebde770-fa02-11eb-a1ab-1964dffd1499.json | 351 ++++-- ...-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json | 822 +++++++++--- ...-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json | 330 ++++- ...-91029280-0520-11ec-853c-2bf1ec8ddeef.json | 1035 ++++++++++++++-- ...-a8739000-f9fd-11eb-a1ab-1964dffd1499.json | 729 +++++++++-- ...-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json | 413 ++++++- ...-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json | 496 ++++++-- ...-b66f3780-fa03-11eb-a1ab-1964dffd1499.json | 425 ++++++- ...-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json | 529 ++++++-- ...-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json | 648 ++++++++-- ...-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json | 668 ++++++++-- ...-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json | 440 ++++++- ...-d3a33820-fa02-11eb-a1ab-1964dffd1499.json | 1099 ++++++++++++++--- ...-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json | 839 +++++++++++-- ...-db22d850-fa00-11eb-a1ab-1964dffd1499.json | 394 +++++- ...-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json | 501 ++++++-- ...-f8112090-fa03-11eb-a1ab-1964dffd1499.json | 494 ++++++-- ...-00cbeab0-1a28-11eb-abcf-effcd51852fa.json | 192 --- ...-00dc0a80-1adc-11eb-abcf-effcd51852fa.json | 113 -- ...-05cb9390-1a22-11eb-abcf-effcd51852fa.json | 166 --- ...-06fb9d30-1a24-11eb-abcf-effcd51852fa.json | 113 -- ...-0799ca70-2b66-11eb-abcf-effcd51852fa.json | 126 -- ...-07f86e00-d835-11eb-9e70-edcbba448215.json | 90 -- ...-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json | 126 -- ...-0cf3f020-1add-11eb-abcf-effcd51852fa.json | 167 --- ...-1211f840-d90a-11eb-9e70-edcbba448215.json | 100 -- ...-1269fd70-1956-11eb-abcf-effcd51852fa.json | 193 --- ...-1498e300-1482-11eb-bb7b-bb041e8cf289.json | 127 -- ...-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json | 126 -- ...-1b439670-25d8-11eb-abcf-effcd51852fa.json | 86 -- ...-1ddd3300-1a25-11eb-abcf-effcd51852fa.json | 113 -- ...-20a85000-1a1c-11eb-abcf-effcd51852fa.json | 86 -- ...-211feda0-d37f-11eb-9e70-edcbba448215.json | 176 --- ...-23133620-238b-11eb-abcf-effcd51852fa.json | 181 --- ...-24823410-1464-11eb-bb7b-bb041e8cf289.json | 173 --- ...-2722d7e0-d388-11eb-9e70-edcbba448215.json | 176 --- ...-2a088ae0-243d-11eb-abcf-effcd51852fa.json | 165 --- ...-2ffbfc20-d83d-11eb-9e70-edcbba448215.json | 114 -- ...-33258a00-d398-11eb-9e70-edcbba448215.json | 166 --- ...-341531e0-25d8-11eb-abcf-effcd51852fa.json | 113 -- ...-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json | 86 -- ...-3bd92210-1a25-11eb-abcf-effcd51852fa.json | 86 -- ...-3ec54c70-d90a-11eb-9e70-edcbba448215.json | 100 -- ...-42dc53c0-243e-11eb-abcf-effcd51852fa.json | 86 -- ...-489a4f50-2453-11eb-abcf-effcd51852fa.json | 120 -- ...-4b0765d0-1ade-11eb-abcf-effcd51852fa.json | 86 -- ...-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json | 87 -- ...-552d3e80-1a26-11eb-abcf-effcd51852fa.json | 37 - ...-59482290-25da-11eb-abcf-effcd51852fa.json | 37 - ...-5b5237e0-d388-11eb-9e70-edcbba448215.json | 176 --- ...-64035e60-25db-11eb-abcf-effcd51852fa.json | 37 - ...-64514c50-1a1f-11eb-abcf-effcd51852fa.json | 192 --- ...-659dad40-25b6-11eb-abcf-effcd51852fa.json | 165 --- ...-66c884f0-2382-11eb-abcf-effcd51852fa.json | 91 -- ...-670cf140-1a1c-11eb-abcf-effcd51852fa.json | 86 -- ...-6ac75200-d90a-11eb-9e70-edcbba448215.json | 167 --- ...-6ad826b0-d37f-11eb-9e70-edcbba448215.json | 176 --- ...-70a8f8e0-d392-11eb-9e70-edcbba448215.json | 207 ---- ...-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json | 86 -- ...-77701bc0-25bb-11eb-abcf-effcd51852fa.json | 206 --- ...-77f6f520-1add-11eb-abcf-effcd51852fa.json | 86 -- ...-80efbc20-d388-11eb-9e70-edcbba448215.json | 176 --- ...-82277da0-25d5-11eb-abcf-effcd51852fa.json | 126 -- ...-82432550-25bc-11eb-abcf-effcd51852fa.json | 158 --- ...-85943290-1a2b-11eb-abcf-effcd51852fa.json | 147 --- ...-878feb30-1ade-11eb-abcf-effcd51852fa.json | 86 -- ...-87baab60-25b8-11eb-abcf-effcd51852fa.json | 121 -- ...-89e6a260-25d4-11eb-abcf-effcd51852fa.json | 119 -- ...-8c755c30-25d7-11eb-abcf-effcd51852fa.json | 165 --- ...-8ec75c50-2383-11eb-abcf-effcd51852fa.json | 104 -- ...-9036f440-d37f-11eb-9e70-edcbba448215.json | 176 --- ...-9357e910-2b67-11eb-abcf-effcd51852fa.json | 86 -- ...-95fb9a70-25d8-11eb-abcf-effcd51852fa.json | 126 -- ...-979ecd00-1abd-11eb-abcf-effcd51852fa.json | 37 - ...-9a513b80-d388-11eb-9e70-edcbba448215.json | 176 --- ...-9a75fb00-d83d-11eb-9e70-edcbba448215.json | 190 --- ...-a29a1cc0-238a-11eb-abcf-effcd51852fa.json | 103 -- ...-a8002430-25d7-11eb-abcf-effcd51852fa.json | 169 --- ...-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json | 86 -- ...-aabca810-2456-11eb-abcf-effcd51852fa.json | 214 ---- ...-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json | 114 -- ...-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json | 167 --- ...-bde40aa0-1957-11eb-abcf-effcd51852fa.json | 165 --- ...-be6560d0-1a21-11eb-abcf-effcd51852fa.json | 37 - ...-c0e79490-25b6-11eb-abcf-effcd51852fa.json | 85 -- ...-c318d000-d83d-11eb-9e70-edcbba448215.json | 114 -- ...-c85815c0-d83e-11eb-9e70-edcbba448215.json | 190 --- ...-cc0f81c0-243f-11eb-abcf-effcd51852fa.json | 106 -- ...-cf6ea950-1ade-11eb-abcf-effcd51852fa.json | 86 -- ...-d3897a80-25db-11eb-abcf-effcd51852fa.json | 144 --- ...-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json | 113 -- ...-d5fae950-25d3-11eb-abcf-effcd51852fa.json | 193 --- ...-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json | 86 -- ...-d7dc3680-1add-11eb-abcf-effcd51852fa.json | 166 --- ...-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json | 86 -- ...-db898d80-1a21-11eb-abcf-effcd51852fa.json | 116 -- ...-dbc305e0-245a-11eb-abcf-effcd51852fa.json | 110 -- ...-ec082d90-1aaf-11eb-abcf-effcd51852fa.json | 153 --- ...-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json | 126 -- ...-f596ebf0-1adf-11eb-abcf-effcd51852fa.json | 86 -- ...-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json | 126 -- ...-fddce510-d387-11eb-9e70-edcbba448215.json | 176 --- ...-fe363790-1a1a-11eb-abcf-effcd51852fa.json | 166 --- ...-fe779080-d83f-11eb-9e70-edcbba448215.json | 219 ---- 115 files changed, 12586 insertions(+), 14020 deletions(-) delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa.json delete mode 100644 packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215.json diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json index efb49b14c65..7ea889e4a26 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json @@ -1,115 +1,456 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzY5NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Log issues histogram", + "description": "", + "uiState": { + "vis": { + "colors": { + "Error": "#BF1B00", + "Warning": "#E5AC0E" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", - "w": 16, - "x": 0, - "y": 15 - }, - "panelIndex": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", - "panelRefName": "panel_1", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "8b200051-1ac1-4008-b031-ba62127cb7b4", - "w": 16, - "x": 16, - "y": 15 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8b200051-1ac1-4008-b031-ba62127cb7b4", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Instance", + "field": "agent.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by level", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", - "w": 16, - "x": 32, - "y": 15 + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Level", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Log issues - Summary", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289", - "name": "panel_0", - "type": "visualization" + } + }, + "gridData": { + "h": 19, + "i": "8b200051-1ac1-4008-b031-ba62127cb7b4", + "w": 16, + "x": 16, + "y": 15 }, - { - "id": "hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289", - "name": "panel_1", - "type": "visualization" + "panelIndex": "8b200051-1ac1-4008-b031-ba62127cb7b4", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by process", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 19, + "i": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", + "w": 16, + "x": 32, + "y": 15 }, - { - "id": "hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21", - "name": "panel_3", - "type": "visualization" - } + "panelIndex": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Log issues - Summary", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "8b200051-1ac1-4008-b031-ba62127cb7b4:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json index 6304d116a5b..69cd0ca9f4f 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json @@ -1,75 +1,335 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzY5NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Disabled Profiles", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Profile", + "field": "winlog.event_data.Profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "30", + "31" + ], + "type": "phrases", + "value": "30, 31" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "30" + } + }, + { + "match_phrase": { + "event.code": "31" + } + } + ] + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 26, + "i": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", + "w": 13, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", - "w": 13, - "x": 0, - "y": 0 - }, - "panelIndex": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Disabled Profiles Trend", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "3b23d41e-170f-4423-8ba8-2971e9b68782", - "w": 35, - "x": 13, - "y": 0 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "3b23d41e-170f-4423-8ba8-2971e9b68782", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "30", + "31" + ], + "type": "phrases", + "value": "30, 31" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "30" + } + }, + { + "match_phrase": { + "event.code": "31" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Disabled Profiles", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" - } + "gridData": { + "h": 26, + "i": "3b23d41e-170f-4423-8ba8-2971e9b68782", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "3b23d41e-170f-4423-8ba8-2971e9b68782", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Disabled Profiles", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json index 4f420d15d8e..78f470e0606 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json @@ -1,95 +1,234 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzY5NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Discovery: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Discovery stored procedures are involved with loading data from integrations ( Connectors and LWS ) into the product database to learn about changes in the environment we are managing Identities and Access in. \n\nSome general rules of thumbs:\n\n* LWS stored procdures need to be quick. None should take a second.\n* Iddiscover.exe stored procedures can run for much longer. Minutes to hours in large environments to process large changes in bulk. \n\nStrategies for improving the performance of these stored procedures include:\n\n* Rebuild fragmented database indexes\n* Review if database is low on RAM, CPU, or I/O bandwidth.\n\nIf you continue to encounter problems developers will require database execution plans to review the operation of these procedures. ", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 25, + "i": "6d898178-6f51-4199-ae7e-44bd35e60bc8", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "6d898178-6f51-4199-ae7e-44bd35e60bc8", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Discovery procedures", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 25, - "i": "6d898178-6f51-4199-ae7e-44bd35e60bc8", - "w": 12, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "6d898178-6f51-4199-ae7e-44bd35e60bc8", - "panelRefName": "panel_0", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 25, - "i": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", - "w": 36, - "x": 12, - "y": 0 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", - "panelRefName": "panel_1", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 16, - "i": "70c9467e-31cb-4617-beab-2e7012046222", - "w": 48, - "x": 0, - "y": 25 + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "70c9467e-31cb-4617-beab-2e7012046222", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "split", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Discovery", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 25, + "i": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", + "w": 36, + "x": 12, + "y": 0 }, - { - "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "search" - } + "panelIndex": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "70c9467e-31cb-4617-beab-2e7012046222", + "w": 48, + "x": 0, + "y": 25 + }, + "panelIndex": "70c9467e-31cb-4617-beab-2e7012046222", + "panelRefName": "panel_2", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Database - Discovery", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa", + "name": "panel_2", + "type": "search" + }, + { + "type": "search", + "name": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee:search_0", + "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json index b8e2c9599aa..94a00f166f6 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json @@ -1,155 +1,728 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzY5NywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 59, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 21, + "i": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", + "w": 10, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Provider Distribution", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "31e162b4-565d-4dce-90f1-e0a43ed54a70", - "w": 38, - "x": 10, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "31e162b4-565d-4dce-90f1-e0a43ed54a70", - "panelRefName": "panel_1", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "21a44db8-a29a-4a18-b63e-ca0da9606909", - "w": 10, - "x": 0, - "y": 21 + { + "enabled": true, + "id": "3", + "params": { + "field": "winlog.channel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "21a44db8-a29a-4a18-b63e-ca0da9606909", - "panelRefName": "panel_2", - "version": "7.11.0" + { + "enabled": true, + "id": "4", + "params": { + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 21, + "i": "31e162b4-565d-4dce-90f1-e0a43ed54a70", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "31e162b4-565d-4dce-90f1-e0a43ed54a70", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Problem Distribution", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", - "w": 38, - "x": 10, - "y": 21 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "winlog.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", - "panelRefName": "panel_3", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Severity", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 21, + "i": "21a44db8-a29a-4a18-b63e-ca0da9606909", + "w": 10, + "x": 0, + "y": 21 + }, + "panelIndex": "21a44db8-a29a-4a18-b63e-ca0da9606909", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Heat Map", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 27, - "i": "1494c062-2f24-4571-8e69-793a894392d7", - "w": 24, - "x": 0, - "y": 42 + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "1494c062-2f24-4571-8e69-793a894392d7", - "panelRefName": "panel_4", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 21, + "i": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", + "w": 38, + "x": 10, + "y": 21 + }, + "panelIndex": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Events", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 20, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event ID", + "field": "winlog.event_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 27, - "i": "5fb347ad-ad70-4cfb-8023-f61468be8a07", - "w": 24, - "x": 24, - "y": 42 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Source", + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "5fb347ad-ad70-4cfb-8023-f61468be8a07", - "panelRefName": "panel_5", - "version": "7.11.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Event Log", + "field": "winlog.channel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Windows Event Analysis - Problems", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 27, + "i": "1494c062-2f24-4571-8e69-793a894392d7", + "w": 24, + "x": 0, + "y": 42 }, - { - "id": "hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "panelIndex": "1494c062-2f24-4571-8e69-793a894392d7", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Distribution", + "description": "", + "uiState": { + "vis": { + "colors": { + "error": "#EF843C", + "warning": "#EAB839" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 27, + "i": "5fb347ad-ad70-4cfb-8023-f61468be8a07", + "w": 24, + "x": 24, + "y": 42 }, - { - "id": "hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa", - "name": "panel_5", - "type": "visualization" - } + "panelIndex": "5fb347ad-ad70-4cfb-8023-f61468be8a07", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Windows Event Analysis - Problems", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "31e162b4-565d-4dce-90f1-e0a43ed54a70:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "21a44db8-a29a-4a18-b63e-ca0da9606909:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "1494c062-2f24-4571-8e69-793a894392d7:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "5fb347ad-ad70-4cfb-8023-f61468be8a07:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json index 755ec28db93..683a8157096 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json @@ -1,95 +1,520 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzY5OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Discovery Runtimes", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of Duration (ms)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Sum of Duration (ms)" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sum of Duration (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2021-01-11T07:00:00.000Z", + "to": "2021-01-18T07:00:00.000Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psupdate.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psupdate.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "27066e19-96ff-46db-989c-2ed0650bfb32", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "27066e19-96ff-46db-989c-2ed0650bfb32", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Discovery Events", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "27066e19-96ff-46db-989c-2ed0650bfb32", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "27066e19-96ff-46db-989c-2ed0650bfb32", - "panelRefName": "panel_0", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 15, - "i": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Discovery Runtime Table", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Runtime (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", - "w": 24, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Discovery ID", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", - "panelRefName": "panel_2", - "version": "7.11.0" + { + "enabled": true, + "id": "4", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.exe", + "negate": false, + "params": { + "query": "psupdate.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.exe": "psupdate.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Discovery - Summary", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" - } + "panelIndex": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Discovery - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478:search_0", + "id": "hid_bravura_monitor-dd637750-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json index 488ef6d7c84..30bc5af2fc7 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json @@ -1,75 +1,335 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzY5OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Unlocked Profiles", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Profile", + "field": "winlog.event_data.Profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "32", + "33" + ], + "type": "phrases", + "value": "32, 33" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "32" + } + }, + { + "match_phrase": { + "event.code": "33" + } + } + ] + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 26, + "i": "292870cf-80ba-4071-ac33-6ddc10eef5ee", + "w": 13, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "292870cf-80ba-4071-ac33-6ddc10eef5ee", - "w": 13, - "x": 0, - "y": 0 - }, - "panelIndex": "292870cf-80ba-4071-ac33-6ddc10eef5ee", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "292870cf-80ba-4071-ac33-6ddc10eef5ee", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unlocked Profile Trend", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "c81e1947-6ef2-4f8f-8497-c6defed48569", - "w": 35, - "x": 13, - "y": 0 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "c81e1947-6ef2-4f8f-8497-c6defed48569", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "32", + "33" + ], + "type": "phrases", + "value": "32, 33" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "32" + } + }, + { + "match_phrase": { + "event.code": "33" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Unlocked Profiles", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" - } + "gridData": { + "h": 26, + "i": "c81e1947-6ef2-4f8f-8497-c6defed48569", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "c81e1947-6ef2-4f8f-8497-c6defed48569", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Unlocked Profiles", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json index bd2c05b46b6..a184ad57502 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json @@ -1,135 +1,469 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 14, + "i": "aed09807-f936-4881-960d-30039d3fb5cd", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "aed09807-f936-4881-960d-30039d3fb5cd", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "aed09807-f936-4881-960d-30039d3fb5cd", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "aed09807-f936-4881-960d-30039d3fb5cd", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Nodes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", - "w": 16, - "x": 0, - "y": 14 - }, - "panelIndex": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", - "panelRefName": "panel_1", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "ded4c445-2a0a-448c-9318-38b166d11d73", - "w": 16, - "x": 16, - "y": 14 - }, - "panelIndex": "ded4c445-2a0a-448c-9318-38b166d11d73", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", + "w": 16, + "x": 0, + "y": 14 + }, + "panelIndex": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Processes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "a58e223b-2453-4dcd-9de5-8a6101d9964d", - "w": 16, - "x": 32, - "y": 14 - }, - "panelIndex": "a58e223b-2453-4dcd-9de5-8a6101d9964d", - "panelRefName": "panel_3", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 17, - "i": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", - "w": 48, - "x": 0, - "y": 34 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "ded4c445-2a0a-448c-9318-38b166d11d73", + "w": 16, + "x": 16, + "y": 14 + }, + "panelIndex": "ded4c445-2a0a-448c-9318-38b166d11d73", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Affected users", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", - "panelRefName": "panel_4", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Users", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Issues", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 20, + "i": "a58e223b-2453-4dcd-9de5-8a6101d9964d", + "w": 16, + "x": 32, + "y": 14 }, - { - "id": "hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "panelIndex": "a58e223b-2453-4dcd-9de5-8a6101d9964d", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 17, + "i": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", + "w": 48, + "x": 0, + "y": 34 }, - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "search" - } + "panelIndex": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", + "panelRefName": "panel_4", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Users - Issues", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", + "name": "panel_4", + "type": "search" + }, + { + "type": "search", + "name": "aed09807-f936-4881-960d-30039d3fb5cd:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "ded4c445-2a0a-448c-9318-38b166d11d73:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "a58e223b-2453-4dcd-9de5-8a6101d9964d:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json index 10d86188d36..a16317821b0 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json @@ -1,95 +1,216 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Search: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Search engines need to return quickly since users are waiting on their results. There is a direct correlation between search time and user experience.\n\nAs a general rule, Search stored procedures should take less than a second to run on average. \n\nSearch stored procedure performance is impacted by elements such as:\n\n* Data size. Larger data consumes more CPU, Ram, Disk I/O on the database server. \n* Policies such as acls, filtering, etc. \n* Indexes. Sometimes they fragment degrading overall performance. \n* Table/Index Locking with other database actions.\n\nStrategies for improving database search performance include:\n\n* Rebuild fragmented database indexes.\n* Evaluate if more RAM/CPU\n\nWhen these don't work, Developers will need database execution plans to review options.", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 25, + "i": "63969223-a0de-4d10-aa3a-5a7de19681c2", + "w": 13, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 25, - "i": "63969223-a0de-4d10-aa3a-5a7de19681c2", - "w": 13, - "x": 0, - "y": 0 - }, - "panelIndex": "63969223-a0de-4d10-aa3a-5a7de19681c2", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "63969223-a0de-4d10-aa3a-5a7de19681c2", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Search performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 25, - "i": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", - "w": 35, - "x": 13, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", - "panelRefName": "panel_1", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 16, - "i": "250f87a6-96dc-417f-a704-ee29e9669992", - "w": 48, - "x": 0, - "y": 25 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "250f87a6-96dc-417f-a704-ee29e9669992", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Search", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 25, + "i": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", + "w": 35, + "x": 13, + "y": 0 }, - { - "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "search" - } + "panelIndex": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "250f87a6-96dc-417f-a704-ee29e9669992", + "w": 48, + "x": 0, + "y": 25 + }, + "panelIndex": "250f87a6-96dc-417f-a704-ee29e9669992", + "panelRefName": "panel_2", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Database - Search", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa", + "name": "panel_2", + "type": "search" + }, + { + "type": "search", + "name": "37dcff04-67ca-46e6-bea3-b6be4a08bce8:search_0", + "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json index 70a913c100b..cb5fcec4720 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json @@ -1,158 +1,263 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "24e4b310-069e-11ec-8d63-433b7d9c06cf" + } + ], + "bar_color_rules": [ + { + "id": "015e0b70-069f-11ec-8d63-433b7d9c06cf" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "hid_bravura_monitor.perf.kind: PerfExe AND NOT (hid_bravura_monitor.perf.exe: *plugin*)" + }, + "gauge_color_rules": [ + { + "id": "040388f0-069f-11ec-8d63-433b7d9c06cf" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_bars": 80, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { "language": "kuery", "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "hid_bravura_monitor.perf.duration", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_exclude": "", + "terms_field": "hid_bravura_monitor.perf.exe", + "type": "timeseries" } - } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Executable Average Duration", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 17, + "i": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "annotations": [], - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "24e4b310-069e-11ec-8d63-433b7d9c06cf" - } - ], - "bar_color_rules": [ - { - "id": "015e0b70-069f-11ec-8d63-433b7d9c06cf" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "hid_bravura_monitor.perf.kind: PerfExe AND NOT (hid_bravura_monitor.perf.exe: *plugin*)" - }, - "gauge_color_rules": [ - { - "id": "040388f0-069f-11ec-8d63-433b7d9c06cf" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_bars": 80, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ - { - "field": "hid_bravura_monitor.perf.duration", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_exclude": "", - "terms_field": "hid_bravura_monitor.perf.exe", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Executable Average Duration", - "type": "metrics", - "uiState": {} - }, - "type": "visualization" + "panelIndex": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", + "type": "visualization", + "version": "7.15.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Executables: Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 17, - "i": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 25, - "i": "198257f3-2b86-41f1-83cf-2090465b56a8", - "w": 48, - "x": 0, - "y": 17 + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "198257f3-2b86-41f1-83cf-2090465b56a8", - "panelRefName": "panel_1", - "version": "8.0.0" + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Processes - Executables", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585", - "name": "panel_1", - "type": "visualization" - } + } + }, + "gridData": { + "h": 25, + "i": "198257f3-2b86-41f1-83cf-2090465b56a8", + "w": 48, + "x": 0, + "y": 17 + }, + "panelIndex": "198257f3-2b86-41f1-83cf-2090465b56a8", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Processes - Executables", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "198257f3-2b86-41f1-83cf-2090465b56a8:search_0", + "id": "hid_bravura_monitor-95032a30-2eab-11eb-b6a1-bdb7d768b585" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json index 17abfaa11eb..9b80e11123f 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json @@ -1,115 +1,427 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operations per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 20, + "i": "2852a22c-425f-45b2-b953-6b0f3d214447", + "w": 11, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2852a22c-425f-45b2-b953-6b0f3d214447", - "w": 11, - "x": 0, - "y": 0 - }, - "panelIndex": "2852a22c-425f-45b2-b953-6b0f3d214447", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "2852a22c-425f-45b2-b953-6b0f3d214447", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", - "w": 37, - "x": 11, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", - "panelRefName": "panel_1", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", + "w": 37, + "x": 11, + "y": 0 + }, + "panelIndex": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operations", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "c3a20836-de82-44e2-a23c-38ac861cc7df", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "c3a20836-de82-44e2-a23c-38ac861cc7df", - "panelRefName": "panel_2", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 15, - "i": "aa105229-2ee8-417b-a85b-ab83300357ee", - "w": 48, - "x": 0, - "y": 35 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "panelIndex": "aa105229-2ee8-417b-a85b-ab83300357ee", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Workflow - Summary (Logs)", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "c3a20836-de82-44e2-a23c-38ac861cc7df", + "w": 48, + "x": 0, + "y": 20 }, - { - "id": "hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "panelIndex": "c3a20836-de82-44e2-a23c-38ac861cc7df", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" - } + "gridData": { + "h": 15, + "i": "aa105229-2ee8-417b-a85b-ab83300357ee", + "w": 48, + "x": 0, + "y": 35 + }, + "panelIndex": "aa105229-2ee8-417b-a85b-ab83300357ee", + "panelRefName": "panel_3", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Workflow - Summary (Logs)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" + }, + { + "type": "search", + "name": "2852a22c-425f-45b2-b953-6b0f3d214447:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "c3a20836-de82-44e2-a23c-38ac861cc7df:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json index 2387f0333c0..91dddaec7d2 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json @@ -1,95 +1,307 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Administrative Summary Table", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Integration", + "field": "winlog.event_data.Module", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 20, + "i": "647b541e-ba69-4580-8b5c-82b99e9141db", + "w": 14, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "647b541e-ba69-4580-8b5c-82b99e9141db", - "w": 14, - "x": 0, - "y": 0 - }, - "panelIndex": "647b541e-ba69-4580-8b5c-82b99e9141db", - "panelRefName": "panel_0", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "3d4e7a89-9376-40e8-a110-aea6fad8704d", - "w": 34, - "x": 14, - "y": 0 - }, - "panelIndex": "3d4e7a89-9376-40e8-a110-aea6fad8704d", - "panelRefName": "panel_1", - "version": "7.11.0" + "panelIndex": "647b541e-ba69-4580-8b5c-82b99e9141db", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Administrative Summary", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 19, - "i": "c530e489-474a-4a2a-8498-860233140305", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "c530e489-474a-4a2a-8498-860233140305", - "panelRefName": "panel_2", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Summary", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 20, + "i": "3d4e7a89-9376-40e8-a110-aea6fad8704d", + "w": 34, + "x": 14, + "y": 0 }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "search" - } + "panelIndex": "3d4e7a89-9376-40e8-a110-aea6fad8704d", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "c530e489-474a-4a2a-8498-860233140305", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "c530e489-474a-4a2a-8498-860233140305", + "panelRefName": "panel_2", + "version": "7.11.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Summary", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", + "name": "panel_2", + "type": "search" + }, + { + "type": "search", + "name": "647b541e-ba69-4580-8b5c-82b99e9141db:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + }, + { + "type": "search", + "name": "3d4e7a89-9376-40e8-a110-aea6fad8704d:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json index 6b1503df6f9..9b19c88d2fe 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json @@ -1,136 +1,241 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "hid_bravura_monitor.perf.kind: PerfExe AND hid_bravura_monitor.perf.exe: *plugin*" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_bars": 70, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "hid_bravura_monitor.perf.duration", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "hid_bravura_monitor.perf.exe", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 17, + "i": "9f0e186d-5e7d-495b-968b-65a909a63c78", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "hid_bravura_monitor.perf.kind: PerfExe AND hid_bravura_monitor.perf.exe: *plugin*" - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_bars": 70, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ - { - "field": "hid_bravura_monitor.perf.duration", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "hid_bravura_monitor.perf.exe", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "", - "type": "metrics", - "uiState": {} - }, - "type": "visualization" + "panelIndex": "9f0e186d-5e7d-495b-968b-65a909a63c78", + "title": "Plugin Average Duration", + "type": "visualization", + "version": "7.15.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Plugin: Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 17, - "i": "9f0e186d-5e7d-495b-968b-65a909a63c78", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "9f0e186d-5e7d-495b-968b-65a909a63c78", - "title": "Plugin Average Duration", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 25, - "i": "f71897e4-f55e-4fb5-93e1-8825546d3116", - "w": 48, - "x": 0, - "y": 17 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "f71897e4-f55e-4fb5-93e1-8825546d3116", - "panelRefName": "panel_1", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Plugin", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Processes - Plugins", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585", - "name": "panel_1", - "type": "visualization" - } + } + }, + "gridData": { + "h": 25, + "i": "f71897e4-f55e-4fb5-93e1-8825546d3116", + "w": 48, + "x": 0, + "y": 17 + }, + "panelIndex": "f71897e4-f55e-4fb5-93e1-8825546d3116", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Processes - Plugins", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "f71897e4-f55e-4fb5-93e1-8825546d3116:search_0", + "id": "hid_bravura_monitor-39072a50-2f42-11eb-b6a1-bdb7d768b585" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json index 871f32ddb4c..c80a00fa3c6 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json @@ -1,195 +1,673 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bravura: Selector: Return Code", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "hid_bravura_monitor.perf.result", + "id": "1606164462534", + "indexPatternRefName": "control_0_index_pattern", + "label": "Return Code", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 10, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 7, + "i": "11dfd31e-217a-468c-b9a4-1d171916550b", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "11dfd31e-217a-468c-b9a4-1d171916550b", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "11dfd31e-217a-468c-b9a4-1d171916550b", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "11dfd31e-217a-468c-b9a4-1d171916550b", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 17, - "i": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", - "w": 36, - "x": 12, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 17, + "i": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Legend", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "Success - 0\n\nUnknown Error - 1\n\nCannot Connect - 3\n\nInvalid Server - 5\n\nAccess Denied - 11\n\nVerify Failed - 14", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "8e87968f-419b-416a-88b4-69575d6ca6c8", - "w": 12, - "x": 0, - "y": 7 - }, - "panelIndex": "8e87968f-419b-416a-88b4-69575d6ca6c8", - "panelRefName": "panel_2", - "version": "7.11.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "8e87968f-419b-416a-88b4-69575d6ca6c8", + "w": 12, + "x": 0, + "y": 7 + }, + "panelIndex": "8e87968f-419b-416a-88b4-69575d6ca6c8", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Operation count", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", - "w": 12, - "x": 0, - "y": 17 - }, - "panelIndex": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", - "panelRefName": "panel_3", - "version": "7.11.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", - "w": 9, - "x": 12, - "y": 17 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", - "panelRefName": "panel_4", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation", + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", + "w": 12, + "x": 0, + "y": 17 + }, + "panelIndex": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Executable Count", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "4e305609-b4cd-47c1-b927-9bbb1905f879", - "w": 9, - "x": 21, - "y": 17 - }, - "panelIndex": "4e305609-b4cd-47c1-b927-9bbb1905f879", - "panelRefName": "panel_5", - "version": "7.11.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", - "w": 18, - "x": 30, - "y": 17 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", - "panelRefName": "panel_6", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Executable", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", + "w": 9, + "x": 12, + "y": 17 + }, + "panelIndex": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Node counts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5added44-f55b-4d64-bac0-af8514792e8c", - "w": 48, - "x": 0, - "y": 36 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "4e305609-b4cd-47c1-b927-9bbb1905f879", + "w": 9, + "x": 21, + "y": 17 + }, + "panelIndex": "4e305609-b4cd-47c1-b927-9bbb1905f879", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Messages", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5added44-f55b-4d64-bac0-af8514792e8c", - "panelRefName": "panel_7", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message", + "field": "hid_bravura_monitor.perf.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Integrations - Connector Return Code", - "version": 1 + } + }, + "gridData": { + "h": 19, + "i": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", + "w": 18, + "x": 30, + "y": 17 + }, + "panelIndex": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5added44-f55b-4d64-bac0-af8514792e8c", + "w": 48, + "x": 0, + "y": 36 + }, + "panelIndex": "5added44-f55b-4d64-bac0-af8514792e8c", + "panelRefName": "panel_7", + "version": "7.11.0" + } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Integrations - Connector Return Code", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", + "name": "panel_7", + "type": "search" }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" + { + "type": "index-pattern", + "name": "11dfd31e-217a-468c-b9a4-1d171916550b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "panel_7", - "type": "search" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "11dfd31e-217a-468c-b9a4-1d171916550b:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "d8250cb1-181e-4c67-8a07-2b5adaa631e1:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "4e305609-b4cd-47c1-b927-9bbb1905f879:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json index 4f396ceba7c..7e790377cb5 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json @@ -1,75 +1,283 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dataset: Log Type Counts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log Type", + "field": "hid_bravura_monitor.perf.kind", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 25, + "i": "bbd62230-da7b-4a8d-8048-164a39c870a6", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 25, - "i": "bbd62230-da7b-4a8d-8048-164a39c870a6", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "bbd62230-da7b-4a8d-8048-164a39c870a6", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "bbd62230-da7b-4a8d-8048-164a39c870a6", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dataset: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 25, - "i": "006c196d-830d-4713-bf84-1bf393366bdc", - "w": 36, - "x": 12, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "006c196d-830d-4713-bf84-1bf393366bdc", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Dataset - Summary", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - } + "gridData": { + "h": 25, + "i": "006c196d-830d-4713-bf84-1bf393366bdc", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "006c196d-830d-4713-bf84-1bf393366bdc", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Dataset - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "bbd62230-da7b-4a8d-8048-164a39c870a6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "006c196d-830d-4713-bf84-1bf393366bdc:search_0", + "id": "hid_bravura_monitor-465760e0-25d7-11eb-abcf-effcd51852fa" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json index f7375139558..05e2c2338c8 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json @@ -1,155 +1,922 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Database Connection Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "6" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "6" + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "b525b8b8-13fc-4a51-82b0-233acc227625", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b525b8b8-13fc-4a51-82b0-233acc227625", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "b525b8b8-13fc-4a51-82b0-233acc227625", - "panelRefName": "panel_0", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", - "panelRefName": "panel_1", - "version": "8.0.0" + "panelIndex": "b525b8b8-13fc-4a51-82b0-233acc227625", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Database Transaction Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "c23d8833-8154-4aa8-af8e-44dccd8cc199", - "w": 16, - "x": 0, - "y": 15 - }, - "panelIndex": "c23d8833-8154-4aa8-af8e-44dccd8cc199", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "8" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "8" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Queue Insert Failures", + "description": "Failed to insert data into database replication queue", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "085c710d-1038-4a6a-be6f-21039079b15b", - "w": 16, - "x": 16, - "y": 15 - }, - "panelIndex": "085c710d-1038-4a6a-be6f-21039079b15b", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "9" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "9" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "c23d8833-8154-4aa8-af8e-44dccd8cc199", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "c23d8833-8154-4aa8-af8e-44dccd8cc199", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Database Stored Procedure Failures", + "description": "Failed to run stored procedure on replication database.", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "33ae3b0f-db67-48f5-abb8-192c029c5d98", - "w": 16, - "x": 32, - "y": 15 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "33ae3b0f-db67-48f5-abb8-192c029c5d98", - "panelRefName": "panel_4", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "10" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "10" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "085c710d-1038-4a6a-be6f-21039079b15b", + "w": 16, + "x": 16, + "y": 15 + }, + "panelIndex": "085c710d-1038-4a6a-be6f-21039079b15b", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "File Replication Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a70a3621-2a8e-48ed-8870-201731c7e08a", - "w": 48, - "x": 0, - "y": 30 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "a70a3621-2a8e-48ed-8870-201731c7e08a", - "panelRefName": "panel_5", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "78" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "78" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Replication (Windows Event)", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "33ae3b0f-db67-48f5-abb8-192c029c5d98", + "w": 16, + "x": 32, + "y": 15 }, - { - "id": "hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "visualization" + "panelIndex": "33ae3b0f-db67-48f5-abb8-192c029c5d98", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "a70a3621-2a8e-48ed-8870-201731c7e08a", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-9a787d10-0521-11ec-853c-2bf1ec8ddeef", - "name": "panel_5", - "type": "search" - } + "panelIndex": "a70a3621-2a8e-48ed-8870-201731c7e08a", + "panelRefName": "panel_5", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Database - Replication (Windows Event)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-9a787d10-0521-11ec-853c-2bf1ec8ddeef", + "name": "panel_5", + "type": "search" + }, + { + "type": "index-pattern", + "name": "b525b8b8-13fc-4a51-82b0-233acc227625:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "b525b8b8-13fc-4a51-82b0-233acc227625:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "085c710d-1038-4a6a-be6f-21039079b15b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "085c710d-1038-4a6a-be6f-21039079b15b:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json index 83cde59a3d3..a149692cdb5 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json @@ -1,139 +1,640 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcwOSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Pages: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Transactions represent a UI page the user sees.\n\nWhat pages are people calling and what performance are they experiencing?", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 10, + "i": "486bc4b4-3c64-46f8-a319-01204f38c3be", + "w": 7, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "486bc4b4-3c64-46f8-a319-01204f38c3be", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Users: Summary: Node Usage", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count of unique User ID" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count of unique User ID" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count of unique User ID", + "field": "user.id" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 10, - "i": "486bc4b4-3c64-46f8-a319-01204f38c3be", - "w": 7, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "486bc4b4-3c64-46f8-a319-01204f38c3be", - "panelRefName": "panel_0", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hid_bravura_monitor.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hid_bravura_monitor.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "b5abbb3d-eb82-45a8-a972-13b692b11c16", + "w": 41, + "x": 7, + "y": 0 + }, + "panelIndex": "b5abbb3d-eb82-45a8-a972-13b692b11c16", + "title": "Users: Pages: Node Usage", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Users: Summary: User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 10, - "i": "b5abbb3d-eb82-45a8-a972-13b692b11c16", - "w": 41, - "x": 7, - "y": 0 + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "b5abbb3d-eb82-45a8-a972-13b692b11c16", - "panelRefName": "panel_1", - "title": "Users: Pages: Node Usage", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psf.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psf.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "params": { + "query": "C_AUTHCHAIN_LOGIN" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "f1b6be80-c65b-4d88-861a-e8a66275bd62", + "w": 10, + "x": 0, + "y": 10 + }, + "panelIndex": "f1b6be80-c65b-4d88-861a-e8a66275bd62", + "title": "Users: Pages: User Logins", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Pages: UI Transactions", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "f1b6be80-c65b-4d88-861a-e8a66275bd62", - "w": 10, - "x": 0, - "y": 10 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "UI Transaction", + "field": "hid_bravura_monitor.perf.transid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "f1b6be80-c65b-4d88-861a-e8a66275bd62", - "panelRefName": "panel_2", - "title": "Users: Pages: User Logins", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Executable", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 18, - "i": "09961de3-ede6-4ecf-a45a-ebe3040366f0", - "w": 38, - "x": 10, - "y": 10 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "09961de3-ede6-4ecf-a45a-ebe3040366f0", - "panelRefName": "panel_3", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 16, - "i": "144da17a-d86d-49a2-9dfa-db606fb73c54", - "w": 48, - "x": 0, - "y": 28 + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "144da17a-d86d-49a2-9dfa-db606fb73c54", - "panelRefName": "panel_4", - "version": "7.11.0" + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Transaction is NULL", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": true, + "params": { + "query": "" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "hid_bravura_monitor.perf.transid" + }, + "meta": { + "alias": "Transaction exists", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Pages", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 18, + "i": "09961de3-ede6-4ecf-a45a-ebe3040366f0", + "w": 38, + "x": 10, + "y": 10 }, - { - "id": "hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "panelIndex": "09961de3-ede6-4ecf-a45a-ebe3040366f0", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 16, + "i": "144da17a-d86d-49a2-9dfa-db606fb73c54", + "w": 48, + "x": 0, + "y": 28 }, - { - "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", - "name": "panel_4", - "type": "search" - } + "panelIndex": "144da17a-d86d-49a2-9dfa-db606fb73c54", + "panelRefName": "panel_4", + "version": "7.11.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Users - Pages", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", + "name": "panel_4", + "type": "search" + }, + { + "type": "index-pattern", + "name": "b5abbb3d-eb82-45a8-a972-13b692b11c16:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:search_0", + "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json index 9053c3bcc6e..9fbbd93beff 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json @@ -1,75 +1,364 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Password Resets Started", + "description": "62 - Self-service password reset\n65 - Help-desk assisted password reset", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "62", + "65" + ], + "type": "phrases", + "value": "62, 65" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "62" + } + }, + { + "match_phrase": { + "event.code": "65" + } + } + ] + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 26, + "i": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", + "w": 13, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", - "w": 13, - "x": 0, - "y": 0 - }, - "panelIndex": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Password Resets Trend", + "description": "63 - Self-service password reset successful.\n64 - Self-service password reset failed.\n66 - Help-desk assisted password reset successful.\n67 - Help-desk assisted password reset failed.", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 26, - "i": "11298d56-d098-45e3-b23a-6992c24c5652", - "w": 35, - "x": 13, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "11298d56-d098-45e3-b23a-6992c24c5652", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "63", + "64", + "66", + "67" + ], + "type": "phrases", + "value": "63, 64, 66, 67" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "63" + } + }, + { + "match_phrase": { + "event.code": "64" + } + }, + { + "match_phrase": { + "event.code": "66" + } + }, + { + "match_phrase": { + "event.code": "67" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Password Resets", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" - } + "gridData": { + "h": 26, + "i": "11298d56-d098-45e3-b23a-6992c24c5652", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "11298d56-d098-45e3-b23a-6992c24c5652", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Password Resets", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "11298d56-d098-45e3-b23a-6992c24c5652:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11298d56-d098-45e3-b23a-6992c24c5652:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json index 032056c997a..acd7c74ee72 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json @@ -1,115 +1,415 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Requesters", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Requester", + "field": "winlog.event_data.Requester", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": true, + "params": { + "query": "85" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "85" + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "84ac5874-8913-4514-8d51-f2b3cd522a49", + "w": 11, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "84ac5874-8913-4514-8d51-f2b3cd522a49", - "w": 11, - "x": 0, - "y": 0 - }, - "panelIndex": "84ac5874-8913-4514-8d51-f2b3cd522a49", - "panelRefName": "panel_0", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 30, - "i": "9f39a308-2152-471a-911f-5bb8e316262e", - "w": 37, - "x": 11, - "y": 0 - }, - "panelIndex": "9f39a308-2152-471a-911f-5bb8e316262e", - "panelRefName": "panel_1", - "version": "8.0.0" + "panelIndex": "84ac5874-8913-4514-8d51-f2b3cd522a49", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow Request Trend", + "description": "81 - Approved\n82 - Denied\n83 - Cancelled\n84 - Revoked\n85 - Processed", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", - "w": 11, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 30, + "i": "9f39a308-2152-471a-911f-5bb8e316262e", + "w": 37, + "x": 11, + "y": 0 + }, + "panelIndex": "9f39a308-2152-471a-911f-5bb8e316262e", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Recipients", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "87039932-a528-4dba-875e-bed137149330", - "w": 48, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "87039932-a528-4dba-875e-bed137149330", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Recipient", + "field": "winlog.event_data.Recipient", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": true, + "params": { + "query": "85" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "85" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Workflow - Summary (Windows Event)", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", + "w": 11, + "x": 0, + "y": 15 }, - { - "id": "hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "visualization" + "panelIndex": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "panel_3", - "type": "search" - } + "gridData": { + "h": 18, + "i": "87039932-a528-4dba-875e-bed137149330", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "87039932-a528-4dba-875e-bed137149330", + "panelRefName": "panel_3", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Workflow - Summary (Windows Event)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", + "name": "panel_3", + "type": "search" + }, + { + "type": "index-pattern", + "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" + }, + { + "type": "search", + "name": "9f39a308-2152-471a-911f-5bb8e316262e:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json index e9913312b3f..a57e52a14f4 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json @@ -1,75 +1,378 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Target Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target ID", + "field": "hid_bravura_monitor.perf.targetid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", - "panelRefName": "panel_0", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 18, - "i": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", - "w": 48, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Integrations - Connector Performance", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - } + "gridData": { + "h": 18, + "i": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Integrations - Connector Performance", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json index 4669cd84288..2dc42b3728a 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json @@ -1,115 +1,456 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Total over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Total (ms)" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (ms)" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "f5d8eb70-30ce-4899-9905-2aa35954d01d", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f5d8eb70-30ce-4899-9905-2aa35954d01d", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "f5d8eb70-30ce-4899-9905-2aa35954d01d", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "f5d8eb70-30ce-4899-9905-2aa35954d01d", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Stored Procedures", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "a5499566-62cb-421c-8276-7a9398643a06", - "w": 24, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "a5499566-62cb-421c-8276-7a9398643a06", - "panelRefName": "panel_1", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 15, - "i": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "panelIndex": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a5499566-62cb-421c-8276-7a9398643a06", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "a5499566-62cb-421c-8276-7a9398643a06", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Load by queue", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "84970d7a-efbd-451d-9619-25381510ab94", - "w": 48, - "x": 0, - "y": 30 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "84970d7a-efbd-451d-9619-25381510ab94", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Queue", + "field": "hid_bravura_monitor.perf.receivequeue", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Replication (Logs)", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "panel_3", - "type": "search" - } + "gridData": { + "h": 15, + "i": "84970d7a-efbd-451d-9619-25381510ab94", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "84970d7a-efbd-451d-9619-25381510ab94", + "panelRefName": "panel_3", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Database - Replication (Logs)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", + "name": "panel_3", + "type": "search" + }, + { + "type": "search", + "name": "f5d8eb70-30ce-4899-9905-2aa35954d01d:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" + }, + { + "type": "search", + "name": "a5499566-62cb-421c-8276-7a9398643a06:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" + }, + { + "type": "search", + "name": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json index d411a953373..26be4addcdf 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json @@ -1,155 +1,545 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Ajax is a REST like API used by the UI.\n\nWhat actions are people calling and what performance are they experiencing?", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 13, + "i": "f71be298-074a-43c0-a3fe-1035fd98a8a7", + "w": 6, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "f71be298-074a-43c0-a3fe-1035fd98a8a7", - "w": 6, - "x": 0, - "y": 0 - }, - "panelIndex": "f71be298-074a-43c0-a3fe-1035fd98a8a7", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "f71be298-074a-43c0-a3fe-1035fd98a8a7", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 13, - "i": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", - "w": 42, - "x": 6, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", - "panelRefName": "panel_1", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 13, + "i": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", + "w": 42, + "x": 6, + "y": 0 + }, + "panelIndex": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Users", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "60432682-b874-48c8-9b8b-3bbf4e650385", - "w": 12, - "x": 0, - "y": 13 - }, - "panelIndex": "60432682-b874-48c8-9b8b-3bbf4e650385", - "panelRefName": "panel_2", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "2af36389-5601-4930-b3ec-b44c671c56ff", - "w": 13, - "x": 12, - "y": 13 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "60432682-b874-48c8-9b8b-3bbf4e650385", + "w": 12, + "x": 0, + "y": 13 + }, + "panelIndex": "60432682-b874-48c8-9b8b-3bbf4e650385", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Calls per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "2af36389-5601-4930-b3ec-b44c671c56ff", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "2af36389-5601-4930-b3ec-b44c671c56ff", + "w": 13, + "x": 12, + "y": 13 + }, + "panelIndex": "2af36389-5601-4930-b3ec-b44c671c56ff", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Function Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "ed2e421f-36f7-4501-9e4e-34ddae454f07", - "w": 23, - "x": 25, - "y": 13 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "ed2e421f-36f7-4501-9e4e-34ddae454f07", - "panelRefName": "panel_4", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "gridData": { - "h": 14, - "i": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", - "w": 48, - "x": 0, - "y": 31 + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", - "panelRefName": "panel_5", - "version": "8.0.0" + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - API", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 18, + "i": "ed2e421f-36f7-4501-9e4e-34ddae454f07", + "w": 23, + "x": 25, + "y": 13 }, - { - "id": "hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "panelIndex": "ed2e421f-36f7-4501-9e4e-34ddae454f07", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 14, + "i": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", + "w": 48, + "x": 0, + "y": 31 }, - { - "id": "hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_5", - "type": "search" - } + "panelIndex": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", + "panelRefName": "panel_5", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Users - API", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_5", + "type": "search" + }, + { + "type": "search", + "name": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "60432682-b874-48c8-9b8b-3bbf4e650385:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "2af36389-5601-4930-b3ec-b44c671c56ff:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "ed2e421f-36f7-4501-9e4e-34ddae454f07:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json index 4379c345d0c..cdbda99c599 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json @@ -1,115 +1,597 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 18, + "i": "5d934c5f-f909-4f75-a036-ac6253f5f974", + "w": 9, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "5d934c5f-f909-4f75-a036-ac6253f5f974", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Login Attempts", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "5d934c5f-f909-4f75-a036-ac6253f5f974", - "w": 9, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5d934c5f-f909-4f75-a036-ac6253f5f974", - "panelRefName": "panel_0", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "7d27410b-537a-4c95-a1d8-8a64f363b90c", + "w": 39, + "x": 9, + "y": 0 + }, + "panelIndex": "7d27410b-537a-4c95-a1d8-8a64f363b90c", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Login Activity", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "7d27410b-537a-4c95-a1d8-8a64f363b90c", - "w": 39, - "x": 9, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event ID", + "field": "winlog.event_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "7d27410b-537a-4c95-a1d8-8a64f363b90c", - "panelRefName": "panel_1", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Category", + "field": "event.category", + "missingBucket": true, + "missingBucketLabel": "N/A", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 19, - "i": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", - "w": 30, - "x": 0, - "y": 18 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", - "panelRefName": "panel_2", - "version": "7.11.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "N/A", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "winlog.event_id", + "negate": false, + "params": [ + "4740", + "4728", + "4732", + "4756", + "4735", + "4624", + "4625", + "4648" + ], + "type": "phrases", + "value": "4740, 4728, 4732, 4756, 4735, 4624, 4625, 4648" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "winlog.event_id": "4740" + } + }, + { + "match_phrase": { + "winlog.event_id": "4728" + } + }, + { + "match_phrase": { + "winlog.event_id": "4732" + } + }, + { + "match_phrase": { + "winlog.event_id": "4756" + } + }, + { + "match_phrase": { + "winlog.event_id": "4735" + } + }, + { + "match_phrase": { + "winlog.event_id": "4624" + } + }, + { + "match_phrase": { + "winlog.event_id": "4625" + } + }, + { + "match_phrase": { + "winlog.event_id": "4648" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", + "w": 30, + "x": 0, + "y": 18 + }, + "panelIndex": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Provider Login Distribution", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 19, - "i": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", - "w": 18, - "x": 30, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Provider", + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", - "panelRefName": "panel_3", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Outcome", + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Windows Event Analysis - Logins", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 19, + "i": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", + "w": 18, + "x": 30, + "y": 18 }, - { - "id": "hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" - } + "panelIndex": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Windows Event Analysis - Logins", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "5d934c5f-f909-4f75-a036-ac6253f5f974:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "7d27410b-537a-4c95-a1d8-8a64f363b90c:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" + }, + { + "type": "index-pattern", + "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4c4f5228-f158-4ccc-afa5-e90d73bca46d:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json index 4497957f304..a6790adbff5 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json @@ -1,75 +1,391 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Summary: User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psf.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psf.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "params": { + "query": "C_AUTHCHAIN_LOGIN" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 26, + "i": "b8ac330d-572e-459e-9266-bd44fc9ac283", + "w": 14, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "b8ac330d-572e-459e-9266-bd44fc9ac283", - "w": 14, - "x": 0, - "y": 0 - }, - "panelIndex": "b8ac330d-572e-459e-9266-bd44fc9ac283", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "b8ac330d-572e-459e-9266-bd44fc9ac283", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Summary: Node Usage", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count of unique User ID" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count of unique User ID" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count of unique User ID", + "field": "user.id" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 26, - "i": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", - "w": 34, - "x": 14, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hid_bravura_monitor.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hid_bravura_monitor.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Summary", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - } + "gridData": { + "h": 26, + "i": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", + "w": 34, + "x": 14, + "y": 0 + }, + "panelIndex": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Users - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3316ec90-b61b-4f5a-9c43-02e7bda7604f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json index c983344372e..6c30fb49c07 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json @@ -1,195 +1,950 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 13, + "i": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Targets", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "aea7ed7d-82b6-4939-975e-fd4deb845e39", - "w": 8, - "x": 0, - "y": 13 - }, - "panelIndex": "aea7ed7d-82b6-4939-975e-fd4deb845e39", - "panelRefName": "panel_1", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "def5b420-7c49-4363-a30f-7c0c6c13929d", - "w": 8, - "x": 8, - "y": 13 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Targets", + "field": "hid_bravura_monitor.perf.targetid" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "def5b420-7c49-4363-a30f-7c0c6c13929d", - "panelRefName": "panel_2", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Connector", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "aea7ed7d-82b6-4939-975e-fd4deb845e39", + "w": 8, + "x": 0, + "y": 13 + }, + "panelIndex": "aea7ed7d-82b6-4939-975e-fd4deb845e39", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operations Per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", - "w": 8, - "x": 16, - "y": 13 - }, - "panelIndex": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", - "panelRefName": "panel_3", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", - "w": 8, - "x": 24, - "y": 13 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", - "panelRefName": "panel_4", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "def5b420-7c49-4363-a30f-7c0c6c13929d", + "w": 8, + "x": 8, + "y": 13 + }, + "panelIndex": "def5b420-7c49-4363-a30f-7c0c6c13929d", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation List", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", - "w": 16, - "x": 32, - "y": 13 + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", - "panelRefName": "panel_5", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation", + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", + "w": 8, + "x": 16, + "y": 13 + }, + "panelIndex": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Return Code", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", - "w": 48, - "x": 0, - "y": 29 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Result", + "field": "hid_bravura_monitor.perf.result", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", + "w": 8, + "x": 24, + "y": 13 + }, + "panelIndex": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Error Messages", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", - "panelRefName": "panel_6", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message", + "field": "hid_bravura_monitor.perf.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", + "w": 16, + "x": 32, + "y": 13 + }, + "panelIndex": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector List", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target ID", + "field": "hid_bravura_monitor.perf.targetid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 18, - "i": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", - "w": 48, - "x": 0, - "y": 45 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Address", + "field": "hid_bravura_monitor.perf.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", - "panelRefName": "panel_7", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Integrations - Connectors", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-bfc7f7c0-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_7", - "type": "search" - } + } + }, + "gridData": { + "h": 16, + "i": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", + "panelRefName": "panel_7", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Integrations - Connectors", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-bfc7f7c0-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_7", + "type": "search" + }, + { + "type": "index-pattern", + "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json index 5238df49fac..f732cadbb16 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json @@ -1,115 +1,760 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Login Success", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "2" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "2" + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 16, + "i": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Login Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", - "w": 24, - "x": 24, - "y": 0 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "1" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "1" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Login Lockout", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "d68fe28e-8def-4ea8-b848-ef2b97430924", - "w": 24, - "x": 0, - "y": 16 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "d68fe28e-8def-4ea8-b848-ef2b97430924", - "panelRefName": "panel_2", - "version": "7.11.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "3" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "3" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "d68fe28e-8def-4ea8-b848-ef2b97430924", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "d68fe28e-8def-4ea8-b848-ef2b97430924", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDAPI Login Attempts", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", - "w": 24, - "x": 24, - "y": 16 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", - "panelRefName": "panel_3", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "39", + "40" + ], + "type": "phrases", + "value": "39, 40" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "39" + } + }, + { + "match_phrase": { + "event.code": "40" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Authentication", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 16, + "i": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", + "w": 24, + "x": 24, + "y": 16 }, - { - "id": "hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215", - "name": "panel_3", - "type": "visualization" - } + "panelIndex": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Users - Authentication", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json index 4b5846150bc..011aa9bd54e 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json @@ -1,75 +1,345 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcxOSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Severity Counts", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "iddb.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "iddb.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 26, + "i": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", + "w": 11, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", - "w": 11, - "x": 0, - "y": 0 - }, - "panelIndex": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", - "panelRefName": "panel_0", - "version": "7.11.0" + "panelIndex": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Log Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 26, - "i": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", - "w": 37, - "x": 11, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", - "panelRefName": "panel_1", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "iddb.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "iddb.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Summary", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - } + "gridData": { + "h": 26, + "i": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", + "w": 37, + "x": 11, + "y": 0 + }, + "panelIndex": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Database - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json index abe93e2efb0..11e5b87e016 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json @@ -1,115 +1,428 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcyMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Host Usage", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 18, + "i": "7fcb881a-1fac-40f3-8344-abc9d970bea0", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "7fcb881a-1fac-40f3-8344-abc9d970bea0", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "7fcb881a-1fac-40f3-8344-abc9d970bea0", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "7fcb881a-1fac-40f3-8344-abc9d970bea0", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Stored Procedure Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", - "w": 36, - "x": 12, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", - "panelRefName": "panel_1", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Stored Procedure Runtime Statistics", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 5, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 17, - "i": "67513776-5611-456a-bafd-42938542c90a", - "w": 48, - "x": 0, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "67513776-5611-456a-bafd-42938542c90a", - "panelRefName": "panel_2", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 18, - "i": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", - "w": 48, - "x": 0, - "y": 35 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "panelIndex": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Stored Procedure Performance", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 17, + "i": "67513776-5611-456a-bafd-42938542c90a", + "w": 48, + "x": 0, + "y": 18 }, - { - "id": "hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289", - "name": "panel_2", - "type": "visualization" + "panelIndex": "67513776-5611-456a-bafd-42938542c90a", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" - } + "gridData": { + "h": 18, + "i": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", + "w": 48, + "x": 0, + "y": 35 + }, + "panelIndex": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", + "panelRefName": "panel_3", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] Database - Stored Procedure Performance", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" + }, + { + "type": "search", + "name": "7fcb881a-1fac-40f3-8344-abc9d970bea0:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "41db8b4e-a061-4e68-a8dc-4fe557771bdc:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "67513776-5611-456a-bafd-42938542c90a:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json index ba3e46ab0c2..33cd86eba7c 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json @@ -1,115 +1,419 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:48:38.298Z", + "version": "WzcyMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "API: Calls per node historgram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 14, + "i": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", - "panelRefName": "panel_0", - "version": "8.0.0" + "panelIndex": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "API: Calls per node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "8ffb10cd-0ea2-4036-8003-8c65e128a201", - "w": 11, - "x": 0, - "y": 14 + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8ffb10cd-0ea2-4036-8003-8c65e128a201", - "panelRefName": "panel_1", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "8ffb10cd-0ea2-4036-8003-8c65e128a201", + "w": 11, + "x": 0, + "y": 14 + }, + "panelIndex": "8ffb10cd-0ea2-4036-8003-8c65e128a201", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "API: Function runtimes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 0, + "direction": "asc" + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 19, - "i": "674a1c30-76cd-429f-a9e6-941aef3e982d", - "w": 37, - "x": 11, - "y": 14 + { + "enabled": true, + "id": "2", + "params": { + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "674a1c30-76cd-429f-a9e6-941aef3e982d", - "panelRefName": "panel_2", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" }, - "gridData": { - "h": 15, - "i": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", - "w": 48, - "x": 0, - "y": 33 + { + "enabled": true, + "id": "5", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", - "panelRefName": "panel_3", - "version": "8.0.0" + { + "enabled": true, + "id": "6", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Bravura Monitor] API - Summary", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 19, + "i": "674a1c30-76cd-429f-a9e6-941aef3e982d", + "w": 37, + "x": 11, + "y": 14 }, - { - "id": "hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "panelIndex": "674a1c30-76cd-429f-a9e6-941aef3e982d", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" - } + "gridData": { + "h": 15, + "i": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", + "w": 48, + "x": 0, + "y": 33 + }, + "panelIndex": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", + "panelRefName": "panel_3", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Bravura Monitor] API - Summary", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" + }, + { + "type": "search", + "name": "05d010e5-934c-4b70-ad98-d3b3a191b9e2:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "8ffb10cd-0ea2-4036-8003-8c65e128a201:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "674a1c30-76cd-429f-a9e6-941aef3e982d:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b027c9cfb72..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": "Transaction is NULL", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": true, - "params": { - "query": "" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.transid": "" - } - } - }, - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "hid_bravura_monitor.perf.transid" - }, - "meta": { - "alias": "Transaction exists", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": false, - "type": "exists", - "value": "exists" - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Pages: UI Transactions", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "UI Transaction", - "field": "hid_bravura_monitor.perf.transid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Executable", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Pages: UI Transactions", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 0425463b297..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Operations Per Node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Operations Per Node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 42eecae1da3..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Users: API: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa.json deleted file mode 100644 index f6c4d6a4899..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Operation List", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation", - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Operation List", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa.json deleted file mode 100644 index aa5d0398f6f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Function Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: API: Function Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215.json deleted file mode 100644 index 37674f74519..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Administrative Summary Table", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Integration", - "field": "winlog.event_data.Module", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Administrative Summary Table", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 63eba0496e8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow: Operations", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Workflow: Operations", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa.json deleted file mode 100644 index cb1231f1c86..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow: Operation Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Workflow: Operation Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215.json deleted file mode 100644 index 52150df2e49..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": true, - "params": { - "query": "85" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "85" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Requesters", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Requester", - "field": "winlog.event_data.Requester", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Requesters", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa.json deleted file mode 100644 index d273dccc95f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,193 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hid_bravura_monitor.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hid_bravura_monitor.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: Summary: Node Usage", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count of unique User ID", - "field": "user.id" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count of unique User ID" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count of unique User ID" - }, - "type": "value" - } - ] - }, - "title": "Users: Summary: Node Usage", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index 338dacec036..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Stored Procedure Runtime Statistics", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 5, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Stored Procedure Runtime Statistics", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json deleted file mode 100644 index 08f11d8be5d..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Plugin: Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Plugin", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Plugin: Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-39072a50-2f42-11eb-b6a1-bdb7d768b585", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 373332398f1..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Dataset: Log Type Counts", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Log Type", - "field": "hid_bravura_monitor.perf.kind", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Dataset: Log Type Counts", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b9c897bfbc0..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Return Code", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Result", - "field": "hid_bravura_monitor.perf.result", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Return Code", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa.json deleted file mode 100644 index bbacb7b59de..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Nodes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Issues: Nodes", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 015e38af4dc..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "1" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "1" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Login Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "User Login Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5bb5ba15917..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,181 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Provider Distribution", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "winlog.channel", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Problem Provider Distribution", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index ec4ff3633f5..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Log issues histogram", - "uiStateJSON": { - "vis": { - "colors": { - "Error": "#BF1B00", - "Warning": "#E5AC0E" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "IDM Suite: Log issues histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index 6dc95951455..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "8" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "8" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Database Transaction Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Database Transaction Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa.json deleted file mode 100644 index bc48903afbc..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Login Attempts", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Login Attempts", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215.json deleted file mode 100644 index 87178aa21ed..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "32", - "33" - ], - "type": "phrases", - "value": "32, 33" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "32" - } - }, - { - "match_phrase": { - "event.code": "33" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Unlocked Profiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Profile", - "field": "winlog.event_data.Profile", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Unlocked Profiles", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215.json deleted file mode 100644 index 3637b6f8145..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Administrative Summary", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Administrative Summary", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a472430368a..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Replication: Load by queue", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Queue", - "field": "hid_bravura_monitor.perf.receivequeue", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Replication: Load by queue", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index 2f9d4965e54..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Host Usage", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Host Usage", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 1880de4f07f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Calls per Node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: API: Calls per Node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215.json deleted file mode 100644 index 7300710b3bf..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": true, - "params": { - "query": "85" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "85" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Recipients", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Recipient", - "field": "winlog.event_data.Recipient", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Recipients", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 11fc285bc97..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Logins", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "User Logins", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5d9588079ba..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Events", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 3, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event ID", - "field": "winlog.event_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Source", - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Event Log", - "field": "winlog.channel", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 20, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Problem Events", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index f58ed2c93c9..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Operation count", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation", - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Operation count", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json deleted file mode 100644 index 6f4e7f1fac4..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Bravura: Selector: Return Code", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "hid_bravura_monitor.perf.result", - "id": "1606164462534", - "indexPatternRefName": "control_0_index_pattern", - "label": "Return Code", - "options": { - "dynamicOptions": true, - "multiselect": false, - "order": "desc", - "size": 10, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Bravura: Selector: Return Code", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 90dcba8fbd8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: Pages: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Transactions represent a UI page the user sees.\n\nWhat pages are people calling and what performance are they experiencing?", - "openLinksInNewTab": false - }, - "title": "Users: Pages: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 247461b6a78..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Search: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Search engines need to return quickly since users are waiting on their results. There is a direct correlation between search time and user experience.\n\nAs a general rule, Search stored procedures should take less than a second to run on average. \n\nSearch stored procedure performance is impacted by elements such as:\n\n* Data size. Larger data consumes more CPU, Ram, Disk I/O on the database server. \n* Policies such as acls, filtering, etc. \n* Indexes. Sometimes they fragment degrading overall performance. \n* Table/Index Locking with other database actions.\n\nStrategies for improving database search performance include:\n\n* Rebuild fragmented database indexes.\n* Evaluate if more RAM/CPU\n\nWhen these don't work, Developers will need database execution plans to review options.", - "openLinksInNewTab": false - }, - "title": "Database: Search: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index 8275282816b..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "Failed to insert data into database replication queue", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "9" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "9" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Queue Insert Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Queue Insert Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa.json deleted file mode 100644 index bc2ac0dad5f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Discovery: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Discovery stored procedures are involved with loading data from integrations ( Connectors and LWS ) into the product database to learn about changes in the environment we are managing Identities and Access in. \n\nSome general rules of thumbs:\n\n* LWS stored procdures need to be quick. None should take a second.\n* Iddiscover.exe stored procedures can run for much longer. Minutes to hours in large environments to process large changes in bulk. \n\nStrategies for improving the performance of these stored procedures include:\n\n* Rebuild fragmented database indexes\n* Review if database is low on RAM, CPU, or I/O bandwidth.\n\nIf you continue to encounter problems developers will require database execution plans to review the operation of these procedures. ", - "openLinksInNewTab": false - }, - "title": "Database: Discovery: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa.json deleted file mode 100644 index fadf9642c87..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Operation Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Connector: Operation Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa.json deleted file mode 100644 index fd66902fca9..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "API: Calls per node historgram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "API: Calls per node historgram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 564e9e03961..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 59, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Problem Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a66d27472a7..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Affected users", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Users", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Issues: Affected users", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215.json deleted file mode 100644 index 07caaae82d3..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "81 - Approved\n82 - Denied\n83 - Cancelled\n84 - Revoked\n85 - Processed", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow Request Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Workflow Request Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215.json deleted file mode 100644 index b472576e457..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "2" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "2" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Login Success", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "User Login Success", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215.json deleted file mode 100644 index fc30ba93b13..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,207 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "39", - "40" - ], - "type": "phrases", - "value": "39, 40" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "39" - } - }, - { - "match_phrase": { - "event.code": "40" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDAPI Login Attempts", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "IDAPI Login Attempts", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index ae8f47a1f6c..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Errors/Warnings by node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Instance", - "field": "agent.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "IDM Suite: Errors/Warnings by node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5b83068d2d8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,206 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "psupdate.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "psupdate.exe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Discovery Runtimes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Sum of Duration (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "2021-01-11T07:00:00.000Z", - "to": "2021-01-18T07:00:00.000Z" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of Duration (ms)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Sum of Duration (ms)" - }, - "type": "value" - } - ] - }, - "title": "Discovery Runtimes", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 46e0b43be02..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow: Operations per Node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Workflow: Operations per Node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index f80d0599b01..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "Failed to run stored procedure on replication database.", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "10" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "10" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Database Stored Procedure Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Database Stored Procedure Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 01e47697e75..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Discovery Events", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Discovery Events", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-dd637750-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa.json deleted file mode 100644 index d630b815529..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,158 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.exe", - "negate": false, - "params": { - "query": "psupdate.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.exe": "psupdate.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Discovery Runtime Table", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Runtime (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Discovery ID", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Discovery Runtime Table", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 1e00039f0c6..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector List", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target ID", - "field": "hid_bravura_monitor.perf.targetid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Address", - "field": "hid_bravura_monitor.perf.address", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector List", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b1a9117a87f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Executable Count", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Executable", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Executable Count", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index cd8d0fedc6c..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "API: Function runtimes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 0, - "direction": "asc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "API: Function runtimes", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa.json deleted file mode 100644 index ddf4b982870..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,119 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "iddb.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "iddb.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Severity Counts", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Database: Severity Counts", - "type": "metric" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa.json deleted file mode 100644 index f6c3a8e0290..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Dataset: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Dataset: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-465760e0-25d7-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 066148a542b..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Distribution", - "uiStateJSON": { - "vis": { - "colors": { - "error": "#EF843C", - "warning": "#EAB839" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Problem Distribution", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 49cb1c9e0d9..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "3" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "3" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Login Lockout", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "User Login Lockout", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 3eb1d2d8b73..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Users", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: API: Users", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a6220d66a34..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Replication: Stored Procedures", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Replication: Stored Procedures", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b0964ee28fd..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector Return Code: Legend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 10, - "markdown": "Success - 0\n\nUnknown Error - 1\n\nCannot Connect - 3\n\nInvalid Server - 5\n\nAccess Denied - 11\n\nVerify Failed - 14", - "openLinksInNewTab": false - }, - "title": "Connector Return Code: Legend", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index d043d2b1e11..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "78" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "78" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "File Replication Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "File Replication Errors", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215.json deleted file mode 100644 index 088bf5c58d5..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,190 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "32", - "33" - ], - "type": "phrases", - "value": "32, 33" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "32" - } - }, - { - "match_phrase": { - "event.code": "33" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unlocked Profile Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Unlocked Profile Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 921d21e6834..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Problem Distribution", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "winlog.user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Severity", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "User Problem Distribution", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa.json deleted file mode 100644 index ba1d68b53b1..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Replication: Total over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Total (ms)" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (ms)" - }, - "type": "value" - } - ] - }, - "title": "Database: Replication: Total over time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index 1325c11ef41..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Errors/Warnings by level", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Level", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "IDM Suite: Errors/Warnings by level", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa.json deleted file mode 100644 index fc4f006c7b6..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,214 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "winlog.event_id", - "negate": false, - "params": [ - "4740", - "4728", - "4732", - "4756", - "4735", - "4624", - "4625", - "4648" - ], - "type": "phrases", - "value": "4740, 4728, 4732, 4756, 4735, 4624, 4625, 4648" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "winlog.event_id": "4740" - } - }, - { - "match_phrase": { - "winlog.event_id": "4728" - } - }, - { - "match_phrase": { - "winlog.event_id": "4732" - } - }, - { - "match_phrase": { - "winlog.event_id": "4756" - } - }, - { - "match_phrase": { - "winlog.event_id": "4735" - } - }, - { - "match_phrase": { - "winlog.event_id": "4624" - } - }, - { - "match_phrase": { - "winlog.event_id": "4625" - } - }, - { - "match_phrase": { - "winlog.event_id": "4648" - } - } - ] - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Login Activity", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event ID", - "field": "winlog.event_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Category", - "field": "event.category", - "missingBucket": true, - "missingBucketLabel": "N/A", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "N/A", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Login Activity", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 5f74a8773bb..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "62 - Self-service password reset\n65 - Help-desk assisted password reset", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "62", - "65" - ], - "type": "phrases", - "value": "62, 65" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "62" - } - }, - { - "match_phrase": { - "event.code": "65" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Password Resets Started", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Password Resets Started", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index d620ccfa402..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Stored Procedure Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Database: Stored Procedure Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 80d6692de4f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "psf.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "psf.exe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": false, - "params": { - "query": "C_AUTHCHAIN_LOGIN" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: Summary: User Logins", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Name", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Summary: User Logins", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 58e2eb889ec..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: API: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Ajax is a REST like API used by the UI.\n\nWhat actions are people calling and what performance are they experiencing?", - "openLinksInNewTab": false - }, - "title": "Users: API: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 206e1930f26..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "API: Calls per node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "API: Calls per node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215.json deleted file mode 100644 index 3a798d48152..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "30", - "31" - ], - "type": "phrases", - "value": "30, 31" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "30" - } - }, - { - "match_phrase": { - "event.code": "31" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Disabled Profiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Profile", - "field": "winlog.event_data.Profile", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Disabled Profiles", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215.json deleted file mode 100644 index f7636cd1aac..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,190 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "30", - "31" - ], - "type": "phrases", - "value": "30, 31" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "30" - } - }, - { - "match_phrase": { - "event.code": "31" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Disabled Profiles Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Disabled Profiles Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5bf9640f267..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Provider Login Distribution", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Provider", - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Outcome", - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Provider Login Distribution", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 3aec05341e8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Node counts", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Node counts", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 6349583aec2..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Discovery procedures", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "split", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Discovery procedures", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b5295e5574f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Error Messages", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message", - "field": "hid_bravura_monitor.perf.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Error Messages", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa.json deleted file mode 100644 index c836e7c6777..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,193 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "iddb.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "iddb.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Log Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Database: Log Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json deleted file mode 100644 index f57147cf932..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Errors/Warnings by process", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "IDM Suite: Errors/Warnings by process", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 469a9ee8bcb..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Connector Return Code: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json deleted file mode 100644 index e8e2caf44db..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Processes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Issues: Processes", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 60c57794b34..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Targets", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Targets", - "field": "hid_bravura_monitor.perf.targetid" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Connector", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Targets", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 4240a3bfdc6..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Heat Map", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Problem Heat Map", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a260a62f098..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,153 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Target Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target ID", - "field": "hid_bravura_monitor.perf.targetid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Target Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 8e159a92a7f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Search performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Search performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5570808654d..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Messages", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message", - "field": "hid_bravura_monitor.perf.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Messages", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json deleted file mode 100644 index f631a024627..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Executables: Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Executables: Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-95032a30-2eab-11eb-b6a1-bdb7d768b585", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215.json deleted file mode 100644 index 96c3ab5fd34..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "6" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "6" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Database Connection Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Database Connection Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 50510cc5d36..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Users: Issues: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 4b534e050ec..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,219 +0,0 @@ -{ - "attributes": { - "description": "63 - Self-service password reset successful.\n64 - Self-service password reset failed.\n66 - Help-desk assisted password reset successful.\n67 - Help-desk assisted password reset failed.", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "63", - "64", - "66", - "67" - ], - "type": "phrases", - "value": "63, 64, 66, 67" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "63" - } - }, - { - "match_phrase": { - "event.code": "64" - } - }, - { - "match_phrase": { - "event.code": "66" - } - }, - { - "match_phrase": { - "event.code": "67" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Password Resets Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Password Resets Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 791ebe8ca803845865eaf30ccfec08556302eb13 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 17:22:25 +0530 Subject: [PATCH 017/103] migrate infoblox_nios to by_value --- ...-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json | 810 ++++++++--- ...-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json | 637 +++++++-- ...-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json | 1182 +++++++++++++---- ...-47a3afb0-b57a-11ec-80e1-4bd67c5762eb.json | 90 -- ...-4d682070-b57a-11ec-80e1-4bd67c5762eb.json | 89 -- ...-52a20470-b57a-11ec-80e1-4bd67c5762eb.json | 95 -- ...-5bde4960-bee7-11ec-a230-b1548ff82828.json | 163 --- ...-63ad1d90-b57a-11ec-80e1-4bd67c5762eb.json | 95 -- ...-69c26d70-b57a-11ec-80e1-4bd67c5762eb.json | 95 -- ...-710eddc0-b57a-11ec-80e1-4bd67c5762eb.json | 89 -- ...-771b5400-b57a-11ec-80e1-4bd67c5762eb.json | 89 -- ...-7ce4a6c0-b57a-11ec-80e1-4bd67c5762eb.json | 89 -- ...-b1504c70-b57a-11ec-80e1-4bd67c5762eb.json | 89 -- ...-e2809d40-b57a-11ec-80e1-4bd67c5762eb.json | 89 -- ...-ee190f20-b57a-11ec-80e1-4bd67c5762eb.json | 127 -- ...-b9dd7a20-b57a-11ec-80e1-4bd67c5762eb.json | 95 -- ...-be579090-b57a-11ec-80e1-4bd67c5762eb.json | 95 -- ...-c5a9cd40-b57a-11ec-80e1-4bd67c5762eb.json | 95 -- ...-ce5187d0-b57a-11ec-80e1-4bd67c5762eb.json | 95 -- 19 files changed, 2050 insertions(+), 2158 deletions(-) delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-47a3afb0-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-4d682070-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-52a20470-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-5bde4960-bee7-11ec-a230-b1548ff82828.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-63ad1d90-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-69c26d70-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-710eddc0-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-771b5400-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-7ce4a6c0-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-b1504c70-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-e2809d40-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/lens/infoblox_nios-ee190f20-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/visualization/infoblox_nios-b9dd7a20-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/visualization/infoblox_nios-be579090-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/visualization/infoblox_nios-c5a9cd40-b57a-11ec-80e1-4bd67c5762eb.json delete mode 100644 packages/infoblox_nios/kibana/visualization/infoblox_nios-ce5187d0-b57a-11ec-80e1-4bd67c5762eb.json diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json index 2d045527da8..24f9d674c22 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json @@ -1,224 +1,614 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:52:07.468Z", + "version": "WzY0MywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Count of Leases Renewed Over Time [Logs Infoblox NIOS]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpack\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "d0884783-30e6-47ed-bfca-99d4b0b423e9", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "d0884783-30e6-47ed-bfca-99d4b0b423e9", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5ab31944-bb04-4fcd-9734-6dd0a050581b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "5ab31944-bb04-4fcd-9734-6dd0a050581b", - "panelRefName": "panel_3", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9", - "panelRefName": "panel_4", - "title": "Top 10 MAC Address [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "gridData": { + "h": 15, + "i": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Count of Leases Declined Over Time [Logs Infoblox NIOS]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpdecline\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "panelRefName": "panel_5", - "type": "search", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d0884783-30e6-47ed-bfca-99d4b0b423e9", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "d0884783-30e6-47ed-bfca-99d4b0b423e9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Count of Leases Expired Over Time [Logs Infoblox NIOS]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpexpire\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b3562120-30fb-4068-8f51-016a4d463d54", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "b3562120-30fb-4068-8f51-016a4d463d54", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5ab31944-bb04-4fcd-9734-6dd0a050581b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "5ab31944-bb04-4fcd-9734-6dd0a050581b", + "panelRefName": "panel_3", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "310773ab-50b9-45eb-b84b-d5ac4dd962ff": { + "columnOrder": [ + "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", + "0552e5bb-f6f0-4619-a623-b95cbb3c3561" + ], + "columns": { + "0552e5bb-f6f0-4619-a623-b95cbb3c3561": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24491aaa-9a7c-4f4e-aea5-9621bc64c38a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "MAC Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.mac" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" + }, + "visualization": { + "columns": [ + { + "columnId": "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", + "isTransposed": false + } + ], + "layerId": "310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "76c2205b-d288-41b8-bd79-33e76a42289a", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "76c2205b-d288-41b8-bd79-33e76a42289a", - "panelRefName": "panel_7", - "type": "search", - "version": "7.17.0" + "title": "Top 10 MAC Address [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9", + "title": "Top 10 MAC Address [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "panelRefName": "panel_5", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Count of Leases Released Over Time [Logs Infoblox NIOS]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcprelease\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "panelRefName": "panel_8", - "type": "search", - "version": "7.17.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" + } + } } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] DHCP", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "b3562120-30fb-4068-8f51-016a4d463d54", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "b3562120-30fb-4068-8f51-016a4d463d54", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "76c2205b-d288-41b8-bd79-33e76a42289a", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "76c2205b-d288-41b8-bd79-33e76a42289a", + "panelRefName": "panel_7", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "panelRefName": "panel_8", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Infoblox NIOS] DHCP", + "version": 1 + }, + "references": [ + { + "id": "infoblox_nios-71f7a570-b4dd-11ec-80e1-4bd67c5762eb", + "name": "panel_3", + "type": "search" }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" + { + "id": "infoblox_nios-7103abb0-b4e1-11ec-80e1-4bd67c5762eb", + "name": "panel_5", + "type": "search" }, - "references": [ - { - "id": "infoblox_nios-b9dd7a20-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "infoblox_nios-be579090-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "infoblox_nios-c5a9cd40-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "infoblox_nios-71f7a570-b4dd-11ec-80e1-4bd67c5762eb", - "name": "panel_3", - "type": "search" - }, - { - "id": "infoblox_nios-b1504c70-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_4", - "type": "lens" - }, - { - "id": "infoblox_nios-7103abb0-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_5", - "type": "search" - }, - { - "id": "infoblox_nios-ce5187d0-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "infoblox_nios-4559ff50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_7", - "type": "search" - }, - { - "id": "infoblox_nios-8d55bb50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_8", - "type": "search" - } - ], - "type": "dashboard" + { + "id": "infoblox_nios-4559ff50-b4e1-11ec-80e1-4bd67c5762eb", + "name": "panel_7", + "type": "search" + }, + { + "id": "infoblox_nios-8d55bb50-b4e1-11ec-80e1-4bd67c5762eb", + "name": "panel_8", + "type": "search" + }, + { + "type": "index-pattern", + "name": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e:metrics_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d0884783-30e6-47ed-bfca-99d4b0b423e9:metrics_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b:metrics_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b3562120-30fb-4068-8f51-016a4d463d54:metrics_0_index_pattern", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json index 1d946dbc96d..7c3e388fbd8 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json @@ -1,146 +1,523 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:52:07.468Z", + "version": "WzY0NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { + "columnOrder": [ + "fcb0dd34-08f1-4b12-a947-66514002a247", + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "columns": { + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fcb0dd34-08f1-4b12-a947-66514002a247": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {} + } + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", - "w": 48, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", - "panelRefName": "panel_0", - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", - "w": 24, - "x": 0, - "y": 15 + "layers": [ + { + "accessors": [ + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", + "yConfig": [ + { + "color": "#d36086", + "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false }, - "panelIndex": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", - "panelRefName": "panel_1", - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", - "w": 24, - "x": 24, - "y": 15 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", - "panelRefName": "panel_2", - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_3", - "type": "search", - "version": "7.17.0" + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3b197aef-e049-44df-a30f-fc807fdb1718": { + "columnOrder": [ + "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "4eb788c2-ebce-473d-bfb0-ee0409862740" + ], + "columns": { + "4eb788c2-ebce-473d-bfb0-ee0409862740": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "6786ed8f-346e-419e-b8a7-1eea3d76b317": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Failure", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "e9c4594f-2e2d-4750-9b04-eb1632f13753": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Via", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "infoblox_nios.log.audit.apparently_via" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.action", + "negate": false, + "params": { + "query": "login_denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "login_denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + }, + "visualization": { + "columns": [ + { + "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "isTransposed": false + }, + { + "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "isTransposed": false + }, + { + "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "isTransposed": false + } + ], + "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_4", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "infoblox_nios-ee190f20-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_0", - "type": "lens" + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ] + } }, - { - "id": "infoblox_nios-5bde4960-bee7-11ec-a230-b1548ff82828", - "name": "panel_1", - "type": "lens" + "gridData": { + "h": 15, + "i": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "infoblox_nios-e2809d40-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_2", - "type": "lens" + "panelIndex": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9688c841-6bb3-4369-8c27-894421c9ea56": { + "columnOrder": [ + "392073ca-09fb-4349-826e-fe44effa2a8e", + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" + ], + "columns": { + "392073ca-09fb-4349-826e-fe44effa2a8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + }, + "visualization": { + "columns": [ + { + "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "isTransposed": false + } + ], + "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", + "layerType": "data" + } + }, + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } + ] + } }, - { - "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "panel_3", - "type": "search" + "gridData": { + "h": 15, + "i": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "panel_4", - "type": "search" - } + "panelIndex": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efab2208-7c53-44d0-ab95-44e4f536b001", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", + "panelRefName": "panel_3", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "panelRefName": "panel_4", + "title": "Created and Deleted Objects [Logs Infoblox NIOS]", + "type": "search", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Infoblox NIOS] Audit", + "version": 1 + }, + "references": [ + { + "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", + "name": "panel_3", + "type": "search" + }, + { + "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", + "name": "panel_4", + "type": "search" + }, + { + "type": "index-pattern", + "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json index ea56ac8ca91..7f1f7db57a9 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json @@ -1,259 +1,963 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:52:07.468Z", + "version": "WzY0NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.response_code" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ] + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", - "panelRefName": "panel_0", - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", - "panelRefName": "panel_1", - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", - "panelRefName": "panel_2", - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", - "panelRefName": "panel_3", - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d91a4b30-da3a-402b-a7b7-542680808c83", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "d91a4b30-da3a-402b-a7b7-542680808c83", - "panelRefName": "panel_4", - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "panelIndex": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", + "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Flag", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.header_flags" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "820c618a-04ef-4d1d-95e4-76be0a783c03", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "820c618a-04ef-4d1d-95e4-76be0a783c03", - "panelRefName": "panel_5", - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", + "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Question Class", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.question.class" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "1129632e-0004-4421-bf56-406d8499a2bb", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "1129632e-0004-4421-bf56-406d8499a2bb", - "panelRefName": "panel_6", - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", + "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "panelRefName": "panel_7", - "type": "search", - "version": "7.17.0" + "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", + "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.port" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "panelRefName": "panel_8", - "type": "search", - "version": "7.17.0" + "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "d91a4b30-da3a-402b-a7b7-542680808c83", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "d91a4b30-da3a-402b-a7b7-542680808c83", + "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Answer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.answers.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5a855a3a-e38e-432e-b09a-0960167960cd", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "5a855a3a-e38e-432e-b09a-0960167960cd", - "panelRefName": "panel_9", - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] DNS", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "infoblox_nios-52a20470-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_0", - "type": "lens" + "title": "Top 10 Answer Name [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } }, - { - "id": "infoblox_nios-63ad1d90-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_1", - "type": "lens" + "gridData": { + "h": 15, + "i": "820c618a-04ef-4d1d-95e4-76be0a783c03", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "infoblox_nios-69c26d70-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_2", - "type": "lens" + "panelIndex": "820c618a-04ef-4d1d-95e4-76be0a783c03", + "title": "Top 10 Answer Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Question Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Question Name [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 15, + "i": "1129632e-0004-4421-bf56-406d8499a2bb", + "w": 24, + "x": 0, + "y": 45 }, - { - "id": "infoblox_nios-4d682070-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_3", - "type": "lens" + "panelIndex": "1129632e-0004-4421-bf56-406d8499a2bb", + "title": "Top 10 Question Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "infoblox_nios-47a3afb0-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_4", - "type": "lens" + "gridData": { + "h": 15, + "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "w": 24, + "x": 24, + "y": 60 }, - { - "id": "infoblox_nios-710eddc0-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_5", - "type": "lens" + "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "panelRefName": "panel_7", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "infoblox_nios-771b5400-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_6", - "type": "lens" + "gridData": { + "h": 15, + "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "w": 24, + "x": 0, + "y": 60 }, - { - "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", - "name": "panel_7", - "type": "search" + "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "panelRefName": "panel_8", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "description": null, + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Query Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Query Type [Logs Infoblox NIOS]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } }, - { - "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", - "name": "panel_8", - "type": "search" + "gridData": { + "h": 15, + "i": "5a855a3a-e38e-432e-b09a-0960167960cd", + "w": 24, + "x": 24, + "y": 45 }, - { - "id": "infoblox_nios-7ce4a6c0-b57a-11ec-80e1-4bd67c5762eb", - "name": "panel_9", - "type": "lens" - } + "panelIndex": "5a855a3a-e38e-432e-b09a-0960167960cd", + "title": "Top 10 Query Type [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.16.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Infoblox NIOS] DNS", + "version": 1 + }, + "references": [ + { + "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", + "name": "panel_7", + "type": "search" + }, + { + "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", + "name": "panel_8", + "type": "search" + }, + { + "type": "index-pattern", + "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-47a3afb0-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-47a3afb0-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 0e6cd96ba54..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-47a3afb0-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.port" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-47a3afb0-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-4d682070-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-4d682070-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 952f75cf39e..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-4d682070-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-4d682070-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-52a20470-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-52a20470-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index d39fa8c48b1..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-52a20470-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.response_code" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-52a20470-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-5bde4960-bee7-11ec-a230-b1548ff82828.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-5bde4960-bee7-11ec-a230-b1548ff82828.json deleted file mode 100644 index 3a97290bff6..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-5bde4960-bee7-11ec-a230-b1548ff82828.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3b197aef-e049-44df-a30f-fc807fdb1718": { - "columnOrder": [ - "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "4eb788c2-ebce-473d-bfb0-ee0409862740" - ], - "columns": { - "4eb788c2-ebce-473d-bfb0-ee0409862740": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6786ed8f-346e-419e-b8a7-1eea3d76b317": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Failure", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - }, - "e9c4594f-2e2d-4750-9b04-eb1632f13753": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Via", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "infoblox_nios.log.audit.apparently_via" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login_denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login_denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" - }, - "visualization": { - "columns": [ - { - "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "isTransposed": false - }, - { - "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "isTransposed": false - }, - { - "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "isTransposed": false - } - ], - "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", - "layerType": "data" - } - }, - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-5bde4960-bee7-11ec-a230-b1548ff82828", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-63ad1d90-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-63ad1d90-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index af7022e8da1..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-63ad1d90-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Flag", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.header_flags" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-63ad1d90-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-69c26d70-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-69c26d70-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index f264ba388f0..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-69c26d70-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Class", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.question.class" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-69c26d70-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-710eddc0-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-710eddc0-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 8b7ba150de7..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-710eddc0-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Answer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.answers.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-710eddc0-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-771b5400-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-771b5400-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 28023508a40..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-771b5400-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-771b5400-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-7ce4a6c0-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-7ce4a6c0-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index eef58c03a35..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-7ce4a6c0-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Query Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-7ce4a6c0-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-b1504c70-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-b1504c70-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 6ecfadae96a..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-b1504c70-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "310773ab-50b9-45eb-b84b-d5ac4dd962ff": { - "columnOrder": [ - "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", - "0552e5bb-f6f0-4619-a623-b95cbb3c3561" - ], - "columns": { - "0552e5bb-f6f0-4619-a623-b95cbb3c3561": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24491aaa-9a7c-4f4e-aea5-9621bc64c38a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "MAC Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.mac" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", - "isTransposed": false - } - ], - "layerId": "310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "layerType": "data" - } - }, - "title": "Top 10 MAC Address [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-b1504c70-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-e2809d40-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-e2809d40-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index c51fe7d5cff..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-e2809d40-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9688c841-6bb3-4369-8c27-894421c9ea56": { - "columnOrder": [ - "392073ca-09fb-4349-826e-fe44effa2a8e", - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" - ], - "columns": { - "392073ca-09fb-4349-826e-fe44effa2a8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" - }, - "visualization": { - "columns": [ - { - "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "isTransposed": false - } - ], - "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", - "layerType": "data" - } - }, - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-e2809d40-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/lens/infoblox_nios-ee190f20-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/lens/infoblox_nios-ee190f20-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 9240018521d..00000000000 --- a/packages/infoblox_nios/kibana/lens/infoblox_nios-ee190f20-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { - "columnOrder": [ - "fcb0dd34-08f1-4b12-a947-66514002a247", - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "columns": { - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fcb0dd34-08f1-4b12-a947-66514002a247": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-ee190f20-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/visualization/infoblox_nios-b9dd7a20-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/visualization/infoblox_nios-b9dd7a20-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index d306d420c64..00000000000 --- a/packages/infoblox_nios/kibana/visualization/infoblox_nios-b9dd7a20-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" - } - } - }, - "title": "Count of Leases Renewed Over Time [Logs Infoblox NIOS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpack\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Renewed Over Time [Logs Infoblox NIOS]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-b9dd7a20-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "metrics_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/visualization/infoblox_nios-be579090-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/visualization/infoblox_nios-be579090-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index bea79d71369..00000000000 --- a/packages/infoblox_nios/kibana/visualization/infoblox_nios-be579090-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" - } - } - }, - "title": "Count of Leases Declined Over Time [Logs Infoblox NIOS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpdecline\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Declined Over Time [Logs Infoblox NIOS]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-be579090-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "metrics_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/visualization/infoblox_nios-c5a9cd40-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/visualization/infoblox_nios-c5a9cd40-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 95b23b1cdc1..00000000000 --- a/packages/infoblox_nios/kibana/visualization/infoblox_nios-c5a9cd40-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" - } - } - }, - "title": "Count of Leases Expired Over Time [Logs Infoblox NIOS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpexpire\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Expired Over Time [Logs Infoblox NIOS]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-c5a9cd40-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "metrics_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/visualization/infoblox_nios-ce5187d0-b57a-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/visualization/infoblox_nios-ce5187d0-b57a-11ec-80e1-4bd67c5762eb.json deleted file mode 100644 index 449fcec5b56..00000000000 --- a/packages/infoblox_nios/kibana/visualization/infoblox_nios-ce5187d0-b57a-11ec-80e1-4bd67c5762eb.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DHCP\"" - } - } - }, - "title": "Count of Leases Released Over Time [Logs Infoblox NIOS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcprelease\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Released Over Time [Logs Infoblox NIOS]", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-ce5187d0-b57a-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "metrics_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From c959ec1361d35f11f838a520f867ef0064da49c3 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 27 Oct 2022 17:26:06 +0530 Subject: [PATCH 018/103] migrate iptables to by_value --- ...-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json | 814 ++++++++++++----- ...-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json | 825 +++++++++++++----- ...-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json | 100 --- ...-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json | 82 -- ...-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json | 82 -- ...-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json | 82 -- ...-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json | 136 --- ...-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json | 82 -- ...-758b3620-1fda-11e9-ae2a-939083c6a64e.json | 162 ---- ...-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json | 82 -- ...-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json | 122 --- 11 files changed, 1195 insertions(+), 1374 deletions(-) delete mode 100644 packages/iptables/kibana/visualization/iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json delete mode 100644 packages/iptables/kibana/visualization/iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json delete mode 100644 packages/iptables/kibana/visualization/iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json delete mode 100644 packages/iptables/kibana/visualization/iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json delete mode 100644 packages/iptables/kibana/visualization/iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json delete mode 100644 packages/iptables/kibana/visualization/iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json delete mode 100644 packages/iptables/kibana/visualization/iptables-758b3620-1fda-11e9-ae2a-939083c6a64e.json delete mode 100644 packages/iptables/kibana/visualization/iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json delete mode 100644 packages/iptables/kibana/visualization/iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json diff --git a/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json b/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json index 0180b9334ec..acdafa87cb7 100644 --- a/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json +++ b/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json @@ -1,246 +1,610 @@ { - "attributes": { - "description": "Overview of the iptables events dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:55:52.726Z", + "version": "WzYzNiwxXQ==", + "attributes": { + "description": "Overview of the iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:iptables.log" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Events Timeline [Logs Iptables]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset:iptables.log" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "1", - "w": 37, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "gridData": { + "h": 15, + "i": "1", + "w": 37, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Source Countries [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2", - "w": 11, - "x": 37, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 19, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 11, + "x": 37, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Type Breakdown [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6", - "w": 18, - "x": 19, - "y": 30 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "7", - "w": 11, - "x": 37, - "y": 30 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 19, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Transport Breakdown [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "8", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "search", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"819f99c3-9bfa-4b32-b42a-eaddd3a1cafa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"515d04a8-6e07-48ea-a5c8-ca668c73f20b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"bfc1b1f2-5e9d-4e48-b6bb-c601bf895655\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Source Map [Logs Iptables]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "be0cae7a-45f7-4912-88ad-47924a84445e", - "w": 24, - "x": 0, - "y": 15 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "be0cae7a-45f7-4912-88ad-47924a84445e", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 18, + "x": 19, + "y": 30 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Destination Ports [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6b510351-9284-44f3-8997-27e6ad4ec559\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e9743ec6-ebc4-427d-9c20-48f1cec1fcaa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"786e2e19-4809-49b5-91ba-5cb5a740d21b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Map [Logs Iptables]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", - "w": 24, - "x": 24, - "y": 15 + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } } - ], - "timeRestore": false, - "title": "[Logs Iptables] Overview", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "7", + "w": 11, + "x": 37, + "y": 30 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "8", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "8", + "panelRefName": "panel_8", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"819f99c3-9bfa-4b32-b42a-eaddd3a1cafa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"515d04a8-6e07-48ea-a5c8-ca668c73f20b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"bfc1b1f2-5e9d-4e48-b6bb-c601bf895655\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Source Map [Logs Iptables]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "be0cae7a-45f7-4912-88ad-47924a84445e", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "be0cae7a-45f7-4912-88ad-47924a84445e", + "type": "map", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6b510351-9284-44f3-8997-27e6ad4ec559\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e9743ec6-ebc4-427d-9c20-48f1cec1fcaa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"786e2e19-4809-49b5-91ba-5cb5a740d21b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Map [Logs Iptables]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", + "type": "map", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Logs Iptables] Overview", + "version": 1 + }, + "references": [ + { + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", + "name": "8:panel_8", + "type": "search" }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb", - "migrationVersion": { - "dashboard": "8.0.0" + { + "id": "logs-*", + "name": "be0cae7a-45f7-4912-88ad-47924a84445e:layer_1_source_index_pattern", + "type": "index-pattern" }, - "references": [ - { - "id": "iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "8:panel_8", - "type": "search" - }, - { - "id": "logs-*", - "name": "be0cae7a-45f7-4912-88ad-47924a84445e:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "dashboard" + { + "id": "logs-*", + "name": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json index c0a7c34c060..a314d39003d 100644 --- a/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json +++ b/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json @@ -1,246 +1,633 @@ { - "attributes": { - "description": "Overview of the Ubiquiti Firewall iptables events dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T11:55:52.726Z", + "version": "WzYzNywxXQ==", + "attributes": { + "description": "Overview of the Ubiquiti Firewall iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:iptables.log" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + }, + "legendOpen": true + }, + "savedVis": { + "title": "Ubiquiti Firewall Event Timeline [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "top", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2019-01-24T15:47:12.171Z", + "mode": "absolute", + "to": "2019-01-24T15:47:52.785Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset:iptables.log" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 33, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "allow": "#64B0C8", - "deny": "#E24D42" - }, - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "1", - "w": 33, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "title": "Event Timeline", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "title": "Event Timeline", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2", - "w": 15, - "x": 33, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "title": "Top Blocked by source IP", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "allow": "#7EB26D", - "deny": "#E24D42", - "icmp": "#F29191", - "ipv4": "#65C5DB", - "ipv6": "#D683CE", - "ipv6-icmp": "#EA6460", - "tcp": "#447EBC", - "udp": "#F2C96D" - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "5", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "title": "Traffic Breakdown by Protocol", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "2", + "title": "Top Blocked by source IP", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "allow": "#7EB26D", + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + }, + "savedVis": { + "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "colors": { + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 27, - "i": "6", - "w": 48, - "x": 0, - "y": 48 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "title": "Event View", - "type": "search", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": false, + "show": true, + "truncate": 100, + "values": false + }, + "legendPosition": "top", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "7", - "w": 24, - "x": 24, - "y": 30 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "title": "Traffic Breakdown by Port", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"7f6a8971-2ac4-49df-9ed3-2a81500c5e1d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9291aa55-640f-4ca8-9341-b73eecc00855\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Allowed Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"715de528-553d-4800-91d9-12bab368b24b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Allowed Traffic Map", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "enabled": true, + "id": "3", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 15, - "i": "02e3739f-47c9-45ac-b225-0e4f92dab753", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "02e3739f-47c9-45ac-b225-0e4f92dab753", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "title": "Traffic Breakdown by Protocol", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 27, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "panelRefName": "panel_6", + "title": "Event View", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"3ba7d195-0d25-4f48-97a4-96e65b0e0b1b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"a6ce0882-5543-4649-9ebb-3393a06c44e6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Blocked Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"b93a08fa-124c-40a9-9171-37264d256c79\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Blocked Traffic Map", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "params": { + "perPage": 10, + "row": false, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "0cff36eb-abec-44db-9887-4ba9668d7c02", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "event.outcome", + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "split", + "type": "terms" }, - "panelIndex": "0cff36eb-abec-44db-9887-4ba9668d7c02", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Iptables] Ubiquiti Firewall Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "iptables-758b3620-1fda-11e9-ae2a-939083c6a64e", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 18, + "i": "7", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "7", + "title": "Traffic Breakdown by Port", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"7f6a8971-2ac4-49df-9ed3-2a81500c5e1d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9291aa55-640f-4ca8-9341-b73eecc00855\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Allowed Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"715de528-553d-4800-91d9-12bab368b24b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Allowed Traffic Map", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "6:panel_6", - "type": "search" + "gridData": { + "h": 15, + "i": "02e3739f-47c9-45ac-b225-0e4f92dab753", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "02e3739f-47c9-45ac-b225-0e4f92dab753", + "type": "map", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"3ba7d195-0d25-4f48-97a4-96e65b0e0b1b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"a6ce0882-5543-4649-9ebb-3393a06c44e6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Blocked Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"b93a08fa-124c-40a9-9171-37264d256c79\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Blocked Traffic Map", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "02e3739f-47c9-45ac-b225-0e4f92dab753:layer_1_source_index_pattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "0cff36eb-abec-44db-9887-4ba9668d7c02", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "0cff36eb-abec-44db-9887-4ba9668d7c02:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "0cff36eb-abec-44db-9887-4ba9668d7c02", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Iptables] Ubiquiti Firewall Overview", + "version": 1 + }, + "references": [ + { + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", + "name": "6:panel_6", + "type": "search" + }, + { + "id": "logs-*", + "name": "02e3739f-47c9-45ac-b225-0e4f92dab753:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0cff36eb-abec-44db-9887-4ba9668d7c02:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e" + }, + { + "type": "search", + "name": "2:search_0", + "id": "iptables-9f7d97c0-1fe9-11e9-ae2a-939083c6a64e" + }, + { + "type": "search", + "name": "5:search_0", + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e" + }, + { + "type": "search", + "name": "7:search_0", + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index 550c60c224e..00000000000 --- a/packages/iptables/kibana/visualization/iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "event.outcome", - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination port", - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "row": false, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index 7e8e0bbbd27..00000000000 --- a/packages/iptables/kibana/visualization/iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-9f7d97c0-1fe9-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index 64f8facf0f1..00000000000 --- a/packages/iptables/kibana/visualization/iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Source Countries [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Source Countries [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index b3e2c903428..00000000000 --- a/packages/iptables/kibana/visualization/iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Network Transport Breakdown [Logs Iptables]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": true, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Transport Breakdown [Logs Iptables]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json b/packages/iptables/kibana/visualization/iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json deleted file mode 100644 index dd0f91858d3..00000000000 --- a/packages/iptables/kibana/visualization/iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json +++ /dev/null @@ -1,136 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Events Timeline [Logs Iptables]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Events Timeline [Logs Iptables]", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index 1010541cc39..00000000000 --- a/packages/iptables/kibana/visualization/iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Destination Ports [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Port", - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Destination Ports [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-758b3620-1fda-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-758b3620-1fda-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index d4081ce0c50..00000000000 --- a/packages/iptables/kibana/visualization/iptables-758b3620-1fda-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Event Timeline [Logs Iptables]", - "uiStateJSON": { - "vis": { - "colors": { - "allow": "#64B0C8", - "deny": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "2019-01-24T15:47:12.171Z", - "mode": "absolute", - "to": "2019-01-24T15:47:52.785Z" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "top", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Ubiquiti Firewall Event Timeline [Logs Iptables]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-758b3620-1fda-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index e3a249a5f65..00000000000 --- a/packages/iptables/kibana/visualization/iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Network Type Breakdown [Logs Iptables]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.type", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": true, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Type Breakdown [Logs Iptables]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index 6f84873c8be..00000000000 --- a/packages/iptables/kibana/visualization/iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables]", - "uiStateJSON": { - "vis": { - "colors": { - "deny": "#E24D42", - "icmp": "#F29191", - "ipv4": "#65C5DB", - "ipv6": "#D683CE", - "ipv6-icmp": "#EA6460", - "tcp": "#447EBC", - "udp": "#F2C96D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.type", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "network.transport", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": false, - "show": true, - "truncate": 100, - "values": false - }, - "legendPosition": "top", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From f5e03d8883a6c884f69b341d7a7877dee5d7ca75 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 01:40:54 +0530 Subject: [PATCH 019/103] migrate microsoft to by_value upgrade t0 7.17 --- ...-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json | 1286 +++++++++++++++-- ...-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json | 139 -- ...-e415af10-ca67-11ea-9d4d-9737a63aaa55.json | 164 --- ...-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json | 244 ---- ...-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json | 132 -- ...-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json | 128 -- ...-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json | 128 -- ...-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json | 128 -- packages/microsoft/manifest.yml | 2 +- 9 files changed, 1131 insertions(+), 1220 deletions(-) delete mode 100644 packages/microsoft/kibana/lens/microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft/kibana/lens/microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft/kibana/visualization/microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft/kibana/visualization/microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft/kibana/visualization/microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft/kibana/visualization/microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft/kibana/visualization/microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json diff --git a/packages/microsoft/kibana/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json index 04262528bae..522d041aaa7 100644 --- a/packages/microsoft/kibana/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json +++ b/packages/microsoft/kibana/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json @@ -1,175 +1,1149 @@ { - "attributes": { - "description": "Microsoft Defender ATP Alert Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T19:57:35.020Z", + "version": "WzYzNCwxXQ==", + "attributes": { + "description": "Microsoft Defender ATP Alert Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:microsoft.defender_atp" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "ATP New Incidents Counter [Logs Microsoft]", + "description": "Microsoft Defender ATP Counter for new incidents", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 1 + }, + { + "from": 1, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "New Incidents", + "field": "microsoft.defender_atp.incidentId" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft.defender_atp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft.defender_atp" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset:microsoft.defender_atp" + "language": "kuery", + "query": "data_stream.dataset:\"microsoft.defender_atp\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 6, + "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "w": 4, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "w": 4, - "x": 0, - "y": 0 - }, - "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "panelRefName": "panel_0", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "74d36139-4d22-44d4-bfc8-020c575febb1", - "w": 25, - "x": 4, - "y": 0 - }, - "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", - "panelRefName": "panel_1", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "w": 19, - "x": 29, - "y": 0 - }, - "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "panelRefName": "panel_2", - "title": "ATP Techniques [Logs Microsoft]", - "version": "7.8.1" + "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { + "columnOrder": [ + "19ade524-0042-4ecd-ac59-9696c8c2e225", + "677e5501-ca31-435c-8eab-38b5297e54c2", + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "columns": { + "19ade524-0042-4ecd-ac59-9696c8c2e225": { + "dataType": "number", + "isBucketed": true, + "label": "Top values of event.severity", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", + "type": "column" + }, + "orderDirection": "desc", + "size": 6 + }, + "scale": "ordinal", + "sourceField": "event.severity" + }, + "27212c7c-83ee-4292-a4c6-396d9b77dce6": { + "dataType": "number", + "isBucketed": false, + "label": "Number of incidents", + "operationType": "unique_count", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "microsoft.defender_atp.incidentId" + }, + "677e5501-ca31-435c-8eab-38b5297e54c2": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "24h" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft.defender_atp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft.defender_atp" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", + "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "w": 4, - "x": 0, - "y": 6 - }, - "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "panelRefName": "panel_3", - "version": "7.8.1" + "title": "ATP New Incidents [Logs Microsoft]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "74d36139-4d22-44d4-bfc8-020c575febb1", + "w": 25, + "x": 4, + "y": 0 + }, + "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", + "version": "7.16.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f93e2634-0dd5-4aec-b6de-45284dd39630": { + "columnOrder": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", + "0f67be87-cc6f-48e7-8afd-d9401037d006" + ], + "columns": { + "0f67be87-cc6f-48e7-8afd-d9401037d006": { + "dataType": "number", + "isBucketed": false, + "label": "Number of techniques", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { + "dataType": "string", + "isBucketed": true, + "label": "Related MITRE attach techniques", + "operationType": "terms", + "params": { + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "asc", + "size": 10 + }, + "scale": "ordinal", + "sourceField": "threat.technique.name" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft.defender_atp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft.defender_atp" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" + ], + "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", + "legendDisplay": "default", + "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", + "nestedLegend": false, + "numberDisplay": "percent", + "layerType": "data" + } + ], + "shape": "treemap" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "16e7059b-70a5-4ea4-b622-9015d7430419", - "w": 4, - "x": 0, - "y": 12 - }, - "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", - "panelRefName": "panel_4", - "version": "7.8.1" + "title": "ATP Techniques [Logs Microsoft]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "title": "ATP Techniques [Logs Microsoft]", + "version": "7.16.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "ATP Domains Counter [Logs Microsoft]", + "description": "Microsoft Defender ATP counter for related domains", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "w": 4, - "x": 0, - "y": 18 - }, - "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "panelRefName": "panel_5", - "version": "7.8.1" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Domains", + "field": "microsoft.defender_atp.evidence.domainName" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft.defender_atp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft.defender_atp" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft.defender_atp\" " + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "w": 4, + "x": 0, + "y": 6 + }, + "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "ATP IP Addresses Counter [Logs Microsoft]", + "description": "Microsoft Defender ATP counter for related IP Addresses", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "cb8de6bb-1096-427d-834e-210963aad3e5", - "w": 48, - "x": 0, - "y": 24 - }, - "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", - "panelRefName": "panel_6", - "version": "7.8.1" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Networks", + "field": "microsoft.defender_atp.evidence.ipAddress" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft.defender_atp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft.defender_atp" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft.defender_atp\" " + } + } } - ], - "timeRestore": false, - "title": "[Logs Microsoft] ATP Overview", - "version": 1 - }, - "id": "microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55", - "name": "panel_1", - "type": "lens" + "gridData": { + "h": 6, + "i": "16e7059b-70a5-4ea4-b622-9015d7430419", + "w": 4, + "x": 0, + "y": 12 }, - { - "id": "microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_2", - "type": "lens" + "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "ATP Related Users Counter [Logs Microsoft]", + "description": "Microsoft Defender ATP counter for related Users", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Users", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft.defender_atp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft.defender_atp" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft.defender_atp\" " + } + } + } + } }, - { - "id": "microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 6, + "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "w": 4, + "x": 0, + "y": 18 }, - { - "id": "microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_4", - "type": "visualization" + "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "ATP Incident Table [Logs Microsoft]", + "description": "Microsoft Defender ATP Incident Table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "aggregate": "concat", + "field": "@timestamp", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Incident ID", + "field": "microsoft.defender_atp.incidentId", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Current Status", + "field": "microsoft.defender_atp.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Assigned To", + "field": "microsoft.defender_atp.assignedTo", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Severity", + "field": "event.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Hostname", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "10", + "params": { + "customLabel": "Category", + "field": "threat.technique.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Description", + "field": "rule.description", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft.defender_atp" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft.defender_atp" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 16, + "i": "cb8de6bb-1096-427d-834e-210963aad3e5", + "w": 48, + "x": 0, + "y": 24 }, - { - "id": "microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Microsoft] ATP Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/microsoft/kibana/lens/microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/lens/microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 198be8e7df7..00000000000 --- a/packages/microsoft/kibana/lens/microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f93e2634-0dd5-4aec-b6de-45284dd39630": { - "columnOrder": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", - "0f67be87-cc6f-48e7-8afd-d9401037d006" - ], - "columns": { - "0f67be87-cc6f-48e7-8afd-d9401037d006": { - "dataType": "number", - "isBucketed": false, - "label": "Number of techniques", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { - "dataType": "string", - "isBucketed": true, - "label": "Related MITRE attach techniques", - "operationType": "terms", - "params": { - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "asc", - "size": 10 - }, - "scale": "ordinal", - "sourceField": "threat.technique.name" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft.defender_atp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft.defender_atp" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" - ], - "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", - "legendDisplay": "default", - "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "treemap" - } - }, - "title": "ATP Techniques [Logs Microsoft]", - "visualizationType": "lnsPie" - }, - "id": "microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "lens": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/microsoft/kibana/lens/microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/lens/microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 365f8751e90..00000000000 --- a/packages/microsoft/kibana/lens/microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,164 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { - "columnOrder": [ - "19ade524-0042-4ecd-ac59-9696c8c2e225", - "677e5501-ca31-435c-8eab-38b5297e54c2", - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "columns": { - "19ade524-0042-4ecd-ac59-9696c8c2e225": { - "dataType": "number", - "isBucketed": true, - "label": "Top values of event.severity", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", - "type": "column" - }, - "orderDirection": "desc", - "size": 6 - }, - "scale": "ordinal", - "sourceField": "event.severity" - }, - "27212c7c-83ee-4292-a4c6-396d9b77dce6": { - "dataType": "number", - "isBucketed": false, - "label": "Number of incidents", - "operationType": "cardinality", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "microsoft.defender_atp.incidentId" - }, - "677e5501-ca31-435c-8eab-38b5297e54c2": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "24h" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft.defender_atp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft.defender_atp" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", - "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line" - } - }, - "title": "ATP New Incidents [Logs Microsoft]", - "visualizationType": "lnsXY" - }, - "id": "microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "lens": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/microsoft/kibana/visualization/microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/visualization/microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 886af84f2f5..00000000000 --- a/packages/microsoft/kibana/visualization/microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,244 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender ATP Incident Table", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft.defender_atp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft.defender_atp" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "ATP Incident Table [Logs Microsoft]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "aggregate": "concat", - "field": "@timestamp", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Incident ID", - "field": "microsoft.defender_atp.incidentId", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Current Status", - "field": "microsoft.defender_atp.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Assigned To", - "field": "microsoft.defender_atp.assignedTo", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "9", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "10", - "params": { - "customLabel": "Category", - "field": "threat.technique.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Description", - "field": "rule.description", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "ATP Incident Table [Logs Microsoft]", - "type": "table" - } - }, - "id": "microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft/kibana/visualization/microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/visualization/microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 62ff05819fc..00000000000 --- a/packages/microsoft/kibana/visualization/microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender ATP Counter for new incidents", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft.defender_atp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft.defender_atp" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft.defender_atp\" " - } - } - }, - "title": "ATP New Incidents Counter [Logs Microsoft]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "New Incidents", - "field": "microsoft.defender_atp.incidentId" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 1 - }, - { - "from": 1, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "ATP New Incidents Counter [Logs Microsoft]", - "type": "metric" - } - }, - "id": "microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft/kibana/visualization/microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/visualization/microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 63c680d4fda..00000000000 --- a/packages/microsoft/kibana/visualization/microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender ATP counter for related Users", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft.defender_atp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft.defender_atp" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft.defender_atp\" " - } - } - }, - "title": "ATP Related Users Counter [Logs Microsoft]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Users", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "ATP Related Users Counter [Logs Microsoft]", - "type": "metric" - } - }, - "id": "microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft/kibana/visualization/microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/visualization/microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 6684e33b6ff..00000000000 --- a/packages/microsoft/kibana/visualization/microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender ATP counter for related domains", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft.defender_atp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft.defender_atp" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft.defender_atp\" " - } - } - }, - "title": "ATP Domains Counter [Logs Microsoft]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Domains", - "field": "microsoft.defender_atp.evidence.domainName" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "ATP Domains Counter [Logs Microsoft]", - "type": "metric" - } - }, - "id": "microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft/kibana/visualization/microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/kibana/visualization/microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 17fb016b1fb..00000000000 --- a/packages/microsoft/kibana/visualization/microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender ATP counter for related IP Addresses", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft.defender_atp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft.defender_atp" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft.defender_atp\" " - } - } - }, - "title": "ATP IP Addresses Counter [Logs Microsoft]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Networks", - "field": "microsoft.defender_atp.evidence.ipAddress" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "ATP IP Addresses Counter [Logs Microsoft]", - "type": "metric" - } - }, - "id": "microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft/manifest.yml b/packages/microsoft/manifest.yml index 54af6e2c478..319e9c23464 100644 --- a/packages/microsoft/manifest.yml +++ b/packages/microsoft/manifest.yml @@ -11,7 +11,7 @@ release: experimental license: basic type: integration conditions: - kibana.version: "^7.14.1" + kibana.version: "^7.17.0" policy_templates: - name: microsoft title: Microsoft From 3d92b1e5d59f6822d2026cbcb9c92b71835b12e1 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 01:52:43 +0530 Subject: [PATCH 020/103] migrate microsoft_defender_endpoint to by_value --- ...-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json | 1286 +++++++++++++++-- ...-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json | 139 -- ...-e415af10-ca67-11ea-9d4d-9737a63aaa55.json | 164 --- ...-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json | 244 ---- ...-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json | 132 -- ...-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json | 128 -- ...-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json | 128 -- ...-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json | 128 -- .../microsoft_defender_endpoint/manifest.yml | 2 +- 9 files changed, 1131 insertions(+), 1220 deletions(-) delete mode 100644 packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json diff --git a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json index 7121958aab5..0857817c507 100644 --- a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json +++ b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json @@ -1,175 +1,1149 @@ { - "attributes": { - "description": "Microsoft Defender for Endpoint Alert Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:22:12.627Z", + "version": "WzYzNCwxXQ==", + "attributes": { + "description": "Microsoft Defender for Endpoint Alert Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:microsoft_defender_endpoint.log" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "New Incidents Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint Counter for new incidents", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 1 + }, + { + "from": 1, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "New Incidents", + "field": "microsoft.defender_endpoint.incidentId" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset:microsoft_defender_endpoint.log" + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 6, + "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "w": 4, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "w": 4, - "x": 0, - "y": 0 - }, - "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "panelRefName": "panel_0", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "74d36139-4d22-44d4-bfc8-020c575febb1", - "w": 25, - "x": 4, - "y": 0 - }, - "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", - "panelRefName": "panel_1", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "w": 19, - "x": 29, - "y": 0 - }, - "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "panelRefName": "panel_2", - "title": "Techniques [Microsoft Defender for Endpoint]", - "version": "7.8.1" + "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { + "columnOrder": [ + "19ade524-0042-4ecd-ac59-9696c8c2e225", + "677e5501-ca31-435c-8eab-38b5297e54c2", + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "columns": { + "19ade524-0042-4ecd-ac59-9696c8c2e225": { + "dataType": "number", + "isBucketed": true, + "label": "Top values of event.severity", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", + "type": "column" + }, + "orderDirection": "desc", + "size": 6 + }, + "scale": "ordinal", + "sourceField": "event.severity" + }, + "27212c7c-83ee-4292-a4c6-396d9b77dce6": { + "dataType": "number", + "isBucketed": false, + "label": "Number of incidents", + "operationType": "unique_count", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "microsoft.defender_endpoint.incidentId" + }, + "677e5501-ca31-435c-8eab-38b5297e54c2": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "24h" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", + "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "w": 4, - "x": 0, - "y": 6 - }, - "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "panelRefName": "panel_3", - "version": "7.8.1" + "title": "New Incidents [Microsoft Defender for Endpoint]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "74d36139-4d22-44d4-bfc8-020c575febb1", + "w": 25, + "x": 4, + "y": 0 + }, + "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", + "version": "7.16.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f93e2634-0dd5-4aec-b6de-45284dd39630": { + "columnOrder": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", + "0f67be87-cc6f-48e7-8afd-d9401037d006" + ], + "columns": { + "0f67be87-cc6f-48e7-8afd-d9401037d006": { + "dataType": "number", + "isBucketed": false, + "label": "Number of techniques", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { + "dataType": "string", + "isBucketed": true, + "label": "Related MITRE attach techniques", + "operationType": "terms", + "params": { + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "asc", + "size": 10 + }, + "scale": "ordinal", + "sourceField": "threat.technique.name" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" + ], + "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", + "legendDisplay": "default", + "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", + "nestedLegend": false, + "numberDisplay": "percent", + "layerType": "data" + } + ], + "shape": "treemap" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "16e7059b-70a5-4ea4-b622-9015d7430419", - "w": 4, - "x": 0, - "y": 12 - }, - "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", - "panelRefName": "panel_4", - "version": "7.8.1" + "title": "Techniques [Microsoft Defender for Endpoint]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "title": "Techniques [Microsoft Defender for Endpoint]", + "version": "7.16.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Domains Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related domains", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "w": 4, - "x": 0, - "y": 18 - }, - "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "panelRefName": "panel_5", - "version": "7.8.1" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Domains", + "field": "microsoft.defender_endpoint.evidence.domainName" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "w": 4, + "x": 0, + "y": 6 + }, + "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related IP Addresses", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "cb8de6bb-1096-427d-834e-210963aad3e5", - "w": 48, - "x": 0, - "y": 24 - }, - "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", - "panelRefName": "panel_6", - "version": "7.8.1" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Networks", + "field": "microsoft.defender_endpoint.evidence.ipAddress" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Microsoft Defender for Endpoint] Overview", - "version": 1 - }, - "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55", - "name": "panel_1", - "type": "lens" + "gridData": { + "h": 6, + "i": "16e7059b-70a5-4ea4-b622-9015d7430419", + "w": 4, + "x": 0, + "y": 12 }, - { - "id": "microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_2", - "type": "lens" + "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Related Users Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related Users", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Users", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + } + } }, - { - "id": "microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 6, + "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "w": 4, + "x": 0, + "y": 18 }, - { - "id": "microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_4", - "type": "visualization" + "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Incident Table [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint Incident Table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "aggregate": "concat", + "field": "@timestamp", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Incident ID", + "field": "microsoft.defender_endpoint.incidentId", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Current Status", + "field": "microsoft.defender_endpoint.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Assigned To", + "field": "microsoft.defender_endpoint.assignedTo", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Severity", + "field": "event.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Hostname", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "10", + "params": { + "customLabel": "Category", + "field": "threat.technique.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Description", + "field": "rule.description", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 16, + "i": "cb8de6bb-1096-427d-834e-210963aad3e5", + "w": 48, + "x": 0, + "y": 24 }, - { - "id": "microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Microsoft Defender for Endpoint] Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 028339d9959..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f93e2634-0dd5-4aec-b6de-45284dd39630": { - "columnOrder": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", - "0f67be87-cc6f-48e7-8afd-d9401037d006" - ], - "columns": { - "0f67be87-cc6f-48e7-8afd-d9401037d006": { - "dataType": "number", - "isBucketed": false, - "label": "Number of techniques", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { - "dataType": "string", - "isBucketed": true, - "label": "Related MITRE attach techniques", - "operationType": "terms", - "params": { - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "asc", - "size": 10 - }, - "scale": "ordinal", - "sourceField": "threat.technique.name" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" - ], - "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", - "legendDisplay": "default", - "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "treemap" - } - }, - "title": "Techniques [Microsoft Defender for Endpoint]", - "visualizationType": "lnsPie" - }, - "id": "microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "lens": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index e3b06ec51cb..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,164 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { - "columnOrder": [ - "19ade524-0042-4ecd-ac59-9696c8c2e225", - "677e5501-ca31-435c-8eab-38b5297e54c2", - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "columns": { - "19ade524-0042-4ecd-ac59-9696c8c2e225": { - "dataType": "number", - "isBucketed": true, - "label": "Top values of event.severity", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", - "type": "column" - }, - "orderDirection": "desc", - "size": 6 - }, - "scale": "ordinal", - "sourceField": "event.severity" - }, - "27212c7c-83ee-4292-a4c6-396d9b77dce6": { - "dataType": "number", - "isBucketed": false, - "label": "Number of incidents", - "operationType": "cardinality", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "microsoft.defender_endpoint.incidentId" - }, - "677e5501-ca31-435c-8eab-38b5297e54c2": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "24h" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", - "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line" - } - }, - "title": "New Incidents [Microsoft Defender for Endpoint]", - "visualizationType": "lnsXY" - }, - "id": "microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "lens": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 40ce80238cb..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,244 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint Incident Table", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Incident Table [Microsoft Defender for Endpoint]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "aggregate": "concat", - "field": "@timestamp", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Incident ID", - "field": "microsoft.defender_endpoint.incidentId", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Current Status", - "field": "microsoft.defender_endpoint.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Assigned To", - "field": "microsoft.defender_endpoint.assignedTo", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "9", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "10", - "params": { - "customLabel": "Category", - "field": "threat.technique.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Description", - "field": "rule.description", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Incident Table [Microsoft Defender for Endpoint]", - "type": "table" - } - }, - "id": "microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index caabefc2f54..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint Counter for new incidents", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "New Incidents Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "New Incidents", - "field": "microsoft.defender_endpoint.incidentId" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 1 - }, - { - "from": 1, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "New Incidents Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index e7e1e816d65..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint counter for related Users", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "Related Users Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Users", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Related Users Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 4a5c7fa089c..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint counter for related domains", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "Domains Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Domains", - "field": "microsoft.defender_endpoint.evidence.domainName" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Domains Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index e77edb29a40..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint counter for related IP Addresses", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Networks", - "field": "microsoft.defender_endpoint.evidence.ipAddress" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index b887695b7c9..e68bb08ccfc 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -11,7 +11,7 @@ release: ga license: basic type: integration conditions: - kibana.version: ^7.14.1 || ^8.0.0 + kibana.version: ^7.17.0 || ^8.0.0 policy_templates: - name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint From 1eec18d26344a1fa4582d7c0575064791d167e97 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 02:02:33 +0530 Subject: [PATCH 021/103] migrate mimecast to by_value --- ...-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json | 1259 ++++++------- ...-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json | 739 ++++---- ...-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json | 749 ++++---- ...-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json | 1183 ++++++------ ...-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json | 1533 +++++++-------- ...-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json | 1251 ++++++------- ...-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json | 1639 +++++++++-------- ...-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json | 1563 +++++++++++----- ...-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json | 163 +- ...-09cd47c0-3e40-11ec-80fa-4dfb04910642.json | 112 -- ...-47017670-3e40-11ec-80fa-4dfb04910642.json | 112 -- ...-86374180-3e40-11ec-80fa-4dfb04910642.json | 112 -- ...-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json | 112 -- ...-b06b3340-3e3f-11ec-80fa-4dfb04910642.json | 112 -- 14 files changed, 5357 insertions(+), 5282 deletions(-) delete mode 100644 packages/mimecast/kibana/lens/mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642.json delete mode 100644 packages/mimecast/kibana/lens/mimecast-47017670-3e40-11ec-80fa-4dfb04910642.json delete mode 100644 packages/mimecast/kibana/lens/mimecast-86374180-3e40-11ec-80fa-4dfb04910642.json delete mode 100644 packages/mimecast/kibana/lens/mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json delete mode 100644 packages/mimecast/kibana/lens/mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642.json diff --git a/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json index 91c58431de0..fe8b1f5afe4 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json @@ -1,650 +1,655 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" + "id": "mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47e0f438-1420-40d4-a779-1845993eb7ea": { + "columnOrder": [ + "031fd53e-b3ed-422e-b50a-6da93afe2752", + "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" + ], + "columns": { + "031fd53e-b3ed-422e-b50a-6da93afe2752": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } + "6fb9dc4a-1056-4e74-a4e4-a469941b6efa": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47e0f438-1420-40d4-a779-1845993eb7ea": { - "columnOrder": [ - "031fd53e-b3ed-422e-b50a-6da93afe2752", - "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" - ], - "columns": { - "031fd53e-b3ed-422e-b50a-6da93afe2752": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "6fb9dc4a-1056-4e74-a4e4-a469941b6efa": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"mimecast.dlp_logs\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" - ], - "layerId": "47e0f438-1420-40d4-a779-1845993eb7ea", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "031fd53e-b3ed-422e-b50a-6da93afe2752" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"mimecast.dlp_logs\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "15971769-d6c7-4cbd-a65b-41773cac89f9", - "w": 48, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "15971769-d6c7-4cbd-a65b-41773cac89f9", - "title": "DLP Logs Over Time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0fff056b-7794-4070-8170-3657002b9253": { - "columnOrder": [ - "e4eb146d-7546-4a24-ae35-eb2824b345a2", - "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" - ], - "columns": { - "c9c6ab54-8f0d-49b4-bf62-33f88decd52c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e4eb146d-7546-4a24-ae35-eb2824b345a2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Actions", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e4eb146d-7546-4a24-ae35-eb2824b345a2" - }, - { - "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" - } - ], - "layerId": "0fff056b-7794-4070-8170-3657002b9253", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", - "w": 24, - "x": 0, - "y": 15 + "layers": [ + { + "accessors": [ + "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" + ], + "layerId": "47e0f438-1420-40d4-a779-1845993eb7ea", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "031fd53e-b3ed-422e-b50a-6da93afe2752" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "panelIndex": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", - "title": "DLP Logs - Action taken on message", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "854e5002-cd2e-466a-ba28-04e926663f66": { - "columnOrder": [ - "5745adf7-04d2-4886-8dad-897d57705772", - "b9e528af-178d-488b-8997-fbaf60f2e4aa" - ], - "columns": { - "5745adf7-04d2-4886-8dad-897d57705772": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Policies", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "rule.name" - }, - "b9e528af-178d-488b-8997-fbaf60f2e4aa": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "5745adf7-04d2-4886-8dad-897d57705772" - }, - { - "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa" - } - ], - "layerId": "854e5002-cd2e-466a-ba28-04e926663f66", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", - "w": 24, - "x": 24, - "y": 15 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", - "title": "DLP Logs - Policies triggered", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0f5b8670-33ce-47e6-ac1f-b29f55afaf24": { - "columnOrder": [ - "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", - "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1" - ], - "columns": { - "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7f11f183-c159-43db-8b95-cbb8fd2d8fd7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Senders", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.from.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", - "isTransposed": false - }, - { - "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", - "isTransposed": false - } - ], - "layerId": "0f5b8670-33ce-47e6-ac1f-b29f55afaf24", - "layerType": "data", - "sorting": { - "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", - "direction": "desc" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "4a088ba2-68ed-418a-b167-7db8a7c592c2", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "4a088ba2-68ed-418a-b167-7db8a7c592c2", - "title": "DLP Logs - Senders that triggered DLP Policies", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] DLP Logs Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "15971769-d6c7-4cbd-a65b-41773cac89f9", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "15971769-d6c7-4cbd-a65b-41773cac89f9", + "title": "DLP Logs Over Time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0fff056b-7794-4070-8170-3657002b9253": { + "columnOrder": [ + "e4eb146d-7546-4a24-ae35-eb2824b345a2", + "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" + ], + "columns": { + "c9c6ab54-8f0d-49b4-bf62-33f88decd52c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e4eb146d-7546-4a24-ae35-eb2824b345a2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Actions", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e4eb146d-7546-4a24-ae35-eb2824b345a2" + }, + { + "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" + } + ], + "layerId": "0fff056b-7794-4070-8170-3657002b9253", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", - "type": "index-pattern" + "panelIndex": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", + "title": "DLP Logs - Action taken on message", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "854e5002-cd2e-466a-ba28-04e926663f66": { + "columnOrder": [ + "5745adf7-04d2-4886-8dad-897d57705772", + "b9e528af-178d-488b-8997-fbaf60f2e4aa" + ], + "columns": { + "5745adf7-04d2-4886-8dad-897d57705772": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Policies", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "rule.name" + }, + "b9e528af-178d-488b-8997-fbaf60f2e4aa": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "5745adf7-04d2-4886-8dad-897d57705772" + }, + { + "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa" + } + ], + "layerId": "854e5002-cd2e-466a-ba28-04e926663f66", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", + "title": "DLP Logs - Policies triggered", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0f5b8670-33ce-47e6-ac1f-b29f55afaf24": { + "columnOrder": [ + "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", + "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1" + ], + "columns": { + "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "7f11f183-c159-43db-8b95-cbb8fd2d8fd7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Senders", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.from.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", + "isTransposed": false + }, + { + "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", + "isTransposed": false + } + ], + "layerId": "0f5b8670-33ce-47e6-ac1f-b29f55afaf24", + "layerType": "data", + "sorting": { + "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", + "direction": "desc" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "4a088ba2-68ed-418a-b167-7db8a7c592c2", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:filter-index-pattern-0", - "type": "index-pattern" - } + "panelIndex": "4a088ba2-68ed-418a-b167-7db8a7c592c2", + "title": "DLP Logs - Senders that triggered DLP Policies", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] DLP Logs Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:filter-index-pattern-0", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json index 192c6a51525..a51c88ad440 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json @@ -1,387 +1,392 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_customer" - }, - "type": "phrase" + "id": "mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_customer" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_customer" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "399531fb-a3b2-4881-aa91-9b3f9e7d34e7": { + "columnOrder": [ + "d17db96e-f800-4bb6-ad48-2f10d7c1fc34", + "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" + ], + "columns": { + "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_customer" - } + "d17db96e-f800-4bb6-ad48-2f10d7c1fc34": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "399531fb-a3b2-4881-aa91-9b3f9e7d34e7": { - "columnOrder": [ - "d17db96e-f800-4bb6-ad48-2f10d7c1fc34", - "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" - ], - "columns": { - "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d17db96e-f800-4bb6-ad48-2f10d7c1fc34": { - "customLabel": true, - "dataType": "date", - "isBucketed": true, - "label": "timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_customer" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_customer" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" - ], - "layerId": "399531fb-a3b2-4881-aa91-9b3f9e7d34e7", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "d17db96e-f800-4bb6-ad48-2f10d7c1fc34" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_customer" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_customer" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", - "w": 24, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", - "title": "[[Mimecast] Threat Intel Feed Targeted - over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "662c8260-62a4-4b11-8942-e7900c2fb1bb": { - "columnOrder": [ - "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b", - "7c2cbcee-2579-4971-a811-12bbb4815d9e" - ], - "columns": { - "7c2cbcee-2579-4971-a811-12bbb4815d9e": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of threat.indicator.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "threat.indicator.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_customer" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_customer" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b" - }, - { - "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e" - } - ], - "layerId": "662c8260-62a4-4b11-8942-e7900c2fb1bb", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", - "w": 24, - "x": 24, - "y": 0 + "layers": [ + { + "accessors": [ + "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" + ], + "layerId": "399531fb-a3b2-4881-aa91-9b3f9e7d34e7", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "d17db96e-f800-4bb6-ad48-2f10d7c1fc34" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "43ba8519-c31d-4884-861e-34bae3c8a782", - "w": 48, - "x": 0, - "y": 15 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "43ba8519-c31d-4884-861e-34bae3c8a782", - "panelRefName": "panel_43ba8519-c31d-4884-861e-34bae3c8a782", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Threat Intel Feed - Targeted Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", + "w": 24, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", + "title": "[[Mimecast] Threat Intel Feed Targeted - over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "662c8260-62a4-4b11-8942-e7900c2fb1bb": { + "columnOrder": [ + "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b", + "7c2cbcee-2579-4971-a811-12bbb4815d9e" + ], + "columns": { + "7c2cbcee-2579-4971-a811-12bbb4815d9e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of threat.indicator.type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "threat.indicator.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_customer" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_customer" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b" + }, + { + "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e" + } + ], + "layerId": "662c8260-62a4-4b11-8942-e7900c2fb1bb", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", + "w": 24, + "x": 24, + "y": 0 }, - { - "id": "logs-*", - "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", - "type": "index-pattern" + "panelIndex": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "43ba8519-c31d-4884-861e-34bae3c8a782", + "w": 48, + "x": 0, + "y": 15 }, - { - "id": "mimecast-bfb8e8f0-4084-11ec-b8da-95c3fba730d0", - "name": "43ba8519-c31d-4884-861e-34bae3c8a782:panel_43ba8519-c31d-4884-861e-34bae3c8a782", - "type": "search" - } + "panelIndex": "43ba8519-c31d-4884-861e-34bae3c8a782", + "panelRefName": "panel_43ba8519-c31d-4884-861e-34bae3c8a782", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Threat Intel Feed - Targeted Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "mimecast-bfb8e8f0-4084-11ec-b8da-95c3fba730d0", + "name": "43ba8519-c31d-4884-861e-34bae3c8a782:panel_43ba8519-c31d-4884-861e-34bae3c8a782", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json index ae549845dc2..98978a6871d 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json @@ -1,392 +1,397 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_grid" - }, - "type": "phrase" + "id": "mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_grid" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_grid" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "482f4c89-6ca6-4520-826e-876c0256ae1b": { + "columnOrder": [ + "6035b29a-145b-48c5-9faf-0d33060bfda0", + "26106801-2a8f-464c-9a0e-439bb734b16b" + ], + "columns": { + "26106801-2a8f-464c-9a0e-439bb734b16b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_grid" - } + "6035b29a-145b-48c5-9faf-0d33060bfda0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "482f4c89-6ca6-4520-826e-876c0256ae1b": { - "columnOrder": [ - "6035b29a-145b-48c5-9faf-0d33060bfda0", - "26106801-2a8f-464c-9a0e-439bb734b16b" - ], - "columns": { - "26106801-2a8f-464c-9a0e-439bb734b16b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6035b29a-145b-48c5-9faf-0d33060bfda0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_grid" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_grid" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "26106801-2a8f-464c-9a0e-439bb734b16b" - ], - "layerId": "482f4c89-6ca6-4520-826e-876c0256ae1b", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "6035b29a-145b-48c5-9faf-0d33060bfda0" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_grid" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_grid" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 16, - "i": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", - "w": 22, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", - "title": "[Miemcast] Threat Intel Feed Regional- over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "231039d5-8ca6-4e3d-b6ce-304ff967550c": { - "columnOrder": [ - "e751fb41-0eb0-444c-858b-b2ffafe590cf", - "b642290b-f2dd-46a6-8641-ef25b6e6e794" - ], - "columns": { - "b642290b-f2dd-46a6-8641-ef25b6e6e794": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e751fb41-0eb0-444c-858b-b2ffafe590cf": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Indicator", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "threat.indicator.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_grid" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_grid" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e751fb41-0eb0-444c-858b-b2ffafe590cf" - }, - { - "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794" - } - ], - "layerId": "231039d5-8ca6-4e3d-b6ce-304ff967550c", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 16, - "i": "c4041140-c71a-446f-bc68-3e3593202832", - "w": 25, - "x": 22, - "y": 0 + "layers": [ + { + "accessors": [ + "26106801-2a8f-464c-9a0e-439bb734b16b" + ], + "layerId": "482f4c89-6ca6-4520-826e-876c0256ae1b", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "6035b29a-145b-48c5-9faf-0d33060bfda0" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "c4041140-c71a-446f-bc68-3e3593202832", - "title": "[Regional] Threat Intel Feed Regional - count by indicator", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 22, - "i": "44ba0d50-0c94-4053-8364-058f0c5a6916", - "w": 47, - "x": 0, - "y": 16 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "44ba0d50-0c94-4053-8364-058f0c5a6916", - "panelRefName": "panel_44ba0d50-0c94-4053-8364-058f0c5a6916", - "title": "[Mimecast] Threat Intel Feed Regional - Most recent logs", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Threat Intel Feed - Regional Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", - "type": "index-pattern" + "gridData": { + "h": 16, + "i": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", + "w": 22, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", + "title": "[Miemcast] Threat Intel Feed Regional- over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "231039d5-8ca6-4e3d-b6ce-304ff967550c": { + "columnOrder": [ + "e751fb41-0eb0-444c-858b-b2ffafe590cf", + "b642290b-f2dd-46a6-8641-ef25b6e6e794" + ], + "columns": { + "b642290b-f2dd-46a6-8641-ef25b6e6e794": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e751fb41-0eb0-444c-858b-b2ffafe590cf": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Indicator", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "threat.indicator.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_grid" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_grid" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e751fb41-0eb0-444c-858b-b2ffafe590cf" + }, + { + "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794" + } + ], + "layerId": "231039d5-8ca6-4e3d-b6ce-304ff967550c", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 16, + "i": "c4041140-c71a-446f-bc68-3e3593202832", + "w": 25, + "x": 22, + "y": 0 }, - { - "id": "logs-*", - "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", - "type": "index-pattern" + "panelIndex": "c4041140-c71a-446f-bc68-3e3593202832", + "title": "[Regional] Threat Intel Feed Regional - count by indicator", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "c4041140-c71a-446f-bc68-3e3593202832:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 22, + "i": "44ba0d50-0c94-4053-8364-058f0c5a6916", + "w": 47, + "x": 0, + "y": 16 }, - { - "id": "mimecast-df42cb00-4084-11ec-b8da-95c3fba730d0", - "name": "44ba0d50-0c94-4053-8364-058f0c5a6916:panel_44ba0d50-0c94-4053-8364-058f0c5a6916", - "type": "search" - } + "panelIndex": "44ba0d50-0c94-4053-8364-058f0c5a6916", + "panelRefName": "panel_44ba0d50-0c94-4053-8364-058f0c5a6916", + "title": "[Mimecast] Threat Intel Feed Regional - Most recent logs", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Threat Intel Feed - Regional Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4041140-c71a-446f-bc68-3e3593202832:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "mimecast-df42cb00-4084-11ec-b8da-95c3fba730d0", + "name": "44ba0d50-0c94-4053-8364-058f0c5a6916:panel_44ba0d50-0c94-4053-8364-058f0c5a6916", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json index 2bd99837fb8..6f4c56a5aa1 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json @@ -1,615 +1,620 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "id": "mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7a34769f-5338-4cf1-8611-76ee68762548": { + "columnOrder": [ + "93e854a1-a782-4a03-97b8-b4f8a98b931e", + "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15", + "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" + ], + "columns": { + "73bd76e9-d764-4c7c-bfb0-71205b4f7df5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" + "93e854a1-a782-4a03-97b8-b4f8a98b931e": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of mimecast.scanResult", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "73bd76e9-d764-4c7c-bfb0-71205b4f7df5", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "mimecast.scanResult" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } + "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7a34769f-5338-4cf1-8611-76ee68762548": { - "columnOrder": [ - "93e854a1-a782-4a03-97b8-b4f8a98b931e", - "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15", - "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" - ], - "columns": { - "73bd76e9-d764-4c7c-bfb0-71205b4f7df5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "93e854a1-a782-4a03-97b8-b4f8a98b931e": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of mimecast.scanResult", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "73bd76e9-d764-4c7c-bfb0-71205b4f7df5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "mimecast.scanResult" - }, - "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15": { - "customLabel": true, - "dataType": "date", - "isBucketed": true, - "label": "timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "curveType": "CURVE_MONOTONE_X", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" - ], - "layerId": "7a34769f-5338-4cf1-8611-76ee68762548", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "93e854a1-a782-4a03-97b8-b4f8a98b931e", - "xAccessor": "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": true - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 14, - "i": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", - "w": 48, - "x": 0, - "y": 0 + "curveType": "CURVE_MONOTONE_X", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", - "title": "Clean vs malicious over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "76a01545-a0d3-4529-9185-e99aa33aa198": { - "columnOrder": [ - "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", - "1e318351-5ec1-484c-8a9f-dd79a8c26759" - ], - "columns": { - "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "url", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "url.original" - }, - "1e318351-5ec1-484c-8a9f-dd79a8c26759": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.scanResult", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.scanResult": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", - "isTransposed": false - }, - { - "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", - "isTransposed": false - } - ], - "layerId": "76a01545-a0d3-4529-9185-e99aa33aa198", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" + ], + "layerId": "7a34769f-5338-4cf1-8611-76ee68762548", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "93e854a1-a782-4a03-97b8-b4f8a98b931e", + "xAccessor": "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": true }, - "gridData": { - "h": 15, - "i": "a4201043-b285-4608-b169-4eae313b2b6c", - "w": 24, - "x": 0, - "y": 14 + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "a4201043-b285-4608-b169-4eae313b2b6c", - "title": "Top malicious URLs", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba": { - "columnOrder": [ - "2b26e9ef-78d9-4173-97fa-ec7526af0773", - "2782be47-0178-4935-ac5b-05c8a15a61f2" - ], - "columns": { - "2782be47-0178-4935-ac5b-05c8a15a61f2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "2b26e9ef-78d9-4173-97fa-ec7526af0773": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "mimecast.category" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.scanResult", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.scanResult": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", + "title": "Clean vs malicious over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "76a01545-a0d3-4529-9185-e99aa33aa198": { + "columnOrder": [ + "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", + "1e318351-5ec1-484c-8a9f-dd79a8c26759" + ], + "columns": { + "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "url", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "2b26e9ef-78d9-4173-97fa-ec7526af0773" - }, - { - "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2" - } - ], - "layerId": "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "url.original" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "1e318351-5ec1-484c-8a9f-dd79a8c26759": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", - "w": 24, - "x": 24, - "y": 14 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } }, - "panelIndex": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", - "title": "Top URL categories", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.scanResult", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.scanResult": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", + "isTransposed": false + }, + { + "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", + "isTransposed": false + } + ], + "layerId": "76a01545-a0d3-4529-9185-e99aa33aa198", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "246c6a37-8605-4c92-8503-0fc545cef56f", - "w": 48, - "x": 0, - "y": 29 - }, - "panelIndex": "246c6a37-8605-4c92-8503-0fc545cef56f", - "panelRefName": "panel_246c6a37-8605-4c92-8503-0fc545cef56f", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] TTP URL Protect Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "a4201043-b285-4608-b169-4eae313b2b6c", + "w": 24, + "x": 0, + "y": 14 }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "a4201043-b285-4608-b169-4eae313b2b6c", + "title": "Top malicious URLs", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba": { + "columnOrder": [ + "2b26e9ef-78d9-4173-97fa-ec7526af0773", + "2782be47-0178-4935-ac5b-05c8a15a61f2" + ], + "columns": { + "2782be47-0178-4935-ac5b-05c8a15a61f2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "2b26e9ef-78d9-4173-97fa-ec7526af0773": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "mimecast.category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.scanResult", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.scanResult": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2b26e9ef-78d9-4173-97fa-ec7526af0773" + }, + { + "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2" + } + ], + "layerId": "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", + "w": 24, + "x": 24, + "y": 14 }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", + "title": "Top URL categories", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-1", - "type": "index-pattern" + "gridData": { + "h": 19, + "i": "246c6a37-8605-4c92-8503-0fc545cef56f", + "w": 48, + "x": 0, + "y": 29 }, - { - "id": "mimecast-fa36c5f0-3fef-11ec-8ace-9fcc35bfe253", - "name": "246c6a37-8605-4c92-8503-0fc545cef56f:panel_246c6a37-8605-4c92-8503-0fc545cef56f", - "type": "search" - } + "panelIndex": "246c6a37-8605-4c92-8503-0fc545cef56f", + "panelRefName": "panel_246c6a37-8605-4c92-8503-0fc545cef56f", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] TTP URL Protect Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "mimecast-fa36c5f0-3fef-11ec-8ace-9fcc35bfe253", + "name": "246c6a37-8605-4c92-8503-0fc545cef56f:panel_246c6a37-8605-4c92-8503-0fc545cef56f", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json index 3ec69fc6c8c..12c6d3f4aa3 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json @@ -1,793 +1,798 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" + "id": "mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7fd2fb45-58d3-499c-8b39-a65a1d337c30": { + "columnOrder": [ + "4c2264ac-1102-43db-b405-02295ddba570", + "29a6d63f-6b9e-42f5-a062-026e264b7905" + ], + "columns": { + "29a6d63f-6b9e-42f5-a062-026e264b7905": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } + "4c2264ac-1102-43db-b405-02295ddba570": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1M" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7fd2fb45-58d3-499c-8b39-a65a1d337c30": { - "columnOrder": [ - "4c2264ac-1102-43db-b405-02295ddba570", - "29a6d63f-6b9e-42f5-a062-026e264b7905" - ], - "columns": { - "29a6d63f-6b9e-42f5-a062-026e264b7905": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "4c2264ac-1102-43db-b405-02295ddba570": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1M" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "29a6d63f-6b9e-42f5-a062-026e264b7905" - ], - "layerId": "7fd2fb45-58d3-499c-8b39-a65a1d337c30", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "4c2264ac-1102-43db-b405-02295ddba570" - } - ], - "legend": { - "isInside": false, - "isVisible": true, - "position": "right", - "showSingleSeries": true - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "29a6d63f-6b9e-42f5-a062-026e264b7905" + ], + "layerId": "7fd2fb45-58d3-499c-8b39-a65a1d337c30", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "4c2264ac-1102-43db-b405-02295ddba570" + } + ], + "legend": { + "isInside": false, + "isVisible": true, + "position": "right", + "showSingleSeries": true + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "0939e1a7-1ed7-41c8-8161-c82ee711824c", - "w": 48, - "x": 0, - "y": 0 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "0939e1a7-1ed7-41c8-8161-c82ee711824c", - "title": "TTP AP Logs- Threats (attachments deemed malicious) over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc987f4b-7570-4117-a216-abb8b85d6a74": { - "columnOrder": [ - "68fb7687-4b9e-4269-9514-d871fd23acf6", - "accab1cb-cf0c-4e6c-94c6-cc50396d0d58" - ], - "columns": { - "68fb7687-4b9e-4269-9514-d871fd23acf6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Malicious files extensions", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.attachments.file.extension" - }, - "accab1cb-cf0c-4e6c-94c6-cc50396d0d58": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "0939e1a7-1ed7-41c8-8161-c82ee711824c", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "0939e1a7-1ed7-41c8-8161-c82ee711824c", + "title": "TTP AP Logs- Threats (attachments deemed malicious) over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc987f4b-7570-4117-a216-abb8b85d6a74": { + "columnOrder": [ + "68fb7687-4b9e-4269-9514-d871fd23acf6", + "accab1cb-cf0c-4e6c-94c6-cc50396d0d58" + ], + "columns": { + "68fb7687-4b9e-4269-9514-d871fd23acf6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Malicious files extensions", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "68fb7687-4b9e-4269-9514-d871fd23acf6", - "isTransposed": false - }, - { - "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", - "isTransposed": false - } - ], - "layerId": "cc987f4b-7570-4117-a216-abb8b85d6a74", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.attachments.file.extension" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "accab1cb-cf0c-4e6c-94c6-cc50396d0d58": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", - "w": 24, - "x": 0, - "y": 15 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } }, - "panelIndex": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", - "title": "TTP AP Logs - Threat extension types", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "68fb7687-4b9e-4269-9514-d871fd23acf6", + "isTransposed": false + }, + { + "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", + "isTransposed": false + } + ], + "layerId": "cc987f4b-7570-4117-a216-abb8b85d6a74", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "675873f9-5e65-4f7d-a731-1e5170a98700": { - "columnOrder": [ - "a413b181-ad13-4316-97ad-f563a54dd33d", - "757fdc1e-7a28-470c-a730-e3b9a67ec253" - ], - "columns": { - "757fdc1e-7a28-470c-a730-e3b9a67ec253": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "a413b181-ad13-4316-97ad-f563a54dd33d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threats detected by recipients", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "a413b181-ad13-4316-97ad-f563a54dd33d", - "isTransposed": false - }, - { - "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", - "isTransposed": false - } - ], - "layerId": "675873f9-5e65-4f7d-a731-1e5170a98700", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", + "title": "TTP AP Logs - Threat extension types", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "675873f9-5e65-4f7d-a731-1e5170a98700": { + "columnOrder": [ + "a413b181-ad13-4316-97ad-f563a54dd33d", + "757fdc1e-7a28-470c-a730-e3b9a67ec253" + ], + "columns": { + "757fdc1e-7a28-470c-a730-e3b9a67ec253": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "a413b181-ad13-4316-97ad-f563a54dd33d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threats detected by recipients", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "8d907c29-dd68-4333-9e75-562f38046280", - "w": 24, - "x": 24, - "y": 15 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } }, - "panelIndex": "8d907c29-dd68-4333-9e75-562f38046280", - "title": "TTP AP Logs - Threat detected by recipients", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "a413b181-ad13-4316-97ad-f563a54dd33d", + "isTransposed": false + }, + { + "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", + "isTransposed": false + } + ], + "layerId": "675873f9-5e65-4f7d-a731-1e5170a98700", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "55f1e965-a3d5-4941-820e-46277d3f3cba": { - "columnOrder": [ - "2984698c-20fb-4eca-975b-a42fcb4136a4", - "839e65a6-2bfb-4b3a-aa86-044a081338bf" - ], - "columns": { - "2984698c-20fb-4eca-975b-a42fcb4136a4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Senders", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.from.address" - }, - "839e65a6-2bfb-4b3a-aa86-044a081338bf": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "8d907c29-dd68-4333-9e75-562f38046280", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "8d907c29-dd68-4333-9e75-562f38046280", + "title": "TTP AP Logs - Threat detected by recipients", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "55f1e965-a3d5-4941-820e-46277d3f3cba": { + "columnOrder": [ + "2984698c-20fb-4eca-975b-a42fcb4136a4", + "839e65a6-2bfb-4b3a-aa86-044a081338bf" + ], + "columns": { + "2984698c-20fb-4eca-975b-a42fcb4136a4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Senders", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "2984698c-20fb-4eca-975b-a42fcb4136a4" - }, - { - "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf" - } - ], - "layerId": "55f1e965-a3d5-4941-820e-46277d3f3cba", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.from.address" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "839e65a6-2bfb-4b3a-aa86-044a081338bf": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c3a2a774-3d5f-42a3-be87-694d768aaf92", - "w": 24, - "x": 0, - "y": 30 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } }, - "panelIndex": "c3a2a774-3d5f-42a3-be87-694d768aaf92", - "title": "TTP AP Logs - Threat detected by senders", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2984698c-20fb-4eca-975b-a42fcb4136a4" + }, + { + "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf" + } + ], + "layerId": "55f1e965-a3d5-4941-820e-46277d3f3cba", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3da0947d-f5e2-4c52-8577-d313a6256c84", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "3da0947d-f5e2-4c52-8577-d313a6256c84", - "panelRefName": "panel_3da0947d-f5e2-4c52-8577-d313a6256c84", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-30d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] TTP Attachment Protect Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-0", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-1", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "c3a2a774-3d5f-42a3-be87-694d768aaf92", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "c3a2a774-3d5f-42a3-be87-694d768aaf92", + "title": "TTP AP Logs - Threat detected by senders", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "3da0947d-f5e2-4c52-8577-d313a6256c84", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "mimecast-9749a210-3e4a-11ec-80fa-4dfb04910642", - "name": "3da0947d-f5e2-4c52-8577-d313a6256c84:panel_3da0947d-f5e2-4c52-8577-d313a6256c84", - "type": "search" - } + "panelIndex": "3da0947d-f5e2-4c52-8577-d313a6256c84", + "panelRefName": "panel_3da0947d-f5e2-4c52-8577-d313a6256c84", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] TTP Attachment Protect Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "mimecast-9749a210-3e4a-11ec-80fa-4dfb04910642", + "name": "3da0947d-f5e2-4c52-8577-d313a6256c84:panel_3da0947d-f5e2-4c52-8577-d313a6256c84", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json index 55c14d54ee1..277e6300e3c 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json @@ -1,650 +1,655 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } + "id": "mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3732d54a-b698-4a66-baef-5d0674eff6c9": { + "columnOrder": [ + "eaf6d751-71b7-431a-b597-6f58857c0ea9" + ], + "columns": { + "eaf6d751-71b7-431a-b597-6f58857c0ea9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "users logged on", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3732d54a-b698-4a66-baef-5d0674eff6c9": { - "columnOrder": [ - "eaf6d751-71b7-431a-b597-6f58857c0ea9" - ], - "columns": { - "eaf6d751-71b7-431a-b597-6f58857c0ea9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "users logged on", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.action", - "negate": false, - "params": { - "query": "user-logged-on" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "user-logged-on" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "eaf6d751-71b7-431a-b597-6f58857c0ea9", - "layerId": "3732d54a-b698-4a66-baef-5d0674eff6c9", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "0668cb1c-3653-44fd-9011-207eee1d886c", - "w": 24, - "x": 0, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } }, - "panelIndex": "0668cb1c-3653-44fd-9011-207eee1d886c", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.action", + "negate": false, + "params": { + "query": "user-logged-on" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "user-logged-on" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "eaf6d751-71b7-431a-b597-6f58857c0ea9", + "layerId": "3732d54a-b698-4a66-baef-5d0674eff6c9", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d1772930-cd84-4843-ad0d-64b5bf4d1e9c": { - "columnOrder": [ - "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902" - ], - "columns": { - "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "login failed attempts", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.action", - "negate": false, - "params": { - "query": "logon-authentication-failed" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "logon-authentication-failed" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902", - "layerId": "d1772930-cd84-4843-ad0d-64b5bf4d1e9c", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "0668cb1c-3653-44fd-9011-207eee1d886c", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "0668cb1c-3653-44fd-9011-207eee1d886c", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d1772930-cd84-4843-ad0d-64b5bf4d1e9c": { + "columnOrder": [ + "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902" + ], + "columns": { + "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "login failed attempts", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7c8c2048-f7b1-42f5-8558-61efea1be46d", - "w": 24, - "x": 24, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } }, - "panelIndex": "7c8c2048-f7b1-42f5-8558-61efea1be46d", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.action", + "negate": false, + "params": { + "query": "logon-authentication-failed" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "logon-authentication-failed" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902", + "layerId": "d1772930-cd84-4843-ad0d-64b5bf4d1e9c", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6": { - "columnOrder": [ - "13c9775c-4b14-4314-a394-e97ffc0e1499", - "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", - "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", - "01f5144f-929b-4f88-8a0e-995d804e0037" - ], - "columns": { - "01f5144f-929b-4f88-8a0e-995d804e0037": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "src", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "client.ip" - }, - "13c9775c-4b14-4314-a394-e97ffc0e1499": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "user", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user.email" - }, - "a7feab8c-0abd-49eb-96cb-f7a351fa44d3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "app", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "mimecast.application" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "7c8c2048-f7b1-42f5-8558-61efea1be46d", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "7c8c2048-f7b1-42f5-8558-61efea1be46d", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6": { + "columnOrder": [ + "13c9775c-4b14-4314-a394-e97ffc0e1499", + "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", + "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", + "01f5144f-929b-4f88-8a0e-995d804e0037" + ], + "columns": { + "01f5144f-929b-4f88-8a0e-995d804e0037": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "src", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.action", - "negate": false, - "params": { - "query": "logon-authentication-failed" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "logon-authentication-failed" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"mimecast.audit_events\" " + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "client.ip" + }, + "13c9775c-4b14-4314-a394-e97ffc0e1499": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "user", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "13c9775c-4b14-4314-a394-e97ffc0e1499", - "isTransposed": false - }, - { - "columnId": "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", - "isTransposed": false - }, - { - "columnId": "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", - "isTransposed": false - }, - { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "isTransposed": false - } - ], - "layerId": "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user.email" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "a7feab8c-0abd-49eb-96cb-f7a351fa44d3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "app", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "mimecast.application" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f6516880-2d97-4b93-87bb-92f35c377e3b", - "w": 24, - "x": 0, - "y": 15 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } }, - "panelIndex": "f6516880-2d97-4b93-87bb-92f35c377e3b", - "title": "[Mimecast] Failed authentication by user, app and src", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"6d200d4d-9645-457c-82ee-84bfb2da30ca\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"client.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"d0374776-f76c-46ed-a656-a0a35583a2ba\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"84b4eec1-9626-4236-8164-b59027952799\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[]}]", - "mapStateJSON": "{\"zoom\":0.83,\"center\":{\"lon\":4.00755,\"lat\":40.62529},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"data_stream.dataset\",\"params\":{\"query\":\"mimecast.audit_events\"}},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"mimecast.audit_events\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"logon-authentication-failed\"}},\"query\":{\"match_phrase\":{\"event.action\":\"logon-authentication-failed\"}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 180, - "minLat": -85.05113, - "minLon": -180 - }, - "mapCenter": { - "lat": 45.66276, - "lon": 4.00755, - "zoom": 0.83 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.action", + "negate": false, + "params": { + "query": "logon-authentication-failed" }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "314e1d17-5eaf-4341-854a-2956bbef1870", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "314e1d17-5eaf-4341-854a-2956bbef1870", - "title": "[Mimecast] Failed authentication by country", - "type": "map", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "panelRefName": "panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "type": "search", - "version": "7.16.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "logon-authentication-failed" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"mimecast.audit_events\" " + }, + "visualization": { + "columns": [ + { + "columnId": "13c9775c-4b14-4314-a394-e97ffc0e1499", + "isTransposed": false + }, + { + "columnId": "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", + "isTransposed": false + }, + { + "columnId": "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", + "isTransposed": false + }, + { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "isTransposed": false + } + ], + "layerId": "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8b954556-f449-4d03-88c5-9ba86af34244", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "8b954556-f449-4d03-88c5-9ba86af34244", - "panelRefName": "panel_8b954556-f449-4d03-88c5-9ba86af34244", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Access Logs Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "f6516880-2d97-4b93-87bb-92f35c377e3b", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", - "type": "index-pattern" + "panelIndex": "f6516880-2d97-4b93-87bb-92f35c377e3b", + "title": "[Mimecast] Failed authentication by user, app and src", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"6d200d4d-9645-457c-82ee-84bfb2da30ca\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"client.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"d0374776-f76c-46ed-a656-a0a35583a2ba\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"84b4eec1-9626-4236-8164-b59027952799\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[]}]", + "mapStateJSON": "{\"zoom\":0.83,\"center\":{\"lon\":4.00755,\"lat\":40.62529},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"data_stream.dataset\",\"params\":{\"query\":\"mimecast.audit_events\"}},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"mimecast.audit_events\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"logon-authentication-failed\"}},\"query\":{\"match_phrase\":{\"event.action\":\"logon-authentication-failed\"}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 180, + "minLat": -85.05113, + "minLon": -180 + }, + "mapCenter": { + "lat": 45.66276, + "lon": 4.00755, + "zoom": 0.83 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "314e1d17-5eaf-4341-854a-2956bbef1870", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-1", - "type": "index-pattern" + "panelIndex": "314e1d17-5eaf-4341-854a-2956bbef1870", + "title": "[Mimecast] Failed authentication by country", + "type": "map", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", - "type": "index-pattern" + "panelIndex": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "panelRefName": "panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "type": "search", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "8b954556-f449-4d03-88c5-9ba86af34244", + "w": 48, + "x": 0, + "y": 45 }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "314e1d17-5eaf-4341-854a-2956bbef1870:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "mimecast-0d8b0660-3fdd-11ec-8ace-9fcc35bfe253", - "name": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79:panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "type": "search" - }, - { - "id": "mimecast-96ac7780-541e-11ec-bd43-b5e1f9a9c8d5", - "name": "8b954556-f449-4d03-88c5-9ba86af34244:panel_8b954556-f449-4d03-88c5-9ba86af34244", - "type": "search" - } + "panelIndex": "8b954556-f449-4d03-88c5-9ba86af34244", + "panelRefName": "panel_8b954556-f449-4d03-88c5-9ba86af34244", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Access Logs Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "314e1d17-5eaf-4341-854a-2956bbef1870:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "mimecast-0d8b0660-3fdd-11ec-8ace-9fcc35bfe253", + "name": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79:panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "type": "search" + }, + { + "id": "mimecast-96ac7780-541e-11ec-bd43-b5e1f9a9c8d5", + "name": "8b954556-f449-4d03-88c5-9ba86af34244:panel_8b954556-f449-4d03-88c5-9ba86af34244", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json index 04a30656e68..b5220910684 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json @@ -1,846 +1,851 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "id": "mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1faf17aa-0298-4830-a031-00f1b48435b6": { + "columnOrder": [ + "95cdbe62-23e4-43ee-9bab-123bfc4a3e68", + "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", + "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" + ], + "columns": { + "2611cbf0-c905-44cc-a98e-25fbdcd5dbee": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" + "95cdbe62-23e4-43ee-9bab-123bfc4a3e68": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } + "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of email.direction", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2611cbf0-c905-44cc-a98e-25fbdcd5dbee", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 4 + }, + "scale": "ordinal", + "sourceField": "email.direction" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1faf17aa-0298-4830-a031-00f1b48435b6": { - "columnOrder": [ - "95cdbe62-23e4-43ee-9bab-123bfc4a3e68", - "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", - "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" - ], - "columns": { - "2611cbf0-c905-44cc-a98e-25fbdcd5dbee": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "95cdbe62-23e4-43ee-9bab-123bfc4a3e68": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of email.direction", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2611cbf0-c905-44cc-a98e-25fbdcd5dbee", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 4 - }, - "scale": "ordinal", - "sourceField": "email.direction" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" - ], - "layerId": "1faf17aa-0298-4830-a031-00f1b48435b6", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", - "xAccessor": "95cdbe62-23e4-43ee-9bab-123bfc4a3e68" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" + ], + "layerId": "1faf17aa-0298-4830-a031-00f1b48435b6", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", + "xAccessor": "95cdbe62-23e4-43ee-9bab-123bfc4a3e68" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 13, - "i": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", - "w": 48, - "x": 0, - "y": 0 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", - "title": "SIEM Logs - Email Activity Summary", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8a4f8003-e917-44ab-9b50-c46553bacd59": { - "columnOrder": [ - "aaa283a2-4c24-432c-b7f3-a3304e800b51", - "826ba46a-7476-493d-a256-c717d69e7d2b" - ], - "columns": { - "826ba46a-7476-493d-a256-c717d69e7d2b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "aaa283a2-4c24-432c-b7f3-a3304e800b51": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Held Reasons", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.reason" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.log_type", - "negate": false, - "params": { - "query": "process" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.log_type": "process" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.action", - "negate": false, - "params": { - "query": "Hld" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "Hld" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "aaa283a2-4c24-432c-b7f3-a3304e800b51", - "isTransposed": false - }, - { - "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", - "isTransposed": false - } - ], - "layerId": "8a4f8003-e917-44ab-9b50-c46553bacd59", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", + "title": "SIEM Logs - Email Activity Summary", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8a4f8003-e917-44ab-9b50-c46553bacd59": { + "columnOrder": [ + "aaa283a2-4c24-432c-b7f3-a3304e800b51", + "826ba46a-7476-493d-a256-c717d69e7d2b" + ], + "columns": { + "826ba46a-7476-493d-a256-c717d69e7d2b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "aaa283a2-4c24-432c-b7f3-a3304e800b51": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Held Reasons", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.reason" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } }, - "gridData": { - "h": 15, - "i": "3031d781-05b7-4504-b23b-bd4d3233b22b", - "w": 24, - "x": 24, - "y": 13 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.log_type", + "negate": false, + "params": { + "query": "process" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.log_type": "process" + } + } }, - "panelIndex": "3031d781-05b7-4504-b23b-bd4d3233b22b", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.action", + "negate": false, + "params": { + "query": "Hld" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "Hld" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "aaa283a2-4c24-432c-b7f3-a3304e800b51", + "isTransposed": false + }, + { + "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", + "isTransposed": false + } + ], + "layerId": "8a4f8003-e917-44ab-9b50-c46553bacd59", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "87e37d53-70f7-4337-86ed-832fcb7f9383": { - "columnOrder": [ - "482922c8-4843-45af-9b42-01c50685bfbe", - "9643e088-9c36-476d-a969-244e0d2ecc23" - ], - "columns": { - "482922c8-4843-45af-9b42-01c50685bfbe": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Delivery Failures", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "error.type" - }, - "9643e088-9c36-476d-a969-244e0d2ecc23": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.log_type", - "negate": false, - "params": { - "query": "delivery" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.log_type": "delivery" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3031d781-05b7-4504-b23b-bd4d3233b22b", + "w": 24, + "x": 24, + "y": 13 + }, + "panelIndex": "3031d781-05b7-4504-b23b-bd4d3233b22b", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "87e37d53-70f7-4337-86ed-832fcb7f9383": { + "columnOrder": [ + "482922c8-4843-45af-9b42-01c50685bfbe", + "9643e088-9c36-476d-a969-244e0d2ecc23" + ], + "columns": { + "482922c8-4843-45af-9b42-01c50685bfbe": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Delivery Failures", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "482922c8-4843-45af-9b42-01c50685bfbe", - "isTransposed": false - }, - { - "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", - "isTransposed": false - } - ], - "layerId": "87e37d53-70f7-4337-86ed-832fcb7f9383", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "error.type" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "9643e088-9c36-476d-a969-244e0d2ecc23": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } }, - "gridData": { - "h": 15, - "i": "a6ffda35-4fc4-4204-92c3-45d473823e00", - "w": 24, - "x": 0, - "y": 13 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.log_type", + "negate": false, + "params": { + "query": "delivery" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.log_type": "delivery" + } + } }, - "panelIndex": "a6ffda35-4fc4-4204-92c3-45d473823e00", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "482922c8-4843-45af-9b42-01c50685bfbe", + "isTransposed": false + }, + { + "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", + "isTransposed": false + } + ], + "layerId": "87e37d53-70f7-4337-86ed-832fcb7f9383", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e55c6dff-df9b-4c78-96e4-af36202efbde": { - "columnOrder": [ - "f8efadab-8604-4947-8ef2-7f0d38db76f4", - "7f83a56b-b863-482d-962d-78a2e36940d5" - ], - "columns": { - "7f83a56b-b863-482d-962d-78a2e36940d5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f8efadab-8604-4947-8ef2-7f0d38db76f4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rejections reasons", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "error.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.log_type", - "negate": false, - "params": { - "query": "receipt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.log_type": "receipt" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.action", - "negate": false, - "params": { - "query": "Rej" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "Rej" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "f8efadab-8604-4947-8ef2-7f0d38db76f4" - }, - { - "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5" - } - ], - "layerId": "e55c6dff-df9b-4c78-96e4-af36202efbde", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "a6ffda35-4fc4-4204-92c3-45d473823e00", + "w": 24, + "x": 0, + "y": 13 + }, + "panelIndex": "a6ffda35-4fc4-4204-92c3-45d473823e00", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e55c6dff-df9b-4c78-96e4-af36202efbde": { + "columnOrder": [ + "f8efadab-8604-4947-8ef2-7f0d38db76f4", + "7f83a56b-b863-482d-962d-78a2e36940d5" + ], + "columns": { + "7f83a56b-b863-482d-962d-78a2e36940d5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "f8efadab-8604-4947-8ef2-7f0d38db76f4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rejections reasons", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "error.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } }, - "gridData": { - "h": 15, - "i": "b356a564-3af3-4721-8885-930f4933fda7", - "w": 24, - "x": 0, - "y": 28 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.log_type", + "negate": false, + "params": { + "query": "receipt" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.log_type": "receipt" + } + } }, - "panelIndex": "b356a564-3af3-4721-8885-930f4933fda7", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] SIEM Logs Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-0", - "type": "index-pattern" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.action", + "negate": false, + "params": { + "query": "Rej" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "Rej" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "f8efadab-8604-4947-8ef2-7f0d38db76f4" + }, + { + "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5" + } + ], + "layerId": "e55c6dff-df9b-4c78-96e4-af36202efbde", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-1", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "b356a564-3af3-4721-8885-930f4933fda7", + "w": 24, + "x": 0, + "y": 28 }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-2", - "type": "index-pattern" - } + "panelIndex": "b356a564-3af3-4721-8885-930f4933fda7", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] SIEM Logs Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-2", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json index c364e05a05d..57798fd1317 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json @@ -1,509 +1,1104 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } + "id": "mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "10e24b74-6c1f-40d2-8d40-2ec39d2a437a": { + "columnOrder": [ + "922203eb-f986-4d8a-b662-c61723b140f5" + ], + "columns": { + "922203eb-f986-4d8a-b662-c61723b140f5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "fd58ca0b-aae6-4d02-9582-4431487f676d", - "w": 10, - "x": 0, - "y": 0 + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "fd58ca0b-aae6-4d02-9582-4431487f676d", - "panelRefName": "panel_fd58ca0b-aae6-4d02-9582-4431487f676d", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "similar_internal_domain" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "similar_internal_domain" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "922203eb-f986-4d8a-b662-c61723b140f5", + "layerId": "10e24b74-6c1f-40d2-8d40-2ec39d2a437a", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "w": 9, - "x": 10, - "y": 0 + "title": "[Mimecast] SimilarInternalDomain", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-10e24b74-6c1f-40d2-8d40-2ec39d2a437a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "fd58ca0b-aae6-4d02-9582-4431487f676d", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "fd58ca0b-aae6-4d02-9582-4431487f676d", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad": { + "columnOrder": [ + "45ed899d-b0ba-4c0e-92f3-3b1331be047c" + ], + "columns": { + "45ed899d-b0ba-4c0e-92f3-3b1331be047c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "panelRefName": "panel_228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "reply_address_mismatch" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "reply_address_mismatch" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"mimecast.ttp_ip_logs\" and mimecast.identifiers :\"reply_address_mismatch\" " + }, + "visualization": { + "accessor": "45ed899d-b0ba-4c0e-92f3-3b1331be047c", + "layerId": "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "3de39cd9-d890-4300-848f-934dad8dc0e6", - "w": 9, - "x": 19, - "y": 0 + "title": "[Mimecast] ReplyAddressMismatchCount", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", + "w": 9, + "x": 10, + "y": 0 + }, + "panelIndex": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2765d4bc-f979-4fab-9c1c-f1dd817397a9": { + "columnOrder": [ + "d26907e8-8968-43cf-bec1-174a1eb2e58c" + ], + "columns": { + "d26907e8-8968-43cf-bec1-174a1eb2e58c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "3de39cd9-d890-4300-848f-934dad8dc0e6", - "panelRefName": "panel_3de39cd9-d890-4300-848f-934dad8dc0e6", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "internal_user_name" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "internal_user_name" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "d26907e8-8968-43cf-bec1-174a1eb2e58c", + "layerId": "2765d4bc-f979-4fab-9c1c-f1dd817397a9", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "7b3289f7-cccd-4246-8927-befc10b8ec24", - "w": 9, - "x": 28, - "y": 0 + "title": "[Mimecast] InternalUserName", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2765d4bc-f979-4fab-9c1c-f1dd817397a9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "3de39cd9-d890-4300-848f-934dad8dc0e6", + "w": 9, + "x": 19, + "y": 0 + }, + "panelIndex": "3de39cd9-d890-4300-848f-934dad8dc0e6", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa": { + "columnOrder": [ + "5def3667-368a-4501-bd58-e87f1388d33a" + ], + "columns": { + "5def3667-368a-4501-bd58-e87f1388d33a": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "7b3289f7-cccd-4246-8927-befc10b8ec24", - "panelRefName": "panel_7b3289f7-cccd-4246-8927-befc10b8ec24", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "newly_observed_domain" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "newly_observed_domain" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "5def3667-368a-4501-bd58-e87f1388d33a", + "layerId": "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "8df60631-ed88-490d-952b-33926d251709", - "w": 10, - "x": 37, - "y": 0 + "title": "[Mimecast] NewlyObservedDomainCount", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "7b3289f7-cccd-4246-8927-befc10b8ec24", + "w": 9, + "x": 28, + "y": 0 + }, + "panelIndex": "7b3289f7-cccd-4246-8927-befc10b8ec24", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b07c48c6-9c2e-4373-9b81-a516192f6271": { + "columnOrder": [ + "85cafc43-5331-4ca7-853e-17c557791de0" + ], + "columns": { + "85cafc43-5331-4ca7-853e-17c557791de0": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "8df60631-ed88-490d-952b-33926d251709", - "panelRefName": "panel_8df60631-ed88-490d-952b-33926d251709", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "advanced_similar_internal_domain" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "advanced_similar_internal_domain" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "85cafc43-5331-4ca7-853e-17c557791de0", + "layerId": "b07c48c6-9c2e-4373-9b81-a516192f6271", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340": { - "columnOrder": [ - "ff48f1ba-4593-40a2-88f0-a317519f65a0", - "379f2d4d-5cdb-495b-866b-a67eb523bd86" - ], - "columns": { - "379f2d4d-5cdb-495b-866b-a67eb523bd86": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "ff48f1ba-4593-40a2-88f0-a317519f65a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Senders", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.from.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.taggedMalicious", - "negate": false, - "params": { - "query": true - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.taggedMalicious": true - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "ff48f1ba-4593-40a2-88f0-a317519f65a0" - }, - { - "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86" - } - ], - "layerId": "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", - "layerType": "data" - } + "title": "[Mimecast] AdvancedSimilarInternalDomainCount", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b07c48c6-9c2e-4373-9b81-a516192f6271", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "8df60631-ed88-490d-952b-33926d251709", + "w": 10, + "x": 37, + "y": 0 + }, + "panelIndex": "8df60631-ed88-490d-952b-33926d251709", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340": { + "columnOrder": [ + "ff48f1ba-4593-40a2-88f0-a317519f65a0", + "379f2d4d-5cdb-495b-866b-a67eb523bd86" + ], + "columns": { + "379f2d4d-5cdb-495b-866b-a67eb523bd86": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "ff48f1ba-4593-40a2-88f0-a317519f65a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Senders", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.from.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", - "w": 24, - "x": 0, - "y": 13 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", - "title": "Top potencial malious senders", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.taggedMalicious", + "negate": false, + "params": { + "query": true + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.taggedMalicious": true + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "ff48f1ba-4593-40a2-88f0-a317519f65a0" + }, + { + "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86" + } + ], + "layerId": "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ab543c4a-7b11-40f3-bca3-74ea65af48f4": { - "columnOrder": [ - "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", - "c09ef631-df6f-4df9-b8c2-9fa883d711e8" - ], - "columns": { - "c09ef631-df6f-4df9-b8c2-9fa883d711e8": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipients", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.taggedMalicious", - "negate": false, - "params": { - "query": true - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.taggedMalicious": true - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", - "isTransposed": false - }, - { - "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", - "isTransposed": false - } - ], - "layerId": "ab543c4a-7b11-40f3-bca3-74ea65af48f4", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", + "w": 24, + "x": 0, + "y": 13 + }, + "panelIndex": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", + "title": "Top potencial malious senders", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ab543c4a-7b11-40f3-bca3-74ea65af48f4": { + "columnOrder": [ + "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", + "c09ef631-df6f-4df9-b8c2-9fa883d711e8" + ], + "columns": { + "c09ef631-df6f-4df9-b8c2-9fa883d711e8": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipients", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", - "w": 24, - "x": 24, - "y": 13 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", - "title": "Top potencial malious recipients", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-30d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] TTP Impersonation Protect Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642", - "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:panel_fd58ca0b-aae6-4d02-9582-4431487f676d", - "type": "lens" - }, - { - "id": "mimecast-47017670-3e40-11ec-80fa-4dfb04910642", - "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:panel_228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "type": "lens" - }, - { - "id": "mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642", - "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:panel_3de39cd9-d890-4300-848f-934dad8dc0e6", - "type": "lens" - }, - { - "id": "mimecast-86374180-3e40-11ec-80fa-4dfb04910642", - "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:panel_7b3289f7-cccd-4246-8927-befc10b8ec24", - "type": "lens" - }, - { - "id": "mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642", - "name": "8df60631-ed88-490d-952b-33926d251709:panel_8df60631-ed88-490d-952b-33926d251709", - "type": "lens" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", - "type": "index-pattern" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.taggedMalicious", + "negate": false, + "params": { + "query": true + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.taggedMalicious": true + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", + "isTransposed": false + }, + { + "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", + "isTransposed": false + } + ], + "layerId": "ab543c4a-7b11-40f3-bca3-74ea65af48f4", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", + "w": 24, + "x": 24, + "y": 13 }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-1", - "type": "index-pattern" - } + "panelIndex": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", + "title": "Top potencial malious recipients", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] TTP Impersonation Protect Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:indexpattern-datasource-layer-10e24b74-6c1f-40d2-8d40-2ec39d2a437a", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:indexpattern-datasource-layer-4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:indexpattern-datasource-layer-2765d4bc-f979-4fab-9c1c-f1dd817397a9", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:indexpattern-datasource-layer-2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:indexpattern-datasource-layer-b07c48c6-9c2e-4373-9b81-a516192f6271", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:filter-index-pattern-1", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json index 76ecf331e8a..21d0be7aa12 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json @@ -1,87 +1,92 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "panelRefName": "panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "type": "search", - "version": "7.16.0-SNAPSHOT" + "id": "mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } } + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Audit Events Logs", - "version": 1 + "query": { + "language": "kuery", + "query": "" + } + } }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "mimecast-eb3179f0-51ed-11ec-a4ca-b3a74c021655", - "name": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1:panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "type": "search" - } + "gridData": { + "h": 15, + "i": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "panelRefName": "panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Audit Events Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "mimecast-eb3179f0-51ed-11ec-a4ca-b3a74c021655", + "name": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1:panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642.json deleted file mode 100644 index 4585d962f37..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "10e24b74-6c1f-40d2-8d40-2ec39d2a437a": { - "columnOrder": [ - "922203eb-f986-4d8a-b662-c61723b140f5" - ], - "columns": { - "922203eb-f986-4d8a-b662-c61723b140f5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "similar_internal_domain" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "similar_internal_domain" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "922203eb-f986-4d8a-b662-c61723b140f5", - "layerId": "10e24b74-6c1f-40d2-8d40-2ec39d2a437a", - "layerType": "data" - } - }, - "title": "[Mimecast] SimilarInternalDomain", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-10e24b74-6c1f-40d2-8d40-2ec39d2a437a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-47017670-3e40-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-47017670-3e40-11ec-80fa-4dfb04910642.json deleted file mode 100644 index d931786ec1b..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-47017670-3e40-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad": { - "columnOrder": [ - "45ed899d-b0ba-4c0e-92f3-3b1331be047c" - ], - "columns": { - "45ed899d-b0ba-4c0e-92f3-3b1331be047c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "reply_address_mismatch" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "reply_address_mismatch" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"mimecast.ttp_ip_logs\" and mimecast.identifiers :\"reply_address_mismatch\" " - }, - "visualization": { - "accessor": "45ed899d-b0ba-4c0e-92f3-3b1331be047c", - "layerId": "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", - "layerType": "data" - } - }, - "title": "[Mimecast] ReplyAddressMismatchCount", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-47017670-3e40-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-86374180-3e40-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-86374180-3e40-11ec-80fa-4dfb04910642.json deleted file mode 100644 index f634a3e1955..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-86374180-3e40-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa": { - "columnOrder": [ - "5def3667-368a-4501-bd58-e87f1388d33a" - ], - "columns": { - "5def3667-368a-4501-bd58-e87f1388d33a": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "newly_observed_domain" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "newly_observed_domain" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "5def3667-368a-4501-bd58-e87f1388d33a", - "layerId": "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", - "layerType": "data" - } - }, - "title": "[Mimecast] NewlyObservedDomainCount", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-86374180-3e40-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json deleted file mode 100644 index 333c7a05d15..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b07c48c6-9c2e-4373-9b81-a516192f6271": { - "columnOrder": [ - "85cafc43-5331-4ca7-853e-17c557791de0" - ], - "columns": { - "85cafc43-5331-4ca7-853e-17c557791de0": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "advanced_similar_internal_domain" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "advanced_similar_internal_domain" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "85cafc43-5331-4ca7-853e-17c557791de0", - "layerId": "b07c48c6-9c2e-4373-9b81-a516192f6271", - "layerType": "data" - } - }, - "title": "[Mimecast] AdvancedSimilarInternalDomainCount", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b07c48c6-9c2e-4373-9b81-a516192f6271", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642.json deleted file mode 100644 index 920a1994f0c..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2765d4bc-f979-4fab-9c1c-f1dd817397a9": { - "columnOrder": [ - "d26907e8-8968-43cf-bec1-174a1eb2e58c" - ], - "columns": { - "d26907e8-8968-43cf-bec1-174a1eb2e58c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "internal_user_name" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "internal_user_name" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "d26907e8-8968-43cf-bec1-174a1eb2e58c", - "layerId": "2765d4bc-f979-4fab-9c1c-f1dd817397a9", - "layerType": "data" - } - }, - "title": "[Mimecast] InternalUserName", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2765d4bc-f979-4fab-9c1c-f1dd817397a9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file From 80597a326058612c3b7b98ed1f818c2381999e73 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 02:10:29 +0530 Subject: [PATCH 022/103] migrate netflow to by_value --- ...-14387a13-53bc-43a4-b9cd-63977aa8d87c.json | 1235 ++++-- ...-34e26884-161a-4448-9556-43b5bf2f62a2.json | 1335 +++++-- ...-38012abe-c611-4124-8497-381fcd85acc8.json | 3474 ++++++++++++----- ...-77326664-23be-4bf1-a126-6d7e60cfc024.json | 539 ++- ...-94972700-de4a-4272-9143-2fa8d4981365.json | 519 ++- ...-acd7a630-0c71-4840-bc9e-4a3801374a32.json | 664 +++- ...-c64665f9-d222-421e-90b0-c7310d944b8a.json | 683 +++- ...-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json | 646 ++- ...-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json | 98 - ...-036aef95-ec90-468d-ad7c-3cc4405e9e81.json | 101 - ...-0528bc66-6981-400a-a02d-c1d221b38890.json | 34 - ...-0b2818fd-aecc-4bef-b566-9466eb702ae4.json | 72 - ...-12aad647-c45d-4667-a029-152c1a97cbbc.json | 34 - ...-14c7136d-b4aa-4367-9461-52bf8b5c4796.json | 69 - ...-15295ea6-ba84-47db-8ced-9312abbf495c.json | 101 - ...-1558508d-591c-49be-bef4-85fdac18a960.json | 85 - ...-15e2a267-2495-4df2-a121-abe410d2f18c.json | 34 - ...-16262df9-a979-4136-935e-d883c7d373d7.json | 98 - ...-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json | 34 - ...-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json | 72 - ...-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json | 34 - ...-201d7dd1-a880-4a64-b631-db5629340db9.json | 34 - ...-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json | 84 - ...-248e00b4-8fc2-406f-8907-729d5380aaa7.json | 72 - ...-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json | 101 - ...-2dca3025-692c-4876-8bcc-e0b248dc9819.json | 98 - ...-30cd1009-2925-4c9b-820d-d689f5d1efda.json | 34 - ...-31708a70-4957-4a8a-8065-5c88a344ad02.json | 72 - ...-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json | 101 - ...-32e712ed-fa15-4db7-8575-8476e8d65b03.json | 98 - ...-3a4209e2-281c-467e-b5cb-315bf4a2661f.json | 34 - ...-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json | 72 - ...-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json | 34 - ...-441c6c50-fa1a-489c-96c6-76f7925dea24.json | 69 - ...-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json | 71 - ...-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json | 148 - ...-5292a65b-c532-422a-9008-1251a8073a3a.json | 114 - ...-5303e99b-389c-47b7-ae7a-945c5a92ba49.json | 101 - ...-57e13a20-e94f-4465-a942-42148634a1d2.json | 72 - ...-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json | 85 - ...-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json | 34 - ...-5d868836-c7b2-4812-bf47-4838aac281d9.json | 34 - ...-63ef5338-fdf2-488e-b78a-f0e98daccc95.json | 98 - ...-67fdca65-a9df-47f0-a8a4-1e8b056325de.json | 85 - ...-681f0ce4-d828-4a99-b643-0c0715530050.json | 34 - ...-6bbd6712-494a-4fd9-b3d3-757304681f0f.json | 34 - ...-717cd7c7-bfca-435d-8ee7-38259927aade.json | 34 - ...-751ecb6f-11c3-458d-b039-f6d57a6379fa.json | 34 - ...-7d447b22-89dc-4f32-b549-4b8620af4d76.json | 34 - ...-7fa6cb0a-518d-46e9-a228-15cd4253a957.json | 72 - ...-85ebf558-402b-45d2-a186-e15f8673ec07.json | 34 - ...-8f83cf97-4a48-421f-8db5-690297d1f4fb.json | 34 - ...-a14c3248-952d-42aa-bd7d-9b39157a776f.json | 72 - ...-a1704d46-15fc-41c2-851d-796ceb49877f.json | 34 - ...-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json | 34 - ...-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json | 72 - ...-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json | 34 - ...-ae334aec-31fa-4df7-a064-40b18831d819.json | 137 - ...-aed09724-0a69-4331-84f5-3d2067c43930.json | 84 - ...-af707b01-29f1-462b-b279-6d2e803f3645.json | 98 - ...-b02c2713-17f0-41dd-88a3-ce33b446f19d.json | 72 - ...-b677cd82-b33e-49b3-8b6e-0e110177b163.json | 72 - ...-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json | 97 - ...-c54f5529-e6d7-4c26-8e8e-3b35de132035.json | 85 - ...-cccff92f-cb71-49a9-9caf-84867751d31e.json | 101 - ...-cf399a85-e348-4ac1-a399-e8f5a44114c4.json | 72 - ...-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json | 34 - ...-d3df8d28-65f8-4ea1-8b33-f479380a0600.json | 34 - ...-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json | 34 - ...-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json | 33 - ...-d5568704-e30b-4108-bb49-06a9b8dce6a6.json | 98 - ...-d59a031c-70d6-47d7-966d-7fcb805be9be.json | 34 - ...-ddd27657-c3c8-4f82-8059-6d7763dd599b.json | 98 - ...-e822f94c-5f65-4963-a540-74ca9c25bd2d.json | 85 - ...-e99dc327-03de-4561-9e0c-f550710125c2.json | 52 - ...-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json | 101 - ...-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json | 114 - ...-f27c1479-0625-4cdc-92de-672e47db0f87.json | 98 - ...-f531f957-e8c0-497a-ad41-ef39c2d29671.json | 84 - ...-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json | 34 - ...-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json | 34 - ...-f772028b-d5a6-4d55-b441-493871981a60.json | 72 - ...-f7808e70-df2a-4532-a350-966704567c24.json | 84 - ...-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json | 34 - ...-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json | 72 - 85 files changed, 6650 insertions(+), 7659 deletions(-) delete mode 100644 packages/netflow/kibana/visualization/netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json delete mode 100644 packages/netflow/kibana/visualization/netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81.json delete mode 100644 packages/netflow/kibana/visualization/netflow-0528bc66-6981-400a-a02d-c1d221b38890.json delete mode 100644 packages/netflow/kibana/visualization/netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4.json delete mode 100644 packages/netflow/kibana/visualization/netflow-12aad647-c45d-4667-a029-152c1a97cbbc.json delete mode 100644 packages/netflow/kibana/visualization/netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796.json delete mode 100644 packages/netflow/kibana/visualization/netflow-15295ea6-ba84-47db-8ced-9312abbf495c.json delete mode 100644 packages/netflow/kibana/visualization/netflow-1558508d-591c-49be-bef4-85fdac18a960.json delete mode 100644 packages/netflow/kibana/visualization/netflow-15e2a267-2495-4df2-a121-abe410d2f18c.json delete mode 100644 packages/netflow/kibana/visualization/netflow-16262df9-a979-4136-935e-d883c7d373d7.json delete mode 100644 packages/netflow/kibana/visualization/netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json delete mode 100644 packages/netflow/kibana/visualization/netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json delete mode 100644 packages/netflow/kibana/visualization/netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json delete mode 100644 packages/netflow/kibana/visualization/netflow-201d7dd1-a880-4a64-b631-db5629340db9.json delete mode 100644 packages/netflow/kibana/visualization/netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json delete mode 100644 packages/netflow/kibana/visualization/netflow-248e00b4-8fc2-406f-8907-729d5380aaa7.json delete mode 100644 packages/netflow/kibana/visualization/netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json delete mode 100644 packages/netflow/kibana/visualization/netflow-2dca3025-692c-4876-8bcc-e0b248dc9819.json delete mode 100644 packages/netflow/kibana/visualization/netflow-30cd1009-2925-4c9b-820d-d689f5d1efda.json delete mode 100644 packages/netflow/kibana/visualization/netflow-31708a70-4957-4a8a-8065-5c88a344ad02.json delete mode 100644 packages/netflow/kibana/visualization/netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json delete mode 100644 packages/netflow/kibana/visualization/netflow-32e712ed-fa15-4db7-8575-8476e8d65b03.json delete mode 100644 packages/netflow/kibana/visualization/netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f.json delete mode 100644 packages/netflow/kibana/visualization/netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json delete mode 100644 packages/netflow/kibana/visualization/netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json delete mode 100644 packages/netflow/kibana/visualization/netflow-441c6c50-fa1a-489c-96c6-76f7925dea24.json delete mode 100644 packages/netflow/kibana/visualization/netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json delete mode 100644 packages/netflow/kibana/visualization/netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json delete mode 100644 packages/netflow/kibana/visualization/netflow-5292a65b-c532-422a-9008-1251a8073a3a.json delete mode 100644 packages/netflow/kibana/visualization/netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49.json delete mode 100644 packages/netflow/kibana/visualization/netflow-57e13a20-e94f-4465-a942-42148634a1d2.json delete mode 100644 packages/netflow/kibana/visualization/netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json delete mode 100644 packages/netflow/kibana/visualization/netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json delete mode 100644 packages/netflow/kibana/visualization/netflow-5d868836-c7b2-4812-bf47-4838aac281d9.json delete mode 100644 packages/netflow/kibana/visualization/netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95.json delete mode 100644 packages/netflow/kibana/visualization/netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de.json delete mode 100644 packages/netflow/kibana/visualization/netflow-681f0ce4-d828-4a99-b643-0c0715530050.json delete mode 100644 packages/netflow/kibana/visualization/netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f.json delete mode 100644 packages/netflow/kibana/visualization/netflow-717cd7c7-bfca-435d-8ee7-38259927aade.json delete mode 100644 packages/netflow/kibana/visualization/netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa.json delete mode 100644 packages/netflow/kibana/visualization/netflow-7d447b22-89dc-4f32-b549-4b8620af4d76.json delete mode 100644 packages/netflow/kibana/visualization/netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957.json delete mode 100644 packages/netflow/kibana/visualization/netflow-85ebf558-402b-45d2-a186-e15f8673ec07.json delete mode 100644 packages/netflow/kibana/visualization/netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb.json delete mode 100644 packages/netflow/kibana/visualization/netflow-a14c3248-952d-42aa-bd7d-9b39157a776f.json delete mode 100644 packages/netflow/kibana/visualization/netflow-a1704d46-15fc-41c2-851d-796ceb49877f.json delete mode 100644 packages/netflow/kibana/visualization/netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json delete mode 100644 packages/netflow/kibana/visualization/netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json delete mode 100644 packages/netflow/kibana/visualization/netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json delete mode 100644 packages/netflow/kibana/visualization/netflow-ae334aec-31fa-4df7-a064-40b18831d819.json delete mode 100644 packages/netflow/kibana/visualization/netflow-aed09724-0a69-4331-84f5-3d2067c43930.json delete mode 100644 packages/netflow/kibana/visualization/netflow-af707b01-29f1-462b-b279-6d2e803f3645.json delete mode 100644 packages/netflow/kibana/visualization/netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d.json delete mode 100644 packages/netflow/kibana/visualization/netflow-b677cd82-b33e-49b3-8b6e-0e110177b163.json delete mode 100644 packages/netflow/kibana/visualization/netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json delete mode 100644 packages/netflow/kibana/visualization/netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035.json delete mode 100644 packages/netflow/kibana/visualization/netflow-cccff92f-cb71-49a9-9caf-84867751d31e.json delete mode 100644 packages/netflow/kibana/visualization/netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4.json delete mode 100644 packages/netflow/kibana/visualization/netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json delete mode 100644 packages/netflow/kibana/visualization/netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600.json delete mode 100644 packages/netflow/kibana/visualization/netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json delete mode 100644 packages/netflow/kibana/visualization/netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json delete mode 100644 packages/netflow/kibana/visualization/netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6.json delete mode 100644 packages/netflow/kibana/visualization/netflow-d59a031c-70d6-47d7-966d-7fcb805be9be.json delete mode 100644 packages/netflow/kibana/visualization/netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b.json delete mode 100644 packages/netflow/kibana/visualization/netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d.json delete mode 100644 packages/netflow/kibana/visualization/netflow-e99dc327-03de-4561-9e0c-f550710125c2.json delete mode 100644 packages/netflow/kibana/visualization/netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json delete mode 100644 packages/netflow/kibana/visualization/netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json delete mode 100644 packages/netflow/kibana/visualization/netflow-f27c1479-0625-4cdc-92de-672e47db0f87.json delete mode 100644 packages/netflow/kibana/visualization/netflow-f531f957-e8c0-497a-ad41-ef39c2d29671.json delete mode 100644 packages/netflow/kibana/visualization/netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json delete mode 100644 packages/netflow/kibana/visualization/netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json delete mode 100644 packages/netflow/kibana/visualization/netflow-f772028b-d5a6-4d55-b441-493871981a60.json delete mode 100644 packages/netflow/kibana/visualization/netflow-f7808e70-df2a-4532-a350-966704567c24.json delete mode 100644 packages/netflow/kibana/visualization/netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json delete mode 100644 packages/netflow/kibana/visualization/netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json diff --git a/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json b/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json index 1c356b07b90..28e426b3ca8 100644 --- a/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json +++ b/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json @@ -1,317 +1,988 @@ { - "attributes": { - "description": "Netflow Top N flows", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, + "id": "netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcwNCwxXQ==", + "attributes": { + "description": "Netflow Top N flows", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Sources [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "2", - "w": 24, - "x": 0, - "y": 4 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 24, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Destinations [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "3", - "w": 24, - "x": 24, - "y": 4 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 24, + "x": 24, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Source Ports [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "4", - "w": 24, - "x": 0, - "y": 24 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "4", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Destination Ports [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "5", - "w": 24, - "x": 24, - "y": 24 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "5", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Protocols [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "6", - "w": 24, - "x": 0, - "y": 44 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "6", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Autonomous Systems [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "7", - "w": 24, - "x": 24, - "y": 44 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "7", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + }, + "savedVis": { + "title": "Top Cities [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": true, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "8", - "w": 24, - "x": 0, - "y": 64 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "9", - "w": 24, - "x": 24, - "y": 64 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Top-N", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "netflow-15295ea6-ba84-47db-8ced-9312abbf495c", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 20, + "i": "8", + "w": 24, + "x": 0, + "y": 64 }, - { - "id": "netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Flow Exporters [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-5292a65b-c532-422a-9008-1251a8073a3a", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 20, + "i": "9", + "w": 24, + "x": 24, + "y": 64 }, - { - "id": "netflow-cccff92f-cb71-49a9-9caf-84867751d31e", - "name": "9:panel_9", - "type": "visualization" - } + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Top-N", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json b/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json index d4770992790..9075f1d5635 100644 --- a/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json +++ b/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json @@ -1,337 +1,1072 @@ { - "attributes": { - "description": "Overview of Netflow", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "12", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "id": "netflow-34e26884-161a-4448-9556-43b5bf2f62a2", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcwNSwxXQ==", + "attributes": { + "description": "Overview of Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "13", - "w": 16, - "x": 16, - "y": 4 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "14", - "w": 16, - "x": 32, - "y": 4 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Version and Protocols (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "bytes" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "15", - "w": 16, - "x": 16, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Version", + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "unset ip version", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "12", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 4, - "i": "17", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sources and Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "21", - "w": 16, - "x": 32, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "14", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "22", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "22", - "panelRefName": "panel_22", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type of Service", + "field": "netflow.ip_class_of_service", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "15", + "w": 16, + "x": 16, + "y": 12 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "23", - "w": 16, - "x": 0, - "y": 12 - }, - "panelIndex": "23", - "panelRefName": "panel_23", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "17", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "24", - "w": 16, - "x": 0, - "y": 20 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "24", - "panelRefName": "panel_24", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VLAN", + "field": "netflow.vlan_id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "21", + "w": 16, + "x": 32, + "y": 12 + }, + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "25", - "w": 16, - "x": 32, - "y": 20 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "25", - "panelRefName": "panel_25", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "22", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "22", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "26", - "w": 16, - "x": 0, - "y": 28 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "26", - "panelRefName": "panel_26", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TCP Flags", + "field": "netflow.tcp_control_bits", + "order": "desc", + "orderBy": "1", + "size": 255 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "23", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "23", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Locality (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "27", - "w": 16, - "x": 16, - "y": 28 - }, - "panelIndex": "27", - "panelRefName": "panel_27", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Locality", + "field": "flow.locality", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "24", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "24", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries and Cities (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "29", - "w": 16, - "x": 32, - "y": 28 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "29", - "panelRefName": "panel_29", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-34e26884-161a-4448-9556-43b5bf2f62a2", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netflow-ae334aec-31fa-4df7-a064-40b18831d819", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 8, + "i": "25", + "w": 16, + "x": 32, + "y": 20 }, - { - "id": "netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "netflow-1558508d-591c-49be-bef4-85fdac18a960", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957", - "name": "21:panel_21", - "type": "visualization" - }, - { - "id": "netflow-f772028b-d5a6-4d55-b441-493871981a60", - "name": "22:panel_22", - "type": "visualization" + "panelIndex": "25", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Flow Exporters (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-57e13a20-e94f-4465-a942-42148634a1d2", - "name": "23:panel_23", - "type": "visualization" + "gridData": { + "h": 8, + "i": "26", + "w": 16, + "x": 0, + "y": 28 }, - { - "id": "netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d", - "name": "24:panel_24", - "type": "visualization" + "panelIndex": "26", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Direction (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Direction", + "field": "network.direction", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761", - "name": "25:panel_25", - "type": "visualization" + "gridData": { + "h": 8, + "i": "27", + "w": 16, + "x": 16, + "y": 28 }, - { - "id": "netflow-31708a70-4957-4a8a-8065-5c88a344ad02", - "name": "26:panel_26", - "type": "visualization" + "panelIndex": "27", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Version (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-b677cd82-b33e-49b3-8b6e-0e110177b163", - "name": "27:panel_27", - "type": "visualization" + "gridData": { + "h": 8, + "i": "29", + "w": 16, + "x": 32, + "y": 28 }, - { - "id": "netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f", - "name": "29:panel_29", - "type": "visualization" - } + "panelIndex": "29", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "12:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "21:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "22:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "23:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "24:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "25:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "26:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "29:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json b/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json index 184af26b03e..8fd20a25faa 100644 --- a/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json +++ b/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json @@ -1,978 +1,2510 @@ { - "attributes": { - "description": "Netflow traffic analysis", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 24, - "x": 24, - "y": 84 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "4", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 24, - "x": 24, - "y": 108 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "6", - "w": 24, - "x": 0, - "y": 108 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 24, - "x": 24, - "y": 36 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "9", - "w": 24, - "x": 0, - "y": 84 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "11", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "12", - "w": 24, - "x": 0, - "y": 36 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "13", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "14", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 8, - "i": "15", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "16", - "w": 16, - "x": 0, - "y": 28 - }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "17", - "w": 16, - "x": 24, - "y": 4 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "18", - "w": 16, - "x": 24, - "y": 28 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "19", - "w": 16, - "x": 0, - "y": 52 - }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "20", - "w": 16, - "x": 24, - "y": 52 - }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "21", - "w": 16, - "x": 0, - "y": 76 - }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "22", - "w": 16, - "x": 24, - "y": 76 - }, - "panelIndex": "22", - "panelRefName": "panel_22", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "23", - "w": 16, - "x": 0, - "y": 100 - }, - "panelIndex": "23", - "panelRefName": "panel_23", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "24", - "w": 16, - "x": 24, - "y": 100 - }, - "panelIndex": "24", - "panelRefName": "panel_24", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "25", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "25", - "panelRefName": "panel_25", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "26", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "26", - "panelRefName": "panel_26", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "27", - "w": 8, - "x": 16, - "y": 4 - }, - "panelIndex": "27", - "panelRefName": "panel_27", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "28", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "28", - "panelRefName": "panel_28", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "29", - "w": 8, - "x": 40, - "y": 28 - }, - "panelIndex": "29", - "panelRefName": "panel_29", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "30", - "w": 8, - "x": 16, - "y": 28 - }, - "panelIndex": "30", - "panelRefName": "panel_30", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "31", - "w": 24, - "x": 24, - "y": 92 - }, - "panelIndex": "31", - "panelRefName": "panel_31", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "34", - "w": 24, - "x": 24, - "y": 116 - }, - "panelIndex": "34", - "panelRefName": "panel_34", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "35", - "w": 24, - "x": 0, - "y": 116 - }, - "panelIndex": "35", - "panelRefName": "panel_35", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "38", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "38", - "panelRefName": "panel_38", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "42", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "42", - "panelRefName": "panel_42", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "44", - "w": 24, - "x": 0, - "y": 92 - }, - "panelIndex": "44", - "panelRefName": "panel_44", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "45", - "w": 24, - "x": 0, - "y": 68 - }, - "panelIndex": "45", - "panelRefName": "panel_45", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "47", - "w": 24, - "x": 24, - "y": 68 - }, - "panelIndex": "47", - "panelRefName": "panel_47", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "48", - "w": 8, - "x": 16, - "y": 52 - }, - "panelIndex": "48", - "panelRefName": "panel_48", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "49", - "w": 8, - "x": 40, - "y": 52 - }, - "panelIndex": "49", - "panelRefName": "panel_49", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "50", - "w": 8, - "x": 40, - "y": 76 - }, - "panelIndex": "50", - "panelRefName": "panel_50", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "51", - "w": 8, - "x": 40, - "y": 100 - }, - "panelIndex": "51", - "panelRefName": "panel_51", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "52", - "w": 8, - "x": 16, - "y": 100 - }, - "panelIndex": "52", - "panelRefName": "panel_52", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "53", - "w": 8, - "x": 16, - "y": 76 - }, - "panelIndex": "53", - "panelRefName": "panel_53", - "type": "visualization", - "version": "7.3.0" + "id": "netflow-38012abe-c611-4124-8497-381fcd85acc8", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcwNiwxXQ==", + "attributes": { + "description": "Netflow traffic analysis", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } } + } ], - "timeRestore": false, - "title": "[Logs Netflow] Traffic Analysis", - "version": 1 + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-38012abe-c611-4124-8497-381fcd85acc8", - "migrationVersion": { - "dashboard": "8.0.0" + "optionsJSON": { + "darkTheme": false }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "netflow-5d868836-c7b2-4812-bf47-4838aac281d9", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "netflow-717cd7c7-bfca-435d-8ee7-38259927aade", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "netflow-681f0ce4-d828-4a99-b643-0c0715530050", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "netflow-248e00b4-8fc2-406f-8907-729d5380aaa7", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a", - "name": "19:panel_19", - "type": "visualization" - }, - { - "id": "netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957", - "name": "20:panel_20", - "type": "visualization" - }, - { - "id": "netflow-57e13a20-e94f-4465-a942-42148634a1d2", - "name": "21:panel_21", - "type": "visualization" - }, - { - "id": "netflow-f772028b-d5a6-4d55-b441-493871981a60", - "name": "22:panel_22", - "type": "visualization" - }, - { - "id": "netflow-a14c3248-952d-42aa-bd7d-9b39157a776f", - "name": "23:panel_23", - "type": "visualization" - }, - { - "id": "netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2", - "name": "24:panel_24", - "type": "visualization" - }, - { - "id": "netflow-0528bc66-6981-400a-a02d-c1d221b38890", - "name": "25:panel_25", - "type": "visualization" - }, - { - "id": "netflow-e99dc327-03de-4561-9e0c-f550710125c2", - "name": "26:panel_26", - "type": "visualization" - }, - { - "id": "netflow-32e712ed-fa15-4db7-8575-8476e8d65b03", - "name": "27:panel_27", - "type": "visualization" - }, - { - "id": "netflow-d59a031c-70d6-47d7-966d-7fcb805be9be", - "name": "28:panel_28", - "type": "visualization" - }, - { - "id": "netflow-af707b01-29f1-462b-b279-6d2e803f3645", - "name": "29:panel_29", - "type": "visualization" - }, - { - "id": "netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b", - "name": "30:panel_30", - "type": "visualization" - }, - { - "id": "netflow-30cd1009-2925-4c9b-820d-d689f5d1efda", - "name": "31:panel_31", - "type": "visualization" - }, - { - "id": "netflow-7d447b22-89dc-4f32-b549-4b8620af4d76", - "name": "34:panel_34", - "type": "visualization" - }, - { - "id": "netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0", - "name": "35:panel_35", - "type": "visualization" - }, - { - "id": "netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f", - "name": "38:panel_38", - "type": "visualization" - }, - { - "id": "netflow-201d7dd1-a880-4a64-b631-db5629340db9", - "name": "42:panel_42", - "type": "visualization" - }, - { - "id": "netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb", - "name": "44:panel_44", - "type": "visualization" - }, - { - "id": "netflow-a1704d46-15fc-41c2-851d-796ceb49877f", - "name": "45:panel_45", - "type": "visualization" - }, - { - "id": "netflow-15e2a267-2495-4df2-a121-abe410d2f18c", - "name": "47:panel_47", - "type": "visualization" - }, - { - "id": "netflow-f27c1479-0625-4cdc-92de-672e47db0f87", - "name": "48:panel_48", - "type": "visualization" - }, - { - "id": "netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", - "name": "49:panel_49", - "type": "visualization" - }, - { - "id": "netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6", - "name": "50:panel_50", - "type": "visualization" - }, - { - "id": "netflow-16262df9-a979-4136-935e-d883c7d373d7", - "name": "51:panel_51", - "type": "visualization" - }, - { - "id": "netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95", - "name": "52:panel_52", - "type": "visualization" - }, - { - "id": "netflow-2dca3025-692c-4876-8bcc-e0b248dc9819", - "name": "53:panel_53", - "type": "visualization" - } + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "1", + "w": 24, + "x": 24, + "y": 84 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cities (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 108 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 0, + "y": 108 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 24, + "x": 24, + "y": 36 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 24, + "x": 0, + "y": 84 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "11", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "12", + "w": 24, + "x": 0, + "y": 36 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sources (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "14", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "Sources (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "15", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "16", + "w": 16, + "x": 0, + "y": 28 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 16, + "x": 24, + "y": 4 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "18", + "w": 16, + "x": 24, + "y": 28 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type of Service", + "field": "netflow.ip_class_of_service", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "19", + "w": 16, + "x": 0, + "y": 52 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VLAN", + "field": "netflow.vlan_id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "20", + "w": 16, + "x": 24, + "y": 52 + }, + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TCP Flags", + "field": "netflow.tcp_control_bits", + "order": "desc", + "orderBy": "1", + "size": 255 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "21", + "w": 16, + "x": 0, + "y": 76 + }, + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "22", + "w": 16, + "x": 24, + "y": 76 + }, + "panelIndex": "22", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "23", + "w": 16, + "x": 0, + "y": 100 + }, + "panelIndex": "23", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cities (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "24", + "w": 16, + "x": 24, + "y": 100 + }, + "panelIndex": "24", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sources (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "25", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "25", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Destination Count [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "fontSize": "32", + "handleNoResults": true + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "26", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "26", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Source Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "27", + "w": 8, + "x": 16, + "y": 4 + }, + "panelIndex": "27", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "28", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "28", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Destination Port Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "29", + "w": 8, + "x": 40, + "y": 28 + }, + "panelIndex": "29", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Source Port Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Ports", + "field": "source.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "30", + "w": 8, + "x": 16, + "y": 28 + }, + "panelIndex": "30", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "31", + "w": 24, + "x": 24, + "y": 92 + }, + "panelIndex": "31", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cities (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "34", + "w": 24, + "x": 24, + "y": 116 + }, + "panelIndex": "34", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "35", + "w": 24, + "x": 0, + "y": 116 + }, + "panelIndex": "35", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Ports (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "38", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "38", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Ports (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "42", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "42", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "44", + "w": 24, + "x": 0, + "y": 92 + }, + "panelIndex": "44", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "45", + "w": 24, + "x": 0, + "y": 68 + }, + "panelIndex": "45", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "47", + "w": 24, + "x": 24, + "y": 68 + }, + "panelIndex": "47", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "ToS Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Types of Service", + "field": "netflow.ip_class_of_service" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "48", + "w": 8, + "x": 16, + "y": 52 + }, + "panelIndex": "48", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "VLAN Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "VLANs", + "field": "netflow.vlan_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "49", + "w": 8, + "x": 40, + "y": 52 + }, + "panelIndex": "49", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Autonomous System Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Autonomous Systems", + "field": "destination.as.organization.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "50", + "w": 8, + "x": 40, + "y": 76 + }, + "panelIndex": "50", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "City Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cities", + "field": "destination.geo.city_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "51", + "w": 8, + "x": 40, + "y": 100 + }, + "panelIndex": "51", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Country Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Countries", + "field": "destination.geo.country_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "52", + "w": 8, + "x": 16, + "y": 100 + }, + "panelIndex": "52", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "TCP Flags Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "TCP Flag States", + "field": "netflow.tcp_control_bits" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "53", + "w": 8, + "x": 16, + "y": 76 + }, + "panelIndex": "53", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Traffic Analysis", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "21:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "22:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "23:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "24:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "26:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "29:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "30:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "49:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "50:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "52:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "53:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json b/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json index 9b79d1ab9ac..f2a404fb3e2 100644 --- a/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json +++ b/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json @@ -1,186 +1,393 @@ { - "attributes": { - "description": "Netflow geo location", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": { - "query": "netflow.log" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "id": "netflow-77326664-23be-4bf1-a126-6d7e60cfc024", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcwNywxXQ==", + "attributes": { + "description": "Netflow geo location", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": { + "query": "netflow.log" } + } } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "17", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "18", - "w": 16, - "x": 0, - "y": 12 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "8.0.0" + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries and Cities (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "19", - "w": 16, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Sources (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "20", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "18", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source Ports (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"9afd9bfb-ab56-4bc3-a8c6-e412c1bc7f24\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"85982ce7-be78-44ec-a692-96c118b3a187\",\"includeInFitToBounds\":true,\"label\":\"Destination Geo Location Heatmap [Logs Netflow]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"6972252f-e3a3-4886-abfb-bea957bc1c73\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Geo Location Heatmap [Logs Netflow]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 24, - "i": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", - "w": 32, - "x": 16, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Geo Location", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-77326664-23be-4bf1-a126-6d7e60cfc024", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823", - "name": "17:panel_17", - "type": "visualization" + "gridData": { + "h": 8, + "i": "19", + "w": 16, + "x": 0, + "y": 20 }, - { - "id": "netflow-aed09724-0a69-4331-84f5-3d2067c43930", - "name": "18:panel_18", - "type": "visualization" + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-f531f957-e8c0-497a-ad41-ef39c2d29671", - "name": "19:panel_19", - "type": "visualization" + "gridData": { + "h": 4, + "i": "20", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "20:panel_20", - "type": "visualization" + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"9afd9bfb-ab56-4bc3-a8c6-e412c1bc7f24\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"85982ce7-be78-44ec-a692-96c118b3a187\",\"includeInFitToBounds\":true,\"label\":\"Destination Geo Location Heatmap [Logs Netflow]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"6972252f-e3a3-4886-abfb-bea957bc1c73\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Geo Location Heatmap [Logs Netflow]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "41aa0e4c-7e76-4715-bf20-c756e74ffe02:layer_1_source_index_pattern", - "type": "index-pattern" - } + "gridData": { + "h": 24, + "i": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", + "w": 32, + "x": 16, + "y": 4 + }, + "panelIndex": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Geo Location", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41aa0e4c-7e76-4715-bf20-c756e74ffe02:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json b/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json index e3122490680..9b36e46fc6d 100644 --- a/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json +++ b/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json @@ -1,166 +1,387 @@ { - "attributes": { - "description": "Netflow flow records", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true + "id": "netflow-94972700-de4a-4272-9143-2fa8d4981365", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcwOCwxXQ==", + "attributes": { + "description": "Netflow flow records", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "2", - "w": 36, - "x": 12, - "y": 4 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Flow Records [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "3", - "w": 12, - "x": 0, - "y": 4 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Flow Records" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "4", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timeline", + "extended_bounds": {}, + "field": "event.end", + "interval": "s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 36, + "x": 12, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Flow Records [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.transport", - "network.bytes", - "network.packets" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true }, - "gridData": { - "h": 16, - "i": "5", - "w": 48, - "x": 0, - "y": 12 + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "7.3.0" + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Flow records", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-94972700-de4a-4272-9143-2fa8d4981365", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 8, + "i": "3", + "w": 12, + "x": 0, + "y": 4 }, - { - "id": "netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "4:panel_4", - "type": "visualization" + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.transport", + "network.bytes", + "network.packets" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "id": "netflow-a34c6611-79d8-4b50-ae3f-8b328d28e24a", - "name": "5:panel_5", - "type": "search" - } + "gridData": { + "h": 16, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "7.3.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Flow records", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "netflow-a34c6611-79d8-4b50-ae3f-8b328d28e24a", + "name": "5:panel_5", + "type": "search" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json b/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json index b5855d9e644..ef3428132ef 100644 --- a/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json +++ b/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json @@ -1,177 +1,533 @@ { - "attributes": { - "description": "Netflow conversation partners", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true + "id": "netflow-acd7a630-0c71-4840-bc9e-4a3801374a32", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcwOSwxXQ==", + "attributes": { + "description": "Netflow conversation partners", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + }, + "savedVis": { + "title": "Conversation Partners [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "1", - "w": 48, - "x": 0, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 8, - "i": "2", - "w": 16, - "x": 32, - "y": 4 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "1", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Version and Protocols (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "bytes" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "3", - "w": 16, - "x": 0, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Version", + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "unset ip version", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Sources (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "4", - "w": 16, - "x": 16, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 4, - "i": "5", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Conversation Partners", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-acd7a630-0c71-4840-bc9e-4a3801374a32", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "netflow-ae334aec-31fa-4df7-a064-40b18831d819", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 8, + "i": "4", + "w": 16, + "x": 16, + "y": 4 }, - { - "id": "netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "5:panel_5", - "type": "visualization" - } + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Conversation Partners", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json b/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json index 26fda9c578d..fc0d02cd62a 100644 --- a/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json +++ b/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json @@ -1,232 +1,495 @@ { - "attributes": { - "description": "Autonomous systems Netflow", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, + "id": "netflow-c64665f9-d222-421e-90b0-c7310d944b8a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcxMCwxXQ==", + "attributes": { + "description": "Autonomous systems Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "2", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Autonomous Systems (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "3", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "4", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Autonomous Systems (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source ASs (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "6", - "w": 16, - "x": 0, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination AS", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source AS", + "field": "source.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Sources (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "7", - "w": 16, - "x": 16, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source Ports (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "8", - "w": 16, - "x": 32, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Autonomous Systems", - "version": 1 + } + }, + "gridData": { + "h": 8, + "i": "8", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Autonomous Systems", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-c64665f9-d222-421e-90b0-c7310d944b8a", - "migrationVersion": { - "dashboard": "8.0.0" + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "netflow-12aad647-c45d-4667-a029-152c1a97cbbc", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-f7808e70-df2a-4532-a350-966704567c24", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-aed09724-0a69-4331-84f5-3d2067c43930", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "netflow-f531f957-e8c0-497a-ad41-ef39c2d29671", - "name": "8:panel_8", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json b/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json index 905e351698e..4f2d19fc18d 100644 --- a/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json +++ b/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json @@ -1,232 +1,452 @@ { - "attributes": { - "description": "Netflow exporters", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, + "id": "netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:40:13.944Z", + "version": "WzcxMSwxXQ==", + "attributes": { + "description": "Netflow exporters", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Flow Exporters (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "2", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ingress Interfaces (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "3", - "w": 16, - "x": 16, - "y": 4 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Ingress Interface", + "field": "netflow.ingress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Egress Interfaces (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "4", - "w": 16, - "x": 32, - "y": 4 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Egress Interface", + "field": "netflow.egress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Egress Interfaces (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Egress Interfaces (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "6", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ingress Interfaces (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "8", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "8", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ingress Interfaces (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Flow Exporters", - "version": 1 + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Flow Exporters", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425", - "migrationVersion": { - "dashboard": "8.0.0" + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "netflow-441c6c50-fa1a-489c-96c6-76f7925dea24", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-85ebf558-402b-45d2-a186-e15f8673ec07", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600", - "name": "10:panel_10", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json b/packages/netflow/kibana/visualization/netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json deleted file mode 100644 index dc8a4c8785e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLAN Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "VLANs", - "field": "netflow.vlan_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "VLAN Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81.json b/packages/netflow/kibana/visualization/netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81.json deleted file mode 100644 index 8ffff407cd1..00000000000 --- a/packages/netflow/kibana/visualization/netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Autonomous Systems [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Autonomous System", - "field": "destination.as.organization.name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Autonomous Systems [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-0528bc66-6981-400a-a02d-c1d221b38890.json b/packages/netflow/kibana/visualization/netflow-0528bc66-6981-400a-a02d-c1d221b38890.json deleted file mode 100644 index c02adaa640f..00000000000 --- a/packages/netflow/kibana/visualization/netflow-0528bc66-6981-400a-a02d-c1d221b38890.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Sources (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-0528bc66-6981-400a-a02d-c1d221b38890", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4.json b/packages/netflow/kibana/visualization/netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4.json deleted file mode 100644 index e0413effa49..00000000000 --- a/packages/netflow/kibana/visualization/netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-12aad647-c45d-4667-a029-152c1a97cbbc.json b/packages/netflow/kibana/visualization/netflow-12aad647-c45d-4667-a029-152c1a97cbbc.json deleted file mode 100644 index beda20df3aa..00000000000 --- a/packages/netflow/kibana/visualization/netflow-12aad647-c45d-4667-a029-152c1a97cbbc.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-12aad647-c45d-4667-a029-152c1a97cbbc", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796.json b/packages/netflow/kibana/visualization/netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796.json deleted file mode 100644 index febb8414275..00000000000 --- a/packages/netflow/kibana/visualization/netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Ingress Interfaces (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Ingress Interface", - "field": "netflow.ingress_interface", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Ingress Interfaces (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-15295ea6-ba84-47db-8ced-9312abbf495c.json b/packages/netflow/kibana/visualization/netflow-15295ea6-ba84-47db-8ced-9312abbf495c.json deleted file mode 100644 index 74ebfa6a05a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-15295ea6-ba84-47db-8ced-9312abbf495c.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Sources [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Sources [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-15295ea6-ba84-47db-8ced-9312abbf495c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1558508d-591c-49be-bef4-85fdac18a960.json b/packages/netflow/kibana/visualization/netflow-1558508d-591c-49be-bef4-85fdac18a960.json deleted file mode 100644 index 4ab92fe3abd..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1558508d-591c-49be-bef4-85fdac18a960.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources and Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Sources and Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1558508d-591c-49be-bef4-85fdac18a960", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-15e2a267-2495-4df2-a121-abe410d2f18c.json b/packages/netflow/kibana/visualization/netflow-15e2a267-2495-4df2-a121-abe410d2f18c.json deleted file mode 100644 index 8a8665c9950..00000000000 --- a/packages/netflow/kibana/visualization/netflow-15e2a267-2495-4df2-a121-abe410d2f18c.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLANs (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "VLANs (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-15e2a267-2495-4df2-a121-abe410d2f18c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-16262df9-a979-4136-935e-d883c7d373d7.json b/packages/netflow/kibana/visualization/netflow-16262df9-a979-4136-935e-d883c7d373d7.json deleted file mode 100644 index f7afef7cdda..00000000000 --- a/packages/netflow/kibana/visualization/netflow-16262df9-a979-4136-935e-d883c7d373d7.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "City Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Cities", - "field": "destination.geo.city_name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "City Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-16262df9-a979-4136-935e-d883c7d373d7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json b/packages/netflow/kibana/visualization/netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json deleted file mode 100644 index 6c5da284400..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Ingress Interfaces (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Ingress Interfaces (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json b/packages/netflow/kibana/visualization/netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json deleted file mode 100644 index d21f469a220..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Type of Service", - "field": "netflow.ip_class_of_service", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json b/packages/netflow/kibana/visualization/netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json deleted file mode 100644 index c3160856d26..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Cities (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Cities (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-201d7dd1-a880-4a64-b631-db5629340db9.json b/packages/netflow/kibana/visualization/netflow-201d7dd1-a880-4a64-b631-db5629340db9.json deleted file mode 100644 index 1aca5ff37cd..00000000000 --- a/packages/netflow/kibana/visualization/netflow-201d7dd1-a880-4a64-b631-db5629340db9.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Ports (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Ports (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-201d7dd1-a880-4a64-b631-db5629340db9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json b/packages/netflow/kibana/visualization/netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json deleted file mode 100644 index 78058b24e7a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries and Cities (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Countries and Cities (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-248e00b4-8fc2-406f-8907-729d5380aaa7.json b/packages/netflow/kibana/visualization/netflow-248e00b4-8fc2-406f-8907-729d5380aaa7.json deleted file mode 100644 index 761ffe4dd83..00000000000 --- a/packages/netflow/kibana/visualization/netflow-248e00b4-8fc2-406f-8907-729d5380aaa7.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-248e00b4-8fc2-406f-8907-729d5380aaa7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json b/packages/netflow/kibana/visualization/netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json deleted file mode 100644 index c788b314a90..00000000000 --- a/packages/netflow/kibana/visualization/netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Protocols [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Protocol", - "field": "network.transport", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Protocols [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-2dca3025-692c-4876-8bcc-e0b248dc9819.json b/packages/netflow/kibana/visualization/netflow-2dca3025-692c-4876-8bcc-e0b248dc9819.json deleted file mode 100644 index 900166724d9..00000000000 --- a/packages/netflow/kibana/visualization/netflow-2dca3025-692c-4876-8bcc-e0b248dc9819.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "TCP Flag States", - "field": "netflow.tcp_control_bits" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "TCP Flags Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-2dca3025-692c-4876-8bcc-e0b248dc9819", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-30cd1009-2925-4c9b-820d-d689f5d1efda.json b/packages/netflow/kibana/visualization/netflow-30cd1009-2925-4c9b-820d-d689f5d1efda.json deleted file mode 100644 index 58efe0b1b14..00000000000 --- a/packages/netflow/kibana/visualization/netflow-30cd1009-2925-4c9b-820d-d689f5d1efda.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous Systems (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Autonomous Systems (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-30cd1009-2925-4c9b-820d-d689f5d1efda", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-31708a70-4957-4a8a-8065-5c88a344ad02.json b/packages/netflow/kibana/visualization/netflow-31708a70-4957-4a8a-8065-5c88a344ad02.json deleted file mode 100644 index b5190f6f364..00000000000 --- a/packages/netflow/kibana/visualization/netflow-31708a70-4957-4a8a-8065-5c88a344ad02.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Exporters (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Flow Exporter", - "field": "agent.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Flow Exporters (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-31708a70-4957-4a8a-8065-5c88a344ad02", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json b/packages/netflow/kibana/visualization/netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json deleted file mode 100644 index 39955737f81..00000000000 --- a/packages/netflow/kibana/visualization/netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Destination Ports [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.port", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Destination Ports [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-32e712ed-fa15-4db7-8575-8476e8d65b03.json b/packages/netflow/kibana/visualization/netflow-32e712ed-fa15-4db7-8575-8476e8d65b03.json deleted file mode 100644 index d78307bf10a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-32e712ed-fa15-4db7-8575-8476e8d65b03.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Source Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-32e712ed-fa15-4db7-8575-8476e8d65b03", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f.json b/packages/netflow/kibana/visualization/netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f.json deleted file mode 100644 index 04a65630226..00000000000 --- a/packages/netflow/kibana/visualization/netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Ports (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Ports (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json b/packages/netflow/kibana/visualization/netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json deleted file mode 100644 index 286f3d8ee1d..00000000000 --- a/packages/netflow/kibana/visualization/netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Version (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Version", - "field": "netflow.exporter.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Version (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json b/packages/netflow/kibana/visualization/netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json deleted file mode 100644 index ded1dec033e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-441c6c50-fa1a-489c-96c6-76f7925dea24.json b/packages/netflow/kibana/visualization/netflow-441c6c50-fa1a-489c-96c6-76f7925dea24.json deleted file mode 100644 index b6ea42b0081..00000000000 --- a/packages/netflow/kibana/visualization/netflow-441c6c50-fa1a-489c-96c6-76f7925dea24.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Exporters (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Flow Exporter", - "field": "agent.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Flow Exporters (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-441c6c50-fa1a-489c-96c6-76f7925dea24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json b/packages/netflow/kibana/visualization/netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json deleted file mode 100644 index 7de837f806a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Egress Interfaces (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Egress Interface", - "field": "netflow.egress_interface", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Egress Interfaces (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json b/packages/netflow/kibana/visualization/netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json deleted file mode 100644 index 084381e5509..00000000000 --- a/packages/netflow/kibana/visualization/netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Records [Logs Netflow]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timeline", - "extended_bounds": {}, - "field": "event.end", - "interval": "s", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Version", - "field": "netflow.exporter.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "legendPosition": "right", - "mode": "stacked", - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Flow Records" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Flow Records [Logs Netflow]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5292a65b-c532-422a-9008-1251a8073a3a.json b/packages/netflow/kibana/visualization/netflow-5292a65b-c532-422a-9008-1251a8073a3a.json deleted file mode 100644 index 86e6aeee61c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5292a65b-c532-422a-9008-1251a8073a3a.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Cities [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": true, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Cities [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5292a65b-c532-422a-9008-1251a8073a3a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49.json b/packages/netflow/kibana/visualization/netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49.json deleted file mode 100644 index 42af6b7c3c2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Destinations [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Destinations [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-57e13a20-e94f-4465-a942-42148634a1d2.json b/packages/netflow/kibana/visualization/netflow-57e13a20-e94f-4465-a942-42148634a1d2.json deleted file mode 100644 index 70b8cd24a1c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-57e13a20-e94f-4465-a942-42148634a1d2.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "TCP Flags", - "field": "netflow.tcp_control_bits", - "order": "desc", - "orderBy": "1", - "size": 255 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-57e13a20-e94f-4465-a942-42148634a1d2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json b/packages/netflow/kibana/visualization/netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json deleted file mode 100644 index 2ac9972a3fe..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries and Cities (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Countries and Cities (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json b/packages/netflow/kibana/visualization/netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json deleted file mode 100644 index 1e3023edf4c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Countries (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5d868836-c7b2-4812-bf47-4838aac281d9.json b/packages/netflow/kibana/visualization/netflow-5d868836-c7b2-4812-bf47-4838aac281d9.json deleted file mode 100644 index 8749432363f..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5d868836-c7b2-4812-bf47-4838aac281d9.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5d868836-c7b2-4812-bf47-4838aac281d9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95.json b/packages/netflow/kibana/visualization/netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95.json deleted file mode 100644 index c7eae50c7fb..00000000000 --- a/packages/netflow/kibana/visualization/netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Country Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Countries", - "field": "destination.geo.country_name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Country Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de.json b/packages/netflow/kibana/visualization/netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de.json deleted file mode 100644 index b8e00a7fafa..00000000000 --- a/packages/netflow/kibana/visualization/netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations and Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations and Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-681f0ce4-d828-4a99-b643-0c0715530050.json b/packages/netflow/kibana/visualization/netflow-681f0ce4-d828-4a99-b643-0c0715530050.json deleted file mode 100644 index a9a4732e8a2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-681f0ce4-d828-4a99-b643-0c0715530050.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Destinations (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-681f0ce4-d828-4a99-b643-0c0715530050", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f.json b/packages/netflow/kibana/visualization/netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f.json deleted file mode 100644 index 71a6d854f35..00000000000 --- a/packages/netflow/kibana/visualization/netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Sources (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-717cd7c7-bfca-435d-8ee7-38259927aade.json b/packages/netflow/kibana/visualization/netflow-717cd7c7-bfca-435d-8ee7-38259927aade.json deleted file mode 100644 index 477c7bd61ba..00000000000 --- a/packages/netflow/kibana/visualization/netflow-717cd7c7-bfca-435d-8ee7-38259927aade.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-717cd7c7-bfca-435d-8ee7-38259927aade", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa.json b/packages/netflow/kibana/visualization/netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa.json deleted file mode 100644 index 0ab7a6311f0..00000000000 --- a/packages/netflow/kibana/visualization/netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Autonomous Systems (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-7d447b22-89dc-4f32-b549-4b8620af4d76.json b/packages/netflow/kibana/visualization/netflow-7d447b22-89dc-4f32-b549-4b8620af4d76.json deleted file mode 100644 index 2bb1c72f24b..00000000000 --- a/packages/netflow/kibana/visualization/netflow-7d447b22-89dc-4f32-b549-4b8620af4d76.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Cities (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Cities (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-7d447b22-89dc-4f32-b549-4b8620af4d76", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957.json b/packages/netflow/kibana/visualization/netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957.json deleted file mode 100644 index 33e66c77219..00000000000 --- a/packages/netflow/kibana/visualization/netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLANs (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "VLAN", - "field": "netflow.vlan_id", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "VLANs (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-85ebf558-402b-45d2-a186-e15f8673ec07.json b/packages/netflow/kibana/visualization/netflow-85ebf558-402b-45d2-a186-e15f8673ec07.json deleted file mode 100644 index 2375e7bc5ed..00000000000 --- a/packages/netflow/kibana/visualization/netflow-85ebf558-402b-45d2-a186-e15f8673ec07.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Egress Interfaces (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Egress Interfaces (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-85ebf558-402b-45d2-a186-e15f8673ec07", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb.json b/packages/netflow/kibana/visualization/netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb.json deleted file mode 100644 index 900b573fed2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "TCP Flags (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a14c3248-952d-42aa-bd7d-9b39157a776f.json b/packages/netflow/kibana/visualization/netflow-a14c3248-952d-42aa-bd7d-9b39157a776f.json deleted file mode 100644 index 44db4dc3110..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a14c3248-952d-42aa-bd7d-9b39157a776f.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Countries (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a14c3248-952d-42aa-bd7d-9b39157a776f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a1704d46-15fc-41c2-851d-796ceb49877f.json b/packages/netflow/kibana/visualization/netflow-a1704d46-15fc-41c2-851d-796ceb49877f.json deleted file mode 100644 index 4a2156c25f1..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a1704d46-15fc-41c2-851d-796ceb49877f.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Types of Service (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Types of Service (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a1704d46-15fc-41c2-851d-796ceb49877f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json b/packages/netflow/kibana/visualization/netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json deleted file mode 100644 index b62d2b73a92..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLANs (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "VLANs (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json b/packages/netflow/kibana/visualization/netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json deleted file mode 100644 index 6abe1c2fb64..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Cities (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Cities (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json b/packages/netflow/kibana/visualization/netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json deleted file mode 100644 index a1723e92f4b..00000000000 --- a/packages/netflow/kibana/visualization/netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-ae334aec-31fa-4df7-a064-40b18831d819.json b/packages/netflow/kibana/visualization/netflow-ae334aec-31fa-4df7-a064-40b18831d819.json deleted file mode 100644 index 27b7d0531e7..00000000000 --- a/packages/netflow/kibana/visualization/netflow-ae334aec-31fa-4df7-a064-40b18831d819.json +++ /dev/null @@ -1,137 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "IP Version and Protocols (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IP Version", - "field": "network.type", - "missingBucket": true, - "missingBucketLabel": "unset ip version", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Protocol", - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "buckets": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other" - } - }, - "params": {} - }, - { - "accessor": 2, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other" - } - }, - "params": {} - } - ], - "metric": { - "accessor": 1, - "aggType": "sum", - "format": { - "id": "bytes" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "IP Version and Protocols (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-ae334aec-31fa-4df7-a064-40b18831d819", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-aed09724-0a69-4331-84f5-3d2067c43930.json b/packages/netflow/kibana/visualization/netflow-aed09724-0a69-4331-84f5-3d2067c43930.json deleted file mode 100644 index 133d7f65b2e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-aed09724-0a69-4331-84f5-3d2067c43930.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations and Sources (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations and Sources (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-aed09724-0a69-4331-84f5-3d2067c43930", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-af707b01-29f1-462b-b279-6d2e803f3645.json b/packages/netflow/kibana/visualization/netflow-af707b01-29f1-462b-b279-6d2e803f3645.json deleted file mode 100644 index 862feb2e9a8..00000000000 --- a/packages/netflow/kibana/visualization/netflow-af707b01-29f1-462b-b279-6d2e803f3645.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Port Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Destination Port Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-af707b01-29f1-462b-b279-6d2e803f3645", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d.json b/packages/netflow/kibana/visualization/netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d.json deleted file mode 100644 index 30611995855..00000000000 --- a/packages/netflow/kibana/visualization/netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Locality (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Locality", - "field": "flow.locality", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Locality (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-b677cd82-b33e-49b3-8b6e-0e110177b163.json b/packages/netflow/kibana/visualization/netflow-b677cd82-b33e-49b3-8b6e-0e110177b163.json deleted file mode 100644 index fd35ef3ba18..00000000000 --- a/packages/netflow/kibana/visualization/netflow-b677cd82-b33e-49b3-8b6e-0e110177b163.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Direction (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Direction", - "field": "network.direction", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Direction (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-b677cd82-b33e-49b3-8b6e-0e110177b163", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json b/packages/netflow/kibana/visualization/netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json deleted file mode 100644 index 8bc89794de5..00000000000 --- a/packages/netflow/kibana/visualization/netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Records [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Flow Records [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035.json b/packages/netflow/kibana/visualization/netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035.json deleted file mode 100644 index a54c0de5388..00000000000 --- a/packages/netflow/kibana/visualization/netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination and Source Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination and Source Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-cccff92f-cb71-49a9-9caf-84867751d31e.json b/packages/netflow/kibana/visualization/netflow-cccff92f-cb71-49a9-9caf-84867751d31e.json deleted file mode 100644 index 8bd62437c89..00000000000 --- a/packages/netflow/kibana/visualization/netflow-cccff92f-cb71-49a9-9caf-84867751d31e.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Flow Exporters [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Flow Exporter", - "field": "agent.name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Flow Exporters [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-cccff92f-cb71-49a9-9caf-84867751d31e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4.json b/packages/netflow/kibana/visualization/netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4.json deleted file mode 100644 index 41f2bbd2b35..00000000000 --- a/packages/netflow/kibana/visualization/netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json b/packages/netflow/kibana/visualization/netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json deleted file mode 100644 index 883c2b9a683..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Autonomous Systems (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Autonomous Systems (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600.json b/packages/netflow/kibana/visualization/netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600.json deleted file mode 100644 index 3b326d17da4..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Ingress Interfaces (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Ingress Interfaces (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json b/packages/netflow/kibana/visualization/netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json deleted file mode 100644 index 1feb33568aa..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Countries (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json b/packages/netflow/kibana/visualization/netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json deleted file mode 100644 index 6292e6e6d8e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Dashboard Navigation [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" - }, - "title": "Dashboard Navigation [Logs Netflow]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6.json b/packages/netflow/kibana/visualization/netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6.json deleted file mode 100644 index c1f314c7bdb..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous System Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Autonomous Systems", - "field": "destination.as.organization.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Autonomous System Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d59a031c-70d6-47d7-966d-7fcb805be9be.json b/packages/netflow/kibana/visualization/netflow-d59a031c-70d6-47d7-966d-7fcb805be9be.json deleted file mode 100644 index 5a734dc2511..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d59a031c-70d6-47d7-966d-7fcb805be9be.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Destinations (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d59a031c-70d6-47d7-966d-7fcb805be9be", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b.json b/packages/netflow/kibana/visualization/netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b.json deleted file mode 100644 index e729356ceb1..00000000000 --- a/packages/netflow/kibana/visualization/netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Port Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Source Ports", - "field": "source.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Source Port Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d.json b/packages/netflow/kibana/visualization/netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d.json deleted file mode 100644 index 7bdbc01faa2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations and Sources (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations and Sources (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-e99dc327-03de-4561-9e0c-f550710125c2.json b/packages/netflow/kibana/visualization/netflow-e99dc327-03de-4561-9e0c-f550710125c2.json deleted file mode 100644 index bf90f945310..00000000000 --- a/packages/netflow/kibana/visualization/netflow-e99dc327-03de-4561-9e0c-f550710125c2.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Count [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "fontSize": "32", - "handleNoResults": true - }, - "title": "Destination Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-e99dc327-03de-4561-9e0c-f550710125c2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json b/packages/netflow/kibana/visualization/netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json deleted file mode 100644 index 6f854529f42..00000000000 --- a/packages/netflow/kibana/visualization/netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Source Ports [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source", - "field": "source.port", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Source Ports [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json b/packages/netflow/kibana/visualization/netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json deleted file mode 100644 index 07b112eb86e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Conversation Partners [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Conversation Partners [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f27c1479-0625-4cdc-92de-672e47db0f87.json b/packages/netflow/kibana/visualization/netflow-f27c1479-0625-4cdc-92de-672e47db0f87.json deleted file mode 100644 index 84a84963419..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f27c1479-0625-4cdc-92de-672e47db0f87.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "ToS Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Types of Service", - "field": "netflow.ip_class_of_service" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "ToS Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f27c1479-0625-4cdc-92de-672e47db0f87", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f531f957-e8c0-497a-ad41-ef39c2d29671.json b/packages/netflow/kibana/visualization/netflow-f531f957-e8c0-497a-ad41-ef39c2d29671.json deleted file mode 100644 index ea1a1f65eae..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f531f957-e8c0-497a-ad41-ef39c2d29671.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination and Source Ports (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination and Source Ports (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f531f957-e8c0-497a-ad41-ef39c2d29671", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json b/packages/netflow/kibana/visualization/netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json deleted file mode 100644 index 3ce38d3586a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json b/packages/netflow/kibana/visualization/netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json deleted file mode 100644 index 0b81e7b9ed0..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Autonomous Systems (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Autonomous Systems (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f772028b-d5a6-4d55-b441-493871981a60.json b/packages/netflow/kibana/visualization/netflow-f772028b-d5a6-4d55-b441-493871981a60.json deleted file mode 100644 index f14db0c724c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f772028b-d5a6-4d55-b441-493871981a60.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Autonomous System", - "field": "destination.as.organization.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f772028b-d5a6-4d55-b441-493871981a60", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f7808e70-df2a-4532-a350-966704567c24.json b/packages/netflow/kibana/visualization/netflow-f7808e70-df2a-4532-a350-966704567c24.json deleted file mode 100644 index 9c3deab49d3..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f7808e70-df2a-4532-a350-966704567c24.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination and Source ASs (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination AS", - "field": "destination.as.organization.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source AS", - "field": "source.as.organization.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination and Source ASs (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f7808e70-df2a-4532-a350-966704567c24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json b/packages/netflow/kibana/visualization/netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json deleted file mode 100644 index aec085e8ea0..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Egress Interfaces (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Egress Interfaces (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json b/packages/netflow/kibana/visualization/netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json deleted file mode 100644 index cbd226f3afb..00000000000 --- a/packages/netflow/kibana/visualization/netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Sources (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From e558fc3a11396e11eb6e4988e3d50db2f025c886 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 02:22:03 +0530 Subject: [PATCH 023/103] migrate netskope to by_value --- ...-0f68b070-71f8-11ec-8c4b-cb281099ee02.json | 3988 +++++++++++-- ...-1db9af70-71f4-11ec-8c4b-cb281099ee02.json | 3294 +++++++++-- ...-388b1e00-72ae-11ec-8c4b-cb281099ee02.json | 3752 ++++++++++-- ...-4bdc8830-72af-11ec-8c4b-cb281099ee02.json | 891 ++- ...-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json | 2241 ++++++- ...-97349920-72b0-11ec-8c4b-cb281099ee02.json | 1262 +++- ...-9e55e880-72b5-11ec-8c4b-cb281099ee02.json | 2993 ++++++++-- ...-a03670f0-7208-11ec-8c4b-cb281099ee02.json | 5237 ++++++++++++++--- ...-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json | 3613 ++++++++++-- ...-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json | 3847 ++++++++++-- ...-e6184f90-72b6-11ec-8c4b-cb281099ee02.json | 3594 +++++++++-- ...-f181cba0-71d9-11ec-8c4b-cb281099ee02.json | 3560 +++++++++-- ...-03150a40-720b-11ec-8c4b-cb281099ee02.json | 203 - ...-06bf2da0-72a7-11ec-8c4b-cb281099ee02.json | 116 - ...-0922ae70-720a-11ec-8c4b-cb281099ee02.json | 122 - ...-0e9511e0-72aa-11ec-8c4b-cb281099ee02.json | 176 - ...-0f05ca90-7456-11ec-8c4b-cb281099ee02.json | 116 - ...-187e0140-71f5-11ec-8c4b-cb281099ee02.json | 124 - ...-1b3226c0-71df-11ec-8c4b-cb281099ee02.json | 176 - ...-2044d2a0-72ae-11ec-8c4b-cb281099ee02.json | 251 - ...-24907420-72b0-11ec-8c4b-cb281099ee02.json | 222 - ...-25b07fa0-71eb-11ec-8c4b-cb281099ee02.json | 124 - ...-26d9c5c0-71dd-11ec-8c4b-cb281099ee02.json | 98 - ...-2b81f870-71da-11ec-8c4b-cb281099ee02.json | 116 - ...-301d9fd0-720a-11ec-8c4b-cb281099ee02.json | 124 - ...-304fa1c0-7209-11ec-8c4b-cb281099ee02.json | 142 - ...-327320f0-72ac-11ec-8c4b-cb281099ee02.json | 142 - ...-357672b0-72a8-11ec-8c4b-cb281099ee02.json | 98 - ...-37409a80-71db-11ec-8c4b-cb281099ee02.json | 176 - ...-3ec223c0-720b-11ec-8c4b-cb281099ee02.json | 141 - ...-40a01500-72db-11ec-8c4b-cb281099ee02.json | 180 - ...-41932530-72a7-11ec-8c4b-cb281099ee02.json | 112 - ...-464ce970-72b7-11ec-8c4b-cb281099ee02.json | 149 - ...-47132800-72a9-11ec-8c4b-cb281099ee02.json | 176 - ...-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02.json | 196 - ...-516130e0-71eb-11ec-8c4b-cb281099ee02.json | 142 - ...-51bf6fb0-72aa-11ec-8c4b-cb281099ee02.json | 152 - ...-528169b0-72b6-11ec-8c4b-cb281099ee02.json | 124 - ...-55144a90-72ab-11ec-8c4b-cb281099ee02.json | 124 - ...-55b418a0-71dd-11ec-8c4b-cb281099ee02.json | 176 - ...-5982c0e0-72ae-11ec-8c4b-cb281099ee02.json | 202 - ...-5b54d5f0-71f7-11ec-8c4b-cb281099ee02.json | 124 - ...-5def8dc0-71e6-11ec-8c4b-cb281099ee02.json | 202 - ...-5e243140-72b5-11ec-8c4b-cb281099ee02.json | 165 - ...-5efbfc00-72a7-11ec-8c4b-cb281099ee02.json | 98 - ...-5f452920-71da-11ec-8c4b-cb281099ee02.json | 119 - ...-648c79d0-720a-11ec-8c4b-cb281099ee02.json | 142 - ...-662de6e0-71e0-11ec-8c4b-cb281099ee02.json | 98 - ...-719e0f30-72af-11ec-8c4b-cb281099ee02.json | 202 - ...-75f900b0-72b6-11ec-8c4b-cb281099ee02.json | 124 - ...-7d1142a0-72ab-11ec-8c4b-cb281099ee02.json | 142 - ...-7d7e2260-71f4-11ec-8c4b-cb281099ee02.json | 202 - ...-7edc5f60-71df-11ec-8c4b-cb281099ee02.json | 176 - ...-7f41e9e0-71dd-11ec-8c4b-cb281099ee02.json | 98 - ...-7f8d83c0-71db-11ec-8c4b-cb281099ee02.json | 176 - ...-7f9d2540-7209-11ec-8c4b-cb281099ee02.json | 142 - ...-83fa5a10-72a7-11ec-8c4b-cb281099ee02.json | 139 - ...-8705deb0-71de-11ec-8c4b-cb281099ee02.json | 139 - ...-891546c0-72db-11ec-8c4b-cb281099ee02.json | 180 - ...-8c226d50-71f7-11ec-8c4b-cb281099ee02.json | 140 - ...-8efd9840-71e0-11ec-8c4b-cb281099ee02.json | 98 - ...-8fc2c680-72b0-11ec-8c4b-cb281099ee02.json | 141 - ...-914898a0-72af-11ec-8c4b-cb281099ee02.json | 116 - ...-917c9230-72b5-11ec-8c4b-cb281099ee02.json | 124 - ...-93433ee0-72a9-11ec-8c4b-cb281099ee02.json | 196 - ...-9b93d9d0-71da-11ec-8c4b-cb281099ee02.json | 116 - ...-9c6d6030-71f6-11ec-8c4b-cb281099ee02.json | 125 - ...-a2047d20-72ab-11ec-8c4b-cb281099ee02.json | 138 - ...-a3c6c270-745f-11ec-8c4b-cb281099ee02.json | 116 - ...-a3e5e650-72b6-11ec-8c4b-cb281099ee02.json | 165 - ...-a44f4160-72b4-11ec-8c4b-cb281099ee02.json | 142 - ...-a4745040-71dd-11ec-8c4b-cb281099ee02.json | 112 - ...-a6e2ecf0-72a6-11ec-8c4b-cb281099ee02.json | 57 - ...-a8fb1770-720a-11ec-8c4b-cb281099ee02.json | 142 - ...-abcc6a30-72aa-11ec-8c4b-cb281099ee02.json | 176 - ...-b0b26610-71df-11ec-8c4b-cb281099ee02.json | 98 - ...-bc70e470-7209-11ec-8c4b-cb281099ee02.json | 142 - ...-bc859e60-71dc-11ec-8c4b-cb281099ee02.json | 176 - ...-bd2879d0-71f7-11ec-8c4b-cb281099ee02.json | 125 - ...-c01026d0-72af-11ec-8c4b-cb281099ee02.json | 194 - ...-c1e088c0-72a9-11ec-8c4b-cb281099ee02.json | 176 - ...-c6540e80-72b4-11ec-8c4b-cb281099ee02.json | 124 - ...-ca5610d0-71da-11ec-8c4b-cb281099ee02.json | 98 - ...-cab84db0-71dd-11ec-8c4b-cb281099ee02.json | 176 - ...-d1189e60-71df-11ec-8c4b-cb281099ee02.json | 98 - ...-d9596770-72a8-11ec-8c4b-cb281099ee02.json | 112 - ...-dbcca900-72b6-11ec-8c4b-cb281099ee02.json | 165 - ...-dbdd48a0-72a7-11ec-8c4b-cb281099ee02.json | 156 - ...-dd1de560-71eb-11ec-8c4b-cb281099ee02.json | 124 - ...-de309310-71d9-11ec-8c4b-cb281099ee02.json | 57 - ...-e15f2790-72a6-11ec-8c4b-cb281099ee02.json | 116 - ...-e2e46e60-72ae-11ec-8c4b-cb281099ee02.json | 202 - ...-e8cecff0-72a9-11ec-8c4b-cb281099ee02.json | 176 - ...-e9bc9d80-7208-11ec-8c4b-cb281099ee02.json | 142 - ...-f1c99420-7207-11ec-8c4b-cb281099ee02.json | 202 - ...-f4fb96d0-71de-11ec-8c4b-cb281099ee02.json | 176 - ...-f9097160-71f3-11ec-8c4b-cb281099ee02.json | 142 - ...-f96d6680-71f7-11ec-8c4b-cb281099ee02.json | 126 - ...-fceec3e0-71dd-11ec-8c4b-cb281099ee02.json | 116 - ...-feb43930-72af-11ec-8c4b-cb281099ee02.json | 142 - 100 files changed, 33179 insertions(+), 17826 deletions(-) delete mode 100644 packages/netskope/kibana/visualization/netskope-03150a40-720b-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-0922ae70-720a-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-0f05ca90-7456-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-187e0140-71f5-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-2044d2a0-72ae-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-24907420-72b0-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-25b07fa0-71eb-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-2b81f870-71da-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-301d9fd0-720a-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-304fa1c0-7209-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-327320f0-72ac-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-357672b0-72a8-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-37409a80-71db-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-3ec223c0-720b-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-40a01500-72db-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-41932530-72a7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-464ce970-72b7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-47132800-72a9-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-516130e0-71eb-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-51bf6fb0-72aa-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-528169b0-72b6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-55144a90-72ab-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-5982c0e0-72ae-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-5b54d5f0-71f7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-5def8dc0-71e6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-5e243140-72b5-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-5f452920-71da-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-648c79d0-720a-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-719e0f30-72af-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-75f900b0-72b6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-7d1142a0-72ab-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-7d7e2260-71f4-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-7f9d2540-7209-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-8705deb0-71de-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-891546c0-72db-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-8c226d50-71f7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-8fc2c680-72b0-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-914898a0-72af-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-917c9230-72b5-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-9c6d6030-71f6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-a2047d20-72ab-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-a3c6c270-745f-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-a3e5e650-72b6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-a44f4160-72b4-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-a4745040-71dd-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-a6e2ecf0-72a6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-a8fb1770-720a-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-b0b26610-71df-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-bc70e470-7209-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-bd2879d0-71f7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-c01026d0-72af-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-c6540e80-72b4-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-d1189e60-71df-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-d9596770-72a8-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-dbcca900-72b6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-dbdd48a0-72a7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-dd1de560-71eb-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-de309310-71d9-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-e15f2790-72a6-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-e2e46e60-72ae-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-e9bc9d80-7208-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-f1c99420-7207-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-f9097160-71f3-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-f96d6680-71f7-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-fceec3e0-71dd-11ec-8c4b-cb281099ee02.json delete mode 100644 packages/netskope/kibana/visualization/netskope-feb43930-72af-11ec-8c4b-cb281099ee02.json diff --git a/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json index 9f9e538d5b6..c635803f0b5 100644 --- a/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json @@ -1,600 +1,3512 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcxOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "quarantine" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "quarantine" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Total Number of Apps Quarantined", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Quarantined Applications", + "field": "netskope.alerts.quarantine.app" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "quarantine" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "quarantine" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "quarantine" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "quarantine" + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.quarantine.app", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.quarantine.app" + } + } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "6fa82f60-f04f-444f-ba2f-00773e1e6108", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6fa82f60-f04f-444f-ba2f-00773e1e6108", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "6fa82f60-f04f-444f-ba2f-00773e1e6108", - "panelRefName": "panel_6fa82f60-f04f-444f-ba2f-00773e1e6108", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "6fa82f60-f04f-444f-ba2f-00773e1e6108", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Quarantine Events by File Shared ", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "4652af1f-2400-4b6c-bc5e-571191e2a14f", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "4652af1f-2400-4b6c-bc5e-571191e2a14f", - "panelRefName": "panel_4652af1f-2400-4b6c-bc5e-571191e2a14f", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "45c067c5-0e47-4988-90f8-fc788f006afd", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "45c067c5-0e47-4988-90f8-fc788f006afd", - "panelRefName": "panel_45c067c5-0e47-4988-90f8-fc788f006afd", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Shared", + "field": "netskope.alerts.quarantine.original.shared", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "quarantine" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "quarantine" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.quarantine.original.shared", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.quarantine.original.shared" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4652af1f-2400-4b6c-bc5e-571191e2a14f", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4652af1f-2400-4b6c-bc5e-571191e2a14f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Quarantine Applications", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "a9793bf2-d220-4b8c-a5b5-ce31043445f9", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "a9793bf2-d220-4b8c-a5b5-ce31043445f9", - "panelRefName": "panel_a9793bf2-d220-4b8c-a5b5-ce31043445f9", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Quarantine Application", + "field": "netskope.alerts.quarantine.app", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "quarantine" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "quarantine" + } } - }, - "gridData": { - "h": 15, - "i": "feaa25d0-fc21-4688-ad80-aac792a6f5a7", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "feaa25d0-fc21-4688-ad80-aac792a6f5a7", - "panelRefName": "panel_feaa25d0-fc21-4688-ad80-aac792a6f5a7", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.quarantine.app", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.quarantine.app" + } } - }, - "gridData": { - "h": 15, - "i": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33", - "panelRefName": "panel_366ab0ac-ca2e-42af-a6c3-ed7af9892b33", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "45c067c5-0e47-4988-90f8-fc788f006afd", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "45c067c5-0e47-4988-90f8-fc788f006afd", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Policy for Quarantine Alerts", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "afe687dc-fbb2-4277-b415-2d63dc660034", - "w": 24, - "x": 0, - "y": 45 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "afe687dc-fbb2-4277-b415-2d63dc660034", - "panelRefName": "panel_afe687dc-fbb2-4277-b415-2d63dc660034", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Name", + "field": "netskope.alerts.policy.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "quarantine" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "quarantine" + } } - }, - "gridData": { - "h": 15, - "i": "84973327-83fa-4d3e-a605-942aa2f8d165", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "84973327-83fa-4d3e-a605-942aa2f8d165", - "panelRefName": "panel_84973327-83fa-4d3e-a605-942aa2f8d165", - "type": "visualization", - "version": "7.16.2" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.policy.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.policy.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a9793bf2-d220-4b8c-a5b5-ce31043445f9", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "a9793bf2-d220-4b8c-a5b5-ce31043445f9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Acknowledgement", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b4492c2d-8d65-4ba1-88ff-477837e47ba7", - "w": 24, - "x": 0, - "y": 60 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "b4492c2d-8d65-4ba1-88ff-477837e47ba7", - "panelRefName": "panel_b4492c2d-8d65-4ba1-88ff-477837e47ba7", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : false" + }, + "label": "False" + }, + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : true" + }, + "label": "True" + } + ] + }, + "schema": "segment", + "type": "filters" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.acked", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.acked" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "feaa25d0-fc21-4688-ad80-aac792a6f5a7", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "feaa25d0-fc21-4688-ad80-aac792a6f5a7", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1ff971d6-add3-4c2e-b392-13c5487ac4ee", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "1ff971d6-add3-4c2e-b392-13c5487ac4ee", - "panelRefName": "panel_1ff971d6-add3-4c2e-b392-13c5487ac4ee", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12", - "w": 24, - "x": 0, - "y": 75 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12", - "panelRefName": "panel_1f30c1e5-042e-48ce-99e5-5f1fc9e12d12", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.alerts.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Apps", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "e9392a59-5f4d-405d-8779-6b1400c25493", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "e9392a59-5f4d-405d-8779-6b1400c25493", - "panelRefName": "panel_e9392a59-5f4d-405d-8779-6b1400c25493", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.alerts.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "afe687dc-fbb2-4277-b415-2d63dc660034", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "afe687dc-fbb2-4277-b415-2d63dc660034", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Browser", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f722efca-df82-46e8-bb4d-8217b1fac3e3", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "f722efca-df82-46e8-bb4d-8217b1fac3e3", - "panelRefName": "panel_f722efca-df82-46e8-bb4d-8217b1fac3e3", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c4361bf-c0be-44e9-a898-0f2de9b10187", - "w": 24, - "x": 24, - "y": 90 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "8c4361bf-c0be-44e9-a898-0f2de9b10187", - "panelRefName": "panel_8c4361bf-c0be-44e9-a898-0f2de9b10187", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } } - }, - "gridData": { - "h": 15, - "i": "a65412a1-13cd-40ed-900e-4fc49f388ee7", - "w": 24, - "x": 0, - "y": 105 - }, - "panelIndex": "a65412a1-13cd-40ed-900e-4fc49f388ee7", - "panelRefName": "panel_a65412a1-13cd-40ed-900e-4fc49f388ee7", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "84973327-83fa-4d3e-a605-942aa2f8d165", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "84973327-83fa-4d3e-a605-942aa2f8d165", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "eb9e1079-4966-4ae9-abbf-e0df000f17d6", - "w": 24, - "x": 24, - "y": 105 - }, - "panelIndex": "eb9e1079-4966-4ae9-abbf-e0df000f17d6", - "panelRefName": "panel_eb9e1079-4966-4ae9-abbf-e0df000f17d6", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b4492c2d-8d65-4ba1-88ff-477837e47ba7", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "b4492c2d-8d65-4ba1-88ff-477837e47ba7", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "d726178a-8c9a-465c-ac2d-974f77abb85f", - "w": 24, - "x": 0, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.alerts.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1ff971d6-add3-4c2e-b392-13c5487ac4ee", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "1ff971d6-add3-4c2e-b392-13c5487ac4ee", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "d726178a-8c9a-465c-ac2d-974f77abb85f", - "panelRefName": "panel_d726178a-8c9a-465c-ac2d-974f77abb85f", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.alerts.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.device.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.device.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5d065d8d-9b03-4707-9c50-4b655a013932", - "w": 24, - "x": 24, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5d065d8d-9b03-4707-9c50-4b655a013932", - "panelRefName": "panel_5d065d8d-9b03-4707-9c50-4b655a013932", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e9392a59-5f4d-405d-8779-6b1400c25493", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "e9392a59-5f4d-405d-8779-6b1400c25493", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Object Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d", - "w": 24, - "x": 0, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "netskope.alerts.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.object.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.object.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f722efca-df82-46e8-bb4d-8217b1fac3e3", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "f722efca-df82-46e8-bb4d-8217b1fac3e3", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 File Types", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d", - "panelRefName": "panel_5da4dcb5-1642-48d8-8b08-cc24ad43f53d", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Types", + "field": "file.mime_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "file.mime_type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "file.mime_type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8c4361bf-c0be-44e9-a898-0f2de9b10187", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "8c4361bf-c0be-44e9-a898-0f2de9b10187", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5", - "w": 24, - "x": 24, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.alerts.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a65412a1-13cd-40ed-900e-4fc49f388ee7", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "a65412a1-13cd-40ed-900e-4fc49f388ee7", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Site", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5", - "panelRefName": "panel_65a1d845-2c17-4bd6-8cd8-d8c651d89bd5", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.alerts.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "eb9e1079-4966-4ae9-abbf-e0df000f17d6", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "eb9e1079-4966-4ae9-abbf-e0df000f17d6", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Alert Type by User ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "b2f14091-11cf-492c-bd71-06a8096e4cc2", - "w": 24, - "x": 0, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "b2f14091-11cf-492c-bd71-06a8096e4cc2", - "panelRefName": "panel_b2f14091-11cf-492c-bd71-06a8096e4cc2", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d726178a-8c9a-465c-ac2d-974f77abb85f", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "d726178a-8c9a-465c-ac2d-974f77abb85f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "e0331a0a-3091-48e8-8591-31ed4cb1e001", - "w": 24, - "x": 24, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5d065d8d-9b03-4707-9c50-4b655a013932", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "5d065d8d-9b03-4707-9c50-4b655a013932", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Activity", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "e0331a0a-3091-48e8-8591-31ed4cb1e001", - "panelRefName": "panel_e0331a0a-3091-48e8-8591-31ed4cb1e001", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Activity", + "field": "netskope.alerts.activity.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.activity.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.activity.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Category ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "99617f89-4bf3-4426-9d51-d486cde5c8a6", - "w": 24, - "x": 0, - "y": 165 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.alerts.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "99617f89-4bf3-4426-9d51-d486cde5c8a6", - "panelRefName": "panel_99617f89-4bf3-4426-9d51-d486cde5c8a6", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Location", + "field": "source.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b2f14091-11cf-492c-bd71-06a8096e4cc2", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "b2f14091-11cf-492c-bd71-06a8096e4cc2", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by File Language ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "44f4cc45-f34e-4034-aa95-aab9bae9be7b", - "w": 24, - "x": 24, - "y": 165 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Language", + "field": "netskope.alerts.file.lang", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.file.lang", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.file.lang" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e0331a0a-3091-48e8-8591-31ed4cb1e001", + "w": 24, + "x": 24, + "y": 150 + }, + "panelIndex": "e0331a0a-3091-48e8-8591-31ed4cb1e001", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "44f4cc45-f34e-4034-aa95-aab9bae9be7b", - "panelRefName": "panel_44f4cc45-f34e-4034-aa95-aab9bae9be7b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "99617f89-4bf3-4426-9d51-d486cde5c8a6", + "w": 24, + "x": 0, + "y": 165 + }, + "panelIndex": "99617f89-4bf3-4426-9d51-d486cde5c8a6", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "f01b8e09-267d-433e-965b-20d3483143a6", - "w": 24, - "x": 0, - "y": 180 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Location", + "field": "destination.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "44f4cc45-f34e-4034-aa95-aab9bae9be7b", + "w": 24, + "x": 24, + "y": 165 + }, + "panelIndex": "44f4cc45-f34e-4034-aa95-aab9bae9be7b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "f01b8e09-267d-433e-965b-20d3483143a6", - "panelRefName": "panel_f01b8e09-267d-433e-965b-20d3483143a6", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Alerts] Quarantine", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-f96d6680-71f7-11ec-8c4b-cb281099ee02", - "name": "6fa82f60-f04f-444f-ba2f-00773e1e6108:panel_6fa82f60-f04f-444f-ba2f-00773e1e6108", - "type": "visualization" - }, - { - "id": "netskope-8c226d50-71f7-11ec-8c4b-cb281099ee02", - "name": "4652af1f-2400-4b6c-bc5e-571191e2a14f:panel_4652af1f-2400-4b6c-bc5e-571191e2a14f", - "type": "visualization" - }, - { - "id": "netskope-bd2879d0-71f7-11ec-8c4b-cb281099ee02", - "name": "45c067c5-0e47-4988-90f8-fc788f006afd:panel_45c067c5-0e47-4988-90f8-fc788f006afd", - "type": "visualization" - }, - { - "id": "netskope-5b54d5f0-71f7-11ec-8c4b-cb281099ee02", - "name": "a9793bf2-d220-4b8c-a5b5-ce31043445f9:panel_a9793bf2-d220-4b8c-a5b5-ce31043445f9", - "type": "visualization" - }, - { - "id": "netskope-5f452920-71da-11ec-8c4b-cb281099ee02", - "name": "feaa25d0-fc21-4688-ad80-aac792a6f5a7:panel_feaa25d0-fc21-4688-ad80-aac792a6f5a7", - "type": "visualization" - }, - { - "id": "netskope-2b81f870-71da-11ec-8c4b-cb281099ee02", - "name": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33:panel_366ab0ac-ca2e-42af-a6c3-ed7af9892b33", - "type": "visualization" - }, - { - "id": "netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02", - "name": "afe687dc-fbb2-4277-b415-2d63dc660034:panel_afe687dc-fbb2-4277-b415-2d63dc660034", - "type": "visualization" - }, - { - "id": "netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02", - "name": "84973327-83fa-4d3e-a605-942aa2f8d165:panel_84973327-83fa-4d3e-a605-942aa2f8d165", - "type": "visualization" - }, - { - "id": "netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02", - "name": "b4492c2d-8d65-4ba1-88ff-477837e47ba7:panel_b4492c2d-8d65-4ba1-88ff-477837e47ba7", - "type": "visualization" - }, - { - "id": "netskope-37409a80-71db-11ec-8c4b-cb281099ee02", - "name": "1ff971d6-add3-4c2e-b392-13c5487ac4ee:panel_1ff971d6-add3-4c2e-b392-13c5487ac4ee", - "type": "visualization" - }, - { - "id": "netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02", - "name": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12:panel_1f30c1e5-042e-48ce-99e5-5f1fc9e12d12", - "type": "visualization" - }, - { - "id": "netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02", - "name": "e9392a59-5f4d-405d-8779-6b1400c25493:panel_e9392a59-5f4d-405d-8779-6b1400c25493", - "type": "visualization" - }, - { - "id": "netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02", - "name": "f722efca-df82-46e8-bb4d-8217b1fac3e3:panel_f722efca-df82-46e8-bb4d-8217b1fac3e3", - "type": "visualization" - }, - { - "id": "netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02", - "name": "8c4361bf-c0be-44e9-a898-0f2de9b10187:panel_8c4361bf-c0be-44e9-a898-0f2de9b10187", - "type": "visualization" - }, - { - "id": "netskope-a4745040-71dd-11ec-8c4b-cb281099ee02", - "name": "a65412a1-13cd-40ed-900e-4fc49f388ee7:panel_a65412a1-13cd-40ed-900e-4fc49f388ee7", - "type": "visualization" - }, - { - "id": "netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02", - "name": "eb9e1079-4966-4ae9-abbf-e0df000f17d6:panel_eb9e1079-4966-4ae9-abbf-e0df000f17d6", - "type": "visualization" - }, - { - "id": "netskope-8705deb0-71de-11ec-8c4b-cb281099ee02", - "name": "d726178a-8c9a-465c-ac2d-974f77abb85f:panel_d726178a-8c9a-465c-ac2d-974f77abb85f", - "type": "visualization" - }, - { - "id": "netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02", - "name": "5d065d8d-9b03-4707-9c50-4b655a013932:panel_5d065d8d-9b03-4707-9c50-4b655a013932", - "type": "visualization" - }, - { - "id": "netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02", - "name": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d:panel_5da4dcb5-1642-48d8-8b08-cc24ad43f53d", - "type": "visualization" - }, - { - "id": "netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02", - "name": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5:panel_65a1d845-2c17-4bd6-8cd8-d8c651d89bd5", - "type": "visualization" - }, - { - "id": "netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02", - "name": "b2f14091-11cf-492c-bd71-06a8096e4cc2:panel_b2f14091-11cf-492c-bd71-06a8096e4cc2", - "type": "visualization" - }, - { - "id": "netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02", - "name": "e0331a0a-3091-48e8-8591-31ed4cb1e001:panel_e0331a0a-3091-48e8-8591-31ed4cb1e001", - "type": "visualization" - }, - { - "id": "netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02", - "name": "99617f89-4bf3-4426-9d51-d486cde5c8a6:panel_99617f89-4bf3-4426-9d51-d486cde5c8a6", - "type": "visualization" - }, - { - "id": "netskope-d1189e60-71df-11ec-8c4b-cb281099ee02", - "name": "44f4cc45-f34e-4034-aa95-aab9bae9be7b:panel_44f4cc45-f34e-4034-aa95-aab9bae9be7b", - "type": "visualization" - }, - { - "id": "netskope-b0b26610-71df-11ec-8c4b-cb281099ee02", - "name": "f01b8e09-267d-433e-965b-20d3483143a6:panel_f01b8e09-267d-433e-965b-20d3483143a6", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "f01b8e09-267d-433e-965b-20d3483143a6", + "w": 24, + "x": 0, + "y": 180 + }, + "panelIndex": "f01b8e09-267d-433e-965b-20d3483143a6", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Alerts] Quarantine", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "6fa82f60-f04f-444f-ba2f-00773e1e6108:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6fa82f60-f04f-444f-ba2f-00773e1e6108:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6fa82f60-f04f-444f-ba2f-00773e1e6108:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4652af1f-2400-4b6c-bc5e-571191e2a14f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4652af1f-2400-4b6c-bc5e-571191e2a14f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4652af1f-2400-4b6c-bc5e-571191e2a14f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "45c067c5-0e47-4988-90f8-fc788f006afd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "45c067c5-0e47-4988-90f8-fc788f006afd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "45c067c5-0e47-4988-90f8-fc788f006afd:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a9793bf2-d220-4b8c-a5b5-ce31043445f9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a9793bf2-d220-4b8c-a5b5-ce31043445f9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a9793bf2-d220-4b8c-a5b5-ce31043445f9:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "feaa25d0-fc21-4688-ad80-aac792a6f5a7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "feaa25d0-fc21-4688-ad80-aac792a6f5a7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "afe687dc-fbb2-4277-b415-2d63dc660034:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "afe687dc-fbb2-4277-b415-2d63dc660034:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "84973327-83fa-4d3e-a605-942aa2f8d165:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "84973327-83fa-4d3e-a605-942aa2f8d165:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b4492c2d-8d65-4ba1-88ff-477837e47ba7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b4492c2d-8d65-4ba1-88ff-477837e47ba7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1ff971d6-add3-4c2e-b392-13c5487ac4ee:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1ff971d6-add3-4c2e-b392-13c5487ac4ee:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e9392a59-5f4d-405d-8779-6b1400c25493:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e9392a59-5f4d-405d-8779-6b1400c25493:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f722efca-df82-46e8-bb4d-8217b1fac3e3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f722efca-df82-46e8-bb4d-8217b1fac3e3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c4361bf-c0be-44e9-a898-0f2de9b10187:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c4361bf-c0be-44e9-a898-0f2de9b10187:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a65412a1-13cd-40ed-900e-4fc49f388ee7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a65412a1-13cd-40ed-900e-4fc49f388ee7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "eb9e1079-4966-4ae9-abbf-e0df000f17d6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "eb9e1079-4966-4ae9-abbf-e0df000f17d6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d726178a-8c9a-465c-ac2d-974f77abb85f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d726178a-8c9a-465c-ac2d-974f77abb85f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d726178a-8c9a-465c-ac2d-974f77abb85f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5d065d8d-9b03-4707-9c50-4b655a013932:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5d065d8d-9b03-4707-9c50-4b655a013932:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b2f14091-11cf-492c-bd71-06a8096e4cc2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b2f14091-11cf-492c-bd71-06a8096e4cc2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e0331a0a-3091-48e8-8591-31ed4cb1e001:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e0331a0a-3091-48e8-8591-31ed4cb1e001:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "99617f89-4bf3-4426-9d51-d486cde5c8a6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "99617f89-4bf3-4426-9d51-d486cde5c8a6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "44f4cc45-f34e-4034-aa95-aab9bae9be7b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "44f4cc45-f34e-4034-aa95-aab9bae9be7b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f01b8e09-267d-433e-965b-20d3483143a6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f01b8e09-267d-433e-965b-20d3483143a6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json index e1c41490c80..d969188ff70 100644 --- a/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json @@ -1,474 +1,2918 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcxOSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "Security Assessment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "Security Assessment" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of SA Alerts by SA Rule Severity", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "SA Rule Severity", + "field": "netskope.alerts.sa.rule.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "Security Assessment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "Security Assessment" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "Security Assessment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "Security Assessment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.sa.rule.severity", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.sa.rule.severity" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "9ecea79f-aedc-4c49-a78d-113c35d00646", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "9ecea79f-aedc-4c49-a78d-113c35d00646", - "panelRefName": "panel_9ecea79f-aedc-4c49-a78d-113c35d00646", - "type": "visualization", - "version": "7.16.2" + "gridData": { + "h": 15, + "i": "9ecea79f-aedc-4c49-a78d-113c35d00646", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "9ecea79f-aedc-4c49-a78d-113c35d00646", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of SA Alerts by Region Name", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "f7136693-69cc-43e0-b9ad-3b975bbe830a", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "f7136693-69cc-43e0-b9ad-3b975bbe830a", - "panelRefName": "panel_f7136693-69cc-43e0-b9ad-3b975bbe830a", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Region Name", + "field": "netskope.alerts.region.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "Security Assessment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "Security Assessment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.region.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.region.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f7136693-69cc-43e0-b9ad-3b975bbe830a", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "f7136693-69cc-43e0-b9ad-3b975bbe830a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Security Assessment Rule Name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6a352e9d-2bda-4c4d-a65f-70086fe9e098", - "w": 24, - "x": 0, - "y": 15 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "6a352e9d-2bda-4c4d-a65f-70086fe9e098", - "panelRefName": "panel_6a352e9d-2bda-4c4d-a65f-70086fe9e098", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Security Assessment Rule Name", + "field": "netskope.alerts.sa.rule.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "Security Assessment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "Security Assessment" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.sa.rule.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.sa.rule.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6a352e9d-2bda-4c4d-a65f-70086fe9e098", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "6a352e9d-2bda-4c4d-a65f-70086fe9e098", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Security Assessment Alert Names", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "48681f61-2ad6-4dac-aafd-895b2c267d93", - "w": 24, - "x": 24, - "y": 15 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "48681f61-2ad6-4dac-aafd-895b2c267d93", - "panelRefName": "panel_48681f61-2ad6-4dac-aafd-895b2c267d93", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Name", + "field": "netskope.alerts.alert.name", + "json": "", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "Security Assessment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "Security Assessment" + } } - }, - "gridData": { - "h": 15, - "i": "414e518e-6119-4905-9052-0bab7a7e53c2", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "414e518e-6119-4905-9052-0bab7a7e53c2", - "panelRefName": "panel_414e518e-6119-4905-9052-0bab7a7e53c2", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.alert.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.alert.name" + } } - }, - "gridData": { - "h": 15, - "i": "f52d5fe1-0317-4341-8828-34c8eb20e6c5", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "f52d5fe1-0317-4341-8828-34c8eb20e6c5", - "panelRefName": "panel_f52d5fe1-0317-4341-8828-34c8eb20e6c5", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "48681f61-2ad6-4dac-aafd-895b2c267d93", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "48681f61-2ad6-4dac-aafd-895b2c267d93", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Acknowledgement", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "dedb010c-aa2b-4849-a123-01d05df8391e", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "dedb010c-aa2b-4849-a123-01d05df8391e", - "panelRefName": "panel_dedb010c-aa2b-4849-a123-01d05df8391e", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : false" + }, + "label": "False" + }, + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : true" + }, + "label": "True" + } + ] + }, + "schema": "segment", + "type": "filters" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.acked", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.acked" + } } - }, - "gridData": { - "h": 15, - "i": "769bdbcd-f96e-41c7-ba73-76bc435f8573", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "769bdbcd-f96e-41c7-ba73-76bc435f8573", - "panelRefName": "panel_769bdbcd-f96e-41c7-ba73-76bc435f8573", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "414e518e-6119-4905-9052-0bab7a7e53c2", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "414e518e-6119-4905-9052-0bab7a7e53c2", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c15e2f15-51e0-450b-8b65-68ad53160156", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "c15e2f15-51e0-450b-8b65-68ad53160156", - "panelRefName": "panel_c15e2f15-51e0-450b-8b65-68ad53160156", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "75d0c42b-7852-4914-95e7-6d2e92b99bd0", - "w": 24, - "x": 24, - "y": 60 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "75d0c42b-7852-4914-95e7-6d2e92b99bd0", - "panelRefName": "panel_75d0c42b-7852-4914-95e7-6d2e92b99bd0", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.alerts.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f52d5fe1-0317-4341-8828-34c8eb20e6c5", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "f52d5fe1-0317-4341-8828-34c8eb20e6c5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Apps", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "abd95a27-a1f0-4808-88fb-3bb5f770f543", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "abd95a27-a1f0-4808-88fb-3bb5f770f543", - "panelRefName": "panel_abd95a27-a1f0-4808-88fb-3bb5f770f543", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.alerts.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "dedb010c-aa2b-4849-a123-01d05df8391e", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "dedb010c-aa2b-4849-a123-01d05df8391e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Browser", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c", - "w": 24, - "x": 24, - "y": 75 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "769bdbcd-f96e-41c7-ba73-76bc435f8573", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "769bdbcd-f96e-41c7-ba73-76bc435f8573", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c", - "panelRefName": "panel_15c3b9dc-93ee-48ca-a860-fd4f1b768c4c", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "c15e2f15-51e0-450b-8b65-68ad53160156", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "c15e2f15-51e0-450b-8b65-68ad53160156", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5fe16d63-f752-4c67-b033-54924d7a631a", - "w": 24, - "x": 0, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.alerts.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "75d0c42b-7852-4914-95e7-6d2e92b99bd0", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "75d0c42b-7852-4914-95e7-6d2e92b99bd0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "5fe16d63-f752-4c67-b033-54924d7a631a", - "panelRefName": "panel_5fe16d63-f752-4c67-b033-54924d7a631a", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.alerts.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.device.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.device.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "abd95a27-a1f0-4808-88fb-3bb5f770f543", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "abd95a27-a1f0-4808-88fb-3bb5f770f543", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad", - "w": 24, - "x": 24, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad", - "panelRefName": "panel_87ee17ee-d40e-4a43-b26f-9622bf1bcbad", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Object Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b", - "w": 24, - "x": 0, - "y": 120 - }, - "panelIndex": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b", - "panelRefName": "panel_802cd7a9-7704-4a53-b143-1b9a4f75cc2b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "netskope.alerts.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.object.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.object.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5fe16d63-f752-4c67-b033-54924d7a631a", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "5fe16d63-f752-4c67-b033-54924d7a631a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "f6e061ee-b7ac-47c8-9915-3fca33a23317", - "w": 24, - "x": 24, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "f6e061ee-b7ac-47c8-9915-3fca33a23317", - "panelRefName": "panel_f6e061ee-b7ac-47c8-9915-3fca33a23317", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.alerts.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Category ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5a0acb1a-ce64-413f-a582-567d7fa79fc0", - "w": 24, - "x": 0, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.alerts.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f6e061ee-b7ac-47c8-9915-3fca33a23317", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "f6e061ee-b7ac-47c8-9915-3fca33a23317", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Site", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "5a0acb1a-ce64-413f-a582-567d7fa79fc0", - "panelRefName": "panel_5a0acb1a-ce64-413f-a582-567d7fa79fc0", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.alerts.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5a0acb1a-ce64-413f-a582-567d7fa79fc0", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "5a0acb1a-ce64-413f-a582-567d7fa79fc0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Alert Type by User ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "f9e38ddf-3807-4283-8612-12890da9ddbe", - "w": 24, - "x": 24, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "f9e38ddf-3807-4283-8612-12890da9ddbe", - "panelRefName": "panel_f9e38ddf-3807-4283-8612-12890da9ddbe", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f9e38ddf-3807-4283-8612-12890da9ddbe", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "f9e38ddf-3807-4283-8612-12890da9ddbe", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Activity", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4f45dac1-2a01-418a-9174-86fa1d613f5f", - "w": 24, - "x": 0, - "y": 45 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "4f45dac1-2a01-418a-9174-86fa1d613f5f", - "panelRefName": "panel_4f45dac1-2a01-418a-9174-86fa1d613f5f", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Activity", + "field": "netskope.alerts.activity.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.activity.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.activity.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Alerts] Security Assessment", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-f9097160-71f3-11ec-8c4b-cb281099ee02", - "name": "9ecea79f-aedc-4c49-a78d-113c35d00646:panel_9ecea79f-aedc-4c49-a78d-113c35d00646", - "type": "visualization" - }, - { - "id": "netskope-7d7e2260-71f4-11ec-8c4b-cb281099ee02", - "name": "f7136693-69cc-43e0-b9ad-3b975bbe830a:panel_f7136693-69cc-43e0-b9ad-3b975bbe830a", - "type": "visualization" - }, - { - "id": "netskope-187e0140-71f5-11ec-8c4b-cb281099ee02", - "name": "6a352e9d-2bda-4c4d-a65f-70086fe9e098:panel_6a352e9d-2bda-4c4d-a65f-70086fe9e098", - "type": "visualization" - }, - { - "id": "netskope-9c6d6030-71f6-11ec-8c4b-cb281099ee02", - "name": "48681f61-2ad6-4dac-aafd-895b2c267d93:panel_48681f61-2ad6-4dac-aafd-895b2c267d93", - "type": "visualization" - }, - { - "id": "netskope-5f452920-71da-11ec-8c4b-cb281099ee02", - "name": "414e518e-6119-4905-9052-0bab7a7e53c2:panel_414e518e-6119-4905-9052-0bab7a7e53c2", - "type": "visualization" - }, - { - "id": "netskope-2b81f870-71da-11ec-8c4b-cb281099ee02", - "name": "f52d5fe1-0317-4341-8828-34c8eb20e6c5:panel_f52d5fe1-0317-4341-8828-34c8eb20e6c5", - "type": "visualization" - }, - { - "id": "netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02", - "name": "dedb010c-aa2b-4849-a123-01d05df8391e:panel_dedb010c-aa2b-4849-a123-01d05df8391e", - "type": "visualization" - }, - { - "id": "netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02", - "name": "769bdbcd-f96e-41c7-ba73-76bc435f8573:panel_769bdbcd-f96e-41c7-ba73-76bc435f8573", - "type": "visualization" - }, - { - "id": "netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02", - "name": "c15e2f15-51e0-450b-8b65-68ad53160156:panel_c15e2f15-51e0-450b-8b65-68ad53160156", - "type": "visualization" - }, - { - "id": "netskope-37409a80-71db-11ec-8c4b-cb281099ee02", - "name": "75d0c42b-7852-4914-95e7-6d2e92b99bd0:panel_75d0c42b-7852-4914-95e7-6d2e92b99bd0", - "type": "visualization" - }, - { - "id": "netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02", - "name": "abd95a27-a1f0-4808-88fb-3bb5f770f543:panel_abd95a27-a1f0-4808-88fb-3bb5f770f543", - "type": "visualization" - }, - { - "id": "netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02", - "name": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c:panel_15c3b9dc-93ee-48ca-a860-fd4f1b768c4c", - "type": "visualization" - }, - { - "id": "netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02", - "name": "5fe16d63-f752-4c67-b033-54924d7a631a:panel_5fe16d63-f752-4c67-b033-54924d7a631a", - "type": "visualization" - }, - { - "id": "netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02", - "name": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad:panel_87ee17ee-d40e-4a43-b26f-9622bf1bcbad", - "type": "visualization" - }, - { - "id": "netskope-a4745040-71dd-11ec-8c4b-cb281099ee02", - "name": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b:panel_802cd7a9-7704-4a53-b143-1b9a4f75cc2b", - "type": "visualization" - }, - { - "id": "netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02", - "name": "f6e061ee-b7ac-47c8-9915-3fca33a23317:panel_f6e061ee-b7ac-47c8-9915-3fca33a23317", - "type": "visualization" - }, - { - "id": "netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02", - "name": "5a0acb1a-ce64-413f-a582-567d7fa79fc0:panel_5a0acb1a-ce64-413f-a582-567d7fa79fc0", - "type": "visualization" - }, - { - "id": "netskope-8705deb0-71de-11ec-8c4b-cb281099ee02", - "name": "f9e38ddf-3807-4283-8612-12890da9ddbe:panel_f9e38ddf-3807-4283-8612-12890da9ddbe", - "type": "visualization" - }, - { - "id": "netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02", - "name": "4f45dac1-2a01-418a-9174-86fa1d613f5f:panel_4f45dac1-2a01-418a-9174-86fa1d613f5f", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "4f45dac1-2a01-418a-9174-86fa1d613f5f", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "4f45dac1-2a01-418a-9174-86fa1d613f5f", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Alerts] Security Assessment", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "9ecea79f-aedc-4c49-a78d-113c35d00646:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9ecea79f-aedc-4c49-a78d-113c35d00646:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9ecea79f-aedc-4c49-a78d-113c35d00646:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f7136693-69cc-43e0-b9ad-3b975bbe830a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f7136693-69cc-43e0-b9ad-3b975bbe830a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f7136693-69cc-43e0-b9ad-3b975bbe830a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6a352e9d-2bda-4c4d-a65f-70086fe9e098:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6a352e9d-2bda-4c4d-a65f-70086fe9e098:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6a352e9d-2bda-4c4d-a65f-70086fe9e098:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48681f61-2ad6-4dac-aafd-895b2c267d93:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48681f61-2ad6-4dac-aafd-895b2c267d93:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48681f61-2ad6-4dac-aafd-895b2c267d93:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "414e518e-6119-4905-9052-0bab7a7e53c2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "414e518e-6119-4905-9052-0bab7a7e53c2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f52d5fe1-0317-4341-8828-34c8eb20e6c5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f52d5fe1-0317-4341-8828-34c8eb20e6c5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dedb010c-aa2b-4849-a123-01d05df8391e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dedb010c-aa2b-4849-a123-01d05df8391e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "769bdbcd-f96e-41c7-ba73-76bc435f8573:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "769bdbcd-f96e-41c7-ba73-76bc435f8573:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c15e2f15-51e0-450b-8b65-68ad53160156:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c15e2f15-51e0-450b-8b65-68ad53160156:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "75d0c42b-7852-4914-95e7-6d2e92b99bd0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "75d0c42b-7852-4914-95e7-6d2e92b99bd0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "abd95a27-a1f0-4808-88fb-3bb5f770f543:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "abd95a27-a1f0-4808-88fb-3bb5f770f543:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5fe16d63-f752-4c67-b033-54924d7a631a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5fe16d63-f752-4c67-b033-54924d7a631a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f6e061ee-b7ac-47c8-9915-3fca33a23317:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f6e061ee-b7ac-47c8-9915-3fca33a23317:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a0acb1a-ce64-413f-a582-567d7fa79fc0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a0acb1a-ce64-413f-a582-567d7fa79fc0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f9e38ddf-3807-4283-8612-12890da9ddbe:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f9e38ddf-3807-4283-8612-12890da9ddbe:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f9e38ddf-3807-4283-8612-12890da9ddbe:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4f45dac1-2a01-418a-9174-86fa1d613f5f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4f45dac1-2a01-418a-9174-86fa1d613f5f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json index 8456963a02b..ff5a991fd9b 100644 --- a/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json @@ -1,522 +1,3346 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Policy used", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Name", + "field": "netskope.events.policy.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.policy.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.policy.name" + } + } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "de113850-0514-4327-bf4a-96fd3bff0aa1", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "de113850-0514-4327-bf4a-96fd3bff0aa1", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "de113850-0514-4327-bf4a-96fd3bff0aa1", - "panelRefName": "panel_de113850-0514-4327-bf4a-96fd3bff0aa1", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "de113850-0514-4327-bf4a-96fd3bff0aa1", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Networks Events by IP Protocol", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842", - "panelRefName": "panel_81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "1ae18052-f555-4f33-b76c-7f425a337c95", - "w": 24, - "x": 0, - "y": 15 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "1ae18052-f555-4f33-b76c-7f425a337c95", - "panelRefName": "panel_1ae18052-f555-4f33-b76c-7f425a337c95", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Protocol", + "field": "netskope.events.ip.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } } - }, - "gridData": { - "h": 15, - "i": "cf91b73d-8723-4207-a9db-2f2eec6dbc83", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "cf91b73d-8723-4207-a9db-2f2eec6dbc83", - "panelRefName": "panel_cf91b73d-8723-4207-a9db-2f2eec6dbc83", - "type": "visualization", - "version": "7.16.2" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.ip.protocol", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ip.protocol" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Networks Events by Protocol", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "40a99b00-0503-4360-b2ee-4758402ddbc6", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "40a99b00-0503-4360-b2ee-4758402ddbc6", - "panelRefName": "panel_40a99b00-0503-4360-b2ee-4758402ddbc6", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocol", + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "network.protocol", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "network.protocol" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1ae18052-f555-4f33-b76c-7f425a337c95", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "1ae18052-f555-4f33-b76c-7f425a337c95", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Network Events by Tunnel Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c56aec99-3085-448f-b3ce-d68d4d758354", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "c56aec99-3085-448f-b3ce-d68d4d758354", - "panelRefName": "panel_c56aec99-3085-448f-b3ce-d68d4d758354", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "cfbe5876-f02d-42c0-ae50-b85b43223f2d", - "w": 24, - "x": 0, - "y": 45 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "cfbe5876-f02d-42c0-ae50-b85b43223f2d", - "panelRefName": "panel_cfbe5876-f02d-42c0-ae50-b85b43223f2d", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Tunnel Type", + "field": "netskope.events.tunnel.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.tunnel.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.tunnel.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cf91b73d-8723-4207-a9db-2f2eec6dbc83", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "cf91b73d-8723-4207-a9db-2f2eec6dbc83", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Tunnel Uptime Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Tunnel Uptime" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Tunnel Uptime" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Tunnel Uptime", + "field": "netskope.events.tunnel.up_time", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" }, - "gridData": { - "h": 15, - "i": "91fb5be5-9fe1-446c-b5de-0a9844698834", - "w": 24, - "x": 24, - "y": 45 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "91fb5be5-9fe1-446c-b5de-0a9844698834", - "panelRefName": "panel_91fb5be5-9fe1-446c-b5de-0a9844698834", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Tunnel Type", + "field": "netskope.events.tunnel.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.tunnel.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.tunnel.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "netskope.events.tunnel.up_time", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.tunnel.up_time" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "40a99b00-0503-4360-b2ee-4758402ddbc6", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "40a99b00-0503-4360-b2ee-4758402ddbc6", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Network Events by Action", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217", - "w": 24, - "x": 0, - "y": 60 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217", - "panelRefName": "panel_e89d1bab-dd1c-4b06-bad0-77f26fb8e217", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.action", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "event.action" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "c56aec99-3085-448f-b3ce-d68d4d758354", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "c56aec99-3085-448f-b3ce-d68d4d758354", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by OS, OS Version", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "cafd5a6f-d702-4870-b85d-8c5619997cb6", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "cafd5a6f-d702-4870-b85d-8c5619997cb6", - "panelRefName": "panel_cafd5a6f-d702-4870-b85d-8c5619997cb6", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": true, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "199442bd-7bb0-4112-ade5-3264743defd1", - "w": 24, - "x": 0, - "y": 75 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS", + "field": "user_agent.os.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "199442bd-7bb0-4112-ade5-3264743defd1", - "panelRefName": "panel_199442bd-7bb0-4112-ade5-3264743defd1", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.os.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.os.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.os.name" + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user_agent.os.version", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.os.version" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cfbe5876-f02d-42c0-ae50-b85b43223f2d", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "cfbe5876-f02d-42c0-ae50-b85b43223f2d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Location, Source Region, Source Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "90e8a139-5ac8-4a10-a5ed-802d30eca519", - "w": 24, - "x": 24, - "y": 75 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Location", + "field": "source.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "90e8a139-5ac8-4a10-a5ed-802d30eca519", - "panelRefName": "panel_90e8a139-5ac8-4a10-a5ed-802d30eca519", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Region", + "field": "source.geo.region_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 15, - "i": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339", - "w": 24, - "x": 0, - "y": 90 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.city_name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "source.geo.region_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.region_name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "source.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "91fb5be5-9fe1-446c-b5de-0a9844698834", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "91fb5be5-9fe1-446c-b5de-0a9844698834", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Highest Tunnel Uptime for Tunnel Type", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Max Tunnel Uptime", + "field": "netskope.events.tunnel.up_time" + }, + "schema": "metric", + "type": "max" }, - "panelIndex": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339", - "panelRefName": "panel_3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Tunnel Type", + "field": "netskope.events.tunnel.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "network" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.tunnel.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.tunnel.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "netskope.events.tunnel.up_time", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.tunnel.up_time" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Location, Destination Region, Destination Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "cbe6b18e-b303-4b00-b573-f9856a82e15e", - "w": 24, - "x": 24, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Location", + "field": "destination.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "cbe6b18e-b303-4b00-b573-f9856a82e15e", - "panelRefName": "panel_cbe6b18e-b303-4b00-b573-f9856a82e15e", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Region", + "field": "destination.geo.region_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.country_iso_code" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "destination.geo.region_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.region_name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "destination.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cafd5a6f-d702-4870-b85d-8c5619997cb6", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "cafd5a6f-d702-4870-b85d-8c5619997cb6", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "68eae1da-9479-4de6-a888-790e7bee6449", - "w": 24, - "x": 0, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "199442bd-7bb0-4112-ade5-3264743defd1", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "199442bd-7bb0-4112-ade5-3264743defd1", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "68eae1da-9479-4de6-a888-790e7bee6449", - "panelRefName": "panel_68eae1da-9479-4de6-a888-790e7bee6449", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.events.device.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.device.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.device.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "90e8a139-5ac8-4a10-a5ed-802d30eca519", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "90e8a139-5ac8-4a10-a5ed-802d30eca519", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Application Activities", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.events.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.name" + } } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top Users By Access Method", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8368a6ca-b543-4adc-a9c5-624e74497329", - "w": 24, - "x": 24, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "8368a6ca-b543-4adc-a9c5-624e74497329", - "panelRefName": "panel_8368a6ca-b543-4adc-a9c5-624e74497329", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cbe6b18e-b303-4b00-b573-f9856a82e15e", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "cbe6b18e-b303-4b00-b573-f9856a82e15e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Sites", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4b05e711-810e-4014-9b25-0bd307954aa0", - "w": 24, - "x": 0, - "y": 120 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "4b05e711-810e-4014-9b25-0bd307954aa0", - "panelRefName": "panel_4b05e711-810e-4014-9b25-0bd307954aa0", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.events.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "68eae1da-9479-4de6-a888-790e7bee6449", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "68eae1da-9479-4de6-a888-790e7bee6449", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "893dd429-9e30-4fd6-9419-dbe51aafc104", - "w": 24, - "x": 24, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.events.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8368a6ca-b543-4adc-a9c5-624e74497329", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "8368a6ca-b543-4adc-a9c5-624e74497329", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "893dd429-9e30-4fd6-9419-dbe51aafc104", - "panelRefName": "panel_893dd429-9e30-4fd6-9419-dbe51aafc104", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4b05e711-810e-4014-9b25-0bd307954aa0", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "4b05e711-810e-4014-9b25-0bd307954aa0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time for Events", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb", - "w": 24, - "x": 0, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb", - "panelRefName": "panel_5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "893dd429-9e30-4fd6-9419-dbe51aafc104", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "893dd429-9e30-4fd6-9419-dbe51aafc104", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "39191fce-eb15-468c-ad46-923e47f84456", - "w": 24, - "x": 24, - "y": 135 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "39191fce-eb15-468c-ad46-923e47f84456", - "panelRefName": "panel_39191fce-eb15-468c-ad46-923e47f84456", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.events.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "aedad988-c987-4390-b904-8ed71a118d4d", - "w": 24, - "x": 0, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.events.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "39191fce-eb15-468c-ad46-923e47f84456", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "39191fce-eb15-468c-ad46-923e47f84456", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "aedad988-c987-4390-b904-8ed71a118d4d", - "panelRefName": "panel_aedad988-c987-4390-b904-8ed71a118d4d", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.events.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Events] Network", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-55144a90-72ab-11ec-8c4b-cb281099ee02", - "name": "de113850-0514-4327-bf4a-96fd3bff0aa1:panel_de113850-0514-4327-bf4a-96fd3bff0aa1", - "type": "visualization" - }, - { - "id": "netskope-7d1142a0-72ab-11ec-8c4b-cb281099ee02", - "name": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842:panel_81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842", - "type": "visualization" - }, - { - "id": "netskope-a2047d20-72ab-11ec-8c4b-cb281099ee02", - "name": "1ae18052-f555-4f33-b76c-7f425a337c95:panel_1ae18052-f555-4f33-b76c-7f425a337c95", - "type": "visualization" - }, - { - "id": "netskope-327320f0-72ac-11ec-8c4b-cb281099ee02", - "name": "cf91b73d-8723-4207-a9db-2f2eec6dbc83:panel_cf91b73d-8723-4207-a9db-2f2eec6dbc83", - "type": "visualization" - }, - { - "id": "netskope-2044d2a0-72ae-11ec-8c4b-cb281099ee02", - "name": "40a99b00-0503-4360-b2ee-4758402ddbc6:panel_40a99b00-0503-4360-b2ee-4758402ddbc6", - "type": "visualization" - }, - { - "id": "netskope-5982c0e0-72ae-11ec-8c4b-cb281099ee02", - "name": "c56aec99-3085-448f-b3ce-d68d4d758354:panel_c56aec99-3085-448f-b3ce-d68d4d758354", - "type": "visualization" - }, - { - "id": "netskope-dbdd48a0-72a7-11ec-8c4b-cb281099ee02", - "name": "cfbe5876-f02d-42c0-ae50-b85b43223f2d:panel_cfbe5876-f02d-42c0-ae50-b85b43223f2d", - "type": "visualization" - }, - { - "id": "netskope-40a01500-72db-11ec-8c4b-cb281099ee02", - "name": "91fb5be5-9fe1-446c-b5de-0a9844698834:panel_91fb5be5-9fe1-446c-b5de-0a9844698834", - "type": "visualization" - }, - { - "id": "netskope-464ce970-72b7-11ec-8c4b-cb281099ee02", - "name": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217:panel_e89d1bab-dd1c-4b06-bad0-77f26fb8e217", - "type": "visualization" - }, - { - "id": "netskope-891546c0-72db-11ec-8c4b-cb281099ee02", - "name": "cafd5a6f-d702-4870-b85d-8c5619997cb6:panel_cafd5a6f-d702-4870-b85d-8c5619997cb6", - "type": "visualization" - }, - { - "id": "netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02", - "name": "199442bd-7bb0-4112-ade5-3264743defd1:panel_199442bd-7bb0-4112-ade5-3264743defd1", - "type": "visualization" - }, - { - "id": "netskope-41932530-72a7-11ec-8c4b-cb281099ee02", - "name": "90e8a139-5ac8-4a10-a5ed-802d30eca519:panel_90e8a139-5ac8-4a10-a5ed-802d30eca519", - "type": "visualization" - }, - { - "id": "netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02", - "name": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339:panel_3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339", - "type": "visualization" - }, - { - "id": "netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02", - "name": "cbe6b18e-b303-4b00-b573-f9856a82e15e:panel_cbe6b18e-b303-4b00-b573-f9856a82e15e", - "type": "visualization" - }, - { - "id": "netskope-357672b0-72a8-11ec-8c4b-cb281099ee02", - "name": "68eae1da-9479-4de6-a888-790e7bee6449:panel_68eae1da-9479-4de6-a888-790e7bee6449", - "type": "visualization" - }, - { - "id": "netskope-d9596770-72a8-11ec-8c4b-cb281099ee02", - "name": "8368a6ca-b543-4adc-a9c5-624e74497329:panel_8368a6ca-b543-4adc-a9c5-624e74497329", - "type": "visualization" - }, - { - "id": "netskope-47132800-72a9-11ec-8c4b-cb281099ee02", - "name": "4b05e711-810e-4014-9b25-0bd307954aa0:panel_4b05e711-810e-4014-9b25-0bd307954aa0", - "type": "visualization" - }, - { - "id": "netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02", - "name": "893dd429-9e30-4fd6-9419-dbe51aafc104:panel_893dd429-9e30-4fd6-9419-dbe51aafc104", - "type": "visualization" - }, - { - "id": "netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02", - "name": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb:panel_5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb", - "type": "visualization" - }, - { - "id": "netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02", - "name": "39191fce-eb15-468c-ad46-923e47f84456:panel_39191fce-eb15-468c-ad46-923e47f84456", - "type": "visualization" - }, - { - "id": "netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02", - "name": "aedad988-c987-4390-b904-8ed71a118d4d:panel_aedad988-c987-4390-b904-8ed71a118d4d", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "aedad988-c987-4390-b904-8ed71a118d4d", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "aedad988-c987-4390-b904-8ed71a118d4d", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Events] Network", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "de113850-0514-4327-bf4a-96fd3bff0aa1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "de113850-0514-4327-bf4a-96fd3bff0aa1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "de113850-0514-4327-bf4a-96fd3bff0aa1:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1ae18052-f555-4f33-b76c-7f425a337c95:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1ae18052-f555-4f33-b76c-7f425a337c95:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1ae18052-f555-4f33-b76c-7f425a337c95:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cf91b73d-8723-4207-a9db-2f2eec6dbc83:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cf91b73d-8723-4207-a9db-2f2eec6dbc83:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cf91b73d-8723-4207-a9db-2f2eec6dbc83:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "40a99b00-0503-4360-b2ee-4758402ddbc6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "40a99b00-0503-4360-b2ee-4758402ddbc6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "40a99b00-0503-4360-b2ee-4758402ddbc6:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "40a99b00-0503-4360-b2ee-4758402ddbc6:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c56aec99-3085-448f-b3ce-d68d4d758354:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c56aec99-3085-448f-b3ce-d68d4d758354:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c56aec99-3085-448f-b3ce-d68d4d758354:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cfbe5876-f02d-42c0-ae50-b85b43223f2d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cfbe5876-f02d-42c0-ae50-b85b43223f2d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cfbe5876-f02d-42c0-ae50-b85b43223f2d:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "91fb5be5-9fe1-446c-b5de-0a9844698834:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "91fb5be5-9fe1-446c-b5de-0a9844698834:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "91fb5be5-9fe1-446c-b5de-0a9844698834:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "91fb5be5-9fe1-446c-b5de-0a9844698834:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cafd5a6f-d702-4870-b85d-8c5619997cb6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cafd5a6f-d702-4870-b85d-8c5619997cb6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cafd5a6f-d702-4870-b85d-8c5619997cb6:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cafd5a6f-d702-4870-b85d-8c5619997cb6:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "199442bd-7bb0-4112-ade5-3264743defd1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "199442bd-7bb0-4112-ade5-3264743defd1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "90e8a139-5ac8-4a10-a5ed-802d30eca519:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "90e8a139-5ac8-4a10-a5ed-802d30eca519:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cbe6b18e-b303-4b00-b573-f9856a82e15e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cbe6b18e-b303-4b00-b573-f9856a82e15e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cbe6b18e-b303-4b00-b573-f9856a82e15e:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "68eae1da-9479-4de6-a888-790e7bee6449:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "68eae1da-9479-4de6-a888-790e7bee6449:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8368a6ca-b543-4adc-a9c5-624e74497329:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8368a6ca-b543-4adc-a9c5-624e74497329:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4b05e711-810e-4014-9b25-0bd307954aa0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4b05e711-810e-4014-9b25-0bd307954aa0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "893dd429-9e30-4fd6-9419-dbe51aafc104:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "893dd429-9e30-4fd6-9419-dbe51aafc104:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "39191fce-eb15-468c-ad46-923e47f84456:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "39191fce-eb15-468c-ad46-923e47f84456:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aedad988-c987-4390-b904-8ed71a118d4d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aedad988-c987-4390-b904-8ed71a118d4d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json index d9e0d3d9069..3d4d924bafa 100644 --- a/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json @@ -1,147 +1,786 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "infrastructure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "infrastructure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Infrastructure Events by Alarm Name ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alarm Name", + "field": "netskope.events.alarm.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "infrastructure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "infrastructure" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "infrastructure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "infrastructure" + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.alarm.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.alarm.name" + } + } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "eef1d418-6eb7-4ca7-963c-376163e018cc", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "eef1d418-6eb7-4ca7-963c-376163e018cc", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "eef1d418-6eb7-4ca7-963c-376163e018cc", - "panelRefName": "panel_eef1d418-6eb7-4ca7-963c-376163e018cc", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "eef1d418-6eb7-4ca7-963c-376163e018cc", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Infrastructure Events by Device Name", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b8ce0876-320e-4903-919e-3101df39f199", - "w": 24, - "x": 24, - "y": 0 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "b8ce0876-320e-4903-919e-3101df39f199", - "panelRefName": "panel_b8ce0876-320e-4903-919e-3101df39f199", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Name", + "field": "netskope.events.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 8 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "infrastructure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "infrastructure" + } } - }, - "gridData": { - "h": 15, - "i": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a", - "panelRefName": "panel_bcd7cd0f-3d14-4165-ad36-411e407c1b3a", - "type": "visualization", - "version": "7.16.2" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.device.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.device.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b8ce0876-320e-4903-919e-3101df39f199", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "b8ce0876-320e-4903-919e-3101df39f199", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Severity", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "cb25209c-af4f-46d4-8055-e0165377c186", - "w": 24, - "x": 24, - "y": 15 + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "cb25209c-af4f-46d4-8055-e0165377c186", - "panelRefName": "panel_cb25209c-af4f-46d4-8055-e0165377c186", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "netskope.events.severity.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.severity.level", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.severity.level" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Events] Infrastructure", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netskope-e2e46e60-72ae-11ec-8c4b-cb281099ee02", - "name": "eef1d418-6eb7-4ca7-963c-376163e018cc:panel_eef1d418-6eb7-4ca7-963c-376163e018cc", - "type": "visualization" + "gridData": { + "h": 15, + "i": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "netskope-719e0f30-72af-11ec-8c4b-cb281099ee02", - "name": "b8ce0876-320e-4903-919e-3101df39f199:panel_b8ce0876-320e-4903-919e-3101df39f199", - "type": "visualization" + "panelIndex": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Severity Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Severity", + "field": "netskope.events.severity.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 13 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.severity.level", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.severity.level" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-914898a0-72af-11ec-8c4b-cb281099ee02", - "name": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a:panel_bcd7cd0f-3d14-4165-ad36-411e407c1b3a", - "type": "visualization" + "gridData": { + "h": 15, + "i": "cb25209c-af4f-46d4-8055-e0165377c186", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "netskope-c01026d0-72af-11ec-8c4b-cb281099ee02", - "name": "cb25209c-af4f-46d4-8055-e0165377c186:panel_cb25209c-af4f-46d4-8055-e0165377c186", - "type": "visualization" - } + "panelIndex": "cb25209c-af4f-46d4-8055-e0165377c186", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Events] Infrastructure", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "eef1d418-6eb7-4ca7-963c-376163e018cc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "eef1d418-6eb7-4ca7-963c-376163e018cc:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "eef1d418-6eb7-4ca7-963c-376163e018cc:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ce0876-320e-4903-919e-3101df39f199:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ce0876-320e-4903-919e-3101df39f199:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ce0876-320e-4903-919e-3101df39f199:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb25209c-af4f-46d4-8055-e0165377c186:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb25209c-af4f-46d4-8055-e0165377c186:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json index 1b1d0ce1acd..250d5a3906a 100644 --- a/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json @@ -1,339 +1,1988 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope][Events] Select Event Type", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "netskope.events.event_type", + "id": "1641881851553", + "indexPatternRefName": "control_0_index_pattern", + "label": "Event Type Selection", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "26fbf4d7-3b96-4d0a-a206-1c0b6c36a654", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "26fbf4d7-3b96-4d0a-a206-1c0b6c36a654", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "26fbf4d7-3b96-4d0a-a206-1c0b6c36a654", - "panelRefName": "panel_26fbf4d7-3b96-4d0a-a206-1c0b6c36a654", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "26fbf4d7-3b96-4d0a-a206-1c0b6c36a654", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Event Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "5a43e517-99d6-425a-b5cb-7ee124b327e7", - "w": 24, - "x": 0, - "y": 5 - }, - "panelIndex": "5a43e517-99d6-425a-b5cb-7ee124b327e7", - "panelRefName": "panel_5a43e517-99d6-425a-b5cb-7ee124b327e7", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6a0e0f49-951b-47ca-8664-5507bae1d7f4", - "w": 24, - "x": 24, - "y": 5 - }, - "panelIndex": "6a0e0f49-951b-47ca-8664-5507bae1d7f4", - "panelRefName": "panel_6a0e0f49-951b-47ca-8664-5507bae1d7f4", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "netskope.events.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.event_type" + } } - }, - "gridData": { - "h": 15, - "i": "067dda5d-b9eb-495c-b663-5bb1eaa164da", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "067dda5d-b9eb-495c-b663-5bb1eaa164da", - "panelRefName": "panel_067dda5d-b9eb-495c-b663-5bb1eaa164da", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5a43e517-99d6-425a-b5cb-7ee124b327e7", + "w": 24, + "x": 0, + "y": 5 + }, + "panelIndex": "5a43e517-99d6-425a-b5cb-7ee124b327e7", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "26a44d07-f0e4-4c58-a209-ebe227dfe682", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "26a44d07-f0e4-4c58-a209-ebe227dfe682", - "panelRefName": "panel_26a44d07-f0e4-4c58-a209-ebe227dfe682", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "98d0578d-b4f5-46f6-8c5d-db6939548a41", - "w": 24, - "x": 0, - "y": 35 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "98d0578d-b4f5-46f6-8c5d-db6939548a41", - "panelRefName": "panel_98d0578d-b4f5-46f6-8c5d-db6939548a41", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } } - }, - "gridData": { - "h": 15, - "i": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716", - "w": 24, - "x": 24, - "y": 35 - }, - "panelIndex": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716", - "panelRefName": "panel_1150af83-f4ee-4aa3-8b31-7d5c5dccc716", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "822a62d6-ed17-4a9c-bcbc-b29b25538156", - "w": 24, - "x": 0, - "y": 50 - }, - "panelIndex": "822a62d6-ed17-4a9c-bcbc-b29b25538156", - "panelRefName": "panel_822a62d6-ed17-4a9c-bcbc-b29b25538156", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6a0e0f49-951b-47ca-8664-5507bae1d7f4", + "w": 24, + "x": 24, + "y": 5 + }, + "panelIndex": "6a0e0f49-951b-47ca-8664-5507bae1d7f4", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec", - "w": 24, - "x": 24, - "y": 50 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec", - "panelRefName": "panel_5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.events.device.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.device.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.device.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "067dda5d-b9eb-495c-b663-5bb1eaa164da", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "067dda5d-b9eb-495c-b663-5bb1eaa164da", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Application Activities", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1773342f-dd53-4c10-9b38-82b4e09a7395", - "w": 24, - "x": 0, - "y": 65 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "1773342f-dd53-4c10-9b38-82b4e09a7395", - "panelRefName": "panel_1773342f-dd53-4c10-9b38-82b4e09a7395", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.events.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "26a44d07-f0e4-4c58-a209-ebe227dfe682", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "26a44d07-f0e4-4c58-a209-ebe227dfe682", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b", - "w": 24, - "x": 24, - "y": 65 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b", - "panelRefName": "panel_e297318d-0e02-4fc2-a5dd-6b6d57f5e35b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "98d0578d-b4f5-46f6-8c5d-db6939548a41", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "98d0578d-b4f5-46f6-8c5d-db6939548a41", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "d9355657-e78e-4edf-89b0-4f0e0698372e", - "w": 24, - "x": 0, - "y": 80 - }, - "panelIndex": "d9355657-e78e-4edf-89b0-4f0e0698372e", - "panelRefName": "panel_d9355657-e78e-4edf-89b0-4f0e0698372e", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.events.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "82495547-fdb7-4c0c-8e55-83246013d66f", - "w": 24, - "x": 24, - "y": 80 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "82495547-fdb7-4c0c-8e55-83246013d66f", - "panelRefName": "panel_82495547-fdb7-4c0c-8e55-83246013d66f", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.events.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "822a62d6-ed17-4a9c-bcbc-b29b25538156", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "822a62d6-ed17-4a9c-bcbc-b29b25538156", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time for Events", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "c291aef0-c76c-4c83-ae56-2c2126f817a7", - "w": 24, - "x": 0, - "y": 95 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "c291aef0-c76c-4c83-ae56-2c2126f817a7", - "panelRefName": "panel_c291aef0-c76c-4c83-ae56-2c2126f817a7", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } } - ], - "timeRestore": false, - "title": "[Netskope] Events Overview", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "netskope-a6e2ecf0-72a6-11ec-8c4b-cb281099ee02", - "name": "26fbf4d7-3b96-4d0a-a206-1c0b6c36a654:panel_26fbf4d7-3b96-4d0a-a206-1c0b6c36a654", - "type": "visualization" - }, - { - "id": "netskope-e15f2790-72a6-11ec-8c4b-cb281099ee02", - "name": "5a43e517-99d6-425a-b5cb-7ee124b327e7:panel_5a43e517-99d6-425a-b5cb-7ee124b327e7", - "type": "visualization" + } }, - { - "id": "netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02", - "name": "6a0e0f49-951b-47ca-8664-5507bae1d7f4:panel_6a0e0f49-951b-47ca-8664-5507bae1d7f4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec", + "w": 24, + "x": 24, + "y": 50 }, - { - "id": "netskope-41932530-72a7-11ec-8c4b-cb281099ee02", - "name": "067dda5d-b9eb-495c-b663-5bb1eaa164da:panel_067dda5d-b9eb-495c-b663-5bb1eaa164da", - "type": "visualization" + "panelIndex": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.events.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02", - "name": "26a44d07-f0e4-4c58-a209-ebe227dfe682:panel_26a44d07-f0e4-4c58-a209-ebe227dfe682", - "type": "visualization" + "gridData": { + "h": 15, + "i": "1773342f-dd53-4c10-9b38-82b4e09a7395", + "w": 24, + "x": 0, + "y": 65 }, - { - "id": "netskope-47132800-72a9-11ec-8c4b-cb281099ee02", - "name": "98d0578d-b4f5-46f6-8c5d-db6939548a41:panel_98d0578d-b4f5-46f6-8c5d-db6939548a41", - "type": "visualization" + "panelIndex": "1773342f-dd53-4c10-9b38-82b4e09a7395", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Source Region", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Region", + "field": "source.geo.region_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 7 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.region_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.region_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-d9596770-72a8-11ec-8c4b-cb281099ee02", - "name": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716:panel_1150af83-f4ee-4aa3-8b31-7d5c5dccc716", - "type": "visualization" + "gridData": { + "h": 15, + "i": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b", + "w": 24, + "x": 24, + "y": 65 }, - { - "id": "netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02", - "name": "822a62d6-ed17-4a9c-bcbc-b29b25538156:panel_822a62d6-ed17-4a9c-bcbc-b29b25538156", - "type": "visualization" + "panelIndex": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Sites", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.events.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02", - "name": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec:panel_5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec", - "type": "visualization" + "gridData": { + "h": 15, + "i": "d9355657-e78e-4edf-89b0-4f0e0698372e", + "w": 24, + "x": 0, + "y": 80 }, - { - "id": "netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02", - "name": "1773342f-dd53-4c10-9b38-82b4e09a7395:panel_1773342f-dd53-4c10-9b38-82b4e09a7395", - "type": "visualization" + "panelIndex": "d9355657-e78e-4edf-89b0-4f0e0698372e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.events.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02", - "name": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b:panel_e297318d-0e02-4fc2-a5dd-6b6d57f5e35b", - "type": "visualization" + "gridData": { + "h": 15, + "i": "82495547-fdb7-4c0c-8e55-83246013d66f", + "w": 24, + "x": 24, + "y": 80 }, - { - "id": "netskope-357672b0-72a8-11ec-8c4b-cb281099ee02", - "name": "d9355657-e78e-4edf-89b0-4f0e0698372e:panel_d9355657-e78e-4edf-89b0-4f0e0698372e", - "type": "visualization" + "panelIndex": "82495547-fdb7-4c0c-8e55-83246013d66f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top Users By Access Method", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02", - "name": "82495547-fdb7-4c0c-8e55-83246013d66f:panel_82495547-fdb7-4c0c-8e55-83246013d66f", - "type": "visualization" + "gridData": { + "h": 15, + "i": "c291aef0-c76c-4c83-ae56-2c2126f817a7", + "w": 24, + "x": 0, + "y": 95 }, - { - "id": "netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02", - "name": "c291aef0-c76c-4c83-ae56-2c2126f817a7:panel_c291aef0-c76c-4c83-ae56-2c2126f817a7", - "type": "visualization" - } + "panelIndex": "c291aef0-c76c-4c83-ae56-2c2126f817a7", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope] Events Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "26fbf4d7-3b96-4d0a-a206-1c0b6c36a654:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a43e517-99d6-425a-b5cb-7ee124b327e7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a43e517-99d6-425a-b5cb-7ee124b327e7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6a0e0f49-951b-47ca-8664-5507bae1d7f4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6a0e0f49-951b-47ca-8664-5507bae1d7f4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "067dda5d-b9eb-495c-b663-5bb1eaa164da:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "067dda5d-b9eb-495c-b663-5bb1eaa164da:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "26a44d07-f0e4-4c58-a209-ebe227dfe682:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "26a44d07-f0e4-4c58-a209-ebe227dfe682:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "98d0578d-b4f5-46f6-8c5d-db6939548a41:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "98d0578d-b4f5-46f6-8c5d-db6939548a41:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "822a62d6-ed17-4a9c-bcbc-b29b25538156:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "822a62d6-ed17-4a9c-bcbc-b29b25538156:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1773342f-dd53-4c10-9b38-82b4e09a7395:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1773342f-dd53-4c10-9b38-82b4e09a7395:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d9355657-e78e-4edf-89b0-4f0e0698372e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d9355657-e78e-4edf-89b0-4f0e0698372e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "82495547-fdb7-4c0c-8e55-83246013d66f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "82495547-fdb7-4c0c-8e55-83246013d66f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c291aef0-c76c-4c83-ae56-2c2126f817a7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c291aef0-c76c-4c83-ae56-2c2126f817a7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c291aef0-c76c-4c83-ae56-2c2126f817a7:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json index 4baa57bf17f..1ada76f47d4 100644 --- a/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json @@ -1,189 +1,1127 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-97349920-72b0-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Audit Events by Severity Level", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity Level", + "field": "netskope.events.severity.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "audit" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.severity.level", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.severity.level" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "77a59f05-8734-4361-a4ee-f0081a667f90", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "77a59f05-8734-4361-a4ee-f0081a667f90", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "77a59f05-8734-4361-a4ee-f0081a667f90", - "panelRefName": "panel_77a59f05-8734-4361-a4ee-f0081a667f90", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ba5dff68-0c84-4678-bf9b-a20767da4594", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "ba5dff68-0c84-4678-bf9b-a20767da4594", - "panelRefName": "panel_ba5dff68-0c84-4678-bf9b-a20767da4594", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "04a815f0-2d0c-4189-9382-c4b5c4455bce", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "04a815f0-2d0c-4189-9382-c4b5c4455bce", - "panelRefName": "panel_04a815f0-2d0c-4189-9382-c4b5c4455bce", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "77a59f05-8734-4361-a4ee-f0081a667f90", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Severity Level Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "1fb9cef2-f112-4a25-985e-e191d044a824", - "w": 24, - "x": 24, - "y": 30 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "1fb9cef2-f112-4a25-985e-e191d044a824", - "panelRefName": "panel_1fb9cef2-f112-4a25-985e-e191d044a824", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Severity Level", + "field": "netskope.events.severity.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.severity.level", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.severity.level" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ba5dff68-0c84-4678-bf9b-a20767da4594", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "ba5dff68-0c84-4678-bf9b-a20767da4594", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Audit Events by User, Audit Log Event", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "d6851ddb-5402-419a-b8e2-91e060a5a715", - "w": 24, - "x": 0, - "y": 30 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "d6851ddb-5402-419a-b8e2-91e060a5a715", - "panelRefName": "panel_d6851ddb-5402-419a-b8e2-91e060a5a715", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Audit Log Event", + "field": "netskope.events.audit.log.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.audit.log.event", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.audit.log.event" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "04a815f0-2d0c-4189-9382-c4b5c4455bce", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "04a815f0-2d0c-4189-9382-c4b5c4455bce", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time for Events", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8c1ee365-4a0c-4b03-858a-26c7d6652699", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "8c1ee365-4a0c-4b03-858a-26c7d6652699", - "panelRefName": "panel_8c1ee365-4a0c-4b03-858a-26c7d6652699", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Events] Audit", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-97349920-72b0-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netskope-feb43930-72af-11ec-8c4b-cb281099ee02", - "name": "77a59f05-8734-4361-a4ee-f0081a667f90:panel_77a59f05-8734-4361-a4ee-f0081a667f90", - "type": "visualization" + "gridData": { + "h": 15, + "i": "1fb9cef2-f112-4a25-985e-e191d044a824", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "netskope-24907420-72b0-11ec-8c4b-cb281099ee02", - "name": "ba5dff68-0c84-4678-bf9b-a20767da4594:panel_ba5dff68-0c84-4678-bf9b-a20767da4594", - "type": "visualization" + "panelIndex": "1fb9cef2-f112-4a25-985e-e191d044a824", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.events.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-8fc2c680-72b0-11ec-8c4b-cb281099ee02", - "name": "04a815f0-2d0c-4189-9382-c4b5c4455bce:panel_04a815f0-2d0c-4189-9382-c4b5c4455bce", - "type": "visualization" + "gridData": { + "h": 15, + "i": "d6851ddb-5402-419a-b8e2-91e060a5a715", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02", - "name": "1fb9cef2-f112-4a25-985e-e191d044a824:panel_1fb9cef2-f112-4a25-985e-e191d044a824", - "type": "visualization" + "panelIndex": "d6851ddb-5402-419a-b8e2-91e060a5a715", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } }, - { - "id": "netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02", - "name": "d6851ddb-5402-419a-b8e2-91e060a5a715:panel_d6851ddb-5402-419a-b8e2-91e060a5a715", - "type": "visualization" + "gridData": { + "h": 15, + "i": "8c1ee365-4a0c-4b03-858a-26c7d6652699", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "netskope-47132800-72a9-11ec-8c4b-cb281099ee02", - "name": "8c1ee365-4a0c-4b03-858a-26c7d6652699:panel_8c1ee365-4a0c-4b03-858a-26c7d6652699", - "type": "visualization" - } + "panelIndex": "8c1ee365-4a0c-4b03-858a-26c7d6652699", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Events] Audit", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "77a59f05-8734-4361-a4ee-f0081a667f90:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "77a59f05-8734-4361-a4ee-f0081a667f90:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "77a59f05-8734-4361-a4ee-f0081a667f90:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ba5dff68-0c84-4678-bf9b-a20767da4594:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ba5dff68-0c84-4678-bf9b-a20767da4594:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ba5dff68-0c84-4678-bf9b-a20767da4594:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "04a815f0-2d0c-4189-9382-c4b5c4455bce:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "04a815f0-2d0c-4189-9382-c4b5c4455bce:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "04a815f0-2d0c-4189-9382-c4b5c4455bce:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1fb9cef2-f112-4a25-985e-e191d044a824:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1fb9cef2-f112-4a25-985e-e191d044a824:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6851ddb-5402-419a-b8e2-91e060a5a715:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6851ddb-5402-419a-b8e2-91e060a5a715:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c1ee365-4a0c-4b03-858a-26c7d6652699:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c1ee365-4a0c-4b03-858a-26c7d6652699:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json index c03177222b2..05bb6b47809 100644 --- a/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json @@ -1,453 +1,2636 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "application" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "application" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Application Events by Object Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "netskope.events.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "application" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "application" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "application" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "application" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.object.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.object.type" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "ab32506e-cd95-4643-94f4-ff3d7f10655b", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "ab32506e-cd95-4643-94f4-ff3d7f10655b", - "panelRefName": "panel_ab32506e-cd95-4643-94f4-ff3d7f10655b", - "type": "visualization", - "version": "7.16.2" + "gridData": { + "h": 15, + "i": "ab32506e-cd95-4643-94f4-ff3d7f10655b", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "ab32506e-cd95-4643-94f4-ff3d7f10655b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by OS", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5", - "panelRefName": "panel_f04eaee2-b656-45f0-bf2e-7db096fe5ba5", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "85a443dc-c3dd-4198-8273-b2edbe5254a6", - "w": 24, - "x": 0, - "y": 30 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "85a443dc-c3dd-4198-8273-b2edbe5254a6", - "panelRefName": "panel_85a443dc-c3dd-4198-8273-b2edbe5254a6", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS", + "field": "user_agent.os.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.os.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.os.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Application Activities by Application", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "d8da7946-0d47-405d-b219-b3f4519ee4d9", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Application Activities", + "field": "netskope.events.app.activity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "d8da7946-0d47-405d-b219-b3f4519ee4d9", - "panelRefName": "panel_d8da7946-0d47-405d-b219-b3f4519ee4d9", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Application", + "field": "netskope.events.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "application" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "application" + } } - }, - "gridData": { - "h": 15, - "i": "516a4ca3-23b4-4d6d-9162-50197cbfe306", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "516a4ca3-23b4-4d6d-9162-50197cbfe306", - "panelRefName": "panel_516a4ca3-23b4-4d6d-9162-50197cbfe306", - "type": "visualization", - "version": "7.16.2" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "netskope.events.app.activity", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.activity" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "85a443dc-c3dd-4198-8273-b2edbe5254a6", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "85a443dc-c3dd-4198-8273-b2edbe5254a6", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Users doing Activities ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "ab75c7fa-d665-4ce4-b2d0-62428fd846da", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "ab75c7fa-d665-4ce4-b2d0-62428fd846da", - "panelRefName": "panel_ab75c7fa-d665-4ce4-b2d0-62428fd846da", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "application" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "application" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d8da7946-0d47-405d-b219-b3f4519ee4d9", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "d8da7946-0d47-405d-b219-b3f4519ee4d9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e6fdc807-d7d7-4c8d-a592-584e42001712", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "e6fdc807-d7d7-4c8d-a592-584e42001712", - "panelRefName": "panel_e6fdc807-d7d7-4c8d-a592-584e42001712", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "fe337472-7a96-402a-b7e5-b8ea37e6328c", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "fe337472-7a96-402a-b7e5-b8ea37e6328c", - "panelRefName": "panel_fe337472-7a96-402a-b7e5-b8ea37e6328c", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } } - }, - "gridData": { - "h": 15, - "i": "5de4021e-f3ba-4155-83c6-d44937ad4564", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "5de4021e-f3ba-4155-83c6-d44937ad4564", - "panelRefName": "panel_5de4021e-f3ba-4155-83c6-d44937ad4564", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "516a4ca3-23b4-4d6d-9162-50197cbfe306", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "516a4ca3-23b4-4d6d-9162-50197cbfe306", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Objects which is being acted on", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6b88f03d-4441-4081-b031-7af3644a3421", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "6b88f03d-4441-4081-b031-7af3644a3421", - "panelRefName": "panel_6b88f03d-4441-4081-b031-7af3644a3421", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object", + "field": "netskope.events.object.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "application" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "application" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.object.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.object.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ab75c7fa-d665-4ce4-b2d0-62428fd846da", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "ab75c7fa-d665-4ce4-b2d0-62428fd846da", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Application Activities", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0", - "w": 24, - "x": 0, - "y": 90 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0", - "panelRefName": "panel_ebf8e192-7eba-438f-96cc-5e6d80d08fd0", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.events.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e6fdc807-d7d7-4c8d-a592-584e42001712", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "e6fdc807-d7d7-4c8d-a592-584e42001712", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6a003a65-76ee-43fa-9f63-a8c96c129fd1", - "w": 24, - "x": 24, - "y": 75 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.events.device.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.device.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.device.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "fe337472-7a96-402a-b7e5-b8ea37e6328c", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "fe337472-7a96-402a-b7e5-b8ea37e6328c", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "6a003a65-76ee-43fa-9f63-a8c96c129fd1", - "panelRefName": "panel_6a003a65-76ee-43fa-9f63-a8c96c129fd1", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.events.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5de4021e-f3ba-4155-83c6-d44937ad4564", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "5de4021e-f3ba-4155-83c6-d44937ad4564", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top Users By Access Method", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4", - "w": 24, - "x": 0, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4", - "panelRefName": "panel_942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6b88f03d-4441-4081-b031-7af3644a3421", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "6b88f03d-4441-4081-b031-7af3644a3421", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "51fc9a00-6109-46eb-9264-cfb81fafbb90", - "w": 24, - "x": 24, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Sites", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "51fc9a00-6109-46eb-9264-cfb81fafbb90", - "panelRefName": "panel_51fc9a00-6109-46eb-9264-cfb81fafbb90", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.events.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6a003a65-76ee-43fa-9f63-a8c96c129fd1", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "6a003a65-76ee-43fa-9f63-a8c96c129fd1", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time for Events", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "85ba4c06-11ce-4bfe-ba79-983562383efb", - "w": 24, - "x": 0, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "85ba4c06-11ce-4bfe-ba79-983562383efb", - "panelRefName": "panel_85ba4c06-11ce-4bfe-ba79-983562383efb", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2209097a-5361-4924-b89b-30cb69fc1aa9", - "w": 24, - "x": 24, - "y": 105 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "2209097a-5361-4924-b89b-30cb69fc1aa9", - "panelRefName": "panel_2209097a-5361-4924-b89b-30cb69fc1aa9", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.events.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "51fc9a00-6109-46eb-9264-cfb81fafbb90", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "51fc9a00-6109-46eb-9264-cfb81fafbb90", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "313214f2-83b2-41eb-98f6-d2e061b84267", - "w": 24, - "x": 24, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.events.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "85ba4c06-11ce-4bfe-ba79-983562383efb", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "85ba4c06-11ce-4bfe-ba79-983562383efb", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "313214f2-83b2-41eb-98f6-d2e061b84267", - "panelRefName": "panel_313214f2-83b2-41eb-98f6-d2e061b84267", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.events.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2209097a-5361-4924-b89b-30cb69fc1aa9", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "2209097a-5361-4924-b89b-30cb69fc1aa9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Source Region", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "18e2231e-c783-4353-a799-b41f01154e97", - "w": 24, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Region", + "field": "source.geo.region_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 7 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.region_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.region_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "313214f2-83b2-41eb-98f6-d2e061b84267", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "313214f2-83b2-41eb-98f6-d2e061b84267", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Application Events by Browser", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "18e2231e-c783-4353-a799-b41f01154e97", - "panelRefName": "panel_18e2231e-c783-4353-a799-b41f01154e97", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Events] Application", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-a44f4160-72b4-11ec-8c4b-cb281099ee02", - "name": "ab32506e-cd95-4643-94f4-ff3d7f10655b:panel_ab32506e-cd95-4643-94f4-ff3d7f10655b", - "type": "visualization" - }, - { - "id": "netskope-0f05ca90-7456-11ec-8c4b-cb281099ee02", - "name": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5:panel_f04eaee2-b656-45f0-bf2e-7db096fe5ba5", - "type": "visualization" - }, - { - "id": "netskope-5e243140-72b5-11ec-8c4b-cb281099ee02", - "name": "85a443dc-c3dd-4198-8273-b2edbe5254a6:panel_85a443dc-c3dd-4198-8273-b2edbe5254a6", - "type": "visualization" - }, - { - "id": "netskope-c6540e80-72b4-11ec-8c4b-cb281099ee02", - "name": "d8da7946-0d47-405d-b219-b3f4519ee4d9:panel_d8da7946-0d47-405d-b219-b3f4519ee4d9", - "type": "visualization" - }, - { - "id": "netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02", - "name": "516a4ca3-23b4-4d6d-9162-50197cbfe306:panel_516a4ca3-23b4-4d6d-9162-50197cbfe306", - "type": "visualization" - }, - { - "id": "netskope-917c9230-72b5-11ec-8c4b-cb281099ee02", - "name": "ab75c7fa-d665-4ce4-b2d0-62428fd846da:panel_ab75c7fa-d665-4ce4-b2d0-62428fd846da", - "type": "visualization" - }, - { - "id": "netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02", - "name": "e6fdc807-d7d7-4c8d-a592-584e42001712:panel_e6fdc807-d7d7-4c8d-a592-584e42001712", - "type": "visualization" - }, - { - "id": "netskope-41932530-72a7-11ec-8c4b-cb281099ee02", - "name": "fe337472-7a96-402a-b7e5-b8ea37e6328c:panel_fe337472-7a96-402a-b7e5-b8ea37e6328c", - "type": "visualization" - }, - { - "id": "netskope-d9596770-72a8-11ec-8c4b-cb281099ee02", - "name": "5de4021e-f3ba-4155-83c6-d44937ad4564:panel_5de4021e-f3ba-4155-83c6-d44937ad4564", - "type": "visualization" - }, - { - "id": "netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02", - "name": "6b88f03d-4441-4081-b031-7af3644a3421:panel_6b88f03d-4441-4081-b031-7af3644a3421", - "type": "visualization" - }, - { - "id": "netskope-47132800-72a9-11ec-8c4b-cb281099ee02", - "name": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0:panel_ebf8e192-7eba-438f-96cc-5e6d80d08fd0", - "type": "visualization" - }, - { - "id": "netskope-357672b0-72a8-11ec-8c4b-cb281099ee02", - "name": "6a003a65-76ee-43fa-9f63-a8c96c129fd1:panel_6a003a65-76ee-43fa-9f63-a8c96c129fd1", - "type": "visualization" - }, - { - "id": "netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02", - "name": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4:panel_942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4", - "type": "visualization" - }, - { - "id": "netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02", - "name": "51fc9a00-6109-46eb-9264-cfb81fafbb90:panel_51fc9a00-6109-46eb-9264-cfb81fafbb90", - "type": "visualization" - }, - { - "id": "netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02", - "name": "85ba4c06-11ce-4bfe-ba79-983562383efb:panel_85ba4c06-11ce-4bfe-ba79-983562383efb", - "type": "visualization" - }, - { - "id": "netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02", - "name": "2209097a-5361-4924-b89b-30cb69fc1aa9:panel_2209097a-5361-4924-b89b-30cb69fc1aa9", - "type": "visualization" - }, - { - "id": "netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02", - "name": "313214f2-83b2-41eb-98f6-d2e061b84267:panel_313214f2-83b2-41eb-98f6-d2e061b84267", - "type": "visualization" - }, - { - "id": "netskope-a3c6c270-745f-11ec-8c4b-cb281099ee02", - "name": "18e2231e-c783-4353-a799-b41f01154e97:panel_18e2231e-c783-4353-a799-b41f01154e97", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "18e2231e-c783-4353-a799-b41f01154e97", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "18e2231e-c783-4353-a799-b41f01154e97", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Events] Application", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "ab32506e-cd95-4643-94f4-ff3d7f10655b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab32506e-cd95-4643-94f4-ff3d7f10655b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab32506e-cd95-4643-94f4-ff3d7f10655b:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85a443dc-c3dd-4198-8273-b2edbe5254a6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85a443dc-c3dd-4198-8273-b2edbe5254a6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85a443dc-c3dd-4198-8273-b2edbe5254a6:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85a443dc-c3dd-4198-8273-b2edbe5254a6:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8da7946-0d47-405d-b219-b3f4519ee4d9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8da7946-0d47-405d-b219-b3f4519ee4d9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8da7946-0d47-405d-b219-b3f4519ee4d9:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "516a4ca3-23b4-4d6d-9162-50197cbfe306:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "516a4ca3-23b4-4d6d-9162-50197cbfe306:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab75c7fa-d665-4ce4-b2d0-62428fd846da:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab75c7fa-d665-4ce4-b2d0-62428fd846da:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ab75c7fa-d665-4ce4-b2d0-62428fd846da:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e6fdc807-d7d7-4c8d-a592-584e42001712:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e6fdc807-d7d7-4c8d-a592-584e42001712:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fe337472-7a96-402a-b7e5-b8ea37e6328c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fe337472-7a96-402a-b7e5-b8ea37e6328c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5de4021e-f3ba-4155-83c6-d44937ad4564:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5de4021e-f3ba-4155-83c6-d44937ad4564:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6b88f03d-4441-4081-b031-7af3644a3421:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6b88f03d-4441-4081-b031-7af3644a3421:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6b88f03d-4441-4081-b031-7af3644a3421:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6a003a65-76ee-43fa-9f63-a8c96c129fd1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6a003a65-76ee-43fa-9f63-a8c96c129fd1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51fc9a00-6109-46eb-9264-cfb81fafbb90:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51fc9a00-6109-46eb-9264-cfb81fafbb90:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85ba4c06-11ce-4bfe-ba79-983562383efb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85ba4c06-11ce-4bfe-ba79-983562383efb:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2209097a-5361-4924-b89b-30cb69fc1aa9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2209097a-5361-4924-b89b-30cb69fc1aa9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "313214f2-83b2-41eb-98f6-d2e061b84267:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "313214f2-83b2-41eb-98f6-d2e061b84267:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18e2231e-c783-4353-a799-b41f01154e97:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18e2231e-c783-4353-a799-b41f01154e97:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json index 137cecd3ecc..a81842ab239 100644 --- a/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json @@ -1,756 +1,4501 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-a03670f0-7208-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by Alert Name", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Name", + "field": "netskope.alerts.alert.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.alert.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.alert.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3b340e55-d9eb-4304-a0d3-583150bd54eb", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3b340e55-d9eb-4304-a0d3-583150bd54eb", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by Severity", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "netskope.alerts.severity.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.severity.level", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.severity.level" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "df123261-3370-4572-b118-09a2654264f2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "df123261-3370-4572-b118-09a2654264f2", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by Percentage of Managed Apps", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Managed App", + "field": "netskope.alerts.managed.app", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.managed.app", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.managed.app" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "649b0d8e-5d17-411d-9117-a63ad74960f1", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "649b0d8e-5d17-411d-9117-a63ad74960f1", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by Device Classification", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Classification", + "field": "netskope.alerts.device.classification", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.device.classification", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.device.classification" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "92b99046-01c4-413a-84dd-93ad174171b0", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "92b99046-01c4-413a-84dd-93ad174171b0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by OS Version", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Version", + "field": "user_agent.os.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user_agent.os.version", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.os.version" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "aa10cc62-fe46-420a-88fc-9df0b78e58c1", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "aa10cc62-fe46-420a-88fc-9df0b78e58c1", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by Event Type of Original Event ", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event type of Original Event", + "field": "netskope.alerts.orig_ty", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.orig_ty", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.orig_ty" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3d78958c-581d-4ad4-a768-346a4f234b25", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "3d78958c-581d-4ad4-a768-346a4f234b25", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by Policy Action", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Action", + "field": "netskope.alerts.policy.actions", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.policy.actions", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.policy.actions" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of UBA Alerts by Telemetery App", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Telemetry App", + "exclude": "none", + "field": "netskope.alerts.telemetry.app", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.telemetry.app", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.telemetry.app" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "9422ea18-43fb-4271-9c06-bfb40b9f9c78", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "9422ea18-43fb-4271-9c06-bfb40b9f9c78", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Page Site", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Page Site", + "field": "netskope.alerts.page.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.page.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.page.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 162 + }, + { + "colIndex": 1, + "width": 355.5 + } + ] + } + }, + "savedVis": { + "title": "[Netskope] Max Threshold Value per User", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threshold Value", + "field": "netskope.alerts.threshold.value", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.threshold.value", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.threshold.value" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b205b75e-5675-49ed-90d3-f183e7b80d2f", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "b205b75e-5675-49ed-90d3-f183e7b80d2f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 UBA Policy", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Name", + "field": "netskope.alerts.policy.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "uba" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "uba" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.policy.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.policy.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5513d359-dd47-44a7-856b-fadc0178aa5f", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "5513d359-dd47-44a7-856b-fadc0178aa5f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.alerts.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ccf70172-a85b-40e1-a616-b3b1e9a6088c", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "ccf70172-a85b-40e1-a616-b3b1e9a6088c", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Acknowledgement", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : false" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" + "label": "False" + }, + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : true" }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } + "label": "True" + } + ] + }, + "schema": "segment", + "type": "filters" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.acked", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.acked" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3b340e55-d9eb-4304-a0d3-583150bd54eb", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "3b340e55-d9eb-4304-a0d3-583150bd54eb", - "panelRefName": "panel_3b340e55-d9eb-4304-a0d3-583150bd54eb", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "df123261-3370-4572-b118-09a2654264f2", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "df123261-3370-4572-b118-09a2654264f2", - "panelRefName": "panel_df123261-3370-4572-b118-09a2654264f2", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "649b0d8e-5d17-411d-9117-a63ad74960f1", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "649b0d8e-5d17-411d-9117-a63ad74960f1", - "panelRefName": "panel_649b0d8e-5d17-411d-9117-a63ad74960f1", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "92b99046-01c4-413a-84dd-93ad174171b0", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "92b99046-01c4-413a-84dd-93ad174171b0", - "panelRefName": "panel_92b99046-01c4-413a-84dd-93ad174171b0", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "aa10cc62-fe46-420a-88fc-9df0b78e58c1", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "aa10cc62-fe46-420a-88fc-9df0b78e58c1", - "panelRefName": "panel_aa10cc62-fe46-420a-88fc-9df0b78e58c1", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "3d78958c-581d-4ad4-a768-346a4f234b25", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "3d78958c-581d-4ad4-a768-346a4f234b25", - "panelRefName": "panel_3d78958c-581d-4ad4-a768-346a4f234b25", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01", - "panelRefName": "panel_cee9c637-74f0-42bd-8a30-7c8b8cb4ed01", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9422ea18-43fb-4271-9c06-bfb40b9f9c78", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "9422ea18-43fb-4271-9c06-bfb40b9f9c78", - "panelRefName": "panel_9422ea18-43fb-4271-9c06-bfb40b9f9c78", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8", - "panelRefName": "panel_e0b7f071-f82f-457c-ad45-de3f45cd9ee8", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "table": null, - "vis": { - "params": { - "colWidth": [ - { - "colIndex": 0, - "width": 162 - }, - { - "colIndex": 1, - "width": 355.5 - } - ] - } - } - }, - "gridData": { - "h": 15, - "i": "b205b75e-5675-49ed-90d3-f183e7b80d2f", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "b205b75e-5675-49ed-90d3-f183e7b80d2f", - "panelRefName": "panel_b205b75e-5675-49ed-90d3-f183e7b80d2f", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5513d359-dd47-44a7-856b-fadc0178aa5f", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "5513d359-dd47-44a7-856b-fadc0178aa5f", - "panelRefName": "panel_5513d359-dd47-44a7-856b-fadc0178aa5f", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "ccf70172-a85b-40e1-a616-b3b1e9a6088c", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "ccf70172-a85b-40e1-a616-b3b1e9a6088c", - "panelRefName": "panel_ccf70172-a85b-40e1-a616-b3b1e9a6088c", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "6c932713-9d4b-430a-a799-6d31b45ecacf", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "6c932713-9d4b-430a-a799-6d31b45ecacf", - "panelRefName": "panel_6c932713-9d4b-430a-a799-6d31b45ecacf", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22", - "w": 24, - "x": 0, - "y": 105 - }, - "panelIndex": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22", - "panelRefName": "panel_c483ecaf-49f8-4dc5-b0f0-0e1339a67d22", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "90096c7a-a554-4a30-89a3-7d0d63ea804c", - "w": 24, - "x": 24, - "y": 90 - }, - "panelIndex": "90096c7a-a554-4a30-89a3-7d0d63ea804c", - "panelRefName": "panel_90096c7a-a554-4a30-89a3-7d0d63ea804c", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5", - "w": 24, - "x": 0, - "y": 120 - }, - "panelIndex": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5", - "panelRefName": "panel_cd490c17-67ea-4bd1-aa9a-88f1a9c139b5", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7", - "w": 24, - "x": 24, - "y": 105 - }, - "panelIndex": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7", - "panelRefName": "panel_0b6ca0f2-57a6-4e90-9592-56bb052d4ca7", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "650391d6-5467-4b6e-b529-f89b34cacdee", - "w": 24, - "x": 0, - "y": 135 - }, - "panelIndex": "650391d6-5467-4b6e-b529-f89b34cacdee", - "panelRefName": "panel_650391d6-5467-4b6e-b529-f89b34cacdee", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6b8089ba-e257-40d5-847f-516759ce8475", - "w": 24, - "x": 24, - "y": 120 - }, - "panelIndex": "6b8089ba-e257-40d5-847f-516759ce8475", - "panelRefName": "panel_6b8089ba-e257-40d5-847f-516759ce8475", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2d4098eb-54b0-474e-81b5-75fc222cb341", - "w": 24, - "x": 0, - "y": 150 - }, - "panelIndex": "2d4098eb-54b0-474e-81b5-75fc222cb341", - "panelRefName": "panel_2d4098eb-54b0-474e-81b5-75fc222cb341", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "bbc3957b-53a2-47dd-9760-56f8ceb5289d", - "w": 24, - "x": 24, - "y": 135 - }, - "panelIndex": "bbc3957b-53a2-47dd-9760-56f8ceb5289d", - "panelRefName": "panel_bbc3957b-53a2-47dd-9760-56f8ceb5289d", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89", - "w": 24, - "x": 0, - "y": 165 - }, - "panelIndex": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89", - "panelRefName": "panel_37776b9c-bfc6-4c6f-9079-2c0d23fe4a89", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "690c706e-c8bc-4f19-ab9e-9ba64e268647", - "w": 24, - "x": 24, - "y": 150 - }, - "panelIndex": "690c706e-c8bc-4f19-ab9e-9ba64e268647", - "panelRefName": "panel_690c706e-c8bc-4f19-ab9e-9ba64e268647", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3753bbb6-64ab-4b10-8526-232375c9da38", - "w": 24, - "x": 0, - "y": 180 - }, - "panelIndex": "3753bbb6-64ab-4b10-8526-232375c9da38", - "panelRefName": "panel_3753bbb6-64ab-4b10-8526-232375c9da38", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ebec8d00-4d63-44cd-9970-4882fcf5108f", - "w": 24, - "x": 24, - "y": 165 - }, - "panelIndex": "ebec8d00-4d63-44cd-9970-4882fcf5108f", - "panelRefName": "panel_ebec8d00-4d63-44cd-9970-4882fcf5108f", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "97611e00-8013-43c4-856d-54b0e78313d5", - "w": 24, - "x": 0, - "y": 195 - }, - "panelIndex": "97611e00-8013-43c4-856d-54b0e78313d5", - "panelRefName": "panel_97611e00-8013-43c4-856d-54b0e78313d5", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "32296ddd-d26c-431a-8227-7ee72592cb3e", - "w": 24, - "x": 24, - "y": 180 - }, - "panelIndex": "32296ddd-d26c-431a-8227-7ee72592cb3e", - "panelRefName": "panel_32296ddd-d26c-431a-8227-7ee72592cb3e", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1394aa3a-d711-4634-9623-5dbaff400068", - "w": 24, - "x": 0, - "y": 210 - }, - "panelIndex": "1394aa3a-d711-4634-9623-5dbaff400068", - "panelRefName": "panel_1394aa3a-d711-4634-9623-5dbaff400068", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4812c275-ae66-4de9-913e-4ebe6b8a7782", - "w": 24, - "x": 24, - "y": 195 - }, - "panelIndex": "4812c275-ae66-4de9-913e-4ebe6b8a7782", - "panelRefName": "panel_4812c275-ae66-4de9-913e-4ebe6b8a7782", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc", - "w": 24, - "x": 0, - "y": 225 - }, - "panelIndex": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc", - "panelRefName": "panel_5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a", - "w": 24, - "x": 24, - "y": 210 - }, - "panelIndex": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a", - "panelRefName": "panel_2be4e6e2-c325-4e05-9ed7-bb4534507f5a", - "type": "visualization", - "version": "7.16.2" + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Alerts] UBA", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a03670f0-7208-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-f1c99420-7207-11ec-8c4b-cb281099ee02", - "name": "3b340e55-d9eb-4304-a0d3-583150bd54eb:panel_3b340e55-d9eb-4304-a0d3-583150bd54eb", - "type": "visualization" - }, - { - "id": "netskope-a8fb1770-720a-11ec-8c4b-cb281099ee02", - "name": "df123261-3370-4572-b118-09a2654264f2:panel_df123261-3370-4572-b118-09a2654264f2", - "type": "visualization" - }, - { - "id": "netskope-304fa1c0-7209-11ec-8c4b-cb281099ee02", - "name": "649b0d8e-5d17-411d-9117-a63ad74960f1:panel_649b0d8e-5d17-411d-9117-a63ad74960f1", - "type": "visualization" - }, - { - "id": "netskope-e9bc9d80-7208-11ec-8c4b-cb281099ee02", - "name": "92b99046-01c4-413a-84dd-93ad174171b0:panel_92b99046-01c4-413a-84dd-93ad174171b0", - "type": "visualization" - }, - { - "id": "netskope-bc70e470-7209-11ec-8c4b-cb281099ee02", - "name": "aa10cc62-fe46-420a-88fc-9df0b78e58c1:panel_aa10cc62-fe46-420a-88fc-9df0b78e58c1", - "type": "visualization" - }, - { - "id": "netskope-7f9d2540-7209-11ec-8c4b-cb281099ee02", - "name": "3d78958c-581d-4ad4-a768-346a4f234b25:panel_3d78958c-581d-4ad4-a768-346a4f234b25", - "type": "visualization" - }, - { - "id": "netskope-648c79d0-720a-11ec-8c4b-cb281099ee02", - "name": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01:panel_cee9c637-74f0-42bd-8a30-7c8b8cb4ed01", - "type": "visualization" - }, - { - "id": "netskope-03150a40-720b-11ec-8c4b-cb281099ee02", - "name": "9422ea18-43fb-4271-9c06-bfb40b9f9c78:panel_9422ea18-43fb-4271-9c06-bfb40b9f9c78", - "type": "visualization" - }, - { - "id": "netskope-0922ae70-720a-11ec-8c4b-cb281099ee02", - "name": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8:panel_e0b7f071-f82f-457c-ad45-de3f45cd9ee8", - "type": "visualization" - }, - { - "id": "netskope-3ec223c0-720b-11ec-8c4b-cb281099ee02", - "name": "b205b75e-5675-49ed-90d3-f183e7b80d2f:panel_b205b75e-5675-49ed-90d3-f183e7b80d2f", - "type": "visualization" - }, - { - "id": "netskope-301d9fd0-720a-11ec-8c4b-cb281099ee02", - "name": "5513d359-dd47-44a7-856b-fadc0178aa5f:panel_5513d359-dd47-44a7-856b-fadc0178aa5f", - "type": "visualization" - }, - { - "id": "netskope-2b81f870-71da-11ec-8c4b-cb281099ee02", - "name": "ccf70172-a85b-40e1-a616-b3b1e9a6088c:panel_ccf70172-a85b-40e1-a616-b3b1e9a6088c", - "type": "visualization" - }, - { - "id": "netskope-5f452920-71da-11ec-8c4b-cb281099ee02", - "name": "6c932713-9d4b-430a-a799-6d31b45ecacf:panel_6c932713-9d4b-430a-a799-6d31b45ecacf", - "type": "visualization" - }, - { - "id": "netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02", - "name": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22:panel_c483ecaf-49f8-4dc5-b0f0-0e1339a67d22", - "type": "visualization" - }, - { - "id": "netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02", - "name": "90096c7a-a554-4a30-89a3-7d0d63ea804c:panel_90096c7a-a554-4a30-89a3-7d0d63ea804c", - "type": "visualization" - }, - { - "id": "netskope-37409a80-71db-11ec-8c4b-cb281099ee02", - "name": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5:panel_cd490c17-67ea-4bd1-aa9a-88f1a9c139b5", - "type": "visualization" - }, - { - "id": "netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02", - "name": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7:panel_0b6ca0f2-57a6-4e90-9592-56bb052d4ca7", - "type": "visualization" - }, - { - "id": "netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02", - "name": "650391d6-5467-4b6e-b529-f89b34cacdee:panel_650391d6-5467-4b6e-b529-f89b34cacdee", - "type": "visualization" - }, - { - "id": "netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02", - "name": "6b8089ba-e257-40d5-847f-516759ce8475:panel_6b8089ba-e257-40d5-847f-516759ce8475", - "type": "visualization" - }, - { - "id": "netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02", - "name": "2d4098eb-54b0-474e-81b5-75fc222cb341:panel_2d4098eb-54b0-474e-81b5-75fc222cb341", - "type": "visualization" - }, - { - "id": "netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02", - "name": "bbc3957b-53a2-47dd-9760-56f8ceb5289d:panel_bbc3957b-53a2-47dd-9760-56f8ceb5289d", - "type": "visualization" - }, - { - "id": "netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02", - "name": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89:panel_37776b9c-bfc6-4c6f-9079-2c0d23fe4a89", - "type": "visualization" - }, - { - "id": "netskope-a4745040-71dd-11ec-8c4b-cb281099ee02", - "name": "690c706e-c8bc-4f19-ab9e-9ba64e268647:panel_690c706e-c8bc-4f19-ab9e-9ba64e268647", - "type": "visualization" - }, - { - "id": "netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02", - "name": "3753bbb6-64ab-4b10-8526-232375c9da38:panel_3753bbb6-64ab-4b10-8526-232375c9da38", - "type": "visualization" - }, - { - "id": "netskope-8705deb0-71de-11ec-8c4b-cb281099ee02", - "name": "ebec8d00-4d63-44cd-9970-4882fcf5108f:panel_ebec8d00-4d63-44cd-9970-4882fcf5108f", - "type": "visualization" - }, - { - "id": "netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02", - "name": "97611e00-8013-43c4-856d-54b0e78313d5:panel_97611e00-8013-43c4-856d-54b0e78313d5", - "type": "visualization" - }, - { - "id": "netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02", - "name": "32296ddd-d26c-431a-8227-7ee72592cb3e:panel_32296ddd-d26c-431a-8227-7ee72592cb3e", - "type": "visualization" - }, - { - "id": "netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02", - "name": "1394aa3a-d711-4634-9623-5dbaff400068:panel_1394aa3a-d711-4634-9623-5dbaff400068", - "type": "visualization" - }, - { - "id": "netskope-d1189e60-71df-11ec-8c4b-cb281099ee02", - "name": "4812c275-ae66-4de9-913e-4ebe6b8a7782:panel_4812c275-ae66-4de9-913e-4ebe6b8a7782", - "type": "visualization" - }, - { - "id": "netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02", - "name": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc:panel_5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc", - "type": "visualization" - }, - { - "id": "netskope-b0b26610-71df-11ec-8c4b-cb281099ee02", - "name": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a:panel_2be4e6e2-c325-4e05-9ed7-bb4534507f5a", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "6c932713-9d4b-430a-a799-6d31b45ecacf", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "6c932713-9d4b-430a-a799-6d31b45ecacf", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Browser", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Apps", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.alerts.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "90096c7a-a554-4a30-89a3-7d0d63ea804c", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "90096c7a-a554-4a30-89a3-7d0d63ea804c", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.alerts.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "650391d6-5467-4b6e-b529-f89b34cacdee", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "650391d6-5467-4b6e-b529-f89b34cacdee", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.alerts.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.device.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.device.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6b8089ba-e257-40d5-847f-516759ce8475", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "6b8089ba-e257-40d5-847f-516759ce8475", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 File Types", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Types", + "field": "file.mime_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "file.mime_type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "file.mime_type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2d4098eb-54b0-474e-81b5-75fc222cb341", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "2d4098eb-54b0-474e-81b5-75fc222cb341", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Object Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "netskope.alerts.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.object.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.object.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bbc3957b-53a2-47dd-9760-56f8ceb5289d", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "bbc3957b-53a2-47dd-9760-56f8ceb5289d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Site", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.alerts.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89", + "w": 24, + "x": 0, + "y": 165 + }, + "panelIndex": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.alerts.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "690c706e-c8bc-4f19-ab9e-9ba64e268647", + "w": 24, + "x": 24, + "y": 150 + }, + "panelIndex": "690c706e-c8bc-4f19-ab9e-9ba64e268647", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3753bbb6-64ab-4b10-8526-232375c9da38", + "w": 24, + "x": 0, + "y": 180 + }, + "panelIndex": "3753bbb6-64ab-4b10-8526-232375c9da38", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Alert Type by User ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ebec8d00-4d63-44cd-9970-4882fcf5108f", + "w": 24, + "x": 24, + "y": 165 + }, + "panelIndex": "ebec8d00-4d63-44cd-9970-4882fcf5108f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Category ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.alerts.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "97611e00-8013-43c4-856d-54b0e78313d5", + "w": 24, + "x": 0, + "y": 195 + }, + "panelIndex": "97611e00-8013-43c4-856d-54b0e78313d5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Activity", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Activity", + "field": "netskope.alerts.activity.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.activity.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.activity.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "32296ddd-d26c-431a-8227-7ee72592cb3e", + "w": 24, + "x": 24, + "y": 180 + }, + "panelIndex": "32296ddd-d26c-431a-8227-7ee72592cb3e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Location", + "field": "source.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1394aa3a-d711-4634-9623-5dbaff400068", + "w": 24, + "x": 0, + "y": 210 + }, + "panelIndex": "1394aa3a-d711-4634-9623-5dbaff400068", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Location", + "field": "destination.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4812c275-ae66-4de9-913e-4ebe6b8a7782", + "w": 24, + "x": 24, + "y": 195 + }, + "panelIndex": "4812c275-ae66-4de9-913e-4ebe6b8a7782", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc", + "w": 24, + "x": 0, + "y": 225 + }, + "panelIndex": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a", + "w": 24, + "x": 24, + "y": 210 + }, + "panelIndex": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Alerts] UBA", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "3b340e55-d9eb-4304-a0d3-583150bd54eb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3b340e55-d9eb-4304-a0d3-583150bd54eb:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3b340e55-d9eb-4304-a0d3-583150bd54eb:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "df123261-3370-4572-b118-09a2654264f2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "df123261-3370-4572-b118-09a2654264f2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "df123261-3370-4572-b118-09a2654264f2:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "649b0d8e-5d17-411d-9117-a63ad74960f1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "649b0d8e-5d17-411d-9117-a63ad74960f1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "649b0d8e-5d17-411d-9117-a63ad74960f1:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92b99046-01c4-413a-84dd-93ad174171b0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92b99046-01c4-413a-84dd-93ad174171b0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92b99046-01c4-413a-84dd-93ad174171b0:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aa10cc62-fe46-420a-88fc-9df0b78e58c1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aa10cc62-fe46-420a-88fc-9df0b78e58c1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "aa10cc62-fe46-420a-88fc-9df0b78e58c1:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3d78958c-581d-4ad4-a768-346a4f234b25:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3d78958c-581d-4ad4-a768-346a4f234b25:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3d78958c-581d-4ad4-a768-346a4f234b25:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9422ea18-43fb-4271-9c06-bfb40b9f9c78:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9422ea18-43fb-4271-9c06-bfb40b9f9c78:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9422ea18-43fb-4271-9c06-bfb40b9f9c78:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b205b75e-5675-49ed-90d3-f183e7b80d2f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b205b75e-5675-49ed-90d3-f183e7b80d2f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b205b75e-5675-49ed-90d3-f183e7b80d2f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5513d359-dd47-44a7-856b-fadc0178aa5f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5513d359-dd47-44a7-856b-fadc0178aa5f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5513d359-dd47-44a7-856b-fadc0178aa5f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ccf70172-a85b-40e1-a616-b3b1e9a6088c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ccf70172-a85b-40e1-a616-b3b1e9a6088c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6c932713-9d4b-430a-a799-6d31b45ecacf:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6c932713-9d4b-430a-a799-6d31b45ecacf:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "90096c7a-a554-4a30-89a3-7d0d63ea804c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "90096c7a-a554-4a30-89a3-7d0d63ea804c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "650391d6-5467-4b6e-b529-f89b34cacdee:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "650391d6-5467-4b6e-b529-f89b34cacdee:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6b8089ba-e257-40d5-847f-516759ce8475:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6b8089ba-e257-40d5-847f-516759ce8475:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2d4098eb-54b0-474e-81b5-75fc222cb341:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2d4098eb-54b0-474e-81b5-75fc222cb341:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bbc3957b-53a2-47dd-9760-56f8ceb5289d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bbc3957b-53a2-47dd-9760-56f8ceb5289d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "690c706e-c8bc-4f19-ab9e-9ba64e268647:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "690c706e-c8bc-4f19-ab9e-9ba64e268647:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3753bbb6-64ab-4b10-8526-232375c9da38:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3753bbb6-64ab-4b10-8526-232375c9da38:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ebec8d00-4d63-44cd-9970-4882fcf5108f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ebec8d00-4d63-44cd-9970-4882fcf5108f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ebec8d00-4d63-44cd-9970-4882fcf5108f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "97611e00-8013-43c4-856d-54b0e78313d5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "97611e00-8013-43c4-856d-54b0e78313d5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "32296ddd-d26c-431a-8227-7ee72592cb3e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "32296ddd-d26c-431a-8227-7ee72592cb3e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1394aa3a-d711-4634-9623-5dbaff400068:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1394aa3a-d711-4634-9623-5dbaff400068:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4812c275-ae66-4de9-913e-4ebe6b8a7782:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4812c275-ae66-4de9-913e-4ebe6b8a7782:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json index b595308e4da..71070214409 100644 --- a/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json @@ -1,534 +1,3193 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "policy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "policy" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Policy Alerts by Alert Name ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Name", + "field": "netskope.alerts.alert.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "policy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "policy" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.alert.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.alert.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "baaf2231-c596-479b-b0ad-238fc8c7405f", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "baaf2231-c596-479b-b0ad-238fc8c7405f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Acknowledgement", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : false" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "policy" - }, - "type": "phrase" + "label": "False" + }, + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : true" }, - "query": { - "match_phrase": { - "netskope.alerts.type": "policy" - } - } + "label": "True" + } + ] + }, + "schema": "segment", + "type": "filters" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.acked", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.acked" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "4202f297-6899-4b88-8d71-286c85369671", + "w": 24, + "x": 24, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "baaf2231-c596-479b-b0ad-238fc8c7405f", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "baaf2231-c596-479b-b0ad-238fc8c7405f", - "panelRefName": "panel_baaf2231-c596-479b-b0ad-238fc8c7405f", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "4202f297-6899-4b88-8d71-286c85369671", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "4202f297-6899-4b88-8d71-286c85369671", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "4202f297-6899-4b88-8d71-286c85369671", - "panelRefName": "panel_4202f297-6899-4b88-8d71-286c85369671", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d", - "w": 24, - "x": 0, - "y": 15 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d", - "panelRefName": "panel_5a6d5d65-1709-4f03-8bfb-f8fc721c932d", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.alerts.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Apps", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "714f5073-96fc-4838-a2b3-987a3b62bc33", - "w": 24, - "x": 24, - "y": 15 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "714f5073-96fc-4838-a2b3-987a3b62bc33", - "panelRefName": "panel_714f5073-96fc-4838-a2b3-987a3b62bc33", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.alerts.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.name" + } } - }, - "gridData": { - "h": 15, - "i": "323b1896-5cd9-4382-982c-7be72721ae48", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "323b1896-5cd9-4382-982c-7be72721ae48", - "panelRefName": "panel_323b1896-5cd9-4382-982c-7be72721ae48", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "714f5073-96fc-4838-a2b3-987a3b62bc33", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "714f5073-96fc-4838-a2b3-987a3b62bc33", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Browser", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "bf72a578-2949-4de8-b4de-5d56b067efd0", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "bf72a578-2949-4de8-b4de-5d56b067efd0", - "panelRefName": "panel_bf72a578-2949-4de8-b4de-5d56b067efd0", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7", - "w": 24, - "x": 0, - "y": 45 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7", - "panelRefName": "panel_069358fe-da68-4d45-a0f0-aa7eaa4c1db7", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "323b1896-5cd9-4382-982c-7be72721ae48", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "323b1896-5cd9-4382-982c-7be72721ae48", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61", - "panelRefName": "panel_f4521dff-0b61-4d7c-b86d-8cd3fe341b61", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bf72a578-2949-4de8-b4de-5d56b067efd0", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "bf72a578-2949-4de8-b4de-5d56b067efd0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6", - "w": 24, - "x": 0, - "y": 60 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6", - "panelRefName": "panel_ca498f3d-dee7-4ad3-ad0b-92e9719890f6", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.alerts.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f7bb1094-f089-4f2d-98b2-8ad73597a045", - "w": 24, - "x": 24, - "y": 60 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "f7bb1094-f089-4f2d-98b2-8ad73597a045", - "panelRefName": "panel_f7bb1094-f089-4f2d-98b2-8ad73597a045", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.alerts.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.device.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.device.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "648b3fc0-5826-4478-a8a8-be02ec93b757", - "w": 24, - "x": 0, - "y": 75 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "648b3fc0-5826-4478-a8a8-be02ec93b757", - "panelRefName": "panel_648b3fc0-5826-4478-a8a8-be02ec93b757", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } } - }, - "gridData": { - "h": 15, - "i": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba", - "panelRefName": "panel_5ac14a5f-c30a-4e76-8d13-984f21ceb9ba", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Object Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "365a5a5d-0a5a-4723-935c-346fafc76c55", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "365a5a5d-0a5a-4723-935c-346fafc76c55", - "panelRefName": "panel_365a5a5d-0a5a-4723-935c-346fafc76c55", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "netskope.alerts.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.object.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.object.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f7bb1094-f089-4f2d-98b2-8ad73597a045", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "f7bb1094-f089-4f2d-98b2-8ad73597a045", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 File Types", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312", - "w": 24, - "x": 24, - "y": 90 - }, - "panelIndex": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312", - "panelRefName": "panel_8dce8a31-9c43-4a5c-afcd-a0ca9cdda312", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Types", + "field": "file.mime_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "file.mime_type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "file.mime_type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "648b3fc0-5826-4478-a8a8-be02ec93b757", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "648b3fc0-5826-4478-a8a8-be02ec93b757", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6bfbea77-62ee-49f6-a0c4-d38b5894a137", - "w": 24, - "x": 0, - "y": 105 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "6bfbea77-62ee-49f6-a0c4-d38b5894a137", - "panelRefName": "panel_6bfbea77-62ee-49f6-a0c4-d38b5894a137", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.alerts.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Site", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "fd2a100e-72d7-4432-8fdf-2b8185964894", - "w": 24, - "x": 24, - "y": 105 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "fd2a100e-72d7-4432-8fdf-2b8185964894", - "panelRefName": "panel_fd2a100e-72d7-4432-8fdf-2b8185964894", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.alerts.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "365a5a5d-0a5a-4723-935c-346fafc76c55", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "365a5a5d-0a5a-4723-935c-346fafc76c55", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Alert Type by User ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe", - "w": 24, - "x": 0, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe", - "panelRefName": "panel_0a553ef7-103e-495c-9e6d-3e3fe2945fbe", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "d7e9ce08-5c56-4606-a7c9-afc702edee17", - "w": 24, - "x": 24, - "y": 120 - }, - "panelIndex": "d7e9ce08-5c56-4606-a7c9-afc702edee17", - "panelRefName": "panel_d7e9ce08-5c56-4606-a7c9-afc702edee17", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6bfbea77-62ee-49f6-a0c4-d38b5894a137", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "6bfbea77-62ee-49f6-a0c4-d38b5894a137", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Activity", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "36f7a988-2b45-4ce1-b613-5a97f2708865", - "w": 24, - "x": 0, - "y": 135 - }, - "panelIndex": "36f7a988-2b45-4ce1-b613-5a97f2708865", - "panelRefName": "panel_36f7a988-2b45-4ce1-b613-5a97f2708865", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Activity", + "field": "netskope.alerts.activity.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.activity.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.activity.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "fd2a100e-72d7-4432-8fdf-2b8185964894", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "fd2a100e-72d7-4432-8fdf-2b8185964894", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Category ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e", - "w": 24, - "x": 24, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.alerts.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by File Language ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e", - "panelRefName": "panel_cbc5ad63-8ee6-4f93-8502-60ceb118e14e", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Language", + "field": "netskope.alerts.file.lang", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.file.lang", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.file.lang" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d7e9ce08-5c56-4606-a7c9-afc702edee17", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "d7e9ce08-5c56-4606-a7c9-afc702edee17", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "162ca71c-5ea9-44d1-9667-c48682cd7292", - "w": 24, - "x": 24, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "36f7a988-2b45-4ce1-b613-5a97f2708865", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "36f7a988-2b45-4ce1-b613-5a97f2708865", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "162ca71c-5ea9-44d1-9667-c48682cd7292", - "panelRefName": "panel_162ca71c-5ea9-44d1-9667-c48682cd7292", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "4e858190-599f-4e73-8772-c8a0d3fe103f", - "w": 24, - "x": 0, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Location", + "field": "destination.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "162ca71c-5ea9-44d1-9667-c48682cd7292", + "w": 24, + "x": 24, + "y": 150 + }, + "panelIndex": "162ca71c-5ea9-44d1-9667-c48682cd7292", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "4e858190-599f-4e73-8772-c8a0d3fe103f", - "panelRefName": "panel_4e858190-599f-4e73-8772-c8a0d3fe103f", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Location", + "field": "source.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Alerts] Policy", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-5def8dc0-71e6-11ec-8c4b-cb281099ee02", - "name": "baaf2231-c596-479b-b0ad-238fc8c7405f:panel_baaf2231-c596-479b-b0ad-238fc8c7405f", - "type": "visualization" - }, - { - "id": "netskope-5f452920-71da-11ec-8c4b-cb281099ee02", - "name": "4202f297-6899-4b88-8d71-286c85369671:panel_4202f297-6899-4b88-8d71-286c85369671", - "type": "visualization" - }, - { - "id": "netskope-2b81f870-71da-11ec-8c4b-cb281099ee02", - "name": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d:panel_5a6d5d65-1709-4f03-8bfb-f8fc721c932d", - "type": "visualization" - }, - { - "id": "netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02", - "name": "714f5073-96fc-4838-a2b3-987a3b62bc33:panel_714f5073-96fc-4838-a2b3-987a3b62bc33", - "type": "visualization" - }, - { - "id": "netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02", - "name": "323b1896-5cd9-4382-982c-7be72721ae48:panel_323b1896-5cd9-4382-982c-7be72721ae48", - "type": "visualization" - }, - { - "id": "netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02", - "name": "bf72a578-2949-4de8-b4de-5d56b067efd0:panel_bf72a578-2949-4de8-b4de-5d56b067efd0", - "type": "visualization" - }, - { - "id": "netskope-37409a80-71db-11ec-8c4b-cb281099ee02", - "name": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7:panel_069358fe-da68-4d45-a0f0-aa7eaa4c1db7", - "type": "visualization" - }, - { - "id": "netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02", - "name": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61:panel_f4521dff-0b61-4d7c-b86d-8cd3fe341b61", - "type": "visualization" - }, - { - "id": "netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02", - "name": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6:panel_ca498f3d-dee7-4ad3-ad0b-92e9719890f6", - "type": "visualization" - }, - { - "id": "netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02", - "name": "f7bb1094-f089-4f2d-98b2-8ad73597a045:panel_f7bb1094-f089-4f2d-98b2-8ad73597a045", - "type": "visualization" - }, - { - "id": "netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02", - "name": "648b3fc0-5826-4478-a8a8-be02ec93b757:panel_648b3fc0-5826-4478-a8a8-be02ec93b757", - "type": "visualization" - }, - { - "id": "netskope-a4745040-71dd-11ec-8c4b-cb281099ee02", - "name": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba:panel_5ac14a5f-c30a-4e76-8d13-984f21ceb9ba", - "type": "visualization" - }, - { - "id": "netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02", - "name": "365a5a5d-0a5a-4723-935c-346fafc76c55:panel_365a5a5d-0a5a-4723-935c-346fafc76c55", - "type": "visualization" - }, - { - "id": "netskope-8705deb0-71de-11ec-8c4b-cb281099ee02", - "name": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312:panel_8dce8a31-9c43-4a5c-afcd-a0ca9cdda312", - "type": "visualization" - }, - { - "id": "netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02", - "name": "6bfbea77-62ee-49f6-a0c4-d38b5894a137:panel_6bfbea77-62ee-49f6-a0c4-d38b5894a137", - "type": "visualization" - }, - { - "id": "netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02", - "name": "fd2a100e-72d7-4432-8fdf-2b8185964894:panel_fd2a100e-72d7-4432-8fdf-2b8185964894", - "type": "visualization" - }, - { - "id": "netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02", - "name": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe:panel_0a553ef7-103e-495c-9e6d-3e3fe2945fbe", - "type": "visualization" - }, - { - "id": "netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02", - "name": "d7e9ce08-5c56-4606-a7c9-afc702edee17:panel_d7e9ce08-5c56-4606-a7c9-afc702edee17", - "type": "visualization" - }, - { - "id": "netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02", - "name": "36f7a988-2b45-4ce1-b613-5a97f2708865:panel_36f7a988-2b45-4ce1-b613-5a97f2708865", - "type": "visualization" - }, - { - "id": "netskope-b0b26610-71df-11ec-8c4b-cb281099ee02", - "name": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e:panel_cbc5ad63-8ee6-4f93-8502-60ceb118e14e", - "type": "visualization" - }, - { - "id": "netskope-d1189e60-71df-11ec-8c4b-cb281099ee02", - "name": "162ca71c-5ea9-44d1-9667-c48682cd7292:panel_162ca71c-5ea9-44d1-9667-c48682cd7292", - "type": "visualization" - }, - { - "id": "netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02", - "name": "4e858190-599f-4e73-8772-c8a0d3fe103f:panel_4e858190-599f-4e73-8772-c8a0d3fe103f", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "4e858190-599f-4e73-8772-c8a0d3fe103f", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "4e858190-599f-4e73-8772-c8a0d3fe103f", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Alerts] Policy", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "baaf2231-c596-479b-b0ad-238fc8c7405f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "baaf2231-c596-479b-b0ad-238fc8c7405f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "baaf2231-c596-479b-b0ad-238fc8c7405f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4202f297-6899-4b88-8d71-286c85369671:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4202f297-6899-4b88-8d71-286c85369671:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "714f5073-96fc-4838-a2b3-987a3b62bc33:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "714f5073-96fc-4838-a2b3-987a3b62bc33:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "323b1896-5cd9-4382-982c-7be72721ae48:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "323b1896-5cd9-4382-982c-7be72721ae48:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bf72a578-2949-4de8-b4de-5d56b067efd0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bf72a578-2949-4de8-b4de-5d56b067efd0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f7bb1094-f089-4f2d-98b2-8ad73597a045:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f7bb1094-f089-4f2d-98b2-8ad73597a045:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "648b3fc0-5826-4478-a8a8-be02ec93b757:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "648b3fc0-5826-4478-a8a8-be02ec93b757:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "365a5a5d-0a5a-4723-935c-346fafc76c55:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "365a5a5d-0a5a-4723-935c-346fafc76c55:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6bfbea77-62ee-49f6-a0c4-d38b5894a137:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6bfbea77-62ee-49f6-a0c4-d38b5894a137:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd2a100e-72d7-4432-8fdf-2b8185964894:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd2a100e-72d7-4432-8fdf-2b8185964894:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d7e9ce08-5c56-4606-a7c9-afc702edee17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d7e9ce08-5c56-4606-a7c9-afc702edee17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "36f7a988-2b45-4ce1-b613-5a97f2708865:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "36f7a988-2b45-4ce1-b613-5a97f2708865:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "162ca71c-5ea9-44d1-9667-c48682cd7292:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "162ca71c-5ea9-44d1-9667-c48682cd7292:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4e858190-599f-4e73-8772-c8a0d3fe103f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4e858190-599f-4e73-8772-c8a0d3fe103f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json index 95dd902c963..29436b5bb14 100644 --- a/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json @@ -1,579 +1,3386 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "DLP" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "DLP" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of DLP Alerts by DLP Rule Severity", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "DLP Rule Severity", + "field": "netskope.alerts.dlp.rule.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "DLP" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "DLP" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "DLP" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "DLP" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.dlp.rule.severity", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.dlp.rule.severity" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "729f9e92-d075-4a1a-bcf0-db456d39e724", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "729f9e92-d075-4a1a-bcf0-db456d39e724", - "panelRefName": "panel_729f9e92-d075-4a1a-bcf0-db456d39e724", - "type": "visualization", - "version": "7.16.2" + "gridData": { + "h": 15, + "i": "729f9e92-d075-4a1a-bcf0-db456d39e724", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "729f9e92-d075-4a1a-bcf0-db456d39e724", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 DLP Files", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde", - "w": 24, - "x": 24, - "y": 0 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde", - "panelRefName": "panel_1c47cf4d-6ec1-48fd-9db4-237bbf50dcde", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "DLP Files", + "field": "netskope.alerts.dlp.file", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "DLP" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "DLP" + } } - }, - "gridData": { - "h": 15, - "i": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc", - "panelRefName": "panel_66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.dlp.file", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.dlp.file" + } } - }, - "gridData": { - "h": 15, - "i": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c", - "panelRefName": "panel_e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "92b187cb-5b44-404e-890b-fa8326868e36", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "92b187cb-5b44-404e-890b-fa8326868e36", - "panelRefName": "panel_92b187cb-5b44-404e-890b-fa8326868e36", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9", - "panelRefName": "panel_89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.alerts.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Acknowledgement", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "23dfb547-1341-4b1a-9011-02f307aed221", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "23dfb547-1341-4b1a-9011-02f307aed221", - "panelRefName": "panel_23dfb547-1341-4b1a-9011-02f307aed221", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : false" + }, + "label": "False" + }, + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : true" + }, + "label": "True" + } + ] + }, + "schema": "segment", + "type": "filters" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.acked", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.acked" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Policy ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b", - "w": 24, - "x": 24, - "y": 45 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b", - "panelRefName": "panel_2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top 10 DLP Policy", + "field": "netskope.alerts.policy.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "params": { + "query": "DLP" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.alerts.type": "DLP" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.alerts.policy.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.policy.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "92b187cb-5b44-404e-890b-fa8326868e36", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "92b187cb-5b44-404e-890b-fa8326868e36", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Browser", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0", - "panelRefName": "panel_faced4fb-cc57-4a4e-a51b-5b27fda57ab0", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a2bf7e9f-4500-4848-b180-0a567d702d6b", - "w": 24, - "x": 24, - "y": 60 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "a2bf7e9f-4500-4848-b180-0a567d702d6b", - "panelRefName": "panel_a2bf7e9f-4500-4848-b180-0a567d702d6b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Apps", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "55bda241-c95f-4c9f-ad5b-8a199890b163", - "w": 24, - "x": 0, - "y": 75 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "55bda241-c95f-4c9f-ad5b-8a199890b163", - "panelRefName": "panel_55bda241-c95f-4c9f-ad5b-8a199890b163", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.alerts.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "23dfb547-1341-4b1a-9011-02f307aed221", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "23dfb547-1341-4b1a-9011-02f307aed221", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8eee17e1-802f-47f7-b29d-669762b68849", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "8eee17e1-802f-47f7-b29d-669762b68849", - "panelRefName": "panel_8eee17e1-802f-47f7-b29d-669762b68849", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.alerts.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9175a01c-5781-4771-b5ab-fceaf12bfcc7", - "w": 24, - "x": 0, - "y": 90 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "9175a01c-5781-4771-b5ab-fceaf12bfcc7", - "panelRefName": "panel_9175a01c-5781-4771-b5ab-fceaf12bfcc7", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "decfcd4a-6565-43ab-bccf-0ba7a992fd94", - "w": 24, - "x": 24, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "decfcd4a-6565-43ab-bccf-0ba7a992fd94", - "panelRefName": "panel_decfcd4a-6565-43ab-bccf-0ba7a992fd94", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } } - }, - "gridData": { - "h": 15, - "i": "41f74a84-f471-4895-9443-cdf02a955cd8", - "w": 24, - "x": 0, - "y": 105 - }, - "panelIndex": "41f74a84-f471-4895-9443-cdf02a955cd8", - "panelRefName": "panel_41f74a84-f471-4895-9443-cdf02a955cd8", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a2bf7e9f-4500-4848-b180-0a567d702d6b", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "a2bf7e9f-4500-4848-b180-0a567d702d6b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0", - "w": 24, - "x": 24, - "y": 105 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0", - "panelRefName": "panel_ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.alerts.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.device.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.device.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "55bda241-c95f-4c9f-ad5b-8a199890b163", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "55bda241-c95f-4c9f-ad5b-8a199890b163", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 File Types", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f3a73b11-012a-4517-9a2f-623494321346", - "w": 24, - "x": 0, - "y": 120 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "f3a73b11-012a-4517-9a2f-623494321346", - "panelRefName": "panel_f3a73b11-012a-4517-9a2f-623494321346", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Types", + "field": "file.mime_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "file.mime_type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "file.mime_type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8eee17e1-802f-47f7-b29d-669762b68849", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "8eee17e1-802f-47f7-b29d-669762b68849", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Object Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "f43a0df7-6e17-4523-891c-04e65c22ad22", - "w": 24, - "x": 24, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "netskope.alerts.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.object.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.object.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "9175a01c-5781-4771-b5ab-fceaf12bfcc7", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "9175a01c-5781-4771-b5ab-fceaf12bfcc7", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Site", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "f43a0df7-6e17-4523-891c-04e65c22ad22", - "panelRefName": "panel_f43a0df7-6e17-4523-891c-04e65c22ad22", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.alerts.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "decfcd4a-6565-43ab-bccf-0ba7a992fd94", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "decfcd4a-6565-43ab-bccf-0ba7a992fd94", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "774541fd-cefb-422b-ac26-12f4b8528e7e", - "w": 24, - "x": 0, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.alerts.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "41f74a84-f471-4895-9443-cdf02a955cd8", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "41f74a84-f471-4895-9443-cdf02a955cd8", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "774541fd-cefb-422b-ac26-12f4b8528e7e", - "panelRefName": "panel_774541fd-cefb-422b-ac26-12f4b8528e7e", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Alert Type by User ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "38569123-9613-46c8-ae0f-10f87bee71ed", - "w": 24, - "x": 24, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "38569123-9613-46c8-ae0f-10f87bee71ed", - "panelRefName": "panel_38569123-9613-46c8-ae0f-10f87bee71ed", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f3a73b11-012a-4517-9a2f-623494321346", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "f3a73b11-012a-4517-9a2f-623494321346", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Category ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "a9d1659e-0caf-416c-8520-f96b7e765fb1", - "w": 24, - "x": 0, - "y": 150 - }, - "panelIndex": "a9d1659e-0caf-416c-8520-f96b7e765fb1", - "panelRefName": "panel_a9d1659e-0caf-416c-8520-f96b7e765fb1", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.alerts.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "f43a0df7-6e17-4523-891c-04e65c22ad22", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "f43a0df7-6e17-4523-891c-04e65c22ad22", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Activity", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "1e02ac55-c2e1-4383-a282-129bcf97ef4f", - "w": 24, - "x": 24, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Activity", + "field": "netskope.alerts.activity.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.activity.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.activity.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "774541fd-cefb-422b-ac26-12f4b8528e7e", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "774541fd-cefb-422b-ac26-12f4b8528e7e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by File Language ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "1e02ac55-c2e1-4383-a282-129bcf97ef4f", - "panelRefName": "panel_1e02ac55-c2e1-4383-a282-129bcf97ef4f", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Language", + "field": "netskope.alerts.file.lang", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.file.lang", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.file.lang" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "38569123-9613-46c8-ae0f-10f87bee71ed", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "38569123-9613-46c8-ae0f-10f87bee71ed", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "89576865-7807-4305-abee-1b92248de9fc", - "w": 24, - "x": 0, - "y": 165 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a9d1659e-0caf-416c-8520-f96b7e765fb1", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "a9d1659e-0caf-416c-8520-f96b7e765fb1", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "89576865-7807-4305-abee-1b92248de9fc", - "panelRefName": "panel_89576865-7807-4305-abee-1b92248de9fc", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1e02ac55-c2e1-4383-a282-129bcf97ef4f", + "w": 24, + "x": 24, + "y": 150 + }, + "panelIndex": "1e02ac55-c2e1-4383-a282-129bcf97ef4f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "2b3e3a8f-4689-4aad-a5ef-8380200768c0", - "w": 24, - "x": 24, - "y": 165 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Location", + "field": "source.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "89576865-7807-4305-abee-1b92248de9fc", + "w": 24, + "x": 0, + "y": 165 + }, + "panelIndex": "89576865-7807-4305-abee-1b92248de9fc", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "2b3e3a8f-4689-4aad-a5ef-8380200768c0", - "panelRefName": "panel_2b3e3a8f-4689-4aad-a5ef-8380200768c0", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Location", + "field": "destination.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Alerts] DLP", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-516130e0-71eb-11ec-8c4b-cb281099ee02", - "name": "729f9e92-d075-4a1a-bcf0-db456d39e724:panel_729f9e92-d075-4a1a-bcf0-db456d39e724", - "type": "visualization" - }, - { - "id": "netskope-25b07fa0-71eb-11ec-8c4b-cb281099ee02", - "name": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde:panel_1c47cf4d-6ec1-48fd-9db4-237bbf50dcde", - "type": "visualization" - }, - { - "id": "netskope-2b81f870-71da-11ec-8c4b-cb281099ee02", - "name": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc:panel_66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc", - "type": "visualization" - }, - { - "id": "netskope-5f452920-71da-11ec-8c4b-cb281099ee02", - "name": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c:panel_e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c", - "type": "visualization" - }, - { - "id": "netskope-dd1de560-71eb-11ec-8c4b-cb281099ee02", - "name": "92b187cb-5b44-404e-890b-fa8326868e36:panel_92b187cb-5b44-404e-890b-fa8326868e36", - "type": "visualization" - }, - { - "id": "netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02", - "name": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9:panel_89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9", - "type": "visualization" - }, - { - "id": "netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02", - "name": "23dfb547-1341-4b1a-9011-02f307aed221:panel_23dfb547-1341-4b1a-9011-02f307aed221", - "type": "visualization" - }, - { - "id": "netskope-37409a80-71db-11ec-8c4b-cb281099ee02", - "name": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b:panel_2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b", - "type": "visualization" - }, - { - "id": "netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02", - "name": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0:panel_faced4fb-cc57-4a4e-a51b-5b27fda57ab0", - "type": "visualization" - }, - { - "id": "netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02", - "name": "a2bf7e9f-4500-4848-b180-0a567d702d6b:panel_a2bf7e9f-4500-4848-b180-0a567d702d6b", - "type": "visualization" - }, - { - "id": "netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02", - "name": "55bda241-c95f-4c9f-ad5b-8a199890b163:panel_55bda241-c95f-4c9f-ad5b-8a199890b163", - "type": "visualization" - }, - { - "id": "netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02", - "name": "8eee17e1-802f-47f7-b29d-669762b68849:panel_8eee17e1-802f-47f7-b29d-669762b68849", - "type": "visualization" - }, - { - "id": "netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02", - "name": "9175a01c-5781-4771-b5ab-fceaf12bfcc7:panel_9175a01c-5781-4771-b5ab-fceaf12bfcc7", - "type": "visualization" - }, - { - "id": "netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02", - "name": "decfcd4a-6565-43ab-bccf-0ba7a992fd94:panel_decfcd4a-6565-43ab-bccf-0ba7a992fd94", - "type": "visualization" - }, - { - "id": "netskope-a4745040-71dd-11ec-8c4b-cb281099ee02", - "name": "41f74a84-f471-4895-9443-cdf02a955cd8:panel_41f74a84-f471-4895-9443-cdf02a955cd8", - "type": "visualization" - }, - { - "id": "netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02", - "name": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0:panel_ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0", - "type": "visualization" - }, - { - "id": "netskope-8705deb0-71de-11ec-8c4b-cb281099ee02", - "name": "f3a73b11-012a-4517-9a2f-623494321346:panel_f3a73b11-012a-4517-9a2f-623494321346", - "type": "visualization" - }, - { - "id": "netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02", - "name": "f43a0df7-6e17-4523-891c-04e65c22ad22:panel_f43a0df7-6e17-4523-891c-04e65c22ad22", - "type": "visualization" - }, - { - "id": "netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02", - "name": "774541fd-cefb-422b-ac26-12f4b8528e7e:panel_774541fd-cefb-422b-ac26-12f4b8528e7e", - "type": "visualization" - }, - { - "id": "netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02", - "name": "38569123-9613-46c8-ae0f-10f87bee71ed:panel_38569123-9613-46c8-ae0f-10f87bee71ed", - "type": "visualization" - }, - { - "id": "netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02", - "name": "a9d1659e-0caf-416c-8520-f96b7e765fb1:panel_a9d1659e-0caf-416c-8520-f96b7e765fb1", - "type": "visualization" - }, - { - "id": "netskope-b0b26610-71df-11ec-8c4b-cb281099ee02", - "name": "1e02ac55-c2e1-4383-a282-129bcf97ef4f:panel_1e02ac55-c2e1-4383-a282-129bcf97ef4f", - "type": "visualization" - }, - { - "id": "netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02", - "name": "89576865-7807-4305-abee-1b92248de9fc:panel_89576865-7807-4305-abee-1b92248de9fc", - "type": "visualization" - }, - { - "id": "netskope-d1189e60-71df-11ec-8c4b-cb281099ee02", - "name": "2b3e3a8f-4689-4aad-a5ef-8380200768c0:panel_2b3e3a8f-4689-4aad-a5ef-8380200768c0", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "2b3e3a8f-4689-4aad-a5ef-8380200768c0", + "w": 24, + "x": 24, + "y": 165 + }, + "panelIndex": "2b3e3a8f-4689-4aad-a5ef-8380200768c0", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Alerts] DLP", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "729f9e92-d075-4a1a-bcf0-db456d39e724:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "729f9e92-d075-4a1a-bcf0-db456d39e724:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "729f9e92-d075-4a1a-bcf0-db456d39e724:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92b187cb-5b44-404e-890b-fa8326868e36:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92b187cb-5b44-404e-890b-fa8326868e36:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92b187cb-5b44-404e-890b-fa8326868e36:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "23dfb547-1341-4b1a-9011-02f307aed221:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "23dfb547-1341-4b1a-9011-02f307aed221:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a2bf7e9f-4500-4848-b180-0a567d702d6b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a2bf7e9f-4500-4848-b180-0a567d702d6b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "55bda241-c95f-4c9f-ad5b-8a199890b163:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "55bda241-c95f-4c9f-ad5b-8a199890b163:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8eee17e1-802f-47f7-b29d-669762b68849:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8eee17e1-802f-47f7-b29d-669762b68849:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9175a01c-5781-4771-b5ab-fceaf12bfcc7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9175a01c-5781-4771-b5ab-fceaf12bfcc7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "decfcd4a-6565-43ab-bccf-0ba7a992fd94:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "decfcd4a-6565-43ab-bccf-0ba7a992fd94:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "41f74a84-f471-4895-9443-cdf02a955cd8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "41f74a84-f471-4895-9443-cdf02a955cd8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3a73b11-012a-4517-9a2f-623494321346:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3a73b11-012a-4517-9a2f-623494321346:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3a73b11-012a-4517-9a2f-623494321346:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f43a0df7-6e17-4523-891c-04e65c22ad22:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f43a0df7-6e17-4523-891c-04e65c22ad22:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "774541fd-cefb-422b-ac26-12f4b8528e7e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "774541fd-cefb-422b-ac26-12f4b8528e7e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "38569123-9613-46c8-ae0f-10f87bee71ed:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "38569123-9613-46c8-ae0f-10f87bee71ed:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a9d1659e-0caf-416c-8520-f96b7e765fb1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a9d1659e-0caf-416c-8520-f96b7e765fb1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1e02ac55-c2e1-4383-a282-129bcf97ef4f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1e02ac55-c2e1-4383-a282-129bcf97ef4f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "89576865-7807-4305-abee-1b92248de9fc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "89576865-7807-4305-abee-1b92248de9fc:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2b3e3a8f-4689-4aad-a5ef-8380200768c0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2b3e3a8f-4689-4aad-a5ef-8380200768c0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json index cd0053b0aa5..a6aaf318870 100644 --- a/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json @@ -1,519 +1,3195 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "page" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "page" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Severity", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "netskope.events.severity.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "page" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "page" - } - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.severity.level", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.severity.level" + } } + } ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "9b39019c-58f4-4613-9109-2865e86acee2", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "9b39019c-58f4-4613-9109-2865e86acee2", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "9b39019c-58f4-4613-9109-2865e86acee2", - "panelRefName": "panel_9b39019c-58f4-4613-9109-2865e86acee2", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "9b39019c-58f4-4613-9109-2865e86acee2", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Severity Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "ad69cae5-30ec-424e-b6b9-44e3d3979273", - "w": 24, - "x": 24, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "ad69cae5-30ec-424e-b6b9-44e3d3979273", - "panelRefName": "panel_ad69cae5-30ec-424e-b6b9-44e3d3979273", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Severity", + "field": "netskope.events.severity.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 13 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.severity.level", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.severity.level" + } } - }, - "gridData": { - "h": 15, - "i": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd", - "panelRefName": "panel_8c6f7513-48aa-4457-ab23-7e528bfe1dcd", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ad69cae5-30ec-424e-b6b9-44e3d3979273", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "ad69cae5-30ec-424e-b6b9-44e3d3979273", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Browser, Browser Version", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": true, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "fa6b11ac-3e40-4a52-9596-52d73081690d", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "fa6b11ac-3e40-4a52-9596-52d73081690d", - "panelRefName": "panel_fa6b11ac-3e40-4a52-9596-52d73081690d", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user_agent.version", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.version" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by OS", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3", - "panelRefName": "panel_a1e0af01-0501-4fa8-96ab-b5f8cccd50c3", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745", - "panelRefName": "panel_ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS", + "field": "user_agent.os.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.os.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.os.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "fa6b11ac-3e40-4a52-9596-52d73081690d", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "fa6b11ac-3e40-4a52-9596-52d73081690d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Page Accessed by Page Events", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "b7a38f86-d6e4-45d5-a490-34a522910597", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "b7a38f86-d6e4-45d5-a490-34a522910597", - "panelRefName": "panel_b7a38f86-d6e4-45d5-a490-34a522910597", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Page", + "field": "netskope.events.page", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "page" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "page" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.page", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.page" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Domain Accessed by Page Events", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5", - "panelRefName": "panel_8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Domain", + "field": "netskope.events.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "page" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "page" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.domain", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.domain" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Response Count for Page", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "3729697c-99a7-44aa-b08f-956fbdd7fd52", - "w": 24, - "x": 0, - "y": 60 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Response Count", + "field": "netskope.events.response.count", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "3729697c-99a7-44aa-b08f-956fbdd7fd52", - "panelRefName": "panel_3729697c-99a7-44aa-b08f-956fbdd7fd52", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Page", + "field": "netskope.events.page", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "page" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "page" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.response.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.response.count" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "netskope.events.page", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.page" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b7a38f86-d6e4-45d5-a490-34a522910597", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "b7a38f86-d6e4-45d5-a490-34a522910597", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Request Count for Page", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "428a29ce-c3cf-4c1e-8884-28216396972a", - "w": 24, - "x": 24, - "y": 60 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Request Count", + "field": "netskope.events.request.count", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "428a29ce-c3cf-4c1e-8884-28216396972a", - "panelRefName": "panel_428a29ce-c3cf-4c1e-8884-28216396972a", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Page", + "field": "netskope.events.page", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.event_type", + "negate": false, + "params": { + "query": "page" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "netskope.events.event_type": "page" + } } - }, - "gridData": { - "h": 15, - "i": "8236132e-146b-46b9-80c7-8566b41ac58c", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "8236132e-146b-46b9-80c7-8566b41ac58c", - "panelRefName": "panel_8236132e-146b-46b9-80c7-8566b41ac58c", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "netskope.events.request.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.request.count" + } } - }, - "gridData": { - "h": 15, - "i": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95", - "panelRefName": "panel_bc8801ce-4f2e-43ee-94f9-7dbed415fa95", - "type": "visualization", - "version": "7.16.2" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "netskope.events.page", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.page" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Location, Source Region, Source Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "87729323-edef-43f8-9ec7-b9c3212ba067", - "w": 24, - "x": 0, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Location", + "field": "source.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "87729323-edef-43f8-9ec7-b9c3212ba067", - "panelRefName": "panel_87729323-edef-43f8-9ec7-b9c3212ba067", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Region", + "field": "source.geo.region_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.city_name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "source.geo.region_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.region_name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "source.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3729697c-99a7-44aa-b08f-956fbdd7fd52", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "3729697c-99a7-44aa-b08f-956fbdd7fd52", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Location, Destination Region, Destination Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6ae15ec6-52a8-4037-82f4-0c6d6438a301", - "w": 24, - "x": 0, - "y": 150 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Location", + "field": "destination.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "6ae15ec6-52a8-4037-82f4-0c6d6438a301", - "panelRefName": "panel_6ae15ec6-52a8-4037-82f4-0c6d6438a301", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Region", + "field": "destination.geo.region_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 15, - "i": "014d7310-feb8-4078-9ff4-4174cf8f0c7a", - "w": 24, - "x": 0, - "y": 105 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.country_iso_code" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "destination.geo.region_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.region_name" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "destination.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "428a29ce-c3cf-4c1e-8884-28216396972a", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "428a29ce-c3cf-4c1e-8884-28216396972a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "014d7310-feb8-4078-9ff4-4174cf8f0c7a", - "panelRefName": "panel_014d7310-feb8-4078-9ff4-4174cf8f0c7a", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8236132e-146b-46b9-80c7-8566b41ac58c", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "8236132e-146b-46b9-80c7-8566b41ac58c", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "29065c13-ac1a-49d3-a76e-de75726936ac", - "w": 24, - "x": 24, - "y": 90 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.events.device.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.device.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.device.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Application Activities", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "29065c13-ac1a-49d3-a76e-de75726936ac", - "panelRefName": "panel_29065c13-ac1a-49d3-a76e-de75726936ac", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.events.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "87729323-edef-43f8-9ec7-b9c3212ba067", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "87729323-edef-43f8-9ec7-b9c3212ba067", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top Users By Access Method", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "49f8d21b-3a7b-4d6e-a478-e815766c292a", - "w": 24, - "x": 0, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.events.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "49f8d21b-3a7b-4d6e-a478-e815766c292a", - "panelRefName": "panel_49f8d21b-3a7b-4d6e-a478-e815766c292a", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.access_method" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6ae15ec6-52a8-4037-82f4-0c6d6438a301", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "6ae15ec6-52a8-4037-82f4-0c6d6438a301", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Events by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "13b86156-05e3-4be7-98b9-1e4b9833c411", - "w": 24, - "x": 24, - "y": 105 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.events.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "014d7310-feb8-4078-9ff4-4174cf8f0c7a", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "014d7310-feb8-4078-9ff4-4174cf8f0c7a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Sites", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "13b86156-05e3-4be7-98b9-1e4b9833c411", - "panelRefName": "panel_13b86156-05e3-4be7-98b9-1e4b9833c411", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.events.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "29065c13-ac1a-49d3-a76e-de75726936ac", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "29065c13-ac1a-49d3-a76e-de75726936ac", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8", - "w": 24, - "x": 0, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "49f8d21b-3a7b-4d6e-a478-e815766c292a", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "49f8d21b-3a7b-4d6e-a478-e815766c292a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8", - "panelRefName": "panel_fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.events.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "13b86156-05e3-4be7-98b9-1e4b9833c411", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "13b86156-05e3-4be7-98b9-1e4b9833c411", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time for Events", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "1aa39804-8029-4770-bc25-e2e94a29e83b", - "w": 24, - "x": 24, - "y": 120 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "1aa39804-8029-4770-bc25-e2e94a29e83b", - "panelRefName": "panel_1aa39804-8029-4770-bc25-e2e94a29e83b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.events.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2", - "w": 24, - "x": 24, - "y": 135 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.events.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.events.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.events.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1aa39804-8029-4770-bc25-e2e94a29e83b", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "1aa39804-8029-4770-bc25-e2e94a29e83b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Events by Source Region", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2", - "panelRefName": "panel_85675e54-cd8f-4ca1-b0a6-e4f2766011e2", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Region", + "field": "source.geo.region_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 7 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.region_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.region_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.events\" " + } + } } - ], - "timeRestore": false, - "title": "[Netskope][Events] Page", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netskope-914898a0-72af-11ec-8c4b-cb281099ee02", - "name": "9b39019c-58f4-4613-9109-2865e86acee2:panel_9b39019c-58f4-4613-9109-2865e86acee2", - "type": "visualization" - }, - { - "id": "netskope-c01026d0-72af-11ec-8c4b-cb281099ee02", - "name": "ad69cae5-30ec-424e-b6b9-44e3d3979273:panel_ad69cae5-30ec-424e-b6b9-44e3d3979273", - "type": "visualization" - }, - { - "id": "netskope-51bf6fb0-72aa-11ec-8c4b-cb281099ee02", - "name": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd:panel_8c6f7513-48aa-4457-ab23-7e528bfe1dcd", - "type": "visualization" - }, - { - "id": "netskope-0f05ca90-7456-11ec-8c4b-cb281099ee02", - "name": "fa6b11ac-3e40-4a52-9596-52d73081690d:panel_fa6b11ac-3e40-4a52-9596-52d73081690d", - "type": "visualization" - }, - { - "id": "netskope-75f900b0-72b6-11ec-8c4b-cb281099ee02", - "name": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3:panel_a1e0af01-0501-4fa8-96ab-b5f8cccd50c3", - "type": "visualization" - }, - { - "id": "netskope-528169b0-72b6-11ec-8c4b-cb281099ee02", - "name": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745:panel_ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745", - "type": "visualization" - }, - { - "id": "netskope-dbcca900-72b6-11ec-8c4b-cb281099ee02", - "name": "b7a38f86-d6e4-45d5-a490-34a522910597:panel_b7a38f86-d6e4-45d5-a490-34a522910597", - "type": "visualization" - }, - { - "id": "netskope-a3e5e650-72b6-11ec-8c4b-cb281099ee02", - "name": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5:panel_8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5", - "type": "visualization" - }, - { - "id": "netskope-40a01500-72db-11ec-8c4b-cb281099ee02", - "name": "3729697c-99a7-44aa-b08f-956fbdd7fd52:panel_3729697c-99a7-44aa-b08f-956fbdd7fd52", - "type": "visualization" - }, - { - "id": "netskope-891546c0-72db-11ec-8c4b-cb281099ee02", - "name": "428a29ce-c3cf-4c1e-8884-28216396972a:panel_428a29ce-c3cf-4c1e-8884-28216396972a", - "type": "visualization" - }, - { - "id": "netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02", - "name": "8236132e-146b-46b9-80c7-8566b41ac58c:panel_8236132e-146b-46b9-80c7-8566b41ac58c", - "type": "visualization" - }, - { - "id": "netskope-41932530-72a7-11ec-8c4b-cb281099ee02", - "name": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95:panel_bc8801ce-4f2e-43ee-94f9-7dbed415fa95", - "type": "visualization" - }, - { - "id": "netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02", - "name": "87729323-edef-43f8-9ec7-b9c3212ba067:panel_87729323-edef-43f8-9ec7-b9c3212ba067", - "type": "visualization" - }, - { - "id": "netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02", - "name": "6ae15ec6-52a8-4037-82f4-0c6d6438a301:panel_6ae15ec6-52a8-4037-82f4-0c6d6438a301", - "type": "visualization" - }, - { - "id": "netskope-d9596770-72a8-11ec-8c4b-cb281099ee02", - "name": "014d7310-feb8-4078-9ff4-4174cf8f0c7a:panel_014d7310-feb8-4078-9ff4-4174cf8f0c7a", - "type": "visualization" - }, - { - "id": "netskope-357672b0-72a8-11ec-8c4b-cb281099ee02", - "name": "29065c13-ac1a-49d3-a76e-de75726936ac:panel_29065c13-ac1a-49d3-a76e-de75726936ac", - "type": "visualization" - }, - { - "id": "netskope-47132800-72a9-11ec-8c4b-cb281099ee02", - "name": "49f8d21b-3a7b-4d6e-a478-e815766c292a:panel_49f8d21b-3a7b-4d6e-a478-e815766c292a", - "type": "visualization" - }, - { - "id": "netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02", - "name": "13b86156-05e3-4be7-98b9-1e4b9833c411:panel_13b86156-05e3-4be7-98b9-1e4b9833c411", - "type": "visualization" - }, - { - "id": "netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02", - "name": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8:panel_fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8", - "type": "visualization" - }, - { - "id": "netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02", - "name": "1aa39804-8029-4770-bc25-e2e94a29e83b:panel_1aa39804-8029-4770-bc25-e2e94a29e83b", - "type": "visualization" - }, - { - "id": "netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02", - "name": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2:panel_85675e54-cd8f-4ca1-b0a6-e4f2766011e2", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope][Events] Page", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "9b39019c-58f4-4613-9109-2865e86acee2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9b39019c-58f4-4613-9109-2865e86acee2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ad69cae5-30ec-424e-b6b9-44e3d3979273:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ad69cae5-30ec-424e-b6b9-44e3d3979273:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fa6b11ac-3e40-4a52-9596-52d73081690d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fa6b11ac-3e40-4a52-9596-52d73081690d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7a38f86-d6e4-45d5-a490-34a522910597:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7a38f86-d6e4-45d5-a490-34a522910597:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7a38f86-d6e4-45d5-a490-34a522910597:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7a38f86-d6e4-45d5-a490-34a522910597:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3729697c-99a7-44aa-b08f-956fbdd7fd52:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3729697c-99a7-44aa-b08f-956fbdd7fd52:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3729697c-99a7-44aa-b08f-956fbdd7fd52:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3729697c-99a7-44aa-b08f-956fbdd7fd52:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "428a29ce-c3cf-4c1e-8884-28216396972a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "428a29ce-c3cf-4c1e-8884-28216396972a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "428a29ce-c3cf-4c1e-8884-28216396972a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "428a29ce-c3cf-4c1e-8884-28216396972a:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8236132e-146b-46b9-80c7-8566b41ac58c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8236132e-146b-46b9-80c7-8566b41ac58c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "87729323-edef-43f8-9ec7-b9c3212ba067:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "87729323-edef-43f8-9ec7-b9c3212ba067:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6ae15ec6-52a8-4037-82f4-0c6d6438a301:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6ae15ec6-52a8-4037-82f4-0c6d6438a301:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6ae15ec6-52a8-4037-82f4-0c6d6438a301:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "014d7310-feb8-4078-9ff4-4174cf8f0c7a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "014d7310-feb8-4078-9ff4-4174cf8f0c7a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "29065c13-ac1a-49d3-a76e-de75726936ac:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "29065c13-ac1a-49d3-a76e-de75726936ac:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "49f8d21b-3a7b-4d6e-a478-e815766c292a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "49f8d21b-3a7b-4d6e-a478-e815766c292a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13b86156-05e3-4be7-98b9-1e4b9833c411:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13b86156-05e3-4be7-98b9-1e4b9833c411:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1aa39804-8029-4770-bc25-e2e94a29e83b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1aa39804-8029-4770-bc25-e2e94a29e83b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json index 4379f9c18d1..d744e958607 100644 --- a/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json @@ -1,531 +1,3141 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:50:18.792Z", + "version": "WzcyOSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope][Alerts] Select Alert Type", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "netskope.alerts.type", + "id": "1641794009450", + "indexPatternRefName": "control_0_index_pattern", + "label": "Alert Type Selection", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "7b3d09e3-1987-4202-a3a7-6f0ea3c441d3", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "7b3d09e3-1987-4202-a3a7-6f0ea3c441d3", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "7b3d09e3-1987-4202-a3a7-6f0ea3c441d3", - "panelRefName": "panel_7b3d09e3-1987-4202-a3a7-6f0ea3c441d3", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "7b3d09e3-1987-4202-a3a7-6f0ea3c441d3", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Alert Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649", - "w": 24, - "x": 0, - "y": 5 - }, - "panelIndex": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649", - "panelRefName": "panel_a6294ee5-eaed-4c98-9e3d-2ddcc1c24649", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "3f9bbd86-5074-4a11-82e0-dd80b2727b63", - "w": 24, - "x": 24, - "y": 5 - }, - "panelIndex": "3f9bbd86-5074-4a11-82e0-dd80b2727b63", - "panelRefName": "panel_3f9bbd86-5074-4a11-82e0-dd80b2727b63", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } } - }, - "gridData": { - "h": 15, - "i": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33", - "panelRefName": "panel_758d5f91-4e32-4dba-b9a2-78dd39a2ae33", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649", + "w": 24, + "x": 0, + "y": 5 + }, + "panelIndex": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Acknowledgement", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d", - "panelRefName": "panel_50a67c99-45bf-4877-a02a-1c2fbabf5a7d", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : false" + }, + "label": "False" + }, + { + "input": { + "language": "kuery", + "query": "netskope.alerts.acked : true" + }, + "label": "True" + } + ] + }, + "schema": "segment", + "type": "filters" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.acked", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.acked" + } } - }, - "gridData": { - "h": 15, - "i": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a", - "w": 24, - "x": 0, - "y": 35 - }, - "panelIndex": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a", - "panelRefName": "panel_92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a", - "type": "visualization", - "version": "7.16.2" + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3f9bbd86-5074-4a11-82e0-dd80b2727b63", + "w": 24, + "x": 24, + "y": 5 + }, + "panelIndex": "3f9bbd86-5074-4a11-82e0-dd80b2727b63", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Access Method", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e71428cd-6aa7-410e-9401-b00c6661589d", - "w": 24, - "x": 24, - "y": 35 - }, - "panelIndex": "e71428cd-6aa7-410e-9401-b00c6661589d", - "panelRefName": "panel_e71428cd-6aa7-410e-9401-b00c6661589d", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "5296e207-4ad5-4936-b802-7a57e9bad6f5", - "w": 24, - "x": 0, - "y": 50 - }, - "panelIndex": "5296e207-4ad5-4936-b802-7a57e9bad6f5", - "panelRefName": "panel_5296e207-4ad5-4936-b802-7a57e9bad6f5", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Access Method", + "field": "netskope.alerts.access_method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.access_method", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.access_method" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Activity", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "e6adbd85-a30a-4210-a05a-0c56c2362657", - "w": 24, - "x": 24, - "y": 50 - }, - "panelIndex": "e6adbd85-a30a-4210-a05a-0c56c2362657", - "panelRefName": "panel_e6adbd85-a30a-4210-a05a-0c56c2362657", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Activity", + "field": "netskope.alerts.activity.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.activity.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.activity.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Browser", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2", - "w": 24, - "x": 0, - "y": 65 - }, - "panelIndex": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2", - "panelRefName": "panel_3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2", - "type": "visualization", - "version": "7.16.2" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "a7581748-99c7-4a63-aa09-61a0c039fe4b", - "w": 24, - "x": 24, - "y": 65 - }, - "panelIndex": "a7581748-99c7-4a63-aa09-61a0c039fe4b", - "panelRefName": "panel_a7581748-99c7-4a63-aa09-61a0c039fe4b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Browser", + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "user_agent.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user_agent.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Apps", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "651622f6-9e33-486b-b996-6fe0a89d3ad9", - "w": 24, - "x": 0, - "y": 80 - }, - "panelIndex": "651622f6-9e33-486b-b996-6fe0a89d3ad9", - "panelRefName": "panel_651622f6-9e33-486b-b996-6fe0a89d3ad9", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Applications", + "field": "netskope.alerts.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e71428cd-6aa7-410e-9401-b00c6661589d", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "e71428cd-6aa7-410e-9401-b00c6661589d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by App Category", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "454a5cbd-3538-4448-84fc-b0f83c8a1970", - "w": 24, - "x": 24, - "y": 80 - }, - "panelIndex": "454a5cbd-3538-4448-84fc-b0f83c8a1970", - "panelRefName": "panel_454a5cbd-3538-4448-84fc-b0f83c8a1970", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Category", + "field": "netskope.alerts.app.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.app.category", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.app.category" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5296e207-4ad5-4936-b802-7a57e9bad6f5", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "5296e207-4ad5-4936-b802-7a57e9bad6f5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9", - "w": 24, - "x": 0, - "y": 95 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9", - "panelRefName": "panel_bcd9b35e-19ef-42d9-847a-d7518a21b0d9", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "e6adbd85-a30a-4210-a05a-0c56c2362657", + "w": 24, + "x": 24, + "y": 50 + }, + "panelIndex": "e6adbd85-a30a-4210-a05a-0c56c2362657", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Trend of Cloud Confidence Level Over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "22dad9c8-4909-4efa-9f59-02a3ca979151", - "w": 24, - "x": 24, - "y": 95 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "22dad9c8-4909-4efa-9f59-02a3ca979151", - "panelRefName": "panel_22dad9c8-4909-4efa-9f59-02a3ca979151", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Cloud Confidence Level", + "field": "netskope.alerts.ccl", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.ccl", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.ccl" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2", + "w": 24, + "x": 0, + "y": 65 + }, + "panelIndex": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Device", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1", - "w": 24, - "x": 0, - "y": 110 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1", - "panelRefName": "panel_8c6ab1fd-e0c5-438b-b0c9-392d90c273b1", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "netskope.alerts.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.device.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.device.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a7581748-99c7-4a63-aa09-61a0c039fe4b", + "w": 24, + "x": 24, + "y": 65 + }, + "panelIndex": "a7581748-99c7-4a63-aa09-61a0c039fe4b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 File Types", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9", - "w": 24, - "x": 24, - "y": 110 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Types", + "field": "file.mime_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "file.mime_type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "file.mime_type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "651622f6-9e33-486b-b996-6fe0a89d3ad9", + "w": 24, + "x": 0, + "y": 80 + }, + "panelIndex": "651622f6-9e33-486b-b996-6fe0a89d3ad9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Object Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9", - "panelRefName": "panel_a5927e76-29f1-4c6b-85e0-ed1dee3de6c9", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "netskope.alerts.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.object.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.object.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "454a5cbd-3538-4448-84fc-b0f83c8a1970", + "w": 24, + "x": 24, + "y": 80 + }, + "panelIndex": "454a5cbd-3538-4448-84fc-b0f83c8a1970", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Site", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "7846948a-db42-497c-b956-ac5d7dd7383d", - "w": 24, - "x": 0, - "y": 140 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Site", + "field": "netskope.alerts.site", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.site", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.site" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9", + "w": 24, + "x": 0, + "y": 95 + }, + "panelIndex": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Traffic Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "7846948a-db42-497c-b956-ac5d7dd7383d", - "panelRefName": "panel_7846948a-db42-497c-b956-ac5d7dd7383d", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Traffic Type", + "field": "netskope.alerts.traffic.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.traffic.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.traffic.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "22dad9c8-4909-4efa-9f59-02a3ca979151", + "w": 24, + "x": 24, + "y": 95 + }, + "panelIndex": "22dad9c8-4909-4efa-9f59-02a3ca979151", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Alert Type by User ", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8cb62986-e557-4d71-8de0-6f88ec7535d8", - "w": 24, - "x": 24, - "y": 125 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "8cb62986-e557-4d71-8de0-6f88ec7535d8", - "panelRefName": "panel_8cb62986-e557-4d71-8de0-6f88ec7535d8", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 11 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "user.email", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "user.email" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\" " + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1", + "w": 24, + "x": 0, + "y": 110 + }, + "panelIndex": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "de6f44ab-bef8-4518-bbb0-4afde2144001", - "w": 24, - "x": 0, - "y": 125 - }, - "panelIndex": "de6f44ab-bef8-4518-bbb0-4afde2144001", - "panelRefName": "panel_de6f44ab-bef8-4518-bbb0-4afde2144001", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type", + "field": "netskope.alerts.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.type", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.type" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9", + "w": 24, + "x": 24, + "y": 110 + }, + "panelIndex": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080", - "w": 24, - "x": 24, - "y": 140 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7846948a-db42-497c-b956-ac5d7dd7383d", + "w": 24, + "x": 0, + "y": 140 + }, + "panelIndex": "7846948a-db42-497c-b956-ac5d7dd7383d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by Category ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080", - "panelRefName": "panel_b2e8e6c8-d585-49c1-ba49-5a8c4fab5080", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "netskope.alerts.category.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.category.name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.category.name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8cb62986-e557-4d71-8de0-6f88ec7535d8", + "w": 24, + "x": 24, + "y": 125 + }, + "panelIndex": "8cb62986-e557-4d71-8de0-6f88ec7535d8", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Distribution of Alerts by File Language ", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b", - "w": 24, - "x": 0, - "y": 155 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "File Language", + "field": "netskope.alerts.file.lang", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "netskope.alerts.file.lang", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "netskope.alerts.file.lang" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "de6f44ab-bef8-4518-bbb0-4afde2144001", + "w": 24, + "x": 0, + "y": 125 + }, + "panelIndex": "de6f44ab-bef8-4518-bbb0-4afde2144001", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Country", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b", - "panelRefName": "panel_d1633b77-5ee0-42ed-995f-d5e01cef7d3b", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.country_iso_code", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.country_iso_code" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080", + "w": 24, + "x": 24, + "y": 140 + }, + "panelIndex": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Source Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8", - "w": 24, - "x": 24, - "y": 155 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Location", + "field": "source.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "source.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "source.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b", + "w": 24, + "x": 0, + "y": 155 + }, + "panelIndex": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Netskope] Top 10 Destination Location", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8", - "panelRefName": "panel_17fbf33c-a3be-4e8e-afae-195fb4a37fa8", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Location", + "field": "destination.geo.city_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "destination.geo.city_name", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "destination.geo.city_name" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"netskope.alerts\"" + } + } } - ], - "timeRestore": false, - "title": "[Netskope] Alerts Overview", - "version": 1 - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "netskope-de309310-71d9-11ec-8c4b-cb281099ee02", - "name": "7b3d09e3-1987-4202-a3a7-6f0ea3c441d3:panel_7b3d09e3-1987-4202-a3a7-6f0ea3c441d3", - "type": "visualization" - }, - { - "id": "netskope-fceec3e0-71dd-11ec-8c4b-cb281099ee02", - "name": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649:panel_a6294ee5-eaed-4c98-9e3d-2ddcc1c24649", - "type": "visualization" - }, - { - "id": "netskope-5f452920-71da-11ec-8c4b-cb281099ee02", - "name": "3f9bbd86-5074-4a11-82e0-dd80b2727b63:panel_3f9bbd86-5074-4a11-82e0-dd80b2727b63", - "type": "visualization" - }, - { - "id": "netskope-2b81f870-71da-11ec-8c4b-cb281099ee02", - "name": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33:panel_758d5f91-4e32-4dba-b9a2-78dd39a2ae33", - "type": "visualization" - }, - { - "id": "netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02", - "name": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d:panel_50a67c99-45bf-4877-a02a-1c2fbabf5a7d", - "type": "visualization" - }, - { - "id": "netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02", - "name": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a:panel_92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a", - "type": "visualization" - }, - { - "id": "netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02", - "name": "e71428cd-6aa7-410e-9401-b00c6661589d:panel_e71428cd-6aa7-410e-9401-b00c6661589d", - "type": "visualization" - }, - { - "id": "netskope-37409a80-71db-11ec-8c4b-cb281099ee02", - "name": "5296e207-4ad5-4936-b802-7a57e9bad6f5:panel_5296e207-4ad5-4936-b802-7a57e9bad6f5", - "type": "visualization" - }, - { - "id": "netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02", - "name": "e6adbd85-a30a-4210-a05a-0c56c2362657:panel_e6adbd85-a30a-4210-a05a-0c56c2362657", - "type": "visualization" - }, - { - "id": "netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02", - "name": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2:panel_3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2", - "type": "visualization" - }, - { - "id": "netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02", - "name": "a7581748-99c7-4a63-aa09-61a0c039fe4b:panel_a7581748-99c7-4a63-aa09-61a0c039fe4b", - "type": "visualization" - }, - { - "id": "netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02", - "name": "651622f6-9e33-486b-b996-6fe0a89d3ad9:panel_651622f6-9e33-486b-b996-6fe0a89d3ad9", - "type": "visualization" - }, - { - "id": "netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02", - "name": "454a5cbd-3538-4448-84fc-b0f83c8a1970:panel_454a5cbd-3538-4448-84fc-b0f83c8a1970", - "type": "visualization" - }, - { - "id": "netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02", - "name": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9:panel_bcd9b35e-19ef-42d9-847a-d7518a21b0d9", - "type": "visualization" - }, - { - "id": "netskope-a4745040-71dd-11ec-8c4b-cb281099ee02", - "name": "22dad9c8-4909-4efa-9f59-02a3ca979151:panel_22dad9c8-4909-4efa-9f59-02a3ca979151", - "type": "visualization" - }, - { - "id": "netskope-8705deb0-71de-11ec-8c4b-cb281099ee02", - "name": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1:panel_8c6ab1fd-e0c5-438b-b0c9-392d90c273b1", - "type": "visualization" - }, - { - "id": "netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02", - "name": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9:panel_a5927e76-29f1-4c6b-85e0-ed1dee3de6c9", - "type": "visualization" - }, - { - "id": "netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02", - "name": "7846948a-db42-497c-b956-ac5d7dd7383d:panel_7846948a-db42-497c-b956-ac5d7dd7383d", - "type": "visualization" - }, - { - "id": "netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02", - "name": "8cb62986-e557-4d71-8de0-6f88ec7535d8:panel_8cb62986-e557-4d71-8de0-6f88ec7535d8", - "type": "visualization" - }, - { - "id": "netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02", - "name": "de6f44ab-bef8-4518-bbb0-4afde2144001:panel_de6f44ab-bef8-4518-bbb0-4afde2144001", - "type": "visualization" - }, - { - "id": "netskope-b0b26610-71df-11ec-8c4b-cb281099ee02", - "name": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080:panel_b2e8e6c8-d585-49c1-ba49-5a8c4fab5080", - "type": "visualization" - }, - { - "id": "netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02", - "name": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b:panel_d1633b77-5ee0-42ed-995f-d5e01cef7d3b", - "type": "visualization" - }, - { - "id": "netskope-d1189e60-71df-11ec-8c4b-cb281099ee02", - "name": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8:panel_17fbf33c-a3be-4e8e-afae-195fb4a37fa8", - "type": "visualization" - } + } + }, + "gridData": { + "h": 15, + "i": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8", + "w": 24, + "x": 24, + "y": 155 + }, + "panelIndex": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Netskope] Alerts Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "7b3d09e3-1987-4202-a3a7-6f0ea3c441d3:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3f9bbd86-5074-4a11-82e0-dd80b2727b63:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3f9bbd86-5074-4a11-82e0-dd80b2727b63:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e71428cd-6aa7-410e-9401-b00c6661589d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e71428cd-6aa7-410e-9401-b00c6661589d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5296e207-4ad5-4936-b802-7a57e9bad6f5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5296e207-4ad5-4936-b802-7a57e9bad6f5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e6adbd85-a30a-4210-a05a-0c56c2362657:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e6adbd85-a30a-4210-a05a-0c56c2362657:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a7581748-99c7-4a63-aa09-61a0c039fe4b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a7581748-99c7-4a63-aa09-61a0c039fe4b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "651622f6-9e33-486b-b996-6fe0a89d3ad9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "651622f6-9e33-486b-b996-6fe0a89d3ad9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "454a5cbd-3538-4448-84fc-b0f83c8a1970:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "454a5cbd-3538-4448-84fc-b0f83c8a1970:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "22dad9c8-4909-4efa-9f59-02a3ca979151:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "22dad9c8-4909-4efa-9f59-02a3ca979151:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7846948a-db42-497c-b956-ac5d7dd7383d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7846948a-db42-497c-b956-ac5d7dd7383d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8cb62986-e557-4d71-8de0-6f88ec7535d8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8cb62986-e557-4d71-8de0-6f88ec7535d8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "de6f44ab-bef8-4518-bbb0-4afde2144001:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "de6f44ab-bef8-4518-bbb0-4afde2144001:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-03150a40-720b-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-03150a40-720b-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 40fa2d4595c..00000000000 --- a/packages/netskope/kibana/visualization/netskope-03150a40-720b-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,203 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.telemetry.app", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.telemetry.app" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by Telemetery App", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Telemetry App", - "exclude": "none", - "field": "netskope.alerts.telemetry.app", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of UBA Alerts by Telemetery App", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-03150a40-720b-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 3437626ba46..00000000000 --- a/packages/netskope/kibana/visualization/netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.access_method", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.access_method" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Access Method", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Access Method", - "field": "netskope.events.access_method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by Access Method", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-06bf2da0-72a7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-0922ae70-720a-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-0922ae70-720a-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 7cfcf4233e0..00000000000 --- a/packages/netskope/kibana/visualization/netskope-0922ae70-720a-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.type" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.page.site", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.page.site" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Page Site", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Page Site", - "field": "netskope.alerts.page.site", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Page Site", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-0922ae70-720a-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 2a45c047f81..00000000000 --- a/packages/netskope/kibana/visualization/netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.category.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.category.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Category", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category", - "field": "netskope.events.category.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Events by Category", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-0e9511e0-72aa-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-0f05ca90-7456-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-0f05ca90-7456-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index da7d3d19fde..00000000000 --- a/packages/netskope/kibana/visualization/netskope-0f05ca90-7456-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "user_agent.os.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.os.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by OS", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS", - "field": "user_agent.os.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by OS", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-0f05ca90-7456-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-187e0140-71f5-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-187e0140-71f5-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 8eb16c5b393..00000000000 --- a/packages/netskope/kibana/visualization/netskope-187e0140-71f5-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "Security Assessment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "Security Assessment" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.sa.rule.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.sa.rule.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Top 10 Security Assessment Rule Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Security Assessment Rule Name", - "field": "netskope.alerts.sa.rule.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Security Assessment Rule Name", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-187e0140-71f5-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index c5b6fb4d46b..00000000000 --- a/packages/netskope/kibana/visualization/netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.activity.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.activity.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by Activity", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Activity", - "field": "netskope.alerts.activity.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by Activity", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-1b3226c0-71df-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-2044d2a0-72ae-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-2044d2a0-72ae-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index e24d76fe937..00000000000 --- a/packages/netskope/kibana/visualization/netskope-2044d2a0-72ae-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,251 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.tunnel.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.tunnel.type" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "netskope.events.tunnel.up_time", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.tunnel.up_time" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Tunnel Uptime Over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Tunnel Uptime", - "field": "netskope.events.tunnel.up_time", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15y", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30d" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Tunnel Type", - "field": "netskope.events.tunnel.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Tunnel Uptime" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Tunnel Uptime" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Tunnel Uptime Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-2044d2a0-72ae-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-24907420-72b0-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-24907420-72b0-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 8888f430fe8..00000000000 --- a/packages/netskope/kibana/visualization/netskope-24907420-72b0-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,222 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.severity.level", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.severity.level" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Severity Level Over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15y", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30d" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Severity Level", - "field": "netskope.events.severity.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Severity Level Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-24907420-72b0-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-25b07fa0-71eb-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-25b07fa0-71eb-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index cc05279c80e..00000000000 --- a/packages/netskope/kibana/visualization/netskope-25b07fa0-71eb-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "DLP" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "DLP" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.dlp.file", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.dlp.file" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 DLP Files", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "DLP Files", - "field": "netskope.alerts.dlp.file", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 DLP Files", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-25b07fa0-71eb-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 9bd531f7870..00000000000 --- a/packages/netskope/kibana/visualization/netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "file.mime_type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "file.mime_type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 File Types", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "File Types", - "field": "file.mime_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 File Types", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-26d9c5c0-71dd-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-2b81f870-71da-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-2b81f870-71da-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index c73fcbcf7c8..00000000000 --- a/packages/netskope/kibana/visualization/netskope-2b81f870-71da-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.access_method", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.access_method" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by Access Method", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Access Method", - "field": "netskope.alerts.access_method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Alerts by Access Method", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-2b81f870-71da-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-301d9fd0-720a-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-301d9fd0-720a-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 158e34a4be7..00000000000 --- a/packages/netskope/kibana/visualization/netskope-301d9fd0-720a-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.policy.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.policy.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 UBA Policy", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Name", - "field": "netskope.alerts.policy.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 UBA Policy", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-301d9fd0-720a-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-304fa1c0-7209-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-304fa1c0-7209-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index e2fefef3534..00000000000 --- a/packages/netskope/kibana/visualization/netskope-304fa1c0-7209-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.managed.app", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.managed.app" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by Percentage of Managed Apps", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Managed App", - "field": "netskope.alerts.managed.app", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of UBA Alerts by Percentage of Managed Apps", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-304fa1c0-7209-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-327320f0-72ac-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-327320f0-72ac-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index a50d5f51c7c..00000000000 --- a/packages/netskope/kibana/visualization/netskope-327320f0-72ac-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.tunnel.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.tunnel.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Network Events by Tunnel Type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Tunnel Type", - "field": "netskope.events.tunnel.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Network Events by Tunnel Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-327320f0-72ac-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-357672b0-72a8-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-357672b0-72a8-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 37908fc1080..00000000000 --- a/packages/netskope/kibana/visualization/netskope-357672b0-72a8-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.site", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.site" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Sites", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Site", - "field": "netskope.events.site", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Sites", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-357672b0-72a8-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-37409a80-71db-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-37409a80-71db-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 9981bf65b8d..00000000000 --- a/packages/netskope/kibana/visualization/netskope-37409a80-71db-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.app.category", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.app.category" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Distribution of Alerts by App Category", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "App Category", - "field": "netskope.alerts.app.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by App Category", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-37409a80-71db-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-3ec223c0-720b-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-3ec223c0-720b-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 46cd0da6958..00000000000 --- a/packages/netskope/kibana/visualization/netskope-3ec223c0-720b-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.threshold.value", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.threshold.value" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Max Threshold Value per User", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threshold Value", - "field": "netskope.alerts.threshold.value", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "User", - "field": "user.email", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Max Threshold Value per User", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-3ec223c0-720b-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-40a01500-72db-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-40a01500-72db-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 24803d2933b..00000000000 --- a/packages/netskope/kibana/visualization/netskope-40a01500-72db-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,180 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "source.geo.city_name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "source.geo.city_name" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "source.geo.region_name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "source.geo.region_name" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "source.geo.country_iso_code", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "source.geo.country_iso_code" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Source Location, Source Region, Source Country", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Location", - "field": "source.geo.city_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Region", - "field": "source.geo.region_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Source Location, Source Region, Source Country", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-40a01500-72db-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-41932530-72a7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-41932530-72a7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 0b078eaeef6..00000000000 --- a/packages/netskope/kibana/visualization/netskope-41932530-72a7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.device.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.device.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Device", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "netskope.events.device.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by Device", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-41932530-72a7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-464ce970-72b7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-464ce970-72b7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 8b1b333c288..00000000000 --- a/packages/netskope/kibana/visualization/netskope-464ce970-72b7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.tunnel.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.tunnel.type" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "netskope.events.tunnel.up_time", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.tunnel.up_time" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Highest Tunnel Uptime for Tunnel Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Max Tunnel Uptime", - "field": "netskope.events.tunnel.up_time" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Tunnel Type", - "field": "netskope.events.tunnel.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Highest Tunnel Uptime for Tunnel Type", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-464ce970-72b7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-47132800-72a9-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-47132800-72a9-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index a9e4d3e0c9a..00000000000 --- a/packages/netskope/kibana/visualization/netskope-47132800-72a9-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.ccl", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.ccl" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Cloud Confidence Level", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Cloud Confidence Level", - "field": "netskope.events.ccl", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Events by Cloud Confidence Level", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-47132800-72a9-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 9943fa0cb61..00000000000 --- a/packages/netskope/kibana/visualization/netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,196 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.ccl", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.ccl" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Trend of Cloud Confidence Level Over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15y", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30d" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Cloud Confidence Level", - "field": "netskope.alerts.ccl", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Trend of Cloud Confidence Level Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-4a1cfbc0-71dc-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-516130e0-71eb-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-516130e0-71eb-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index cb931144f44..00000000000 --- a/packages/netskope/kibana/visualization/netskope-516130e0-71eb-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "DLP" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "DLP" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.dlp.rule.severity", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.dlp.rule.severity" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of DLP Alerts by DLP Rule Severity", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "DLP Rule Severity", - "field": "netskope.alerts.dlp.rule.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of DLP Alerts by DLP Rule Severity", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-516130e0-71eb-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-51bf6fb0-72aa-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-51bf6fb0-72aa-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index bd83bd317b2..00000000000 --- a/packages/netskope/kibana/visualization/netskope-51bf6fb0-72aa-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,152 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "user_agent.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.name" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "user_agent.version", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.version" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Browser, Browser Version", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Browser", - "field": "user_agent.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 2 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "user_agent.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": true, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by Browser, Browser Version", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-51bf6fb0-72aa-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-528169b0-72b6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-528169b0-72b6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 9fe17b98942..00000000000 --- a/packages/netskope/kibana/visualization/netskope-528169b0-72b6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "page" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "page" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.domain", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.domain" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Domain Accessed by Page Events", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Domain", - "field": "netskope.events.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Domain Accessed by Page Events", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-528169b0-72b6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-55144a90-72ab-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-55144a90-72ab-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 4256f394d86..00000000000 --- a/packages/netskope/kibana/visualization/netskope-55144a90-72ab-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.policy.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.policy.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Policy used", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Name", - "field": "netskope.events.policy.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Policy used", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-55144a90-72ab-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 1054d78168f..00000000000 --- a/packages/netskope/kibana/visualization/netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.object.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.object.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by Object Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Object Type", - "field": "netskope.alerts.object.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by Object Type", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-55b418a0-71dd-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-5982c0e0-72ae-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-5982c0e0-72ae-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 91c5e7f676f..00000000000 --- a/packages/netskope/kibana/visualization/netskope-5982c0e0-72ae-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "event.action", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "event.action" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Network Events by Action", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Network Events by Action", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-5982c0e0-72ae-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-5b54d5f0-71f7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-5b54d5f0-71f7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index f333ca19084..00000000000 --- a/packages/netskope/kibana/visualization/netskope-5b54d5f0-71f7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "quarantine" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "quarantine" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.policy.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.policy.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Policy for Quarantine Alerts", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Name", - "field": "netskope.alerts.policy.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Policy for Quarantine Alerts", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-5b54d5f0-71f7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-5def8dc0-71e6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-5def8dc0-71e6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 42eea6cefd2..00000000000 --- a/packages/netskope/kibana/visualization/netskope-5def8dc0-71e6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "policy" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "policy" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.alert.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.alert.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Distribution of Policy Alerts by Alert Name ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Name", - "field": "netskope.alerts.alert.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Policy Alerts by Alert Name ", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-5def8dc0-71e6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-5e243140-72b5-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-5e243140-72b5-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index da25cf76fc4..00000000000 --- a/packages/netskope/kibana/visualization/netskope-5e243140-72b5-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "application" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "application" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.app.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.app.name" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "netskope.events.app.activity", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.app.activity" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Application Activities by Application", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Application Activities", - "field": "netskope.events.app.activity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Application", - "field": "netskope.events.app.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Application Activities by Application", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-5e243140-72b5-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 46b507d144a..00000000000 --- a/packages/netskope/kibana/visualization/netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.app.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.app.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Application Activities", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Applications", - "field": "netskope.events.app.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Application Activities", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-5efbfc00-72a7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-5f452920-71da-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-5f452920-71da-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 3bc0e0d8859..00000000000 --- a/packages/netskope/kibana/visualization/netskope-5f452920-71da-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,119 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.acked", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.acked" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Distribution of Alerts by Acknowledgement", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "netskope.alerts.acked : false" - }, - "label": "False" - }, - { - "input": { - "language": "kuery", - "query": "netskope.alerts.acked : true" - }, - "label": "True" - } - ] - }, - "schema": "segment", - "type": "filters" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Alerts by Acknowledgement", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-5f452920-71da-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-648c79d0-720a-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-648c79d0-720a-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index bd1a1455e87..00000000000 --- a/packages/netskope/kibana/visualization/netskope-648c79d0-720a-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.policy.actions", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.policy.actions" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by Policy Action", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Action", - "field": "netskope.alerts.policy.actions", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of UBA Alerts by Policy Action", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-648c79d0-720a-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 068ed55bce5..00000000000 --- a/packages/netskope/kibana/visualization/netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "source.geo.country_iso_code", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "source.geo.country_iso_code" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Source Country", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Source Country", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-662de6e0-71e0-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-719e0f30-72af-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-719e0f30-72af-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 5165f8fa995..00000000000 --- a/packages/netskope/kibana/visualization/netskope-719e0f30-72af-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "infrastructure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "infrastructure" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.device.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.device.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Infrastructure Events by Device Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Name", - "field": "netskope.events.device.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 8 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Infrastructure Events by Device Name", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-719e0f30-72af-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-75f900b0-72b6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-75f900b0-72b6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index f2b98b90a06..00000000000 --- a/packages/netskope/kibana/visualization/netskope-75f900b0-72b6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "page" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "page" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.page", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.page" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Page Accessed by Page Events", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Page", - "field": "netskope.events.page", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Page Accessed by Page Events", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-75f900b0-72b6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-7d1142a0-72ab-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-7d1142a0-72ab-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index e5eaf7fadd7..00000000000 --- a/packages/netskope/kibana/visualization/netskope-7d1142a0-72ab-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.ip.protocol", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.ip.protocol" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Networks Events by IP Protocol", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IP Protocol", - "field": "netskope.events.ip.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Networks Events by IP Protocol", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-7d1142a0-72ab-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-7d7e2260-71f4-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-7d7e2260-71f4-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index d9c0f19d0be..00000000000 --- a/packages/netskope/kibana/visualization/netskope-7d7e2260-71f4-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "Security Assessment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "Security Assessment" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.region.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.region.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of SA Alerts by Region Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Region Name", - "field": "netskope.alerts.region.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of SA Alerts by Region Name", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-7d7e2260-71f4-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index ce8e5e24520..00000000000 --- a/packages/netskope/kibana/visualization/netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.file.lang", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.file.lang" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by File Language ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "File Language", - "field": "netskope.alerts.file.lang", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by File Language ", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-7edc5f60-71df-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index f98abd4dd8c..00000000000 --- a/packages/netskope/kibana/visualization/netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.site", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.site" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Site", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Site", - "field": "netskope.alerts.site", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Site", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-7f41e9e0-71dd-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 53c0ade586f..00000000000 --- a/packages/netskope/kibana/visualization/netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.ccl", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.ccl" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Cloud Confidence Level", - "field": "netskope.alerts.ccl", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by Cloud Confidence Level", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-7f8d83c0-71db-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-7f9d2540-7209-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-7f9d2540-7209-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 4a8da3044f3..00000000000 --- a/packages/netskope/kibana/visualization/netskope-7f9d2540-7209-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.orig_ty", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.orig_ty" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by Event Type of Original Event ", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event type of Original Event", - "field": "netskope.alerts.orig_ty", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of UBA Alerts by Event Type of Original Event ", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-7f9d2540-7209-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 7831866f371..00000000000 --- a/packages/netskope/kibana/visualization/netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.access_method", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.access_method" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "user.email", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user.email" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top Users By Access Method", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Access Method", - "field": "netskope.events.access_method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "User", - "field": "user.email", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top Users By Access Method", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-83fa5a10-72a7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-8705deb0-71de-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-8705deb0-71de-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 92976be54a8..00000000000 --- a/packages/netskope/kibana/visualization/netskope-8705deb0-71de-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.type" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "user.email", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user.email" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Top 10 Alert Type by User ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Type", - "field": "netskope.alerts.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 11 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "User", - "field": "user.email", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 11 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Alert Type by User ", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-8705deb0-71de-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-891546c0-72db-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-891546c0-72db-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 02a27cb74a2..00000000000 --- a/packages/netskope/kibana/visualization/netskope-891546c0-72db-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,180 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "destination.geo.country_iso_code", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "destination.geo.country_iso_code" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "destination.geo.region_name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "destination.geo.region_name" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "destination.geo.city_name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "destination.geo.city_name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Destination Location, Destination Region, Destination Country", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Location", - "field": "destination.geo.city_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Region", - "field": "destination.geo.region_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Country", - "field": "destination.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Destination Location, Destination Region, Destination Country", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-891546c0-72db-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-8c226d50-71f7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-8c226d50-71f7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index ab41ce675c1..00000000000 --- a/packages/netskope/kibana/visualization/netskope-8c226d50-71f7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,140 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "quarantine" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "quarantine" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.quarantine.original.shared", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.quarantine.original.shared" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Quarantine Events by File Shared ", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "File Shared", - "field": "netskope.alerts.quarantine.original.shared", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Quarantine Events by File Shared ", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-8c226d50-71f7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index c3fe63c0c43..00000000000 --- a/packages/netskope/kibana/visualization/netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "source.geo.city_name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "source.geo.city_name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Source Location", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Location", - "field": "source.geo.city_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Source Location", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-8efd9840-71e0-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-8fc2c680-72b0-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-8fc2c680-72b0-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index fc065cabb6a..00000000000 --- a/packages/netskope/kibana/visualization/netskope-8fc2c680-72b0-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.audit.log.event", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.audit.log.event" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Audit Events by User, Audit Log Event", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.email", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Audit Log Event", - "field": "netskope.events.audit.log.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Distribution of Audit Events by User, Audit Log Event", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-8fc2c680-72b0-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-914898a0-72af-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-914898a0-72af-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index bcdc3798527..00000000000 --- a/packages/netskope/kibana/visualization/netskope-914898a0-72af-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.severity.level", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.severity.level" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Severity", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "netskope.events.severity.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by Severity", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-914898a0-72af-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-917c9230-72b5-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-917c9230-72b5-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index a32b871fea2..00000000000 --- a/packages/netskope/kibana/visualization/netskope-917c9230-72b5-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "application" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "application" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.object.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.object.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Objects which is being acted on", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Object", - "field": "netskope.events.object.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Objects which is being acted on", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-917c9230-72b5-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index dc56106b7c4..00000000000 --- a/packages/netskope/kibana/visualization/netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,196 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.ccl", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.ccl" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Trend of Cloud Confidence Level Over Time for Events", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15y", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30d" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Cloud Confidence Level", - "field": "netskope.events.ccl", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Trend of Cloud Confidence Level Over Time for Events", - "type": "line" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-93433ee0-72a9-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 9cd4b1c98b8..00000000000 --- a/packages/netskope/kibana/visualization/netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "user_agent.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Distribution of Alerts by Browser", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Browser", - "field": "user_agent.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Alerts by Browser", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-9b93d9d0-71da-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-9c6d6030-71f6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-9c6d6030-71f6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 48d9e275896..00000000000 --- a/packages/netskope/kibana/visualization/netskope-9c6d6030-71f6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "Security Assessment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "Security Assessment" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.alert.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.alert.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Security Assessment Alert Names", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Name", - "field": "netskope.alerts.alert.name", - "json": "", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Security Assessment Alert Names", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-9c6d6030-71f6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-a2047d20-72ab-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-a2047d20-72ab-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index f13ea7d515c..00000000000 --- a/packages/netskope/kibana/visualization/netskope-a2047d20-72ab-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "network" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "network.protocol", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "network.protocol" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Networks Events by Protocol", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocol", - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Networks Events by Protocol", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a2047d20-72ab-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-a3c6c270-745f-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-a3c6c270-745f-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index cd14bca9ef9..00000000000 --- a/packages/netskope/kibana/visualization/netskope-a3c6c270-745f-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "user_agent.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Application Events by Browser", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Browser", - "field": "user_agent.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Application Events by Browser", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a3c6c270-745f-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-a3e5e650-72b6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-a3e5e650-72b6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 2516322d822..00000000000 --- a/packages/netskope/kibana/visualization/netskope-a3e5e650-72b6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "page" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "page" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.request.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.request.count" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "netskope.events.page", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.page" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Request Count for Page", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Request Count", - "field": "netskope.events.request.count", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Page", - "field": "netskope.events.page", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Request Count for Page", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a3e5e650-72b6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-a44f4160-72b4-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-a44f4160-72b4-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 4e563293d77..00000000000 --- a/packages/netskope/kibana/visualization/netskope-a44f4160-72b4-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "application" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "application" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.object.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.object.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Application Events by Object Type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Object Type", - "field": "netskope.events.object.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Application Events by Object Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a44f4160-72b4-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-a4745040-71dd-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-a4745040-71dd-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 2e1874a1c02..00000000000 --- a/packages/netskope/kibana/visualization/netskope-a4745040-71dd-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.traffic.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.traffic.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by Traffic Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Traffic Type", - "field": "netskope.alerts.traffic.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Alerts by Traffic Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a4745040-71dd-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-a6e2ecf0-72a6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-a6e2ecf0-72a6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index d81a13b7b36..00000000000 --- a/packages/netskope/kibana/visualization/netskope-a6e2ecf0-72a6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Netskope][Events] Select Event Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "netskope.events.event_type", - "id": "1641881851553", - "indexPatternRefName": "control_0_index_pattern", - "label": "Event Type Selection", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "[Netskope][Events] Select Event Type", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a6e2ecf0-72a6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-a8fb1770-720a-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-a8fb1770-720a-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 044d677972d..00000000000 --- a/packages/netskope/kibana/visualization/netskope-a8fb1770-720a-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.severity.level", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.severity.level" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by Severity", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "netskope.alerts.severity.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of UBA Alerts by Severity", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-a8fb1770-720a-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 3bec259d691..00000000000 --- a/packages/netskope/kibana/visualization/netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "source.geo.region_name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "source.geo.region_name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Source Region", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Region", - "field": "source.geo.region_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 7 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Events by Source Region", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-abcc6a30-72aa-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-b0b26610-71df-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-b0b26610-71df-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 78ec36fc3dd..00000000000 --- a/packages/netskope/kibana/visualization/netskope-b0b26610-71df-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "destination.geo.country_iso_code", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "destination.geo.country_iso_code" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Destination Country", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Country", - "field": "destination.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Destination Country", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-b0b26610-71df-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-bc70e470-7209-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-bc70e470-7209-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 49f3cbdea03..00000000000 --- a/packages/netskope/kibana/visualization/netskope-bc70e470-7209-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "user_agent.os.version", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.os.version" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by OS Version", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Version", - "field": "user_agent.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of UBA Alerts by OS Version", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-bc70e470-7209-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index fc5a49d2f8f..00000000000 --- a/packages/netskope/kibana/visualization/netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.device.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.device.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Distribution of Alerts by Device", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "netskope.alerts.device.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by Device", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-bc859e60-71dc-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-bd2879d0-71f7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-bd2879d0-71f7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index f165b357205..00000000000 --- a/packages/netskope/kibana/visualization/netskope-bd2879d0-71f7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "quarantine" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "quarantine" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.quarantine.app", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.quarantine.app" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Top 10 Quarantine Applications", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Quarantine Application", - "field": "netskope.alerts.quarantine.app", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Quarantine Applications", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-bd2879d0-71f7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-c01026d0-72af-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-c01026d0-72af-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 1df08ef2ef6..00000000000 --- a/packages/netskope/kibana/visualization/netskope-c01026d0-72af-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,194 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.severity.level", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.severity.level" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Severity Over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15y", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30d" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Severity", - "field": "netskope.events.severity.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 13 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Severity Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-c01026d0-72af-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index b29917916fe..00000000000 --- a/packages/netskope/kibana/visualization/netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.app.category", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.app.category" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by App Category", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "App Category", - "field": "netskope.events.app.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Events by App Category", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-c1e088c0-72a9-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-c6540e80-72b4-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-c6540e80-72b4-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 89871637fd9..00000000000 --- a/packages/netskope/kibana/visualization/netskope-c6540e80-72b4-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "application" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "application" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "user.email", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user.email" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Users doing Activities ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.email", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Users doing Activities ", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-c6540e80-72b4-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 82d1ae2c847..00000000000 --- a/packages/netskope/kibana/visualization/netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.app.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.app.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\" " - } - } - }, - "title": "[Netskope] Top 10 Apps", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Applications", - "field": "netskope.alerts.app.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Apps", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-ca5610d0-71da-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 2c9d7346fe3..00000000000 --- a/packages/netskope/kibana/visualization/netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Type", - "field": "netskope.alerts.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by Type", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-cab84db0-71dd-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-d1189e60-71df-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-d1189e60-71df-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 22d7270c369..00000000000 --- a/packages/netskope/kibana/visualization/netskope-d1189e60-71df-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "destination.geo.city_name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "destination.geo.city_name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Destination Location", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Location", - "field": "destination.geo.city_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Destination Location", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-d1189e60-71df-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-d9596770-72a8-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-d9596770-72a8-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 3a2aca1f630..00000000000 --- a/packages/netskope/kibana/visualization/netskope-d9596770-72a8-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.traffic.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.traffic.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Traffic Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Traffic Type", - "field": "netskope.events.traffic.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by Traffic Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-d9596770-72a8-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-dbcca900-72b6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-dbcca900-72b6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index d1c94943dcb..00000000000 --- a/packages/netskope/kibana/visualization/netskope-dbcca900-72b6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "page" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "page" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.response.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.response.count" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "netskope.events.page", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.page" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Top 10 Response Count for Page", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Response Count", - "field": "netskope.events.response.count", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Page", - "field": "netskope.events.page", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Response Count for Page", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-dbcca900-72b6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-dbdd48a0-72a7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-dbdd48a0-72a7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 10b585b9c61..00000000000 --- a/packages/netskope/kibana/visualization/netskope-dbdd48a0-72a7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "user_agent.os.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.os.name" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "user_agent.os.version", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "user_agent.os.version" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by OS, OS Version", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS", - "field": "user_agent.os.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "user_agent.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": true, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by OS, OS Version", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-dbdd48a0-72a7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-dd1de560-71eb-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-dd1de560-71eb-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 8f1ee277fd2..00000000000 --- a/packages/netskope/kibana/visualization/netskope-dd1de560-71eb-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "DLP" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "DLP" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.policy.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.policy.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Top 10 Policy ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Top 10 DLP Policy", - "field": "netskope.alerts.policy.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Netskope] Top 10 Policy ", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-dd1de560-71eb-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-de309310-71d9-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-de309310-71d9-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index c6e72998214..00000000000 --- a/packages/netskope/kibana/visualization/netskope-de309310-71d9-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Netskope][Alerts] Select Alert Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "netskope.alerts.type", - "id": "1641794009450", - "indexPatternRefName": "control_0_index_pattern", - "label": "Alert Type Selection", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "[Netskope][Alerts] Select Alert Type", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-de309310-71d9-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-e15f2790-72a6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-e15f2790-72a6-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 45d38f17ffd..00000000000 --- a/packages/netskope/kibana/visualization/netskope-e15f2790-72a6-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.event_type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Event Type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "netskope.events.event_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Events by Event Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-e15f2790-72a6-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-e2e46e60-72ae-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-e2e46e60-72ae-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index c36d759b9c6..00000000000 --- a/packages/netskope/kibana/visualization/netskope-e2e46e60-72ae-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "infrastructure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "infrastructure" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.alarm.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.alarm.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Infrastructure Events by Alarm Name ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alarm Name", - "field": "netskope.events.alarm.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Infrastructure Events by Alarm Name ", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-e2e46e60-72ae-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 0f90045f31d..00000000000 --- a/packages/netskope/kibana/visualization/netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Events by Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Type", - "field": "netskope.events.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Events by Type", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-e8cecff0-72a9-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-e9bc9d80-7208-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-e9bc9d80-7208-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 9ebb0b54f3c..00000000000 --- a/packages/netskope/kibana/visualization/netskope-e9bc9d80-7208-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.device.classification", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.device.classification" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by Device Classification", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Classification", - "field": "netskope.alerts.device.classification", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of UBA Alerts by Device Classification", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-e9bc9d80-7208-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-f1c99420-7207-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-f1c99420-7207-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index cd094dc03bf..00000000000 --- a/packages/netskope/kibana/visualization/netskope-f1c99420-7207-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "uba" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "uba" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.alert.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.alert.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of UBA Alerts by Alert Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Name", - "field": "netskope.alerts.alert.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of UBA Alerts by Alert Name", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-f1c99420-7207-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index ed2263c711d..00000000000 --- a/packages/netskope/kibana/visualization/netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.category.name", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.category.name" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by Category ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category", - "field": "netskope.alerts.category.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Netskope] Distribution of Alerts by Category ", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-f4fb96d0-71de-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-f9097160-71f3-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-f9097160-71f3-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 7d264d9f363..00000000000 --- a/packages/netskope/kibana/visualization/netskope-f9097160-71f3-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "Security Assessment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "Security Assessment" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.sa.rule.severity", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.sa.rule.severity" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of SA Alerts by SA Rule Severity", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "SA Rule Severity", - "field": "netskope.alerts.sa.rule.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of SA Alerts by SA Rule Severity", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-f9097160-71f3-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-f96d6680-71f7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-f96d6680-71f7-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 109694bb2ed..00000000000 --- a/packages/netskope/kibana/visualization/netskope-f96d6680-71f7-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "params": { - "query": "quarantine" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.alerts.type": "quarantine" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.alerts.quarantine.app", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.quarantine.app" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Total Number of Apps Quarantined", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Quarantined Applications", - "field": "netskope.alerts.quarantine.app" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Netskope] Total Number of Apps Quarantined", - "type": "metric" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-f96d6680-71f7-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-fceec3e0-71dd-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-fceec3e0-71dd-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 8c305122f69..00000000000 --- a/packages/netskope/kibana/visualization/netskope-fceec3e0-71dd-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.alerts.type", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.alerts.type" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.alerts\"" - } - } - }, - "title": "[Netskope] Distribution of Alerts by Alert Type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Type", - "field": "netskope.alerts.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 11 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Alerts by Alert Type", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-fceec3e0-71dd-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netskope/kibana/visualization/netskope-feb43930-72af-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/visualization/netskope-feb43930-72af-11ec-8c4b-cb281099ee02.json deleted file mode 100644 index 364bad953d7..00000000000 --- a/packages/netskope/kibana/visualization/netskope-feb43930-72af-11ec-8c4b-cb281099ee02.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "netskope.events.event_type", - "negate": false, - "params": { - "query": "audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "netskope.events.event_type": "audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "netskope.events.severity.level", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "netskope.events.severity.level" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"netskope.events\" " - } - } - }, - "title": "[Netskope] Distribution of Audit Events by Severity Level", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity Level", - "field": "netskope.events.severity.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Netskope] Distribution of Audit Events by Severity Level", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "netskope-feb43930-72af-11ec-8c4b-cb281099ee02", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From 56743da06eae8f494815e069f37ee434d56b3bf7 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 02:30:40 +0530 Subject: [PATCH 024/103] migrate network_traffic to by_value --- ...-65120940-1454-11e9-9de0-f98d1808db8e.json | 1050 +++++++++-- ...-a7b35890-8baa-11e8-9676-ef67484126fb.json | 726 ++++++-- .../dashboard/network_traffic-cassandra.json | 1174 +++++++++--- .../dashboard/network_traffic-dashboard.json | 1658 ++++++++++++++--- .../network_traffic-dns-unique-domains.json | 609 ++++-- .../dashboard/network_traffic-flows.json | 767 ++++++-- .../dashboard/network_traffic-http.json | 1035 ++++++++-- .../network_traffic-mongodb-performance.json | 1340 +++++++++++-- .../network_traffic-mysql-performance.json | 1154 ++++++++++-- .../kibana/dashboard/network_traffic-nfs.json | 1181 +++++++++--- .../network_traffic-pgsql-performance.json | 1177 ++++++++++-- .../network_traffic-thrift-performance.json | 692 +++++-- .../network_traffic-tls-sessions.json | 1460 ++++++++++++--- ...-059fe5e0-d2dd-11e7-9914-4982455b3063.json | 155 -- ...-061de380-d361-11e7-9914-4982455b3063.json | 113 -- ...-0958a910-d396-11e7-8fa0-232aa9259081.json | 93 - ...-0af0b790-d37d-11e7-9914-4982455b3063.json | 69 - ...-11d33ea0-8bad-11e8-9676-ef67484126fb.json | 75 - ...-2c467370-d392-11e7-8fa0-232aa9259081.json | 80 - ...-418dfbe0-8bac-11e8-9676-ef67484126fb.json | 96 - ...-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json | 78 - ...-4ad9db20-8bab-11e8-9676-ef67484126fb.json | 72 - ...-735d25c0-1459-11e9-9de0-f98d1808db8e.json | 192 -- ...-8460fcd0-8baa-11e8-9676-ef67484126fb.json | 132 -- ...-86743f90-d396-11e7-8fa0-232aa9259081.json | 92 - ...-a28d09d0-d361-11e7-9914-4982455b3063.json | 68 - ...-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json | 78 - ...-ae6e33c0-d37d-11e7-9914-4982455b3063.json | 69 - ...-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json | 96 - ..._traffic-bytes-transferred-per-domain.json | 174 -- ...-c14377a0-d353-11e7-9914-4982455b3063.json | 102 - .../network_traffic-cassandra-ops.json | 87 - ...etwork_traffic-cassandra-requestcount.json | 80 - ..._traffic-cassandra-requestcountbytype.json | 99 - ...fic-cassandra-requestcountstackbytype.json | 88 - ...traffic-cassandra-responsecountbytype.json | 94 - ...ic-cassandra-responsecountstackbytype.json | 88 - ...rk_traffic-cassandra-responsekeyspace.json | 87 - ...etwork_traffic-cassandra-responsetime.json | 163 -- ...etwork_traffic-cassandra-responsetype.json | 75 - ...network_traffic-connections-over-time.json | 146 -- ...-d0120dc0-8bac-11e8-9676-ef67484126fb.json | 75 - ...-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json | 167 -- .../network_traffic-db-transactions.json | 187 -- ...-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json | 95 - .../network_traffic-dns-query-summary.json | 104 -- .../network_traffic-dns-question-types.json | 85 - ..._traffic-dns-request-status-over-time.json | 172 -- .../network_traffic-dns-response-codes.json | 101 - .../network_traffic-dns-top-10-questions.json | 133 -- ...-e3f09730-1b80-11e9-83df-75eebb35951e.json | 180 -- ...etwork_traffic-errors-count-over-time.json | 74 - ...fic-errors-vs-successful-transactions.json | 155 -- ...-f43a8f20-8bb5-11e8-9676-ef67484126fb.json | 85 - ...raffic-http-codes-for-the-top-queries.json | 98 - ...rk_traffic-http-error-codes-evolution.json | 237 --- .../network_traffic-http-error-codes.json | 187 -- .../network_traffic-latency-histogram.json | 140 -- .../network_traffic-mongodb-commands.json | 159 -- ...traffic-mongodb-errors-per-collection.json | 165 -- .../network_traffic-mongodb-errors.json | 182 -- ...affic-mongodb-in-slash-out-throughput.json | 172 -- ...-mongodb-response-times-by-collection.json | 176 -- ...k_traffic-most-frequent-mysql-queries.json | 57 - ...k_traffic-most-frequent-pgsql-queries.json | 81 - .../network_traffic-mysql-errors.json | 143 -- .../network_traffic-mysql-methods.json | 159 -- ...network_traffic-mysql-reads-vs-writes.json | 167 -- ...ffic-mysql-response-times-percentiles.json | 143 -- .../network_traffic-mysql-throughput.json | 157 -- .../network_traffic-navigation.json | 34 - ...ic-network-traffic-between-your-hosts.json | 112 -- ...etwork_traffic-nfs-bytes-in-slash-out.json | 180 -- ...network_traffic-nfs-clients-pie-chart.json | 79 - .../network_traffic-nfs-errors.json | 159 -- .../network_traffic-nfs-operation-table.json | 92 - ...ork_traffic-nfs-operations-area-chart.json | 76 - .../network_traffic-nfs-response-times.json | 153 -- ...twork_traffic-nfs-top-group-pie-chart.json | 79 - ...twork_traffic-nfs-top-users-pie-chart.json | 79 - ...nsactions-with-writeconcern-w-equal-0.json | 155 -- .../network_traffic-pgsql-errors.json | 143 -- .../network_traffic-pgsql-methods.json | 159 -- ...network_traffic-pgsql-reads-vs-writes.json | 167 -- ...ffic-pgsql-response-times-percentiles.json | 143 -- .../network_traffic-pgsql-throughput.json | 157 -- ...rk_traffic-response-times-percentiles.json | 155 -- ...rk_traffic-response-times-repartition.json | 150 -- ...network_traffic-slowest-mysql-queries.json | 84 - ...network_traffic-slowest-pgsql-queries.json | 84 - ...rk_traffic-slowest-thrift-rpc-methods.json | 83 - ...rk_traffic-thrift-requests-per-minute.json | 63 - ...fic-thrift-response-times-percentiles.json | 143 -- .../network_traffic-thrift-rpc-errors.json | 65 - .../network_traffic-top-10-http-requests.json | 81 - ...rk_traffic-top-hosts-creating-traffic.json | 163 -- ...k_traffic-top-hosts-receiving-traffic.json | 163 -- ...k_traffic-top-slowest-mongodb-queries.json | 86 - ...ffic-top-thrift-rpc-calls-with-errors.json | 56 - ...etwork_traffic-top-thrift-rpc-methods.json | 63 - ...fic-total-number-of-http-transactions.json | 74 - ...traffic-unique-fqdns-per-etld-1-table.json | 87 - ...twork_traffic-unique-fqdns-per-etld-1.json | 77 - .../network_traffic-web-transactions.json | 139 -- 104 files changed, 11637 insertions(+), 13046 deletions(-) delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-bytes-transferred-per-domain.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-ops.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcount.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountbytype.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountbytype.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsekeyspace.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetime.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetype.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-connections-over-time.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-db-transactions.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-dns-query-summary.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-dns-question-types.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-dns-request-status-over-time.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-dns-response-codes.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-dns-top-10-questions.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-errors-count-over-time.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-errors-vs-successful-transactions.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-http-error-codes-evolution.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-http-error-codes.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-latency-histogram.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mongodb-commands.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors-per-collection.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-most-frequent-mysql-queries.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mysql-errors.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mysql-methods.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mysql-reads-vs-writes.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mysql-response-times-percentiles.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-mysql-throughput.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-navigation.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-clients-pie-chart.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-errors.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-operation-table.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-operations-area-chart.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-response-times.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-pgsql-errors.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-pgsql-methods.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-pgsql-throughput.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-response-times-percentiles.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-response-times-repartition.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-slowest-mysql-queries.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-slowest-pgsql-queries.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-thrift-requests-per-minute.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-thrift-response-times-percentiles.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-thrift-rpc-errors.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-top-10-http-requests.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-top-hosts-creating-traffic.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-methods.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-total-number-of-http-transactions.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json delete mode 100644 packages/network_traffic/kibana/visualization/network_traffic-web-transactions.json diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json b/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json index de1a0987cf9..4273ff05fd5 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json @@ -1,173 +1,921 @@ { - "attributes": { - "description": "Overview of DNS request and response metrics.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-65120940-1454-11e9-9de0-f98d1808db8e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxNiwxXQ==", + "attributes": { + "description": "Overview of DNS request and response metrics.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Query Summary", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "17", + "handleNoResults": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 28, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Server Bytes", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Avg Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Request Status Over Time", + "description": "", + "uiState": { + "vis": { + "colors": { + "Error": "#890F02", + "OK": "#0A50A1" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Question Types", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3", - "w": 13, - "x": 0, - "y": 15 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "dns.question.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 13, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Top 10 Questions", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "5", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "6", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Question", + "field": "dns.question.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "status", + "negate": false, + "params": { + "query": "OK", + "type": "phrase" + }, + "type": "phrase", + "value": "OK" + }, + "query": { + "match": { + "status": { + "query": "OK", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Response Codes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "7", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8", - "w": 11, - "x": 13, - "y": 15 - }, - "panelIndex": "8", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Response Code", + "field": "dns.response_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] DNS Overview", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-65120940-1454-11e9-9de0-f98d1808db8e", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-dns-query-summary", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "network_traffic-dns-request-status-over-time", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "network_traffic-dns-question-types", - "name": "panel_2", - "type": "visualization" + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Min/Max/Avg Response Time Histogram", + "description": "", + "uiState": { + "vis": { + "colors": { + "Avg Response Time (ns)": "#629E51", + "Max Response Time (ns)": "#E24D42", + "Min Response Time (ns)": "#70DBED" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "4", + "label": "Min Response Time (ns)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "1", + "label": "Avg Response Time (ns)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Max Response Time (ns)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Average event.duration" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Max Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "max" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-dns-top-10-questions", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "network_traffic-dns-response-codes", - "name": "panel_4", - "type": "visualization" + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Client and Servers Pie Chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Server", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 15, + "i": "8", + "w": 11, + "x": 13, + "y": 15 }, - { - "id": "network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] DNS Overview", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json index fcdb9e026c5..c6af4e9d293 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json @@ -1,182 +1,598 @@ { - "attributes": { - "description": "DHCPv4 Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxNywxXQ==", + "attributes": { + "description": "DHCPv4 Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Message Types over Time", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "c2cf4410-8ba8-11e8-ae15-bdcba81344e6" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "type:dhcpv4" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "ignore_global_filter": 0, + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "NOT dhcpv4.option.message_type:nak NOT dhcpv4.option.message_type:decline" + }, + "formatter": "number", + "id": "8abe6eb0-8ba9-11e8-ae15-bdcba81344e6", + "label": "Response", + "line_width": 1, + "metrics": [ + { + "id": "8abe6eb1-8ba9-11e8-ae15-bdcba81344e6", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "dhcpv4.option.message_type" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "dhcpv4.option.message_type:nak" + }, + "formatter": "number", + "id": "ae5610d0-8ba9-11e8-ae15-bdcba81344e6", + "label": "nak", + "line_width": "4", + "metrics": [ + { + "id": "ae5610d1-8ba9-11e8-ae15-bdcba81344e6", + "type": "count" + } + ], + "point_size": "3", + "seperate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "dhcpv4.option.message_type:decline" + }, + "formatter": "number", + "id": "cf7ba180-8ba9-11e8-ae15-bdcba81344e6", + "label": "decline", + "line_width": "4", + "metrics": [ + { + "id": "cf7ba181-8ba9-11e8-ae15-bdcba81344e6", + "type": "count" + } + ], + "point_size": "3", + "seperate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "data_stream.dataset:network_traffic.dhcpv4" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 9, + "i": "1", + "w": 48, + "x": 0, + "y": 7 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 NAK and Decline Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 9, - "i": "1", - "w": 48, - "x": 0, - "y": 7 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 57, + "labelColor": false, + "subText": "" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "2", - "w": 8, - "x": 0, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "dhcpv4.option.message_type:nak OR dhcpv4.option.message_type:decline" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "2", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Message Types", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "3", - "w": 11, - "x": 37, - "y": 0 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Op Code", + "field": "dhcpv4.op_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message Type", + "field": "dhcpv4.option.message_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "3", + "w": 11, + "x": 37, + "y": 0 + }, + "panelIndex": "3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 14, + "i": "5", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Transaction Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 14, - "i": "5", - "w": 48, - "x": 0, - "y": 16 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Transactions", + "field": "dhcpv4.transaction_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "6", + "w": 8, + "x": 8, + "y": 0 + }, + "panelIndex": "6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Client Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 7, - "i": "6", - "w": 8, - "x": 8, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique MACs", + "field": "dhcpv4.client_mac" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "7", + "w": 8, + "x": 16, + "y": 0 + }, + "panelIndex": "7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Data Transfer", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 7, - "i": "7", - "w": 8, - "x": 16, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 24, + "labelColor": false, + "subText": "" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Requests", + "field": "client.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 7, - "i": "8", - "w": 13, - "x": 24, - "y": 0 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Responses", + "field": "server.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] DHCPv4", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "5:panel_5", - "type": "search" - }, - { - "id": "network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb", - "name": "6:panel_6", - "type": "visualization" + } }, - { - "id": "network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 7, + "i": "8", + "w": 13, + "x": 24, + "y": 0 }, - { - "id": "network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb", - "name": "8:panel_8", - "type": "visualization" - } + "panelIndex": "8", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] DHCPv4", + "version": 1 + }, + "references": [ + { + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", + "name": "5:panel_5", + "type": "search" + }, + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json b/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json index 65c3fafb0e2..2917fc65669 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json @@ -1,283 +1,967 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-cassandra", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseKeyspace", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cassandra.response.result.rows.meta.keyspace", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.response.result.rows.meta.table", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "3", + "w": 12, + "x": 36, + "y": 8 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "3", - "w": 12, - "x": 36, - "y": 8 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "4", - "w": 12, - "x": 24, - "y": 8 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cassandra.response.result.type", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 12, + "x": 24, + "y": 8 + }, + "panelIndex": "4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseTime", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "square root", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "9", - "w": 48, - "x": 0, - "y": 16 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 5, + 25, + 50, + 75, + 95 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Cassandra RequestCount", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "square root", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 8, - "i": "10", - "w": 36, - "x": 12, - "y": 0 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra Ops", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "11", - "w": 12, - "x": 12, - "y": 8 + { + "enabled": true, + "id": "2", + "params": { + "field": "cassandra.request.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.response.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "11", + "w": 12, + "x": 12, + "y": 8 + }, + "panelIndex": "11", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra RequestCountStackByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "15", - "w": 48, - "x": 0, - "y": 24 + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.request.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "15", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "15", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseCountStackByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "16", - "w": 48, - "x": 0, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.response.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "16", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "16", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Cassandra RequestCountByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": false, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": "13", + "scale": "log", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 12, - "i": "17", - "w": 24, - "x": 0, - "y": 40 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "gridData": { - "h": 12, - "i": "18", - "w": 24, - "x": 24, - "y": 40 + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.request.headers.op", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "17", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseCountByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": false, + "interpolate": "linear", + "radiusRatio": "15", + "scale": "log", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "19", - "w": 12, - "x": 0, - "y": 0 + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "columns": [ - "cassandra.request.query", - "cassandra.response.result.rows.meta.keyspace", - "cassandra.response.result.rows.meta.table", - "cassandra.response.result.rows.num_rows" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "gridData": { - "h": 12, - "i": "20", - "w": 48, - "x": 0, - "y": 52 + { + "id": "3", + "params": { + "field": "cassandra.response.headers.op", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "search", - "version": "7.3.0" + { + "id": "4", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Cassandra", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-cassandra-responsekeyspace", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-responsetype", - "name": "4:panel_4", - "type": "visualization" + } }, - { - "id": "network_traffic-cassandra-responsetime", - "name": "9:panel_9", - "type": "visualization" + "gridData": { + "h": 12, + "i": "18", + "w": 24, + "x": 24, + "y": 40 }, - { - "id": "network_traffic-cassandra-requestcount", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-ops", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-requestcountstackbytype", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-responsecountstackbytype", - "name": "16:panel_16", - "type": "visualization" + "panelIndex": "18", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-cassandra-requestcountbytype", - "name": "17:panel_17", - "type": "visualization" + "gridData": { + "h": 16, + "i": "19", + "w": 12, + "x": 0, + "y": 0 }, - { - "id": "network_traffic-cassandra-responsecountbytype", - "name": "18:panel_18", - "type": "visualization" + "panelIndex": "19", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "columns": [ + "cassandra.request.query", + "cassandra.response.result.rows.meta.keyspace", + "cassandra.response.result.rows.meta.table", + "cassandra.response.result.rows.num_rows" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "id": "network_traffic-navigation", - "name": "19:panel_19", - "type": "visualization" + "gridData": { + "h": 12, + "i": "20", + "w": 48, + "x": 0, + "y": 52 }, - { - "id": "network_traffic-cassandra-queryview", - "name": "20:panel_20", - "type": "search" - } + "panelIndex": "20", + "panelRefName": "panel_20", + "type": "search", + "version": "7.3.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Cassandra", + "version": 1 + }, + "references": [ + { + "id": "network_traffic-cassandra-queryview", + "name": "20:panel_20", + "type": "search" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "9:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "10:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "11:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "15:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "16:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "17:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "18:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json b/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json index ef7496f86ae..cc01fa81a36 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json @@ -1,286 +1,1452 @@ { - "attributes": { - "description": "Network Packet Capture overview dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-dashboard", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxOSwxXQ==", + "attributes": { + "description": "Network Packet Capture overview dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP Transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 10, + "i": "1", + "w": 12, + "x": 12, + "y": 20 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 12, - "x": 12, - "y": 20 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Transaction Types", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "2", - "w": 12, - "x": 36, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.dataset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.type", + "negate": true, + "params": { + "query": "flow", + "type": "phrase" + }, + "type": "phrase", + "value": "flow" + }, + "query": { + "match": { + "event.type": { + "query": "flow", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "agent.type:packetbeat" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "2", + "w": 12, + "x": 36, + "y": 20 + }, + "panelIndex": "2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 24, - "x": 0, - "y": 45 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 95, + 99 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Errors count over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 0, - "y": 60 + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "30s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + { + "id": "3", + "params": { + "field": "type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Errors vs successful transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "percentage", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "percentage", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "7", - "w": 24, - "x": 24, - "y": 45 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Latency Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "event.duration", + "interval": 10000000 + }, + "schema": "segment", + "type": "histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Response times repartition", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "10", - "w": 48, - "x": 0, - "y": 30 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "extended_bounds": {}, + "field": "event.duration", + "interval": 10000000 + }, + "schema": "group", + "type": "histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "10", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "11", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "11", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Avg Response Time" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" }, - "gridData": { - "h": 20, - "i": "11", - "w": 12, - "x": 0, - "y": 0 + { + "data": { + "id": "3", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "lineWidth": 3.5, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Avg Response Time" + }, + "type": "value" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.17.0" + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 10, - "i": "12", - "w": 12, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "12", + "w": 12, + "x": 0, + "y": 20 + }, + "panelIndex": "12", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Sessions", + "description": "", + "uiState": { + "vis": { + "colors": { + "false": "#E24D42", + "true": "#7EB26D" }, - "gridData": { - "h": 10, - "i": "13", - "w": 12, - "x": 24, - "y": 20 + "legendOpen": false + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.17.0" + "valueAxis": "ValueAxis-1" + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"3f5bc195-da9d-4ec8-a68f-896db321a54b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9638dc3f-f85a-4e68-8e14-25654df43f8e\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"client.geo.location\",\"id\":\"220c104b-34a8-4aa7-a3d6-7b56ad4d3b9e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":2.4,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"agent.type:packetbeat\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "[Network Packet Capture] Map 2", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 40.9799, - "maxLon": 90, - "minLat": 0, - "minLon": -90 - }, - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 2.4 - }, - "openTOCDetails": [] + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "92e797bb-1975-4320-9d19-9b7f11e9e538", - "w": 36, - "x": 12, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sessions per minute", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "92e797bb-1975-4320-9d19-9b7f11e9e538", - "title": "[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)", - "type": "map", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Handshake completed", + "field": "tls.established", + "json": "", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Overview", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dashboard", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-web-transactions", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-db-transactions", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-response-times-percentiles", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-errors-count-over-time", - "name": "6:panel_6", - "type": "visualization" + } }, - { - "id": "network_traffic-errors-vs-successful-transactions", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 10, + "i": "13", + "w": 12, + "x": 24, + "y": 20 }, - { - "id": "network_traffic-latency-histogram", - "name": "8:panel_8", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"3f5bc195-da9d-4ec8-a68f-896db321a54b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9638dc3f-f85a-4e68-8e14-25654df43f8e\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"client.geo.location\",\"id\":\"220c104b-34a8-4aa7-a3d6-7b56ad4d3b9e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":2.4,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"agent.type:packetbeat\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "[Network Packet Capture] Map 2", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 40.9799, + "maxLon": 90, + "minLat": 0, + "minLon": -90 + }, + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 2.4 + }, + "openTOCDetails": [] }, - { - "id": "network_traffic-response-times-repartition", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 20, + "i": "92e797bb-1975-4320-9d19-9b7f11e9e538", + "w": 36, + "x": 12, + "y": 0 }, - { - "id": "network_traffic-navigation", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "92e797bb-1975-4320-9d19-9b7f11e9e538:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "92e797bb-1975-4320-9d19-9b7f11e9e538", + "title": "[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)", + "type": "map", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "92e797bb-1975-4320-9d19-9b7f11e9e538:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-transactions-errors" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "10:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "12:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "13:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json b/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json index 07f0ceeb106..b2528b8bba5 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json @@ -1,146 +1,503 @@ { - "attributes": { - "description": "Detecting tunneling over DNS.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "NOT dns.question.type:PTR" + "id": "network_traffic-dns-unique-domains", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMCwxXQ==", + "attributes": { + "description": "Detecting tunneling over DNS.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "NOT dns.question.type:PTR" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "spy": { + "mode": { + "fill": false, + "name": null + } + }, + "vis": { + "colors": { + "Count": "#1F78C1", + "Unique Subdomain Count": "#EF843C", + "Unique count of dns.question.name": "#E0752D" + }, + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Unique FQDNs per eTLD+1", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#1F78C1", + "Unique count of dns.question.name": "#E0752D" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": true, + "legendPosition": "right", + "mode": "grouped", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Subdomain Count", + "field": "dns.question.name" + }, + "schema": "metric", + "type": "cardinality" }, - "version": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Domains", + "field": "dns.question.etld_plus_one", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "spy": { - "mode": { - "fill": false, - "name": null - } - }, - "vis": { - "colors": { - "Count": "#1F78C1", - "Unique Subdomain Count": "#EF843C", - "Unique count of dns.question.name": "#E0752D" - }, - "legendOpen": false - } + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Unique FQDNs per eTLD+1 Table", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "1", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ETLD+1", + "field": "dns.question.etld_plus_one", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Unique Domains", + "field": "dns.question.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Bytes Transferred per Domain", + "description": "", + "uiState": { + "vis": { + "colors": { + "Bytes In": "#F2C96D", + "Bytes Out": "#629E51", + "Count": "#1F78C1", + "Unique count of dns.question.name": "#E0752D" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 20, - "i": "2", - "w": 24, - "x": 0, - "y": 35 + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": true, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "grouped", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Bytes Out" + }, + "mode": "normal", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "3", + "label": "Bytes In" + }, + "mode": "normal", + "show": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "grouped", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes Out", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "4", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Domains", + "field": "dns.question.etld_plus_one", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes In", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Top Domains by Data Volume", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes In", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "5", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ETLD+1", + "field": "dns.question.etld_plus_one", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "3", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes Out", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.dns" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] DNS Tunneling", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-unique-domains", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-unique-fqdns-per-etld-1", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-unique-fqdns-per-etld-1-table", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "network_traffic-bytes-transferred-per-domain", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 20, + "i": "5", + "w": 24, + "x": 24, + "y": 35 }, - { - "id": "network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d", - "name": "panel_3", - "type": "visualization" - } + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] DNS Tunneling", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-flows.json b/packages/network_traffic/kibana/dashboard/network_traffic-flows.json index 03ecdc79499..feecc61b476 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-flows.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-flows.json @@ -1,141 +1,666 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-flows", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Hosts Creating Traffic", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Source Bytes" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 35, + "i": "1", + "w": 24, + "x": 0, + "y": 25 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 35, - "i": "1", - "w": 24, - "x": 0, - "y": 25 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Connections over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Unique Flows" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 25, - "i": "3", - "w": 36, - "x": 12, - "y": 0 + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Flows", + "field": "flow.id" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "3", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Hosts Receiving Traffic", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Bytes" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Bytes", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 35, - "i": "4", - "w": 24, - "x": 24, - "y": 25 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 35, + "i": "4", + "w": 24, + "x": 24, + "y": 25 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Traffic Between Hosts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Bytes", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 35, - "i": "5", - "w": 48, - "x": 0, - "y": 60 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Network Flows", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-flows", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-top-hosts-creating-traffic", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-navigation", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "network_traffic-connections-over-time", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 35, + "i": "5", + "w": 48, + "x": 0, + "y": 60 }, - { - "id": "network_traffic-top-hosts-receiving-traffic", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-network-traffic-between-your-hosts", - "name": "panel_4", - "type": "visualization" - } + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Network Flows", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-flows-search" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-flows-search" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-flows-search" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-flows-search" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-http.json b/packages/network_traffic/kibana/dashboard/network_traffic-http.json index 5f74aac099f..5f06c0ba487 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-http.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-http.json @@ -1,186 +1,905 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-http", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP Transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 36, + "x": 12, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "1", - "w": 36, - "x": 12, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP error codes", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Unique count of type" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "type" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 15, - "i": "2", - "w": 24, - "x": 0, - "y": 35 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "HTTP Status Code", + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "type", + "negate": false, + "params": { + "query": "http", + "type": "phrase" + }, + "type": "phrase", + "value": "http" + }, + "query": { + "match": { + "network.protocol": { + "query": "http", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ] }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.http and http.response.status_code >= 300" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP error codes evolution", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "4", - "w": 12, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "HTTP Status Code", + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.protocol", + "negate": false, + "params": { + "query": "http", + "type": "phrase" + }, + "type": "phrase", + "value": "http" + }, + "query": { + "match": { + "network.protocol": { + "query": "http", + "type": "phrase" } + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "http.response.status_code", + "negate": true, + "params": { + "gte": 200, + "lt": 299 + }, + "type": "range", + "value": "200 to 299" + }, + "range": { + "http.response.status_code": { + "gte": 200, + "lte": 299 + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ] }, - "gridData": { - "h": 15, - "i": "5", - "w": 12, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.http" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "4", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "[Network Packet Capture] Total number of HTTP transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "37", + "handleNoResults": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 15, - "i": "6", - "w": 36, - "x": 12, - "y": 20 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 25, - "i": "7", - "w": 48, - "x": 0, - "y": 50 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] HTTP", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-web-transactions", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "network_traffic-http-error-codes", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 0, + "y": 20 }, - { - "id": "network_traffic-http-error-codes-evolution", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP status codes for the top queries", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "row": false, + "shareYAxis": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "HTTP Query", + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "HTTP Status Code", + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-navigation", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "6", + "w": 36, + "x": 12, + "y": 20 }, - { - "id": "network_traffic-total-number-of-http-transactions", - "name": "panel_4", - "type": "visualization" + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Top 10 HTTP requests", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-http-codes-for-the-top-queries", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 25, + "i": "7", + "w": 48, + "x": 0, + "y": 50 }, - { - "id": "network_traffic-top-10-http-requests", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] HTTP", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json index 21d19341d65..2dc45c1cac7 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json @@ -1,201 +1,1177 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-mongodb-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "row": true, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "spyPerPage": 10, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "1", - "w": 12, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 20, + "x": 12, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB Commands", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "silhouette", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "silhouette", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2", - "w": 20, - "x": 12, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB errors per collection", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "spyPerPage": 10, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "3", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB in/out throughput", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of source.bytes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "4", + "label": "Sum of destination.bytes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4", - "w": 16, - "x": 0, - "y": 20 - }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB response times by collection", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": false, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": "9", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "drawLinesBetweenPoints": false, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": "9", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 99 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "6", + "w": 32, + "x": 0, + "y": 35 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Top slowest MongoDB queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 25, - "i": "6", - "w": 32, - "x": 0, - "y": 35 - }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 25, - "i": "7", - "w": 16, - "x": 32, - "y": 35 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 99 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "7", + "w": 16, + "x": 32, + "y": 35 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Number of MongoDB transactions with writeConcern w=0", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8", - "w": 16, - "x": 32, - "y": 20 - }, - "panelIndex": "8", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] MongoDB", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "8", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] MongoDB", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-performance", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-mongodb-transactions" }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-errors", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-commands", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-errors-per-collection", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-in-slash-out-throughput", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-response-times-by-collection", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-top-slowest-mongodb-queries", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0", - "name": "panel_7", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-mongodb-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-mongodb-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-mongodb-transactions" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-mongodb-transactions-with-write-concern-0" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json index 937c85b7fb9..0910fa61a77 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json @@ -1,209 +1,999 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-mysql-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 20, + "x": 12, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "1", - "w": 20, - "x": 12, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL Methods", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "wiggle", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "wiggle", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "2", - "w": 16, - "x": 32, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "3", - "w": 12, - "x": 0, - "y": 0 + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL throughput", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of destination.bytes" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "3", + "label": "Sum of source.bytes" + }, + "mode": "normal", + "show": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "4", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "3", + "params": { + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "4", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Most frequent MySQL queries", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 30, - "i": "5", - "w": 24, - "x": 0, - "y": 50 - }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "id": "2", + "params": { + "field": "query", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 30, + "i": "5", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Slowest MySQL queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 30, - "i": "6", - "w": 24, - "x": 24, - "y": 50 - }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 15, - "i": "7", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 30, + "i": "6", + "w": 24, + "x": 24, + "y": 50 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Mysql response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 99, + 99.5 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL Reads vs Writes", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8", - "w": 24, - "x": 0, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "8", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "method: SELECT" + } + }, + { + "input": { + "language": "lucene", + "query": "method: INSERT OR method: UPDATE OR method: DELETE" + } + } + ] + }, + "schema": "group", + "type": "filters" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] MySQL performance", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "8", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] MySQL performance", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-mysql-errors" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-performance", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-mysql-transactions" }, - "references": [ - { - "id": "network_traffic-mysql-errors", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-methods", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-navigation", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-throughput", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-most-frequent-mysql-queries", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-slowest-mysql-queries", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-response-times-percentiles", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-reads-vs-writes", - "name": "panel_7", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-mysql-transactions" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json b/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json index 8eeec1dad20..7adfcf97cb9 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json @@ -1,242 +1,999 @@ { - "attributes": { - "description": "NFSv3 and NFSv4 transactions over TCP.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-nfs", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNSwxXQ==", + "attributes": { + "description": "NFSv3 and NFSv4 transactions over TCP.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS clients pie chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "rpc.cred.machinename", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 25, + "i": "1", + "w": 16, + "x": 16, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 25, - "i": "1", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] NFS operations area chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "interpolate": "linear", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "3", - "w": 24, - "x": 0, - "y": 55 + { + "id": "2", + "params": { + "field": "nfs.opcode", + "order": "desc", + "orderBy": "1", + "size": 16 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "id": "3", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 24, + "x": 0, + "y": 55 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "spy": { + "mode": { + "fill": false, + "name": null + } + }, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS top group pie chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "spy": { - "mode": { - "fill": false, - "name": null - } - }, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "4", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "4", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "rpc.cred.gid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS top users pie chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "5", - "w": 16, - "x": 32, - "y": 10 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "rpc.cred.uid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 16, + "x": 32, + "y": 10 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] NFS response times", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": true, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": "9", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Median event.duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "normal", + "radiusRatio": "9", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Median event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 24, - "y": 25 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 50 + ] + }, + "schema": "metric", + "type": "median" }, - "panelIndex": "6", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 24, + "y": 25 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] NFS errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "7", - "w": 24, - "x": 24, - "y": 40 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "7", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "nfs.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 12 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 40 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] NFS operation table", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 20, - "i": "8", - "w": 24, - "x": 24, - "y": 55 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Opcode", + "field": "nfs.opcode", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "8", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "8", + "w": 24, + "x": 24, + "y": 55 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS Request / Response Sizes", + "description": "", + "uiState": { + "vis": { + "colors": { + "Sum of rpc.reply_size": "#7EB26D" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Request Size" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" }, - "gridData": { - "h": 30, - "i": "9", - "w": 24, - "x": 0, - "y": 25 - }, - "panelIndex": "9", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "2", + "label": "Response Size" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Request Size", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 25, - "i": "10", - "w": 16, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Response Size", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "10", - "panelRefName": "panel_8", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] NFS", - "version": 1 + } + }, + "gridData": { + "h": 30, + "i": "9", + "w": 24, + "x": 0, + "y": 25 + }, + "panelIndex": "9", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "10", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "10", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] NFS", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-nfs" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-nfs" }, - "references": [ - { - "id": "network_traffic-nfs-clients-pie-chart", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-operations-area-chart", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-top-group-pie-chart", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-top-users-pie-chart", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-response-times", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-errors", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-operation-table", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-bytes-in-slash-out", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "network_traffic-navigation", - "name": "panel_8", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-nfs-errors-search" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "9:search_0", + "id": "network_traffic-nfs" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json index 3a43fc2e288..6962112234c 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json @@ -1,209 +1,1024 @@ { - "attributes": { - "description": "Postgres database query performance.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-pgsql-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNiwxXQ==", + "attributes": { + "description": "Postgres database query performance.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "1", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2", - "w": 20, - "x": 12, - "y": 0 + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 20, + "x": 12, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Methods", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "wiggle", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "wiggle", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "3", - "w": 16, - "x": 32, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 99, + 99.5 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "gridData": { - "h": 15, - "i": "4", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Throughput", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of destination.bytes" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "2", + "label": "Sum of source.bytes" + }, + "mode": "normal", + "show": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "5", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Reads vs Writes", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 0, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } + { + "enabled": true, + "id": "3", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "method: SELECT" } - } - }, - "gridData": { - "h": 30, - "i": "7", - "w": 24, - "x": 0, - "y": 50 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } + }, + { + "input": { + "language": "lucene", + "query": "method: INSERT OR method: UPDATE OR method: DELETE" } - } + } + ] + }, + "schema": "group", + "type": "filters" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Most frequent PgSQL queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 30, - "i": "8", - "w": 24, - "x": 24, - "y": 50 + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 30, + "i": "7", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Slowest PgSQL Queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Average Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "8", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] PgSQL performance", - "version": 1 + } + }, + "gridData": { + "h": 30, + "i": "8", + "w": 24, + "x": 24, + "y": 50 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] PgSQL performance", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-pgsql-errors" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-performance", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-pgsql-transactions" }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-errors", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-methods", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-response-times-percentiles", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-throughput", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-reads-vs-writes", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-most-frequent-pgsql-queries", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-slowest-pgsql-queries", - "name": "panel_7", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-pgsql-transactions" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json index da5a36f1f3e..095b175fb40 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json @@ -1,188 +1,552 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-thrift-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 16, + "i": "1", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "1", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Thrift requests per minute", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "2", - "w": 20, - "x": 12, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "3", - "w": 16, - "x": 32, - "y": 0 + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "m", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "2", + "w": 20, + "x": 12, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Thrift RPC Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "interpolate": "linear", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "area", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "4", - "w": 24, - "x": 0, - "y": 16 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "3", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Slowest Thrift RPC methods", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "5", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "6", - "w": 24, - "x": 0, - "y": 28 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Thrift response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "7", - "w": 24, - "x": 24, - "y": 28 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 99, + 99.5 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Thrift performance", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-performance", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "network_traffic-thrift-requests-per-minute", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 16 }, - { - "id": "network_traffic-thrift-rpc-errors", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Thrift-RPC methods ", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "id": "2", + "params": { + "field": "method", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "network_traffic-slowest-thrift-rpc-methods", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 16, + "i": "6", + "w": 24, + "x": 0, + "y": 28 }, - { - "id": "network_traffic-thrift-response-times-percentiles", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Thrift-RPC calls with errors", + "description": "", + "params": { + "addLegend": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "shareYAxis": true + }, + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "id": "2", + "params": { + "field": "method", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "network_traffic-top-thrift-rpc-methods", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 28 }, - { - "id": "network_traffic-top-thrift-rpc-calls-with-errors", - "name": "7:panel_7", - "type": "visualization" - } + "panelIndex": "7", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Thrift performance", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-thrift-errors" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-thrift-errors" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json b/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json index 5160933bc91..2fdee9b0d3a 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json @@ -1,307 +1,1241 @@ { - "attributes": { - "description": "[Network Packet Capture] TLS Sessions", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-tls-sessions", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyOCwxXQ==", + "attributes": { + "description": "[Network Packet Capture] TLS Sessions", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false + "gridData": { + "h": 16, + "i": "4", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "4", - "w": 12, - "x": 0, - "y": 0 + "panelIndex": "4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Sessions", + "description": "", + "uiState": { + "vis": { + "colors": { + "false": "#E24D42", + "true": "#7EB26D" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" }, - "gridData": { - "h": 16, - "i": "8", - "w": 36, - "x": 12, - "y": 0 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "valueAxis": "ValueAxis-1" + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "9", - "w": 12, - "x": 12, - "y": 28 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sessions per minute", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Handshake completed", + "field": "tls.established", + "json": "", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "8", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Alerts", + "description": "", + "uiState": { + "vis": { + "colors": { + "None": "#7EB26D", + "handshake_failure": "#E24D42" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "10", - "w": 12, - "x": 0, - "y": 16 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "11", - "w": 48, - "x": 0, - "y": 40 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "tls.detailed.alert_types", + "include": ".*", + "json": "{\"missing\": \"None\"}", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"exists\":{\"field\":\"tls\"}}" + }, + "query": { + "exists": { + "field": "tls" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.tls" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 12, + "x": 12, + "y": 28 + }, + "panelIndex": "9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Total Number of TLS Sessions", + "description": "", + "uiState": { + "P-5": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-7": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 12, - "i": "12", - "w": 12, - "x": 24, - "y": 28 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "13", - "w": 12, - "x": 36, - "y": 28 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "tls.established" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "tls.established", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.tls" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "10", + "w": 12, + "x": 0, + "y": 16 + }, + "panelIndex": "10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Server Name Indication", + "description": "", + "uiState": {}, + "params": { + "hideLabel": false, + "maxFontSize": 64, + "minFontSize": 14, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "14", - "w": 12, - "x": 0, - "y": 28 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Server Name Indication", + "field": "tls.client.server_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "11", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Versions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "15", - "w": 24, - "x": 0, - "y": 52 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TLS version", + "field": "tls.detailed.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "12", + "w": 12, + "x": 24, + "y": 28 + }, + "panelIndex": "12", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Server Public Key Size", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "16", - "w": 24, - "x": 0, - "y": 64 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Public Key Size", + "field": "tls.server.x509.public_key_size", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "13", + "w": 12, + "x": 36, + "y": 28 + }, + "panelIndex": "13", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Session Resume", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "17", - "w": 24, - "x": 24, - "y": 52 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "exclude": "", + "field": "tls.detailed.resumption_method", + "json": "{\n\"missing\": \"none\"\n}", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "14", + "w": 12, + "x": 0, + "y": 28 + }, + "panelIndex": "14", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Server Certificates", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "18", - "w": 24, - "x": 24, - "y": 64 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "19", - "w": 36, - "x": 12, - "y": 16 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Subject Common Name", + "field": "tls.server.x509.subject.common_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Organization", + "field": "tls.server.x509.subject.organization", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] TLS Sessions", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-tls-sessions", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "network_traffic-c14377a0-d353-11e7-9914-4982455b3063", - "name": "9:panel_9", - "type": "visualization" + } }, - { - "id": "network_traffic-061de380-d361-11e7-9914-4982455b3063", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 0, + "y": 52 }, - { - "id": "network_traffic-a28d09d0-d361-11e7-9914-4982455b3063", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Client Certificates", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Subject Common Name", + "field": "tls.client.x509.subject.common_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Signature Algorithm", + "field": "tls.client.x509.signature_algorithm", + "json": "{ \"missing\": \"N/A\" }", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-0af0b790-d37d-11e7-9914-4982455b3063", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 12, + "i": "16", + "w": 24, + "x": 0, + "y": 64 }, - { - "id": "network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063", - "name": "13:panel_13", - "type": "visualization" + "panelIndex": "16", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Cipher", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cipher", + "field": "tls.cipher", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-2c467370-d392-11e7-8fa0-232aa9259081", - "name": "14:panel_14", - "type": "visualization" + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 24, + "y": 52 }, - { - "id": "network_traffic-0958a910-d396-11e7-8fa0-232aa9259081", - "name": "15:panel_15", - "type": "visualization" + "panelIndex": "17", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Fingerprint", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "JA3 Fingerprint", + "field": "tls.client.ja3", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-86743f90-d396-11e7-8fa0-232aa9259081", - "name": "16:panel_16", - "type": "visualization" + "gridData": { + "h": 12, + "i": "18", + "w": 24, + "x": 24, + "y": 64 }, - { - "id": "network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961", - "name": "17:panel_17", - "type": "visualization" + "panelIndex": "18", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Handshake Latency", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Handshake Latency (ns)", + "extended_bounds": {}, + "field": "event.duration", + "interval": 2000000 + }, + "schema": "segment", + "type": "histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.duration", + "negate": false, + "params": { + "gte": 0, + "lt": 1000000000 + }, + "type": "range", + "value": "0 to 1,000,000,000" + }, + "range": { + "event.duration": { + "gte": 0, + "lt": 1000000000 + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b", - "name": "18:panel_18", - "type": "visualization" + "gridData": { + "h": 12, + "i": "19", + "w": 36, + "x": 12, + "y": 16 }, - { - "id": "network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9", - "name": "19:panel_19", - "type": "visualization" - } + "panelIndex": "19", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] TLS Sessions", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11:search_0", + "id": "network_traffic-94908e80-d2d8-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "12:search_0", + "id": "network_traffic-bf3d23b0-d37c-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "13:search_0", + "id": "network_traffic-8f0ff590-d37d-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "14:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "15:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "16:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "17:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "18:search_0", + "id": "network_traffic-6b1b1360-d49d-11e7-996f-bd7c1ca4591b" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "19:search_0", + "id": "network_traffic-8e2af860-d520-11e7-9fff-7b1ebf397ba9" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json deleted file mode 100644 index 16e691a1cf3..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Sessions", - "uiStateJSON": { - "vis": { - "colors": { - "false": "#E24D42", - "true": "#7EB26D" - }, - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sessions per minute", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Handshake completed", - "field": "tls.established", - "json": "", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": "ValueAxis-1" - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] TLS Sessions", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json deleted file mode 100644 index 5a0a596e308..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "tls.established" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "tls.established", - "negate": false, - "type": "exists", - "value": "exists" - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.tls" - } - } - }, - "title": "[Network Packet Capture] Total Number of TLS Sessions", - "uiStateJSON": { - "P-5": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-7": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] Total Number of TLS Sessions", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-061de380-d361-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json b/packages/network_traffic/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json deleted file mode 100644 index df9a04e1dea..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Server Certificates", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Subject Common Name", - "field": "tls.server.x509.subject.common_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Organization", - "field": "tls.server.x509.subject.organization", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Server Certificates", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-0958a910-d396-11e7-8fa0-232aa9259081", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json deleted file mode 100644 index 309f0d1ebb9..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Versions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "TLS version", - "field": "tls.detailed.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] TLS Versions", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-0af0b790-d37d-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-bf3d23b0-d37c-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json deleted file mode 100644 index 3ea256e545e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Client Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique MACs", - "field": "dhcpv4.client_mac" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 Client Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json b/packages/network_traffic/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json deleted file mode 100644 index b189fd81fe5..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Session Resume", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "", - "field": "tls.detailed.resumption_method", - "json": "{\n\"missing\": \"none\"\n}", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] TLS Session Resume", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-2c467370-d392-11e7-8fa0-232aa9259081", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json deleted file mode 100644 index 7841b7d852a..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Message Types", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Op Code", - "field": "dhcpv4.op_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message Type", - "field": "dhcpv4.option.message_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] DHCPv4 Message Types", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json b/packages/network_traffic/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json deleted file mode 100644 index 4a7d62a3d4a..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Cipher", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Cipher", - "field": "tls.cipher", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Cipher", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json deleted file mode 100644 index 602348ca288..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "dhcpv4.option.message_type:nak OR dhcpv4.option.message_type:decline" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 NAK and Decline Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 57, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 NAK and Decline Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json b/packages/network_traffic/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json deleted file mode 100644 index 2be27f4c9c4..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Min/Max/Avg Response Time Histogram", - "uiStateJSON": { - "vis": { - "colors": { - "Avg Response Time (ns)": "#629E51", - "Max Response Time (ns)": "#E24D42", - "Min Response Time (ns)": "#70DBED" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Max Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "max" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "4", - "label": "Min Response Time (ns)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "1", - "label": "Avg Response Time (ns)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Max Response Time (ns)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Average event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] DNS Min/Max/Avg Response Time Histogram", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json deleted file mode 100644 index b8b1ec3f0af..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.dhcpv4" - } - } - }, - "title": "[Network Packet Capture] DHCPv4 Message Types over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "c2cf4410-8ba8-11e8-ae15-bdcba81344e6" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "type:dhcpv4" - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "ignore_global_filter": 0, - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "NOT dhcpv4.option.message_type:nak NOT dhcpv4.option.message_type:decline" - }, - "formatter": "number", - "id": "8abe6eb0-8ba9-11e8-ae15-bdcba81344e6", - "label": "Response", - "line_width": 1, - "metrics": [ - { - "id": "8abe6eb1-8ba9-11e8-ae15-bdcba81344e6", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "dhcpv4.option.message_type" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "dhcpv4.option.message_type:nak" - }, - "formatter": "number", - "id": "ae5610d0-8ba9-11e8-ae15-bdcba81344e6", - "label": "nak", - "line_width": "4", - "metrics": [ - { - "id": "ae5610d1-8ba9-11e8-ae15-bdcba81344e6", - "type": "count" - } - ], - "point_size": "3", - "seperate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "dhcpv4.option.message_type:decline" - }, - "formatter": "number", - "id": "cf7ba180-8ba9-11e8-ae15-bdcba81344e6", - "label": "decline", - "line_width": "4", - "metrics": [ - { - "id": "cf7ba181-8ba9-11e8-ae15-bdcba81344e6", - "type": "count" - } - ], - "point_size": "3", - "seperate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "[Network Packet Capture] DHCPv4 Message Types over Time", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json b/packages/network_traffic/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json deleted file mode 100644 index 6b055afd63e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Client Certificates", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Subject Common Name", - "field": "tls.client.x509.subject.common_name", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Signature Algorithm", - "field": "tls.client.x509.signature_algorithm", - "json": "{ \"missing\": \"N/A\" }", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Client Certificates", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-86743f90-d396-11e7-8fa0-232aa9259081", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json deleted file mode 100644 index e9ca126061d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Server Name Indication", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Server Name Indication", - "field": "tls.client.server_name", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "hideLabel": false, - "maxFontSize": 64, - "minFontSize": 14, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "[Network Packet Capture] TLS Server Name Indication", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-a28d09d0-d361-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-94908e80-d2d8-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json b/packages/network_traffic/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json deleted file mode 100644 index 674b8863725..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Fingerprint", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "JA3 Fingerprint", - "field": "tls.client.ja3", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Fingerprint", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-6b1b1360-d49d-11e7-996f-bd7c1ca4591b", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json deleted file mode 100644 index 755972ecc09..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Server Public Key Size", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Public Key Size", - "field": "tls.server.x509.public_key_size", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] Server Public Key Size", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-8f0ff590-d37d-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json b/packages/network_traffic/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json deleted file mode 100644 index f104bc98be6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Client and Servers Pie Chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Server", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] DNS Client and Servers Pie Chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-bytes-transferred-per-domain.json b/packages/network_traffic/kibana/visualization/network_traffic-bytes-transferred-per-domain.json deleted file mode 100644 index 465b0590901..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-bytes-transferred-per-domain.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Bytes Transferred per Domain", - "uiStateJSON": { - "vis": { - "colors": { - "Bytes In": "#F2C96D", - "Bytes Out": "#629E51", - "Count": "#1F78C1", - "Unique count of dns.question.name": "#E0752D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes Out", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Domains", - "field": "dns.question.etld_plus_one", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes In", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": true, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "grouped", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Bytes Out" - }, - "mode": "normal", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Bytes In" - }, - "mode": "normal", - "show": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "grouped", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Bytes Transferred per Domain", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-bytes-transferred-per-domain", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json deleted file mode 100644 index a90effdbdfc..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"exists\":{\"field\":\"tls\"}}" - }, - "query": { - "exists": { - "field": "tls" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.tls" - } - } - }, - "title": "[Network Packet Capture] TLS Alerts", - "uiStateJSON": { - "vis": { - "colors": { - "None": "#7EB26D", - "handshake_failure": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "tls.detailed.alert_types", - "include": ".*", - "json": "{\"missing\": \"None\"}", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] TLS Alerts", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-c14377a0-d353-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-ops.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-ops.json deleted file mode 100644 index bb6dfc78698..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-ops.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra Ops", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cassandra.request.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.response.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true - }, - "title": "[Network Packet Capture] Cassandra Ops", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-ops", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcount.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcount.json deleted file mode 100644 index cec2f62e5ed..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcount.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra RequestCount", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "square root", - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra RequestCount", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-requestcount", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountbytype.json deleted file mode 100644 index cb88eaa3723..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountbytype.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra RequestCountByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.request.headers.op", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "drawLinesBetweenPoints": false, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": "13", - "scale": "log", - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra RequestCountByType", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-requestcountbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json deleted file mode 100644 index bd87104c182..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra RequestCountStackByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.request.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "legendPosition": "right", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra RequestCountStackByType", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-requestcountstackbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountbytype.json deleted file mode 100644 index c35009eb519..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountbytype.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseCountByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "id": "3", - "params": { - "field": "cassandra.response.headers.op", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - }, - { - "id": "4", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "drawLinesBetweenPoints": false, - "interpolate": "linear", - "radiusRatio": "15", - "scale": "log", - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra: ResponseCountByType", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsecountbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json deleted file mode 100644 index 6379115c7fb..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseCountStackByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.response.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "legendPosition": "right", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra ResponseCountStackByType", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsecountstackbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsekeyspace.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsekeyspace.json deleted file mode 100644 index b89f48c4161..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsekeyspace.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseKeyspace", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cassandra.response.result.rows.meta.keyspace", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.response.result.rows.meta.table", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true - }, - "title": "[Network Packet Capture] Cassandra ResponseKeyspace", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsekeyspace", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetime.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetime.json deleted file mode 100644 index ed83cc15afc..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetime.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseTime", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 5, - 25, - 50, - 75, - 95 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "square root", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra ResponseTime", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsetime", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetype.json deleted file mode 100644 index 1b53e4081d7..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetype.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cassandra.response.result.type", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true - }, - "title": "[Network Packet Capture] Cassandra ResponseType", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsetype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-connections-over-time.json b/packages/network_traffic/kibana/visualization/network_traffic-connections-over-time.json deleted file mode 100644 index 9a20ff5d47f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-connections-over-time.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Connections over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Flows", - "field": "flow.id" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Unique Flows" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Connections over time", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-connections-over-time", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json deleted file mode 100644 index 20f780f259e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Transaction Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Transactions", - "field": "dhcpv4.transaction_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 Transaction Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json b/packages/network_traffic/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json deleted file mode 100644 index 0b0a3bf08c6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.duration", - "negate": false, - "params": { - "gte": 0, - "lt": 1000000000 - }, - "type": "range", - "value": "0 to 1,000,000,000" - }, - "range": { - "event.duration": { - "gte": 0, - "lt": 1000000000 - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Handshake Latency", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Handshake Latency (ns)", - "extended_bounds": {}, - "field": "event.duration", - "interval": 2000000 - }, - "schema": "segment", - "type": "histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] TLS Handshake Latency", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-8e2af860-d520-11e7-9fff-7b1ebf397ba9", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-db-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-db-transactions.json deleted file mode 100644 index d021c8b825d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-db-transactions.json +++ /dev/null @@ -1,187 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.type", - "negate": true, - "params": { - "query": "flow", - "type": "phrase" - }, - "type": "phrase", - "value": "flow" - }, - "query": { - "match": { - "event.type": { - "query": "flow", - "type": "phrase" - } - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "agent.type:packetbeat" - } - } - }, - "title": "[Network Packet Capture] Transaction Types", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.dataset", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Transaction Types", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-db-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json b/packages/network_traffic/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json deleted file mode 100644 index 3d5fa39120c..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.dns" - } - } - }, - "title": "[Network Packet Capture] Top Domains by Data Volume", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes In", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ETLD+1", - "field": "dns.question.etld_plus_one", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "3", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes Out", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Top Domains by Data Volume", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-query-summary.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-query-summary.json deleted file mode 100644 index cbbedc454b4..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-query-summary.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Query Summary", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Server Bytes", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Avg Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "17", - "handleNoResults": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 28, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DNS Query Summary", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-query-summary", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-question-types.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-question-types.json deleted file mode 100644 index df0bf89ebd1..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-question-types.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Question Types", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "dns.question.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] DNS Question Types", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-question-types", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-request-status-over-time.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-request-status-over-time.json deleted file mode 100644 index c19ecc67df2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-request-status-over-time.json +++ /dev/null @@ -1,172 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Request Status Over Time", - "uiStateJSON": { - "vis": { - "colors": { - "Error": "#890F02", - "OK": "#0A50A1" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] DNS Request Status Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-request-status-over-time", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-response-codes.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-response-codes.json deleted file mode 100644 index fc100e73d55..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-response-codes.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlight": { - "fields": { - "*": {} - }, - "fragment_size": 2147483647, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ], - "require_field_match": false - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Response Codes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Response Code", - "field": "dns.response_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] DNS Response Codes", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-response-codes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-top-10-questions.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-top-10-questions.json deleted file mode 100644 index 7f96e6d39ce..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-top-10-questions.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "status", - "negate": false, - "params": { - "query": "OK", - "type": "phrase" - }, - "type": "phrase", - "value": "OK" - }, - "query": { - "match": { - "status": { - "query": "OK", - "type": "phrase" - } - } - } - } - ], - "highlight": { - "fields": { - "*": {} - }, - "fragment_size": 2147483647, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ], - "require_field_match": false - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Top 10 Questions", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Question", - "field": "dns.question.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 30 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] DNS Top 10 Questions", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-top-10-questions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json b/packages/network_traffic/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json deleted file mode 100644 index e728c0f68a6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json +++ /dev/null @@ -1,180 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Avg Response Time" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "lineWidth": 3.5, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Avg Response Time" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] DNS Transactions", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-errors-count-over-time.json b/packages/network_traffic/kibana/visualization/network_traffic-errors-count-over-time.json deleted file mode 100644 index a3f5d248055..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-errors-count-over-time.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Errors count over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "30s", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "id": "3", - "params": { - "field": "type", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] New Visualization", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-errors-count-over-time", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-transactions-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-errors-vs-successful-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-errors-vs-successful-transactions.json deleted file mode 100644 index e3ae9f1ce84..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-errors-vs-successful-transactions.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Errors vs successful transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "percentage", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "percentage", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Errors vs successful transactions", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-errors-vs-successful-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json deleted file mode 100644 index b7e92dfccc7..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Data Transfer", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Requests", - "field": "client.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Responses", - "field": "server.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 24, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 Data Transfer", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json deleted file mode 100644 index bf83643ba51..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] HTTP status codes for the top queries", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "HTTP Query", - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "HTTP Status Code", - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "row": false, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] HTTP status codes for the top queries", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http-codes-for-the-top-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes-evolution.json b/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes-evolution.json deleted file mode 100644 index 46edc1dc331..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes-evolution.json +++ /dev/null @@ -1,237 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "network.protocol", - "negate": false, - "params": { - "query": "http", - "type": "phrase" - }, - "type": "phrase", - "value": "http" - }, - "query": { - "match": { - "network.protocol": { - "query": "http", - "type": "phrase" - } - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "http.response.status_code", - "negate": true, - "params": { - "gte": 200, - "lt": 299 - }, - "type": "range", - "value": "200 to 299" - }, - "range": { - "http.response.status_code": { - "gte": 200, - "lte": 299 - } - } - } - ], - "highlight": { - "fields": { - "*": {} - }, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ] - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.http" - } - } - }, - "title": "[Network Packet Capture] HTTP error codes evolution", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "HTTP Status Code", - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] HTTP error codes evolution", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http-error-codes-evolution", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes.json b/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes.json deleted file mode 100644 index 8e5e06ae05f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes.json +++ /dev/null @@ -1,187 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "type", - "negate": false, - "params": { - "query": "http", - "type": "phrase" - }, - "type": "phrase", - "value": "http" - }, - "query": { - "match": { - "network.protocol": { - "query": "http", - "type": "phrase" - } - } - } - } - ], - "highlight": { - "fields": { - "*": {} - }, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ] - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.http and http.response.status_code \u003e= 300" - } - } - }, - "title": "[Network Packet Capture] HTTP error codes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "type" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "HTTP Status Code", - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Unique count of type" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] HTTP error codes", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http-error-codes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-latency-histogram.json b/packages/network_traffic/kibana/visualization/network_traffic-latency-histogram.json deleted file mode 100644 index 9ec7f931662..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-latency-histogram.json +++ /dev/null @@ -1,140 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Latency Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "event.duration", - "interval": 10000000 - }, - "schema": "segment", - "type": "histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Latency Histogram", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-latency-histogram", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-commands.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-commands.json deleted file mode 100644 index e39c028d535..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-commands.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB Commands", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "silhouette", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "silhouette", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB Commands", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-commands", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors-per-collection.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors-per-collection.json deleted file mode 100644 index 0f156c393ae..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors-per-collection.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB errors per collection", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "resource", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "spyPerPage": 10, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB errors per collection", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-errors-per-collection", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors.json deleted file mode 100644 index 7fbef8fc8bc..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors.json +++ /dev/null @@ -1,182 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "resource", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "row": true, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "spyPerPage": 10, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB errors", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json deleted file mode 100644 index 847eba61684..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json +++ /dev/null @@ -1,172 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB in/out throughput", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of source.bytes" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "4", - "label": "Sum of destination.bytes" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB in/out throughput", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-in-slash-out-throughput", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json deleted file mode 100644 index e40df2dc6dd..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB response times by collection", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 99 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "resource", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": false, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": "9", - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "drawLinesBetweenPoints": false, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": "9", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB response times by collection", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-response-times-by-collection", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-mysql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-mysql-queries.json deleted file mode 100644 index d5cac0e69de..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-mysql-queries.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Most frequent MySQL queries", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "query", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true - }, - "title": "[Network Packet Capture] Most frequent MySQL queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-most-frequent-mysql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json deleted file mode 100644 index ca103969609..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Most frequent PgSQL queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Most frequent PgSQL queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-most-frequent-pgsql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-errors.json deleted file mode 100644 index 5fbe7f7bfae..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-errors.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MySQL Errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-methods.json deleted file mode 100644 index d10dc3cfae9..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-methods.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL Methods", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "wiggle", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "wiggle", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MySQL Methods", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-reads-vs-writes.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-reads-vs-writes.json deleted file mode 100644 index fd65dd16441..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-reads-vs-writes.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL Reads vs Writes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "method: SELECT" - } - }, - { - "input": { - "language": "lucene", - "query": "method: INSERT OR method: UPDATE OR method: DELETE" - } - } - ] - }, - "schema": "group", - "type": "filters" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "@timestamp per 30 seconds" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MySQL Reads vs Writes", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-reads-vs-writes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-response-times-percentiles.json deleted file mode 100644 index b5459277439..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-response-times-percentiles.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Mysql response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 99, - 99.5 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] Mysql response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-throughput.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-throughput.json deleted file mode 100644 index 9d037cd2783..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-throughput.json +++ /dev/null @@ -1,157 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL throughput", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of destination.bytes" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Sum of source.bytes" - }, - "mode": "normal", - "show": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] MySQL throughput", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-throughput", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-navigation.json b/packages/network_traffic/kibana/visualization/network_traffic-navigation.json deleted file mode 100644 index 75e5ceb2023..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-navigation.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Network Packet Capture] Navigation", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 10, - "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", - "openLinksInNewTab": false - }, - "title": "[Network Packet Capture] Navigation", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-navigation", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json b/packages/network_traffic/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json deleted file mode 100644 index f5aee22cbb2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Traffic Between Hosts", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Source Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Bytes", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination IP", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Traffic Between Hosts", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-network-traffic-between-your-hosts", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json deleted file mode 100644 index 564efe47971..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json +++ /dev/null @@ -1,180 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS Request / Response Sizes", - "uiStateJSON": { - "vis": { - "colors": { - "Sum of rpc.reply_size": "#7EB26D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Request Size", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Response Size", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Request Size" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "2", - "label": "Response Size" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS Request / Response Sizes", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-bytes-in-slash-out", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-clients-pie-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-clients-pie-chart.json deleted file mode 100644 index 32af9848868..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-clients-pie-chart.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS clients pie chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "rpc.cred.machinename", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] NFS clients pie chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-clients-pie-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-errors.json deleted file mode 100644 index feb0db25e6e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-errors.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "nfs.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 12 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs-errors-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operation-table.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-operation-table.json deleted file mode 100644 index 582596a6bda..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operation-table.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS operation table", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Opcode", - "field": "nfs.opcode", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] NFS operation table", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-operation-table", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operations-area-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-operations-area-chart.json deleted file mode 100644 index 9164ca824a4..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operations-area-chart.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS operations area chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "nfs.opcode", - "order": "desc", - "orderBy": "1", - "size": 16 - }, - "schema": "group", - "type": "terms" - }, - { - "id": "3", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "interpolate": "linear", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS operations area chart", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-operations-area-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-response-times.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-response-times.json deleted file mode 100644 index 70b5f5ea0a2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-response-times.json +++ /dev/null @@ -1,153 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS response times", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 50 - ] - }, - "schema": "metric", - "type": "median" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": true, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": "9", - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Median event.duration" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "normal", - "radiusRatio": "9", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Median event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS response times", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-response-times", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json deleted file mode 100644 index 9e0aff87099..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS top group pie chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "rpc.cred.gid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] NFS top group pie chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-top-group-pie-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json deleted file mode 100644 index c3e9088cd33..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS top users pie chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "rpc.cred.uid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] NFS top users pie chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-top-users-pie-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json b/packages/network_traffic/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json deleted file mode 100644 index 3e9bd6279f0..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Number of MongoDB transactions with writeConcern w=0", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Number of MongoDB transactions with writeConcern w=0", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions-with-write-concern-0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-errors.json deleted file mode 100644 index 1edabdea3b2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-errors.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] PgSQL Errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-methods.json deleted file mode 100644 index f7663797a1f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-methods.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Methods", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "wiggle", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "wiggle", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] PgSQL Methods", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json deleted file mode 100644 index 72fcf9a8a71..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Reads vs Writes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "method: SELECT" - } - }, - { - "input": { - "language": "lucene", - "query": "method: INSERT OR method: UPDATE OR method: DELETE" - } - } - ] - }, - "schema": "group", - "type": "filters" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "@timestamp per 30 seconds" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] PgSQL Reads vs Writes", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-reads-vs-writes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json deleted file mode 100644 index 4d45096f1a5..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 99, - 99.5 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] PgSQL response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-throughput.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-throughput.json deleted file mode 100644 index 5a0f35c74a2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-throughput.json +++ /dev/null @@ -1,157 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Throughput", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of destination.bytes" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "2", - "label": "Sum of source.bytes" - }, - "mode": "normal", - "show": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] PgSQL Throughput", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-throughput", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-response-times-percentiles.json deleted file mode 100644 index 4a5578f1c8b..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-response-times-percentiles.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 95, - 99 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-response-times-repartition.json b/packages/network_traffic/kibana/visualization/network_traffic-response-times-repartition.json deleted file mode 100644 index 97d6e1f5253..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-response-times-repartition.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Response times repartition", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "extended_bounds": {}, - "field": "event.duration", - "interval": 10000000 - }, - "schema": "group", - "type": "histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Response times repartition", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-response-times-repartition", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-slowest-mysql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-slowest-mysql-queries.json deleted file mode 100644 index c5f93044895..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-slowest-mysql-queries.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Slowest MySQL queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Slowest MySQL queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-slowest-mysql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-slowest-pgsql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-slowest-pgsql-queries.json deleted file mode 100644 index 556f348ec0d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-slowest-pgsql-queries.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Slowest PgSQL Queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Average Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Slowest PgSQL Queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-slowest-pgsql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json deleted file mode 100644 index 623ba6aa6bd..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Slowest Thrift RPC methods", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Slowest Thrift RPC methods", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-slowest-thrift-rpc-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-thrift-requests-per-minute.json b/packages/network_traffic/kibana/visualization/network_traffic-thrift-requests-per-minute.json deleted file mode 100644 index 68b673575a6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-thrift-requests-per-minute.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Thrift requests per minute", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "m", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Thrift requests per minute", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-requests-per-minute", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-thrift-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-thrift-response-times-percentiles.json deleted file mode 100644 index d49e71c4fff..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-thrift-response-times-percentiles.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Thrift response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 99, - 99.5 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] Thrift response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-thrift-rpc-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-thrift-rpc-errors.json deleted file mode 100644 index fa334d6703c..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-thrift-rpc-errors.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Thrift RPC Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "interpolate": "linear", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Thrift RPC Errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-rpc-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-10-http-requests.json b/packages/network_traffic/kibana/visualization/network_traffic-top-10-http-requests.json deleted file mode 100644 index 530b253713d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-10-http-requests.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top 10 HTTP requests", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Top 10 HTTP requests", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-10-http-requests", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-creating-traffic.json b/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-creating-traffic.json deleted file mode 100644 index 73c801caae5..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-creating-traffic.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Hosts Creating Traffic", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Source Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Source Bytes" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Top Hosts Creating Traffic", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-hosts-creating-traffic", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json b/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json deleted file mode 100644 index 6e84d11b9b6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Hosts Receiving Traffic", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Bytes", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination IP", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Bytes" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Top Hosts Receiving Traffic", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-hosts-receiving-traffic", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json deleted file mode 100644 index 6715a8a7c96..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top slowest MongoDB queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 99 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Top slowest MongoDB queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-slowest-mongodb-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json deleted file mode 100644 index 6fba58f657b..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Thrift-RPC calls with errors", - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "method", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "shareYAxis": true - }, - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-thrift-rpc-calls-with-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-methods.json deleted file mode 100644 index cf63f81f48f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-methods.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Thrift-RPC methods ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "method", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Top Thrift-RPC methods", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-thrift-rpc-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-total-number-of-http-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-total-number-of-http-transactions.json deleted file mode 100644 index 79f24dfe0e8..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-total-number-of-http-transactions.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Total number of HTTP transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "37", - "handleNoResults": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] Total number of HTTP transactions", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-total-number-of-http-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json b/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json deleted file mode 100644 index 1813f448e85..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1 Table", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ETLD+1", - "field": "dns.question.etld_plus_one", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Unique Domains", - "field": "dns.question.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1 Table", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-unique-fqdns-per-etld-1-table", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json b/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json deleted file mode 100644 index a9337a339eb..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1", - "uiStateJSON": { - "vis": { - "colors": { - "Count": "#1F78C1", - "Unique count of dns.question.name": "#E0752D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Subdomain Count", - "field": "dns.question.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Domains", - "field": "dns.question.etld_plus_one", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": true, - "legendPosition": "right", - "mode": "grouped", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-unique-fqdns-per-etld-1", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-web-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-web-transactions.json deleted file mode 100644 index b5aba3cad99..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-web-transactions.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] HTTP Transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] HTTP Transactions", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-web-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 86cc6a35caefce9b1f74f35ac60477651a080a90 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 03:00:18 +0530 Subject: [PATCH 025/103] migrate o365 to by_value --- ...-712e2c00-685d-11ea-8d6a-292ef5d68366.json | 895 ++++++++++++++---- ...-dbae13c0-685c-11ea-8d6a-292ef5d68366.json | 178 ---- ...-0be1adb0-6860-11ea-8d6a-292ef5d68366.json | 81 -- ...-897d0c70-6869-11ea-8d6a-292ef5d68366.json | 252 ----- ...-8b033510-685a-11ea-8d6a-292ef5d68366.json | 208 ---- ...-d43c95a0-6864-11ea-8d6a-292ef5d68366.json | 80 -- 6 files changed, 729 insertions(+), 965 deletions(-) delete mode 100644 packages/o365/kibana/map/o365-dbae13c0-685c-11ea-8d6a-292ef5d68366.json delete mode 100644 packages/o365/kibana/visualization/o365-0be1adb0-6860-11ea-8d6a-292ef5d68366.json delete mode 100644 packages/o365/kibana/visualization/o365-897d0c70-6869-11ea-8d6a-292ef5d68366.json delete mode 100644 packages/o365/kibana/visualization/o365-8b033510-685a-11ea-8d6a-292ef5d68366.json delete mode 100644 packages/o365/kibana/visualization/o365-d43c95a0-6864-11ea-8d6a-292ef5d68366.json diff --git a/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json index 93f0063c76f..e0cc5427e25 100644 --- a/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json +++ b/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json @@ -1,192 +1,755 @@ { - "attributes": { - "description": "Sample dashboard for Office 365 Management Activity events", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" + "id": "o365-712e2c00-685d-11ea-8d6a-292ef5d68366", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T21:27:54.577Z", + "version": "WzYzMiwxXQ==", + "attributes": { + "description": "Sample dashboard for Office 365 Management Activity events", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 6, + "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Audit Event Count [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" } + ], + "searchSource": {} } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "title": "Total audit events" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "w": 38, + "x": 10, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "title": "Total audit events" - }, - "gridData": { - "h": 6, - "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", - "w": 10, - "x": 0, - "y": 0 + "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events Histogram [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.code: Descending", + "params": {} + } + ], + "x": { + "accessor": 1, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "label": "@timestamp per 12 hours", + "params": { + "bounds": { + "max": "2020-02-29T10:59:01.067Z", + "min": "2020-02-05T03:25:59.045Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H", + "intervalESUnit": "h", + "intervalESValue": 12 + } }, - "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", - "panelRefName": "panel_0", - "title": "Total audit events", - "version": "7.6.0" + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": { - "title": "Event histogram by service" + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", - "w": 38, - "x": 10, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", - "panelRefName": "panel_1", - "title": "Event histogram by service", - "version": "7.6.0" - }, - { - "embeddableConfig": { - "colors": { - "alert": "#EF843C", - "event": "#7EB26D" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2020-02-05T03:25:59.045Z", + "to": "2020-02-29T10:59:01.067Z" }, - "legendOpen": true, - "title": "Events by type", - "vis": { - "colors": { - "alert": "#E24D42", - "event": "#7EB26D" - }, - "legendOpen": true - } - }, - "gridData": { - "h": 8, - "i": "70ab7239-c65c-41da-8242-da61750745d7", - "w": 10, - "x": 0, - "y": 6 - }, - "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", - "panelRefName": "panel_2", - "title": "Events by type", - "version": "7.6.0" + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": {} + } + } + }, + "title": "Event histogram by service" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 8, + "i": "70ab7239-c65c-41da-8242-da61750745d7", + "w": 10, + "x": 0, + "y": 6 + }, + "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", + "embeddableConfig": { + "colors": { + "alert": "#EF843C", + "event": "#7EB26D" + }, + "legendOpen": true, + "vis": { + "colors": { + "alert": "#E24D42", + "event": "#7EB26D" }, - { - "embeddableConfig": { - "colors": { - "failure": "#E24D42", - "success": "#629E51" - }, - "legendOpen": false, - "title": "Top users by authentication failures", - "vis": { - "colors": { - "failure": "#E24D42", - "success": "#629E51" - }, - "legendOpen": true - } + "legendOpen": true + }, + "enhancements": {}, + "savedVis": { + "title": "Audit Event Type [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 17, - "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", - "w": 10, - "x": 0, - "y": 14 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.kind", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": {} + } + } + }, + "title": "Events by type" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "w": 10, + "x": 0, + "y": 14 + }, + "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "embeddableConfig": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": false, + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + }, + "enhancements": {}, + "savedVis": { + "title": "Top Authentication Failures [Logs o365]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" }, - "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", - "panelRefName": "panel_3", - "title": "Top users by authentication failures", - "version": "7.6.0" + "legendOpen": true + } }, - { - "embeddableConfig": { - "hiddenLayers": [], - "isLayerTOCOpen": false, - "mapCenter": { - "lat": 42.68781, - "lon": -48.94209, - "zoom": 1.88 + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": false, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } }, - "openTOCDetails": [], - "title": "Client geolocation map" - }, - "gridData": { - "h": 17, - "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", - "w": 38, - "x": 10, - "y": 14 - }, - "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", - "panelRefName": "panel_4", - "title": "Client geolocation map", - "version": "7.6.0" + "label": "event.outcome: Ascending", + "params": {} + } + ], + "splitRow": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "user.name: Descending", + "params": {} + } + ], + "x": null, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false, + "valueAxis": "" + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "orderBucketsBySum": true, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": false, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": false, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": { - "title": "Data Loss Prevention alerts" + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 13, - "i": "481f1778-caad-4971-b598-bb61c94bf998", - "w": 48, - "x": 0, - "y": 31 + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998", - "panelRefName": "panel_5", - "title": "Data Loss Prevention alerts", - "version": "7.6.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "split", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs o365] Audit Dashboard", - "version": 1 - }, - "id": "o365-712e2c00-685d-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "dashboard": "7.3.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "o365-0be1adb0-6860-11ea-8d6a-292ef5d68366", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "o365-8b033510-685a-11ea-8d6a-292ef5d68366", - "name": "panel_1", - "type": "visualization" + "title": "Top users by authentication failures" + }, + { + "version": "7.14.0", + "type": "map", + "gridData": { + "h": 17, + "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "w": 38, + "x": 10, + "y": 14 }, - { - "id": "o365-d43c95a0-6864-11ea-8d6a-292ef5d68366", - "name": "panel_2", - "type": "visualization" + "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 42.68781, + "lon": -48.94209, + "zoom": 1.88 + }, + "openTOCDetails": [], + "enhancements": {}, + "attributes": { + "title": "Client Geo Map [Logs o365 audit]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":30.87292,\"lon\":16.67387},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:\\\"o365.audit\\\" \"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"2020-02-05T03:25:59.045Z\",\"to\":\"2020-02-29T10:59:01.067Z\"},\"zoom\":2.88,\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"0b910b6c-77c8-4223-892a-1ebf69b0ccb4\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"acc53b7b-3411-406b-9371-6fa62b6b9365\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"geoField\":\"source.geo.location\",\"id\":\"3ba31ffc-7051-44bf-96a0-a684020cd2a3\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"requestType\":\"point\",\"resolution\":\"FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"airfield\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"maxSize\":32,\"minSize\":8},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}},\"type\":\"DYNAMIC\"},\"lineColor\":{\"options\":{\"color\":\"#FFF\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":0},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" + } }, - { - "id": "o365-897d0c70-6869-11ea-8d6a-292ef5d68366", - "name": "panel_3", - "type": "visualization" + "title": "Client geolocation map" + }, + { + "version": "7.6.0", + "type": "search", + "gridData": { + "h": 13, + "i": "481f1778-caad-4971-b598-bb61c94bf998", + "w": 48, + "x": 0, + "y": 31 }, - { - "id": "o365-dbae13c0-685c-11ea-8d6a-292ef5d68366", - "name": "panel_4", - "type": "map" + "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998", + "embeddableConfig": { + "enhancements": {} }, - { - "id": "o365-8b8e5a10-6886-11ea-8d6a-292ef5d68366", - "name": "panel_5", - "type": "search" - } + "title": "Data Loss Prevention alerts", + "panelRefName": "panel_481f1778-caad-4971-b598-bb61c94bf998" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs o365] Audit Dashboard", + "version": 1 + }, + "references": [ + { + "name": "481f1778-caad-4971-b598-bb61c94bf998:panel_481f1778-caad-4971-b598-bb61c94bf998", + "type": "search", + "id": "o365-8b8e5a10-6886-11ea-8d6a-292ef5d68366" + }, + { + "type": "search", + "name": "b6942e2a-81dc-40e4-a932-8b7a864b28bc:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" + }, + { + "type": "search", + "name": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" + }, + { + "type": "search", + "name": "70ab7239-c65c-41da-8242-da61750745d7:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" + }, + { + "type": "index-pattern", + "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" + }, + { + "type": "index-pattern", + "name": "15fe975b-6b8b-4445-872d-e06c041e2c31:layer_1_source_index_pattern", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/o365/kibana/map/o365-dbae13c0-685c-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/map/o365-dbae13c0-685c-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index a9b88eb38cd..00000000000 --- a/packages/o365/kibana/map/o365-dbae13c0-685c-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "0b910b6c-77c8-4223-892a-1ebf69b0ccb4", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "acc53b7b-3411-406b-9371-6fa62b6b9365", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "applyGlobalQuery": true, - "geoField": "source.geo.location", - "id": "3ba31ffc-7051-44bf-96a0-a684020cd2a3", - "indexPatternRefName": "layer_1_source_index_pattern", - "requestType": "point", - "resolution": "FINE", - "type": "ES_GEO_GRID" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "Yellow to Red", - "colorCategory": "palette_0", - "field": { - "name": "doc_count", - "origin": "source" - }, - "fieldMetaOptions": { - "isEnabled": true, - "sigma": 3 - }, - "type": "ORDINAL", - "useCustomColorRamp": false - }, - "type": "DYNAMIC" - }, - "icon": { - "options": { - "value": "airfield" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "field": { - "name": "doc_count", - "origin": "source" - }, - "fieldMetaOptions": { - "isEnabled": true, - "sigma": 3 - }, - "maxSize": 32, - "minSize": 8 - }, - "type": "DYNAMIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "field": { - "name": "doc_count", - "origin": "source" - } - }, - "type": "DYNAMIC" - }, - "lineColor": { - "options": { - "color": "#FFF" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 0 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 30.87292, - "lon": 16.67387 - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"o365.audit\" " - }, - "refreshConfig": { - "interval": 0, - "isPaused": false - }, - "timeFilters": { - "from": "2020-02-05T03:25:59.045Z", - "to": "2020-02-29T10:59:01.067Z" - }, - "zoom": 2.88 - }, - "title": "Client Geo Map [Logs o365 audit]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "o365-dbae13c0-685c-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "map": "7.9.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-0be1adb0-6860-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-0be1adb0-6860-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index 4a0de719efb..00000000000 --- a/packages/o365/kibana/visualization/o365-0be1adb0-6860-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "savedSearchRefName": "search_0", - "title": "Audit Event Count [Logs o365]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "dimensions": { - "metrics": [ - { - "accessor": 0, - "format": { - "id": "number", - "params": {} - }, - "type": "vis_dimension" - } - ] - }, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000, - "type": "range" - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Audit Event Count [Logs o365]", - "type": "metric" - } - }, - "id": "o365-0be1adb0-6860-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-897d0c70-6869-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-897d0c70-6869-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index c3ab8e6044c..00000000000 --- a/packages/o365/kibana/visualization/o365-897d0c70-6869-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,252 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "authentication" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "authentication" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Authentication Failures [Logs o365]", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#E24D42", - "success": "#629E51" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 2 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "split", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": false, - "style": {}, - "title": {}, - "type": "category" - } - ], - "dimensions": { - "series": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } - }, - "label": "event.outcome: Ascending", - "params": {} - } - ], - "splitRow": [ - { - "accessor": 1, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } - }, - "label": "user.name: Descending", - "params": {} - } - ], - "x": null, - "y": [ - { - "accessor": 2, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - ] - }, - "grid": { - "categoryLines": false, - "valueAxis": "" - }, - "labels": { - "show": true - }, - "legendPosition": "bottom", - "orderBucketsBySum": true, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": false, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": false, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Top Authentication Failures [Logs o365]", - "type": "horizontal_bar" - } - }, - "id": "o365-897d0c70-6869-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-8b033510-685a-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-8b033510-685a-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index beb10a38b70..00000000000 --- a/packages/o365/kibana/visualization/o365-8b033510-685a-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,208 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "savedSearchRefName": "search_0", - "title": "Events Histogram [Logs o365]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "2020-02-05T03:25:59.045Z", - "to": "2020-02-29T10:59:01.067Z" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "dimensions": { - "series": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } - }, - "label": "event.code: Descending", - "params": {} - } - ], - "x": { - "accessor": 1, - "aggType": "date_histogram", - "format": { - "id": "date", - "params": { - "pattern": "YYYY-MM-DD HH:mm" - } - }, - "label": "@timestamp per 12 hours", - "params": { - "bounds": { - "max": "2020-02-29T10:59:01.067Z", - "min": "2020-02-05T03:25:59.045Z" - }, - "date": true, - "format": "YYYY-MM-DD HH:mm", - "interval": "PT12H", - "intervalESUnit": "h", - "intervalESValue": 12 - } - }, - "y": [ - { - "accessor": 2, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - ] - }, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Events Histogram [Logs o365]", - "type": "histogram" - } - }, - "id": "o365-8b033510-685a-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-d43c95a0-6864-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-d43c95a0-6864-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index 510e5d591b6..00000000000 --- a/packages/o365/kibana/visualization/o365-d43c95a0-6864-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "savedSearchRefName": "search_0", - "title": "Audit Event Type [Logs o365]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.kind", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - }, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Audit Event Type [Logs o365]", - "type": "pie" - } - }, - "id": "o365-d43c95a0-6864-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 5ee10beb3aa48ea64c4b9b403cee64c6a04c0775 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 03:06:11 +0530 Subject: [PATCH 026/103] migrate okta to by_value --- ...-749203a0-67b1-11ea-a76f-bf44814e437d.json | 603 ++++++++++++++---- ...-281ca660-67b1-11ea-a76f-bf44814e437d.json | 185 ------ ...-0a784b30-67c7-11ea-a76f-bf44814e437d.json | 102 --- ...-545d6a00-67ae-11ea-a76f-bf44814e437d.json | 102 --- ...-7c6ec080-67c6-11ea-a76f-bf44814e437d.json | 102 --- ...-cda883a0-67c6-11ea-a76f-bf44814e437d.json | 71 --- 6 files changed, 467 insertions(+), 698 deletions(-) delete mode 100644 packages/okta/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json delete mode 100644 packages/okta/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json delete mode 100644 packages/okta/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json delete mode 100644 packages/okta/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json delete mode 100644 packages/okta/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json diff --git a/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json index 74898152f54..90320894781 100644 --- a/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json +++ b/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json @@ -1,151 +1,482 @@ { - "attributes": { - "description": "Logs Okta integration Kibana dashboard", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "id": "okta-749203a0-67b1-11ea-a76f-bf44814e437d", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T21:35:59.512Z", + "version": "WzYzMiwxXQ==", + "attributes": { + "description": "Logs Okta integration Kibana dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.14.0", + "type": "map", + "gridData": { + "h": 22, + "i": "8013824b-5a66-494c-acc5-3df8b7678879", + "w": 48, + "x": 0, + "y": 0 }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "panelIndex": "8013824b-5a66-494c-acc5-3df8b7678879", + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 26.54701, + "lon": -44.69098, + "zoom": 2.75 + }, + "openTOCDetails": [], + "enhancements": {}, + "attributes": { + "title": "Geolocation [Logs Okta]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":26.54701,\"lon\":-44.69098},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"okta.system\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"okta.system\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"zoom\":2.75,\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"6908e81b-1695-4445-aee4-8bc8c9f65600\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"dc52e707-92d7-4de7-becf-a3a8bfaa2c2d\",\"label\":\"Okta \",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"okta.system\\\" \"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":false,\"geoField\":\"client.geo.location\",\"id\":\"4b8bd321-4b90-4d97-83e0-2b12bf091f66\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" + } + } + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", + "w": 10, + "x": 0, + "y": 22 }, - "panelsJSON": [ - { - "embeddableConfig": { - "hiddenLayers": [], - "isLayerTOCOpen": false, - "mapCenter": { - "lat": 26.54701, - "lon": -44.69098, - "zoom": 2.75 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 22, - "i": "8013824b-5a66-494c-acc5-3df8b7678879", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "8013824b-5a66-494c-acc5-3df8b7678879", - "panelRefName": "panel_0", - "version": "8.0.0-SNAPSHOT" + "panelIndex": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Outcome [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", - "w": 10, - "x": 0, - "y": 22 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", - "panelRefName": "panel_1", - "version": "8.0.0-SNAPSHOT" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "195db901-dc2b-4b7d-80c3-742e2712ac2a", - "w": 9, - "x": 10, - "y": 22 - }, - "panelIndex": "195db901-dc2b-4b7d-80c3-742e2712ac2a", - "panelRefName": "panel_2", - "version": "8.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + } + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "195db901-dc2b-4b7d-80c3-742e2712ac2a", + "w": 9, + "x": 10, + "y": 22 + }, + "panelIndex": "195db901-dc2b-4b7d-80c3-742e2712ac2a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Transaction Types [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", - "w": 19, - "x": 29, - "y": 22 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", - "panelRefName": "panel_3", - "version": "8.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.transaction.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + } + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", + "w": 19, + "x": 29, + "y": 22 + }, + "panelIndex": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Time Series [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "abd68650-67c6-11ea-8c7d-ed286611413e" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "data_stream.dataset : \"okta.system\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "a25a43ed-3262-486c-a482-1fac52f26128", - "w": 10, - "x": 19, - "y": 22 - }, - "panelIndex": "a25a43ed-3262-486c-a482-1fac52f26128", - "panelRefName": "panel_4", - "version": "8.0.0-SNAPSHOT" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + } + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "a25a43ed-3262-486c-a482-1fac52f26128", + "w": 10, + "x": 19, + "y": 22 + }, + "panelIndex": "a25a43ed-3262-486c-a482-1fac52f26128", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Actor Types [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 16, - "i": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", - "w": 48, - "x": 0, - "y": 33 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", - "panelRefName": "panel_5", - "version": "8.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.actor.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Okta] Overview", - "version": 1 - }, - "id": "okta-749203a0-67b1-11ea-a76f-bf44814e437d", - "migrationVersion": { - "dashboard": "7.3.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "okta-281ca660-67b1-11ea-a76f-bf44814e437d", - "name": "panel_0", - "type": "map" - }, - { - "id": "okta-545d6a00-67ae-11ea-a76f-bf44814e437d", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "okta-7c6ec080-67c6-11ea-a76f-bf44814e437d", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "okta-cda883a0-67c6-11ea-a76f-bf44814e437d", - "name": "panel_3", - "type": "visualization" + } + } + }, + { + "version": "8.0.0-SNAPSHOT", + "type": "search", + "gridData": { + "h": 16, + "i": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "w": 48, + "x": 0, + "y": 33 }, - { - "id": "okta-0a784b30-67c7-11ea-a76f-bf44814e437d", - "name": "panel_4", - "type": "visualization" + "panelIndex": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "embeddableConfig": { + "enhancements": {} }, - { - "id": "okta-21028750-67ca-11ea-a76f-bf44814e437d", - "name": "panel_5", - "type": "search" - } + "panelRefName": "panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Okta] Overview", + "version": 1 + }, + "references": [ + { + "name": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9:panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "type": "search", + "id": "okta-21028750-67ca-11ea-a76f-bf44814e437d" + }, + { + "type": "index-pattern", + "name": "8013824b-5a66-494c-acc5-3df8b7678879:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/okta/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 22759481960..00000000000 --- a/packages/okta/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,185 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "6908e81b-1695-4445-aee4-8bc8c9f65600", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "dc52e707-92d7-4de7-becf-a3a8bfaa2c2d", - "label": "Okta ", - "maxZoom": 24, - "minZoom": 0, - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"okta.system\" " - }, - "sourceDescriptor": { - "applyGlobalQuery": true, - "filterByMapBounds": false, - "geoField": "client.geo.location", - "id": "4b8bd321-4b90-4d97-83e0-2b12bf091f66", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "LIMIT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 26.54701, - "lon": -44.69098 - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "refreshConfig": { - "interval": 0, - "isPaused": false - }, - "timeFilters": { - "from": "now-15w", - "to": "now" - }, - "zoom": 2.75 - }, - "title": "Geolocation [Logs Okta]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "okta-281ca660-67b1-11ea-a76f-bf44814e437d", - "migrationVersion": { - "map": "7.9.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json deleted file mode 100644 index fd3e1cd916e..00000000000 --- a/packages/okta/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Actor Types [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "okta.actor.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Actor Types [Logs Okta]", - "type": "pie" - } - }, - "id": "okta-0a784b30-67c7-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 11a37397711..00000000000 --- a/packages/okta/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Event Outcome [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Event Outcome [Logs Okta]", - "type": "pie" - } - }, - "id": "okta-545d6a00-67ae-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 0cf30b64ec7..00000000000 --- a/packages/okta/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Transaction Types [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "okta.transaction.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Transaction Types [Logs Okta]", - "type": "pie" - } - }, - "id": "okta-7c6ec080-67c6-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 159e68b68e0..00000000000 --- a/packages/okta/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Time Series [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "bar_color_rules": [ - { - "id": "abd68650-67c6-11ea-8c7d-ed286611413e" - } - ], - "default_index_pattern": "logs-*", - "default_timefield": "@timestamp", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"okta.system\"" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries" - }, - "title": "Time Series [Logs Okta]", - "type": "metrics" - } - }, - "id": "okta-cda883a0-67c6-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file From 1b1f9b91e0ab4305d26d0a15daed3c7eee9d22d9 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 03:25:11 +0530 Subject: [PATCH 027/103] migrate osquery to by_value --- ...-69f5ae20-eb02-11e7-8f04-51231daa5b05.json | 550 +++++++++++++----- ...-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json | 372 ++++++++---- ...-1da1ed30-eb03-11e7-8f04-51231daa5b05.json | 94 --- ...-240f3630-eb05-11e7-8f04-51231daa5b05.json | 130 ----- ...-2d6e0760-f4ab-11e7-8647-534bb4c21040.json | 26 - ...-6ec10290-f4aa-11e7-8647-534bb4c21040.json | 26 - ...-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json | 80 --- ...-ab587180-f4a9-11e7-8647-534bb4c21040.json | 74 --- ...-ffdbba50-f4a9-11e7-8647-534bb4c21040.json | 74 --- 9 files changed, 664 insertions(+), 762 deletions(-) delete mode 100644 packages/osquery/kibana/visualization/osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05.json delete mode 100644 packages/osquery/kibana/visualization/osquery-240f3630-eb05-11e7-8f04-51231daa5b05.json delete mode 100644 packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json delete mode 100644 packages/osquery/kibana/visualization/osquery-6ec10290-f4aa-11e7-8647-534bb4c21040.json delete mode 100644 packages/osquery/kibana/visualization/osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json delete mode 100644 packages/osquery/kibana/visualization/osquery-ab587180-f4a9-11e7-8647-534bb4c21040.json delete mode 100644 packages/osquery/kibana/visualization/osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040.json diff --git a/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json index 15b784f4498..32d6c2b96af 100644 --- a/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json +++ b/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json @@ -1,161 +1,433 @@ { - "attributes": { - "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T21:53:46.434Z", + "version": "WzYzMSwxXQ==", + "attributes": { + "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:osquery.result" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "1", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.11.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Mounts by type [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.path", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "data_stream.dataset:osquery.result" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "2", + "w": 28, + "x": 20, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "1", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.11.0-SNAPSHOT" + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.11.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "OS versions [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "osquery.result.host_identifier" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 15, - "i": "2", - "w": 28, - "x": 20, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.11.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "4", + "params": { + "field": "osquery.result.columns.platform_like", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 16, - "i": "3", - "w": 24, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.11.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "4", + "w": 11, + "x": 0, + "y": 4 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "4", - "w": 11, - "x": 0, - "y": 4 - }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.11.0-SNAPSHOT" + "legendOpen": false + }, + "savedVis": { + "title": "Number of Kernel integrations [Logs Osquery]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - }, - "legendOpen": false - } - }, - "gridData": { - "h": 11, - "i": "5", - "w": 9, - "x": 11, - "y": 4 + "params": { + "addLegend": true, + "addTooltip": true, + "gauge": { + "alignment": "horizontal", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.11.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": true }, - "gridData": { - "h": 4, - "i": "6", - "w": 20, - "x": 0, - "y": 0 + "style": { + "bgColor": false, + "bgFill": "#eee", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.11.0-SNAPSHOT" + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "type": "gauge", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Live Kernel integrations", + "field": "osquery.result.columns.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.columns.status", + "negate": false, + "params": { + "query": "Live", + "type": "phrase" + }, + "type": "phrase", + "value": "Live" + }, + "query": { + "match": { + "osquery.result.columns.status": { + "query": "Live", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Osquery] Compliance pack", - "version": 1 - }, - "id": "osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "references": [ - { - "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05", - "name": "panel_0", - "type": "search" - }, - { - "id": "osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "osquery-3824b080-eb02-11e7-8f04-51231daa5b05", - "name": "panel_2", - "type": "search" + "gridData": { + "h": 11, + "i": "5", + "w": 9, + "x": 11, + "y": 4 }, - { - "id": "osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05", - "name": "panel_3", - "type": "visualization" + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "osquery-240f3630-eb05-11e7-8f04-51231daa5b05", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 4, + "i": "6", + "w": 20, + "x": 0, + "y": 0 }, - { - "id": "osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "name": "panel_5", - "type": "visualization" - } + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Osquery] Compliance pack", + "version": 1 + }, + "references": [ + { + "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05", + "name": "panel_0", + "type": "search" + }, + { + "id": "osquery-3824b080-eb02-11e7-8f04-51231daa5b05", + "name": "panel_2", + "type": "search" + }, + { + "type": "search", + "name": "2:search_0", + "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05" + }, + { + "type": "search", + "name": "4:search_0", + "id": "osquery-b5d6baa0-eb02-11e7-8f04-51231daa5b05" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "osquery-f59e21e0-eb03-11e7-8f04-51231daa5b05" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json index 98157b6dee6..cfc058cfc33 100644 --- a/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json +++ b/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json @@ -1,137 +1,271 @@ { - "attributes": { - "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:osquery.result" - }, - "version": true + "id": "osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T21:53:46.434Z", + "version": "WzYzMiwxXQ==", + "attributes": { + "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:osquery.result" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Info OSSEC rootkit [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 4, + "i": "1", + "w": 10, + "x": 19, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Number of rootkits found [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "1", - "w": 10, - "x": 19, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.11.0-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 5, - "i": "2", - "w": 6, - "x": 37, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.11.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Rootkits", + "field": "osquery.result.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "2", + "w": 6, + "x": 37, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Number of hosts infected [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 5, - "i": "3", - "w": 6, - "x": 31, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.11.0-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "4", - "w": 19, - "x": 0, - "y": 0 - }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.11.0-SNAPSHOT" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "agent.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "3", + "w": 6, + "x": 31, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "5", - "w": 43, - "x": 0, - "y": 5 - }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.11.0-SNAPSHOT" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} } - ], - "timeRestore": false, - "title": "[Logs Osquery] OSSEC rootkit pack", - "version": 1 - }, - "id": "osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "references": [ - { - "id": "osquery-6ec10290-f4aa-11e7-8647-534bb4c21040", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 4, + "i": "4", + "w": 19, + "x": 0, + "y": 0 }, - { - "id": "osquery-ab587180-f4a9-11e7-8647-534bb4c21040", - "name": "panel_2", - "type": "visualization" + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 20, + "i": "5", + "w": 43, + "x": 0, + "y": 5 }, - { - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "panel_4", - "type": "search" - } + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.11.0-SNAPSHOT" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Osquery] OSSEC rootkit pack", + "version": 1 + }, + "references": [ + { + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", + "name": "panel_4", + "type": "search" + }, + { + "type": "search", + "name": "2:search_0", + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" + }, + { + "type": "search", + "name": "3:search_0", + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/visualization/osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05.json deleted file mode 100644 index 3fd8ea2720d..00000000000 --- a/packages/osquery/kibana/visualization/osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "OS versions [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "osquery.result.host_identifier" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "osquery.result.columns.platform_like", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "osquery.result.columns.name", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "osquery.result.columns.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "OS versions [Logs Osquery]", - "type": "pie" - } - }, - "id": "osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-b5d6baa0-eb02-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-240f3630-eb05-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/visualization/osquery-240f3630-eb05-11e7-8f04-51231daa5b05.json deleted file mode 100644 index ed516faa9d3..00000000000 --- a/packages/osquery/kibana/visualization/osquery-240f3630-eb05-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,130 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "osquery.result.columns.status", - "negate": false, - "params": { - "query": "Live", - "type": "phrase" - }, - "type": "phrase", - "value": "Live" - }, - "query": { - "match": { - "osquery.result.columns.status": { - "query": "Live", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Number of Kernel integrations [Logs Osquery]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Live Kernel integrations", - "field": "osquery.result.columns.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "gauge": { - "alignment": "horizontal", - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "extendRange": true, - "gaugeColorMode": "Labels", - "gaugeStyle": "Full", - "gaugeType": "Arc", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": true - }, - "style": { - "bgColor": false, - "bgFill": "#eee", - "bgMask": false, - "bgWidth": 0.9, - "fontSize": 60, - "labelColor": true, - "mask": false, - "maskBars": 50, - "subText": "", - "width": 0.9 - }, - "type": "meter" - }, - "isDisplayWarning": false, - "type": "gauge" - }, - "title": "Number of Kernel integrations [Logs Osquery]", - "type": "gauge" - } - }, - "id": "osquery-240f3630-eb05-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "osquery-f59e21e0-eb03-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json deleted file mode 100644 index 83aafe6b8ae..00000000000 --- a/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Navigation [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 10, - "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" - }, - "title": "Navigation [Logs Osquery]", - "type": "markdown" - } - }, - "id": "osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-6ec10290-f4aa-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-6ec10290-f4aa-11e7-8647-534bb4c21040.json deleted file mode 100644 index c90f9d214ce..00000000000 --- a/packages/osquery/kibana/visualization/osquery-6ec10290-f4aa-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Info OSSEC rootkit [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." - }, - "title": "Info OSSEC rootkit [Logs Osquery]", - "type": "markdown" - } - }, - "id": "osquery-6ec10290-f4aa-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/visualization/osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json deleted file mode 100644 index a7a46efddc6..00000000000 --- a/packages/osquery/kibana/visualization/osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Mounts by type [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "osquery.result.columns.path", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "osquery.result.columns.type", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Mounts by type [Logs Osquery]", - "type": "pie" - } - }, - "id": "osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-ab587180-f4a9-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-ab587180-f4a9-11e7-8647-534bb4c21040.json deleted file mode 100644 index 7b32d87eee6..00000000000 --- a/packages/osquery/kibana/visualization/osquery-ab587180-f4a9-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Number of hosts infected [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Hosts", - "field": "agent.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Number of hosts infected [Logs Osquery]", - "type": "metric" - } - }, - "id": "osquery-ab587180-f4a9-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040.json deleted file mode 100644 index f7b696cd83e..00000000000 --- a/packages/osquery/kibana/visualization/osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Number of rootkits found [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Rootkits", - "field": "osquery.result.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Number of rootkits found [Logs Osquery]", - "type": "metric" - } - }, - "id": "osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 0e872c8897e24f6cd131184dbcdc76e0b586cb4b Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 03:36:28 +0530 Subject: [PATCH 028/103] migrate panw to by_value --- ...-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json | 1317 +++---- ...-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json | 3117 ++++++++-------- ...-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json | 1051 +++--- ...-772964e0-7591-11e9-aacf-79a3704914a0.json | 2613 +++++++------- ...-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json | 1469 ++++---- ...-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json | 1297 +++---- ...-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json | 1327 +++---- ...-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json | 1269 +++---- ...-e40ba240-7572-11e9-976e-65a8f47cc4c1.json | 3137 +++++++++-------- ...-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json | 2731 +++++++------- 10 files changed, 9689 insertions(+), 9639 deletions(-) diff --git a/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json index cc6a6774426..9c528cbd08f 100644 --- a/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json @@ -1,685 +1,690 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS HIP Match and Correlated Events Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"CORRELATION\" or panw.panos.type: \"HIP-MATCH\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b": { - "columnOrder": [ - "213aacfe-f046-4624-b371-f854e932f413", - "bef17b31-4c6f-42cf-b272-cd400397487c" - ], - "columns": { - "213aacfe-f046-4624-b371-f854e932f413": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operating System", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "bef17b31-4c6f-42cf-b272-cd400397487c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.full" - }, - "bef17b31-4c6f-42cf-b272-cd400397487c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "id": "panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU3NCwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS HIP Match and Correlated Events Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"CORRELATION\" or panw.panos.type: \"HIP-MATCH\")" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b": { + "columnOrder": [ + "213aacfe-f046-4624-b371-f854e932f413", + "bef17b31-4c6f-42cf-b272-cd400397487c" + ], + "columns": { + "213aacfe-f046-4624-b371-f854e932f413": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operating System", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "bef17b31-4c6f-42cf-b272-cd400397487c", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "213aacfe-f046-4624-b371-f854e932f413" - ], - "layerId": "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", - "layerType": "data", - "legendDisplay": "default", - "metric": "bef17b31-4c6f-42cf-b272-cd400397487c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.full" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a022bf97-bef4-4918-ac28-4c48f0dbc048", - "w": 17, - "x": 0, - "y": 0 - }, - "panelIndex": "a022bf97-bef4-4918-ac28-4c48f0dbc048", - "title": "Distribution of HIP Events by Operating System [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "bef17b31-4c6f-42cf-b272-cd400397487c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "213aacfe-f046-4624-b371-f854e932f413" + ], + "layerId": "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", + "layerType": "data", + "legendDisplay": "default", + "metric": "bef17b31-4c6f-42cf-b272-cd400397487c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7f464e45-4071-44f2-b122-136cc384955a": { - "columnOrder": [ - "52feda80-444c-4544-bc15-bb4425f238f4", - "fa644902-2280-4df7-a3ab-329ed5ea5506" - ], - "columns": { - "52feda80-444c-4544-bc15-bb4425f238f4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "HIP Match Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "fa644902-2280-4df7-a3ab-329ed5ea5506", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.matchname" - }, - "fa644902-2280-4df7-a3ab-329ed5ea5506": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a022bf97-bef4-4918-ac28-4c48f0dbc048", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "a022bf97-bef4-4918-ac28-4c48f0dbc048", + "title": "Distribution of HIP Events by Operating System [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7f464e45-4071-44f2-b122-136cc384955a": { + "columnOrder": [ + "52feda80-444c-4544-bc15-bb4425f238f4", + "fa644902-2280-4df7-a3ab-329ed5ea5506" + ], + "columns": { + "52feda80-444c-4544-bc15-bb4425f238f4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "HIP Match Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "fa644902-2280-4df7-a3ab-329ed5ea5506", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "fa644902-2280-4df7-a3ab-329ed5ea5506" - ], - "layerId": "7f464e45-4071-44f2-b122-136cc384955a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "52feda80-444c-4544-bc15-bb4425f238f4" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.matchname" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c3058ed9-5860-4652-a8aa-86b0a2a46806", - "w": 16, - "x": 17, - "y": 0 + "fa644902-2280-4df7-a3ab-329ed5ea5506": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "c3058ed9-5860-4652-a8aa-86b0a2a46806", - "title": "Distribution of HIP Events by HIP Match Name [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "13017eeb-8282-4291-a21c-aad1432731cf": { - "columnOrder": [ - "c76c4451-34be-4ce1-b91c-9f4cd84cd693", - "12ec2de6-7681-4d61-8772-15389b3df118" - ], - "columns": { - "12ec2de6-7681-4d61-8772-15389b3df118": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "c76c4451-34be-4ce1-b91c-9f4cd84cd693": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "HIP Match Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "12ec2de6-7681-4d61-8772-15389b3df118", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.matchtype" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c76c4451-34be-4ce1-b91c-9f4cd84cd693" - ], - "layerId": "13017eeb-8282-4291-a21c-aad1432731cf", - "layerType": "data", - "legendDisplay": "default", - "metric": "12ec2de6-7681-4d61-8772-15389b3df118", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "2ec6098c-96f5-43d7-b068-7a155484fde2", - "w": 15, - "x": 33, - "y": 0 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "2ec6098c-96f5-43d7-b068-7a155484fde2", - "title": "Distribution of HIP Events by HIP Match Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ecea3039-c2bb-4d00-94c8-8cdc634e78e5": { - "columnOrder": [ - "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362", - "50b7a409-5678-4e93-a760-f08c03f4f9a5" - ], - "columns": { - "50b7a409-5678-4e93-a760-f08c03f4f9a5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "50b7a409-5678-4e93-a760-f08c03f4f9a5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362" - ], - "layerId": "ecea3039-c2bb-4d00-94c8-8cdc634e78e5", - "layerType": "data", - "legendDisplay": "default", - "metric": "50b7a409-5678-4e93-a760-f08c03f4f9a5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "layers": [ + { + "accessors": [ + "fa644902-2280-4df7-a3ab-329ed5ea5506" + ], + "layerId": "7f464e45-4071-44f2-b122-136cc384955a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "52feda80-444c-4544-bc15-bb4425f238f4" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "7d23e185-ac62-4c2a-9538-c8a08d972231", - "w": 24, - "x": 0, - "y": 15 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "7d23e185-ac62-4c2a-9538-c8a08d972231", - "title": "Distribution of Correlated Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e": { - "columnOrder": [ - "db7c247a-7051-46f3-ac80-76737c7c839d", - "c1834fd1-09ac-4c72-9f98-e13000c3c28a" - ], - "columns": { - "c1834fd1-09ac-4c72-9f98-e13000c3c28a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "db7c247a-7051-46f3-ac80-76737c7c839d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.object.name" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "c3058ed9-5860-4652-a8aa-86b0a2a46806", + "w": 16, + "x": 17, + "y": 0 + }, + "panelIndex": "c3058ed9-5860-4652-a8aa-86b0a2a46806", + "title": "Distribution of HIP Events by HIP Match Name [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "13017eeb-8282-4291-a21c-aad1432731cf": { + "columnOrder": [ + "c76c4451-34be-4ce1-b91c-9f4cd84cd693", + "12ec2de6-7681-4d61-8772-15389b3df118" + ], + "columns": { + "12ec2de6-7681-4d61-8772-15389b3df118": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "c76c4451-34be-4ce1-b91c-9f4cd84cd693": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "HIP Match Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "12ec2de6-7681-4d61-8772-15389b3df118", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "db7c247a-7051-46f3-ac80-76737c7c839d" - ], - "layerId": "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", - "layerType": "data", - "legendDisplay": "default", - "metric": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fd6b1cb2-9972-45bb-933f-dd4fae739199", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "fd6b1cb2-9972-45bb-933f-dd4fae739199", - "title": "Distribution of Correlated Events by Correlation Object Name [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "1d88372a-3942-430d-81da-769e97f4b550", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "1d88372a-3942-430d-81da-769e97f4b550", - "panelRefName": "panel_1d88372a-3942-430d-81da-769e97f4b550", - "type": "search", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.matchtype" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c76c4451-34be-4ce1-b91c-9f4cd84cd693" + ], + "layerId": "13017eeb-8282-4291-a21c-aad1432731cf", + "layerType": "data", + "legendDisplay": "default", + "metric": "12ec2de6-7681-4d61-8772-15389b3df118", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "184022a9-caeb-489e-b6a7-0449993693f5", - "w": 48, - "x": 0, - "y": 49 - }, - "panelIndex": "184022a9-caeb-489e-b6a7-0449993693f5", - "panelRefName": "panel_184022a9-caeb-489e-b6a7-0449993693f5", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] HIP Match and Correlated Events", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "2ec6098c-96f5-43d7-b068-7a155484fde2", + "w": 15, + "x": 33, + "y": 0 }, - { - "id": "logs-*", - "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", - "type": "index-pattern" + "panelIndex": "2ec6098c-96f5-43d7-b068-7a155484fde2", + "title": "Distribution of HIP Events by HIP Match Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ecea3039-c2bb-4d00-94c8-8cdc634e78e5": { + "columnOrder": [ + "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362", + "50b7a409-5678-4e93-a760-f08c03f4f9a5" + ], + "columns": { + "50b7a409-5678-4e93-a760-f08c03f4f9a5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "50b7a409-5678-4e93-a760-f08c03f4f9a5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362" + ], + "layerId": "ecea3039-c2bb-4d00-94c8-8cdc634e78e5", + "layerType": "data", + "legendDisplay": "default", + "metric": "50b7a409-5678-4e93-a760-f08c03f4f9a5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "7d23e185-ac62-4c2a-9538-c8a08d972231", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", - "type": "index-pattern" + "panelIndex": "7d23e185-ac62-4c2a-9538-c8a08d972231", + "title": "Distribution of Correlated Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e": { + "columnOrder": [ + "db7c247a-7051-46f3-ac80-76737c7c839d", + "c1834fd1-09ac-4c72-9f98-e13000c3c28a" + ], + "columns": { + "c1834fd1-09ac-4c72-9f98-e13000c3c28a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "db7c247a-7051-46f3-ac80-76737c7c839d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.object.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "db7c247a-7051-46f3-ac80-76737c7c839d" + ], + "layerId": "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", + "layerType": "data", + "legendDisplay": "default", + "metric": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "fd6b1cb2-9972-45bb-933f-dd4fae739199", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", - "type": "index-pattern" + "panelIndex": "fd6b1cb2-9972-45bb-933f-dd4fae739199", + "title": "Distribution of Correlated Events by Correlation Object Name [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 19, + "i": "1d88372a-3942-430d-81da-769e97f4b550", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", - "type": "index-pattern" + "panelIndex": "1d88372a-3942-430d-81da-769e97f4b550", + "panelRefName": "panel_1d88372a-3942-430d-81da-769e97f4b550", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "panw-6d0ea500-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "1d88372a-3942-430d-81da-769e97f4b550:panel_1d88372a-3942-430d-81da-769e97f4b550", - "type": "search" + "gridData": { + "h": 19, + "i": "184022a9-caeb-489e-b6a7-0449993693f5", + "w": 48, + "x": 0, + "y": 49 }, - { - "id": "panw-79d117f0-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "184022a9-caeb-489e-b6a7-0449993693f5:panel_184022a9-caeb-489e-b6a7-0449993693f5", - "type": "search" - } + "panelIndex": "184022a9-caeb-489e-b6a7-0449993693f5", + "panelRefName": "panel_184022a9-caeb-489e-b6a7-0449993693f5", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] HIP Match and Correlated Events", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", + "type": "index-pattern" + }, + { + "id": "panw-6d0ea500-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "1d88372a-3942-430d-81da-769e97f4b550:panel_1d88372a-3942-430d-81da-769e97f4b550", + "type": "search" + }, + { + "id": "panw-79d117f0-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "184022a9-caeb-489e-b6a7-0449993693f5:panel_184022a9-caeb-489e-b6a7-0449993693f5", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json index a5aebfdff9e..da5d5b238f0 100644 --- a/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json @@ -1,1617 +1,1622 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS Decryption Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0a1f2b2a-3817-47b2-9ded-a2772d821cc1": { - "columnOrder": [ - "5656e6ee-cecb-455b-a0f0-47237ed058f3", - "169ca387-1f16-454b-acc6-c73c7de21561" - ], - "columns": { - "169ca387-1f16-454b-acc6-c73c7de21561": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "5656e6ee-cecb-455b-a0f0-47237ed058f3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "169ca387-1f16-454b-acc6-c73c7de21561", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "network.application" - } - }, - "incompleteColumns": {} - } - } - } + "id": "panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU3NSwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS Decryption Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0a1f2b2a-3817-47b2-9ded-a2772d821cc1": { + "columnOrder": [ + "5656e6ee-cecb-455b-a0f0-47237ed058f3", + "169ca387-1f16-454b-acc6-c73c7de21561" + ], + "columns": { + "169ca387-1f16-454b-acc6-c73c7de21561": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5656e6ee-cecb-455b-a0f0-47237ed058f3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "169ca387-1f16-454b-acc6-c73c7de21561", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "169ca387-1f16-454b-acc6-c73c7de21561" - ], - "layerId": "0a1f2b2a-3817-47b2-9ded-a2772d821cc1", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "5656e6ee-cecb-455b-a0f0-47237ed058f3" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "size": 10 + }, + "scale": "ordinal", + "sourceField": "network.application" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "273c129c-8842-432b-b61c-1a5f51e62780", - "w": 24, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "273c129c-8842-432b-b61c-1a5f51e62780", - "title": "Distribution of Decryption Events by Application [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e3456bbd-160b-404f-9528-7405677dea0f": { - "columnOrder": [ - "dd605c7a-a46e-4792-bc82-ca3ce60c9f36", - "96706faa-7161-41bf-a6af-99d770fbbec1" - ], - "columns": { - "96706faa-7161-41bf-a6af-99d770fbbec1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "dd605c7a-a46e-4792-bc82-ca3ce60c9f36": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "96706faa-7161-41bf-a6af-99d770fbbec1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dd605c7a-a46e-4792-bc82-ca3ce60c9f36" - ], - "layerId": "e3456bbd-160b-404f-9528-7405677dea0f", - "layerType": "data", - "legendDisplay": "default", - "metric": "96706faa-7161-41bf-a6af-99d770fbbec1", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "169ca387-1f16-454b-acc6-c73c7de21561" + ], + "layerId": "0a1f2b2a-3817-47b2-9ded-a2772d821cc1", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "5656e6ee-cecb-455b-a0f0-47237ed058f3" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "60877c36-6915-4458-9734-0045530351d2", - "w": 24, - "x": 24, - "y": 0 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "60877c36-6915-4458-9734-0045530351d2", - "title": "Distribution of Decryption Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f": { - "columnOrder": [ - "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff", - "38e78a86-5605-4737-ac42-9d7971a4eca2" - ], - "columns": { - "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Chain Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "38e78a86-5605-4737-ac42-9d7971a4eca2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.chain_status" - }, - "38e78a86-5605-4737-ac42-9d7971a4eca2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "273c129c-8842-432b-b61c-1a5f51e62780", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "273c129c-8842-432b-b61c-1a5f51e62780", + "title": "Distribution of Decryption Events by Application [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e3456bbd-160b-404f-9528-7405677dea0f": { + "columnOrder": [ + "dd605c7a-a46e-4792-bc82-ca3ce60c9f36", + "96706faa-7161-41bf-a6af-99d770fbbec1" + ], + "columns": { + "96706faa-7161-41bf-a6af-99d770fbbec1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "dd605c7a-a46e-4792-bc82-ca3ce60c9f36": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "96706faa-7161-41bf-a6af-99d770fbbec1", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff" - ], - "layerId": "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", - "layerType": "data", - "legendDisplay": "default", - "metric": "38e78a86-5605-4737-ac42-9d7971a4eca2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", - "title": "Distribution of Decryption Events by Chain Status [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dd605c7a-a46e-4792-bc82-ca3ce60c9f36" + ], + "layerId": "e3456bbd-160b-404f-9528-7405677dea0f", + "layerType": "data", + "legendDisplay": "default", + "metric": "96706faa-7161-41bf-a6af-99d770fbbec1", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "10ee237f-72a3-4b39-985b-16d59be50d6a": { - "columnOrder": [ - "739a9191-bc05-4441-9e3e-f4cd17beca61", - "cf793881-83c9-4d7c-9165-91969d514bbf" - ], - "columns": { - "739a9191-bc05-4441-9e3e-f4cd17beca61": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Proxy Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "cf793881-83c9-4d7c-9165-91969d514bbf", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.proxy_type" - }, - "cf793881-83c9-4d7c-9165-91969d514bbf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "60877c36-6915-4458-9734-0045530351d2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "60877c36-6915-4458-9734-0045530351d2", + "title": "Distribution of Decryption Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f": { + "columnOrder": [ + "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff", + "38e78a86-5605-4737-ac42-9d7971a4eca2" + ], + "columns": { + "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Chain Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "38e78a86-5605-4737-ac42-9d7971a4eca2", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "cf793881-83c9-4d7c-9165-91969d514bbf" - ], - "layerId": "10ee237f-72a3-4b39-985b-16d59be50d6a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "739a9191-bc05-4441-9e3e-f4cd17beca61" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.chain_status" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", - "title": "Distribution of Decryption Events by Proxy Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "38e78a86-5605-4737-ac42-9d7971a4eca2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff" + ], + "layerId": "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", + "layerType": "data", + "legendDisplay": "default", + "metric": "38e78a86-5605-4737-ac42-9d7971a4eca2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91f1752b-14fd-4366-a964-592e86a37d44": { - "columnOrder": [ - "27b3efdd-051e-4b22-bf84-4daa570470b1", - "2da3bd48-780e-49dd-aaa1-ae672efe47e6" - ], - "columns": { - "27b3efdd-051e-4b22-bf84-4daa570470b1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Error Message", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.error_message" - }, - "2da3bd48-780e-49dd-aaa1-ae672efe47e6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", + "title": "Distribution of Decryption Events by Chain Status [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "10ee237f-72a3-4b39-985b-16d59be50d6a": { + "columnOrder": [ + "739a9191-bc05-4441-9e3e-f4cd17beca61", + "cf793881-83c9-4d7c-9165-91969d514bbf" + ], + "columns": { + "739a9191-bc05-4441-9e3e-f4cd17beca61": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Proxy Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "cf793881-83c9-4d7c-9165-91969d514bbf", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "27b3efdd-051e-4b22-bf84-4daa570470b1", - "isTransposed": false - }, - { - "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", - "isTransposed": false - } - ], - "layerId": "91f1752b-14fd-4366-a964-592e86a37d44", - "layerType": "data" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.proxy_type" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "cf793881-83c9-4d7c-9165-91969d514bbf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "535ac774-beac-497a-8638-564774234ede", - "w": 24, - "x": 0, - "y": 30 + "layers": [ + { + "accessors": [ + "cf793881-83c9-4d7c-9165-91969d514bbf" + ], + "layerId": "10ee237f-72a3-4b39-985b-16d59be50d6a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "739a9191-bc05-4441-9e3e-f4cd17beca61" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "535ac774-beac-497a-8638-564774234ede", - "title": "Top 10 Error [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0a283787-56f6-4ce7-a9f0-91bdd61831ce": { - "columnOrder": [ - "4903d888-08e2-4a48-b18d-54f89392bf82", - "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" - ], - "columns": { - "4903d888-08e2-4a48-b18d-54f89392bf82": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Server Name Indication", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "tls.client.server_name" - }, - "ddca6015-ca04-42a0-b78b-ce0d5ad20a08": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", + "title": "Distribution of Decryption Events by Proxy Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91f1752b-14fd-4366-a964-592e86a37d44": { + "columnOrder": [ + "27b3efdd-051e-4b22-bf84-4daa570470b1", + "2da3bd48-780e-49dd-aaa1-ae672efe47e6" + ], + "columns": { + "27b3efdd-051e-4b22-bf84-4daa570470b1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Error Message", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "4903d888-08e2-4a48-b18d-54f89392bf82" - }, - { - "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" - } - ], - "layerId": "0a283787-56f6-4ce7-a9f0-91bdd61831ce", - "layerType": "data" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.error_message" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e683dc3b-605f-41e5-8032-11433a7d70be", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "e683dc3b-605f-41e5-8032-11433a7d70be", - "title": "Top 10 Server Name Indication with most Failed Connections [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "2da3bd48-780e-49dd-aaa1-ae672efe47e6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "columnId": "27b3efdd-051e-4b22-bf84-4daa570470b1", + "isTransposed": false + }, + { + "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", + "isTransposed": false + } + ], + "layerId": "91f1752b-14fd-4366-a964-592e86a37d44", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9ad4ffee-bb6c-4326-aa74-a134b520da03": { - "columnOrder": [ - "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", - "189c38f5-e74a-49c6-801c-eb0e643b360f" - ], - "columns": { - "189c38f5-e74a-49c6-801c-eb0e643b360f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Source Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "535ac774-beac-497a-8638-564774234ede", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "535ac774-beac-497a-8638-564774234ede", + "title": "Top 10 Error [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0a283787-56f6-4ce7-a9f0-91bdd61831ce": { + "columnOrder": [ + "4903d888-08e2-4a48-b18d-54f89392bf82", + "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" + ], + "columns": { + "4903d888-08e2-4a48-b18d-54f89392bf82": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Server Name Indication", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", - "isTransposed": false - }, - { - "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", - "isTransposed": false - } - ], - "layerId": "9ad4ffee-bb6c-4326-aa74-a134b520da03", - "layerType": "data" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "tls.client.server_name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", - "title": "Top 10 Source Address with most Failed Connections [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "ddca6015-ca04-42a0-b78b-ce0d5ad20a08": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "columnId": "4903d888-08e2-4a48-b18d-54f89392bf82" + }, + { + "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" + } + ], + "layerId": "0a283787-56f6-4ce7-a9f0-91bdd61831ce", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "261ac1f2-5198-4650-a17b-15c7b57ee371": { - "columnOrder": [ - "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", - "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9" - ], - "columns": { - "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Destination Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.ip" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "e683dc3b-605f-41e5-8032-11433a7d70be", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "e683dc3b-605f-41e5-8032-11433a7d70be", + "title": "Top 10 Server Name Indication with most Failed Connections [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9ad4ffee-bb6c-4326-aa74-a134b520da03": { + "columnOrder": [ + "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", + "189c38f5-e74a-49c6-801c-eb0e643b360f" + ], + "columns": { + "189c38f5-e74a-49c6-801c-eb0e643b360f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", - "isTransposed": false - }, - { - "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", - "isTransposed": false - } - ], - "layerId": "261ac1f2-5198-4650-a17b-15c7b57ee371", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e31c9509-4414-4cf5-827a-3df1714c8f3f", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "e31c9509-4414-4cf5-827a-3df1714c8f3f", - "title": "Top 10 Destination Address with most Failed Connections [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "columnId": "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", + "isTransposed": false + }, + { + "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", + "isTransposed": false + } + ], + "layerId": "9ad4ffee-bb6c-4326-aa74-a134b520da03", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", + "title": "Top 10 Source Address with most Failed Connections [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "261ac1f2-5198-4650-a17b-15c7b57ee371": { + "columnOrder": [ + "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", + "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9" + ], + "columns": { + "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "03ce0c58-ab6f-4550-bc18-39fd5cbee55a": { - "columnOrder": [ - "3e03329e-329b-43fe-b2f8-f245b96eedb7", - "e6337ddb-d93c-4008-a4aa-43ff23e4634d" - ], - "columns": { - "3e03329e-329b-43fe-b2f8-f245b96eedb7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Key Exchange Algorithm", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e6337ddb-d93c-4008-a4aa-43ff23e4634d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.tls.key_exchange_algorithm" - }, - "e6337ddb-d93c-4008-a4aa-43ff23e4634d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "columnId": "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", + "isTransposed": false + }, + { + "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", + "isTransposed": false + } + ], + "layerId": "261ac1f2-5198-4650-a17b-15c7b57ee371", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "e31c9509-4414-4cf5-827a-3df1714c8f3f", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "e31c9509-4414-4cf5-827a-3df1714c8f3f", + "title": "Top 10 Destination Address with most Failed Connections [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "03ce0c58-ab6f-4550-bc18-39fd5cbee55a": { + "columnOrder": [ + "3e03329e-329b-43fe-b2f8-f245b96eedb7", + "e6337ddb-d93c-4008-a4aa-43ff23e4634d" + ], + "columns": { + "3e03329e-329b-43fe-b2f8-f245b96eedb7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Key Exchange Algorithm", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e6337ddb-d93c-4008-a4aa-43ff23e4634d", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e6337ddb-d93c-4008-a4aa-43ff23e4634d" - ], - "layerId": "03ce0c58-ab6f-4550-bc18-39fd5cbee55a", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "3e03329e-329b-43fe-b2f8-f245b96eedb7" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.tls.key_exchange_algorithm" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "e6337ddb-d93c-4008-a4aa-43ff23e4634d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", - "w": 24, - "x": 0, - "y": 60 + "layers": [ + { + "accessors": [ + "e6337ddb-d93c-4008-a4aa-43ff23e4634d" + ], + "layerId": "03ce0c58-ab6f-4550-bc18-39fd5cbee55a", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "3e03329e-329b-43fe-b2f8-f245b96eedb7" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", - "title": "Distribution of Decryption Events by Key Exchange Algorithm [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3": { - "columnOrder": [ - "d66c218a-cb16-4e33-98c4-503372e356d2", - "6d600efe-e5b5-4eb4-97aa-58ddbf143985" - ], - "columns": { - "6d600efe-e5b5-4eb4-97aa-58ddbf143985": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "d66c218a-cb16-4e33-98c4-503372e356d2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Encryption Algorithm", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6d600efe-e5b5-4eb4-97aa-58ddbf143985", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "tls.cipher" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", + "title": "Distribution of Decryption Events by Key Exchange Algorithm [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3": { + "columnOrder": [ + "d66c218a-cb16-4e33-98c4-503372e356d2", + "6d600efe-e5b5-4eb4-97aa-58ddbf143985" + ], + "columns": { + "6d600efe-e5b5-4eb4-97aa-58ddbf143985": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d66c218a-cb16-4e33-98c4-503372e356d2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Encryption Algorithm", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6d600efe-e5b5-4eb4-97aa-58ddbf143985", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "6d600efe-e5b5-4eb4-97aa-58ddbf143985" - ], - "layerId": "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "d66c218a-cb16-4e33-98c4-503372e356d2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "size": 10 + }, + "scale": "ordinal", + "sourceField": "tls.cipher" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", - "w": 24, - "x": 24, - "y": 60 + "layers": [ + { + "accessors": [ + "6d600efe-e5b5-4eb4-97aa-58ddbf143985" + ], + "layerId": "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "d66c218a-cb16-4e33-98c4-503372e356d2" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", - "title": "Distribution of Decryption Events by Encryption Algorithm [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2bdbdf21-3cdc-4a09-9527-0cf6b034952b": { - "columnOrder": [ - "be15de7a-45d1-4d79-92a3-5f800c77511d", - "bce6f5ad-597b-4473-8fb8-6e975ba927b5", - "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", - "633cc635-0352-44f5-8eaf-66bd75f9f080" - ], - "columns": { - "633cc635-0352-44f5-8eaf-66bd75f9f080": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "bce6f5ad-597b-4473-8fb8-6e975ba927b5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" - }, - "be15de7a-45d1-4d79-92a3-5f800c77511d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" - }, - "dbb2a798-6ac3-4134-8fc4-689a8bd7c381": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", + "title": "Distribution of Decryption Events by Encryption Algorithm [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2bdbdf21-3cdc-4a09-9527-0cf6b034952b": { + "columnOrder": [ + "be15de7a-45d1-4d79-92a3-5f800c77511d", + "bce6f5ad-597b-4473-8fb8-6e975ba927b5", + "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", + "633cc635-0352-44f5-8eaf-66bd75f9f080" + ], + "columns": { + "633cc635-0352-44f5-8eaf-66bd75f9f080": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "bce6f5ad-597b-4473-8fb8-6e975ba927b5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "be15de7a-45d1-4d79-92a3-5f800c77511d" - }, - { - "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080" - }, - { - "columnId": "bce6f5ad-597b-4473-8fb8-6e975ba927b5", - "isTransposed": false - }, - { - "columnId": "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", - "isTransposed": false - } - ], - "layerId": "2bdbdf21-3cdc-4a09-9527-0cf6b034952b", - "layerType": "data" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "01669ea1-9180-42ff-8cc8-05a23c12780e", - "w": 30, - "x": 0, - "y": 75 - }, - "panelIndex": "01669ea1-9180-42ff-8cc8-05a23c12780e", - "title": "Top 10 Decryption Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "be15de7a-45d1-4d79-92a3-5f800c77511d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0a46389d-3f5c-4328-b48a-fe24ecd5486c": { - "columnOrder": [ - "c244fc71-33cf-4b65-9a3f-fad84925238c", - "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" - ], - "columns": { - "bec308e9-4ffb-45cd-ab8e-6d9eb625e457": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "c244fc71-33cf-4b65-9a3f-fad84925238c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Hash Algorithm", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "bec308e9-4ffb-45cd-ab8e-6d9eb625e457", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.tls.auth" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" + }, + "dbb2a798-6ac3-4134-8fc4-689a8bd7c381": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", + "type": "column" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" - ], - "layerId": "0a46389d-3f5c-4328-b48a-fe24ecd5486c", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "c244fc71-33cf-4b65-9a3f-fad84925238c" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "be15de7a-45d1-4d79-92a3-5f800c77511d" + }, + { + "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080" + }, + { + "columnId": "bce6f5ad-597b-4473-8fb8-6e975ba927b5", + "isTransposed": false + }, + { + "columnId": "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", + "isTransposed": false + } + ], + "layerId": "2bdbdf21-3cdc-4a09-9527-0cf6b034952b", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "01669ea1-9180-42ff-8cc8-05a23c12780e", + "w": 30, + "x": 0, + "y": 75 + }, + "panelIndex": "01669ea1-9180-42ff-8cc8-05a23c12780e", + "title": "Top 10 Decryption Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0a46389d-3f5c-4328-b48a-fe24ecd5486c": { + "columnOrder": [ + "c244fc71-33cf-4b65-9a3f-fad84925238c", + "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" + ], + "columns": { + "bec308e9-4ffb-45cd-ab8e-6d9eb625e457": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "c244fc71-33cf-4b65-9a3f-fad84925238c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Hash Algorithm", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "bec308e9-4ffb-45cd-ab8e-6d9eb625e457", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.tls.auth" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "91822551-bc1a-4aec-af03-80405ca46542", - "w": 18, - "x": 30, - "y": 75 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "91822551-bc1a-4aec-af03-80405ca46542", - "title": "Distribution of Decryption Events by Hash Algorithm [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 21, - "i": "60d06a77-6706-46d9-b97f-1cc189450891", - "w": 48, - "x": 0, - "y": 90 + "layers": [ + { + "accessors": [ + "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" + ], + "layerId": "0a46389d-3f5c-4328-b48a-fe24ecd5486c", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "c244fc71-33cf-4b65-9a3f-fad84925238c" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "60d06a77-6706-46d9-b97f-1cc189450891", - "panelRefName": "panel_60d06a77-6706-46d9-b97f-1cc189450891", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] Decryption", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "91822551-bc1a-4aec-af03-80405ca46542", + "w": 18, + "x": 30, + "y": 75 }, - { - "id": "logs-*", - "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "91822551-bc1a-4aec-af03-80405ca46542", + "title": "Distribution of Decryption Events by Hash Algorithm [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", - "type": "index-pattern" + "gridData": { + "h": 21, + "i": "60d06a77-6706-46d9-b97f-1cc189450891", + "w": 48, + "x": 0, + "y": 90 }, - { - "id": "panw-cfbe1f60-ddb7-11ec-8e76-9b3b99f98cd4", - "name": "60d06a77-6706-46d9-b97f-1cc189450891:panel_60d06a77-6706-46d9-b97f-1cc189450891", - "type": "search" - } + "panelIndex": "60d06a77-6706-46d9-b97f-1cc189450891", + "panelRefName": "panel_60d06a77-6706-46d9-b97f-1cc189450891", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] Decryption", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", + "type": "index-pattern" + }, + { + "id": "panw-cfbe1f60-ddb7-11ec-8e76-9b3b99f98cd4", + "name": "60d06a77-6706-46d9-b97f-1cc189450891:panel_60d06a77-6706-46d9-b97f-1cc189450891", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json index 6033d8e1721..f352e05984f 100644 --- a/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json @@ -1,547 +1,552 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS Authentication Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + "id": "panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU3NiwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS Authentication Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e52d1a17-8798-4630-9614-4cb542506555": { + "columnOrder": [ + "dfea1029-8c01-41c7-b84b-088f6e614cfc", + "0c196e85-7a8b-439c-9011-fe2f81668719" + ], + "columns": { + "0c196e85-7a8b-439c-9011-fe2f81668719": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "dfea1029-8c01-41c7-b84b-088f6e614cfc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0c196e85-7a8b-439c-9011-fe2f81668719", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.client_type" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dfea1029-8c01-41c7-b84b-088f6e614cfc" + ], + "layerId": "e52d1a17-8798-4630-9614-4cb542506555", + "layerType": "data", + "legendDisplay": "default", + "metric": "0c196e85-7a8b-439c-9011-fe2f81668719", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e52d1a17-8798-4630-9614-4cb542506555": { - "columnOrder": [ - "dfea1029-8c01-41c7-b84b-088f6e614cfc", - "0c196e85-7a8b-439c-9011-fe2f81668719" - ], - "columns": { - "0c196e85-7a8b-439c-9011-fe2f81668719": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "dfea1029-8c01-41c7-b84b-088f6e614cfc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0c196e85-7a8b-439c-9011-fe2f81668719", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.client_type" - } - }, - "incompleteColumns": {} - } - } - } + "panelIndex": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", + "title": "Distribution of Authentication Events by Client Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "073d7d3a-fa2f-4f19-98cc-ea964520d7c5": { + "columnOrder": [ + "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775", + "b518d262-9d79-412e-b15d-9bc5be6261b3" + ], + "columns": { + "b518d262-9d79-412e-b15d-9bc5be6261b3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b518d262-9d79-412e-b15d-9bc5be6261b3", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dfea1029-8c01-41c7-b84b-088f6e614cfc" - ], - "layerId": "e52d1a17-8798-4630-9614-4cb542506555", - "layerType": "data", - "legendDisplay": "default", - "metric": "0c196e85-7a8b-439c-9011-fe2f81668719", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", - "title": "Distribution of Authentication Events by Client Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.authentication.protocol" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775" + ], + "layerId": "073d7d3a-fa2f-4f19-98cc-ea964520d7c5", + "layerType": "data", + "legendDisplay": "default", + "metric": "b518d262-9d79-412e-b15d-9bc5be6261b3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "073d7d3a-fa2f-4f19-98cc-ea964520d7c5": { - "columnOrder": [ - "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775", - "b518d262-9d79-412e-b15d-9bc5be6261b3" - ], - "columns": { - "b518d262-9d79-412e-b15d-9bc5be6261b3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Authentication Protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b518d262-9d79-412e-b15d-9bc5be6261b3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.authentication.protocol" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", + "title": "Distribution of Authentication Events by Authentication Protocol [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6fa71679-0b9a-44c0-b19d-d810670058ec": { + "columnOrder": [ + "975ffa1d-0864-4901-ba82-945d44d87b58", + "220d4410-a7de-490a-999e-112ab874b778" + ], + "columns": { + "220d4410-a7de-490a-999e-112ab874b778": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "975ffa1d-0864-4901-ba82-945d44d87b58": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Policy", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "220d4410-a7de-490a-999e-112ab874b778", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775" - ], - "layerId": "073d7d3a-fa2f-4f19-98cc-ea964520d7c5", - "layerType": "data", - "legendDisplay": "default", - "metric": "b518d262-9d79-412e-b15d-9bc5be6261b3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.authentication.policy" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", - "w": 24, - "x": 24, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", - "title": "Distribution of Authentication Events by Authentication Protocol [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6fa71679-0b9a-44c0-b19d-d810670058ec": { - "columnOrder": [ - "975ffa1d-0864-4901-ba82-945d44d87b58", - "220d4410-a7de-490a-999e-112ab874b778" - ], - "columns": { - "220d4410-a7de-490a-999e-112ab874b778": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "975ffa1d-0864-4901-ba82-945d44d87b58": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Authentication Policy", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "220d4410-a7de-490a-999e-112ab874b778", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.authentication.policy" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "220d4410-a7de-490a-999e-112ab874b778" - ], - "layerId": "6fa71679-0b9a-44c0-b19d-d810670058ec", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "975ffa1d-0864-4901-ba82-945d44d87b58" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "bdf830aa-fe16-49fb-bb72-17542e5932f5", - "w": 24, - "x": 24, - "y": 15 + "layers": [ + { + "accessors": [ + "220d4410-a7de-490a-999e-112ab874b778" + ], + "layerId": "6fa71679-0b9a-44c0-b19d-d810670058ec", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "975ffa1d-0864-4901-ba82-945d44d87b58" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "bdf830aa-fe16-49fb-bb72-17542e5932f5", - "title": "Distribution of Authentication Events by Authentication Policy [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4811ae4b-f894-4276-b730-320888d3aeb6": { - "columnOrder": [ - "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e", - "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7" - ], - "columns": { - "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.event.result" - }, - "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "bdf830aa-fe16-49fb-bb72-17542e5932f5", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "bdf830aa-fe16-49fb-bb72-17542e5932f5", + "title": "Distribution of Authentication Events by Authentication Policy [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4811ae4b-f894-4276-b730-320888d3aeb6": { + "columnOrder": [ + "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e", + "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7" + ], + "columns": { + "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e" - ], - "layerId": "4811ae4b-f894-4276-b730-320888d3aeb6", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.event.result" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", - "title": "Distribution of Authentication Events by Event Outcome [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e" + ], + "layerId": "4811ae4b-f894-4276-b730-320888d3aeb6", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "d56dc109-3cca-4989-a0d0-dc7ad005e962", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "d56dc109-3cca-4989-a0d0-dc7ad005e962", - "panelRefName": "panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] Authentication ", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", - "type": "index-pattern" + "panelIndex": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", + "title": "Distribution of Authentication Events by Event Outcome [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 17, + "i": "d56dc109-3cca-4989-a0d0-dc7ad005e962", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", - "type": "index-pattern" - }, - { - "id": "panw-a93a1c80-dcd7-11ec-8b8b-1fae02ab6a5e", - "name": "d56dc109-3cca-4989-a0d0-dc7ad005e962:panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", - "type": "search" - } + "panelIndex": "d56dc109-3cca-4989-a0d0-dc7ad005e962", + "panelRefName": "panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] Authentication ", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", + "type": "index-pattern" + }, + { + "id": "panw-a93a1c80-dcd7-11ec-8b8b-1fae02ab6a5e", + "name": "d56dc109-3cca-4989-a0d0-dc7ad005e962:panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json b/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json index f725cece055..85f20f6ef3c 100644 --- a/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json +++ b/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json @@ -1,1357 +1,1362 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS Threats Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"THREAT\" )" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a3d05f76-dd3f-4d40-931b-a59e7ea49080": { - "columnOrder": [ - "51d4cc4b-15ac-4906-a3a8-67de279ac6ed", - "06f548fe-cd57-4d0b-9388-08ed0073a7c7" - ], - "columns": { - "06f548fe-cd57-4d0b-9388-08ed0073a7c7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "51d4cc4b-15ac-4906-a3a8-67de279ac6ed": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "51d4cc4b-15ac-4906-a3a8-67de279ac6ed" - ], - "layerId": "a3d05f76-dd3f-4d40-931b-a59e7ea49080", - "layerType": "data", - "legendDisplay": "default", - "metric": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "id": "panw-772964e0-7591-11e9-aacf-79a3704914a0", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU3NywxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS Threats Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"THREAT\" )" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a3d05f76-dd3f-4d40-931b-a59e7ea49080": { + "columnOrder": [ + "51d4cc4b-15ac-4906-a3a8-67de279ac6ed", + "06f548fe-cd57-4d0b-9388-08ed0073a7c7" + ], + "columns": { + "06f548fe-cd57-4d0b-9388-08ed0073a7c7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", - "w": 15, - "x": 0, - "y": 38 - }, - "panelIndex": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", - "title": "Distribution of Threat Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d5a1b5bb-cf67-41e9-a1ad-433316867264": { - "columnOrder": [ - "ecd723b0-2069-4cd2-9996-5dc76e2e73ad", - "0717629b-3eba-4193-a867-d36009af50a1" - ], - "columns": { - "0717629b-3eba-4193-a867-d36009af50a1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ecd723b0-2069-4cd2-9996-5dc76e2e73ad": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0717629b-3eba-4193-a867-d36009af50a1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.threat_category" - } - }, - "incompleteColumns": {} - } - } - } + "51d4cc4b-15ac-4906-a3a8-67de279ac6ed": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "0717629b-3eba-4193-a867-d36009af50a1" - ], - "layerId": "d5a1b5bb-cf67-41e9-a1ad-433316867264", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "ecd723b0-2069-4cd2-9996-5dc76e2e73ad" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Distribution of Threat Events by Category [Logs PANW]", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f82c318d-bd14-496b-b394-622831db934c", - "w": 16, - "x": 15, - "y": 38 - }, - "panelIndex": "f82c318d-bd14-496b-b394-622831db934c", - "title": "Distribution of Threat Events by Category [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "51d4cc4b-15ac-4906-a3a8-67de279ac6ed" + ], + "layerId": "a3d05f76-dd3f-4d40-931b-a59e7ea49080", + "layerType": "data", + "legendDisplay": "default", + "metric": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f": { - "columnOrder": [ - "66cc3a68-d2bb-441c-8a00-478163b1b8e0", - "9f65908b-8654-4491-888f-d0991db0f7a8" - ], - "columns": { - "66cc3a68-d2bb-441c-8a00-478163b1b8e0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Network Direction", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9f65908b-8654-4491-888f-d0991db0f7a8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.direction" - }, - "9f65908b-8654-4491-888f-d0991db0f7a8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "66cc3a68-d2bb-441c-8a00-478163b1b8e0" - ], - "layerId": "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", - "layerType": "data", - "legendDisplay": "default", - "metric": "9f65908b-8654-4491-888f-d0991db0f7a8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", + "w": 15, + "x": 0, + "y": 38 + }, + "panelIndex": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", + "title": "Distribution of Threat Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d5a1b5bb-cf67-41e9-a1ad-433316867264": { + "columnOrder": [ + "ecd723b0-2069-4cd2-9996-5dc76e2e73ad", + "0717629b-3eba-4193-a867-d36009af50a1" + ], + "columns": { + "0717629b-3eba-4193-a867-d36009af50a1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", - "w": 17, - "x": 31, - "y": 38 - }, - "panelIndex": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", - "title": "Distribution of Threat Events by Network Direction [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "ecd723b0-2069-4cd2-9996-5dc76e2e73ad": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0717629b-3eba-4193-a867-d36009af50a1", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7": { - "columnOrder": [ - "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca", - "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff", - "cc06ff3e-e79f-4104-91c3-4f07d432abc0", - "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" - ], - "columns": { - "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" - }, - "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" - }, - "cc06ff3e-e79f-4104-91c3-4f07d432abc0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca" - }, - { - "columnId": "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff" - }, - { - "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" - }, - { - "columnId": "cc06ff3e-e79f-4104-91c3-4f07d432abc0", - "isTransposed": false - } - ], - "layerId": "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", - "layerType": "data" - } - }, - "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "369cb2e5-09c2-484f-902f-d21ed0b12715", - "w": 29, - "x": 0, - "y": 53 + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.threat_category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "369cb2e5-09c2-484f-902f-d21ed0b12715", - "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8a11de6f-5795-4d18-b650-7f604d291bdb": { - "columnOrder": [ - "05b09057-70e7-4477-be13-7ba86fd871d2", - "e60a92a8-1680-463d-9fb1-9f3a4ebeb900" - ], - "columns": { - "05b09057-70e7-4477-be13-7ba86fd871d2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - }, - "e60a92a8-1680-463d-9fb1-9f3a4ebeb900": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "05b09057-70e7-4477-be13-7ba86fd871d2" - ], - "layerId": "8a11de6f-5795-4d18-b650-7f604d291bdb", - "layerType": "data", - "legendDisplay": "default", - "metric": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "visualizationType": "lnsPie" - }, - "enhancements": {} + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", - "w": 19, - "x": 29, - "y": 53 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", - "title": "Distribution of Threat Events by Action taken for Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + "layers": [ + { + "accessors": [ + "0717629b-3eba-4193-a867-d36009af50a1" + ], + "layerId": "d5a1b5bb-cf67-41e9-a1ad-433316867264", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "ecd723b0-2069-4cd2-9996-5dc76e2e73ad" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 20, - "i": "1908844a-1839-46f9-ab71-8b49013e83dc", - "w": 48, - "x": 0, - "y": 68 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "1908844a-1839-46f9-ab71-8b49013e83dc", - "panelRefName": "panel_1908844a-1839-46f9-ab71-8b49013e83dc", - "type": "search", - "version": "8.2.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extendToTimeRange": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30s" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" + "title": "Distribution of Threat Events by Category [Logs PANW]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f82c318d-bd14-496b-b394-622831db934c", + "w": 16, + "x": 15, + "y": 38 + }, + "panelIndex": "f82c318d-bd14-496b-b394-622831db934c", + "title": "Distribution of Threat Events by Category [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f": { + "columnOrder": [ + "66cc3a68-d2bb-441c-8a00-478163b1b8e0", + "9f65908b-8654-4491-888f-d0991db0f7a8" + ], + "columns": { + "66cc3a68-d2bb-441c-8a00-478163b1b8e0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Network Direction", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9f65908b-8654-4491-888f-d0991db0f7a8", + "type": "column" }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.direction" }, - "type": "histogram", - "uiState": { - "vis": { - "legendOpen": false - } + "9f65908b-8654-4491-888f-d0991db0f7a8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 15, - "i": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", - "w": 31, - "x": 0, - "y": 0 - }, - "panelIndex": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", - "title": "Threat outcome histogram [Logs PANW]", - "type": "visualization", - "version": "8.2.1" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "66cc3a68-d2bb-441c-8a00-478163b1b8e0" + ], + "layerId": "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", + "layerType": "data", + "legendDisplay": "default", + "metric": "9f65908b-8654-4491-888f-d0991db0f7a8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", + "w": 17, + "x": 31, + "y": 38 + }, + "panelIndex": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", + "title": "Distribution of Threat Events by Network Direction [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7": { + "columnOrder": [ + "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca", + "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff", + "cc06ff3e-e79f-4104-91c3-4f07d432abc0", + "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" + ], + "columns": { + "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true + "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", + "type": "column" }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "truncateLegend": true, - "type": "pie" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" }, - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - } - }, - "gridData": { - "h": 15, - "i": "b3292515-c2df-40ad-9412-8a7118f359f2", - "w": 17, - "x": 31, - "y": 0 - }, - "panelIndex": "b3292515-c2df-40ad-9412-8a7118f359f2", - "title": "Outcome by threat type [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "panw.panos.threat.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" + "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - "scale": "linear", - "showLabel": true - }, - "type": "tagcloud", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "4fa92d5e-402a-4544-81dc-aa3303069cd8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "4fa92d5e-402a-4544-81dc-aa3303069cd8", - "title": "Top threats by name [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "scale": "linear", - "showLabel": true + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" }, - "type": "tagcloud", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "43c73b91-ec1f-47ec-a10b-66465bd818c0", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "43c73b91-ec1f-47ec-a10b-66465bd818c0", - "title": "Top threats by resource [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "network.direction", - "negate": false, - "params": { - "query": "inbound" - }, - "type": "phrase", - "value": "inbound" - }, - "query": { - "match": { - "network.direction": { - "query": "inbound", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null + "cc06ff3e-e79f-4104-91c3-4f07d432abc0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", + "type": "column" }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 8, - "i": "10996873-dcb7-4085-96fc-6a1f618df47f", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "10996873-dcb7-4085-96fc-6a1f618df47f", - "title": "Top attackers (clients) [Logs PANW]", - "type": "visualization", - "version": "8.2.1" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca" + }, + { + "columnId": "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff" + }, + { + "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" + }, + { + "columnId": "cc06ff3e-e79f-4104-91c3-4f07d432abc0", + "isTransposed": false + } + ], + "layerId": "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "server.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "network.direction", - "negate": false, - "params": { - "query": "outbound" - }, - "type": "phrase", - "value": "outbound" - }, - "query": { - "match": { - "network.direction": { - "query": "outbound", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null + "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "369cb2e5-09c2-484f-902f-d21ed0b12715", + "w": 29, + "x": 0, + "y": 53 + }, + "panelIndex": "369cb2e5-09c2-484f-902f-d21ed0b12715", + "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8a11de6f-5795-4d18-b650-7f604d291bdb": { + "columnOrder": [ + "05b09057-70e7-4477-be13-7ba86fd871d2", + "e60a92a8-1680-463d-9fb1-9f3a4ebeb900" + ], + "columns": { + "05b09057-70e7-4477-be13-7ba86fd871d2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "totalFunc": "sum" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "e60a92a8-1680-463d-9fb1-9f3a4ebeb900": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 8, - "i": "23129235-e707-47ea-95d9-f41e61c8a895", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "23129235-e707-47ea-95d9-f41e61c8a895", - "title": "Top attackers (servers) [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] Threats Overview", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-772964e0-7591-11e9-aacf-79a3704914a0", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "05b09057-70e7-4477-be13-7ba86fd871d2" + ], + "layerId": "8a11de6f-5795-4d18-b650-7f604d291bdb", + "layerType": "data", + "legendDisplay": "default", + "metric": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", + "w": 19, + "x": 29, + "y": 53 }, - { - "id": "logs-*", - "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", + "title": "Distribution of Threat Events by Action taken for Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", - "type": "index-pattern" + "gridData": { + "h": 20, + "i": "1908844a-1839-46f9-ab71-8b49013e83dc", + "w": 48, + "x": 0, + "y": 68 }, - { - "id": "logs-*", - "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "1908844a-1839-46f9-ab71-8b49013e83dc", + "panelRefName": "panel_1908844a-1839-46f9-ab71-8b49013e83dc", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extendToTimeRange": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30s" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "uiState": { + "vis": { + "legendOpen": false + } + } + } }, - { - "id": "logs-*", - "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", + "w": 31, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", + "title": "Threat outcome histogram [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } + } + } }, - { - "id": "logs-*", - "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "b3292515-c2df-40ad-9412-8a7118f359f2", + "w": 17, + "x": 31, + "y": 0 }, - { - "id": "panw-37acbca0-ddb1-11ec-8e76-9b3b99f98cd4", - "name": "1908844a-1839-46f9-ab71-8b49013e83dc:panel_1908844a-1839-46f9-ab71-8b49013e83dc", - "type": "search" + "panelIndex": "b3292515-c2df-40ad-9412-8a7118f359f2", + "title": "Outcome by threat type [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.threat.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "type": "tagcloud", + "uiState": {} + } }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe:search_0", - "type": "search" + "gridData": { + "h": 15, + "i": "4fa92d5e-402a-4544-81dc-aa3303069cd8", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "b3292515-c2df-40ad-9412-8a7118f359f2:search_0", - "type": "search" + "panelIndex": "4fa92d5e-402a-4544-81dc-aa3303069cd8", + "title": "Top threats by name [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "type": "tagcloud", + "uiState": {} + } }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "4fa92d5e-402a-4544-81dc-aa3303069cd8:search_0", - "type": "search" + "gridData": { + "h": 15, + "i": "43c73b91-ec1f-47ec-a10b-66465bd818c0", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "43c73b91-ec1f-47ec-a10b-66465bd818c0:search_0", - "type": "search" + "panelIndex": "43c73b91-ec1f-47ec-a10b-66465bd818c0", + "title": "Top threats by resource [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "inbound" + }, + "type": "phrase", + "value": "inbound" + }, + "query": { + "match": { + "network.direction": { + "query": "inbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + } }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "10996873-dcb7-4085-96fc-6a1f618df47f:search_0", - "type": "search" + "gridData": { + "h": 8, + "i": "10996873-dcb7-4085-96fc-6a1f618df47f", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "10996873-dcb7-4085-96fc-6a1f618df47f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "10996873-dcb7-4085-96fc-6a1f618df47f", + "title": "Top attackers (clients) [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "outbound" + }, + "type": "phrase", + "value": "outbound" + }, + "query": { + "match": { + "network.direction": { + "query": "outbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + } }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "23129235-e707-47ea-95d9-f41e61c8a895:search_0", - "type": "search" + "gridData": { + "h": 8, + "i": "23129235-e707-47ea-95d9-f41e61c8a895", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "logs-*", - "name": "23129235-e707-47ea-95d9-f41e61c8a895:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } + "panelIndex": "23129235-e707-47ea-95d9-f41e61c8a895", + "title": "Top attackers (servers) [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] Threats Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", + "type": "index-pattern" + }, + { + "id": "panw-37acbca0-ddb1-11ec-8e76-9b3b99f98cd4", + "name": "1908844a-1839-46f9-ab71-8b49013e83dc:panel_1908844a-1839-46f9-ab71-8b49013e83dc", + "type": "search" + }, + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe:search_0", + "type": "search" + }, + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "b3292515-c2df-40ad-9412-8a7118f359f2:search_0", + "type": "search" + }, + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "4fa92d5e-402a-4544-81dc-aa3303069cd8:search_0", + "type": "search" + }, + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "43c73b91-ec1f-47ec-a10b-66465bd818c0:search_0", + "type": "search" + }, + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "10996873-dcb7-4085-96fc-6a1f618df47f:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "10996873-dcb7-4085-96fc-6a1f618df47f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "23129235-e707-47ea-95d9-f41e61c8a895:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "23129235-e707-47ea-95d9-f41e61c8a895:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json index fc296b62290..ba5fc4bd04c 100644 --- a/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json @@ -1,764 +1,769 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS Tunnel Inspection Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"START\" or panw.panos.type : \"END\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde": { - "columnOrder": [ - "7e6a3792-3507-4434-9b77-8ca6aea81079", - "21b245cd-141c-4703-b367-d12f2f6c1136" - ], - "columns": { - "21b245cd-141c-4703-b367-d12f2f6c1136": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "7e6a3792-3507-4434-9b77-8ca6aea81079": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21b245cd-141c-4703-b367-d12f2f6c1136", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } - } + "id": "panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU3OCwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS Tunnel Inspection Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"START\" or panw.panos.type : \"END\")" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde": { + "columnOrder": [ + "7e6a3792-3507-4434-9b77-8ca6aea81079", + "21b245cd-141c-4703-b367-d12f2f6c1136" + ], + "columns": { + "21b245cd-141c-4703-b367-d12f2f6c1136": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "7e6a3792-3507-4434-9b77-8ca6aea81079": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21b245cd-141c-4703-b367-d12f2f6c1136", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21b245cd-141c-4703-b367-d12f2f6c1136" - ], - "layerId": "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "7e6a3792-3507-4434-9b77-8ca6aea81079" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21b245cd-141c-4703-b367-d12f2f6c1136" + ], + "layerId": "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "7e6a3792-3507-4434-9b77-8ca6aea81079" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", - "w": 24, - "x": 0, - "y": 0 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", - "title": "Distribution of Tunnel Inspection Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6df3a91b-cce2-4790-84a0-4858e371e552": { - "columnOrder": [ - "693d67bd-a405-4282-8457-50269406edaf", - "59e84e50-c216-49c5-b864-e280fdde0a84" - ], - "columns": { - "59e84e50-c216-49c5-b864-e280fdde0a84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "693d67bd-a405-4282-8457-50269406edaf": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action Source", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "59e84e50-c216-49c5-b864-e280fdde0a84", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action_source" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", + "title": "Distribution of Tunnel Inspection Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6df3a91b-cce2-4790-84a0-4858e371e552": { + "columnOrder": [ + "693d67bd-a405-4282-8457-50269406edaf", + "59e84e50-c216-49c5-b864-e280fdde0a84" + ], + "columns": { + "59e84e50-c216-49c5-b864-e280fdde0a84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "693d67bd-a405-4282-8457-50269406edaf": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action Source", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "59e84e50-c216-49c5-b864-e280fdde0a84", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "693d67bd-a405-4282-8457-50269406edaf" - ], - "layerId": "6df3a91b-cce2-4790-84a0-4858e371e552", - "layerType": "data", - "legendDisplay": "default", - "metric": "59e84e50-c216-49c5-b864-e280fdde0a84", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action_source" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "693d67bd-a405-4282-8457-50269406edaf" + ], + "layerId": "6df3a91b-cce2-4790-84a0-4858e371e552", + "layerType": "data", + "legendDisplay": "default", + "metric": "59e84e50-c216-49c5-b864-e280fdde0a84", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", + "title": "Distribution of Tunnel Inspection Events by Action Source [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5cb94a55-3162-4bcd-be88-ce2871be6a3d": { + "columnOrder": [ + "ca0521cc-a275-4458-8c13-e585c78d4365", + "21934bcf-0897-4322-8084-24a7cf6bf1b3" + ], + "columns": { + "21934bcf-0897-4322-8084-24a7cf6bf1b3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "ca0521cc-a275-4458-8c13-e585c78d4365": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session End Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21934bcf-0897-4322-8084-24a7cf6bf1b3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.endreason" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", - "w": 24, - "x": 24, - "y": 0 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", - "title": "Distribution of Tunnel Inspection Events by Action Source [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "layers": [ + { + "accessors": [ + "21934bcf-0897-4322-8084-24a7cf6bf1b3" + ], + "layerId": "5cb94a55-3162-4bcd-be88-ce2871be6a3d", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "ca0521cc-a275-4458-8c13-e585c78d4365" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5cb94a55-3162-4bcd-be88-ce2871be6a3d": { - "columnOrder": [ - "ca0521cc-a275-4458-8c13-e585c78d4365", - "21934bcf-0897-4322-8084-24a7cf6bf1b3" - ], - "columns": { - "21934bcf-0897-4322-8084-24a7cf6bf1b3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ca0521cc-a275-4458-8c13-e585c78d4365": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Session End Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21934bcf-0897-4322-8084-24a7cf6bf1b3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.endreason" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fb982903-1c86-4ad9-aded-2de46206551f", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "fb982903-1c86-4ad9-aded-2de46206551f", + "title": "Distribution of Tunnel Inspection Events by Session End Reason [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "70ca1329-cf39-4816-b13f-3dab3c4d6494": { + "columnOrder": [ + "a99caad4-da12-4027-be29-b99a2569915e", + "ac9733ca-3550-4e96-afec-540283f41f18" + ], + "columns": { + "a99caad4-da12-4027-be29-b99a2569915e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ac9733ca-3550-4e96-afec-540283f41f18", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21934bcf-0897-4322-8084-24a7cf6bf1b3" - ], - "layerId": "5cb94a55-3162-4bcd-be88-ce2871be6a3d", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "ca0521cc-a275-4458-8c13-e585c78d4365" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "log.level" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "ac9733ca-3550-4e96-afec-540283f41f18": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "fb982903-1c86-4ad9-aded-2de46206551f", - "w": 24, - "x": 0, - "y": 15 + "layers": [ + { + "accessors": [ + "ac9733ca-3550-4e96-afec-540283f41f18" + ], + "layerId": "70ca1329-cf39-4816-b13f-3dab3c4d6494", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "a99caad4-da12-4027-be29-b99a2569915e" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "fb982903-1c86-4ad9-aded-2de46206551f", - "title": "Distribution of Tunnel Inspection Events by Session End Reason [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "70ca1329-cf39-4816-b13f-3dab3c4d6494": { - "columnOrder": [ - "a99caad4-da12-4027-be29-b99a2569915e", - "ac9733ca-3550-4e96-afec-540283f41f18" - ], - "columns": { - "a99caad4-da12-4027-be29-b99a2569915e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ac9733ca-3550-4e96-afec-540283f41f18", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "log.level" - }, - "ac9733ca-3550-4e96-afec-540283f41f18": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fb233b78-36b6-4c60-9261-d2d66351615c", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "fb233b78-36b6-4c60-9261-d2d66351615c", + "title": "Distribution of Tunnel Inspection Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce": { + "columnOrder": [ + "bcd1e5be-8e01-422b-abea-9c478588ddfc", + "e86b56a8-7497-442b-8ded-de12329b45e5", + "b2172c86-de6c-4bbe-8247-a3c2590e2103", + "e97c489f-bd56-481b-837b-d36a20b34d1f" + ], + "columns": { + "b2172c86-de6c-4bbe-8247-a3c2590e2103": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "ac9733ca-3550-4e96-afec-540283f41f18" - ], - "layerId": "70ca1329-cf39-4816-b13f-3dab3c4d6494", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "a99caad4-da12-4027-be29-b99a2569915e" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fb233b78-36b6-4c60-9261-d2d66351615c", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "fb233b78-36b6-4c60-9261-d2d66351615c", - "title": "Distribution of Tunnel Inspection Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "bcd1e5be-8e01-422b-abea-9c478588ddfc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce": { - "columnOrder": [ - "bcd1e5be-8e01-422b-abea-9c478588ddfc", - "e86b56a8-7497-442b-8ded-de12329b45e5", - "b2172c86-de6c-4bbe-8247-a3c2590e2103", - "e97c489f-bd56-481b-837b-d36a20b34d1f" - ], - "columns": { - "b2172c86-de6c-4bbe-8247-a3c2590e2103": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - }, - "bcd1e5be-8e01-422b-abea-9c478588ddfc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" - }, - "e86b56a8-7497-442b-8ded-de12329b45e5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" - }, - "e97c489f-bd56-481b-837b-d36a20b34d1f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" + }, + "e86b56a8-7497-442b-8ded-de12329b45e5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "bcd1e5be-8e01-422b-abea-9c478588ddfc" - }, - { - "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f" - }, - { - "columnId": "e86b56a8-7497-442b-8ded-de12329b45e5", - "isTransposed": false - }, - { - "columnId": "b2172c86-de6c-4bbe-8247-a3c2590e2103", - "isTransposed": false - } - ], - "layerId": "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", - "layerType": "data" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 16, - "i": "c643144e-e2db-4ead-9cd8-141294a75623", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "c643144e-e2db-4ead-9cd8-141294a75623", - "title": "Top 10 Tunnel Inspection Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "e97c489f-bd56-481b-837b-d36a20b34d1f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "bcd1e5be-8e01-422b-abea-9c478588ddfc" + }, + { + "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f" + }, + { + "columnId": "e86b56a8-7497-442b-8ded-de12329b45e5", + "isTransposed": false + }, + { + "columnId": "b2172c86-de6c-4bbe-8247-a3c2590e2103", + "isTransposed": false + } + ], + "layerId": "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "ac84049b-504e-45a5-a13d-1980d05d97eb", - "w": 48, - "x": 0, - "y": 46 - }, - "panelIndex": "ac84049b-504e-45a5-a13d-1980d05d97eb", - "panelRefName": "panel_ac84049b-504e-45a5-a13d-1980d05d97eb", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] Tunnel Inspection", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 16, + "i": "c643144e-e2db-4ead-9cd8-141294a75623", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", - "type": "index-pattern" + "panelIndex": "c643144e-e2db-4ead-9cd8-141294a75623", + "title": "Top 10 Tunnel Inspection Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 21, + "i": "ac84049b-504e-45a5-a13d-1980d05d97eb", + "w": 48, + "x": 0, + "y": 46 }, - { - "id": "logs-*", - "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", - "type": "index-pattern" - }, - { - "id": "panw-8dc6b590-ddb2-11ec-8e76-9b3b99f98cd4", - "name": "ac84049b-504e-45a5-a13d-1980d05d97eb:panel_ac84049b-504e-45a5-a13d-1980d05d97eb", - "type": "search" - } + "panelIndex": "ac84049b-504e-45a5-a13d-1980d05d97eb", + "panelRefName": "panel_ac84049b-504e-45a5-a13d-1980d05d97eb", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] Tunnel Inspection", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", + "type": "index-pattern" + }, + { + "id": "panw-8dc6b590-ddb2-11ec-8e76-9b3b99f98cd4", + "name": "ac84049b-504e-45a5-a13d-1980d05d97eb:panel_ac84049b-504e-45a5-a13d-1980d05d97eb", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json index a32c28714cb..c0d056fd2b5 100644 --- a/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json @@ -1,676 +1,681 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS IP-Tag and User-ID Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"IPTAG\" or panw.panos.type : \"USERID\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "00227f39-4c34-492b-883a-b0825797198d": { - "columnOrder": [ - "3e05e9a0-3e50-455b-a506-c0cc593a8926", - "66a95165-9de2-4d9f-8d69-98694516b780" - ], - "columns": { - "3e05e9a0-3e50-455b-a506-c0cc593a8926": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasource" - }, - "66a95165-9de2-4d9f-8d69-98694516b780": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "id": "panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU3OSwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS IP-Tag and User-ID Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"IPTAG\" or panw.panos.type : \"USERID\")" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "00227f39-4c34-492b-883a-b0825797198d": { + "columnOrder": [ + "3e05e9a0-3e50-455b-a506-c0cc593a8926", + "66a95165-9de2-4d9f-8d69-98694516b780" + ], + "columns": { + "3e05e9a0-3e50-455b-a506-c0cc593a8926": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "3e05e9a0-3e50-455b-a506-c0cc593a8926", - "isTransposed": false - }, - { - "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", - "isTransposed": false - } - ], - "layerId": "00227f39-4c34-492b-883a-b0825797198d", - "layerType": "data" - } + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasource" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "61d5b8a1-e36b-46e2-a067-859e3824a38f", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "61d5b8a1-e36b-46e2-a067-859e3824a38f", - "title": "Top 10 Data Source for User ID [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "66a95165-9de2-4d9f-8d69-98694516b780": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" + }, + "visualization": { + "columns": [ + { + "columnId": "3e05e9a0-3e50-455b-a506-c0cc593a8926", + "isTransposed": false + }, + { + "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", + "isTransposed": false + } + ], + "layerId": "00227f39-4c34-492b-883a-b0825797198d", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "dbe59458-a6f9-4a01-8db6-5546f2b20398": { - "columnOrder": [ - "7566b611-84c5-4dea-9b39-faacdfe6b59e", - "a9347045-127d-4b00-8d0a-4cc006048b01" - ], - "columns": { - "7566b611-84c5-4dea-9b39-faacdfe6b59e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a9347045-127d-4b00-8d0a-4cc006048b01", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasourcetype" - }, - "a9347045-127d-4b00-8d0a-4cc006048b01": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "61d5b8a1-e36b-46e2-a067-859e3824a38f", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "61d5b8a1-e36b-46e2-a067-859e3824a38f", + "title": "Top 10 Data Source for User ID [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dbe59458-a6f9-4a01-8db6-5546f2b20398": { + "columnOrder": [ + "7566b611-84c5-4dea-9b39-faacdfe6b59e", + "a9347045-127d-4b00-8d0a-4cc006048b01" + ], + "columns": { + "7566b611-84c5-4dea-9b39-faacdfe6b59e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a9347045-127d-4b00-8d0a-4cc006048b01", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7566b611-84c5-4dea-9b39-faacdfe6b59e" - ], - "layerId": "dbe59458-a6f9-4a01-8db6-5546f2b20398", - "layerType": "data", - "legendDisplay": "default", - "metric": "a9347045-127d-4b00-8d0a-4cc006048b01", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasourcetype" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "941c1cbf-1fc0-41be-9d8a-df76024585ed", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "941c1cbf-1fc0-41be-9d8a-df76024585ed", - "title": "Distribution of User-ID Events by Data Source Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "a9347045-127d-4b00-8d0a-4cc006048b01": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7566b611-84c5-4dea-9b39-faacdfe6b59e" + ], + "layerId": "dbe59458-a6f9-4a01-8db6-5546f2b20398", + "layerType": "data", + "legendDisplay": "default", + "metric": "a9347045-127d-4b00-8d0a-4cc006048b01", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec158676-ba28-40a2-ab8d-84cd4d151a76": { - "columnOrder": [ - "9415e527-14ad-40e1-8fa6-a81227f7c7b8", - "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" - ], - "columns": { - "3864ce11-c9b2-4639-b67c-3bd1d5081c0e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "9415e527-14ad-40e1-8fa6-a81227f7c7b8": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasourcename" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" - }, - "visualization": { - "columns": [ - { - "columnId": "9415e527-14ad-40e1-8fa6-a81227f7c7b8" - }, - { - "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" - } - ], - "layerId": "ec158676-ba28-40a2-ab8d-84cd4d151a76", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "941c1cbf-1fc0-41be-9d8a-df76024585ed", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "941c1cbf-1fc0-41be-9d8a-df76024585ed", + "title": "Distribution of User-ID Events by Data Source Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec158676-ba28-40a2-ab8d-84cd4d151a76": { + "columnOrder": [ + "9415e527-14ad-40e1-8fa6-a81227f7c7b8", + "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" + ], + "columns": { + "3864ce11-c9b2-4639-b67c-3bd1d5081c0e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "35573a15-e15f-42e4-b243-ab139267a873", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "35573a15-e15f-42e4-b243-ab139267a873", - "title": "Top 10 Data Source for IP-Tag [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "9415e527-14ad-40e1-8fa6-a81227f7c7b8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "fc2c72df-2fcb-4a90-b990-d990352efd07": { - "columnOrder": [ - "f18795e8-c1d7-426f-8e69-d8a3084d67da", - "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" - ], - "columns": { - "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "f18795e8-c1d7-426f-8e69-d8a3084d67da": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Sub-Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasource_subtype" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" - ], - "layerId": "fc2c72df-2fcb-4a90-b990-d990352efd07", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "f18795e8-c1d7-426f-8e69-d8a3084d67da" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e6730938-3631-4d17-9812-8e38d9d05c99", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "e6730938-3631-4d17-9812-8e38d9d05c99", - "title": "Distribution of IP-Tag Events by Data Source Sub-Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasourcename" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" + }, + "visualization": { + "columns": [ + { + "columnId": "9415e527-14ad-40e1-8fa6-a81227f7c7b8" + }, + { + "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" + } + ], + "layerId": "ec158676-ba28-40a2-ab8d-84cd4d151a76", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "037c403c-bd13-4906-a005-9b22e2d1da06": { - "columnOrder": [ - "f5b1dbed-702e-4c76-affe-eff39e446a1b", - "820e7237-ee90-4e86-9d17-f49a00ed86e3" - ], - "columns": { - "820e7237-ee90-4e86-9d17-f49a00ed86e3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "f5b1dbed-702e-4c76-affe-eff39e446a1b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "820e7237-ee90-4e86-9d17-f49a00ed86e3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasource_type" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "35573a15-e15f-42e4-b243-ab139267a873", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "35573a15-e15f-42e4-b243-ab139267a873", + "title": "Top 10 Data Source for IP-Tag [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fc2c72df-2fcb-4a90-b990-d990352efd07": { + "columnOrder": [ + "f18795e8-c1d7-426f-8e69-d8a3084d67da", + "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" + ], + "columns": { + "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "f18795e8-c1d7-426f-8e69-d8a3084d67da": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Sub-Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "f5b1dbed-702e-4c76-affe-eff39e446a1b" - ], - "layerId": "037c403c-bd13-4906-a005-9b22e2d1da06", - "layerType": "data", - "legendDisplay": "default", - "metric": "820e7237-ee90-4e86-9d17-f49a00ed86e3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", - "w": 24, - "x": 24, - "y": 15 + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasource_subtype" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", - "title": "Distribution of IP-Tag Events by Data Source Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 20, - "i": "0882d210-3b7d-480e-b2e6-a75725e6b209", - "w": 48, - "x": 0, - "y": 30 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "0882d210-3b7d-480e-b2e6-a75725e6b209", - "panelRefName": "panel_0882d210-3b7d-480e-b2e6-a75725e6b209", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + "layers": [ + { + "accessors": [ + "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" + ], + "layerId": "fc2c72df-2fcb-4a90-b990-d990352efd07", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "f18795e8-c1d7-426f-8e69-d8a3084d67da" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 21, - "i": "81552440-e2d4-4843-86db-8c06c1ca8cac", - "w": 48, - "x": 0, - "y": 50 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "81552440-e2d4-4843-86db-8c06c1ca8cac", - "panelRefName": "panel_81552440-e2d4-4843-86db-8c06c1ca8cac", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] User-ID and IP-Tag", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", - "type": "index-pattern" + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "e6730938-3631-4d17-9812-8e38d9d05c99", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", - "type": "index-pattern" + "panelIndex": "e6730938-3631-4d17-9812-8e38d9d05c99", + "title": "Distribution of IP-Tag Events by Data Source Sub-Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "037c403c-bd13-4906-a005-9b22e2d1da06": { + "columnOrder": [ + "f5b1dbed-702e-4c76-affe-eff39e446a1b", + "820e7237-ee90-4e86-9d17-f49a00ed86e3" + ], + "columns": { + "820e7237-ee90-4e86-9d17-f49a00ed86e3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "f5b1dbed-702e-4c76-affe-eff39e446a1b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "820e7237-ee90-4e86-9d17-f49a00ed86e3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasource_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f5b1dbed-702e-4c76-affe-eff39e446a1b" + ], + "layerId": "037c403c-bd13-4906-a005-9b22e2d1da06", + "layerType": "data", + "legendDisplay": "default", + "metric": "820e7237-ee90-4e86-9d17-f49a00ed86e3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", - "type": "index-pattern" + "panelIndex": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", + "title": "Distribution of IP-Tag Events by Data Source Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 20, + "i": "0882d210-3b7d-480e-b2e6-a75725e6b209", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", - "type": "index-pattern" + "panelIndex": "0882d210-3b7d-480e-b2e6-a75725e6b209", + "panelRefName": "panel_0882d210-3b7d-480e-b2e6-a75725e6b209", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "panw-0ffe1200-ddb9-11ec-8e76-9b3b99f98cd4", - "name": "0882d210-3b7d-480e-b2e6-a75725e6b209:panel_0882d210-3b7d-480e-b2e6-a75725e6b209", - "type": "search" + "gridData": { + "h": 21, + "i": "81552440-e2d4-4843-86db-8c06c1ca8cac", + "w": 48, + "x": 0, + "y": 50 }, - { - "id": "panw-1d9d5060-ddb9-11ec-8e76-9b3b99f98cd4", - "name": "81552440-e2d4-4843-86db-8c06c1ca8cac:panel_81552440-e2d4-4843-86db-8c06c1ca8cac", - "type": "search" - } + "panelIndex": "81552440-e2d4-4843-86db-8c06c1ca8cac", + "panelRefName": "panel_81552440-e2d4-4843-86db-8c06c1ca8cac", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] User-ID and IP-Tag", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", + "type": "index-pattern" + }, + { + "id": "panw-0ffe1200-ddb9-11ec-8e76-9b3b99f98cd4", + "name": "0882d210-3b7d-480e-b2e6-a75725e6b209:panel_0882d210-3b7d-480e-b2e6-a75725e6b209", + "type": "search" + }, + { + "id": "panw-1d9d5060-ddb9-11ec-8e76-9b3b99f98cd4", + "name": "81552440-e2d4-4843-86db-8c06c1ca8cac:panel_81552440-e2d4-4843-86db-8c06c1ca8cac", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json index 8e87f4f6e89..9f36557f909 100644 --- a/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json @@ -1,688 +1,693 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS GlobalProtect Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b885a331-0d6a-4c4b-ac16-69791da1415a": { - "columnOrder": [ - "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4", - "f732884a-6a3c-42c0-befe-cbc19e52fd4d" - ], - "columns": { - "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Gateway", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f732884a-6a3c-42c0-befe-cbc19e52fd4d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.gateway" - }, - "f732884a-6a3c-42c0-befe-cbc19e52fd4d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "id": "panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU4MCwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS GlobalProtect Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b885a331-0d6a-4c4b-ac16-69791da1415a": { + "columnOrder": [ + "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4", + "f732884a-6a3c-42c0-befe-cbc19e52fd4d" + ], + "columns": { + "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Gateway", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f732884a-6a3c-42c0-befe-cbc19e52fd4d", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "f732884a-6a3c-42c0-befe-cbc19e52fd4d" - ], - "layerId": "b885a331-0d6a-4c4b-ac16-69791da1415a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.gateway" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "f732884a-6a3c-42c0-befe-cbc19e52fd4d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", - "w": 16, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", - "title": "Distribution of GlobalProtect Events by Gateway [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6": { - "columnOrder": [ - "cbdcd122-6cd8-45fc-b91b-bf75092fa140", - "c93dde3a-8225-449d-8989-89d62f7e64e6" - ], - "columns": { - "c93dde3a-8225-449d-8989-89d62f7e64e6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "cbdcd122-6cd8-45fc-b91b-bf75092fa140": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Connect Method to Gateway", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c93dde3a-8225-449d-8989-89d62f7e64e6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.connect_method" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "cbdcd122-6cd8-45fc-b91b-bf75092fa140" - ], - "layerId": "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", - "layerType": "data", - "legendDisplay": "default", - "metric": "c93dde3a-8225-449d-8989-89d62f7e64e6", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "f732884a-6a3c-42c0-befe-cbc19e52fd4d" + ], + "layerId": "b885a331-0d6a-4c4b-ac16-69791da1415a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "636c04bb-8acb-4fca-b5e2-001c56fdf058", - "w": 16, - "x": 16, - "y": 0 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "636c04bb-8acb-4fca-b5e2-001c56fdf058", - "title": "Distribution of GlobalProtect Events by Connect Method to Gateway [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47129d2c-02d8-4672-90ef-320770c3e8e3": { - "columnOrder": [ - "bdd142d5-00a0-4fc3-a229-a4f61ae67857", - "8cc22ce9-9823-482b-a3d3-28e91f46ad29" - ], - "columns": { - "8cc22ce9-9823-482b-a3d3-28e91f46ad29": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "bdd142d5-00a0-4fc3-a229-a4f61ae67857": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Authentication Method", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.auth_method" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", + "title": "Distribution of GlobalProtect Events by Gateway [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6": { + "columnOrder": [ + "cbdcd122-6cd8-45fc-b91b-bf75092fa140", + "c93dde3a-8225-449d-8989-89d62f7e64e6" + ], + "columns": { + "c93dde3a-8225-449d-8989-89d62f7e64e6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "cbdcd122-6cd8-45fc-b91b-bf75092fa140": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connect Method to Gateway", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c93dde3a-8225-449d-8989-89d62f7e64e6", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "bdd142d5-00a0-4fc3-a229-a4f61ae67857" - ], - "layerId": "47129d2c-02d8-4672-90ef-320770c3e8e3", - "layerType": "data", - "legendDisplay": "default", - "metric": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "73f1567a-13b6-472f-ac8a-1995dc15f625", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "73f1567a-13b6-472f-ac8a-1995dc15f625", - "title": "Distribution of GlobalProtect Events by Authentication Method [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.connect_method" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "cbdcd122-6cd8-45fc-b91b-bf75092fa140" + ], + "layerId": "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", + "layerType": "data", + "legendDisplay": "default", + "metric": "c93dde3a-8225-449d-8989-89d62f7e64e6", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "70c151c6-d178-4fdd-8866-b2788dccbbcd": { - "columnOrder": [ - "39e018bf-de15-43bc-af87-5f7270f32d31", - "87920d79-a632-45b3-a079-613ce967dac0" - ], - "columns": { - "39e018bf-de15-43bc-af87-5f7270f32d31": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Gateway Selection Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "87920d79-a632-45b3-a079-613ce967dac0", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.selection_type" - }, - "87920d79-a632-45b3-a079-613ce967dac0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "636c04bb-8acb-4fca-b5e2-001c56fdf058", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "636c04bb-8acb-4fca-b5e2-001c56fdf058", + "title": "Distribution of GlobalProtect Events by Connect Method to Gateway [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47129d2c-02d8-4672-90ef-320770c3e8e3": { + "columnOrder": [ + "bdd142d5-00a0-4fc3-a229-a4f61ae67857", + "8cc22ce9-9823-482b-a3d3-28e91f46ad29" + ], + "columns": { + "8cc22ce9-9823-482b-a3d3-28e91f46ad29": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "bdd142d5-00a0-4fc3-a229-a4f61ae67857": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Method", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "39e018bf-de15-43bc-af87-5f7270f32d31" - ], - "layerId": "70c151c6-d178-4fdd-8866-b2788dccbbcd", - "layerType": "data", - "legendDisplay": "default", - "metric": "87920d79-a632-45b3-a079-613ce967dac0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5f85a927-93b7-48a4-87ca-c958a13a9609", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5f85a927-93b7-48a4-87ca-c958a13a9609", - "title": "Distribution of GlobalProtect Events by Gateway Selection Method [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.auth_method" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "bdd142d5-00a0-4fc3-a229-a4f61ae67857" + ], + "layerId": "47129d2c-02d8-4672-90ef-320770c3e8e3", + "layerType": "data", + "legendDisplay": "default", + "metric": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "939b1f80-7730-48d2-a3ad-05209f3b1c7f": { - "columnOrder": [ - "78099651-0ffc-4a94-af03-4ee36fe275e5", - "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49", - "0120c97f-ddd8-4167-aefb-434d8602e94d" - ], - "columns": { - "0120c97f-ddd8-4167-aefb-434d8602e94d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "78099651-0ffc-4a94-af03-4ee36fe275e5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operating System", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.family" - }, - "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Version", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.client_ver" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "73f1567a-13b6-472f-ac8a-1995dc15f625", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "73f1567a-13b6-472f-ac8a-1995dc15f625", + "title": "Distribution of GlobalProtect Events by Authentication Method [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "70c151c6-d178-4fdd-8866-b2788dccbbcd": { + "columnOrder": [ + "39e018bf-de15-43bc-af87-5f7270f32d31", + "87920d79-a632-45b3-a079-613ce967dac0" + ], + "columns": { + "39e018bf-de15-43bc-af87-5f7270f32d31": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Gateway Selection Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "87920d79-a632-45b3-a079-613ce967dac0", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "78099651-0ffc-4a94-af03-4ee36fe275e5", - "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49" - ], - "layerId": "939b1f80-7730-48d2-a3ad-05209f3b1c7f", - "layerType": "data", - "legendDisplay": "default", - "metric": "0120c97f-ddd8-4167-aefb-434d8602e94d", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.selection_type" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "84297b75-0138-4f95-b416-2e79c77afd4d", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "84297b75-0138-4f95-b416-2e79c77afd4d", - "title": "Distribution of GlobalProtect Events by Operating System and Client Version [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "87920d79-a632-45b3-a079-613ce967dac0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "39e018bf-de15-43bc-af87-5f7270f32d31" + ], + "layerId": "70c151c6-d178-4fdd-8866-b2788dccbbcd", + "layerType": "data", + "legendDisplay": "default", + "metric": "87920d79-a632-45b3-a079-613ce967dac0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "panelRefName": "panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] Global Protect", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "5f85a927-93b7-48a4-87ca-c958a13a9609", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "5f85a927-93b7-48a4-87ca-c958a13a9609", + "title": "Distribution of GlobalProtect Events by Gateway Selection Method [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "939b1f80-7730-48d2-a3ad-05209f3b1c7f": { + "columnOrder": [ + "78099651-0ffc-4a94-af03-4ee36fe275e5", + "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49", + "0120c97f-ddd8-4167-aefb-434d8602e94d" + ], + "columns": { + "0120c97f-ddd8-4167-aefb-434d8602e94d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "78099651-0ffc-4a94-af03-4ee36fe275e5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operating System", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.family" + }, + "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.client_ver" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "78099651-0ffc-4a94-af03-4ee36fe275e5", + "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49" + ], + "layerId": "939b1f80-7730-48d2-a3ad-05209f3b1c7f", + "layerType": "data", + "legendDisplay": "default", + "metric": "0120c97f-ddd8-4167-aefb-434d8602e94d", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "84297b75-0138-4f95-b416-2e79c77afd4d", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "84297b75-0138-4f95-b416-2e79c77afd4d", + "title": "Distribution of GlobalProtect Events by Operating System and Client Version [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", - "type": "index-pattern" + "gridData": { + "h": 19, + "i": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "panw-24a5cf50-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "81ef2c1c-2bea-4e89-97fa-7c90e465678f:panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "type": "search" - } + "panelIndex": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "panelRefName": "panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] Global Protect", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", + "type": "index-pattern" + }, + { + "id": "panw-24a5cf50-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "81ef2c1c-2bea-4e89-97fa-7c90e465678f:panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json index f705f78486a..0b24a7c3f93 100644 --- a/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json @@ -1,657 +1,662 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS Config and System Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"CONFIG\" or panw.panos.type : \"SYSTEM\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2fae76dc-439c-42c6-81af-3652ed79395a": { - "columnOrder": [ - "ae5c7550-3c45-4df7-9be6-12d7e0cca95e", - "21fa1b87-c70a-44fd-906e-f3f4b597c600" - ], - "columns": { - "21fa1b87-c70a-44fd-906e-f3f4b597c600": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ae5c7550-3c45-4df7-9be6-12d7e0cca95e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21fa1b87-c70a-44fd-906e-f3f4b597c600", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.client_type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ae5c7550-3c45-4df7-9be6-12d7e0cca95e" - ], - "layerId": "2fae76dc-439c-42c6-81af-3652ed79395a", - "layerType": "data", - "legendDisplay": "default", - "metric": "21fa1b87-c70a-44fd-906e-f3f4b597c600", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "id": "panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU4MSwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS Config and System Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"CONFIG\" or panw.panos.type : \"SYSTEM\")" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2fae76dc-439c-42c6-81af-3652ed79395a": { + "columnOrder": [ + "ae5c7550-3c45-4df7-9be6-12d7e0cca95e", + "21fa1b87-c70a-44fd-906e-f3f4b597c600" + ], + "columns": { + "21fa1b87-c70a-44fd-906e-f3f4b597c600": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", - "title": "Distribution of Config Events by Client [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "ae5c7550-3c45-4df7-9be6-12d7e0cca95e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21fa1b87-c70a-44fd-906e-f3f4b597c600", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "71288c95-38cf-4960-9e02-bad9022fed89": { - "columnOrder": [ - "dba2cfc5-3469-41f9-b48c-44bef1fec682", - "59530055-7bef-442b-a30a-2836f96aed1c" - ], - "columns": { - "59530055-7bef-442b-a30a-2836f96aed1c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "dba2cfc5-3469-41f9-b48c-44bef1fec682": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Result of Configuration Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "59530055-7bef-442b-a30a-2836f96aed1c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.result" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dba2cfc5-3469-41f9-b48c-44bef1fec682" - ], - "layerId": "71288c95-38cf-4960-9e02-bad9022fed89", - "layerType": "data", - "legendDisplay": "default", - "metric": "59530055-7bef-442b-a30a-2836f96aed1c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", - "title": "Distribution of Config Events by Result of Configuration Action [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.client_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ae5c7550-3c45-4df7-9be6-12d7e0cca95e" + ], + "layerId": "2fae76dc-439c-42c6-81af-3652ed79395a", + "layerType": "data", + "legendDisplay": "default", + "metric": "21fa1b87-c70a-44fd-906e-f3f4b597c600", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e5736d39-58c7-4d25-b1a6-678a9343ce65": { - "columnOrder": [ - "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", - "370fc305-4037-4274-bb63-d6531892cf56" - ], - "columns": { - "2a9bb41d-ee93-4068-b6b7-bce4b6e86485": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Command", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "370fc305-4037-4274-bb63-d6531892cf56", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.cmd" - }, - "370fc305-4037-4274-bb63-d6531892cf56": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" - }, - "visualization": { - "columns": [ - { - "columnId": "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", - "isTransposed": false - }, - { - "columnId": "370fc305-4037-4274-bb63-d6531892cf56", - "isTransposed": false - } - ], - "layerId": "e5736d39-58c7-4d25-b1a6-678a9343ce65", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", + "title": "Distribution of Config Events by Client [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "71288c95-38cf-4960-9e02-bad9022fed89": { + "columnOrder": [ + "dba2cfc5-3469-41f9-b48c-44bef1fec682", + "59530055-7bef-442b-a30a-2836f96aed1c" + ], + "columns": { + "59530055-7bef-442b-a30a-2836f96aed1c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6de0f512-eff6-4299-8aa7-2945b991c526", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "6de0f512-eff6-4299-8aa7-2945b991c526", - "title": "Top 10 Command performed by the Admin [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "w": 48, - "x": 0, - "y": 15 - }, - "panelIndex": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "panelRefName": "panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "dba2cfc5-3469-41f9-b48c-44bef1fec682": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Result of Configuration Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "59530055-7bef-442b-a30a-2836f96aed1c", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0ad02752-8f13-4a8b-bf71-f85d01d0079f": { - "columnOrder": [ - "6c047f97-3b11-4f12-899b-4b613f618d42", - "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3" - ], - "columns": { - "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "6c047f97-3b11-4f12-899b-4b613f618d42": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Module", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.module" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "6c047f97-3b11-4f12-899b-4b613f618d42" - ], - "layerId": "0ad02752-8f13-4a8b-bf71-f85d01d0079f", - "layerType": "data", - "legendDisplay": "default", - "metric": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", - "w": 24, - "x": 0, - "y": 35 - }, - "panelIndex": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", - "title": "Distribution of System Events by Module [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.result" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dba2cfc5-3469-41f9-b48c-44bef1fec682" + ], + "layerId": "71288c95-38cf-4960-9e02-bad9022fed89", + "layerType": "data", + "legendDisplay": "default", + "metric": "59530055-7bef-442b-a30a-2836f96aed1c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cb623bef-dc47-4006-b664-410b86519536": { - "columnOrder": [ - "d1e12f64-ba47-4271-b8e9-59670d855c0c", - "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca" - ], - "columns": { - "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "d1e12f64-ba47-4271-b8e9-59670d855c0c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", + "title": "Distribution of Config Events by Result of Configuration Action [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e5736d39-58c7-4d25-b1a6-678a9343ce65": { + "columnOrder": [ + "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", + "370fc305-4037-4274-bb63-d6531892cf56" + ], + "columns": { + "2a9bb41d-ee93-4068-b6b7-bce4b6e86485": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Command", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "370fc305-4037-4274-bb63-d6531892cf56", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d1e12f64-ba47-4271-b8e9-59670d855c0c" - ], - "layerId": "cb623bef-dc47-4006-b664-410b86519536", - "layerType": "data", - "legendDisplay": "default", - "metric": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.cmd" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f58e08fd-d5da-4ce8-9b3b-06534e199357", - "w": 24, - "x": 24, - "y": 35 - }, - "panelIndex": "f58e08fd-d5da-4ce8-9b3b-06534e199357", - "title": "Distribution of System Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "370fc305-4037-4274-bb63-d6531892cf56": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" + }, + "visualization": { + "columns": [ + { + "columnId": "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", + "isTransposed": false + }, + { + "columnId": "370fc305-4037-4274-bb63-d6531892cf56", + "isTransposed": false + } + ], + "layerId": "e5736d39-58c7-4d25-b1a6-678a9343ce65", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "90cc1874-fa55-4459-98a9-0b8507f7de3b", - "w": 48, - "x": 0, - "y": 50 - }, - "panelIndex": "90cc1874-fa55-4459-98a9-0b8507f7de3b", - "panelRefName": "panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] System and Config", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "6de0f512-eff6-4299-8aa7-2945b991c526", + "w": 16, + "x": 32, + "y": 0 }, - { - "id": "logs-*", - "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", - "type": "index-pattern" + "panelIndex": "6de0f512-eff6-4299-8aa7-2945b991c526", + "title": "Top 10 Command performed by the Admin [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 20, + "i": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "w": 48, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", - "type": "index-pattern" + "panelIndex": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "panelRefName": "panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0ad02752-8f13-4a8b-bf71-f85d01d0079f": { + "columnOrder": [ + "6c047f97-3b11-4f12-899b-4b613f618d42", + "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3" + ], + "columns": { + "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "6c047f97-3b11-4f12-899b-4b613f618d42": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Module", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.module" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "6c047f97-3b11-4f12-899b-4b613f618d42" + ], + "layerId": "0ad02752-8f13-4a8b-bf71-f85d01d0079f", + "layerType": "data", + "legendDisplay": "default", + "metric": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "panw-c53134a0-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9:panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "type": "search" + "gridData": { + "h": 15, + "i": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", + "w": 24, + "x": 0, + "y": 35 }, - { - "id": "logs-*", - "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", + "title": "Distribution of System Events by Module [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cb623bef-dc47-4006-b664-410b86519536": { + "columnOrder": [ + "d1e12f64-ba47-4271-b8e9-59670d855c0c", + "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca" + ], + "columns": { + "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d1e12f64-ba47-4271-b8e9-59670d855c0c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d1e12f64-ba47-4271-b8e9-59670d855c0c" + ], + "layerId": "cb623bef-dc47-4006-b664-410b86519536", + "layerType": "data", + "legendDisplay": "default", + "metric": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "f58e08fd-d5da-4ce8-9b3b-06534e199357", + "w": 24, + "x": 24, + "y": 35 }, - { - "id": "logs-*", - "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "f58e08fd-d5da-4ce8-9b3b-06534e199357", + "title": "Distribution of System Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", - "type": "index-pattern" + "gridData": { + "h": 21, + "i": "90cc1874-fa55-4459-98a9-0b8507f7de3b", + "w": 48, + "x": 0, + "y": 50 }, - { - "id": "panw-d01e7260-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "90cc1874-fa55-4459-98a9-0b8507f7de3b:panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", - "type": "search" - } + "panelIndex": "90cc1874-fa55-4459-98a9-0b8507f7de3b", + "panelRefName": "panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] System and Config", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", + "type": "index-pattern" + }, + { + "id": "panw-c53134a0-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9:panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "type": "search" + }, + { + "id": "logs-*", + "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", + "type": "index-pattern" + }, + { + "id": "panw-d01e7260-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "90cc1874-fa55-4459-98a9-0b8507f7de3b:panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json b/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json index 221f10cfbf2..8f6116b0101 100644 --- a/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json +++ b/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json @@ -1,1622 +1,1627 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS Networks Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - } - } + "id": "panw-e40ba240-7572-11e9-976e-65a8f47cc4c1", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU4MiwxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS Networks Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"f1552cbe-a7ee-44aa-8267-84a5becc47b0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e05f7ca1-ad23-44f5-ba1e-fd4593862f64\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"1a4eafd8-1bc1-42c8-9679-cffe5c9f7d81\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Source Flows Map [Logs PANW]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"f1552cbe-a7ee-44aa-8267-84a5becc47b0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e05f7ca1-ad23-44f5-ba1e-fd4593862f64\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"1a4eafd8-1bc1-42c8-9679-cffe5c9f7d81\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Source Flows Map [Logs PANW]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", - "type": "map", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"b690c8fa-43ee-4991-9db5-9ea7243272d1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4fafc878-ca54-4363-9bd9-7b9af45ee80a\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"846dde31-2090-4d3b-85d4-8a6e3bee3ec7\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Flows Map [Logs PANW]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", - "type": "map", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1c2d6cb2-e621-4508-b091-68698e3cbdc5": { - "columnOrder": [ - "229cfee3-124b-40f5-bcd0-1d7ee1b34edd", - "56729bfd-ea64-42a8-9753-ef696d89f487" - ], - "columns": { - "229cfee3-124b-40f5-bcd0-1d7ee1b34edd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action Source", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "56729bfd-ea64-42a8-9753-ef696d89f487", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action_source" - }, - "56729bfd-ea64-42a8-9753-ef696d89f487": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "panelIndex": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", + "type": "map", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"b690c8fa-43ee-4991-9db5-9ea7243272d1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4fafc878-ca54-4363-9bd9-7b9af45ee80a\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"846dde31-2090-4d3b-85d4-8a6e3bee3ec7\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Flows Map [Logs PANW]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", + "type": "map", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1c2d6cb2-e621-4508-b091-68698e3cbdc5": { + "columnOrder": [ + "229cfee3-124b-40f5-bcd0-1d7ee1b34edd", + "56729bfd-ea64-42a8-9753-ef696d89f487" + ], + "columns": { + "229cfee3-124b-40f5-bcd0-1d7ee1b34edd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action Source", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "56729bfd-ea64-42a8-9753-ef696d89f487", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "56729bfd-ea64-42a8-9753-ef696d89f487" - ], - "layerId": "1c2d6cb2-e621-4508-b091-68698e3cbdc5", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "229cfee3-124b-40f5-bcd0-1d7ee1b34edd" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action_source" }, - "visualizationType": "lnsXY" - }, - "enhancements": {} + "56729bfd-ea64-42a8-9753-ef696d89f487": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", - "w": 15, - "x": 0, - "y": 45 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", - "title": "Distribution of Traffic Events by Action Source [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "43b12ac6-d4db-411f-b08e-f5f4075e0be5": { - "columnOrder": [ - "2d5e41f9-eeab-4d27-a10e-22832cee676f", - "4de61db4-2821-402e-873a-47127e6d9b40" - ], - "columns": { - "2d5e41f9-eeab-4d27-a10e-22832cee676f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Tunnel Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4de61db4-2821-402e-873a-47127e6d9b40", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.tunnel_type" - }, - "4de61db4-2821-402e-873a-47127e6d9b40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "2d5e41f9-eeab-4d27-a10e-22832cee676f" - ], - "layerId": "43b12ac6-d4db-411f-b08e-f5f4075e0be5", - "layerType": "data", - "legendDisplay": "default", - "metric": "4de61db4-2821-402e-873a-47127e6d9b40", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "visualizationType": "lnsPie" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "56729bfd-ea64-42a8-9753-ef696d89f487" + ], + "layerId": "1c2d6cb2-e621-4508-b091-68698e3cbdc5", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "229cfee3-124b-40f5-bcd0-1d7ee1b34edd" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", - "w": 16, - "x": 15, - "y": 45 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", - "title": "Distribution of Traffic Events by Tunnel Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0104fc7a-d74d-4b79-96f9-5b21d7d0940d": { - "columnOrder": [ - "ff0392e1-30de-492d-a628-c7142a500f78", - "da04cda5-8263-4e5d-8135-aa6dfd0f0f82" - ], - "columns": { - "da04cda5-8263-4e5d-8135-aa6dfd0f0f82": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ff0392e1-30de-492d-a628-c7142a500f78": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } - } + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", + "w": 15, + "x": 0, + "y": 45 + }, + "panelIndex": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", + "title": "Distribution of Traffic Events by Action Source [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "43b12ac6-d4db-411f-b08e-f5f4075e0be5": { + "columnOrder": [ + "2d5e41f9-eeab-4d27-a10e-22832cee676f", + "4de61db4-2821-402e-873a-47127e6d9b40" + ], + "columns": { + "2d5e41f9-eeab-4d27-a10e-22832cee676f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Tunnel Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4de61db4-2821-402e-873a-47127e6d9b40", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ff0392e1-30de-492d-a628-c7142a500f78" - ], - "layerId": "0104fc7a-d74d-4b79-96f9-5b21d7d0940d", - "layerType": "data", - "legendDisplay": "default", - "metric": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.tunnel_type" }, - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", - "w": 17, - "x": 31, - "y": 45 - }, - "panelIndex": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", - "title": "Distribution of Traffic Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "4de61db4-2821-402e-873a-47127e6d9b40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "2d5e41f9-eeab-4d27-a10e-22832cee676f" + ], + "layerId": "43b12ac6-d4db-411f-b08e-f5f4075e0be5", + "layerType": "data", + "legendDisplay": "default", + "metric": "4de61db4-2821-402e-873a-47127e6d9b40", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "80fb7018-784a-46f3-bf53-9ee5c04cc299": { - "columnOrder": [ - "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d", - "ab98b24d-f7d3-473e-904b-a72d4eaa7968", - "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", - "acde10ea-a51a-4ab6-9f04-413ef5727c85" - ], - "columns": { - "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" - }, - "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - }, - "ab98b24d-f7d3-473e-904b-a72d4eaa7968": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" - }, - "acde10ea-a51a-4ab6-9f04-413ef5727c85": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", + "w": 16, + "x": 15, + "y": 45 + }, + "panelIndex": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", + "title": "Distribution of Traffic Events by Tunnel Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0104fc7a-d74d-4b79-96f9-5b21d7d0940d": { + "columnOrder": [ + "ff0392e1-30de-492d-a628-c7142a500f78", + "da04cda5-8263-4e5d-8135-aa6dfd0f0f82" + ], + "columns": { + "da04cda5-8263-4e5d-8135-aa6dfd0f0f82": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ff0392e1-30de-492d-a628-c7142a500f78": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d" - }, - { - "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85" - }, - { - "columnId": "ab98b24d-f7d3-473e-904b-a72d4eaa7968", - "isTransposed": false - }, - { - "columnId": "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", - "isTransposed": false - } - ], - "layerId": "80fb7018-784a-46f3-bf53-9ee5c04cc299", - "layerType": "data" - } - }, - "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "2921706d-6ceb-4030-bdb3-d18db36af7e5", - "w": 29, - "x": 0, - "y": 60 - }, - "panelIndex": "2921706d-6ceb-4030-bdb3-d18db36af7e5", - "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ff0392e1-30de-492d-a628-c7142a500f78" + ], + "layerId": "0104fc7a-d74d-4b79-96f9-5b21d7d0940d", + "layerType": "data", + "legendDisplay": "default", + "metric": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc": { - "columnOrder": [ - "ca1f351d-5799-4a5a-88b6-a8278a82c44e", - "ae53c772-e53d-49a6-b2f8-aeb04615690f" - ], - "columns": { - "ae53c772-e53d-49a6-b2f8-aeb04615690f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ca1f351d-5799-4a5a-88b6-a8278a82c44e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Session End Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae53c772-e53d-49a6-b2f8-aeb04615690f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.endreason" - } - }, - "incompleteColumns": {} - } - } - } + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", + "w": 17, + "x": 31, + "y": 45 + }, + "panelIndex": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", + "title": "Distribution of Traffic Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "80fb7018-784a-46f3-bf53-9ee5c04cc299": { + "columnOrder": [ + "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d", + "ab98b24d-f7d3-473e-904b-a72d4eaa7968", + "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", + "acde10ea-a51a-4ab6-9f04-413ef5727c85" + ], + "columns": { + "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "ae53c772-e53d-49a6-b2f8-aeb04615690f" - ], - "layerId": "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "ca1f351d-5799-4a5a-88b6-a8278a82c44e" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" }, - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", - "w": 19, - "x": 29, - "y": 60 - }, - "panelIndex": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", - "title": "Distribution of Traffic Events by Session End Reason [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "w": 48, - "x": 0, - "y": 75 - }, - "panelIndex": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "panelRefName": "panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extendToTimeRange": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30s" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": true, - "params": { - "query": "flow_terminated" - }, - "type": "phrase", - "value": "flow_terminated" - }, - "query": { - "match": { - "event.action": { - "query": "flow_terminated", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false + "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", + "type": "column" }, - "isVislibVis": true, - "labels": { - "show": false + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + }, + "ab98b24d-f7d3-473e-904b-a72d4eaa7968": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", + "type": "column" }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" }, - "type": "histogram", - "uiState": { - "vis": { - "legendOpen": false - } + "acde10ea-a51a-4ab6-9f04-413ef5727c85": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 15, - "i": "64dcfd5b-2640-432b-81b7-60405232b4a3", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "64dcfd5b-2640-432b-81b7-60405232b4a3", - "title": "Flow Creation Histogram [Logs PANW]", - "type": "visualization", - "version": "8.2.1" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d" + }, + { + "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85" + }, + { + "columnId": "ab98b24d-f7d3-473e-904b-a72d4eaa7968", + "isTransposed": false + }, + { + "columnId": "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", + "isTransposed": false + } + ], + "layerId": "80fb7018-784a-46f3-bf53-9ee5c04cc299", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "observer.ingress.zone", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": true, - "params": { - "query": "flow_started" - }, - "type": "phrase", - "value": "flow_started" - }, - "query": { - "match": { - "event.action": { - "query": "flow_started", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2921706d-6ceb-4030-bdb3-d18db36af7e5", + "w": 29, + "x": 0, + "y": 60 + }, + "panelIndex": "2921706d-6ceb-4030-bdb3-d18db36af7e5", + "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc": { + "columnOrder": [ + "ca1f351d-5799-4a5a-88b6-a8278a82c44e", + "ae53c772-e53d-49a6-b2f8-aeb04615690f" + ], + "columns": { + "ae53c772-e53d-49a6-b2f8-aeb04615690f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false + "ca1f351d-5799-4a5a-88b6-a8278a82c44e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session End Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae53c772-e53d-49a6-b2f8-aeb04615690f", + "type": "column" }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "horizontal_bar", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "uiState": { - "vis": { - "legendOpen": false - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.endreason" } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "49836c0a-6ee7-4ed7-adc9-444169243b4c", - "w": 12, - "x": 24, - "y": 15 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "49836c0a-6ee7-4ed7-adc9-444169243b4c", - "title": "Source Zone breakout [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "observer.egress.zone", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": true, - "params": { - "query": "flow_started" - }, - "type": "phrase", - "value": "flow_started" - }, - "query": { - "match": { - "event.action": { - "query": "flow_started", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "horizontal_bar", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "uiState": {} - } + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", - "w": 12, - "x": 36, - "y": 15 + "layers": [ + { + "accessors": [ + "ae53c772-e53d-49a6-b2f8-aeb04615690f" + ], + "layerId": "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "ca1f351d-5799-4a5a-88b6-a8278a82c44e" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", - "title": "Destination Zone breakout [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.application", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", - "w": 24, - "x": 24, - "y": 30 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", - "title": "Network Application breakout [Logs PANW]", - "type": "visualization", - "version": "8.2.1" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "60d64f0c-372d-40fd-b522-0d13a7513795", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "60d64f0c-372d-40fd-b522-0d13a7513795", - "title": "Event Outcome by Transport and Destination Port [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] Network Flows", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-e40ba240-7572-11e9-976e-65a8f47cc4c1", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "c31e5ac3-5063-4124-9a6f-b01af9e160b4:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2b2d20f7-1d92-47e1-b44d-223c78a812a2:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", + "w": 19, + "x": 29, + "y": 60 }, - { - "id": "logs-*", - "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", + "title": "Distribution of Traffic Events by Session End Reason [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", - "type": "index-pattern" + "gridData": { + "h": 21, + "i": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "w": 48, + "x": 0, + "y": 75 }, - { - "id": "logs-*", - "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "panelRefName": "panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extendToTimeRange": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30s" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_terminated" + }, + "type": "phrase", + "value": "flow_terminated" + }, + "query": { + "match": { + "event.action": { + "query": "flow_terminated", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "uiState": { + "vis": { + "legendOpen": false + } + } + } }, - { - "id": "logs-*", - "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "64dcfd5b-2640-432b-81b7-60405232b4a3", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "panw-9df5cdf0-ddaf-11ec-8e76-9b3b99f98cd4", - "name": "a2049bc0-48d4-40f0-882a-2191b99d6a8f:panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "type": "search" + "panelIndex": "64dcfd5b-2640-432b-81b7-60405232b4a3", + "title": "Flow Creation Histogram [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "observer.ingress.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "horizontal_bar", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "uiState": { + "vis": { + "legendOpen": false + } + } + } }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:search_0", - "type": "search" + "gridData": { + "h": 15, + "i": "49836c0a-6ee7-4ed7-adc9-444169243b4c", + "w": 12, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "49836c0a-6ee7-4ed7-adc9-444169243b4c", + "title": "Source Zone breakout [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "observer.egress.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "horizontal_bar", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "uiState": {} + } }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:search_0", - "type": "search" + "gridData": { + "h": 15, + "i": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", + "w": 12, + "x": 36, + "y": 15 }, - { - "id": "logs-*", - "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", + "title": "Destination Zone breakout [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:search_0", - "type": "search" + "gridData": { + "h": 15, + "i": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "logs-*", - "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", + "title": "Network Application breakout [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d:search_0", - "type": "search" + "gridData": { + "h": 15, + "i": "60d64f0c-372d-40fd-b522-0d13a7513795", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "60d64f0c-372d-40fd-b522-0d13a7513795:search_0", - "type": "search" - } + "panelIndex": "60d64f0c-372d-40fd-b522-0d13a7513795", + "title": "Event Outcome by Transport and Destination Port [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] Network Flows", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "c31e5ac3-5063-4124-9a6f-b01af9e160b4:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2b2d20f7-1d92-47e1-b44d-223c78a812a2:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", + "type": "index-pattern" + }, + { + "id": "panw-9df5cdf0-ddaf-11ec-8e76-9b3b99f98cd4", + "name": "a2049bc0-48d4-40f0-882a-2191b99d6a8f:panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "type": "search" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d:search_0", + "type": "search" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "60d64f0c-372d-40fd-b522-0d13a7513795:search_0", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json index 9958ed562bb..f9519e79ab0 100644 --- a/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json @@ -1,1412 +1,1417 @@ { - "attributes": { - "description": "Palo Alto Networks PAN-OS GTP and SCTP Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"GTP\" or panw.panos.type : \"SCTP\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "37953b09-6cff-411c-bdb4-b6ab4667cfbf": { - "columnOrder": [ - "2e42246b-8906-4ff5-b644-1e6d90928a2e", - "d9c80c61-73d9-4246-897e-aa458c07440f" - ], - "columns": { - "2e42246b-8906-4ff5-b644-1e6d90928a2e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d9c80c61-73d9-4246-897e-aa458c07440f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.application" - }, - "d9c80c61-73d9-4246-897e-aa458c07440f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "id": "panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:06:16.816Z", + "version": "WzU4MywxXQ==", + "attributes": { + "description": "Palo Alto Networks PAN-OS GTP and SCTP Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"GTP\" or panw.panos.type : \"SCTP\")" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "37953b09-6cff-411c-bdb4-b6ab4667cfbf": { + "columnOrder": [ + "2e42246b-8906-4ff5-b644-1e6d90928a2e", + "d9c80c61-73d9-4246-897e-aa458c07440f" + ], + "columns": { + "2e42246b-8906-4ff5-b644-1e6d90928a2e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d9c80c61-73d9-4246-897e-aa458c07440f", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "2e42246b-8906-4ff5-b644-1e6d90928a2e" - ], - "layerId": "37953b09-6cff-411c-bdb4-b6ab4667cfbf", - "layerType": "data", - "legendDisplay": "default", - "metric": "d9c80c61-73d9-4246-897e-aa458c07440f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.application" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", - "title": "Distribution of GTP Events by Tunneling Protocol [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "d9c80c61-73d9-4246-897e-aa458c07440f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "2e42246b-8906-4ff5-b644-1e6d90928a2e" + ], + "layerId": "37953b09-6cff-411c-bdb4-b6ab4667cfbf", + "layerType": "data", + "legendDisplay": "default", + "metric": "d9c80c61-73d9-4246-897e-aa458c07440f", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d945ceac-e350-45bc-8f86-8056e6b4777c": { - "columnOrder": [ - "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64", - "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8" - ], - "columns": { - "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64" - ], - "layerId": "d945ceac-e350-45bc-8f86-8056e6b4777c", - "layerType": "data", - "legendDisplay": "default", - "metric": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", + "title": "Distribution of GTP Events by Tunneling Protocol [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d945ceac-e350-45bc-8f86-8056e6b4777c": { + "columnOrder": [ + "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64", + "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8" + ], + "columns": { + "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6503dfff-48b2-4894-b16d-202fd2c279ac", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "6503dfff-48b2-4894-b16d-202fd2c279ac", - "title": "Distribution of GTP Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "95b34e65-f823-4168-acb3-6de1c847a6c9": { - "columnOrder": [ - "53c725ee-0984-4504-8f5c-5a88b7c7729e", - "6bb29f78-f893-4e4a-964d-9543503100b2" - ], - "columns": { - "53c725ee-0984-4504-8f5c-5a88b7c7729e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Radio Access Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6bb29f78-f893-4e4a-964d-9543503100b2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.radio_access_technology_type" - }, - "6bb29f78-f893-4e4a-964d-9543503100b2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "53c725ee-0984-4504-8f5c-5a88b7c7729e" - ], - "layerId": "95b34e65-f823-4168-acb3-6de1c847a6c9", - "layerType": "data", - "legendDisplay": "default", - "metric": "6bb29f78-f893-4e4a-964d-9543503100b2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d893cb39-94bb-4c57-9821-d14848a3cf62", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "d893cb39-94bb-4c57-9821-d14848a3cf62", - "title": "Distribution of GTP Events by Radio Access Technology [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64" + ], + "layerId": "d945ceac-e350-45bc-8f86-8056e6b4777c", + "layerType": "data", + "legendDisplay": "default", + "metric": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ab52534a-d6bd-4d65-9809-5e6151646028": { - "columnOrder": [ - "401aab5f-22de-48c0-93c0-1f85451b39ba", - "73a018de-4600-4374-9d78-da2c48b8ec8e" - ], - "columns": { - "401aab5f-22de-48c0-93c0-1f85451b39ba": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "GTP Message Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "73a018de-4600-4374-9d78-da2c48b8ec8e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.message_type" - }, - "73a018de-4600-4374-9d78-da2c48b8ec8e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6503dfff-48b2-4894-b16d-202fd2c279ac", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "6503dfff-48b2-4894-b16d-202fd2c279ac", + "title": "Distribution of GTP Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "95b34e65-f823-4168-acb3-6de1c847a6c9": { + "columnOrder": [ + "53c725ee-0984-4504-8f5c-5a88b7c7729e", + "6bb29f78-f893-4e4a-964d-9543503100b2" + ], + "columns": { + "53c725ee-0984-4504-8f5c-5a88b7c7729e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Radio Access Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6bb29f78-f893-4e4a-964d-9543503100b2", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "401aab5f-22de-48c0-93c0-1f85451b39ba" - ], - "layerId": "ab52534a-d6bd-4d65-9809-5e6151646028", - "layerType": "data", - "legendDisplay": "default", - "metric": "73a018de-4600-4374-9d78-da2c48b8ec8e", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.radio_access_technology_type" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "62030e7d-6766-4a90-8bd1-04ea752de4b8", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "62030e7d-6766-4a90-8bd1-04ea752de4b8", - "title": "Distribution of GTP Events by GTP Message Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "6bb29f78-f893-4e4a-964d-9543503100b2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "53c725ee-0984-4504-8f5c-5a88b7c7729e" + ], + "layerId": "95b34e65-f823-4168-acb3-6de1c847a6c9", + "layerType": "data", + "legendDisplay": "default", + "metric": "6bb29f78-f893-4e4a-964d-9543503100b2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "090bed90-65fa-4a6b-95cd-41cc89e205e1": { - "columnOrder": [ - "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26", - "bf904371-c8ba-4db1-a3bf-10a120d7e391", - "ea893821-5b67-4a4e-bbd0-83e101313647", - "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" - ], - "columns": { - "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" - }, - "b761b153-6e66-4c26-9152-f1c8e8ddb1ac": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "bf904371-c8ba-4db1-a3bf-10a120d7e391": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" - }, - "ea893821-5b67-4a4e-bbd0-83e101313647": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d893cb39-94bb-4c57-9821-d14848a3cf62", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "d893cb39-94bb-4c57-9821-d14848a3cf62", + "title": "Distribution of GTP Events by Radio Access Technology [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ab52534a-d6bd-4d65-9809-5e6151646028": { + "columnOrder": [ + "401aab5f-22de-48c0-93c0-1f85451b39ba", + "73a018de-4600-4374-9d78-da2c48b8ec8e" + ], + "columns": { + "401aab5f-22de-48c0-93c0-1f85451b39ba": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "GTP Message Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "73a018de-4600-4374-9d78-da2c48b8ec8e", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type :\"GTP\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26" - }, - { - "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" - }, - { - "columnId": "bf904371-c8ba-4db1-a3bf-10a120d7e391", - "isTransposed": false - }, - { - "columnId": "ea893821-5b67-4a4e-bbd0-83e101313647", - "isTransposed": false - } - ], - "layerId": "090bed90-65fa-4a6b-95cd-41cc89e205e1", - "layerType": "data" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.message_type" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", - "w": 30, - "x": 0, - "y": 30 - }, - "panelIndex": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", - "title": "Top 10 GTP Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "73a018de-4600-4374-9d78-da2c48b8ec8e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "401aab5f-22de-48c0-93c0-1f85451b39ba" + ], + "layerId": "ab52534a-d6bd-4d65-9809-5e6151646028", + "layerType": "data", + "legendDisplay": "default", + "metric": "73a018de-4600-4374-9d78-da2c48b8ec8e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7c5c56c1-1c2d-4b04-829c-e6708722edb5": { - "columnOrder": [ - "a4e93049-e21a-40bb-ac4c-f14870d2be28", - "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67" - ], - "columns": { - "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "a4e93049-e21a-40bb-ac4c-f14870d2be28": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "62030e7d-6766-4a90-8bd1-04ea752de4b8", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "62030e7d-6766-4a90-8bd1-04ea752de4b8", + "title": "Distribution of GTP Events by GTP Message Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "090bed90-65fa-4a6b-95cd-41cc89e205e1": { + "columnOrder": [ + "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26", + "bf904371-c8ba-4db1-a3bf-10a120d7e391", + "ea893821-5b67-4a4e-bbd0-83e101313647", + "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" + ], + "columns": { + "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a4e93049-e21a-40bb-ac4c-f14870d2be28" - ], - "layerId": "7c5c56c1-1c2d-4b04-829c-e6708722edb5", - "layerType": "data", - "legendDisplay": "default", - "metric": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3d040105-b7ad-4af9-95ef-b0b39df4f108", - "w": 18, - "x": 30, - "y": 30 - }, - "panelIndex": "3d040105-b7ad-4af9-95ef-b0b39df4f108", - "title": "Distribution of GTP Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "panelRefName": "panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8899e6ee-bb67-41c3-9d68-54d139f158c5": { - "columnOrder": [ - "6e89644d-eddc-4e20-9f14-e85dd45f27d2", - "19764130-3b6d-4478-a9d0-0c5eadab7b7c" - ], - "columns": { - "19764130-3b6d-4478-a9d0-0c5eadab7b7c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "6e89644d-eddc-4e20-9f14-e85dd45f27d2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "SCTP Association End Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.sctp.assoc_end_reason" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "6e89644d-eddc-4e20-9f14-e85dd45f27d2" - ], - "layerId": "8899e6ee-bb67-41c3-9d68-54d139f158c5", - "layerType": "data", - "legendDisplay": "default", - "metric": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "b761b153-6e66-4c26-9152-f1c8e8ddb1ac": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", - "w": 16, - "x": 0, - "y": 65 - }, - "panelIndex": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", - "title": "Distribution of SCTP Events by SCTP Association End Reason [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "bf904371-c8ba-4db1-a3bf-10a120d7e391": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "74cb4c8b-d3a7-42e0-af64-03572454b444": { - "columnOrder": [ - "392aaef7-65c9-44cf-a61f-45eab7b41642", - "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6" - ], - "columns": { - "392aaef7-65c9-44cf-a61f-45eab7b41642": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operation Code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.op_code" - }, - "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "392aaef7-65c9-44cf-a61f-45eab7b41642" - ], - "layerId": "74cb4c8b-d3a7-42e0-af64-03572454b444", - "layerType": "data", - "legendDisplay": "default", - "metric": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "facc00d8-cfd3-4475-8407-632ca7083abe", - "w": 15, - "x": 16, - "y": 65 - }, - "panelIndex": "facc00d8-cfd3-4475-8407-632ca7083abe", - "title": "Distribution of SCTP Events by Operation Code [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4c84f3fe-a72a-4ed6-9859-34f408db5ed0": { - "columnOrder": [ - "fc6926b0-8681-45e3-953a-4cd54adcdfdb", - "5ab2e7c2-6c93-4948-a172-7628061d9ac8" - ], - "columns": { - "5ab2e7c2-6c93-4948-a172-7628061d9ac8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "fc6926b0-8681-45e3-953a-4cd54adcdfdb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } + "ea893821-5b67-4a4e-bbd0-83e101313647": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "fc6926b0-8681-45e3-953a-4cd54adcdfdb" - ], - "layerId": "4c84f3fe-a72a-4ed6-9859-34f408db5ed0", - "layerType": "data", - "legendDisplay": "default", - "metric": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "70be4044-e443-471d-afa2-8c9ad770c1cf", - "w": 17, - "x": 31, - "y": 65 - }, - "panelIndex": "70be4044-e443-471d-afa2-8c9ad770c1cf", - "title": "Distribution of SCTP Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type :\"GTP\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26" + }, + { + "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" + }, + { + "columnId": "bf904371-c8ba-4db1-a3bf-10a120d7e391", + "isTransposed": false + }, + { + "columnId": "ea893821-5b67-4a4e-bbd0-83e101313647", + "isTransposed": false + } + ], + "layerId": "090bed90-65fa-4a6b-95cd-41cc89e205e1", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f": { - "columnOrder": [ - "b44e1938-0591-40b2-b5f6-e02e9849da69", - "f5ff81ac-d2dd-419e-baef-ad6508a26281" - ], - "columns": { - "b44e1938-0591-40b2-b5f6-e02e9849da69": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f5ff81ac-d2dd-419e-baef-ad6508a26281", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - }, - "f5ff81ac-d2dd-419e-baef-ad6508a26281": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b44e1938-0591-40b2-b5f6-e02e9849da69" - ], - "layerId": "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", - "layerType": "data", - "legendDisplay": "default", - "metric": "f5ff81ac-d2dd-419e-baef-ad6508a26281", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", + "w": 30, + "x": 0, + "y": 30 + }, + "panelIndex": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", + "title": "Top 10 GTP Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7c5c56c1-1c2d-4b04-829c-e6708722edb5": { + "columnOrder": [ + "a4e93049-e21a-40bb-ac4c-f14870d2be28", + "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67" + ], + "columns": { + "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7f515d29-459d-45c9-9e53-05f1822e90bf", - "w": 24, - "x": 0, - "y": 80 - }, - "panelIndex": "7f515d29-459d-45c9-9e53-05f1822e90bf", - "title": "Distribution of SCTP Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "34c3c1e6-8715-4350-a814-8d4a92963eb9": { - "columnOrder": [ - "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37", - "fe38243b-d323-4825-898e-b06434925a09" - ], - "columns": { - "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "SCTP Filter Matched", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "fe38243b-d323-4825-898e-b06434925a09", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.sctp.filter" - }, - "fe38243b-d323-4825-898e-b06434925a09": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "a4e93049-e21a-40bb-ac4c-f14870d2be28": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37" - ], - "layerId": "34c3c1e6-8715-4350-a814-8d4a92963eb9", - "layerType": "data", - "legendDisplay": "default", - "metric": "fe38243b-d323-4825-898e-b06434925a09", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "38bf38e1-1bce-432d-9f95-1350427f72f4", - "w": 24, - "x": 24, - "y": 80 - }, - "panelIndex": "38bf38e1-1bce-432d-9f95-1350427f72f4", - "title": "Distribution of SCTP Events by SCTP Filter Matched [Logs PANW]", - "type": "lens", - "version": "8.2.1" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a4e93049-e21a-40bb-ac4c-f14870d2be28" + ], + "layerId": "7c5c56c1-1c2d-4b04-829c-e6708722edb5", + "layerType": "data", + "legendDisplay": "default", + "metric": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "w": 48, - "x": 0, - "y": 95 - }, - "panelIndex": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "panelRefName": "panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "type": "search", - "version": "8.2.1" - } - ], - "timeRestore": false, - "title": "[Logs PANW] GTP and SCTP", - "version": 1 - }, - "coreMigrationVersion": "8.2.1", - "id": "panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "3d040105-b7ad-4af9-95ef-b0b39df4f108", + "w": 18, + "x": 30, + "y": 30 }, - { - "id": "logs-*", - "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", - "type": "index-pattern" + "panelIndex": "3d040105-b7ad-4af9-95ef-b0b39df4f108", + "title": "Distribution of GTP Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 20, + "i": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "w": 48, + "x": 0, + "y": 45 }, - { - "id": "logs-*", - "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", - "type": "index-pattern" + "panelIndex": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "panelRefName": "panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8899e6ee-bb67-41c3-9d68-54d139f158c5": { + "columnOrder": [ + "6e89644d-eddc-4e20-9f14-e85dd45f27d2", + "19764130-3b6d-4478-a9d0-0c5eadab7b7c" + ], + "columns": { + "19764130-3b6d-4478-a9d0-0c5eadab7b7c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "6e89644d-eddc-4e20-9f14-e85dd45f27d2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "SCTP Association End Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.sctp.assoc_end_reason" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "6e89644d-eddc-4e20-9f14-e85dd45f27d2" + ], + "layerId": "8899e6ee-bb67-41c3-9d68-54d139f158c5", + "layerType": "data", + "legendDisplay": "default", + "metric": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "panw-89e2f970-ddb7-11ec-8e76-9b3b99f98cd4", - "name": "4abbd412-3516-4fdc-9796-c4c3aa34d48a:panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "type": "search" + "gridData": { + "h": 15, + "i": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", + "w": 16, + "x": 0, + "y": 65 }, - { - "id": "logs-*", - "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", + "title": "Distribution of SCTP Events by SCTP Association End Reason [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "74cb4c8b-d3a7-42e0-af64-03572454b444": { + "columnOrder": [ + "392aaef7-65c9-44cf-a61f-45eab7b41642", + "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6" + ], + "columns": { + "392aaef7-65c9-44cf-a61f-45eab7b41642": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operation Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.op_code" + }, + "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "392aaef7-65c9-44cf-a61f-45eab7b41642" + ], + "layerId": "74cb4c8b-d3a7-42e0-af64-03572454b444", + "layerType": "data", + "legendDisplay": "default", + "metric": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "facc00d8-cfd3-4475-8407-632ca7083abe", + "w": 15, + "x": 16, + "y": 65 }, - { - "id": "logs-*", - "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "facc00d8-cfd3-4475-8407-632ca7083abe", + "title": "Distribution of SCTP Events by Operation Code [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4c84f3fe-a72a-4ed6-9859-34f408db5ed0": { + "columnOrder": [ + "fc6926b0-8681-45e3-953a-4cd54adcdfdb", + "5ab2e7c2-6c93-4948-a172-7628061d9ac8" + ], + "columns": { + "5ab2e7c2-6c93-4948-a172-7628061d9ac8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fc6926b0-8681-45e3-953a-4cd54adcdfdb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "fc6926b0-8681-45e3-953a-4cd54adcdfdb" + ], + "layerId": "4c84f3fe-a72a-4ed6-9859-34f408db5ed0", + "layerType": "data", + "legendDisplay": "default", + "metric": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "70be4044-e443-471d-afa2-8c9ad770c1cf", + "w": 17, + "x": 31, + "y": 65 }, - { - "id": "logs-*", - "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "70be4044-e443-471d-afa2-8c9ad770c1cf", + "title": "Distribution of SCTP Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f": { + "columnOrder": [ + "b44e1938-0591-40b2-b5f6-e02e9849da69", + "f5ff81ac-d2dd-419e-baef-ad6508a26281" + ], + "columns": { + "b44e1938-0591-40b2-b5f6-e02e9849da69": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f5ff81ac-d2dd-419e-baef-ad6508a26281", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + }, + "f5ff81ac-d2dd-419e-baef-ad6508a26281": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b44e1938-0591-40b2-b5f6-e02e9849da69" + ], + "layerId": "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", + "layerType": "data", + "legendDisplay": "default", + "metric": "f5ff81ac-d2dd-419e-baef-ad6508a26281", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "7f515d29-459d-45c9-9e53-05f1822e90bf", + "w": 24, + "x": 0, + "y": 80 }, - { - "id": "logs-*", - "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "7f515d29-459d-45c9-9e53-05f1822e90bf", + "title": "Distribution of SCTP Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "34c3c1e6-8715-4350-a814-8d4a92963eb9": { + "columnOrder": [ + "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37", + "fe38243b-d323-4825-898e-b06434925a09" + ], + "columns": { + "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "SCTP Filter Matched", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "fe38243b-d323-4825-898e-b06434925a09", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.sctp.filter" + }, + "fe38243b-d323-4825-898e-b06434925a09": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37" + ], + "layerId": "34c3c1e6-8715-4350-a814-8d4a92963eb9", + "layerType": "data", + "legendDisplay": "default", + "metric": "fe38243b-d323-4825-898e-b06434925a09", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "38bf38e1-1bce-432d-9f95-1350427f72f4", + "w": 24, + "x": 24, + "y": 80 }, - { - "id": "logs-*", - "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "38bf38e1-1bce-432d-9f95-1350427f72f4", + "title": "Distribution of SCTP Events by SCTP Filter Matched [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", - "type": "index-pattern" + "gridData": { + "h": 19, + "i": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "w": 48, + "x": 0, + "y": 95 }, - { - "id": "panw-92083d90-ddb7-11ec-8e76-9b3b99f98cd4", - "name": "72bdd19e-c6f3-471a-894e-6dde6b0dab68:panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "type": "search" - } + "panelIndex": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "panelRefName": "panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "type": "search", + "version": "8.2.1" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs PANW] GTP and SCTP", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", + "type": "index-pattern" + }, + { + "id": "panw-89e2f970-ddb7-11ec-8e76-9b3b99f98cd4", + "name": "4abbd412-3516-4fdc-9796-c4c3aa34d48a:panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "type": "search" + }, + { + "id": "logs-*", + "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", + "type": "index-pattern" + }, + { + "id": "panw-92083d90-ddb7-11ec-8e76-9b3b99f98cd4", + "name": "72bdd19e-c6f3-471a-894e-6dde6b0dab68:panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file From 8eeda49e0b8c962136623a94b574f24150a0c60e Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 11:59:07 +0530 Subject: [PATCH 029/103] migrate pfsense to by_value --- ...-986061c0-3a9a-11eb-96b2-e765737b7534.json | 845 +++++++--- ...-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json | 1431 ++++++++++++++--- ...-c8b42350-3a9c-11eb-96b2-e765737b7534.json | 1012 +++++++++--- ...-274304d0-3a8f-11eb-96b2-e765737b7534.json | 87 - ...-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json | 118 -- ...-072449e0-3a9c-11eb-96b2-e765737b7534.json | 162 -- ...-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json | 84 - ...-2fed9a00-3a99-11eb-96b2-e765737b7534.json | 83 - ...-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json | 84 - ...-457371f0-3afe-11eb-96b2-e765737b7534.json | 162 -- ...-46e88c90-3a8c-11eb-96b2-e765737b7534.json | 84 - ...-5b553450-3a99-11eb-96b2-e765737b7534.json | 162 -- ...-6f94bd20-3a9c-11eb-96b2-e765737b7534.json | 78 - ...-77eaf920-3a98-11eb-96b2-e765737b7534.json | 71 - ...-88b2daa0-3a8b-11eb-96b2-e765737b7534.json | 89 - ...-98775710-3a98-11eb-96b2-e765737b7534.json | 71 - ...-9990cd00-3afe-11eb-96b2-e765737b7534.json | 78 - ...-b1545340-3a8f-11eb-96b2-e765737b7534.json | 111 -- ...-bf8b2040-3a9b-11eb-96b2-e765737b7534.json | 39 - ...-c8a34db0-3a8c-11eb-96b2-e765737b7534.json | 164 -- ...-dc86acc0-3a8f-11eb-96b2-e765737b7534.json | 111 -- ...-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json | 78 - ...-e895c9b0-3a99-11eb-96b2-e765737b7534.json | 39 - ...-eadb2e30-3a8b-11eb-96b2-e765737b7534.json | 95 -- ...-f554afa0-3a98-11eb-96b2-e765737b7534.json | 110 -- ...-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json | 80 - 26 files changed, 2651 insertions(+), 2877 deletions(-) delete mode 100644 packages/pfsense/kibana/lens/pfsense-274304d0-3a8f-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/lens/pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-072449e0-3a9c-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-457371f0-3afe-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-5b553450-3a99-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-77eaf920-3a98-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-98775710-3a98-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-9990cd00-3afe-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-b1545340-3a8f-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-f554afa0-3a98-11eb-96b2-e765737b7534.json delete mode 100644 packages/pfsense/kibana/visualization/pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json diff --git a/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json index a3983afc1fa..e29b7a49118 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json @@ -1,208 +1,687 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "pfsense-986061c0-3a9a-11eb-96b2-e765737b7534", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:17:02.668Z", + "version": "WzYyOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - DNS Flow [pfSense]", + "description": "Client IP <-flow-> dns question name", + "uiState": {}, + "params": { + "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"dns.question.name\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -> stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector && groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" + }, + "type": "vega", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 20, + "i": "73294aad-e475-4a63-97d1-fc214a83bb0a", + "w": 34, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "73294aad-e475-4a63-97d1-fc214a83bb0a", - "w": 34, - "x": 0, - "y": 0 - }, - "panelIndex": "73294aad-e475-4a63-97d1-fc214a83bb0a", - "panelRefName": "panel_73294aad-e475-4a63-97d1-fc214a83bb0a", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "panelIndex": "73294aad-e475-4a63-97d1-fc214a83bb0a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall Selector [pfSense]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1613404486264", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Firewall Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "46725bb5-e239-4fa2-8dfd-4de947863354", - "w": 14, - "x": 34, - "y": 0 - }, - "panelIndex": "46725bb5-e239-4fa2-8dfd-4de947863354", - "panelRefName": "panel_46725bb5-e239-4fa2-8dfd-4de947863354", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "46725bb5-e239-4fa2-8dfd-4de947863354", + "w": 14, + "x": 34, + "y": 0 + }, + "panelIndex": "46725bb5-e239-4fa2-8dfd-4de947863354", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Question Types [pfSense]", + "description": "Unbound dns question types", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "w": 14, - "x": 34, - "y": 6 - }, - "panelIndex": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "panelRefName": "panel_f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "top", + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "a7662c6e-94d5-4062-85f4-0132897f3578", - "w": 24, - "x": 0, - "y": 20 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "a7662c6e-94d5-4062-85f4-0132897f3578", - "panelRefName": "panel_a7662c6e-94d5-4062-85f4-0132897f3578", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "dns.question.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", + "w": 14, + "x": 34, + "y": 6 + }, + "panelIndex": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Top Client IPs [pfSense]", + "description": "Top 10 client IP unbound events", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "panelRefName": "panel_763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "a7662c6e-94d5-4062-85f4-0132897f3578", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "a7662c6e-94d5-4062-85f4-0132897f3578", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Top Queries [pfSense]", + "description": "Top 10 domain name question/queries", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "27569da9-7531-40cf-be93-8778738b68be", - "w": 48, - "x": 0, - "y": 32 - }, - "panelIndex": "27569da9-7531-40cf-be93-8778738b68be", - "panelRefName": "panel_27569da9-7531-40cf-be93-8778738b68be", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "dns.question.registered_domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Client IP/Time [pfSense]", + "description": "Unbound client IP over time", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "columns": [ - "log.level", - "client.ip", - "dns.question.name", - "dns.question.type", - "dns.question.class" - ], - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "w": 30, - "x": 0, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "panelRefName": "panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "type": "search", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "27569da9-7531-40cf-be93-8778738b68be", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "27569da9-7531-40cf-be93-8778738b68be", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "columns": [ + "log.level", + "client.ip", + "dns.question.name", + "dns.question.type", + "dns.question.class" + ], + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "w": 30, + "x": 0, + "y": 46 + }, + "panelIndex": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "panelRefName": "panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "type": "search", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": null, + "savedVis": { + "title": "Unbound - Request Rate [pfSense]", + "description": "Unbound request heat map by IP address", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Green to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": false, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": null + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "w": 18, - "x": 30, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "panelRefName": "panel_6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Unbound - Dashboard [pfSense]", - "version": 1 + } + }, + "gridData": { + "h": 21, + "i": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", + "w": 18, + "x": 30, + "y": 46 + }, + "panelIndex": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", + "type": "visualization", + "version": "7.14.0" + } + ], + "timeRestore": false, + "title": "Unbound - Dashboard [pfSense]", + "version": 1 + }, + "references": [ + { + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", + "name": "7ea4ebda-9d0c-4885-9c37-71cd0665497f:panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "type": "search" }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-986061c0-3a9a-11eb-96b2-e765737b7534", - "migrationVersion": { - "dashboard": "7.14.0" + { + "type": "search", + "name": "73294aad-e475-4a63-97d1-fc214a83bb0a:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" }, - "references": [ - { - "id": "pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534", - "name": "73294aad-e475-4a63-97d1-fc214a83bb0a:panel_73294aad-e475-4a63-97d1-fc214a83bb0a", - "type": "visualization" - }, - { - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "name": "46725bb5-e239-4fa2-8dfd-4de947863354:panel_46725bb5-e239-4fa2-8dfd-4de947863354", - "type": "visualization" - }, - { - "id": "pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534", - "name": "f39b1b4c-b444-4d25-a8c5-a78b6285025f:panel_f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "type": "visualization" - }, - { - "id": "pfsense-77eaf920-3a98-11eb-96b2-e765737b7534", - "name": "a7662c6e-94d5-4062-85f4-0132897f3578:panel_a7662c6e-94d5-4062-85f4-0132897f3578", - "type": "visualization" - }, - { - "id": "pfsense-98775710-3a98-11eb-96b2-e765737b7534", - "name": "763610d2-c8aa-4ab9-9a63-112e2471dcfc:panel_763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "type": "visualization" - }, - { - "id": "pfsense-5b553450-3a99-11eb-96b2-e765737b7534", - "name": "27569da9-7531-40cf-be93-8778738b68be:panel_27569da9-7531-40cf-be93-8778738b68be", - "type": "visualization" - }, - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "7ea4ebda-9d0c-4885-9c37-71cd0665497f:panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "type": "search" - }, - { - "id": "pfsense-f554afa0-3a98-11eb-96b2-e765737b7534", - "name": "6a32114d-577c-488b-b1e9-b7b4fc8941ae:panel_6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "46725bb5-e239-4fa2-8dfd-4de947863354:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "46725bb5-e239-4fa2-8dfd-4de947863354:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "f39b1b4c-b444-4d25-a8c5-a78b6285025f:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "a7662c6e-94d5-4062-85f4-0132897f3578:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "763610d2-c8aa-4ab9-9a63-112e2471dcfc:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "27569da9-7531-40cf-be93-8778738b68be:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "6a32114d-577c-488b-b1e9-b7b4fc8941ae:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json index ad9169c12c6..2d79473c692 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json @@ -1,284 +1,1215 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:17:02.668Z", + "version": "WzYyOSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Event Action [pfSense]", + "description": "Displays quantity of events based on action type", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Event Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 7, + "i": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", + "w": 16, + "x": 0, + "y": 7 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", - "w": 16, - "x": 0, - "y": 7 - }, - "panelIndex": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", - "panelRefName": "panel_0", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", - "w": 17, - "x": 16, - "y": 0 - }, - "panelIndex": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", - "panelRefName": "panel_1", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "d2c26a96-ad50-4155-a67e-b6559246c302", - "w": 15, - "x": 33, - "y": 0 - }, - "panelIndex": "d2c26a96-ad50-4155-a67e-b6559246c302", - "panelRefName": "panel_2", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", - "panelRefName": "panel_3", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", - "w": 15, - "x": 33, - "y": 7 - }, - "panelIndex": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", - "panelRefName": "panel_4", - "version": "7.11.0" + "panelIndex": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "Treemap depicting the top 10 countries by destination ", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778": { + "columnOrder": [ + "9d13ff42-0a6d-4cb4-bff4-bbd64836de35", + "57fc4315-85f4-4449-a8bd-308ec2e81e68" + ], + "columns": { + "57fc4315-85f4-4449-a8bd-308ec2e81e68": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "9d13ff42-0a6d-4cb4-bff4-bbd64836de35": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.geo.country_name", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "57fc4315-85f4-4449-a8bd-308ec2e81e68", + "type": "column" + }, + "orderDirection": "desc", + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_name" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9d13ff42-0a6d-4cb4-bff4-bbd64836de35" + ], + "layerId": "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", + "legendDisplay": "default", + "metric": "57fc4315-85f4-4449-a8bd-308ec2e81e68", + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 0, + "layerType": "data" + } + ], + "shape": "treemap" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "c2fbea99-8684-446a-a570-48bcbb9f1c39", - "w": 33, - "x": 0, - "y": 14 - }, - "panelIndex": "c2fbea99-8684-446a-a570-48bcbb9f1c39", - "panelRefName": "panel_5", - "version": "7.11.0" + "title": "Firewall - Top Destination Countries/Treemap (Lens) [pfSense]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 14, + "i": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", + "w": 17, + "x": 16, + "y": 0 + }, + "panelIndex": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", + "version": "7.15.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Interface Selector [pfSense]", + "description": "Select by interface alias", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.ingress.interface.name", + "id": "1607565832669", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Interface Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", - "w": 15, - "x": 33, - "y": 14 - }, - "panelIndex": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", - "panelRefName": "panel_6", - "version": "7.11.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "d2c26a96-ad50-4155-a67e-b6559246c302", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "d2c26a96-ad50-4155-a67e-b6559246c302", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall Selector [pfSense]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1613404486264", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Firewall Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", - "w": 33, - "x": 0, - "y": 28 - }, - "panelIndex": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", - "panelRefName": "panel_7", - "version": "7.11.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Transport Type [pfSense]", + "description": "Select by network transport type", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "network.transport", + "id": "1607565832669", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Network Transport Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", + "w": 15, + "x": 33, + "y": 7 + }, + "panelIndex": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "Events over time line chart utilizing the LENS virtualization", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "25e5682a-0461-46dc-aa0a-7ad4cec0eade": { + "columnOrder": [ + "f718697e-acee-4bfd-99f4-3406e224ed7f", + "440112fe-405a-4b46-840e-2b9772961acc", + "31549313-ebc1-427a-9913-3f6f78594221" + ], + "columns": { + "31549313-ebc1-427a-9913-3f6f78594221": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "440112fe-405a-4b46-840e-2b9772961acc": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "f718697e-acee-4bfd-99f4-3406e224ed7f": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.action", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "31549313-ebc1-427a-9913-3f6f78594221", + "type": "column" + }, + "orderDirection": "desc", + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "60b4467b-8227-41de-b5ec-00c860793819", - "w": 15, - "x": 33, - "y": 28 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "60b4467b-8227-41de-b5ec-00c860793819", - "panelRefName": "panel_8", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "columns": [ - "observer.name", - "observer.ingress.vlan.id", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "rule.id", - "event.action" + "layers": [ + { + "accessors": [ + "31549313-ebc1-427a-9913-3f6f78594221" ], - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "290350f0-e295-4441-8228-2f7c74fc8a0c", - "w": 48, - "x": 0, - "y": 43 + "layerId": "25e5682a-0461-46dc-aa0a-7ad4cec0eade", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "f718697e-acee-4bfd-99f4-3406e224ed7f", + "xAccessor": "440112fe-405a-4b46-840e-2b9772961acc", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "290350f0-e295-4441-8228-2f7c74fc8a0c", - "panelRefName": "panel_9", - "version": "7.11.0" + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": null + "title": "Firewall - Events/Time (Lens) [pfSense]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-25e5682a-0461-46dc-aa0a-7ad4cec0eade", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 14, + "i": "c2fbea99-8684-446a-a570-48bcbb9f1c39", + "w": 33, + "x": 0, + "y": 14 + }, + "panelIndex": "c2fbea99-8684-446a-a570-48bcbb9f1c39", + "version": "7.15.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Events by Interface [pfSense]", + "description": "Pie chart depicting events by interface alias", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "b5d79638-384f-411b-a5c9-0d5aea67c08f", - "w": 24, - "x": 0, - "y": 56 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "b5d79638-384f-411b-a5c9-0d5aea67c08f", - "panelRefName": "panel_10", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Firewall - Events by Interface", + "field": "observer.ingress.interface.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", + "w": 15, + "x": 33, + "y": 14 + }, + "panelIndex": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Network Transport/Time [pfSense]", + "description": "Events over type based on network transport type", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": null + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", - "w": 24, - "x": 24, - "y": 56 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Network Transport/Time", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", - "panelRefName": "panel_11", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Firewall - Dashboard [pfSense]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534", - "migrationVersion": { - "dashboard": "7.14.0" - }, - "references": [ - { - "id": "pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "pfsense-274304d0-3a8f-11eb-96b2-e765737b7534", - "name": "panel_1", - "type": "lens" + "gridData": { + "h": 15, + "i": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", + "w": 33, + "x": 0, + "y": 28 }, - { - "id": "pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "name": "panel_3", - "type": "visualization" + "panelIndex": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Network Transport [pfSense]", + "description": "Network transport pie chart", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "row": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Network Transport", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "60b4467b-8227-41de-b5ec-00c860793819", + "w": 15, + "x": 33, + "y": 28 }, - { - "id": "pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534", - "name": "panel_5", - "type": "lens" + "panelIndex": "60b4467b-8227-41de-b5ec-00c860793819", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "columns": [ + "observer.name", + "observer.ingress.vlan.id", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "rule.id", + "event.action" + ], + "enhancements": {} }, - { - "id": "pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534", - "name": "panel_6", - "type": "visualization" + "gridData": { + "h": 13, + "i": "290350f0-e295-4441-8228-2f7c74fc8a0c", + "w": 48, + "x": 0, + "y": 43 }, - { - "id": "pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534", - "name": "panel_7", - "type": "visualization" + "panelIndex": "290350f0-e295-4441-8228-2f7c74fc8a0c", + "panelRefName": "panel_9", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": null, + "savedVis": { + "title": "Firewall - Country Destination/Heatmap [pfSense]", + "description": "Heatmap of destination countries", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Green to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Destination Heatmap", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534", - "name": "panel_8", - "type": "visualization" + "gridData": { + "h": 21, + "i": "b5d79638-384f-411b-a5c9-0d5aea67c08f", + "w": 24, + "x": 0, + "y": 56 }, - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "panel_9", - "type": "search" + "panelIndex": "b5d79638-384f-411b-a5c9-0d5aea67c08f", + "version": "7.14.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": null, + "savedVis": { + "title": "Firewall - Country Source/Heatmap [pfSense]", + "description": "Heatmap of source countries", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Green to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Source Heatmap", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "pfsense-b1545340-3a8f-11eb-96b2-e765737b7534", - "name": "panel_10", - "type": "visualization" + "gridData": { + "h": 21, + "i": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", + "w": 24, + "x": 24, + "y": 56 }, - { - "id": "pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534", - "name": "panel_11", - "type": "visualization" - } + "panelIndex": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", + "version": "7.14.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Firewall - Dashboard [pfSense]", + "version": 1 + }, + "references": [ + { + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", + "name": "panel_9", + "type": "search" + }, + { + "type": "search", + "name": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "index-pattern", + "name": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc:indexpattern-datasource-layer-d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d2c26a96-ad50-4155-a67e-b6559246c302:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d2c26a96-ad50-4155-a67e-b6559246c302:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c2fbea99-8684-446a-a570-48bcbb9f1c39:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c2fbea99-8684-446a-a570-48bcbb9f1c39:indexpattern-datasource-layer-25e5682a-0461-46dc-aa0a-7ad4cec0eade", + "id": "logs-*" + }, + { + "type": "search", + "name": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "60b4467b-8227-41de-b5ec-00c860793819:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "b5d79638-384f-411b-a5c9-0d5aea67c08f:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "20537b1f-8d42-4522-8f9e-8e6fbccca58a:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json index c028cb38f9c..b3fa8b02767 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json @@ -1,229 +1,833 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T22:17:02.668Z", + "version": "WzYzMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - IP/MAC Flow [pfSense]", + "description": "", + "uiState": {}, + "params": { + "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"client.mac\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -> stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector && groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" + }, + "type": "vega", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 22, + "i": "2b46d706-0288-4541-8880-ccb2efeeee92", + "w": 35, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 22, - "i": "2b46d706-0288-4541-8880-ccb2efeeee92", - "w": 35, - "x": 0, - "y": 0 - }, - "panelIndex": "2b46d706-0288-4541-8880-ccb2efeeee92", - "panelRefName": "panel_2b46d706-0288-4541-8880-ccb2efeeee92", - "type": "visualization", - "version": "7.10.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "6018121a-9303-4c73-9c96-d23362cdc74d", - "w": 13, - "x": 35, - "y": 0 - }, - "panelIndex": "6018121a-9303-4c73-9c96-d23362cdc74d", - "panelRefName": "panel_6018121a-9303-4c73-9c96-d23362cdc74d", - "type": "visualization", - "version": "7.10.0" + "panelIndex": "2b46d706-0288-4541-8880-ccb2efeeee92", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Interface Selector [pfSense]", + "description": "Select by interface alias", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.ingress.interface.name", + "id": "1607565832669", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Interface Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "w": 13, - "x": 35, - "y": 7 - }, - "panelIndex": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "panelRefName": "panel_b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "type": "visualization", - "version": "7.10.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "6018121a-9303-4c73-9c96-d23362cdc74d", + "w": 13, + "x": 35, + "y": 0 + }, + "panelIndex": "6018121a-9303-4c73-9c96-d23362cdc74d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall Selector [pfSense]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1613404486264", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Firewall Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "w": 13, - "x": 35, - "y": 14 - }, - "panelIndex": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "panelRefName": "panel_d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "type": "visualization", - "version": "7.10.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", + "w": 13, + "x": 35, + "y": 7 + }, + "panelIndex": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Interface [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "w": 32, - "x": 0, - "y": 22 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "panelRefName": "panel_20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "observer.ingress.interface.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", + "w": 13, + "x": 35, + "y": 14 + }, + "panelIndex": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Operation/Time [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "5b500115-4722-432b-8d67-38b1a948c1d5", - "w": 16, - "x": 32, - "y": 22 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-12h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5b500115-4722-432b-8d67-38b1a948c1d5", - "panelRefName": "panel_5b500115-4722-432b-8d67-38b1a948c1d5", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", + "w": 32, + "x": 0, + "y": 22 + }, + "panelIndex": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Operation [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "aa85065f-1b07-468c-b264-1231b59be97b", - "w": 16, - "x": 0, - "y": 36 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "aa85065f-1b07-468c-b264-1231b59be97b", - "panelRefName": "panel_aa85065f-1b07-468c-b264-1231b59be97b", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "5b500115-4722-432b-8d67-38b1a948c1d5", + "w": 16, + "x": 32, + "y": 22 + }, + "panelIndex": "5b500115-4722-432b-8d67-38b1a948c1d5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Client IP [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "w": 32, - "x": 16, - "y": 36 - }, - "panelIndex": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "panelRefName": "panel_22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "aa85065f-1b07-468c-b264-1231b59be97b", + "w": 16, + "x": 0, + "y": 36 + }, + "panelIndex": "aa85065f-1b07-468c-b264-1231b59be97b", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Client IP/Time [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "columns": [ - "observer.name", - "observer.ingress.interface.name", - "event.action", - "client.ip", - "client.mac", - "pfsense.dhcp.hostname" - ], - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "73ea92c6-7373-4121-a255-1ed2e43010c1", - "w": 48, - "x": 0, - "y": 50 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "73ea92c6-7373-4121-a255-1ed2e43010c1", - "panelRefName": "panel_73ea92c6-7373-4121-a255-1ed2e43010c1", - "type": "search", - "version": "7.10.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "DHCP - Dashboard [pfSense]", - "version": 1 + } + }, + "gridData": { + "h": 14, + "i": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", + "w": 32, + "x": 16, + "y": 36 + }, + "panelIndex": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "columns": [ + "observer.name", + "observer.ingress.interface.name", + "event.action", + "client.ip", + "client.mac", + "pfsense.dhcp.hostname" + ], + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "73ea92c6-7373-4121-a255-1ed2e43010c1", + "w": 48, + "x": 0, + "y": 50 + }, + "panelIndex": "73ea92c6-7373-4121-a255-1ed2e43010c1", + "panelRefName": "panel_73ea92c6-7373-4121-a255-1ed2e43010c1", + "type": "search", + "version": "7.10.0" + } + ], + "timeRestore": false, + "title": "DHCP - Dashboard [pfSense]", + "version": 1 + }, + "references": [ + { + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", + "name": "73ea92c6-7373-4121-a255-1ed2e43010c1:panel_73ea92c6-7373-4121-a255-1ed2e43010c1", + "type": "search" }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534", - "migrationVersion": { - "dashboard": "7.14.0" + { + "type": "search", + "name": "2b46d706-0288-4541-8880-ccb2efeeee92:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" }, - "references": [ - { - "id": "pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534", - "name": "2b46d706-0288-4541-8880-ccb2efeeee92:panel_2b46d706-0288-4541-8880-ccb2efeeee92", - "type": "visualization" - }, - { - "id": "pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534", - "name": "6018121a-9303-4c73-9c96-d23362cdc74d:panel_6018121a-9303-4c73-9c96-d23362cdc74d", - "type": "visualization" - }, - { - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "name": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082:panel_b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "type": "visualization" - }, - { - "id": "pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534", - "name": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8:panel_d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "type": "visualization" - }, - { - "id": "pfsense-457371f0-3afe-11eb-96b2-e765737b7534", - "name": "20e8c75c-3e93-42ab-b5c5-6ad814b64151:panel_20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "type": "visualization" - }, - { - "id": "pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534", - "name": "5b500115-4722-432b-8d67-38b1a948c1d5:panel_5b500115-4722-432b-8d67-38b1a948c1d5", - "type": "visualization" - }, - { - "id": "pfsense-9990cd00-3afe-11eb-96b2-e765737b7534", - "name": "aa85065f-1b07-468c-b264-1231b59be97b:panel_aa85065f-1b07-468c-b264-1231b59be97b", - "type": "visualization" - }, - { - "id": "pfsense-072449e0-3a9c-11eb-96b2-e765737b7534", - "name": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5:panel_22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "type": "visualization" - }, - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "73ea92c6-7373-4121-a255-1ed2e43010c1:panel_73ea92c6-7373-4121-a255-1ed2e43010c1", - "type": "search" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "6018121a-9303-4c73-9c96-d23362cdc74d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6018121a-9303-4c73-9c96-d23362cdc74d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "20e8c75c-3e93-42ab-b5c5-6ad814b64151:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "5b500115-4722-432b-8d67-38b1a948c1d5:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "aa85065f-1b07-468c-b264-1231b59be97b:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + } + ], + "migrationVersion": { + "dashboard": "7.15.0" + }, + "coreMigrationVersion": "7.15.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/lens/pfsense-274304d0-3a8f-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/lens/pfsense-274304d0-3a8f-11eb-96b2-e765737b7534.json deleted file mode 100644 index 0e6f2067c44..00000000000 --- a/packages/pfsense/kibana/lens/pfsense-274304d0-3a8f-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "Treemap depicting the top 10 countries by destination ", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778": { - "columnOrder": [ - "9d13ff42-0a6d-4cb4-bff4-bbd64836de35", - "57fc4315-85f4-4449-a8bd-308ec2e81e68" - ], - "columns": { - "57fc4315-85f4-4449-a8bd-308ec2e81e68": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "9d13ff42-0a6d-4cb4-bff4-bbd64836de35": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.geo.country_name", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "57fc4315-85f4-4449-a8bd-308ec2e81e68", - "type": "column" - }, - "orderDirection": "desc", - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.geo.country_name" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "9d13ff42-0a6d-4cb4-bff4-bbd64836de35" - ], - "layerId": "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", - "legendDisplay": "default", - "metric": "57fc4315-85f4-4449-a8bd-308ec2e81e68", - "nestedLegend": false, - "numberDisplay": "percent", - "percentDecimals": 0 - } - ], - "shape": "treemap" - } - }, - "title": "Firewall - Top Destination Countries/Treemap (Lens) [pfSense]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-274304d0-3a8f-11eb-96b2-e765737b7534", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/lens/pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/lens/pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json deleted file mode 100644 index 02f2a08f36a..00000000000 --- a/packages/pfsense/kibana/lens/pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "attributes": { - "description": "Events over time line chart utilizing the LENS virtualization", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "25e5682a-0461-46dc-aa0a-7ad4cec0eade": { - "columnOrder": [ - "f718697e-acee-4bfd-99f4-3406e224ed7f", - "440112fe-405a-4b46-840e-2b9772961acc", - "31549313-ebc1-427a-9913-3f6f78594221" - ], - "columns": { - "31549313-ebc1-427a-9913-3f6f78594221": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "440112fe-405a-4b46-840e-2b9772961acc": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "f718697e-acee-4bfd-99f4-3406e224ed7f": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.action", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "31549313-ebc1-427a-9913-3f6f78594221", - "type": "column" - }, - "orderDirection": "desc", - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "31549313-ebc1-427a-9913-3f6f78594221" - ], - "layerId": "25e5682a-0461-46dc-aa0a-7ad4cec0eade", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "f718697e-acee-4bfd-99f4-3406e224ed7f", - "xAccessor": "440112fe-405a-4b46-840e-2b9772961acc" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - } - } - }, - "title": "Firewall - Events/Time (Lens) [pfSense]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-25e5682a-0461-46dc-aa0a-7ad4cec0eade", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-072449e0-3a9c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-072449e0-3a9c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 861bacfab59..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-072449e0-3a9c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Client IP/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-7h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "DHCP - Client IP/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-072449e0-3a9c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 6d4a93db48f..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "Select by interface alias", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "pfsense.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "pfsense.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Interface Selector [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "observer.ingress.interface.name", - "id": "1607565832669", - "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "label": "Interface Selector", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Interface Selector", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534.json deleted file mode 100644 index 9155a7cbc18..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "Unbound dns question types", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Question Types [pfSense]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "dns.question.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "top", - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Unbound - Question Types [pfSense]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json b/packages/pfsense/kibana/visualization/pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json deleted file mode 100644 index 7ba842998d3..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "pfsense.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "pfsense.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Firewall Selector [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "observer.name", - "id": "1613404486264", - "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "label": "Firewall Selector", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Firewall Selector", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-457371f0-3afe-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-457371f0-3afe-11eb-96b2-e765737b7534.json deleted file mode 100644 index 51608a851e6..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-457371f0-3afe-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Operation/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-12h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "DHCP - Operation/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-457371f0-3afe-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 36e0368a31e..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "Select by network transport type", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "pfsense.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "pfsense.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Network Transport Type [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "network.transport", - "id": "1607565832669", - "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "label": "Network Transport Type", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Network Transport Type", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-5b553450-3a99-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-5b553450-3a99-11eb-96b2-e765737b7534.json deleted file mode 100644 index 3cd95bc7529..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-5b553450-3a99-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "Unbound client IP over time", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Client IP/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-7h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Unbound - Client IP/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-5b553450-3a99-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 4c3feff8926..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Interface [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "observer.ingress.interface.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "DHCP - Interface", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-77eaf920-3a98-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-77eaf920-3a98-11eb-96b2-e765737b7534.json deleted file mode 100644 index ac67cef3e3d..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-77eaf920-3a98-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "Top 10 client IP unbound events", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Top Client IPs [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "Unbound - Top Client IPs", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-77eaf920-3a98-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534.json deleted file mode 100644 index 21d7dea934a..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "Displays quantity of events based on action type", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Event Action [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Event Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Firewall - Event Action", - "type": "metric" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-98775710-3a98-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-98775710-3a98-11eb-96b2-e765737b7534.json deleted file mode 100644 index 4b00da05dd7..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-98775710-3a98-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "Top 10 domain name question/queries", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Top Queries [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "dns.question.registered_domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "Unbound - Top Queried Domains ", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-98775710-3a98-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-9990cd00-3afe-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-9990cd00-3afe-11eb-96b2-e765737b7534.json deleted file mode 100644 index f80fb7eba60..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-9990cd00-3afe-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Client IP [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "DHCP - Client IP", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-9990cd00-3afe-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-b1545340-3a8f-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-b1545340-3a8f-11eb-96b2-e765737b7534.json deleted file mode 100644 index 1318078735d..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-b1545340-3a8f-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "Heatmap of destination countries", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Country Destination/Heatmap [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Destination Heatmap", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Green to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": false, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Firewall - Country Destination/Heatmap", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-b1545340-3a8f-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534.json deleted file mode 100644 index d4b9d44dcd7..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - IP/MAC Flow [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"client.mac\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -\u003e stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" - }, - "title": "DHCP - IP/MAC Flow", - "type": "vega" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 382bc54820b..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,164 +0,0 @@ -{ - "attributes": { - "description": "Events over type based on network transport type", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Network Transport/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Network Transport/Time", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Firewall - Network Transport/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534.json deleted file mode 100644 index 7e9b0b2cf34..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "Heatmap of source countries", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Country Source/Heatmap [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Source Heatmap", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Green to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": false, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Firewall - Country Source/Heatmap", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json deleted file mode 100644 index c5a95ba58a6..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Operation [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "DHCP - Operation", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534.json deleted file mode 100644 index 056fcab324b..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "attributes": { - "description": "Client IP \u003c-flow-\u003e dns question name", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - DNS Flow [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"dns.question.name\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -\u003e stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" - }, - "title": "Unbound - DNS Flow", - "type": "vega" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534.json deleted file mode 100644 index 82f42d8cb4c..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "Pie chart depicting events by interface alias", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Events by Interface [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Firewall - Events by Interface", - "field": "observer.ingress.interface.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Firewall - Events by Interface", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-f554afa0-3a98-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-f554afa0-3a98-11eb-96b2-e765737b7534.json deleted file mode 100644 index 930d20f07e7..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-f554afa0-3a98-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "attributes": { - "description": "Unbound request heat map by IP address", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Request Rate [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-7h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Green to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": false, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Unbound - Request Rate", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-f554afa0-3a98-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index b5af1c1c14b..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "Network transport pie chart", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Network Transport [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Network Transport", - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "row": true, - "type": "pie" - }, - "title": "Firewall - Network Transport ", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 75a24faf960f14df979bea9516a8e969f1ca7972 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:02:49 +0530 Subject: [PATCH 030/103] all inlined in proofpoint_tap --- ...-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json | 1437 ++++----- ...-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json | 1399 ++++---- ...-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json | 2803 +++++++++-------- ...-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json | 2305 +++++++------- 4 files changed, 3982 insertions(+), 3962 deletions(-) diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json index 204d188fde2..9ffcf16da4a 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json @@ -1,741 +1,746 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" - } - } + "id": "proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:32:30.064Z", + "version": "WzYyMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 21, + "i": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "w": 48, + "x": 0, + "y": 67 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "w": 48, - "x": 0, - "y": 67 - }, - "panelIndex": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "panelRefName": "panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "type": "search", - "version": "7.17.0" + "panelIndex": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "panelRefName": "panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4ff0e011-970a-4b60-9158-962f4e89fbbe": { + "columnOrder": [ + "dc762ac8-6645-45a7-ba44-b3fbd0309338" + ], + "columns": { + "dc762ac8-6645-45a7-ba44-b3fbd0309338": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Clicks", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", + "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4ff0e011-970a-4b60-9158-962f4e89fbbe": { - "columnOrder": [ - "dc762ac8-6645-45a7-ba44-b3fbd0309338" - ], - "columns": { - "dc762ac8-6645-45a7-ba44-b3fbd0309338": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Clicks", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", - "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", - "layerType": "data" - } + "title": "Count of Clicks [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "39f0263c-ab86-416a-8048-83d13edbdbab", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "39f0263c-ab86-416a-8048-83d13edbdbab", + "title": "Count of Clicks [Logs Proofpoint TAP]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "09466534-a461-4fbb-850b-fba8df6b7c37": { + "columnOrder": [ + "caef084e-7dca-43d6-8538-a2806796463e", + "8c76f7ef-0d3f-4558-8835-17fa53443a49", + "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" + ], + "columns": { + "8c76f7ef-0d3f-4558-8835-17fa53443a49": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" + ], + "scale": "ratio" }, - "title": "Count of Clicks [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "39f0263c-ab86-416a-8048-83d13edbdbab", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "39f0263c-ab86-416a-8048-83d13edbdbab", - "title": "Count of Clicks [Logs Proofpoint TAP]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "09466534-a461-4fbb-850b-fba8df6b7c37": { - "columnOrder": [ - "caef084e-7dca-43d6-8538-a2806796463e", - "8c76f7ef-0d3f-4558-8835-17fa53443a49", - "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" - ], - "columns": { - "8c76f7ef-0d3f-4558-8835-17fa53443a49": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" - ], - "scale": "ratio" - }, - "8c76f7ef-0d3f-4558-8835-17fa53443a49X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of count()", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "caef084e-7dca-43d6-8538-a2806796463e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_blocked.classification" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "caef084e-7dca-43d6-8538-a2806796463e" - ], - "layerId": "09466534-a461-4fbb-850b-fba8df6b7c37", - "layerType": "data", - "legendDisplay": "default", - "metric": "8c76f7ef-0d3f-4558-8835-17fa53443a49", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "8c76f7ef-0d3f-4558-8835-17fa53443a49X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of count()", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d6f150e5-a82f-453c-867a-3c0f40ba826b", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "d6f150e5-a82f-453c-867a-3c0f40ba826b", - "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "062ab937-584b-4266-b89a-e0965350fd15": { - "columnOrder": [ - "b4231a92-a121-4d7b-8975-7deb595868c2", - "e4a9c4a7-4e05-4669-8842-47a87900ad7c" - ], - "columns": { - "b4231a92-a121-4d7b-8975-7deb595868c2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "url.full" - }, - "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } + "caef084e-7dca-43d6-8538-a2806796463e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", - "isTransposed": false - }, - { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "isTransposed": false - } - ], - "layerId": "062ab937-584b-4266-b89a-e0965350fd15", - "layerType": "data" - } - }, - "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b921de2f-edd5-4539-bb51-c94c5ddf4541", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "b921de2f-edd5-4539-bb51-c94c5ddf4541", - "type": "lens", - "version": "7.17.0" + "orderDirection": "asc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_blocked.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "caef084e-7dca-43d6-8538-a2806796463e" + ], + "layerId": "09466534-a461-4fbb-850b-fba8df6b7c37", + "layerType": "data", + "legendDisplay": "default", + "metric": "8c76f7ef-0d3f-4558-8835-17fa53443a49", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d6f150e5-a82f-453c-867a-3c0f40ba826b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "d6f150e5-a82f-453c-867a-3c0f40ba826b", + "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "062ab937-584b-4266-b89a-e0965350fd15": { + "columnOrder": [ + "b4231a92-a121-4d7b-8975-7deb595868c2", + "e4a9c4a7-4e05-4669-8842-47a87900ad7c" + ], + "columns": { + "b4231a92-a121-4d7b-8975-7deb595868c2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "url.full" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4240bdb9-8306-43fe-8b7a-815e70e28fec", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "4240bdb9-8306-43fe-8b7a-815e70e28fec", - "type": "lens", - "version": "7.17.0" + "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", + "isTransposed": false + }, + { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "isTransposed": false + } + ], + "layerId": "062ab937-584b-4266-b89a-e0965350fd15", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f7d425df-4f7d-4e18-993d-b8a10cdffe22": { - "columnOrder": [ - "967f19a8-3944-4a64-a05f-037bcf1f238c", - "ea922d0b-14cf-4625-b038-71d6a627f340" - ], - "columns": { - "967f19a8-3944-4a64-a05f-037bcf1f238c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ea922d0b-14cf-4625-b038-71d6a627f340", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_blocked.threat.status" - }, - "ea922d0b-14cf-4625-b038-71d6a627f340": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" + "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "b921de2f-edd5-4539-bb51-c94c5ddf4541", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "b921de2f-edd5-4539-bb51-c94c5ddf4541", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "967f19a8-3944-4a64-a05f-037bcf1f238c" - ], - "layerId": "f7d425df-4f7d-4e18-993d-b8a10cdffe22", - "layerType": "data", - "legendDisplay": "default", - "metric": "ea922d0b-14cf-4625-b038-71d6a627f340", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" }, - "title": "Distribution of Blocked Clicks by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", - "type": "lens", - "version": "7.17.0" + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { - "columnOrder": [ - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "366f6367-65c3-4e65-8c28-f41b1ef719cf" - ], - "columns": { - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.ip" - }, - "366f6367-65c3-4e65-8c28-f41b1ef719cf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4240bdb9-8306-43fe-8b7a-815e70e28fec", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "4240bdb9-8306-43fe-8b7a-815e70e28fec", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f7d425df-4f7d-4e18-993d-b8a10cdffe22": { + "columnOrder": [ + "967f19a8-3944-4a64-a05f-037bcf1f238c", + "ea922d0b-14cf-4625-b038-71d6a627f340" + ], + "columns": { + "967f19a8-3944-4a64-a05f-037bcf1f238c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ea922d0b-14cf-4625-b038-71d6a627f340", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "isTransposed": false - }, - { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "isTransposed": false - } - ], - "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_blocked.threat.status" }, - "title": "Top 10 Click IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3afffe1a-ab24-4a60-bb83-1973840a6b89", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "3afffe1a-ab24-4a60-bb83-1973840a6b89", - "type": "lens", - "version": "7.17.0" + "ea922d0b-14cf-4625-b038-71d6a627f340": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "967f19a8-3944-4a64-a05f-037bcf1f238c" + ], + "layerId": "f7d425df-4f7d-4e18-993d-b8a10cdffe22", + "layerType": "data", + "legendDisplay": "default", + "metric": "ea922d0b-14cf-4625-b038-71d6a627f340", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Clicks on URL by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 270, - "minLat": -66.51326, - "minLon": -270 - }, - "mapCenter": { - "lat": 51.78838, - "lon": 18.18583, - "zoom": 1.14 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 22, - "i": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", - "type": "map", - "version": "7.17.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Blocked Clicks", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", - "name": "aa104adb-fbc4-4019-9fda-9f1ca4886d64:panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "type": "search" - }, - { - "id": "logs-*", - "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "title": "Distribution of Blocked Clicks by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { + "columnOrder": [ + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "366f6367-65c3-4e65-8c28-f41b1ef719cf" + ], + "columns": { + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "366f6367-65c3-4e65-8c28-f41b1ef719cf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "isTransposed": false + }, + { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "isTransposed": false + } + ], + "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "layerType": "data" + } + }, + "title": "Top 10 Click IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "3afffe1a-ab24-4a60-bb83-1973840a6b89", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "logs-*", - "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "3afffe1a-ab24-4a60-bb83-1973840a6b89", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Clicks on URL by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 270, + "minLat": -66.51326, + "minLon": -270 + }, + "mapCenter": { + "lat": 51.78838, + "lon": 18.18583, + "zoom": 1.14 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" + "gridData": { + "h": 22, + "i": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", + "w": 48, + "x": 0, + "y": 45 }, - { - "id": "logs-*", - "name": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", + "type": "map", + "version": "7.17.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Blocked Clicks", + "version": 1 + }, + "references": [ + { + "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", + "name": "aa104adb-fbc4-4019-9fda-9f1ca4886d64:panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "type": "search" + }, + { + "id": "logs-*", + "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json index 9409beb4eee..9ca18e92b73 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json @@ -1,721 +1,726 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" - } - } + "id": "proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:32:30.064Z", + "version": "WzYyMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 22, + "i": "7fe02808-920c-4356-a052-d449b2e57ed5", + "w": 48, + "x": 0, + "y": 66 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 22, - "i": "7fe02808-920c-4356-a052-d449b2e57ed5", - "w": 48, - "x": 0, - "y": 66 - }, - "panelIndex": "7fe02808-920c-4356-a052-d449b2e57ed5", - "panelRefName": "panel_7fe02808-920c-4356-a052-d449b2e57ed5", - "type": "search", - "version": "7.17.0" + "panelIndex": "7fe02808-920c-4356-a052-d449b2e57ed5", + "panelRefName": "panel_7fe02808-920c-4356-a052-d449b2e57ed5", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4ff0e011-970a-4b60-9158-962f4e89fbbe": { + "columnOrder": [ + "dc762ac8-6645-45a7-ba44-b3fbd0309338" + ], + "columns": { + "dc762ac8-6645-45a7-ba44-b3fbd0309338": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Clicks", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", + "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4ff0e011-970a-4b60-9158-962f4e89fbbe": { - "columnOrder": [ - "dc762ac8-6645-45a7-ba44-b3fbd0309338" - ], - "columns": { - "dc762ac8-6645-45a7-ba44-b3fbd0309338": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Clicks", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", - "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", - "layerType": "data" - } + "title": "Count of Clicks [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2d93f439-bff8-4e48-b469-fca11e18ba81", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2d93f439-bff8-4e48-b469-fca11e18ba81", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4": { + "columnOrder": [ + "f13e79eb-00ed-4e68-98b5-b5c927055fec", + "0466e119-38e8-4d0a-a48f-9b2e7a89d213" + ], + "columns": { + "0466e119-38e8-4d0a-a48f-9b2e7a89d213": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Count of Clicks [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2d93f439-bff8-4e48-b469-fca11e18ba81", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "2d93f439-bff8-4e48-b469-fca11e18ba81", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4": { - "columnOrder": [ - "f13e79eb-00ed-4e68-98b5-b5c927055fec", - "0466e119-38e8-4d0a-a48f-9b2e7a89d213" - ], - "columns": { - "0466e119-38e8-4d0a-a48f-9b2e7a89d213": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f13e79eb-00ed-4e68-98b5-b5c927055fec": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_permitted.classification" - } - }, - "incompleteColumns": {} - } - } - } + "f13e79eb-00ed-4e68-98b5-b5c927055fec": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "f13e79eb-00ed-4e68-98b5-b5c927055fec" - ], - "layerId": "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", - "layerType": "data", - "legendDisplay": "default", - "metric": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Permitted Clicks by Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "05a16b7a-9e32-4398-b547-b44ba5dd1572", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "05a16b7a-9e32-4398-b547-b44ba5dd1572", - "type": "lens", - "version": "7.17.0" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_permitted.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f13e79eb-00ed-4e68-98b5-b5c927055fec" + ], + "layerId": "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", + "layerType": "data", + "legendDisplay": "default", + "metric": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c4191f86-9c54-4a06-a3dd-842b3ef7c241": { - "columnOrder": [ - "a3e04efb-2f37-464b-a6f2-23c0e19d790d", - "40a5f8c4-9eb3-4dcf-8520-acdb820944df" - ], - "columns": { - "40a5f8c4-9eb3-4dcf-8520-acdb820944df": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "a3e04efb-2f37-464b-a6f2-23c0e19d790d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_permitted.threat.status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a3e04efb-2f37-464b-a6f2-23c0e19d790d" - ], - "layerId": "c4191f86-9c54-4a06-a3dd-842b3ef7c241", - "layerType": "data", - "legendDisplay": "default", - "metric": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Permitted Clicks by Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "05a16b7a-9e32-4398-b547-b44ba5dd1572", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "05a16b7a-9e32-4398-b547-b44ba5dd1572", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c4191f86-9c54-4a06-a3dd-842b3ef7c241": { + "columnOrder": [ + "a3e04efb-2f37-464b-a6f2-23c0e19d790d", + "40a5f8c4-9eb3-4dcf-8520-acdb820944df" + ], + "columns": { + "40a5f8c4-9eb3-4dcf-8520-acdb820944df": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Distribution of Permitted Clicks by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "062ab937-584b-4266-b89a-e0965350fd15": { - "columnOrder": [ - "b4231a92-a121-4d7b-8975-7deb595868c2", - "e4a9c4a7-4e05-4669-8842-47a87900ad7c" - ], - "columns": { - "b4231a92-a121-4d7b-8975-7deb595868c2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "url.full" - }, - "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } + "a3e04efb-2f37-464b-a6f2-23c0e19d790d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", - "isTransposed": false - }, - { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "isTransposed": false - } - ], - "layerId": "062ab937-584b-4266-b89a-e0965350fd15", - "layerType": "data" - } - }, - "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", - "type": "lens", - "version": "7.17.0" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_permitted.threat.status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a3e04efb-2f37-464b-a6f2-23c0e19d790d" + ], + "layerId": "c4191f86-9c54-4a06-a3dd-842b3ef7c241", + "layerType": "data", + "legendDisplay": "default", + "metric": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "Distribution of Permitted Clicks by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "062ab937-584b-4266-b89a-e0965350fd15": { + "columnOrder": [ + "b4231a92-a121-4d7b-8975-7deb595868c2", + "e4a9c4a7-4e05-4669-8842-47a87900ad7c" + ], + "columns": { + "b4231a92-a121-4d7b-8975-7deb595868c2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "url.full" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "85ab74a3-eb94-47f2-9592-6654f540d9d5", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "85ab74a3-eb94-47f2-9592-6654f540d9d5", - "type": "lens", - "version": "7.17.0" + "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", + "isTransposed": false + }, + { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "isTransposed": false + } + ], + "layerId": "062ab937-584b-4266-b89a-e0965350fd15", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { - "columnOrder": [ - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "366f6367-65c3-4e65-8c28-f41b1ef719cf" - ], - "columns": { - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.ip" - }, - "366f6367-65c3-4e65-8c28-f41b1ef719cf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "isTransposed": false - }, - { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "isTransposed": false - } - ], - "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" }, - "title": "Top 10 Click IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "bae14c77-2488-49e8-87e1-f60be58b1ad9", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "bae14c77-2488-49e8-87e1-f60be58b1ad9", - "type": "lens", - "version": "7.17.0" + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Clicks on URL by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 180, - "minLat": -66.51326, - "minLon": -180 - }, - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 1.14 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 21, - "i": "b4c89de9-9f07-4261-8fd5-554b89dbb714", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "b4c89de9-9f07-4261-8fd5-554b89dbb714", - "type": "map", - "version": "7.17.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Permitted Clicks", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", - "name": "7fe02808-920c-4356-a052-d449b2e57ed5:panel_7fe02808-920c-4356-a052-d449b2e57ed5", - "type": "search" - }, - { - "id": "logs-*", - "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "85ab74a3-eb94-47f2-9592-6654f540d9d5", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "85ab74a3-eb94-47f2-9592-6654f540d9d5", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { + "columnOrder": [ + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "366f6367-65c3-4e65-8c28-f41b1ef719cf" + ], + "columns": { + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "366f6367-65c3-4e65-8c28-f41b1ef719cf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "isTransposed": false + }, + { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "isTransposed": false + } + ], + "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "layerType": "data" + } + }, + "title": "Top 10 Click IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "bae14c77-2488-49e8-87e1-f60be58b1ad9", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "logs-*", - "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "bae14c77-2488-49e8-87e1-f60be58b1ad9", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Clicks on URL by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 180, + "minLat": -66.51326, + "minLon": -180 + }, + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 1.14 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" + "gridData": { + "h": 21, + "i": "b4c89de9-9f07-4261-8fd5-554b89dbb714", + "w": 48, + "x": 0, + "y": 45 }, - { - "id": "logs-*", - "name": "b4c89de9-9f07-4261-8fd5-554b89dbb714:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "b4c89de9-9f07-4261-8fd5-554b89dbb714", + "type": "map", + "version": "7.17.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Permitted Clicks", + "version": 1 + }, + "references": [ + { + "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", + "name": "7fe02808-920c-4356-a052-d449b2e57ed5:panel_7fe02808-920c-4356-a052-d449b2e57ed5", + "type": "search" + }, + { + "id": "logs-*", + "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4c89de9-9f07-4261-8fd5-554b89dbb714:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json index 3ca1374264e..bc952416472 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json @@ -1,1449 +1,1454 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - } - } + "id": "proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:32:30.064Z", + "version": "WzYyNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 21, + "i": "e5247373-1ae6-403b-89b5-93281d642883", + "w": 48, + "x": 0, + "y": 111 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "e5247373-1ae6-403b-89b5-93281d642883", - "w": 48, - "x": 0, - "y": 111 - }, - "panelIndex": "e5247373-1ae6-403b-89b5-93281d642883", - "panelRefName": "panel_e5247373-1ae6-403b-89b5-93281d642883", - "type": "search", - "version": "7.17.0" + "panelIndex": "e5247373-1ae6-403b-89b5-93281d642883", + "panelRefName": "panel_e5247373-1ae6-403b-89b5-93281d642883", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "66e9770d-b676-49a0-b502-b3cf64aae59d": { + "columnOrder": [ + "7afa9eab-9e68-42c1-a5f8-7891197560e2" + ], + "columns": { + "7afa9eab-9e68-42c1-a5f8-7891197560e2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Messages", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", + "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "66e9770d-b676-49a0-b502-b3cf64aae59d": { - "columnOrder": [ - "7afa9eab-9e68-42c1-a5f8-7891197560e2" - ], - "columns": { - "7afa9eab-9e68-42c1-a5f8-7891197560e2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Messages", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "Count of Messages [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2cfc095d-92da-4512-bf45-21f3a7508129", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2cfc095d-92da-4512-bf45-21f3a7508129", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e7630b81-f809-4d49-b269-1788bdbdf649": { + "columnOrder": [ + "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "ba6e6c21-db26-4ce1-9608-ebc8562ee460" + ], + "columns": { + "8a033b2f-c808-4ae0-b593-862e401fd4d0": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "type": "column" }, - "visualization": { - "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", - "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" }, - "title": "Count of Messages [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2cfc095d-92da-4512-bf45-21f3a7508129", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "2cfc095d-92da-4512-bf45-21f3a7508129", - "type": "lens", - "version": "7.17.0" + "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "isTransposed": false + }, + { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "isTransposed": false + } + ], + "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e7630b81-f809-4d49-b269-1788bdbdf649": { - "columnOrder": [ - "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "ba6e6c21-db26-4ce1-9608-ebc8562ee460" - ], - "columns": { - "8a033b2f-c808-4ae0-b593-862e401fd4d0": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" - }, - "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "isTransposed": false - }, - { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "isTransposed": false - } - ], - "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", - "layerType": "data" - } + "title": "Top 10 Sender IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efdb9e8c-8541-401c-acc6-767c1a637db4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "efdb9e8c-8541-401c-acc6-767c1a637db4", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "402e61cc-9dba-466f-9269-27b48dd2e4a1": { + "columnOrder": [ + "d1076744-9ca0-4908-a16f-ef349e2cd32a", + "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241" + ], + "columns": { + "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Top 10 Sender IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efdb9e8c-8541-401c-acc6-767c1a637db4", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "efdb9e8c-8541-401c-acc6-767c1a637db4", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "d1076744-9ca0-4908-a16f-ef349e2cd32a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Disposition", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "402e61cc-9dba-466f-9269-27b48dd2e4a1": { - "columnOrder": [ - "d1076744-9ca0-4908-a16f-ef349e2cd32a", - "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241" - ], - "columns": { - "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d1076744-9ca0-4908-a16f-ef349e2cd32a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Disposition", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.message_parts.disposition" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.message_parts.disposition" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d1076744-9ca0-4908-a16f-ef349e2cd32a" + ], + "layerId": "402e61cc-9dba-466f-9269-27b48dd2e4a1", + "layerType": "data", + "legendDisplay": "default", + "metric": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Blocked Messages by Disposition [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "637266a0-908f-40ee-aa10-55569e7cbd29", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "637266a0-908f-40ee-aa10-55569e7cbd29", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a0987be1-b682-412e-8d46-a4ad00e985c1": { + "columnOrder": [ + "74697bb2-b72f-4b6e-b651-06f50ef31467", + "87ce1993-56c0-4458-9cb1-ae12af5a629a" + ], + "columns": { + "74697bb2-b72f-4b6e-b651-06f50ef31467": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rewritten URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "87ce1993-56c0-4458-9cb1-ae12af5a629a", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d1076744-9ca0-4908-a16f-ef349e2cd32a" - ], - "layerId": "402e61cc-9dba-466f-9269-27b48dd2e4a1", - "layerType": "data", - "legendDisplay": "default", - "metric": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.completely_rewritten" }, - "title": "Distribution of Blocked Messages by Disposition [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "637266a0-908f-40ee-aa10-55569e7cbd29", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "637266a0-908f-40ee-aa10-55569e7cbd29", - "type": "lens", - "version": "7.17.0" + "87ce1993-56c0-4458-9cb1-ae12af5a629a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "74697bb2-b72f-4b6e-b651-06f50ef31467" + ], + "layerId": "a0987be1-b682-412e-8d46-a4ad00e985c1", + "layerType": "data", + "legendDisplay": "default", + "metric": "87ce1993-56c0-4458-9cb1-ae12af5a629a", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a0987be1-b682-412e-8d46-a4ad00e985c1": { - "columnOrder": [ - "74697bb2-b72f-4b6e-b651-06f50ef31467", - "87ce1993-56c0-4458-9cb1-ae12af5a629a" - ], - "columns": { - "74697bb2-b72f-4b6e-b651-06f50ef31467": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rewritten URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "87ce1993-56c0-4458-9cb1-ae12af5a629a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.completely_rewritten" - }, - "87ce1993-56c0-4458-9cb1-ae12af5a629a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + "title": "Distribution of Blocked Messages by Rewritten URL [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3e565fd9-f29d-41b5-a084-7393d29028d9", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "3e565fd9-f29d-41b5-a084-7393d29028d9", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "74697bb2-b72f-4b6e-b651-06f50ef31467" - ], - "layerId": "a0987be1-b682-412e-8d46-a4ad00e985c1", - "layerType": "data", - "legendDisplay": "default", - "metric": "87ce1993-56c0-4458-9cb1-ae12af5a629a", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" }, - "title": "Distribution of Blocked Messages by Rewritten URL [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3e565fd9-f29d-41b5-a084-7393d29028d9", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "3e565fd9-f29d-41b5-a084-7393d29028d9", - "type": "lens", - "version": "7.17.0" + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e327fec5-d799-4b3f-acfc-32c1ecaac682": { + "columnOrder": [ + "f096fb9b-5208-4f47-b5a5-0ad3de754fda", + "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8" + ], + "columns": { + "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "f096fb9b-5208-4f47-b5a5-0ad3de754fda": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.threat_info_map.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f096fb9b-5208-4f47-b5a5-0ad3de754fda" + ], + "layerId": "e327fec5-d799-4b3f-acfc-32c1ecaac682", + "layerType": "data", + "legendDisplay": "default", + "metric": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Blocked Messages by Threat Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "a3d367ee-91bb-421d-b6fc-27daabd46a54", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "a3d367ee-91bb-421d-b6fc-27daabd46a54", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f2e404cb-ffef-4218-a7d7-20a1972f7fe5": { + "columnOrder": [ + "86527e47-1073-45bd-8f35-657f4d277b62", + "f40e0576-52c6-4c09-8b8e-446699fed30e" + ], + "columns": { + "86527e47-1073-45bd-8f35-657f4d277b62": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f40e0576-52c6-4c09-8b8e-446699fed30e", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.status" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", - "type": "lens", - "version": "7.17.0" + "f40e0576-52c6-4c09-8b8e-446699fed30e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "86527e47-1073-45bd-8f35-657f4d277b62" + ], + "layerId": "f2e404cb-ffef-4218-a7d7-20a1972f7fe5", + "layerType": "data", + "legendDisplay": "default", + "metric": "f40e0576-52c6-4c09-8b8e-446699fed30e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e327fec5-d799-4b3f-acfc-32c1ecaac682": { - "columnOrder": [ - "f096fb9b-5208-4f47-b5a5-0ad3de754fda", - "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8" - ], - "columns": { - "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f096fb9b-5208-4f47-b5a5-0ad3de754fda": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.threat_info_map.classification" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Distribution of Blocked Messages by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3a258b28-29d4-4719-a65e-db1153b954fc", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "3a258b28-29d4-4719-a65e-db1153b954fc", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "01c9ddee-f668-4ee5-8bb6-98e74d2e1439": { + "columnOrder": [ + "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d", + "47666138-8fdd-4735-9a26-d5586276afe9" + ], + "columns": { + "47666138-8fdd-4735-9a26-d5586276afe9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sandbox Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "47666138-8fdd-4735-9a26-d5586276afe9", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.message_parts.sandbox_status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d" + ], + "layerId": "01c9ddee-f668-4ee5-8bb6-98e74d2e1439", + "layerType": "data", + "legendDisplay": "default", + "metric": "47666138-8fdd-4735-9a26-d5586276afe9", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Blocked Messages by Sandbox Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "850608eb-ca33-452f-a129-c4719224c52f", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "850608eb-ca33-452f-a129-c4719224c52f", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691": { + "columnOrder": [ + "73dab922-14a4-4c5c-a297-9873a91dad59", + "b12333e5-b88d-4a3e-96bb-467efc2745b5" + ], + "columns": { + "73dab922-14a4-4c5c-a297-9873a91dad59": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b12333e5-b88d-4a3e-96bb-467efc2745b5", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "f096fb9b-5208-4f47-b5a5-0ad3de754fda" - ], - "layerId": "e327fec5-d799-4b3f-acfc-32c1ecaac682", - "layerType": "data", - "legendDisplay": "default", - "metric": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.type" }, - "title": "Distribution of Blocked Messages by Threat Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a3d367ee-91bb-421d-b6fc-27daabd46a54", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "a3d367ee-91bb-421d-b6fc-27daabd46a54", - "type": "lens", - "version": "7.17.0" + "b12333e5-b88d-4a3e-96bb-467efc2745b5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "73dab922-14a4-4c5c-a297-9873a91dad59" + ], + "layerId": "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", + "layerType": "data", + "legendDisplay": "default", + "metric": "b12333e5-b88d-4a3e-96bb-467efc2745b5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f2e404cb-ffef-4218-a7d7-20a1972f7fe5": { - "columnOrder": [ - "86527e47-1073-45bd-8f35-657f4d277b62", - "f40e0576-52c6-4c09-8b8e-446699fed30e" - ], - "columns": { - "86527e47-1073-45bd-8f35-657f4d277b62": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f40e0576-52c6-4c09-8b8e-446699fed30e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.status" - }, - "f40e0576-52c6-4c09-8b8e-446699fed30e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + "title": "Distribution of Blocked Messages by Threat Type [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "c9517aa1-8122-434d-b93d-719030617688", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "c9517aa1-8122-434d-b93d-719030617688", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { + "columnOrder": [ + "4507c7f7-7878-40d4-905f-50360a596573", + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "columns": { + "4507c7f7-7878-40d4-905f-50360a596573": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Email Mailer", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "86527e47-1073-45bd-8f35-657f4d277b62" - ], - "layerId": "f2e404cb-ffef-4218-a7d7-20a1972f7fe5", - "layerType": "data", - "legendDisplay": "default", - "metric": "f40e0576-52c6-4c09-8b8e-446699fed30e", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.x_mailer" }, - "title": "Distribution of Blocked Messages by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "3a258b28-29d4-4719-a65e-db1153b954fc", - "w": 24, - "x": 0, - "y": 45 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "3a258b28-29d4-4719-a65e-db1153b954fc", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "01c9ddee-f668-4ee5-8bb6-98e74d2e1439": { - "columnOrder": [ - "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d", - "47666138-8fdd-4735-9a26-d5586276afe9" - ], - "columns": { - "47666138-8fdd-4735-9a26-d5586276afe9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Sandbox Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "47666138-8fdd-4735-9a26-d5586276afe9", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.message_parts.sandbox_status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d" - ], - "layerId": "01c9ddee-f668-4ee5-8bb6-98e74d2e1439", - "layerType": "data", - "legendDisplay": "default", - "metric": "47666138-8fdd-4735-9a26-d5586276afe9", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Blocked Messages by Sandbox Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "850608eb-ca33-452f-a129-c4719224c52f", - "w": 24, - "x": 24, - "y": 45 + "layers": [ + { + "accessors": [ + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "850608eb-ca33-452f-a129-c4719224c52f", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691": { - "columnOrder": [ - "73dab922-14a4-4c5c-a297-9873a91dad59", - "b12333e5-b88d-4a3e-96bb-467efc2745b5" - ], - "columns": { - "73dab922-14a4-4c5c-a297-9873a91dad59": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b12333e5-b88d-4a3e-96bb-467efc2745b5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.type" - }, - "b12333e5-b88d-4a3e-96bb-467efc2745b5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "73dab922-14a4-4c5c-a297-9873a91dad59" - ], - "layerId": "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", - "layerType": "data", - "legendDisplay": "default", - "metric": "b12333e5-b88d-4a3e-96bb-467efc2745b5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Blocked Messages by Threat Type [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "c9517aa1-8122-434d-b93d-719030617688", - "w": 24, - "x": 0, - "y": 60 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "c9517aa1-8122-434d-b93d-719030617688", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { - "columnOrder": [ - "4507c7f7-7878-40d4-905f-50360a596573", - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "columns": { - "4507c7f7-7878-40d4-905f-50360a596573": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Email Mailer", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.x_mailer" - }, - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "6b458dd4-988b-44d1-bd30-1bfadd99712b", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "6b458dd4-988b-44d1-bd30-1bfadd99712b", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8bc257b1-f278-4281-b618-12892df43c90": { + "columnOrder": [ + "bd52eba0-e079-4b31-b053-d6d8e519b21d", + "a9cf6093-c996-4557-8819-3d2b273e62b0" + ], + "columns": { + "a9cf6093-c996-4557-8819-3d2b273e62b0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "bd52eba0-e079-4b31-b053-d6d8e519b21d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Quarantine Folder", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a9cf6093-c996-4557-8819-3d2b273e62b0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.quarantine.folder" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "a9cf6093-c996-4557-8819-3d2b273e62b0" + ], + "layerId": "8bc257b1-f278-4281-b618-12892df43c90", + "layerType": "data", + "position": "top", + "seriesType": "bar", + "showGridlines": false, + "xAccessor": "bd52eba0-e079-4b31-b053-d6d8e519b21d" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "6b458dd4-988b-44d1-bd30-1bfadd99712b", - "w": 24, - "x": 24, - "y": 60 + "preferredSeriesType": "bar", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "6b458dd4-988b-44d1-bd30-1bfadd99712b", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8bc257b1-f278-4281-b618-12892df43c90": { - "columnOrder": [ - "bd52eba0-e079-4b31-b053-d6d8e519b21d", - "a9cf6093-c996-4557-8819-3d2b273e62b0" - ], - "columns": { - "a9cf6093-c996-4557-8819-3d2b273e62b0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "bd52eba0-e079-4b31-b053-d6d8e519b21d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Quarantine Folder", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a9cf6093-c996-4557-8819-3d2b273e62b0", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.quarantine.folder" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + "title": "Distribution of Blocked Messages by Quarantine Folder [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "91bf4cc9-d875-476b-afa9-353e6a6115d2", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "91bf4cc9-d875-476b-afa9-353e6a6115d2", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4b31f83f-2fc1-4509-8a5b-0c80eea8c627": { + "columnOrder": [ + "aec564b0-2091-4304-8a29-d839f9aec0aa", + "efe56213-9c9c-4215-91cd-907114802d3a" + ], + "columns": { + "aec564b0-2091-4304-8a29-d839f9aec0aa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Quarantine Rule", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "efe56213-9c9c-4215-91cd-907114802d3a", + "type": "column" }, - "visualization": { - "layers": [ - { - "accessors": [ - "a9cf6093-c996-4557-8819-3d2b273e62b0" - ], - "layerId": "8bc257b1-f278-4281-b618-12892df43c90", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "bd52eba0-e079-4b31-b053-d6d8e519b21d" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.quarantine.rule" }, - "title": "Distribution of Blocked Messages by Quarantine Folder [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "efe56213-9c9c-4215-91cd-907114802d3a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "91bf4cc9-d875-476b-afa9-353e6a6115d2", - "w": 24, - "x": 0, - "y": 75 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "91bf4cc9-d875-476b-afa9-353e6a6115d2", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4b31f83f-2fc1-4509-8a5b-0c80eea8c627": { - "columnOrder": [ - "aec564b0-2091-4304-8a29-d839f9aec0aa", - "efe56213-9c9c-4215-91cd-907114802d3a" - ], - "columns": { - "aec564b0-2091-4304-8a29-d839f9aec0aa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Quarantine Rule", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "efe56213-9c9c-4215-91cd-907114802d3a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.quarantine.rule" - }, - "efe56213-9c9c-4215-91cd-907114802d3a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "efe56213-9c9c-4215-91cd-907114802d3a" - ], - "layerId": "4b31f83f-2fc1-4509-8a5b-0c80eea8c627", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "aec564b0-2091-4304-8a29-d839f9aec0aa" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Blocked Messages by Quarantine Rule [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", - "w": 24, - "x": 24, - "y": 75 + "layers": [ + { + "accessors": [ + "efe56213-9c9c-4215-91cd-907114802d3a" + ], + "layerId": "4b31f83f-2fc1-4509-8a5b-0c80eea8c627", + "layerType": "data", + "position": "top", + "seriesType": "bar", + "showGridlines": false, + "xAccessor": "aec564b0-2091-4304-8a29-d839f9aec0aa" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Sender of Messages by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 89.78601, - "maxLon": 720, - "minLat": -89.78601, - "minLon": -540 - }, - "mapCenter": { - "lat": 0, - "lon": 96.98463, - "zoom": 0.12 - }, - "openTOCDetails": [] + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 21, - "i": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", - "w": 48, - "x": 0, - "y": 90 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", - "type": "map", - "version": "7.17.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Blocked Messages", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", - "name": "e5247373-1ae6-403b-89b5-93281d642883:panel_e5247373-1ae6-403b-89b5-93281d642883", - "type": "search" - }, - { - "id": "logs-*", - "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Blocked Messages by Quarantine Rule [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", + "w": 24, + "x": 24, + "y": 75 }, - { - "id": "logs-*", - "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Sender of Messages by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 89.78601, + "maxLon": 720, + "minLat": -89.78601, + "minLon": -540 + }, + "mapCenter": { + "lat": 0, + "lon": 96.98463, + "zoom": 0.12 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", - "type": "index-pattern" + "gridData": { + "h": 21, + "i": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", + "w": 48, + "x": 0, + "y": 90 }, - { - "id": "logs-*", - "name": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", + "type": "map", + "version": "7.17.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Blocked Messages", + "version": 1 + }, + "references": [ + { + "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", + "name": "e5247373-1ae6-403b-89b5-93281d642883:panel_e5247373-1ae6-403b-89b5-93281d642883", + "type": "search" + }, + { + "id": "logs-*", + "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json index f0de223b92a..f51169be7fb 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json @@ -1,1189 +1,1194 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - } - } + "id": "proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:32:30.064Z", + "version": "WzYyNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 21, + "i": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "w": 48, + "x": 0, + "y": 96 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "w": 48, - "x": 0, - "y": 96 - }, - "panelIndex": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "panelRefName": "panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "type": "search", - "version": "7.17.0" + "panelIndex": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "panelRefName": "panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "66e9770d-b676-49a0-b502-b3cf64aae59d": { + "columnOrder": [ + "7afa9eab-9e68-42c1-a5f8-7891197560e2" + ], + "columns": { + "7afa9eab-9e68-42c1-a5f8-7891197560e2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Messages", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", + "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "66e9770d-b676-49a0-b502-b3cf64aae59d": { - "columnOrder": [ - "7afa9eab-9e68-42c1-a5f8-7891197560e2" - ], - "columns": { - "7afa9eab-9e68-42c1-a5f8-7891197560e2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Messages", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "Count of Messages [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "057e2ef6-0316-4896-ab34-8aafca79b009", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "057e2ef6-0316-4896-ab34-8aafca79b009", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e7630b81-f809-4d49-b269-1788bdbdf649": { + "columnOrder": [ + "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "ba6e6c21-db26-4ce1-9608-ebc8562ee460" + ], + "columns": { + "8a033b2f-c808-4ae0-b593-862e401fd4d0": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "type": "column" }, - "visualization": { - "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", - "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" }, - "title": "Count of Messages [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "057e2ef6-0316-4896-ab34-8aafca79b009", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "057e2ef6-0316-4896-ab34-8aafca79b009", - "type": "lens", - "version": "7.17.0" + "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "isTransposed": false + }, + { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "isTransposed": false + } + ], + "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e7630b81-f809-4d49-b269-1788bdbdf649": { - "columnOrder": [ - "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "ba6e6c21-db26-4ce1-9608-ebc8562ee460" - ], - "columns": { - "8a033b2f-c808-4ae0-b593-862e401fd4d0": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" - }, - "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "Top 10 Sender IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "410012cf-d8df-4277-ac28-305ea82a09a3": { + "columnOrder": [ + "05e673b3-ec58-44eb-ad0b-c88a43e44a8a", + "68cf8e68-186a-40c7-a199-0463ca8741d8" + ], + "columns": { + "05e673b3-ec58-44eb-ad0b-c88a43e44a8a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rewritten URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "68cf8e68-186a-40c7-a199-0463ca8741d8", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "isTransposed": false - }, - { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "isTransposed": false - } - ], - "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.completely_rewritten" }, - "title": "Top 10 Sender IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", - "type": "lens", - "version": "7.17.0" + "68cf8e68-186a-40c7-a199-0463ca8741d8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "05e673b3-ec58-44eb-ad0b-c88a43e44a8a" + ], + "layerId": "410012cf-d8df-4277-ac28-305ea82a09a3", + "layerType": "data", + "legendDisplay": "default", + "metric": "68cf8e68-186a-40c7-a199-0463ca8741d8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "410012cf-d8df-4277-ac28-305ea82a09a3": { - "columnOrder": [ - "05e673b3-ec58-44eb-ad0b-c88a43e44a8a", - "68cf8e68-186a-40c7-a199-0463ca8741d8" - ], - "columns": { - "05e673b3-ec58-44eb-ad0b-c88a43e44a8a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rewritten URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "68cf8e68-186a-40c7-a199-0463ca8741d8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.completely_rewritten" - }, - "68cf8e68-186a-40c7-a199-0463ca8741d8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + "title": "Distribution of Delivered Messages by Rewritten URL [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006": { + "columnOrder": [ + "02195bc5-0e17-4c5d-bf4c-5bcf165cd993", + "22bcb44a-ba59-4c78-a069-277e45c5d6ef" + ], + "columns": { + "02195bc5-0e17-4c5d-bf4c-5bcf165cd993": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Disposition", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "05e673b3-ec58-44eb-ad0b-c88a43e44a8a" - ], - "layerId": "410012cf-d8df-4277-ac28-305ea82a09a3", - "layerType": "data", - "legendDisplay": "default", - "metric": "68cf8e68-186a-40c7-a199-0463ca8741d8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.message_parts.disposition" }, - "title": "Distribution of Delivered Messages by Rewritten URL [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", - "type": "lens", - "version": "7.17.0" + "22bcb44a-ba59-4c78-a069-277e45c5d6ef": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "02195bc5-0e17-4c5d-bf4c-5bcf165cd993" + ], + "layerId": "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", + "layerType": "data", + "legendDisplay": "default", + "metric": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006": { - "columnOrder": [ - "02195bc5-0e17-4c5d-bf4c-5bcf165cd993", - "22bcb44a-ba59-4c78-a069-277e45c5d6ef" - ], - "columns": { - "02195bc5-0e17-4c5d-bf4c-5bcf165cd993": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Disposition", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.message_parts.disposition" - }, - "22bcb44a-ba59-4c78-a069-277e45c5d6ef": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + "title": "Distribution of Delivered Messages by Disposition [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "02195bc5-0e17-4c5d-bf4c-5bcf165cd993" - ], - "layerId": "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", - "layerType": "data", - "legendDisplay": "default", - "metric": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" }, - "title": "Distribution of Delivered Messages by Disposition [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", - "type": "lens", - "version": "7.17.0" + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3dc5d286-d7b8-4a47-bd70-7699375f31de", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "3dc5d286-d7b8-4a47-bd70-7699375f31de", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5b8645f9-f56a-44ea-b567-dad4d9da2824": { + "columnOrder": [ + "bc4689d4-0411-44f9-add5-ffa0705584dc", + "612fda22-416a-4171-8854-f9cb30a4ae05" + ], + "columns": { + "612fda22-416a-4171-8854-f9cb30a4ae05": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3dc5d286-d7b8-4a47-bd70-7699375f31de", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "3dc5d286-d7b8-4a47-bd70-7699375f31de", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5b8645f9-f56a-44ea-b567-dad4d9da2824": { - "columnOrder": [ - "bc4689d4-0411-44f9-add5-ffa0705584dc", - "612fda22-416a-4171-8854-f9cb30a4ae05" - ], - "columns": { - "612fda22-416a-4171-8854-f9cb30a4ae05": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "bc4689d4-0411-44f9-add5-ffa0705584dc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "612fda22-416a-4171-8854-f9cb30a4ae05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.threat_info_map.classification" - } - }, - "incompleteColumns": {} - } - } - } + "bc4689d4-0411-44f9-add5-ffa0705584dc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "612fda22-416a-4171-8854-f9cb30a4ae05", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "bc4689d4-0411-44f9-add5-ffa0705584dc" - ], - "layerId": "5b8645f9-f56a-44ea-b567-dad4d9da2824", - "layerType": "data", - "legendDisplay": "default", - "metric": "612fda22-416a-4171-8854-f9cb30a4ae05", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Delivered Messages by Threat Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "080a6554-cbad-4aa0-b8a6-d82de9dab805", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "080a6554-cbad-4aa0-b8a6-d82de9dab805", - "type": "lens", - "version": "7.17.0" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.threat_info_map.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "bc4689d4-0411-44f9-add5-ffa0705584dc" + ], + "layerId": "5b8645f9-f56a-44ea-b567-dad4d9da2824", + "layerType": "data", + "legendDisplay": "default", + "metric": "612fda22-416a-4171-8854-f9cb30a4ae05", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17b04f1e-6124-4c6c-9464-e29a98d97bcf": { - "columnOrder": [ - "20a072f6-3895-45a1-a585-875852453a05", - "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0" - ], - "columns": { - "20a072f6-3895-45a1-a585-875852453a05": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.status" - }, - "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + "title": "Distribution of Delivered Messages by Threat Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "080a6554-cbad-4aa0-b8a6-d82de9dab805", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "080a6554-cbad-4aa0-b8a6-d82de9dab805", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17b04f1e-6124-4c6c-9464-e29a98d97bcf": { + "columnOrder": [ + "20a072f6-3895-45a1-a585-875852453a05", + "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0" + ], + "columns": { + "20a072f6-3895-45a1-a585-875852453a05": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "20a072f6-3895-45a1-a585-875852453a05" - ], - "layerId": "17b04f1e-6124-4c6c-9464-e29a98d97bcf", - "layerType": "data", - "legendDisplay": "default", - "metric": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.status" }, - "title": "Distribution of Delivered Messages by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", - "type": "lens", - "version": "7.17.0" + "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "20a072f6-3895-45a1-a585-875852453a05" + ], + "layerId": "17b04f1e-6124-4c6c-9464-e29a98d97bcf", + "layerType": "data", + "legendDisplay": "default", + "metric": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "590e841c-2ef7-4ace-b981-4bb9d3160054": { - "columnOrder": [ - "7066eb8e-8f19-4826-adbb-7550c8ea2636", - "1bc5c276-8229-422d-bb16-a63859e6f34c" - ], - "columns": { - "1bc5c276-8229-422d-bb16-a63859e6f34c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7066eb8e-8f19-4826-adbb-7550c8ea2636": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Sandbox Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1bc5c276-8229-422d-bb16-a63859e6f34c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.message_parts.sandbox_status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7066eb8e-8f19-4826-adbb-7550c8ea2636" - ], - "layerId": "590e841c-2ef7-4ace-b981-4bb9d3160054", - "layerType": "data", - "legendDisplay": "default", - "metric": "1bc5c276-8229-422d-bb16-a63859e6f34c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Delivered Messages by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "590e841c-2ef7-4ace-b981-4bb9d3160054": { + "columnOrder": [ + "7066eb8e-8f19-4826-adbb-7550c8ea2636", + "1bc5c276-8229-422d-bb16-a63859e6f34c" + ], + "columns": { + "1bc5c276-8229-422d-bb16-a63859e6f34c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Distribution of Delivered Messages by Sandbox Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c1acfbb3-c3ca-436d-b54e-47f288677136", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "c1acfbb3-c3ca-436d-b54e-47f288677136", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "7066eb8e-8f19-4826-adbb-7550c8ea2636": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sandbox Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1bc5c276-8229-422d-bb16-a63859e6f34c", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ecc13edd-9962-402c-b12e-180cccc46f08": { - "columnOrder": [ - "21d701b1-4d50-4480-94e0-bfd2616489f5", - "0bc203c5-ff36-4db6-ad1a-441828203815" - ], - "columns": { - "0bc203c5-ff36-4db6-ad1a-441828203815": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "21d701b1-4d50-4480-94e0-bfd2616489f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0bc203c5-ff36-4db6-ad1a-441828203815", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.type" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.message_parts.sandbox_status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7066eb8e-8f19-4826-adbb-7550c8ea2636" + ], + "layerId": "590e841c-2ef7-4ace-b981-4bb9d3160054", + "layerType": "data", + "legendDisplay": "default", + "metric": "1bc5c276-8229-422d-bb16-a63859e6f34c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Delivered Messages by Sandbox Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "c1acfbb3-c3ca-436d-b54e-47f288677136", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "c1acfbb3-c3ca-436d-b54e-47f288677136", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ecc13edd-9962-402c-b12e-180cccc46f08": { + "columnOrder": [ + "21d701b1-4d50-4480-94e0-bfd2616489f5", + "0bc203c5-ff36-4db6-ad1a-441828203815" + ], + "columns": { + "0bc203c5-ff36-4db6-ad1a-441828203815": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "21d701b1-4d50-4480-94e0-bfd2616489f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0bc203c5-ff36-4db6-ad1a-441828203815", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "21d701b1-4d50-4480-94e0-bfd2616489f5" + ], + "layerId": "ecc13edd-9962-402c-b12e-180cccc46f08", + "layerType": "data", + "legendDisplay": "default", + "metric": "0bc203c5-ff36-4db6-ad1a-441828203815", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Delivered Messages by Threat Type [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f1256b4b-8872-4d25-82cd-5a7004108d91", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "f1256b4b-8872-4d25-82cd-5a7004108d91", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { + "columnOrder": [ + "4507c7f7-7878-40d4-905f-50360a596573", + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "columns": { + "4507c7f7-7878-40d4-905f-50360a596573": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Email Mailer", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "21d701b1-4d50-4480-94e0-bfd2616489f5" - ], - "layerId": "ecc13edd-9962-402c-b12e-180cccc46f08", - "layerType": "data", - "legendDisplay": "default", - "metric": "0bc203c5-ff36-4db6-ad1a-441828203815", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.x_mailer" }, - "title": "Distribution of Delivered Messages by Threat Type [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "f1256b4b-8872-4d25-82cd-5a7004108d91", - "w": 24, - "x": 0, - "y": 60 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "f1256b4b-8872-4d25-82cd-5a7004108d91", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { - "columnOrder": [ - "4507c7f7-7878-40d4-905f-50360a596573", - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "columns": { - "4507c7f7-7878-40d4-905f-50360a596573": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Email Mailer", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.x_mailer" - }, - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "f721f663-e2fd-44c9-88bc-639bff7bc700", - "w": 24, - "x": 24, - "y": 60 + "layers": [ + { + "accessors": [ + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "f721f663-e2fd-44c9-88bc-639bff7bc700", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Sender of Messages by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 180, - "minLat": -66.51326, - "minLon": 0 - }, - "mapCenter": { - "lat": 33.09876, - "lon": 73.8871, - "zoom": 1.91 - }, - "openTOCDetails": [] + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 21, - "i": "de4c11a4-6831-4ad4-92b6-7dc434430690", - "w": 48, - "x": 0, - "y": 75 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "de4c11a4-6831-4ad4-92b6-7dc434430690", - "type": "map", - "version": "7.17.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Delivered Messages", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", - "name": "a0cc1e4c-3327-478b-94ec-519ebf9582ab:panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "type": "search" - }, - { - "id": "logs-*", - "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "f721f663-e2fd-44c9-88bc-639bff7bc700", + "w": 24, + "x": 24, + "y": 60 }, - { - "id": "logs-*", - "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "f721f663-e2fd-44c9-88bc-639bff7bc700", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Sender of Messages by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 180, + "minLat": -66.51326, + "minLon": 0 + }, + "mapCenter": { + "lat": 33.09876, + "lon": 73.8871, + "zoom": 1.91 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" + "gridData": { + "h": 21, + "i": "de4c11a4-6831-4ad4-92b6-7dc434430690", + "w": 48, + "x": 0, + "y": 75 }, - { - "id": "logs-*", - "name": "de4c11a4-6831-4ad4-92b6-7dc434430690:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "de4c11a4-6831-4ad4-92b6-7dc434430690", + "type": "map", + "version": "7.17.0" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Delivered Messages", + "version": 1 + }, + "references": [ + { + "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", + "name": "a0cc1e4c-3327-478b-94ec-519ebf9582ab:panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "type": "search" + }, + { + "id": "logs-*", + "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "de4c11a4-6831-4ad4-92b6-7dc434430690:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file From eb8899703f3cfb487f25556cc692874975b28c90 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:05:29 +0530 Subject: [PATCH 031/103] migrate qnap_nas to by_value --- ...-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json | 807 +++++++++++++++--- ...-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json | 88 -- ...-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json | 144 ---- ...-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json | 194 ----- ...-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json | 111 --- ...-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json | 97 --- 6 files changed, 671 insertions(+), 770 deletions(-) delete mode 100644 packages/qnap_nas/kibana/visualization/qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json delete mode 100644 packages/qnap_nas/kibana/visualization/qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json delete mode 100644 packages/qnap_nas/kibana/visualization/qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json delete mode 100644 packages/qnap_nas/kibana/visualization/qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json delete mode 100644 packages/qnap_nas/kibana/visualization/qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json diff --git a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json index d7e482ad7de..87ccfd6f1fd 100644 --- a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json +++ b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json @@ -1,157 +1,692 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:35:10.046Z", + "version": "WzYzMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "title": "Controls [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "source.ip", + "id": "1637528635830", + "indexPatternRefName": "control_0_index_pattern", + "label": "Source IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "host.name", + "id": "1637528676545", + "indexPatternRefName": "control_1_index_pattern", + "label": "NAS Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.name", + "id": "1637528892452", + "indexPatternRefName": "control_2_index_pattern", + "label": "User", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "qnap.nas.connection_type", + "id": "1637530638172", + "indexPatternRefName": "control_3_index_pattern", + "label": "Connection Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "qnap_nas.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "qnap_nas.log" + } + } + } + ], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 7, + "i": "08e193f5-7994-4a34-8572-62dd8fb527fd", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 7, - "i": "08e193f5-7994-4a34-8572-62dd8fb527fd", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "08e193f5-7994-4a34-8572-62dd8fb527fd", - "panelRefName": "panel_08e193f5-7994-4a34-8572-62dd8fb527fd", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "panelIndex": "08e193f5-7994-4a34-8572-62dd8fb527fd", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "File Actions [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 18, - "i": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "w": 17, - "x": 0, - "y": 7 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "panelRefName": "panel_41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "file" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "file" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", + "w": 17, + "x": 0, + "y": 7 + }, + "panelIndex": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connection Types [QNAP NAS]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "w": 15, - "x": 17, - "y": 7 - }, - "panelIndex": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "panelRefName": "panel_3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "table": null, - "vis": { - "params": { - "colWidth": [ - { - "colIndex": 1, - "width": 168.5 - }, - { - "colIndex": 0, - "width": 464.5 - } - ] - } - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "20d36c90-71af-4062-94da-0374c871667e", - "w": 16, - "x": 32, - "y": 7 + { + "enabled": true, + "id": "2", + "params": { + "field": "qnap.nas.connection_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", + "w": 15, + "x": 17, + "y": 7 + }, + "panelIndex": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 1, + "width": 168.5 }, - "panelIndex": "20d36c90-71af-4062-94da-0374c871667e", - "panelRefName": "panel_20d36c90-71af-4062-94da-0374c871667e", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "colIndex": 0, + "width": 464.5 + } + ] + } + }, + "savedVis": { + "title": "Top Accessed Files [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "e0abcb09-b900-4d29-9146-02ab3aca914e", - "w": 48, - "x": 0, - "y": 25 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "e0abcb09-b900-4d29-9146-02ab3aca914e", - "panelRefName": "panel_e0abcb09-b900-4d29-9146-02ab3aca914e", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "file.path", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "conn-log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "conn-log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[QNAP NAS] Access Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75", - "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:panel_08e193f5-7994-4a34-8572-62dd8fb527fd", - "type": "visualization" + } }, - { - "id": "qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:panel_41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "type": "visualization" + "gridData": { + "h": 18, + "i": "20d36c90-71af-4062-94da-0374c871667e", + "w": 16, + "x": 32, + "y": 7 }, - { - "id": "qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75", - "name": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62:panel_3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "type": "visualization" + "panelIndex": "20d36c90-71af-4062-94da-0374c871667e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Actions over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y/d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "1w" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "conn-log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "conn-log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75", - "name": "20d36c90-71af-4062-94da-0374c871667e:panel_20d36c90-71af-4062-94da-0374c871667e", - "type": "visualization" + "gridData": { + "h": 17, + "i": "e0abcb09-b900-4d29-9146-02ab3aca914e", + "w": 48, + "x": 0, + "y": 25 }, - { - "id": "qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75", - "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:panel_e0abcb09-b900-4d29-9146-02ab3aca914e", - "type": "visualization" - } + "panelIndex": "e0abcb09-b900-4d29-9146-02ab3aca914e", + "type": "visualization", + "version": "7.14.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[QNAP NAS] Access Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + }, + { + "type": "search", + "name": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + }, + { + "type": "index-pattern", + "name": "20d36c90-71af-4062-94da-0374c871667e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "20d36c90-71af-4062-94da-0374c871667e:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + }, + { + "type": "index-pattern", + "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index f85df455008..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connection Types [QNAP NAS]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "qnap.nas.connection_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Connection Types [QNAP NAS]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index 7cb2102b599..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "qnap_nas.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "qnap_nas.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Controls [QNAP NAS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "source.ip", - "id": "1637528635830", - "indexPatternRefName": "control_0_index_pattern", - "label": "Source IP", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "host.name", - "id": "1637528676545", - "indexPatternRefName": "control_1_index_pattern", - "label": "NAS Hostname", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.name", - "id": "1637528892452", - "indexPatternRefName": "control_2_index_pattern", - "label": "User", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "qnap.nas.connection_type", - "id": "1637530638172", - "indexPatternRefName": "control_3_index_pattern", - "label": "Connection Type", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Controls [QNAP NAS]", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_3_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index 9f51baa3a47..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,194 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.provider", - "negate": false, - "params": { - "query": "conn-log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.provider": "conn-log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Event Actions over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "1w" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Event Actions over TIme", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index ede305f5fe6..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "file" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "file" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "File Actions [QNAP NAS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "File Actions [QNAP NAS]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index 332ce87d925..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.provider", - "negate": false, - "params": { - "query": "conn-log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.provider": "conn-log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Accessed Files [QNAP NAS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "file.path", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top Accessed Files [QNAP NAS]", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 482fb62da16b2f5d427f5b37d0b9b2e6070dd165 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:12:49 +0530 Subject: [PATCH 032/103] migrate santa to by_value --- ...-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json | 604 +++++++++++++----- ...-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json | 69 -- ...-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json | 65 -- ...-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json | 99 --- ...-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json | 76 --- ...-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json | 77 --- ...-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json | 36 -- 7 files changed, 456 insertions(+), 570 deletions(-) delete mode 100644 packages/santa/kibana/visualization/santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json delete mode 100644 packages/santa/kibana/visualization/santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json delete mode 100644 packages/santa/kibana/visualization/santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json delete mode 100644 packages/santa/kibana/visualization/santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json delete mode 100644 packages/santa/kibana/visualization/santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json delete mode 100644 packages/santa/kibana/visualization/santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json diff --git a/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json index 8c1ed6ae65d..9f1dfa75b94 100644 --- a/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json +++ b/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json @@ -1,175 +1,483 @@ { - "attributes": { - "description": "Process executions on macOS monitored by Google Santa.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:42:21.625Z", + "version": "WzYzMSwxXQ==", + "attributes": { + "description": "Process executions on macOS monitored by Google Santa.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:santa.log" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Description [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![Santa Icon](https://raw.githubusercontent.com/google/santa/main/Source/santa/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png)\n\nGoogle Santa is a binary whitelisting/blacklisting system for macOS that monitors process executions.", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset:santa.log" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 12, + "i": "1", + "w": 10, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "1", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-alpha1-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Decisions [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "(data_stream.dataset:santa.log)" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Decision", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "santa.decision" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Events [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 12, - "i": "2", - "w": 38, - "x": 10, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-alpha1-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "3", - "w": 10, - "x": 8, - "y": 12 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-alpha1-SNAPSHOT" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "3", + "w": 10, + "x": 8, + "y": 12 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Decision and Reason [Logs Santa]", + "description": "", + "uiState": { + "vis": { + "colors": { + "ALLOW": "#7EB26D" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "4", - "w": 12, - "x": 36, - "y": 12 - }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-alpha1-SNAPSHOT" + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "5", - "w": 8, - "x": 0, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Decision", + "field": "santa.decision", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-alpha1-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Reason", + "field": "santa.reason", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 12, + "x": 36, + "y": 12 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Num of Hosts Reporting [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 10, - "i": "6", - "w": 18, - "x": 18, - "y": 12 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-alpha1-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "7", - "w": 48, - "x": 0, - "y": 22 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-alpha1-SNAPSHOT" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts Reporting", + "field": "agent.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Santa] Overview", - "version": 1 - }, - "id": "santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 10, + "i": "5", + "w": 8, + "x": 0, + "y": 12 }, - { - "id": "santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Code Signers [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 39, + "minFontSize": 12, + "orientation": "single", + "scale": "linear", + "showLabel": true, + "palette": { + "type": "palette", + "name": "kibana_palette" + } + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "santa.certificate.common_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 10, + "i": "6", + "w": 18, + "x": 18, + "y": 12 }, - { - "id": "santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307", - "name": "panel_4", - "type": "visualization" + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 10, + "i": "7", + "w": 48, + "x": 0, + "y": 22 }, - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "panel_6", - "type": "search" - } + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.0.0-alpha1-SNAPSHOT" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Santa] Overview", + "version": 1 + }, + "references": [ + { + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", + "name": "panel_6", + "type": "search" + }, + { + "type": "search", + "name": "3:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + }, + { + "type": "search", + "name": "4:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + }, + { + "type": "search", + "name": "5:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + }, + { + "type": "search", + "name": "6:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 4312282dbff..00000000000 --- a/packages/santa/kibana/visualization/santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Code Signers [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "santa.certificate.common_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 39, - "minFontSize": 12, - "orientation": "single", - "scale": "linear", - "showLabel": true - }, - "title": "Code Signers [Logs Santa]", - "type": "tagcloud" - } - }, - "id": "santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 5dd4e492731..00000000000 --- a/packages/santa/kibana/visualization/santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Decisions [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "filter": { - "language": "kuery", - "query": "(data_stream.dataset:santa.log)" - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "Decision", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "santa.decision" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries" - }, - "title": "Decisions [Logs Santa]", - "type": "metrics" - } - }, - "id": "santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index f25a5b4f303..00000000000 --- a/packages/santa/kibana/visualization/santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Decision and Reason [Logs Santa]", - "uiStateJSON": { - "vis": { - "colors": { - "ALLOW": "#7EB26D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Decision", - "field": "santa.decision", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Reason", - "field": "santa.reason", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Decision and Reason [Logs Santa]", - "type": "pie" - } - }, - "id": "santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 06200680b5e..00000000000 --- a/packages/santa/kibana/visualization/santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Total Events [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Total Events [Logs Santa]", - "type": "metric" - } - }, - "id": "santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index dd45cfa45d0..00000000000 --- a/packages/santa/kibana/visualization/santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Num of Hosts Reporting [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Hosts Reporting", - "field": "agent.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Num of Hosts Reporting [Logs Santa]", - "type": "metric" - } - }, - "id": "santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 612043d2fe5..00000000000 --- a/packages/santa/kibana/visualization/santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Description [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "![Santa Icon](https://raw.githubusercontent.com/google/santa/main/Source/santa/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png)\n\nGoogle Santa is a binary whitelisting/blacklisting system for macOS that monitors process executions.", - "openLinksInNewTab": false - }, - "title": "Description [Logs Santa]", - "type": "markdown" - } - }, - "id": "santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file From 58a64cd576915c74d3160e3e1db7a7f449ef0d79 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:18:50 +0530 Subject: [PATCH 033/103] all inlined sentinel_one --- ...-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json | 4835 +++++++++-------- ...-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json | 1075 ++-- ...-67844880-bbb5-11ec-82b7-8fcb232e9538.json | 3987 +++++++------- ...-899f2630-bb27-11ec-82b7-8fcb232e9538.json | 1571 +++--- ...-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json | 1965 +++---- 5 files changed, 6729 insertions(+), 6704 deletions(-) diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json index a7ccecb9d97..04f77ec0946 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json @@ -1,2483 +1,2488 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" + "id": "sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:45:08.565Z", + "version": "WzYyMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "58329672-9ca4-4454-9d78-c619ef956a6a": { + "columnOrder": [ + "d8990d07-439a-4335-9646-8fbcab6e268d" + ], + "columns": { + "d8990d07-439a-4335-9646-8fbcab6e268d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "d8990d07-439a-4335-9646-8fbcab6e268d", + "layerId": "58329672-9ca4-4454-9d78-c619ef956a6a", + "layerType": "data" + } + }, + "title": "Total Number of Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 6, + "i": "ac59079e-c791-449b-aeeb-d47504921dff", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "58329672-9ca4-4454-9d78-c619ef956a6a": { - "columnOrder": [ - "d8990d07-439a-4335-9646-8fbcab6e268d" - ], - "columns": { - "d8990d07-439a-4335-9646-8fbcab6e268d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "d8990d07-439a-4335-9646-8fbcab6e268d", - "layerId": "58329672-9ca4-4454-9d78-c619ef956a6a", - "layerType": "data" - } - }, - "title": "Total Number of Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "ac59079e-c791-449b-aeeb-d47504921dff", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "ac59079e-c791-449b-aeeb-d47504921dff", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "01d7bdc3-638b-4d23-9ae6-d24678743470": { - "columnOrder": [ - "831e34ee-b0d6-44b1-81b7-2bfee2a628ab" - ], - "columns": { - "831e34ee-b0d6-44b1-81b7-2bfee2a628ab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": false, - "params": { - "query": "resolved" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "831e34ee-b0d6-44b1-81b7-2bfee2a628ab", - "layerId": "01d7bdc3-638b-4d23-9ae6-d24678743470", - "layerType": "data" - } - }, - "title": "Total Resolved Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" + "panelIndex": "ac59079e-c791-449b-aeeb-d47504921dff", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "01d7bdc3-638b-4d23-9ae6-d24678743470": { + "columnOrder": [ + "831e34ee-b0d6-44b1-81b7-2bfee2a628ab" + ], + "columns": { + "831e34ee-b0d6-44b1-81b7-2bfee2a628ab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": false, + "params": { + "query": "resolved" }, - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "1684da14-7484-42a6-91d6-b9659883e20d", - "w": 12, - "x": 12, - "y": 0 - }, - "panelIndex": "1684da14-7484-42a6-91d6-b9659883e20d", - "type": "lens", - "version": "7.17.0" + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "831e34ee-b0d6-44b1-81b7-2bfee2a628ab", + "layerId": "01d7bdc3-638b-4d23-9ae6-d24678743470", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849": { - "columnOrder": [ - "f3d83b7a-fc35-4c85-83f8-b41e12baddf6" - ], - "columns": { - "f3d83b7a-fc35-4c85-83f8-b41e12baddf6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": false, - "params": { - "query": "unresolved" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "unresolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "f3d83b7a-fc35-4c85-83f8-b41e12baddf6", - "layerId": "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", - "layerType": "data" - } - }, - "title": "Unresolved Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" + "title": "Total Resolved Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "1684da14-7484-42a6-91d6-b9659883e20d", + "w": 12, + "x": 12, + "y": 0 + }, + "panelIndex": "1684da14-7484-42a6-91d6-b9659883e20d", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849": { + "columnOrder": [ + "f3d83b7a-fc35-4c85-83f8-b41e12baddf6" + ], + "columns": { + "f3d83b7a-fc35-4c85-83f8-b41e12baddf6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": false, + "params": { + "query": "unresolved" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "030f8164-5e7d-4fb6-a779-d0537748a819", - "w": 12, - "x": 24, - "y": 0 - }, - "panelIndex": "030f8164-5e7d-4fb6-a779-d0537748a819", - "title": "Total Unresolved Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "unresolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "f3d83b7a-fc35-4c85-83f8-b41e12baddf6", + "layerId": "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6f8f021f-aef7-458f-a0bb-445bd78741db": { - "columnOrder": [ - "1ede434b-a316-4e79-85b6-ffbfc41f379a" - ], - "columns": { - "1ede434b-a316-4e79-85b6-ffbfc41f379a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": false, - "params": { - "query": "resolved" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "sentinel_one.threat.mitigation.status", - "negate": false, - "params": { - "query": "active" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.mitigation.status": "active" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "1ede434b-a316-4e79-85b6-ffbfc41f379a", - "layerId": "6f8f021f-aef7-458f-a0bb-445bd78741db", - "layerType": "data" - } - }, - "title": "Active Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" + "title": "Unresolved Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 6, + "i": "030f8164-5e7d-4fb6-a779-d0537748a819", + "w": 12, + "x": 24, + "y": 0 + }, + "panelIndex": "030f8164-5e7d-4fb6-a779-d0537748a819", + "title": "Total Unresolved Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6f8f021f-aef7-458f-a0bb-445bd78741db": { + "columnOrder": [ + "1ede434b-a316-4e79-85b6-ffbfc41f379a" + ], + "columns": { + "1ede434b-a316-4e79-85b6-ffbfc41f379a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": false, + "params": { + "query": "resolved" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "075409b1-9d74-4399-8348-3101a2d22392", - "w": 12, - "x": 36, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } }, - "panelIndex": "075409b1-9d74-4399-8348-3101a2d22392", - "title": "Active Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "31be526e-c389-4f6d-93e8-27f1b7dcd0d0": { - "columnOrder": [ - "8ae53844-358d-4472-9d64-d7c2708fc29c" - ], - "columns": { - "8ae53844-358d-4472-9d64-d7c2708fc29c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "sentinel_one.threat.mitigation.status", - "negate": false, - "params": { - "query": "blocked" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.mitigation.status": "blocked" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "8ae53844-358d-4472-9d64-d7c2708fc29c", - "layerId": "31be526e-c389-4f6d-93e8-27f1b7dcd0d0", - "layerType": "data" - } - }, - "title": "Blocked Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "sentinel_one.threat.mitigation.status", + "negate": false, + "params": { + "query": "active" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "3ff8c08e-3a29-488c-b481-9b51accaae95", - "w": 16, - "x": 0, - "y": 6 - }, - "panelIndex": "3ff8c08e-3a29-488c-b481-9b51accaae95", - "title": "Total Blocked Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.mitigation.status": "active" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "1ede434b-a316-4e79-85b6-ffbfc41f379a", + "layerId": "6f8f021f-aef7-458f-a0bb-445bd78741db", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1c27890e-f153-4984-8c2f-6004a3779f71": { - "columnOrder": [ - "eb8375d7-8836-43bb-840a-88c8c2f11b43" - ], - "columns": { - "eb8375d7-8836-43bb-840a-88c8c2f11b43": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.mitigation.status", - "negate": false, - "params": { - "query": "mitigated" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.mitigation.status": "mitigated" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "eb8375d7-8836-43bb-840a-88c8c2f11b43", - "layerId": "1c27890e-f153-4984-8c2f-6004a3779f71", - "layerType": "data" - } - }, - "title": "Mitigated Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" + "title": "Active Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 6, + "i": "075409b1-9d74-4399-8348-3101a2d22392", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "075409b1-9d74-4399-8348-3101a2d22392", + "title": "Active Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "31be526e-c389-4f6d-93e8-27f1b7dcd0d0": { + "columnOrder": [ + "8ae53844-358d-4472-9d64-d7c2708fc29c" + ], + "columns": { + "8ae53844-358d-4472-9d64-d7c2708fc29c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", - "w": 16, - "x": 16, - "y": 6 + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } }, - "panelIndex": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", - "title": "Total Mitigated Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "98a05273-ef46-4b59-8caa-86b7de9c9724": { - "columnOrder": [ - "9295a43b-ccd0-4d23-abf8-73586af8dac7" - ], - "columns": { - "9295a43b-ccd0-4d23-abf8-73586af8dac7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "sentinel_one.threat.mitigation.status : \"suspicious\" and data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "9295a43b-ccd0-4d23-abf8-73586af8dac7", - "layerId": "98a05273-ef46-4b59-8caa-86b7de9c9724", - "layerType": "data" - } - }, - "title": "Detected - Suspicious Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "sentinel_one.threat.mitigation.status", + "negate": false, + "params": { + "query": "blocked" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "14069c35-b940-4540-82f8-1ef2bb73dfe1", - "w": 16, - "x": 32, - "y": 6 - }, - "panelIndex": "14069c35-b940-4540-82f8-1ef2bb73dfe1", - "title": "Total Detected - Suspicious Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.mitigation.status": "blocked" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "8ae53844-358d-4472-9d64-d7c2708fc29c", + "layerId": "31be526e-c389-4f6d-93e8-27f1b7dcd0d0", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9d8d04b8-42e9-488a-9c18-39f38153e46a": { - "columnOrder": [ - "3629412b-4ee6-4169-92d4-d5d8ebb7ab62", - "324989fb-f85e-4bbc-b7f9-b85472d54928" - ], - "columns": { - "324989fb-f85e-4bbc-b7f9-b85472d54928": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - }, - "3629412b-4ee6-4169-92d4-d5d8ebb7ab62": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Prevalent Threats", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "324989fb-f85e-4bbc-b7f9-b85472d54928", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "324989fb-f85e-4bbc-b7f9-b85472d54928" - ], - "layerId": "9d8d04b8-42e9-488a-9c18-39f38153e46a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "3629412b-4ee6-4169-92d4-d5d8ebb7ab62" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Most Prevalent Threats [Logs SentinelOne]", - "visualizationType": "lnsXY" + "title": "Blocked Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "3ff8c08e-3a29-488c-b481-9b51accaae95", + "w": 16, + "x": 0, + "y": 6 + }, + "panelIndex": "3ff8c08e-3a29-488c-b481-9b51accaae95", + "title": "Total Blocked Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1c27890e-f153-4984-8c2f-6004a3779f71": { + "columnOrder": [ + "eb8375d7-8836-43bb-840a-88c8c2f11b43" + ], + "columns": { + "eb8375d7-8836-43bb-840a-88c8c2f11b43": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.mitigation.status", + "negate": false, + "params": { + "query": "mitigated" }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "213a2279-8bb5-491b-b0f0-d5a7a2473670", - "w": 24, - "x": 24, - "y": 14 + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.mitigation.status": "mitigated" + } + } }, - "panelIndex": "213a2279-8bb5-491b-b0f0-d5a7a2473670", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec6bf891-aedf-4b92-af42-54c04e749174": { - "columnOrder": [ - "7dc311c6-df3f-40ca-88e5-3925010191be", - "9934d429-8319-435c-8c72-57a56541dfcb" - ], - "columns": { - "7dc311c6-df3f-40ca-88e5-3925010191be": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Engine Detections", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9934d429-8319-435c-8c72-57a56541dfcb", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.detection.engines.title" - }, - "9934d429-8319-435c-8c72-57a56541dfcb": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7dc311c6-df3f-40ca-88e5-3925010191be" - ], - "layerId": "ec6bf891-aedf-4b92-af42-54c04e749174", - "layerType": "data", - "legendDisplay": "default", - "metric": "9934d429-8319-435c-8c72-57a56541dfcb", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Detections by Engine [Logs SentinelOne]", - "visualizationType": "lnsPie" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "14523f88-ccbb-45bc-9758-7263315630cb", - "w": 24, - "x": 0, - "y": 14 - }, - "panelIndex": "14523f88-ccbb-45bc-9758-7263315630cb", - "type": "lens", - "version": "7.17.0" + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "eb8375d7-8836-43bb-840a-88c8c2f11b43", + "layerId": "1c27890e-f153-4984-8c2f-6004a3779f71", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f83c655e-003c-4cc5-a2e3-789acb23b691": { - "columnOrder": [ - "d427f2bd-912c-476e-85a7-3110216b3b8d", - "7fead18f-d40b-4539-ace7-5328e84140d2" - ], - "columns": { - "7fead18f-d40b-4539-ace7-5328e84140d2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - }, - "d427f2bd-912c-476e-85a7-3110216b3b8d": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.is_active : true " - }, - "label": "Active Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.is_active : false " - }, - "label": "Inactive Agents" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.agent.is_active", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.threat.agent.is_active" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d427f2bd-912c-476e-85a7-3110216b3b8d" - ], - "layerId": "f83c655e-003c-4cc5-a2e3-789acb23b691", - "layerType": "data", - "legendDisplay": "default", - "metric": "7fead18f-d40b-4539-ace7-5328e84140d2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Threats by Agent Status [Logs SentinelOne]", - "visualizationType": "lnsPie" + "title": "Mitigated Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", + "w": 16, + "x": 16, + "y": 6 + }, + "panelIndex": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", + "title": "Total Mitigated Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "98a05273-ef46-4b59-8caa-86b7de9c9724": { + "columnOrder": [ + "9295a43b-ccd0-4d23-abf8-73586af8dac7" + ], + "columns": { + "9295a43b-ccd0-4d23-abf8-73586af8dac7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", - "w": 24, - "x": 0, - "y": 29 - }, - "panelIndex": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", - "type": "lens", - "version": "7.17.0" + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "sentinel_one.threat.mitigation.status : \"suspicious\" and data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "9295a43b-ccd0-4d23-abf8-73586af8dac7", + "layerId": "98a05273-ef46-4b59-8caa-86b7de9c9724", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6f4336e8-7451-476e-89a5-fe65d93be571": { - "columnOrder": [ - "59424e47-b686-440e-b754-51a079ad1417", - "7c71fee2-7e8b-48d2-8344-767b3e76f207" - ], - "columns": { - "59424e47-b686-440e-b754-51a079ad1417": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7c71fee2-7e8b-48d2-8344-767b3e76f207", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.mitigation_status.action" - }, - "7c71fee2-7e8b-48d2-8344-767b3e76f207": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "59424e47-b686-440e-b754-51a079ad1417" - ], - "layerId": "6f4336e8-7451-476e-89a5-fe65d93be571", - "layerType": "data", - "legendDisplay": "default", - "metric": "7c71fee2-7e8b-48d2-8344-767b3e76f207", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Detected - Suspicious Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "14069c35-b940-4540-82f8-1ef2bb73dfe1", + "w": 16, + "x": 32, + "y": 6 + }, + "panelIndex": "14069c35-b940-4540-82f8-1ef2bb73dfe1", + "title": "Total Detected - Suspicious Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9d8d04b8-42e9-488a-9c18-39f38153e46a": { + "columnOrder": [ + "3629412b-4ee6-4169-92d4-d5d8ebb7ab62", + "324989fb-f85e-4bbc-b7f9-b85472d54928" + ], + "columns": { + "324989fb-f85e-4bbc-b7f9-b85472d54928": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" }, - "title": "Distribution of Threats by Mitigation Status Action [Logs SentinelOne]", - "visualizationType": "lnsPie" + "3629412b-4ee6-4169-92d4-d5d8ebb7ab62": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Prevalent Threats", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "324989fb-f85e-4bbc-b7f9-b85472d54928", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "324989fb-f85e-4bbc-b7f9-b85472d54928" + ], + "layerId": "9d8d04b8-42e9-488a-9c18-39f38153e46a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "3629412b-4ee6-4169-92d4-d5d8ebb7ab62" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", - "w": 24, - "x": 24, - "y": 29 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd": { - "columnOrder": [ - "039a2941-5111-4bf1-a02a-af4a8fe09609", - "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43" - ], - "columns": { - "039a2941-5111-4bf1-a02a-af4a8fe09609": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mitigation Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.mitigation_status.status" - }, - "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "039a2941-5111-4bf1-a02a-af4a8fe09609" - ], - "layerId": "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", - "layerType": "data", - "legendDisplay": "default", - "metric": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Most Prevalent Threats [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "213a2279-8bb5-491b-b0f0-d5a7a2473670", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "213a2279-8bb5-491b-b0f0-d5a7a2473670", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec6bf891-aedf-4b92-af42-54c04e749174": { + "columnOrder": [ + "7dc311c6-df3f-40ca-88e5-3925010191be", + "9934d429-8319-435c-8c72-57a56541dfcb" + ], + "columns": { + "7dc311c6-df3f-40ca-88e5-3925010191be": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Engine Detections", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9934d429-8319-435c-8c72-57a56541dfcb", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.detection.engines.title" }, - "title": "Distribution of Threats by Mitigation Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "accf3797-c215-44a4-829d-c9ff30758f7b", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "accf3797-c215-44a4-829d-c9ff30758f7b", - "type": "lens", - "version": "7.17.0" + "9934d429-8319-435c-8c72-57a56541dfcb": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7dc311c6-df3f-40ca-88e5-3925010191be" + ], + "layerId": "ec6bf891-aedf-4b92-af42-54c04e749174", + "layerType": "data", + "legendDisplay": "default", + "metric": "9934d429-8319-435c-8c72-57a56541dfcb", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a64559b1-90c9-4859-9d5f-2585172bcda4": { - "columnOrder": [ - "e8b50532-e3ed-47d7-a0d4-7aaced47afa3", - "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" - ], - "columns": { - "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - }, - "e8b50532-e3ed-47d7-a0d4-7aaced47afa3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mitigation Mode", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.agent.mitigation_mode" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" - ], - "layerId": "a64559b1-90c9-4859-9d5f-2585172bcda4", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "e8b50532-e3ed-47d7-a0d4-7aaced47afa3" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Distribution of Detections by Engine [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "14523f88-ccbb-45bc-9758-7263315630cb", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "14523f88-ccbb-45bc-9758-7263315630cb", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f83c655e-003c-4cc5-a2e3-789acb23b691": { + "columnOrder": [ + "d427f2bd-912c-476e-85a7-3110216b3b8d", + "7fead18f-d40b-4539-ace7-5328e84140d2" + ], + "columns": { + "7fead18f-d40b-4539-ace7-5328e84140d2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" }, - "title": "Distribution of Threats by Agent Mitigation Mode [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "301b13f1-59c8-40e0-80f8-ecc1892b938d", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "301b13f1-59c8-40e0-80f8-ecc1892b938d", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "da28cab9-5d08-4b0b-bbd6-2cf9952051b2": { - "columnOrder": [ - "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb", - "ae868bf2-36dc-418c-a6fc-43718e58cd78" - ], - "columns": { - "ae868bf2-36dc-418c-a6fc-43718e58cd78": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - }, - "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Confidence Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae868bf2-36dc-418c-a6fc-43718e58cd78", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.confidence_level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "ae868bf2-36dc-418c-a6fc-43718e58cd78" - ], - "layerId": "da28cab9-5d08-4b0b-bbd6-2cf9952051b2", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "d427f2bd-912c-476e-85a7-3110216b3b8d": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.is_active : true " }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "label": "Active Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.is_active : false " }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Threats by Confidence Level [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b8f90700-ca73-40c7-9257-8612aa86cc9f", - "w": 24, - "x": 0, - "y": 59 - }, - "panelIndex": "b8f90700-ca73-40c7-9257-8612aa86cc9f", - "type": "lens", - "version": "7.17.0" + "label": "Inactive Agents" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.agent.is_active", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.threat.agent.is_active" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d427f2bd-912c-476e-85a7-3110216b3b8d" + ], + "layerId": "f83c655e-003c-4cc5-a2e3-789acb23b691", + "layerType": "data", + "legendDisplay": "default", + "metric": "7fead18f-d40b-4539-ace7-5328e84140d2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c": { - "columnOrder": [ - "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f", - "7c555542-d2ad-4e9f-9779-305d5be0422a" - ], - "columns": { - "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Extension", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7c555542-d2ad-4e9f-9779-305d5be0422a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.file.extension.type" - }, - "7c555542-d2ad-4e9f-9779-305d5be0422a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "7c555542-d2ad-4e9f-9779-305d5be0422a" - ], - "layerId": "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Distribution of Threats by Agent Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6f4336e8-7451-476e-89a5-fe65d93be571": { + "columnOrder": [ + "59424e47-b686-440e-b754-51a079ad1417", + "7c71fee2-7e8b-48d2-8344-767b3e76f207" + ], + "columns": { + "59424e47-b686-440e-b754-51a079ad1417": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7c71fee2-7e8b-48d2-8344-767b3e76f207", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.mitigation_status.action" }, - "title": "Distribution of Threats by File Extension Type [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", - "w": 24, - "x": 24, - "y": 59 - }, - "panelIndex": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", - "type": "lens", - "version": "7.17.0" + "7c71fee2-7e8b-48d2-8344-767b3e76f207": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "59424e47-b686-440e-b754-51a079ad1417" + ], + "layerId": "6f4336e8-7451-476e-89a5-fe65d93be571", + "layerType": "data", + "legendDisplay": "default", + "metric": "7c71fee2-7e8b-48d2-8344-767b3e76f207", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f121a5b-0179-4329-a945-a3d23d83172f": { - "columnOrder": [ - "d0e857c2-8d8d-4177-9667-36bacc56c5a1", - "cf378f6b-a6f6-4df2-933c-95224587ebf8" - ], - "columns": { - "cf378f6b-a6f6-4df2-933c-95224587ebf8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - }, - "d0e857c2-8d8d-4177-9667-36bacc56c5a1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Extension", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "threat.indicator.file.extension" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "columns": [ - { - "columnId": "d0e857c2-8d8d-4177-9667-36bacc56c5a1", - "isTransposed": false - }, - { - "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", - "isTransposed": false - } - ], - "layerId": "3f121a5b-0179-4329-a945-a3d23d83172f", - "layerType": "data" - } + "title": "Distribution of Threats by Mitigation Status Action [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd": { + "columnOrder": [ + "039a2941-5111-4bf1-a02a-af4a8fe09609", + "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43" + ], + "columns": { + "039a2941-5111-4bf1-a02a-af4a8fe09609": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mitigation Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.mitigation_status.status" }, - "title": "Top 10 File Extension [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ed9a7061-e640-41f3-a838-3772f86e4be4", - "w": 24, - "x": 0, - "y": 74 - }, - "panelIndex": "ed9a7061-e640-41f3-a838-3772f86e4be4", - "type": "lens", - "version": "7.17.0" + "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "039a2941-5111-4bf1-a02a-af4a8fe09609" + ], + "layerId": "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", + "layerType": "data", + "legendDisplay": "default", + "metric": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8": { - "columnOrder": [ - "33d893f0-097c-42d5-bf31-4460415368d4", - "d71d067f-c96c-4701-8f64-700b42388d59" - ], - "columns": { - "33d893f0-097c-42d5-bf31-4460415368d4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Incident Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d71d067f-c96c-4701-8f64-700b42388d59", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.incident.status" - }, - "d71d067f-c96c-4701-8f64-700b42388d59": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "d71d067f-c96c-4701-8f64-700b42388d59" - ], - "layerId": "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "33d893f0-097c-42d5-bf31-4460415368d4" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Distribution of Threats by Mitigation Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "accf3797-c215-44a4-829d-c9ff30758f7b", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "accf3797-c215-44a4-829d-c9ff30758f7b", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a64559b1-90c9-4859-9d5f-2585172bcda4": { + "columnOrder": [ + "e8b50532-e3ed-47d7-a0d4-7aaced47afa3", + "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" + ], + "columns": { + "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" }, - "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "e8b50532-e3ed-47d7-a0d4-7aaced47afa3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mitigation Mode", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.agent.mitigation_mode" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" + ], + "layerId": "a64559b1-90c9-4859-9d5f-2585172bcda4", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "e8b50532-e3ed-47d7-a0d4-7aaced47afa3" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", - "w": 24, - "x": 24, - "y": 74 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", - "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count", - "field": "sentinel_one.threat.id" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Technique Name", - "field": "threat.technique.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - } - } - }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "default", - "type": "palette" - }, - "scale": "linear", - "showLabel": true + "title": "Distribution of Threats by Agent Mitigation Mode [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "301b13f1-59c8-40e0-80f8-ecc1892b938d", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "301b13f1-59c8-40e0-80f8-ecc1892b938d", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "da28cab9-5d08-4b0b-bbd6-2cf9952051b2": { + "columnOrder": [ + "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb", + "ae868bf2-36dc-418c-a6fc-43718e58cd78" + ], + "columns": { + "ae868bf2-36dc-418c-a6fc-43718e58cd78": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" }, - "title": "Top 10 Threat Techniques [Logs SentinelOne]", - "type": "tagcloud", - "uiState": {} + "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Confidence Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae868bf2-36dc-418c-a6fc-43718e58cd78", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.confidence_level" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "ae868bf2-36dc-418c-a6fc-43718e58cd78" + ], + "layerId": "da28cab9-5d08-4b0b-bbd6-2cf9952051b2", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "6d788430-6b2b-4e7c-9468-36b0aebf8468", - "w": 24, - "x": 0, - "y": 89 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "6d788430-6b2b-4e7c-9468-36b0aebf8468", - "type": "visualization", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "71ff1569-960a-408c-8e00-df6b68186912": { - "columnOrder": [ - "9a221d90-b37c-4947-899a-a8806d7d25f1", - "d24c6b72-358d-4f01-ade3-cf9c228946e0" - ], - "columns": { - "9a221d90-b37c-4947-899a-a8806d7d25f1": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.infected : true " - }, - "label": "Infected Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.infected : false " - }, - "label": "Non-Infected Agents" - } - ] - }, - "scale": "ordinal" - }, - "d24c6b72-358d-4f01-ade3-cf9c228946e0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.agent.infected", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.threat.agent.infected" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "9a221d90-b37c-4947-899a-a8806d7d25f1" - ], - "layerId": "71ff1569-960a-408c-8e00-df6b68186912", - "layerType": "data", - "legendDisplay": "default", - "metric": "d24c6b72-358d-4f01-ade3-cf9c228946e0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Threats by Confidence Level [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "b8f90700-ca73-40c7-9257-8612aa86cc9f", + "w": 24, + "x": 0, + "y": 59 + }, + "panelIndex": "b8f90700-ca73-40c7-9257-8612aa86cc9f", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c": { + "columnOrder": [ + "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f", + "7c555542-d2ad-4e9f-9779-305d5be0422a" + ], + "columns": { + "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Extension", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7c555542-d2ad-4e9f-9779-305d5be0422a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.file.extension.type" }, - "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "7c555542-d2ad-4e9f-9779-305d5be0422a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "7c555542-d2ad-4e9f-9779-305d5be0422a" + ], + "layerId": "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", - "w": 24, - "x": 24, - "y": 89 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", - "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9fe7a9cc-3417-4166-bdfc-5cdb85599981": { - "columnOrder": [ - "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", - "99d2033b-2144-4e21-ad23-a170fcac9408" - ], - "columns": { - "99d2033b-2144-4e21-ad23-a170fcac9408": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - }, - "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Detection Engine", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.detection.engines.title" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "columns": [ - { - "columnId": "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", - "isTransposed": false - }, - { - "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", - "isTransposed": false - } - ], - "layerId": "9fe7a9cc-3417-4166-bdfc-5cdb85599981", - "layerType": "data" - } + "title": "Distribution of Threats by File Extension Type [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", + "w": 24, + "x": 24, + "y": 59 + }, + "panelIndex": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f121a5b-0179-4329-a945-a3d23d83172f": { + "columnOrder": [ + "d0e857c2-8d8d-4177-9667-36bacc56c5a1", + "cf378f6b-a6f6-4df2-933c-95224587ebf8" + ], + "columns": { + "cf378f6b-a6f6-4df2-933c-95224587ebf8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" }, - "title": "Distribution of Threats by Detection Engine [Logs SentinelOne] ", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", - "w": 24, - "x": 0, - "y": 104 - }, - "panelIndex": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", - "type": "lens", - "version": "7.17.0" + "d0e857c2-8d8d-4177-9667-36bacc56c5a1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Extension", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "threat.indicator.file.extension" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "columns": [ + { + "columnId": "d0e857c2-8d8d-4177-9667-36bacc56c5a1", + "isTransposed": false + }, + { + "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", + "isTransposed": false + } + ], + "layerId": "3f121a5b-0179-4329-a945-a3d23d83172f", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count", - "field": "sentinel_one.threat.id" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Classification", - "field": "sentinel_one.threat.classification", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - } - } - }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "default", - "type": "palette" - }, - "scale": "linear", - "showLabel": true + "title": "Top 10 File Extension [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ed9a7061-e640-41f3-a838-3772f86e4be4", + "w": 24, + "x": 0, + "y": 74 + }, + "panelIndex": "ed9a7061-e640-41f3-a838-3772f86e4be4", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8": { + "columnOrder": [ + "33d893f0-097c-42d5-bf31-4460415368d4", + "d71d067f-c96c-4701-8f64-700b42388d59" + ], + "columns": { + "33d893f0-097c-42d5-bf31-4460415368d4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Incident Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d71d067f-c96c-4701-8f64-700b42388d59", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.incident.status" }, - "title": "Top Threats by Classification [Logs SentinelOne]", - "type": "tagcloud", - "uiState": {} + "d71d067f-c96c-4701-8f64-700b42388d59": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "d71d067f-c96c-4701-8f64-700b42388d59" + ], + "layerId": "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "33d893f0-097c-42d5-bf31-4460415368d4" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "55d0b7da-986b-4e98-b476-f3768233dc8f", - "w": 24, - "x": 24, - "y": 104 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "55d0b7da-986b-4e98-b476-f3768233dc8f", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs SentinelOne] Threats", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1684da14-7484-42a6-91d6-b9659883e20d:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "030f8164-5e7d-4fb6-a779-d0537748a819:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", + "w": 24, + "x": 24, + "y": 74 }, - { - "id": "logs-*", - "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", + "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count", + "field": "sentinel_one.threat.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Technique Name", + "field": "threat.technique.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + } + } + }, + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "default", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "title": "Top 10 Threat Techniques [Logs SentinelOne]", + "type": "tagcloud", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "6d788430-6b2b-4e7c-9468-36b0aebf8468", + "w": 24, + "x": 0, + "y": 89 }, - { - "id": "logs-*", - "name": "6d788430-6b2b-4e7c-9468-36b0aebf8468:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" + "panelIndex": "6d788430-6b2b-4e7c-9468-36b0aebf8468", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "71ff1569-960a-408c-8e00-df6b68186912": { + "columnOrder": [ + "9a221d90-b37c-4947-899a-a8806d7d25f1", + "d24c6b72-358d-4f01-ade3-cf9c228946e0" + ], + "columns": { + "9a221d90-b37c-4947-899a-a8806d7d25f1": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.infected : true " + }, + "label": "Infected Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.infected : false " + }, + "label": "Non-Infected Agents" + } + ] + }, + "scale": "ordinal" + }, + "d24c6b72-358d-4f01-ade3-cf9c228946e0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.agent.infected", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.threat.agent.infected" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9a221d90-b37c-4947-899a-a8806d7d25f1" + ], + "layerId": "71ff1569-960a-408c-8e00-df6b68186912", + "layerType": "data", + "legendDisplay": "default", + "metric": "d24c6b72-358d-4f01-ade3-cf9c228946e0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", + "w": 24, + "x": 24, + "y": 89 }, - { - "id": "logs-*", - "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", - "type": "index-pattern" + "panelIndex": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", + "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9fe7a9cc-3417-4166-bdfc-5cdb85599981": { + "columnOrder": [ + "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", + "99d2033b-2144-4e21-ad23-a170fcac9408" + ], + "columns": { + "99d2033b-2144-4e21-ad23-a170fcac9408": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + }, + "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Detection Engine", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.detection.engines.title" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "columns": [ + { + "columnId": "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", + "isTransposed": false + }, + { + "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", + "isTransposed": false + } + ], + "layerId": "9fe7a9cc-3417-4166-bdfc-5cdb85599981", + "layerType": "data" + } + }, + "title": "Distribution of Threats by Detection Engine [Logs SentinelOne] ", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", + "w": 24, + "x": 0, + "y": 104 }, - { - "id": "logs-*", - "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count", + "field": "sentinel_one.threat.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Classification", + "field": "sentinel_one.threat.classification", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + } + } + }, + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "default", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "title": "Top Threats by Classification [Logs SentinelOne]", + "type": "tagcloud", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "55d0b7da-986b-4e98-b476-f3768233dc8f", + "w": 24, + "x": 24, + "y": 104 }, - { - "id": "logs-*", - "name": "55d0b7da-986b-4e98-b476-f3768233dc8f:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } + "panelIndex": "55d0b7da-986b-4e98-b476-f3768233dc8f", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs SentinelOne] Threats", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1684da14-7484-42a6-91d6-b9659883e20d:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "030f8164-5e7d-4fb6-a779-d0537748a819:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6d788430-6b2b-4e7c-9468-36b0aebf8468:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55d0b7da-986b-4e98-b476-f3768233dc8f:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json index 4b657cb373e..b9af2aa0786 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json @@ -1,556 +1,561 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" + "id": "sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:45:08.565Z", + "version": "WzYyMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "551abd38-5fb7-4b65-8582-5aefeb823354": { + "columnOrder": [ + "e7acea9a-d9f8-4717-bcc7-5f20c894af20" + ], + "columns": { + "e7acea9a-d9f8-4717-bcc7-5f20c894af20": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "accessor": "e7acea9a-d9f8-4717-bcc7-5f20c894af20", + "layerId": "551abd38-5fb7-4b65-8582-5aefeb823354", + "layerType": "data" + } + }, + "title": "Total Number of Groups [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 13, + "i": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", + "w": 15, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9003983d-2897-44e8-8d69-98131f4862c0": { + "columnOrder": [ + "e90d8830-87e6-44bd-b01d-05cf41281d45", + "eea9932f-21ee-4f28-b1a7-feb8b211c125" + ], + "columns": { + "e90d8830-87e6-44bd-b01d-05cf41281d45": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Group Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "eea9932f-21ee-4f28-b1a7-feb8b211c125", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "551abd38-5fb7-4b65-8582-5aefeb823354": { - "columnOrder": [ - "e7acea9a-d9f8-4717-bcc7-5f20c894af20" - ], - "columns": { - "e7acea9a-d9f8-4717-bcc7-5f20c894af20": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "accessor": "e7acea9a-d9f8-4717-bcc7-5f20c894af20", - "layerId": "551abd38-5fb7-4b65-8582-5aefeb823354", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.group.type" }, - "title": "Total Number of Groups [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", - "w": 15, - "x": 0, - "y": 0 - }, - "panelIndex": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", - "type": "lens", - "version": "7.17.0" + "eea9932f-21ee-4f28-b1a7-feb8b211c125": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "e90d8830-87e6-44bd-b01d-05cf41281d45" + ], + "layerId": "9003983d-2897-44e8-8d69-98131f4862c0", + "layerType": "data", + "legendDisplay": "default", + "metric": "eea9932f-21ee-4f28-b1a7-feb8b211c125", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9003983d-2897-44e8-8d69-98131f4862c0": { - "columnOrder": [ - "e90d8830-87e6-44bd-b01d-05cf41281d45", - "eea9932f-21ee-4f28-b1a7-feb8b211c125" - ], - "columns": { - "e90d8830-87e6-44bd-b01d-05cf41281d45": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Group Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "eea9932f-21ee-4f28-b1a7-feb8b211c125", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.group.type" - }, - "eea9932f-21ee-4f28-b1a7-feb8b211c125": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" + "title": "Distribution of Groups by Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", + "w": 16, + "x": 15, + "y": 0 + }, + "panelIndex": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "75ff32d0-b457-43b3-aaed-fa3bf295c083": { + "columnOrder": [ + "1e289288-8b66-476a-8143-1c1f7be49110", + "902abe3f-a4f0-46d8-bc58-955a9b578b7e" + ], + "columns": { + "1e289288-8b66-476a-8143-1c1f7be49110": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Group Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "902abe3f-a4f0-46d8-bc58-955a9b578b7e", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "e90d8830-87e6-44bd-b01d-05cf41281d45" - ], - "layerId": "9003983d-2897-44e8-8d69-98131f4862c0", - "layerType": "data", - "legendDisplay": "default", - "metric": "eea9932f-21ee-4f28-b1a7-feb8b211c125", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "group.name" }, - "title": "Distribution of Groups by Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "902abe3f-a4f0-46d8-bc58-955a9b578b7e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Agent Count", + "operationType": "max", + "scale": "ratio", + "sourceField": "sentinel_one.group.agent.count" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "902abe3f-a4f0-46d8-bc58-955a9b578b7e" + ], + "layerId": "75ff32d0-b457-43b3-aaed-fa3bf295c083", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "1e289288-8b66-476a-8143-1c1f7be49110" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 13, - "i": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", - "w": 16, - "x": 15, - "y": 0 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "75ff32d0-b457-43b3-aaed-fa3bf295c083": { - "columnOrder": [ - "1e289288-8b66-476a-8143-1c1f7be49110", - "902abe3f-a4f0-46d8-bc58-955a9b578b7e" - ], - "columns": { - "1e289288-8b66-476a-8143-1c1f7be49110": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Group Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "902abe3f-a4f0-46d8-bc58-955a9b578b7e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "group.name" - }, - "902abe3f-a4f0-46d8-bc58-955a9b578b7e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Agent Count", - "operationType": "max", - "scale": "ratio", - "sourceField": "sentinel_one.group.agent.count" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "902abe3f-a4f0-46d8-bc58-955a9b578b7e" - ], - "layerId": "75ff32d0-b457-43b3-aaed-fa3bf295c083", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "1e289288-8b66-476a-8143-1c1f7be49110" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Distribution of Groups by Agent Count [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "26084a13-4083-4c3e-9f81-677b4ca38ca7", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "26084a13-4083-4c3e-9f81-677b4ca38ca7", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1b0e558e-537e-40a9-bc0a-f8b42329c6b5": { + "columnOrder": [ + "b88243e5-5e92-47d3-b775-f0a9d71fadf6", + "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8" + ], + "columns": { + "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" }, - "title": "Distribution of Groups by Agent Count [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "26084a13-4083-4c3e-9f81-677b4ca38ca7", - "w": 17, - "x": 31, - "y": 0 - }, - "panelIndex": "26084a13-4083-4c3e-9f81-677b4ca38ca7", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1b0e558e-537e-40a9-bc0a-f8b42329c6b5": { - "columnOrder": [ - "b88243e5-5e92-47d3-b775-f0a9d71fadf6", - "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8" - ], - "columns": { - "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" - }, - "b88243e5-5e92-47d3-b775-f0a9d71fadf6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rank", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.group.rank" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" + "b88243e5-5e92-47d3-b775-f0a9d71fadf6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rank", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b88243e5-5e92-47d3-b775-f0a9d71fadf6" - ], - "layerId": "1b0e558e-537e-40a9-bc0a-f8b42329c6b5", - "layerType": "data", - "legendDisplay": "default", - "metric": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Groups by Rank [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", - "w": 23, - "x": 0, - "y": 13 - }, - "panelIndex": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", - "title": "Distribution of Groups by Rank [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.group.rank" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b88243e5-5e92-47d3-b775-f0a9d71fadf6" + ], + "layerId": "1b0e558e-537e-40a9-bc0a-f8b42329c6b5", + "layerType": "data", + "legendDisplay": "default", + "metric": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc8dc395-79e3-40c5-9857-d0385fcdc791": { - "columnOrder": [ - "ddec8617-23ff-4060-8029-5973b691cacd", - "84fdcb1d-a681-41b1-b015-201cc40554f9" - ], - "columns": { - "84fdcb1d-a681-41b1-b015-201cc40554f9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" - }, - "ddec8617-23ff-4060-8029-5973b691cacd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Creator Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.full_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "columns": [ - { - "columnId": "ddec8617-23ff-4060-8029-5973b691cacd", - "isTransposed": false - }, - { - "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", - "isTransposed": false - } - ], - "layerId": "cc8dc395-79e3-40c5-9857-d0385fcdc791", - "layerType": "data" - } - }, - "title": "Top 10 Creator Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4694770f-8a83-4877-992c-1a078c45e3c6", - "w": 25, - "x": 23, - "y": 13 - }, - "panelIndex": "4694770f-8a83-4877-992c-1a078c45e3c6", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs SentinelOne] Groups", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", - "type": "index-pattern" + "title": "Distribution of Groups by Rank [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", + "w": 23, + "x": 0, + "y": 13 }, - { - "id": "logs-*", - "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", - "type": "index-pattern" + "panelIndex": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", + "title": "Distribution of Groups by Rank [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc8dc395-79e3-40c5-9857-d0385fcdc791": { + "columnOrder": [ + "ddec8617-23ff-4060-8029-5973b691cacd", + "84fdcb1d-a681-41b1-b015-201cc40554f9" + ], + "columns": { + "84fdcb1d-a681-41b1-b015-201cc40554f9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" + }, + "ddec8617-23ff-4060-8029-5973b691cacd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Creator Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.full_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "columns": [ + { + "columnId": "ddec8617-23ff-4060-8029-5973b691cacd", + "isTransposed": false + }, + { + "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", + "isTransposed": false + } + ], + "layerId": "cc8dc395-79e3-40c5-9857-d0385fcdc791", + "layerType": "data" + } + }, + "title": "Top 10 Creator Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "4694770f-8a83-4877-992c-1a078c45e3c6", + "w": 25, + "x": 23, + "y": 13 }, - { - "id": "logs-*", - "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", - "type": "index-pattern" - } + "panelIndex": "4694770f-8a83-4877-992c-1a078c45e3c6", + "type": "lens", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs SentinelOne] Groups", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json index 7cc25c7ec1a..253bbc59880 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json @@ -1,2045 +1,2050 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" + "id": "sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:45:08.565Z", + "version": "WzYyNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "56dc7645-caa9-462c-abbd-496b8e73ba9c": { + "columnOrder": [ + "b504e88b-35dc-4481-b38b-617210c7054d", + "123404f0-3fb4-40b8-88d0-2debd9a5ebfc" + ], + "columns": { + "123404f0-3fb4-40b8-88d0-2debd9a5ebfc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "b504e88b-35dc-4481-b38b-617210c7054d": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_active : true " + }, + "label": "Active Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_active : false " + }, + "label": "Inactive Agents" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_active", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_active" + } + } } - } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b504e88b-35dc-4481-b38b-617210c7054d" + ], + "layerId": "56dc7645-caa9-462c-abbd-496b8e73ba9c", + "layerType": "data", + "legendDisplay": "default", + "metric": "123404f0-3fb4-40b8-88d0-2debd9a5ebfc", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Active Agents Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "88da7d9d-b377-4455-a528-719f58c796f7", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "56dc7645-caa9-462c-abbd-496b8e73ba9c": { - "columnOrder": [ - "b504e88b-35dc-4481-b38b-617210c7054d", - "123404f0-3fb4-40b8-88d0-2debd9a5ebfc" - ], - "columns": { - "123404f0-3fb4-40b8-88d0-2debd9a5ebfc": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "b504e88b-35dc-4481-b38b-617210c7054d": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_active : true " - }, - "label": "Active Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_active : false " - }, - "label": "Inactive Agents" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_active", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_active" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b504e88b-35dc-4481-b38b-617210c7054d" - ], - "layerId": "56dc7645-caa9-462c-abbd-496b8e73ba9c", - "layerType": "data", - "legendDisplay": "default", - "metric": "123404f0-3fb4-40b8-88d0-2debd9a5ebfc", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "panelIndex": "88da7d9d-b377-4455-a528-719f58c796f7", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ddc8b7d7-81b9-4d85-a686-7e723fc02c52": { + "columnOrder": [ + "76f65f2c-80e0-41fe-a2cf-d470ec579540", + "42960489-8884-48d3-89d4-f7e6ac04e3c8" + ], + "columns": { + "42960489-8884-48d3-89d4-f7e6ac04e3c8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" }, - "title": "Distribution of Agents by Active Agents Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "88da7d9d-b377-4455-a528-719f58c796f7", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "88da7d9d-b377-4455-a528-719f58c796f7", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ddc8b7d7-81b9-4d85-a686-7e723fc02c52": { - "columnOrder": [ - "76f65f2c-80e0-41fe-a2cf-d470ec579540", - "42960489-8884-48d3-89d4-f7e6ac04e3c8" - ], - "columns": { - "42960489-8884-48d3-89d4-f7e6ac04e3c8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "76f65f2c-80e0-41fe-a2cf-d470ec579540": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.firewall_enabled : true " - }, - "label": "Enabled" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.firewall_enabled: false " - }, - "label": "Disabled" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, + "76f65f2c-80e0-41fe-a2cf-d470ec579540": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.firewall_enabled", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.firewall_enabled" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "76f65f2c-80e0-41fe-a2cf-d470ec579540" - ], - "layerId": "ddc8b7d7-81b9-4d85-a686-7e723fc02c52", - "layerType": "data", - "legendDisplay": "default", - "metric": "42960489-8884-48d3-89d4-f7e6ac04e3c8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Firewall Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", - "title": "Distribution of Agents with Firewall Status [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e4082dc4-e9cc-4589-aed3-bf66cdac7d34": { - "columnOrder": [ - "262773c9-227c-4f57-8bfc-530148301609", - "14960b41-614b-4650-90d9-5feec22c00ce" - ], - "columns": { - "14960b41-614b-4650-90d9-5feec22c00ce": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "262773c9-227c-4f57-8bfc-530148301609": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Scan Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "14960b41-614b-4650-90d9-5feec22c00ce", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.scan.status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "262773c9-227c-4f57-8bfc-530148301609" - ], - "layerId": "e4082dc4-e9cc-4589-aed3-bf66cdac7d34", - "layerType": "data", - "legendDisplay": "default", - "metric": "14960b41-614b-4650-90d9-5feec22c00ce", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Scan Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a1308966-3dec-431c-82e3-29890ad87785", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "a1308966-3dec-431c-82e3-29890ad87785", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3": { - "columnOrder": [ - "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2", - "c986097b-d867-4c7f-a519-04be42d34916" - ], - "columns": { - "c986097b-d867-4c7f-a519-04be42d34916": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count ", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mitigation Mode", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c986097b-d867-4c7f-a519-04be42d34916", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.mitigation_mode" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "c986097b-d867-4c7f-a519-04be42d34916" - ], - "layerId": "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2" - } - ], - "legend": { - "isVisible": true, - "position": "right" + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.firewall_enabled : true " }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "label": "Enabled" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.firewall_enabled: false " }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Agents by Mitigation Mode [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", - "type": "lens", - "version": "7.17.0" + "label": "Disabled" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.firewall_enabled", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.firewall_enabled" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "76f65f2c-80e0-41fe-a2cf-d470ec579540" + ], + "layerId": "ddc8b7d7-81b9-4d85-a686-7e723fc02c52", + "layerType": "data", + "legendDisplay": "default", + "metric": "42960489-8884-48d3-89d4-f7e6ac04e3c8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "46e7eb74-692b-4c09-b8cd-f7817757c592": { - "columnOrder": [ - "4394b62d-0267-4f42-9c8a-1e0f661181ca", - "669fda39-2f89-42f4-8f3d-24ebed033e42" - ], - "columns": { - "4394b62d-0267-4f42-9c8a-1e0f661181ca": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Group IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "669fda39-2f89-42f4-8f3d-24ebed033e42", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.group.ip" - }, - "669fda39-2f89-42f4-8f3d-24ebed033e42": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count ", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "4394b62d-0267-4f42-9c8a-1e0f661181ca" - ], - "layerId": "46e7eb74-692b-4c09-b8cd-f7817757c592", - "layerType": "data", - "legendDisplay": "default", - "metric": "669fda39-2f89-42f4-8f3d-24ebed033e42", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Agents by Firewall Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", + "title": "Distribution of Agents with Firewall Status [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e4082dc4-e9cc-4589-aed3-bf66cdac7d34": { + "columnOrder": [ + "262773c9-227c-4f57-8bfc-530148301609", + "14960b41-614b-4650-90d9-5feec22c00ce" + ], + "columns": { + "14960b41-614b-4650-90d9-5feec22c00ce": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" }, - "title": "Distribution of Agents by Group IP [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5b220d94-4542-4e91-82a5-6fddc2d1f450", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "5b220d94-4542-4e91-82a5-6fddc2d1f450", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "76063bf9-bddc-448f-805e-e53308972d0a": { - "columnOrder": [ - "96dd816b-0e55-4e31-9e5b-11f64820a453", - "2fb054c3-aaea-48a1-99c6-4de1dcd81881" - ], - "columns": { - "2fb054c3-aaea-48a1-99c6-4de1dcd81881": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "96dd816b-0e55-4e31-9e5b-11f64820a453": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Architecture", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.os.arch" - } - }, - "incompleteColumns": {} - } - } - } + "262773c9-227c-4f57-8bfc-530148301609": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Scan Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "14960b41-614b-4650-90d9-5feec22c00ce", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "96dd816b-0e55-4e31-9e5b-11f64820a453" - ], - "layerId": "76063bf9-bddc-448f-805e-e53308972d0a", - "layerType": "data", - "legendDisplay": "default", - "metric": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.scan.status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "262773c9-227c-4f57-8bfc-530148301609" + ], + "layerId": "e4082dc4-e9cc-4589-aed3-bf66cdac7d34", + "layerType": "data", + "legendDisplay": "default", + "metric": "14960b41-614b-4650-90d9-5feec22c00ce", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Scan Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "a1308966-3dec-431c-82e3-29890ad87785", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "a1308966-3dec-431c-82e3-29890ad87785", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3": { + "columnOrder": [ + "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2", + "c986097b-d867-4c7f-a519-04be42d34916" + ], + "columns": { + "c986097b-d867-4c7f-a519-04be42d34916": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count ", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" }, - "title": "Distribution of Agents by OS Architecture [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mitigation Mode", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c986097b-d867-4c7f-a519-04be42d34916", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.mitigation_mode" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "c986097b-d867-4c7f-a519-04be42d34916" + ], + "layerId": "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "4250d06c-8c4c-49ee-8199-3e153a355987", - "w": 24, - "x": 24, - "y": 30 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "4250d06c-8c4c-49ee-8199-3e153a355987", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "67c6e93f-d08b-4c37-b01f-0d2b29874291": { - "columnOrder": [ - "6e3b93ec-b364-4d1a-8cd9-eb4250561a57", - "44eec685-7c49-4119-baf7-2547c57d857a" - ], - "columns": { - "44eec685-7c49-4119-baf7-2547c57d857a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "6e3b93ec-b364-4d1a-8cd9-eb4250561a57": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Installer Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "44eec685-7c49-4119-baf7-2547c57d857a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.installer_type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" + "title": "Distribution of Agents by Mitigation Mode [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "46e7eb74-692b-4c09-b8cd-f7817757c592": { + "columnOrder": [ + "4394b62d-0267-4f42-9c8a-1e0f661181ca", + "669fda39-2f89-42f4-8f3d-24ebed033e42" + ], + "columns": { + "4394b62d-0267-4f42-9c8a-1e0f661181ca": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Group IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "669fda39-2f89-42f4-8f3d-24ebed033e42", + "type": "column" }, - "visualization": { - "layers": [ - { - "accessors": [ - "44eec685-7c49-4119-baf7-2547c57d857a" - ], - "layerId": "67c6e93f-d08b-4c37-b01f-0d2b29874291", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "6e3b93ec-b364-4d1a-8cd9-eb4250561a57" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.group.ip" }, - "title": "Distribution of Agents by Installer Type [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", - "type": "lens", - "version": "7.17.0" + "669fda39-2f89-42f4-8f3d-24ebed033e42": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count ", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "4394b62d-0267-4f42-9c8a-1e0f661181ca" + ], + "layerId": "46e7eb74-692b-4c09-b8cd-f7817757c592", + "layerType": "data", + "legendDisplay": "default", + "metric": "669fda39-2f89-42f4-8f3d-24ebed033e42", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4": { - "columnOrder": [ - "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de", - "f951b023-b4c9-4f40-8e27-e3122b6db069" - ], - "columns": { - "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Machine Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f951b023-b4c9-4f40-8e27-e3122b6db069", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.machine.type" - }, - "f951b023-b4c9-4f40-8e27-e3122b6db069": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" + "title": "Distribution of Agents by Group IP [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5b220d94-4542-4e91-82a5-6fddc2d1f450", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "5b220d94-4542-4e91-82a5-6fddc2d1f450", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "76063bf9-bddc-448f-805e-e53308972d0a": { + "columnOrder": [ + "96dd816b-0e55-4e31-9e5b-11f64820a453", + "2fb054c3-aaea-48a1-99c6-4de1dcd81881" + ], + "columns": { + "2fb054c3-aaea-48a1-99c6-4de1dcd81881": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "96dd816b-0e55-4e31-9e5b-11f64820a453": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Architecture", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de" - ], - "layerId": "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", - "layerType": "data", - "legendDisplay": "default", - "metric": "f951b023-b4c9-4f40-8e27-e3122b6db069", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.os.arch" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "96dd816b-0e55-4e31-9e5b-11f64820a453" + ], + "layerId": "76063bf9-bddc-448f-805e-e53308972d0a", + "layerType": "data", + "legendDisplay": "default", + "metric": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by OS Architecture [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4250d06c-8c4c-49ee-8199-3e153a355987", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "4250d06c-8c4c-49ee-8199-3e153a355987", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "67c6e93f-d08b-4c37-b01f-0d2b29874291": { + "columnOrder": [ + "6e3b93ec-b364-4d1a-8cd9-eb4250561a57", + "44eec685-7c49-4119-baf7-2547c57d857a" + ], + "columns": { + "44eec685-7c49-4119-baf7-2547c57d857a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" }, - "title": "Distribution of Agents by Machine Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "6e3b93ec-b364-4d1a-8cd9-eb4250561a57": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Installer Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "44eec685-7c49-4119-baf7-2547c57d857a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.installer_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "44eec685-7c49-4119-baf7-2547c57d857a" + ], + "layerId": "67c6e93f-d08b-4c37-b01f-0d2b29874291", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "6e3b93ec-b364-4d1a-8cd9-eb4250561a57" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "595ba171-1de6-4b07-9f75-99d7b87fb828", - "w": 24, - "x": 24, - "y": 45 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "595ba171-1de6-4b07-9f75-99d7b87fb828", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "06b2ffc3-7740-4e73-807a-ea80e0747b80": { - "columnOrder": [ - "0c348764-2e97-4ac5-829c-cd320b30e4d4", - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", - "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f" - ], - "columns": { - "0c348764-2e97-4ac5-829c-cd320b30e4d4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.type" - }, - "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" + "title": "Distribution of Agents by Installer Type [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4": { + "columnOrder": [ + "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de", + "f951b023-b4c9-4f40-8e27-e3122b6db069" + ], + "columns": { + "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Machine Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f951b023-b4c9-4f40-8e27-e3122b6db069", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", - "0c348764-2e97-4ac5-829c-cd320b30e4d4", - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe" - ], - "layerId": "06b2ffc3-7740-4e73-807a-ea80e0747b80", - "layerType": "data", - "legendDisplay": "default", - "metric": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.machine.type" }, - "title": "Distribution of Agents by OS Name, OS Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e1812890-1e55-4323-8016-fc7340d95b2f", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "e1812890-1e55-4323-8016-fc7340d95b2f", - "type": "lens", - "version": "7.17.0" + "f951b023-b4c9-4f40-8e27-e3122b6db069": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de" + ], + "layerId": "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", + "layerType": "data", + "legendDisplay": "default", + "metric": "f951b023-b4c9-4f40-8e27-e3122b6db069", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", - "type": "index-pattern" + "title": "Distribution of Agents by Machine Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "595ba171-1de6-4b07-9f75-99d7b87fb828", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "595ba171-1de6-4b07-9f75-99d7b87fb828", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "06b2ffc3-7740-4e73-807a-ea80e0747b80": { + "columnOrder": [ + "0c348764-2e97-4ac5-829c-cd320b30e4d4", + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", + "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f" + ], + "columns": { + "0c348764-2e97-4ac5-829c-cd320b30e4d4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", + "type": "column" }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "456e2023-abf7-40b7-bbc4-35020ef2edd5": { - "columnOrder": [ - "13bfcde7-20c3-40f4-a865-9c8db705dde6", - "f8a1e135-5ef5-4e17-8660-369ab0230dd1" - ], - "columns": { - "13bfcde7-20c3-40f4-a865-9c8db705dde6": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.infected : true " - }, - "label": "Infected Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.infected : false " - }, - "label": "Non-Infected Agents" - } - ] - }, - "scale": "ordinal" - }, - "f8a1e135-5ef5-4e17-8660-369ab0230dd1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.type" + }, + "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", + "type": "column" }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", + "0c348764-2e97-4ac5-829c-cd320b30e4d4", + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe" + ], + "layerId": "06b2ffc3-7740-4e73-807a-ea80e0747b80", + "layerType": "data", + "legendDisplay": "default", + "metric": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by OS Name, OS Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e1812890-1e55-4323-8016-fc7340d95b2f", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "e1812890-1e55-4323-8016-fc7340d95b2f", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "456e2023-abf7-40b7-bbc4-35020ef2edd5": { + "columnOrder": [ + "13bfcde7-20c3-40f4-a865-9c8db705dde6", + "f8a1e135-5ef5-4e17-8660-369ab0230dd1" + ], + "columns": { + "13bfcde7-20c3-40f4-a865-9c8db705dde6": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.infected", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.infected" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "13bfcde7-20c3-40f4-a865-9c8db705dde6" - ], - "layerId": "456e2023-abf7-40b7-bbc4-35020ef2edd5", - "layerType": "data", - "legendDisplay": "default", - "metric": "f8a1e135-5ef5-4e17-8660-369ab0230dd1", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.infected : true " + }, + "label": "Infected Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.infected : false " + }, + "label": "Non-Infected Agents" + } + ] + }, + "scale": "ordinal" }, - "title": "Distribution of Agents by Infected Agents Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "445f92f7-7a5f-4236-a8ac-df3087a536fe", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "445f92f7-7a5f-4236-a8ac-df3087a536fe", - "title": "Distribution of Agents by Infected Agents [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "f8a1e135-5ef5-4e17-8660-369ab0230dd1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.infected", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.infected" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "13bfcde7-20c3-40f4-a865-9c8db705dde6" + ], + "layerId": "456e2023-abf7-40b7-bbc4-35020ef2edd5", + "layerType": "data", + "legendDisplay": "default", + "metric": "f8a1e135-5ef5-4e17-8660-369ab0230dd1", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "94b7fb49-4faf-4114-baa6-2c621257fd25": { - "columnOrder": [ - "14e97f3a-9df8-494f-9190-6ff104f0e040", - "ab4aa055-75f5-45bc-8d34-883bc47f771a" - ], - "columns": { - "14e97f3a-9df8-494f-9190-6ff104f0e040": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Site Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.site.name" - }, - "ab4aa055-75f5-45bc-8d34-883bc47f771a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" + "title": "Distribution of Agents by Infected Agents Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "445f92f7-7a5f-4236-a8ac-df3087a536fe", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "445f92f7-7a5f-4236-a8ac-df3087a536fe", + "title": "Distribution of Agents by Infected Agents [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "94b7fb49-4faf-4114-baa6-2c621257fd25": { + "columnOrder": [ + "14e97f3a-9df8-494f-9190-6ff104f0e040", + "ab4aa055-75f5-45bc-8d34-883bc47f771a" + ], + "columns": { + "14e97f3a-9df8-494f-9190-6ff104f0e040": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Site Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "14e97f3a-9df8-494f-9190-6ff104f0e040", - "isTransposed": false - }, - { - "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", - "isTransposed": false - } - ], - "layerId": "94b7fb49-4faf-4114-baa6-2c621257fd25", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.site.name" }, - "title": "Top 10 Site Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", - "type": "lens", - "version": "7.17.0" + "ab4aa055-75f5-45bc-8d34-883bc47f771a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "columns": [ + { + "columnId": "14e97f3a-9df8-494f-9190-6ff104f0e040", + "isTransposed": false + }, + { + "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", + "isTransposed": false + } + ], + "layerId": "94b7fb49-4faf-4114-baa6-2c621257fd25", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9767cd3d-c1a5-443e-9e79-64f2be92d73e": { - "columnOrder": [ - "91f47b2b-9e63-4958-9aeb-5d46537caaaa", - "f35cbfab-8158-4a67-b1ea-b4142fe750b4" - ], - "columns": { - "91f47b2b-9e63-4958-9aeb-5d46537caaaa": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_up_to_date : true " - }, - "label": "Up To Date Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_up_to_date : false " - }, - "label": "Out Dated Agents" - } - ] - }, - "scale": "ordinal" - }, - "f35cbfab-8158-4a67-b1ea-b4142fe750b4": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, + "title": "Top 10 Site Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9767cd3d-c1a5-443e-9e79-64f2be92d73e": { + "columnOrder": [ + "91f47b2b-9e63-4958-9aeb-5d46537caaaa", + "f35cbfab-8158-4a67-b1ea-b4142fe750b4" + ], + "columns": { + "91f47b2b-9e63-4958-9aeb-5d46537caaaa": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_up_to_date", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_up_to_date" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "91f47b2b-9e63-4958-9aeb-5d46537caaaa" - ], - "layerId": "9767cd3d-c1a5-443e-9e79-64f2be92d73e", - "layerType": "data", - "legendDisplay": "default", - "metric": "f35cbfab-8158-4a67-b1ea-b4142fe750b4", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Up To Date Agents Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", - "title": "Distribution of Agents by Up To Date Agents [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "469a2da2-7e40-4e47-b882-b553ebc14bf2": { - "columnOrder": [ - "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3", - "699767aa-b223-466d-b751-833a7921e49a" - ], - "columns": { - "699767aa-b223-466d-b751-833a7921e49a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Active Threats", - "operationType": "median", - "scale": "ratio", - "sourceField": "sentinel_one.agent.active_threats_count" - }, - "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Computer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "699767aa-b223-466d-b751-833a7921e49a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "699767aa-b223-466d-b751-833a7921e49a" - ], - "layerId": "469a2da2-7e40-4e47-b882-b553ebc14bf2", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3" - } - ], - "legend": { - "isVisible": true, - "position": "right" + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_up_to_date : true " }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "label": "Up To Date Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_up_to_date : false " }, - "yRightExtent": { - "mode": "full" - } - } + "label": "Out Dated Agents" + } + ] + }, + "scale": "ordinal" }, - "title": "Distribution of Computer Name by Active Threats [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", - "type": "lens", - "version": "7.17.0" + "f35cbfab-8158-4a67-b1ea-b4142fe750b4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_up_to_date", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_up_to_date" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "91f47b2b-9e63-4958-9aeb-5d46537caaaa" + ], + "layerId": "9767cd3d-c1a5-443e-9e79-64f2be92d73e", + "layerType": "data", + "legendDisplay": "default", + "metric": "f35cbfab-8158-4a67-b1ea-b4142fe750b4", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "65fd11fd-a0e7-4507-ad95-82593ace9d23": { - "columnOrder": [ - "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d", - "337ab9f4-ba31-4b10-97c2-37a90555ebbf" - ], - "columns": { - "337ab9f4-ba31-4b10-97c2-37a90555ebbf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_pending_uninstall : true " - }, - "label": "Pending Uninstall" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_pending_uninstall: false " - }, - "label": "Not Pending Uninstall" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_pending_uninstall", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_pending_uninstall" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d" - ], - "layerId": "65fd11fd-a0e7-4507-ad95-82593ace9d23", - "layerType": "data", - "legendDisplay": "default", - "metric": "337ab9f4-ba31-4b10-97c2-37a90555ebbf", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Agents by Up To Date Agents Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", + "title": "Distribution of Agents by Up To Date Agents [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "469a2da2-7e40-4e47-b882-b553ebc14bf2": { + "columnOrder": [ + "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3", + "699767aa-b223-466d-b751-833a7921e49a" + ], + "columns": { + "699767aa-b223-466d-b751-833a7921e49a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Active Threats", + "operationType": "median", + "scale": "ratio", + "sourceField": "sentinel_one.agent.active_threats_count" }, - "title": "Distribution of Agents by Pending Uninstall Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", - "w": 24, - "x": 24, - "y": 90 - }, - "panelIndex": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "15c36245-dfc6-41bc-aca4-abe1dd16e8e5": { - "columnOrder": [ - "34e6ebff-5e97-4117-ae55-0ac219a091ae", - "b479de26-3fab-44c4-9f5c-ff493b2a7279" - ], - "columns": { - "34e6ebff-5e97-4117-ae55-0ac219a091ae": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Vulnerability Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b479de26-3fab-44c4-9f5c-ff493b2a7279", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.apps_vulnerability_status" - }, - "b479de26-3fab-44c4-9f5c-ff493b2a7279": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" + "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Computer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "699767aa-b223-466d-b751-833a7921e49a", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "34e6ebff-5e97-4117-ae55-0ac219a091ae" - ], - "layerId": "15c36245-dfc6-41bc-aca4-abe1dd16e8e5", - "layerType": "data", - "legendDisplay": "default", - "metric": "b479de26-3fab-44c4-9f5c-ff493b2a7279", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Application Vulnerability Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "699767aa-b223-466d-b751-833a7921e49a" + ], + "layerId": "469a2da2-7e40-4e47-b882-b553ebc14bf2", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "87c066da-976f-4df5-8ecf-a8b50b984eed", - "w": 24, - "x": 0, - "y": 105 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "87c066da-976f-4df5-8ecf-a8b50b984eed", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1bc53fbf-f363-4273-9153-0e88fe027780": { - "columnOrder": [ - "acf8b38d-83f6-4585-87d3-789ccc365528", - "7ddca434-c6b4-4f23-983f-fa65333fd84a" - ], - "columns": { - "7ddca434-c6b4-4f23-983f-fa65333fd84a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "acf8b38d-83f6-4585-87d3-789ccc365528": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_uninstalled : true " - }, - "label": "Uninstalled Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_uninstalled: false " - }, - "label": "Installed Agents" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_uninstalled", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_uninstalled" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "acf8b38d-83f6-4585-87d3-789ccc365528" - ], - "layerId": "1bc53fbf-f363-4273-9153-0e88fe027780", - "layerType": "data", - "legendDisplay": "default", - "metric": "7ddca434-c6b4-4f23-983f-fa65333fd84a", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Percentage of Uninstalled Agents [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e62614cf-e513-40e5-aea7-6abbacf4e73b", - "w": 24, - "x": 24, - "y": 105 - }, - "panelIndex": "e62614cf-e513-40e5-aea7-6abbacf4e73b", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs SentinelOne] Agents", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "88da7d9d-b377-4455-a528-719f58c796f7:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:filter-index-pattern-0", - "type": "index-pattern" + "title": "Distribution of Computer Name by Active Threats [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", + "w": 24, + "x": 0, + "y": 90 }, - { - "id": "logs-*", - "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", - "type": "index-pattern" + "panelIndex": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "65fd11fd-a0e7-4507-ad95-82593ace9d23": { + "columnOrder": [ + "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d", + "337ab9f4-ba31-4b10-97c2-37a90555ebbf" + ], + "columns": { + "337ab9f4-ba31-4b10-97c2-37a90555ebbf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_pending_uninstall : true " + }, + "label": "Pending Uninstall" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_pending_uninstall: false " + }, + "label": "Not Pending Uninstall" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_pending_uninstall", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_pending_uninstall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d" + ], + "layerId": "65fd11fd-a0e7-4507-ad95-82593ace9d23", + "layerType": "data", + "legendDisplay": "default", + "metric": "337ab9f4-ba31-4b10-97c2-37a90555ebbf", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Pending Uninstall Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", + "w": 24, + "x": 24, + "y": 90 }, - { - "id": "logs-*", - "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "15c36245-dfc6-41bc-aca4-abe1dd16e8e5": { + "columnOrder": [ + "34e6ebff-5e97-4117-ae55-0ac219a091ae", + "b479de26-3fab-44c4-9f5c-ff493b2a7279" + ], + "columns": { + "34e6ebff-5e97-4117-ae55-0ac219a091ae": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Vulnerability Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b479de26-3fab-44c4-9f5c-ff493b2a7279", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.apps_vulnerability_status" + }, + "b479de26-3fab-44c4-9f5c-ff493b2a7279": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "34e6ebff-5e97-4117-ae55-0ac219a091ae" + ], + "layerId": "15c36245-dfc6-41bc-aca4-abe1dd16e8e5", + "layerType": "data", + "legendDisplay": "default", + "metric": "b479de26-3fab-44c4-9f5c-ff493b2a7279", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Application Vulnerability Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "87c066da-976f-4df5-8ecf-a8b50b984eed", + "w": 24, + "x": 0, + "y": 105 }, - { - "id": "logs-*", - "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "87c066da-976f-4df5-8ecf-a8b50b984eed", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1bc53fbf-f363-4273-9153-0e88fe027780": { + "columnOrder": [ + "acf8b38d-83f6-4585-87d3-789ccc365528", + "7ddca434-c6b4-4f23-983f-fa65333fd84a" + ], + "columns": { + "7ddca434-c6b4-4f23-983f-fa65333fd84a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "acf8b38d-83f6-4585-87d3-789ccc365528": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_uninstalled : true " + }, + "label": "Uninstalled Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_uninstalled: false " + }, + "label": "Installed Agents" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_uninstalled", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_uninstalled" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "acf8b38d-83f6-4585-87d3-789ccc365528" + ], + "layerId": "1bc53fbf-f363-4273-9153-0e88fe027780", + "layerType": "data", + "legendDisplay": "default", + "metric": "7ddca434-c6b4-4f23-983f-fa65333fd84a", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Percentage of Uninstalled Agents [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "e62614cf-e513-40e5-aea7-6abbacf4e73b", + "w": 24, + "x": 24, + "y": 105 }, - { - "id": "logs-*", - "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:filter-index-pattern-0", - "type": "index-pattern" - } + "panelIndex": "e62614cf-e513-40e5-aea7-6abbacf4e73b", + "type": "lens", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs SentinelOne] Agents", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "88da7d9d-b377-4455-a528-719f58c796f7:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:filter-index-pattern-0", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json index 1ea5370b44b..126e9726361 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json @@ -1,807 +1,812 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" + "id": "sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:45:08.565Z", + "version": "WzYyNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3aa4f16e-85bd-466a-b665-445b6d5de2cd": { + "columnOrder": [ + "b9e2330d-e198-4126-a3b0-77e64079e984" + ], + "columns": { + "b9e2330d-e198-4126-a3b0-77e64079e984": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "accessor": "b9e2330d-e198-4126-a3b0-77e64079e984", + "layerId": "3aa4f16e-85bd-466a-b665-445b6d5de2cd", + "layerType": "data" + } + }, + "title": "Total Number of Activities [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 12, + "i": "6b1d0060-0c72-441e-9901-855d5ee70a67", + "w": 16, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3aa4f16e-85bd-466a-b665-445b6d5de2cd": { - "columnOrder": [ - "b9e2330d-e198-4126-a3b0-77e64079e984" - ], - "columns": { - "b9e2330d-e198-4126-a3b0-77e64079e984": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } + "panelIndex": "6b1d0060-0c72-441e-9901-855d5ee70a67", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c1284ad1-7648-410f-b78f-78a997f797cd": { + "columnOrder": [ + "328306c1-4f54-43a4-b22b-1a0d5d692b56", + "33e68f71-0393-4fc3-8560-b1ed069c6aff" + ], + "columns": { + "328306c1-4f54-43a4-b22b-1a0d5d692b56": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User ID", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "accessor": "b9e2330d-e198-4126-a3b0-77e64079e984", - "layerId": "3aa4f16e-85bd-466a-b665-445b6d5de2cd", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.id" }, - "title": "Total Number of Activities [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "6b1d0060-0c72-441e-9901-855d5ee70a67", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "6b1d0060-0c72-441e-9901-855d5ee70a67", - "type": "lens", - "version": "7.17.0" + "33e68f71-0393-4fc3-8560-b1ed069c6aff": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "328306c1-4f54-43a4-b22b-1a0d5d692b56", + "isTransposed": false + }, + { + "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", + "isTransposed": false + } + ], + "layerId": "c1284ad1-7648-410f-b78f-78a997f797cd", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c1284ad1-7648-410f-b78f-78a997f797cd": { - "columnOrder": [ - "328306c1-4f54-43a4-b22b-1a0d5d692b56", - "33e68f71-0393-4fc3-8560-b1ed069c6aff" - ], - "columns": { - "328306c1-4f54-43a4-b22b-1a0d5d692b56": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User ID", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.id" - }, - "33e68f71-0393-4fc3-8560-b1ed069c6aff": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" + "title": "Top 10 User ID [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "fe58dc4e-28bd-4efc-9995-4431b0128e73", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "fe58dc4e-28bd-4efc-9995-4431b0128e73", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c68f6ca1-bcfd-462e-8462-6c41882faa91": { + "columnOrder": [ + "20baeaa0-d2a6-4fd1-94b2-e1b9face320d", + "ad264914-7ee8-4563-9165-5c2f2d0cbdde" + ], + "columns": { + "20baeaa0-d2a6-4fd1-94b2-e1b9face320d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Agent ID", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "328306c1-4f54-43a4-b22b-1a0d5d692b56", - "isTransposed": false - }, - { - "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", - "isTransposed": false - } - ], - "layerId": "c1284ad1-7648-410f-b78f-78a997f797cd", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.activity.agent.id" }, - "title": "Top 10 User ID [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "fe58dc4e-28bd-4efc-9995-4431b0128e73", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "fe58dc4e-28bd-4efc-9995-4431b0128e73", - "type": "lens", - "version": "7.17.0" + "ad264914-7ee8-4563-9165-5c2f2d0cbdde": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "20baeaa0-d2a6-4fd1-94b2-e1b9face320d" + ], + "layerId": "c68f6ca1-bcfd-462e-8462-6c41882faa91", + "layerType": "data", + "legendDisplay": "default", + "metric": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c68f6ca1-bcfd-462e-8462-6c41882faa91": { - "columnOrder": [ - "20baeaa0-d2a6-4fd1-94b2-e1b9face320d", - "ad264914-7ee8-4563-9165-5c2f2d0cbdde" - ], - "columns": { - "20baeaa0-d2a6-4fd1-94b2-e1b9face320d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Agent ID", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.activity.agent.id" - }, - "ad264914-7ee8-4563-9165-5c2f2d0cbdde": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "20baeaa0-d2a6-4fd1-94b2-e1b9face320d" - ], - "layerId": "c68f6ca1-bcfd-462e-8462-6c41882faa91", - "layerType": "data", - "legendDisplay": "default", - "metric": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Activities by Agent ID [Logs SentinelOne]]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "e9f9f5be-1784-4930-b656-b41e8baf100b", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "e9f9f5be-1784-4930-b656-b41e8baf100b", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "286fe5cf-c73d-4edf-9e11-04e266706ac0": { + "columnOrder": [ + "0c47280a-f6fa-4360-ab66-d64449fb9926", + "06382207-6085-4738-8cd7-5bc411702e69" + ], + "columns": { + "06382207-6085-4738-8cd7-5bc411702e69": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Distribution of Activities by Agent ID [Logs SentinelOne]]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "e9f9f5be-1784-4930-b656-b41e8baf100b", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "e9f9f5be-1784-4930-b656-b41e8baf100b", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "286fe5cf-c73d-4edf-9e11-04e266706ac0": { - "columnOrder": [ - "0c47280a-f6fa-4360-ab66-d64449fb9926", - "06382207-6085-4738-8cd7-5bc411702e69" - ], - "columns": { - "06382207-6085-4738-8cd7-5bc411702e69": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "0c47280a-f6fa-4360-ab66-d64449fb9926": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Account Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "06382207-6085-4738-8cd7-5bc411702e69", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.activity.account.name" - } - }, - "incompleteColumns": {} - } - } - } + "0c47280a-f6fa-4360-ab66-d64449fb9926": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Account Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "06382207-6085-4738-8cd7-5bc411702e69", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "columns": [ - { - "columnId": "0c47280a-f6fa-4360-ab66-d64449fb9926", - "isTransposed": false - }, - { - "columnId": "06382207-6085-4738-8cd7-5bc411702e69", - "isTransposed": false - } - ], - "layerId": "286fe5cf-c73d-4edf-9e11-04e266706ac0", - "layerType": "data" - } - }, - "title": "Top 10 Account Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "822b1071-df2f-43bd-84a8-da1bcdd97528", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "822b1071-df2f-43bd-84a8-da1bcdd97528", - "type": "lens", - "version": "7.17.0" + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.activity.account.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "0c47280a-f6fa-4360-ab66-d64449fb9926", + "isTransposed": false + }, + { + "columnId": "06382207-6085-4738-8cd7-5bc411702e69", + "isTransposed": false + } + ], + "layerId": "286fe5cf-c73d-4edf-9e11-04e266706ac0", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3398cd0c-0707-4e86-8138-7823fd3fe3ad": { - "columnOrder": [ - "b87b3729-1100-4fe2-82a0-fcc4b5b65999", - "b06e82de-dde9-4eae-a13d-4c4702f60694" - ], - "columns": { - "b06e82de-dde9-4eae-a13d-4c4702f60694": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "b87b3729-1100-4fe2-82a0-fcc4b5b65999": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Family", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b06e82de-dde9-4eae-a13d-4c4702f60694", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "os.family" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b87b3729-1100-4fe2-82a0-fcc4b5b65999" - ], - "layerId": "3398cd0c-0707-4e86-8138-7823fd3fe3ad", - "layerType": "data", - "legendDisplay": "default", - "metric": "b06e82de-dde9-4eae-a13d-4c4702f60694", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Account Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "822b1071-df2f-43bd-84a8-da1bcdd97528", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "822b1071-df2f-43bd-84a8-da1bcdd97528", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3398cd0c-0707-4e86-8138-7823fd3fe3ad": { + "columnOrder": [ + "b87b3729-1100-4fe2-82a0-fcc4b5b65999", + "b06e82de-dde9-4eae-a13d-4c4702f60694" + ], + "columns": { + "b06e82de-dde9-4eae-a13d-4c4702f60694": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Distribution of Activities by OS Family [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "96472e81-2362-46b7-9a78-ced057e7f22b", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "96472e81-2362-46b7-9a78-ced057e7f22b", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "b87b3729-1100-4fe2-82a0-fcc4b5b65999": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Family", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b06e82de-dde9-4eae-a13d-4c4702f60694", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27449a92-7952-4cb5-aec7-c18c8110f077": { - "columnOrder": [ - "cd851cfb-18ee-4ba6-bf2b-61041da779c1", - "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", - "152f8820-ce3e-4d27-a8a6-a96858d54954" - ], - "columns": { - "152f8820-ce3e-4d27-a8a6-a96858d54954": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c7d31b39-34dd-4c74-a4a9-bb34d381ff43": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Computer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "cd851cfb-18ee-4ba6-bf2b-61041da779c1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Primary Description", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.activity.description.primary" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "host.name", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "host.name" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "columns": [ - { - "columnId": "cd851cfb-18ee-4ba6-bf2b-61041da779c1", - "isTransposed": false - }, - { - "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", - "isTransposed": false - }, - { - "columnId": "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", - "isTransposed": false - } - ], - "layerId": "27449a92-7952-4cb5-aec7-c18c8110f077", - "layerType": "data" - } - }, - "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6776b675-6e78-4293-9419-abb2052779a9", - "w": 24, - "x": 24, - "y": 27 - }, - "panelIndex": "6776b675-6e78-4293-9419-abb2052779a9", - "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "os.family" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b87b3729-1100-4fe2-82a0-fcc4b5b65999" + ], + "layerId": "3398cd0c-0707-4e86-8138-7823fd3fe3ad", + "layerType": "data", + "legendDisplay": "default", + "metric": "b06e82de-dde9-4eae-a13d-4c4702f60694", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5abe3706-203c-48d8-afb0-96e3b47b163e": { - "columnOrder": [ - "bfb48360-d985-485c-8a3f-92e348223b55", - "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af" - ], - "columns": { - "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "bfb48360-d985-485c-8a3f-92e348223b55": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Computer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "columns": [ - { - "columnId": "bfb48360-d985-485c-8a3f-92e348223b55", - "isTransposed": false - }, - { - "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", - "isTransposed": false - } - ], - "layerId": "5abe3706-203c-48d8-afb0-96e3b47b163e", - "layerType": "data" - } - }, - "title": "Top 10 Activities Count by Computer Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "60e34164-f433-4c23-bfa1-a84269e385dc", - "w": 24, - "x": 0, - "y": 27 - }, - "panelIndex": "60e34164-f433-4c23-bfa1-a84269e385dc", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs SentinelOne] Activities", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", - "type": "index-pattern" + "title": "Distribution of Activities by OS Family [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "96472e81-2362-46b7-9a78-ced057e7f22b", + "w": 24, + "x": 24, + "y": 12 }, - { - "id": "logs-*", - "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "96472e81-2362-46b7-9a78-ced057e7f22b", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27449a92-7952-4cb5-aec7-c18c8110f077": { + "columnOrder": [ + "cd851cfb-18ee-4ba6-bf2b-61041da779c1", + "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", + "152f8820-ce3e-4d27-a8a6-a96858d54954" + ], + "columns": { + "152f8820-ce3e-4d27-a8a6-a96858d54954": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c7d31b39-34dd-4c74-a4a9-bb34d381ff43": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Computer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + }, + "cd851cfb-18ee-4ba6-bf2b-61041da779c1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Primary Description", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.activity.description.primary" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "host.name", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "host.name" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "cd851cfb-18ee-4ba6-bf2b-61041da779c1", + "isTransposed": false + }, + { + "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", + "isTransposed": false + }, + { + "columnId": "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", + "isTransposed": false + } + ], + "layerId": "27449a92-7952-4cb5-aec7-c18c8110f077", + "layerType": "data" + } + }, + "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "6776b675-6e78-4293-9419-abb2052779a9", + "w": 24, + "x": 24, + "y": 27 }, - { - "id": "logs-*", - "name": "6776b675-6e78-4293-9419-abb2052779a9:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "6776b675-6e78-4293-9419-abb2052779a9", + "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5abe3706-203c-48d8-afb0-96e3b47b163e": { + "columnOrder": [ + "bfb48360-d985-485c-8a3f-92e348223b55", + "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af" + ], + "columns": { + "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "bfb48360-d985-485c-8a3f-92e348223b55": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Computer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "bfb48360-d985-485c-8a3f-92e348223b55", + "isTransposed": false + }, + { + "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", + "isTransposed": false + } + ], + "layerId": "5abe3706-203c-48d8-afb0-96e3b47b163e", + "layerType": "data" + } + }, + "title": "Top 10 Activities Count by Computer Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "60e34164-f433-4c23-bfa1-a84269e385dc", + "w": 24, + "x": 0, + "y": 27 }, - { - "id": "logs-*", - "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", - "type": "index-pattern" - } + "panelIndex": "60e34164-f433-4c23-bfa1-a84269e385dc", + "type": "lens", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs SentinelOne] Activities", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6776b675-6e78-4293-9419-abb2052779a9:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json index 995d53fd21f..c39c696986a 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json @@ -1,1013 +1,1018 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - } - } + "id": "sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:45:08.565Z", + "version": "WzYyNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 17, + "i": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "w": 48, + "x": 0, + "y": 57 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "w": 48, - "x": 0, - "y": 57 - }, - "panelIndex": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "panelRefName": "panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "type": "search", - "version": "7.17.0" + "panelIndex": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "panelRefName": "panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a70c9f24-f23c-453b-8c96-f1e710d919fc": { + "columnOrder": [ + "3da4d948-d5f9-414d-af6e-ea897044f260" + ], + "columns": { + "3da4d948-d5f9-414d-af6e-ea897044f260": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "accessor": "3da4d948-d5f9-414d-af6e-ea897044f260", + "layerId": "a70c9f24-f23c-453b-8c96-f1e710d919fc", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a70c9f24-f23c-453b-8c96-f1e710d919fc": { - "columnOrder": [ - "3da4d948-d5f9-414d-af6e-ea897044f260" - ], - "columns": { - "3da4d948-d5f9-414d-af6e-ea897044f260": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" + "title": "Total Number of Alerts [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "b1454cbc-86ff-4612-9129-bc0b2b710079", + "w": 11, + "x": 0, + "y": 0 + }, + "panelIndex": "b1454cbc-86ff-4612-9129-bc0b2b710079", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b50e4935-fe9a-460a-ab6d-43dcb1da50cb": { + "columnOrder": [ + "270e4c10-e504-46fa-be0a-05759a516322", + "de45442f-1e4f-4b15-acc9-abc576928301" + ], + "columns": { + "270e4c10-e504-46fa-be0a-05759a516322": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Family", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "de45442f-1e4f-4b15-acc9-abc576928301", + "type": "column" }, - "visualization": { - "accessor": "3da4d948-d5f9-414d-af6e-ea897044f260", - "layerId": "a70c9f24-f23c-453b-8c96-f1e710d919fc", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.family" }, - "title": "Total Number of Alerts [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "b1454cbc-86ff-4612-9129-bc0b2b710079", - "w": 11, - "x": 0, - "y": 0 - }, - "panelIndex": "b1454cbc-86ff-4612-9129-bc0b2b710079", - "type": "lens", - "version": "7.17.0" + "de45442f-1e4f-4b15-acc9-abc576928301": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "270e4c10-e504-46fa-be0a-05759a516322" + ], + "layerId": "b50e4935-fe9a-460a-ab6d-43dcb1da50cb", + "layerType": "data", + "legendDisplay": "default", + "metric": "de45442f-1e4f-4b15-acc9-abc576928301", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b50e4935-fe9a-460a-ab6d-43dcb1da50cb": { - "columnOrder": [ - "270e4c10-e504-46fa-be0a-05759a516322", - "de45442f-1e4f-4b15-acc9-abc576928301" - ], - "columns": { - "270e4c10-e504-46fa-be0a-05759a516322": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Family", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "de45442f-1e4f-4b15-acc9-abc576928301", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.family" - }, - "de45442f-1e4f-4b15-acc9-abc576928301": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" + "title": "Distribution of Alerts by OS Family [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "02d8b05a-a909-43e8-bab4-41c424e0e889", + "w": 19, + "x": 11, + "y": 0 + }, + "panelIndex": "02d8b05a-a909-43e8-bab4-41c424e0e889", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "da42b88e-21d2-434f-9bbc-a8386239736f": { + "columnOrder": [ + "20818763-4451-42db-bcfd-f17df146a699", + "dafcda2b-19bc-4796-beca-bfe8a90aa089" + ], + "columns": { + "20818763-4451-42db-bcfd-f17df146a699": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Agent Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "dafcda2b-19bc-4796-beca-bfe8a90aa089", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "270e4c10-e504-46fa-be0a-05759a516322" - ], - "layerId": "b50e4935-fe9a-460a-ab6d-43dcb1da50cb", - "layerType": "data", - "legendDisplay": "default", - "metric": "de45442f-1e4f-4b15-acc9-abc576928301", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.version" }, - "title": "Distribution of Alerts by OS Family [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "02d8b05a-a909-43e8-bab4-41c424e0e889", - "w": 19, - "x": 11, - "y": 0 - }, - "panelIndex": "02d8b05a-a909-43e8-bab4-41c424e0e889", - "type": "lens", - "version": "7.17.0" + "dafcda2b-19bc-4796-beca-bfe8a90aa089": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "20818763-4451-42db-bcfd-f17df146a699" + ], + "layerId": "da42b88e-21d2-434f-9bbc-a8386239736f", + "layerType": "data", + "legendDisplay": "default", + "metric": "dafcda2b-19bc-4796-beca-bfe8a90aa089", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "da42b88e-21d2-434f-9bbc-a8386239736f": { - "columnOrder": [ - "20818763-4451-42db-bcfd-f17df146a699", - "dafcda2b-19bc-4796-beca-bfe8a90aa089" - ], - "columns": { - "20818763-4451-42db-bcfd-f17df146a699": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Agent Version", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "dafcda2b-19bc-4796-beca-bfe8a90aa089", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.version" - }, - "dafcda2b-19bc-4796-beca-bfe8a90aa089": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" + "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "869821d9-6b7b-4b0a-be75-476ec72548c9", + "w": 18, + "x": 30, + "y": 0 + }, + "panelIndex": "869821d9-6b7b-4b0a-be75-476ec72548c9", + "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "bf67982d-968e-4dfc-9e1e-378fe14caa5a": { + "columnOrder": [ + "6bcb2e67-6f42-48ee-ae55-06508280e8b9", + "82538ec1-3110-4936-84f3-4894a3fbd634" + ], + "columns": { + "6bcb2e67-6f42-48ee-ae55-06508280e8b9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Treat As Threat", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "82538ec1-3110-4936-84f3-4894a3fbd634", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "20818763-4451-42db-bcfd-f17df146a699" - ], - "layerId": "da42b88e-21d2-434f-9bbc-a8386239736f", - "layerType": "data", - "legendDisplay": "default", - "metric": "dafcda2b-19bc-4796-beca-bfe8a90aa089", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.rule.treat_as_threat" }, - "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "869821d9-6b7b-4b0a-be75-476ec72548c9", - "w": 18, - "x": 30, - "y": 0 - }, - "panelIndex": "869821d9-6b7b-4b0a-be75-476ec72548c9", - "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" + "82538ec1-3110-4936-84f3-4894a3fbd634": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "6bcb2e67-6f42-48ee-ae55-06508280e8b9" + ], + "layerId": "bf67982d-968e-4dfc-9e1e-378fe14caa5a", + "layerType": "data", + "legendDisplay": "default", + "metric": "82538ec1-3110-4936-84f3-4894a3fbd634", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "bf67982d-968e-4dfc-9e1e-378fe14caa5a": { - "columnOrder": [ - "6bcb2e67-6f42-48ee-ae55-06508280e8b9", - "82538ec1-3110-4936-84f3-4894a3fbd634" - ], - "columns": { - "6bcb2e67-6f42-48ee-ae55-06508280e8b9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Treat As Threat", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "82538ec1-3110-4936-84f3-4894a3fbd634", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.rule.treat_as_threat" - }, - "82538ec1-3110-4936-84f3-4894a3fbd634": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "6bcb2e67-6f42-48ee-ae55-06508280e8b9" - ], - "layerId": "bf67982d-968e-4dfc-9e1e-378fe14caa5a", - "layerType": "data", - "legendDisplay": "default", - "metric": "82538ec1-3110-4936-84f3-4894a3fbd634", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Alerts by Treat As Threat [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "781400e7-5d84-4316-a890-0f92323bbfa4", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "781400e7-5d84-4316-a890-0f92323bbfa4", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "12bb8402-74e9-4f83-96db-18e874c28661": { + "columnOrder": [ + "99d34625-e9dc-41a0-9bec-3076d907137c", + "580be51c-ada9-456e-b4c6-af616ade4a31" + ], + "columns": { + "580be51c-ada9-456e-b4c6-af616ade4a31": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "Distribution of Alerts by Treat As Threat [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "781400e7-5d84-4316-a890-0f92323bbfa4", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "781400e7-5d84-4316-a890-0f92323bbfa4", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "12bb8402-74e9-4f83-96db-18e874c28661": { - "columnOrder": [ - "99d34625-e9dc-41a0-9bec-3076d907137c", - "580be51c-ada9-456e-b4c6-af616ade4a31" - ], - "columns": { - "580be51c-ada9-456e-b4c6-af616ade4a31": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "99d34625-e9dc-41a0-9bec-3076d907137c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Scope Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "580be51c-ada9-456e-b4c6-af616ade4a31", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.rule.scope_level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" + "99d34625-e9dc-41a0-9bec-3076d907137c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Scope Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "580be51c-ada9-456e-b4c6-af616ade4a31", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "99d34625-e9dc-41a0-9bec-3076d907137c" - ], - "layerId": "12bb8402-74e9-4f83-96db-18e874c28661", - "layerType": "data", - "legendDisplay": "default", - "metric": "580be51c-ada9-456e-b4c6-af616ade4a31", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Alerts by Scope Level [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", - "type": "lens", - "version": "7.17.0" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.rule.scope_level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "99d34625-e9dc-41a0-9bec-3076d907137c" + ], + "layerId": "12bb8402-74e9-4f83-96db-18e874c28661", + "layerType": "data", + "legendDisplay": "default", + "metric": "580be51c-ada9-456e-b4c6-af616ade4a31", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6b6b61df-1417-49a3-81a1-7dda411c4e71": { - "columnOrder": [ - "27530883-162f-4958-bee8-ef06abc84059", - "ecb1b9f1-2129-4d39-887d-3c2869f94908" - ], - "columns": { - "27530883-162f-4958-bee8-ef06abc84059": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rule Names", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "rule.name" - }, - "ecb1b9f1-2129-4d39-887d-3c2869f94908": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" + "title": "Distribution of Alerts by Scope Level [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6b6b61df-1417-49a3-81a1-7dda411c4e71": { + "columnOrder": [ + "27530883-162f-4958-bee8-ef06abc84059", + "ecb1b9f1-2129-4d39-887d-3c2869f94908" + ], + "columns": { + "27530883-162f-4958-bee8-ef06abc84059": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rule Names", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "27530883-162f-4958-bee8-ef06abc84059", - "isTransposed": false - }, - { - "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", - "isTransposed": false - } - ], - "layerId": "6b6b61df-1417-49a3-81a1-7dda411c4e71", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.name" }, - "title": "Top 10 Rule Names [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "24c1e7fd-242a-49b1-bff0-521218255ed7", - "w": 24, - "x": 0, - "y": 27 - }, - "panelIndex": "24c1e7fd-242a-49b1-bff0-521218255ed7", - "type": "lens", - "version": "7.17.0" + "ecb1b9f1-2129-4d39-887d-3c2869f94908": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "columns": [ + { + "columnId": "27530883-162f-4958-bee8-ef06abc84059", + "isTransposed": false + }, + { + "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", + "isTransposed": false + } + ], + "layerId": "6b6b61df-1417-49a3-81a1-7dda411c4e71", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6575381f-da1f-4e3e-aa6e-ee5d513b66e2": { - "columnOrder": [ - "0331dc07-e879-47b7-9279-687b413d436f", - "66f1847e-6cfe-4b2a-95a7-795f68736736" - ], - "columns": { - "0331dc07-e879-47b7-9279-687b413d436f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rule Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "66f1847e-6cfe-4b2a-95a7-795f68736736", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.rule.severity" - }, - "66f1847e-6cfe-4b2a-95a7-795f68736736": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" + "title": "Top 10 Rule Names [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "24c1e7fd-242a-49b1-bff0-521218255ed7", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "24c1e7fd-242a-49b1-bff0-521218255ed7", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6575381f-da1f-4e3e-aa6e-ee5d513b66e2": { + "columnOrder": [ + "0331dc07-e879-47b7-9279-687b413d436f", + "66f1847e-6cfe-4b2a-95a7-795f68736736" + ], + "columns": { + "0331dc07-e879-47b7-9279-687b413d436f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rule Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "66f1847e-6cfe-4b2a-95a7-795f68736736", + "type": "column" }, - "visualization": { - "layers": [ - { - "accessors": [ - "66f1847e-6cfe-4b2a-95a7-795f68736736" - ], - "layerId": "6575381f-da1f-4e3e-aa6e-ee5d513b66e2", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "0331dc07-e879-47b7-9279-687b413d436f" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.rule.severity" }, - "title": "Distribution of Alerts by Rule Severity [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "66f1847e-6cfe-4b2a-95a7-795f68736736": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "66f1847e-6cfe-4b2a-95a7-795f68736736" + ], + "layerId": "6575381f-da1f-4e3e-aa6e-ee5d513b66e2", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "0331dc07-e879-47b7-9279-687b413d436f" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 15, - "i": "986ac399-7ca0-420e-a224-f55f9dc48f5c", - "w": 24, - "x": 24, - "y": 27 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "986ac399-7ca0-420e-a224-f55f9dc48f5c", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "92ea1b1a-7e5f-4d77-9af5-5c75151c6382": { - "columnOrder": [ - "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0", - "f2f2bd2b-27e3-4868-bae1-ff003f94d936" - ], - "columns": { - "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.type" - }, - "f2f2bd2b-27e3-4868-bae1-ff003f94d936": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" + "title": "Distribution of Alerts by Rule Severity [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "986ac399-7ca0-420e-a224-f55f9dc48f5c", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "986ac399-7ca0-420e-a224-f55f9dc48f5c", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "92ea1b1a-7e5f-4d77-9af5-5c75151c6382": { + "columnOrder": [ + "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0", + "f2f2bd2b-27e3-4868-bae1-ff003f94d936" + ], + "columns": { + "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0" - ], - "layerId": "92ea1b1a-7e5f-4d77-9af5-5c75151c6382", - "layerType": "data", - "legendDisplay": "default", - "metric": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.type" }, - "title": "Distribution of Alerts by Event Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "946d6cac-4418-40cf-b301-614d64130caa", - "w": 24, - "x": 0, - "y": 42 - }, - "panelIndex": "946d6cac-4418-40cf-b301-614d64130caa", - "type": "lens", - "version": "7.17.0" + "f2f2bd2b-27e3-4868-bae1-ff003f94d936": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0" + ], + "layerId": "92ea1b1a-7e5f-4d77-9af5-5c75151c6382", + "layerType": "data", + "legendDisplay": "default", + "metric": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "76215aa5-943c-4f3f-a5b5-dfa7095216e5": { - "columnOrder": [ - "58c3a718-0540-4a34-bdb7-d3ac85d94986", - "27c9c040-2ef7-4384-88fa-156d43d3ffe9" - ], - "columns": { - "27c9c040-2ef7-4384-88fa-156d43d3ffe9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "58c3a718-0540-4a34-bdb7-d3ac85d94986": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Incident Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.info.status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "58c3a718-0540-4a34-bdb7-d3ac85d94986" - ], - "layerId": "76215aa5-943c-4f3f-a5b5-dfa7095216e5", - "layerType": "data", - "legendDisplay": "default", - "metric": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Alerts by Incident Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "d9f10ef5-e421-4193-8a29-de995a862192", - "w": 24, - "x": 24, - "y": 42 - }, - "panelIndex": "d9f10ef5-e421-4193-8a29-de995a862192", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs SentinelOne] Alerts", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "sentinel_one-89773b00-c1fa-11ec-a23a-27e16fe32bb9", - "name": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de:panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "type": "search" - }, - { - "id": "logs-*", - "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "title": "Distribution of Alerts by Event Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "946d6cac-4418-40cf-b301-614d64130caa", + "w": 24, + "x": 0, + "y": 42 }, - { - "id": "logs-*", - "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", - "type": "index-pattern" + "panelIndex": "946d6cac-4418-40cf-b301-614d64130caa", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "76215aa5-943c-4f3f-a5b5-dfa7095216e5": { + "columnOrder": [ + "58c3a718-0540-4a34-bdb7-d3ac85d94986", + "27c9c040-2ef7-4384-88fa-156d43d3ffe9" + ], + "columns": { + "27c9c040-2ef7-4384-88fa-156d43d3ffe9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "58c3a718-0540-4a34-bdb7-d3ac85d94986": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Incident Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.info.status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "58c3a718-0540-4a34-bdb7-d3ac85d94986" + ], + "layerId": "76215aa5-943c-4f3f-a5b5-dfa7095216e5", + "layerType": "data", + "legendDisplay": "default", + "metric": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Alerts by Incident Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "d9f10ef5-e421-4193-8a29-de995a862192", + "w": 24, + "x": 24, + "y": 42 }, - { - "id": "logs-*", - "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", - "type": "index-pattern" - } + "panelIndex": "d9f10ef5-e421-4193-8a29-de995a862192", + "type": "lens", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs SentinelOne] Alerts", + "version": 1 + }, + "references": [ + { + "id": "sentinel_one-89773b00-c1fa-11ec-a23a-27e16fe32bb9", + "name": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de:panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "type": "search" + }, + { + "id": "logs-*", + "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file From 1bb12c770a21d679cc6b5ce080a34aea72e4df87 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:21:12 +0530 Subject: [PATCH 034/103] all inlined sonicwall_firewall --- ...-782e2cf0-d78f-11ec-bc4f-47419689dcde.json | 2783 +++++++++-------- 1 file changed, 1394 insertions(+), 1389 deletions(-) diff --git a/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json b/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json index 47df56dc7e1..b30b7f9691a 100644 --- a/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json +++ b/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json @@ -1,1447 +1,1452 @@ { - "attributes": { - "description": "Dashboard for SonicWall Firewall events", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "sonicwall_firewall.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "sonicwall_firewall.log" - } - } - } - ], + "id": "sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:51:02.440Z", + "version": "WzU3NCwxXQ==", + "attributes": { + "description": "Dashboard for SonicWall Firewall events", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "sonicwall_firewall.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "sonicwall_firewall.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "id": "", + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1652981377419", + "indexPatternRefName": "control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", + "label": "Firewall ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "", + "type": "input_control_vis", + "uiState": {} + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 4, + "i": "13a27ebe-963e-4539-9013-186e247e0b32", + "w": 13, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "13a27ebe-963e-4539-9013-186e247e0b32", + "title": "Filter by Firewall (Syslog ID)", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d6a337e6-588b-47b6-9414-c621dcf265c9": { + "columnOrder": [ + "412981b2-ba5e-4e78-a96b-c51be9ae8870", + "4e72963e-8fc8-475c-88ad-bafcc38a726b", + "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" + ], + "columns": { + "412981b2-ba5e-4e78-a96b-c51be9ae8870": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "abcd61b9-9bfc-45e6-8c71-3167174a8bcd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.code" }, - "description": "", - "id": "", - "params": { - "controls": [ - { - "fieldName": "observer.name", - "id": "1652981377419", - "indexPatternRefName": "control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", - "label": "Firewall ID", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": true + "4e72963e-8fc8-475c-88ad-bafcc38a726b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "", - "type": "input_control_vis", - "uiState": {} + "abcd61b9-9bfc-45e6-8c71-3167174a8bcd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 4, - "i": "13a27ebe-963e-4539-9013-186e247e0b32", - "w": 13, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "13a27ebe-963e-4539-9013-186e247e0b32", - "title": "Filter by Firewall (Syslog ID)", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d6a337e6-588b-47b6-9414-c621dcf265c9": { - "columnOrder": [ - "412981b2-ba5e-4e78-a96b-c51be9ae8870", - "4e72963e-8fc8-475c-88ad-bafcc38a726b", - "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" - ], - "columns": { - "412981b2-ba5e-4e78-a96b-c51be9ae8870": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of event.code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "abcd61b9-9bfc-45e6-8c71-3167174a8bcd", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.code" - }, - "4e72963e-8fc8-475c-88ad-bafcc38a726b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "abcd61b9-9bfc-45e6-8c71-3167174a8bcd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" - ], - "layerId": "d6a337e6-588b-47b6-9414-c621dcf265c9", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "412981b2-ba5e-4e78-a96b-c51be9ae8870", - "xAccessor": "4e72963e-8fc8-475c-88ad-bafcc38a726b" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" + ], + "layerId": "d6a337e6-588b-47b6-9414-c621dcf265c9", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "412981b2-ba5e-4e78-a96b-c51be9ae8870", + "xAccessor": "4e72963e-8fc8-475c-88ad-bafcc38a726b" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 14, - "i": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", - "w": 35, - "x": 13, - "y": 0 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", - "title": "Event code histogram", - "type": "lens", - "version": "8.2.0" + "valueLabels": "hide" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2c3a0f47-236c-41cb-86e8-e8a27033d165": { - "columnOrder": [ - "ac755b72-5005-416d-8da8-7001a2ba5366", - "b988645c-c513-4755-b369-3f3787e6045d" - ], - "columns": { - "ac755b72-5005-416d-8da8-7001a2ba5366": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of observer.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b988645c-c513-4755-b369-3f3787e6045d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.name" - }, - "b988645c-c513-4755-b369-3f3787e6045d": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", + "title": "Event code histogram", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2c3a0f47-236c-41cb-86e8-e8a27033d165": { + "columnOrder": [ + "ac755b72-5005-416d-8da8-7001a2ba5366", + "b988645c-c513-4755-b369-3f3787e6045d" + ], + "columns": { + "ac755b72-5005-416d-8da8-7001a2ba5366": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of observer.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b988645c-c513-4755-b369-3f3787e6045d", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "sonicwall_firewall.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "sonicwall_firewall.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "ac755b72-5005-416d-8da8-7001a2ba5366" - }, - { - "columnId": "b988645c-c513-4755-b369-3f3787e6045d" - } - ], - "layerId": "2c3a0f47-236c-41cb-86e8-e8a27033d165", - "layerType": "data" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 10, - "i": "17735289-cfc4-429a-a5c5-f3d19df013dc", - "w": 13, - "x": 0, - "y": 4 - }, - "panelIndex": "17735289-cfc4-429a-a5c5-f3d19df013dc", - "title": "Event count by firewall", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"93ebdd92-cae8-455c-affe-191e18edcb95\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"7dc5cffe-5449-4411-8838-f1a1076f3592\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"d4d78e49-4c8e-4980-9cb9-581d6dc6b826\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", - "mapStateJSON": "{\"zoom\":1.88,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 45, - "minLat": 0, - "minLon": -90 - }, - "mapCenter": { - "lat": 46.36347, - "lon": -7.06802, - "zoom": 2.88 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "a7718a64-7550-405a-8a75-4687c00dadde", - "w": 24, - "x": 0, - "y": 14 - }, - "panelIndex": "a7718a64-7550-405a-8a75-4687c00dadde", - "title": "Network sources heat map", - "type": "map", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6e0adcd6-6a1b-4fdf-9e81-66ea18ac7577\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"bdae40c0-6caf-4ba2-b179-7202f1e2be60\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"75e1e0df-43ff-4e14-9df2-4962c751d3bf\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", - "mapStateJSON": "{\"zoom\":1.39,\"center\":{\"lon\":-32.42476,\"lat\":25.69542},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 40.9799, - "maxLon": 135, - "minLat": 0, - "minLon": 45 - }, - "mapCenter": { - "lat": 23.23703, - "lon": 86.01728, - "zoom": 3.15 + "b988645c-c513-4755-b369-3f3787e6045d": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "sonicwall_firewall.log" }, - "openTOCDetails": [ - "75e1e0df-43ff-4e14-9df2-4962c751d3bf" - ] - }, - "gridData": { - "h": 15, - "i": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", - "w": 24, - "x": 24, - "y": 14 - }, - "panelIndex": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", - "title": "Network destinations heat map", - "type": "map", - "version": "8.2.0" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "sonicwall_firewall.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "ac755b72-5005-416d-8da8-7001a2ba5366" + }, + { + "columnId": "b988645c-c513-4755-b369-3f3787e6045d" + } + ], + "layerId": "2c3a0f47-236c-41cb-86e8-e8a27033d165", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "17735289-cfc4-429a-a5c5-f3d19df013dc", + "w": 13, + "x": 0, + "y": 4 + }, + "panelIndex": "17735289-cfc4-429a-a5c5-f3d19df013dc", + "title": "Event count by firewall", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"93ebdd92-cae8-455c-affe-191e18edcb95\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"7dc5cffe-5449-4411-8838-f1a1076f3592\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"d4d78e49-4c8e-4980-9cb9-581d6dc6b826\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", + "mapStateJSON": "{\"zoom\":1.88,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 45, + "minLat": 0, + "minLon": -90 + }, + "mapCenter": { + "lat": 46.36347, + "lon": -7.06802, + "zoom": 2.88 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "a7718a64-7550-405a-8a75-4687c00dadde", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "a7718a64-7550-405a-8a75-4687c00dadde", + "title": "Network sources heat map", + "type": "map", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6e0adcd6-6a1b-4fdf-9e81-66ea18ac7577\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"bdae40c0-6caf-4ba2-b179-7202f1e2be60\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"75e1e0df-43ff-4e14-9df2-4962c751d3bf\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", + "mapStateJSON": "{\"zoom\":1.39,\"center\":{\"lon\":-32.42476,\"lat\":25.69542},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 40.9799, + "maxLon": 135, + "minLat": 0, + "minLon": 45 + }, + "mapCenter": { + "lat": 23.23703, + "lon": 86.01728, + "zoom": 3.15 + }, + "openTOCDetails": [ + "75e1e0df-43ff-4e14-9df2-4962c751d3bf" + ] + }, + "gridData": { + "h": 15, + "i": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", + "title": "Network destinations heat map", + "type": "map", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3717b68f-f5ab-4598-9f39-4a723d91165c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { + "columnOrder": [ + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228", + "ba0383c2-1472-45fb-a465-9125f7120a32", + "ec6161de-fac2-420d-9b3f-e2d2df2caf68" + ], + "columns": { + "4aff95fe-c475-4dbc-a230-22c2005daead": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of network.transport", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "3717b68f-f5ab-4598-9f39-4a723d91165c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { - "columnOrder": [ - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228", - "ba0383c2-1472-45fb-a465-9125f7120a32", - "ec6161de-fac2-420d-9b3f-e2d2df2caf68" - ], - "columns": { - "4aff95fe-c475-4dbc-a230-22c2005daead": { - "dataType": "string", - "isBucketed": true, - "label": "Top 3 values of network.transport", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "network.transport" - }, - "a04c7483-85de-470a-a875-3b6336f57228": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of network.protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" - }, - "ba0383c2-1472-45fb-a465-9125f7120a32": { - "dataType": "number", - "isBucketed": true, - "label": "Top 3 values of destination.port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "destination.port" - }, - "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "a04c7483-85de-470a-a875-3b6336f57228": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "3717b68f-f5ab-4598-9f39-4a723d91165c", - "key": "event.action", - "negate": false, - "params": { - "query": "connection-start" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "connection-start" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"sonicwall_firewall.log\" " + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ba0383c2-1472-45fb-a465-9125f7120a32", - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228" - ], - "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "layerType": "data", - "legendDisplay": "default", - "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "positive", - "type": "palette" - }, - "shape": "pie" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "db14ebf1-c490-427c-bdde-d48da4496d45", - "w": 19, - "x": 0, - "y": 29 - }, - "panelIndex": "db14ebf1-c490-427c-bdde-d48da4496d45", - "title": "Allowed connections by transport/protocol/destination.port", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "ba0383c2-1472-45fb-a465-9125f7120a32": { + "dataType": "number", + "isBucketed": true, + "label": "Top 3 values of destination.port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "951e4235-9dec-43ae-b400-bfe367e43e0b": { - "columnOrder": [ - "7200128d-9260-4e3f-a280-5cf5f9c84d33", - "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" - ], - "columns": { - "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "7200128d-9260-4e3f-a280-5cf5f9c84d33": { - "dataType": "ip", - "isBucketed": true, - "label": "Top 5 values of source.ip", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "7200128d-9260-4e3f-a280-5cf5f9c84d33" - }, - { - "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" - } - ], - "layerId": "951e4235-9dec-43ae-b400-bfe367e43e0b", - "layerType": "data" - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "destination.port" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "3717b68f-f5ab-4598-9f39-4a723d91165c", + "key": "event.action", + "negate": false, + "params": { + "query": "connection-start" }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 15, - "i": "06b11f86-c986-4a30-b1da-1724529bf864", - "w": 15, - "x": 19, - "y": 29 + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "connection-start" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset :\"sonicwall_firewall.log\" " + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ba0383c2-1472-45fb-a465-9125f7120a32", + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228" + ], + "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "layerType": "data", + "legendDisplay": "default", + "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "positive", + "type": "palette" }, - "panelIndex": "06b11f86-c986-4a30-b1da-1724529bf864", - "type": "lens", - "version": "8.2.0" + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "287c2e25-3cb0-41d5-8bf8-ae1fb696173c": { - "columnOrder": [ - "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283", - "2c8c78cf-034a-4278-9335-66f22dd19e4b" - ], - "columns": { - "2c8c78cf-034a-4278-9335-66f22dd19e4b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283": { - "dataType": "ip", - "isBucketed": true, - "label": "Top 5 values of destination.ip", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.ip" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "db14ebf1-c490-427c-bdde-d48da4496d45", + "w": 19, + "x": 0, + "y": 29 + }, + "panelIndex": "db14ebf1-c490-427c-bdde-d48da4496d45", + "title": "Allowed connections by transport/protocol/destination.port", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "951e4235-9dec-43ae-b400-bfe367e43e0b": { + "columnOrder": [ + "7200128d-9260-4e3f-a280-5cf5f9c84d33", + "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" + ], + "columns": { + "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "7200128d-9260-4e3f-a280-5cf5f9c84d33": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 5 values of source.ip", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"sonicwall_firewall.log\" " + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283" - }, - { - "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b" - } - ], - "layerId": "287c2e25-3cb0-41d5-8bf8-ae1fb696173c", - "layerType": "data" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "7200128d-9260-4e3f-a280-5cf5f9c84d33" + }, + { + "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" + } + ], + "layerId": "951e4235-9dec-43ae-b400-bfe367e43e0b", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 15, + "i": "06b11f86-c986-4a30-b1da-1724529bf864", + "w": 15, + "x": 19, + "y": 29 + }, + "panelIndex": "06b11f86-c986-4a30-b1da-1724529bf864", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "287c2e25-3cb0-41d5-8bf8-ae1fb696173c": { + "columnOrder": [ + "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283", + "2c8c78cf-034a-4278-9335-66f22dd19e4b" + ], + "columns": { + "2c8c78cf-034a-4278-9335-66f22dd19e4b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 15, - "i": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", - "w": 14, - "x": 34, - "y": 29 - }, - "panelIndex": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", - "type": "lens", - "version": "8.2.0" + "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 5 values of destination.ip", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset :\"sonicwall_firewall.log\" " + }, + "visualization": { + "columns": [ + { + "columnId": "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283" + }, + { + "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b" + } + ], + "layerId": "287c2e25-3cb0-41d5-8bf8-ae1fb696173c", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 15, + "i": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", + "w": 14, + "x": 34, + "y": 29 + }, + "panelIndex": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "845be485-ea9d-4aac-a3bb-5d99702828cb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { + "columnOrder": [ + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228", + "ba0383c2-1472-45fb-a465-9125f7120a32", + "ec6161de-fac2-420d-9b3f-e2d2df2caf68" + ], + "columns": { + "4aff95fe-c475-4dbc-a230-22c2005daead": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of network.transport", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "845be485-ea9d-4aac-a3bb-5d99702828cb", - "type": "index-pattern" + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "a04c7483-85de-470a-a875-3b6336f57228": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { - "columnOrder": [ - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228", - "ba0383c2-1472-45fb-a465-9125f7120a32", - "ec6161de-fac2-420d-9b3f-e2d2df2caf68" - ], - "columns": { - "4aff95fe-c475-4dbc-a230-22c2005daead": { - "dataType": "string", - "isBucketed": true, - "label": "Top 3 values of network.transport", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "network.transport" - }, - "a04c7483-85de-470a-a875-3b6336f57228": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of network.protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" - }, - "ba0383c2-1472-45fb-a465-9125f7120a32": { - "dataType": "number", - "isBucketed": true, - "label": "Top 3 values of destination.port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "destination.port" - }, - "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "ba0383c2-1472-45fb-a465-9125f7120a32": { + "dataType": "number", + "isBucketed": true, + "label": "Top 3 values of destination.port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "845be485-ea9d-4aac-a3bb-5d99702828cb", - "key": "event.category", - "negate": false, - "params": [ - "network" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.category": "network" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", - "key": "event.action", - "negate": false, - "params": { - "query": "connection-denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "connection-denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"sonicwall_firewall.log\" " + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ba0383c2-1472-45fb-a465-9125f7120a32", - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228" - ], - "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "layerType": "data", - "legendDisplay": "default", - "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "negative", - "type": "palette" - }, - "shape": "pie" - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "destination.port" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "845be485-ea9d-4aac-a3bb-5d99702828cb", + "key": "event.category", + "negate": false, + "params": [ + "network" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.category": "network" + } + } + ] + } + } }, - "gridData": { - "h": 15, - "i": "b60bc6be-7082-43aa-8e3b-07468984046f", - "w": 19, - "x": 0, - "y": 44 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", + "key": "event.action", + "negate": false, + "params": { + "query": "connection-denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "connection-denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset :\"sonicwall_firewall.log\" " + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ba0383c2-1472-45fb-a465-9125f7120a32", + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228" + ], + "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "layerType": "data", + "legendDisplay": "default", + "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "negative", + "type": "palette" }, - "panelIndex": "b60bc6be-7082-43aa-8e3b-07468984046f", - "title": "Denied connections by transport/protocol/destination.port", - "type": "lens", - "version": "8.2.0" + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a2c0360d-161b-4a36-b16d-0cf33a37314f", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b60bc6be-7082-43aa-8e3b-07468984046f", + "w": 19, + "x": 0, + "y": 44 + }, + "panelIndex": "b60bc6be-7082-43aa-8e3b-07468984046f", + "title": "Denied connections by transport/protocol/destination.port", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a2c0360d-161b-4a36-b16d-0cf33a37314f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d1a641a9-f4d4-459f-9723-b6a25d02680d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c8843882-29d4-4afd-8c11-eeae1800d40c": { + "columnOrder": [ + "708e8def-b004-4b42-ad49-a88b44da0d8f", + "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", + "046b793c-8c99-4656-a163-bac293b4c56c" + ], + "columns": { + "046b793c-8c99-4656-a163-bac293b4c56c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "708e8def-b004-4b42-ad49-a88b44da0d8f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of user.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "046b793c-8c99-4656-a163-bac293b4c56c", + "type": "column" }, - { - "id": "logs-*", - "name": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", - "type": "index-pattern" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - { - "id": "logs-*", - "name": "d1a641a9-f4d4-459f-9723-b6a25d02680d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c8843882-29d4-4afd-8c11-eeae1800d40c": { - "columnOrder": [ - "708e8def-b004-4b42-ad49-a88b44da0d8f", - "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", - "046b793c-8c99-4656-a163-bac293b4c56c" - ], - "columns": { - "046b793c-8c99-4656-a163-bac293b4c56c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "708e8def-b004-4b42-ad49-a88b44da0d8f": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of user.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "046b793c-8c99-4656-a163-bac293b4c56c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "f8fbcadb-7787-4e9b-9120-bf9dbd742beb": { - "dataType": "string", - "isBucketed": true, - "label": "Top 2 values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": true, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 2 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - } - }, - "incompleteColumns": {} - } - } - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "f8fbcadb-7787-4e9b-9120-bf9dbd742beb": { + "dataType": "string", + "isBucketed": true, + "label": "Top 2 values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": true, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a2c0360d-161b-4a36-b16d-0cf33a37314f", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "sonicwall_firewall.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "sonicwall_firewall.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", - "key": "event.category", - "negate": false, - "params": { - "query": "authentication" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "authentication" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d1a641a9-f4d4-459f-9723-b6a25d02680d", - "key": "event.type", - "negate": false, - "params": { - "query": "start" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.type": "start" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "046b793c-8c99-4656-a163-bac293b4c56c" - ], - "layerId": "c8843882-29d4-4afd-8c11-eeae1800d40c", - "layerType": "data", - "palette": { - "name": "status", - "type": "palette" - }, - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", - "xAccessor": "708e8def-b004-4b42-ad49-a88b44da0d8f" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 2 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a2c0360d-161b-4a36-b16d-0cf33a37314f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "sonicwall_firewall.log" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "sonicwall_firewall.log" + } + } }, - "gridData": { - "h": 15, - "i": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", - "w": 29, - "x": 19, - "y": 44 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } }, - "panelIndex": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", - "title": "Top authentications", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "columns": [ - "@timestamp", - "event.action", - "source.ip", - "message" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d1a641a9-f4d4-459f-9723-b6a25d02680d", + "key": "event.type", + "negate": false, + "params": { + "query": "start" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "start" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "046b793c-8c99-4656-a163-bac293b4c56c" ], - "enhancements": {}, - "hidePanelTitles": false, - "rowHeight": 0 + "layerId": "c8843882-29d4-4afd-8c11-eeae1800d40c", + "layerType": "data", + "palette": { + "name": "status", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", + "xAccessor": "708e8def-b004-4b42-ad49-a88b44da0d8f" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 18, - "i": "ed04883d-ba56-4502-a905-046c874e4a72", - "w": 48, - "x": 0, - "y": 59 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "ed04883d-ba56-4502-a905-046c874e4a72", - "panelRefName": "panel_ed04883d-ba56-4502-a905-046c874e4a72", - "title": "Attack events", - "type": "search", - "version": "8.2.0" - } - ], - "timeRestore": false, - "title": "[SonicWall Firewall] Dashboard", - "version": 1 - }, - "coreMigrationVersion": "8.2.0", - "id": "sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde", - "migrationVersion": { - "dashboard": "8.2.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "13a27ebe-963e-4539-9013-186e247e0b32:control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7718a64-7550-405a-8a75-4687c00dadde:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "db14ebf1-c490-427c-bdde-d48da4496d45:3717b68f-f5ab-4598-9f39-4a723d91165c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:845be485-ea9d-4aac-a3bb-5d99702828cb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:c4ae20da-36fc-4e3b-90fb-1f7ff301b979", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", - "type": "index-pattern" + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:a2c0360d-161b-4a36-b16d-0cf33a37314f", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", + "w": 29, + "x": 19, + "y": 44 }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", - "type": "index-pattern" + "panelIndex": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", + "title": "Top authentications", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "columns": [ + "@timestamp", + "event.action", + "source.ip", + "message" + ], + "enhancements": {}, + "hidePanelTitles": false, + "rowHeight": 0 }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:d1a641a9-f4d4-459f-9723-b6a25d02680d", - "type": "index-pattern" + "gridData": { + "h": 18, + "i": "ed04883d-ba56-4502-a905-046c874e4a72", + "w": 48, + "x": 0, + "y": 59 }, - { - "id": "sonicwall_firewall-93af7ae0-d796-11ec-bc4f-47419689dcde", - "name": "ed04883d-ba56-4502-a905-046c874e4a72:panel_ed04883d-ba56-4502-a905-046c874e4a72", - "type": "search" - } + "panelIndex": "ed04883d-ba56-4502-a905-046c874e4a72", + "panelRefName": "panel_ed04883d-ba56-4502-a905-046c874e4a72", + "title": "Attack events", + "type": "search", + "version": "8.2.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[SonicWall Firewall] Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13a27ebe-963e-4539-9013-186e247e0b32:control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7718a64-7550-405a-8a75-4687c00dadde:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "db14ebf1-c490-427c-bdde-d48da4496d45:3717b68f-f5ab-4598-9f39-4a723d91165c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:845be485-ea9d-4aac-a3bb-5d99702828cb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:c4ae20da-36fc-4e3b-90fb-1f7ff301b979", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:a2c0360d-161b-4a36-b16d-0cf33a37314f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:d1a641a9-f4d4-459f-9723-b6a25d02680d", + "type": "index-pattern" + }, + { + "id": "sonicwall_firewall-93af7ae0-d796-11ec-bc4f-47419689dcde", + "name": "ed04883d-ba56-4502-a905-046c874e4a72:panel_ed04883d-ba56-4502-a905-046c874e4a72", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.2.0" + }, + "coreMigrationVersion": "8.2.0" } \ No newline at end of file From 30cd0cd9f26181b5aa08f5d2fa33951d95460ea2 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:24:20 +0530 Subject: [PATCH 035/103] migrate suricata to by_value --- ...-05268ee0-86d1-11e8-b59d-21efb914e65c.json | 815 ++++++++---- ...-78289c40-86da-11e8-b59d-21efb914e65c.json | 1124 +++++++++++++---- ...-0a0aa630-86db-11e8-b59d-21efb914e65c.json | 96 -- ...-0a363820-86dd-11e8-b59d-21efb914e65c.json | 78 -- ...-16033310-86d3-11e8-b59d-21efb914e65c.json | 100 -- ...-169c0600-d297-11ea-90e3-8767fe7ccf14.json | 74 -- ...-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json | 83 -- ...-494fa290-86d2-11e8-b59d-21efb914e65c.json | 165 --- ...-5f99eb50-86dc-11e8-b59d-21efb914e65c.json | 72 -- ...-728f64c0-86db-11e8-b59d-21efb914e65c.json | 78 -- ...-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json | 72 -- ...-908e8c90-d296-11ea-90e3-8767fe7ccf14.json | 34 - ...-9d5b5b50-86db-11e8-b59d-21efb914e65c.json | 165 --- ...-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json | 83 -- ...-c7d46c60-86da-11e8-b59d-21efb914e65c.json | 165 --- 15 files changed, 1479 insertions(+), 1725 deletions(-) delete mode 100644 packages/suricata/kibana/visualization/suricata-0a0aa630-86db-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-0a363820-86dd-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-16033310-86d3-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-169c0600-d297-11ea-90e3-8767fe7ccf14.json delete mode 100644 packages/suricata/kibana/visualization/suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-494fa290-86d2-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-728f64c0-86db-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14.json delete mode 100644 packages/suricata/kibana/visualization/suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json delete mode 100644 packages/suricata/kibana/visualization/suricata-c7d46c60-86da-11e8-b59d-21efb914e65c.json diff --git a/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json index 4f24e5dde5a..d7358987559 100644 --- a/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json +++ b/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json @@ -1,245 +1,612 @@ { - "attributes": { - "description": "Overview of the Suricata Alerts dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "suricata-05268ee0-86d1-11e8-b59d-21efb914e65c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:54:09.400Z", + "version": "WzY0MCwxXQ==", + "attributes": { + "description": "Overview of the Suricata Alerts dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Alerting Hosts [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 10, + "i": "1", + "w": 23, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 23, - "x": 0, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Alert Signatures [Logs Suricata]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "2", - "w": 25, - "x": 23, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "3", - "w": 48, - "x": 0, - "y": 41 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Signature", + "field": "rule.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "search", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Alert Category", + "field": "rule.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 26, + "i": "2", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "3", + "w": 48, + "x": 0, + "y": 41 + }, + "panelIndex": "3", + "panelRefName": "panel_3", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Alerts - Top Destination Countries [Logs Suricata]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "7", - "w": 12, - "x": 11, - "y": 14 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 5, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "8", - "w": 11, - "x": 0, - "y": 14 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "7", + "w": 12, + "x": 11, + "y": 14 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Alerts - Top Source Countries [Logs Suricata]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "w": 23, - "x": 0, - "y": 0 - }, - "panelIndex": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "panelRefName": "panel_e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 5, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"967e2051-c2f4-49ef-bc72-d94947e45883\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"cdbf364a-7d6f-499e-9819-0ef05d687969\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Source Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"345ad34d-95d3-4e10-9850-cfd6b366fd7e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Alert - Source Location [Logs Suricata]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", - "w": 23, - "x": 0, - "y": 26 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 11, + "x": 0, + "y": 14 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 18, + "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/suricata-78289c40-86da-11e8-b59d-21efb914e65c) | [Alerts](/app/dashboards#/view/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"20edc2ac-aae0-4f6b-8eae-405d2423b580\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9df30dd6-f660-4daf-a2b6-3691e4bd6e81\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Destination Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"09c636cb-a239-4636-aaba-abbab2ec3b02\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Alert - Destination Location [Logs Suricata]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "df498f0d-f08c-48e0-9b9f-1e579824a327", - "w": 25, - "x": 23, - "y": 26 - }, - "panelIndex": "df498f0d-f08c-48e0-9b9f-1e579824a327", - "type": "map", - "version": "8.0.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Suricata] Alert Overview", - "version": 1 + } + }, + "gridData": { + "h": 4, + "i": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", + "w": 23, + "x": 0, + "y": 0 + }, + "panelIndex": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"967e2051-c2f4-49ef-bc72-d94947e45883\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"cdbf364a-7d6f-499e-9819-0ef05d687969\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Source Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"345ad34d-95d3-4e10-9850-cfd6b366fd7e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Alert - Source Location [Logs Suricata]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", + "w": 23, + "x": 0, + "y": 26 + }, + "panelIndex": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", + "type": "map", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"20edc2ac-aae0-4f6b-8eae-405d2423b580\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9df30dd6-f660-4daf-a2b6-3691e4bd6e81\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Destination Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"09c636cb-a239-4636-aaba-abbab2ec3b02\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Alert - Destination Location [Logs Suricata]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "df498f0d-f08c-48e0-9b9f-1e579824a327", + "w": 25, + "x": 23, + "y": 26 + }, + "panelIndex": "df498f0d-f08c-48e0-9b9f-1e579824a327", + "type": "map", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Logs Suricata] Alert Overview", + "version": 1 + }, + "references": [ + { + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", + "name": "3:panel_3", + "type": "search" }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-05268ee0-86d1-11e8-b59d-21efb914e65c", - "migrationVersion": { - "dashboard": "8.0.0" + { + "id": "logs-*", + "name": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b:layer_1_source_index_pattern", + "type": "index-pattern" }, - "references": [ - { - "id": "suricata-494fa290-86d2-11e8-b59d-21efb914e65c", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "suricata-16033310-86d3-11e8-b59d-21efb914e65c", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "3:panel_3", - "type": "search" - }, - { - "id": "suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14", - "name": "e86b7f30-96da-4f52-9ff0-cefcaadcc914:panel_e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "df498f0d-f08c-48e0-9b9f-1e579824a327:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "dashboard" + { + "id": "logs-*", + "name": "df498f0d-f08c-48e0-9b9f-1e579824a327:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "2:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "7:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "8:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json index 336c00c84e7..56c5681ed02 100644 --- a/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json +++ b/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json @@ -1,267 +1,919 @@ { - "attributes": { - "description": "Overview of the Surcata events dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "suricata-78289c40-86da-11e8-b59d-21efb914e65c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:54:09.400Z", + "version": "WzY0MSwxXQ==", + "attributes": { + "description": "Overview of the Surcata events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Activity Types over Time [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 10, + "i": "1", + "w": 48, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "2", - "w": 9, - "x": 0, - "y": 24 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "3", - "w": 11, - "x": 19, - "y": 24 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Types [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "4", - "w": 48, - "x": 0, - "y": 14 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "5", - "w": 48, - "x": 0, - "y": 38 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ECS Event Type", + "field": "event.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 14, - "i": "6", - "w": 9, - "x": 30, - "y": 24 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "7", - "w": 9, - "x": 39, - "y": 24 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Suricata Event Type", + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "2", + "w": 9, + "x": 0, + "y": 24 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Network Protocols [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "8", - "w": 10, - "x": 9, - "y": 24 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "3", + "w": 11, + "x": 19, + "y": 24 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Hosts Generating Events [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "9", - "w": 48, - "x": 0, - "y": 57 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "search", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 48, + "x": 0, + "y": 14 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "5", + "w": 48, + "x": 0, + "y": 38 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "7.9.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Connection Source Countries [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "panelRefName": "panel_78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "title": "", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Source Countries", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "6", + "w": 9, + "x": 30, + "y": 24 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Connection Destination Countries [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "63e14057-b48b-48fe-b3e2-84f7690d60e8", - "w": 24, - "x": 24, - "y": 0 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "63e14057-b48b-48fe-b3e2-84f7690d60e8", - "panelRefName": "panel_63e14057-b48b-48fe-b3e2-84f7690d60e8", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Destination Countries", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Suricata] Events Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-78289c40-86da-11e8-b59d-21efb914e65c", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "suricata-c7d46c60-86da-11e8-b59d-21efb914e65c", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "suricata-0a0aa630-86db-11e8-b59d-21efb914e65c", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 14, + "i": "7", + "w": 9, + "x": 39, + "y": 24 }, - { - "id": "suricata-728f64c0-86db-11e8-b59d-21efb914e65c", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Transport Protocols [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 14, + "i": "8", + "w": 10, + "x": 9, + "y": 24 }, - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "5:panel_5", - "type": "search" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 16, + "i": "9", + "w": 48, + "x": 0, + "y": 57 }, - { - "id": "suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "9", + "panelRefName": "panel_9", + "type": "search", + "version": "7.9.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 18, + "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/suricata-78289c40-86da-11e8-b59d-21efb914e65c) | [Alerts](/app/dashboards#/view/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "suricata-0a363820-86dd-11e8-b59d-21efb914e65c", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 4, + "i": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", + "w": 24, + "x": 0, + "y": 0 }, - { - "id": "suricata-d57a2db0-86ca-11e8-b59d-21efb914e65c", - "name": "9:panel_9", - "type": "search" + "panelIndex": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", + "title": "", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Count [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Events" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14", - "name": "78f64fb8-a6ed-4960-a73b-a8c42c40f799:panel_78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "type": "visualization" + "gridData": { + "h": 4, + "i": "63e14057-b48b-48fe-b3e2-84f7690d60e8", + "w": 24, + "x": 24, + "y": 0 }, - { - "id": "suricata-169c0600-d297-11ea-90e3-8767fe7ccf14", - "name": "63e14057-b48b-48fe-b3e2-84f7690d60e8:panel_63e14057-b48b-48fe-b3e2-84f7690d60e8", - "type": "visualization" - } + "panelIndex": "63e14057-b48b-48fe-b3e2-84f7690d60e8", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Suricata] Events Overview", + "version": 1 + }, + "references": [ + { + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", + "name": "5:panel_5", + "type": "search" + }, + { + "id": "suricata-d57a2db0-86ca-11e8-b59d-21efb914e65c", + "name": "9:panel_9", + "type": "search" + }, + { + "type": "search", + "name": "1:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "2:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "3:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "4:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "6:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "7:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "8:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "63e14057-b48b-48fe-b3e2-84f7690d60e8:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-0a0aa630-86db-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-0a0aa630-86db-11e8-b59d-21efb914e65c.json deleted file mode 100644 index d75e1659311..00000000000 --- a/packages/suricata/kibana/visualization/suricata-0a0aa630-86db-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Event Types [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ECS Event Type", - "field": "event.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Suricata Event Type", - "field": "suricata.eve.event_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Event Types [Logs Suricata]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-0a0aa630-86db-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-0a363820-86dd-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-0a363820-86dd-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 91bcb945961..00000000000 --- a/packages/suricata/kibana/visualization/suricata-0a363820-86dd-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Transport Protocols [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top Transport Protocols [Logs Suricata]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-0a363820-86dd-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-16033310-86d3-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-16033310-86d3-11e8-b59d-21efb914e65c.json deleted file mode 100644 index c498afa117b..00000000000 --- a/packages/suricata/kibana/visualization/suricata-16033310-86d3-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Alert Signatures [Logs Suricata]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Signature", - "field": "rule.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Alert Category", - "field": "rule.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Alert Signatures [Logs Suricata]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-16033310-86d3-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-169c0600-d297-11ea-90e3-8767fe7ccf14.json b/packages/suricata/kibana/visualization/suricata-169c0600-d297-11ea-90e3-8767fe7ccf14.json deleted file mode 100644 index 6471dc046ad..00000000000 --- a/packages/suricata/kibana/visualization/suricata-169c0600-d297-11ea-90e3-8767fe7ccf14.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Event Count [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Events" - }, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Event Count [Logs Suricata]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-169c0600-d297-11ea-90e3-8767fe7ccf14", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json deleted file mode 100644 index a2d39620636..00000000000 --- a/packages/suricata/kibana/visualization/suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Alerts - Top Destination Countries [Logs Suricata]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "destination.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 5, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Alerts - Top Destination Countries [Logs Suricata]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-494fa290-86d2-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-494fa290-86d2-11e8-b59d-21efb914e65c.json deleted file mode 100644 index fc000f3df5d..00000000000 --- a/packages/suricata/kibana/visualization/suricata-494fa290-86d2-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Alerting Hosts [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-6y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Top Alerting Hosts [Logs Suricata]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-494fa290-86d2-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 5a806ee96d3..00000000000 --- a/packages/suricata/kibana/visualization/suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Connection Source Countries [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Top Connection Source Countries", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": false - }, - "title": "Top Connection Source Countries [Logs Suricata]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-728f64c0-86db-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-728f64c0-86db-11e8-b59d-21efb914e65c.json deleted file mode 100644 index ac87947b42a..00000000000 --- a/packages/suricata/kibana/visualization/suricata-728f64c0-86db-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Network Protocols [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top Network Protocols [Logs Suricata]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-728f64c0-86db-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 83fed82ca25..00000000000 --- a/packages/suricata/kibana/visualization/suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Connection Destination Countries [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Top Connection Destination Countries", - "field": "destination.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": false - }, - "title": "Top Connection Destination Countries [Logs Suricata]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14.json b/packages/suricata/kibana/visualization/suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14.json deleted file mode 100644 index 4bbd312a1a7..00000000000 --- a/packages/suricata/kibana/visualization/suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Navigation [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 18, - "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/suricata-78289c40-86da-11e8-b59d-21efb914e65c) | [Alerts](/app/dashboards#/view/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c)", - "openLinksInNewTab": false - }, - "title": "Navigation [Logs Suricata]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 40117d0595e..00000000000 --- a/packages/suricata/kibana/visualization/suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Hosts Generating Events [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-6y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Top Hosts Generating Events [Logs Suricata]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json deleted file mode 100644 index b02b6e294e3..00000000000 --- a/packages/suricata/kibana/visualization/suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Alerts - Top Source Countries [Logs Suricata]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 5, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Alerts - Top Source Countries [Logs Suricata]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-c7d46c60-86da-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-c7d46c60-86da-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 43d1e75ef74..00000000000 --- a/packages/suricata/kibana/visualization/suricata-c7d46c60-86da-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Activity Types over Time [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-6y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "suricata.eve.event_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Activity Types over Time [Logs Suricata]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-c7d46c60-86da-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file From 359e508c45fa7781035cb1900745d96e293f4f4d Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:27:26 +0530 Subject: [PATCH 036/103] migrate tenable_sc to by_value --- ...-726dfad0-2c0d-11ec-b3e0-f3fd7c471f4b.json | 733 ++++++++++--- ...-b9b277f0-2c11-11ec-b3e0-f3fd7c471f4b.json | 970 ++++++++++++++---- ...-d340bc30-30bd-11ec-b7d2-eba3454d2335.json | 579 ++++++++--- ...-12120d60-2c0e-11ec-b3e0-f3fd7c471f4b.json | 94 -- ...-20a11b40-2c14-11ec-b3e0-f3fd7c471f4b.json | 104 -- ...-2b883920-88c7-11ec-a56b-9fd8deec1ba2.json | 57 - ...-578e2360-2c0e-11ec-b3e0-f3fd7c471f4b.json | 90 -- ...-5bc40b40-2c16-11ec-b3e0-f3fd7c471f4b.json | 77 -- ...-5de3dfd0-30bd-11ec-b7d2-eba3454d2335.json | 90 -- ...-68ce24a0-2c0d-11ec-b3e0-f3fd7c471f4b.json | 77 -- ...-773a1570-323a-11ec-b7d2-eba3454d2335.json | 94 -- ...-7a7c8900-2c15-11ec-b3e0-f3fd7c471f4b.json | 90 -- ...-8b4a4cd0-30bc-11ec-b7d2-eba3454d2335.json | 77 -- ...-8dd5b500-2c0e-11ec-b3e0-f3fd7c471f4b.json | 90 -- ...-8f3552c0-2c13-11ec-b3e0-f3fd7c471f4b.json | 75 -- ...-b1c8bb30-30bc-11ec-b7d2-eba3454d2335.json | 94 -- ...-c16a8ae0-30bd-11ec-b7d2-eba3454d2335.json | 75 -- ...-c7547240-2c0d-11ec-b3e0-f3fd7c471f4b.json | 77 -- ...-d27cc590-88c5-11ec-a56b-9fd8deec1ba2.json | 57 - ...-d4fe2930-2c13-11ec-b3e0-f3fd7c471f4b.json | 104 -- ...-dc64f5b0-2ccb-11ec-af51-75b163cdcc43.json | 122 --- ...-eccc5090-2cd2-11ec-af51-75b163cdcc43.json | 183 ---- 22 files changed, 1803 insertions(+), 2206 deletions(-) delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-12120d60-2c0e-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-20a11b40-2c14-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-2b883920-88c7-11ec-a56b-9fd8deec1ba2.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-578e2360-2c0e-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-5bc40b40-2c16-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-5de3dfd0-30bd-11ec-b7d2-eba3454d2335.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-68ce24a0-2c0d-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-773a1570-323a-11ec-b7d2-eba3454d2335.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-7a7c8900-2c15-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-8b4a4cd0-30bc-11ec-b7d2-eba3454d2335.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-8dd5b500-2c0e-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-8f3552c0-2c13-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-b1c8bb30-30bc-11ec-b7d2-eba3454d2335.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-c16a8ae0-30bd-11ec-b7d2-eba3454d2335.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-c7547240-2c0d-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-d27cc590-88c5-11ec-a56b-9fd8deec1ba2.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-d4fe2930-2c13-11ec-b3e0-f3fd7c471f4b.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-dc64f5b0-2ccb-11ec-af51-75b163cdcc43.json delete mode 100644 packages/tenable_sc/kibana/visualization/tenable_sc-eccc5090-2cd2-11ec-af51-75b163cdcc43.json diff --git a/packages/tenable_sc/kibana/dashboard/tenable_sc-726dfad0-2c0d-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/dashboard/tenable_sc-726dfad0-2c0d-11ec-b3e0-f3fd7c471f4b.json index d56618640ce..2ba62a37ba9 100644 --- a/packages/tenable_sc/kibana/dashboard/tenable_sc-726dfad0-2c0d-11ec-b3e0-f3fd7c471f4b.json +++ b/packages/tenable_sc/kibana/dashboard/tenable_sc-726dfad0-2c0d-11ec-b3e0-f3fd7c471f4b.json @@ -1,180 +1,601 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "tenable_sc-726dfad0-2c0d-11ec-b3e0-f3fd7c471f4b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:57:14.541Z", + "version": "WzY0NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" + }, + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 0, + "w": 24, + "h": 15, + "i": "249b5ebe-82ed-4d42-9dad-e6f150b320a3" + }, + "panelIndex": "249b5ebe-82ed-4d42-9dad-e6f150b320a3", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Total Plugins", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true + }, + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } + }, + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.plugin.id", + "customLabel": "Total Plugins" + }, + "schema": "metric" + } + ], + "searchSource": { "query": { - "query": "", - "language": "kuery" + "query": "data_stream.dataset : \"tenable_sc.plugin\" ", + "language": "kuery" }, - "filter": [] + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 0, + "w": 24, + "h": 15, + "i": "8aa83051-d31f-414d-83de-55d4999dab13" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false - }, - "panelsJSON": [ - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 0, - "w": 24, - "h": 15, - "i": "249b5ebe-82ed-4d42-9dad-e6f150b320a3" - }, - "panelIndex": "249b5ebe-82ed-4d42-9dad-e6f150b320a3", - "embeddableConfig": { - "enhancements": {} + "panelIndex": "8aa83051-d31f-414d-83de-55d4999dab13", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Total Plugins with exploit available", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true }, - "panelRefName": "panel_0" + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 0, - "w": 24, - "h": 15, - "i": "8aa83051-d31f-414d-83de-55d4999dab13" - }, - "panelIndex": "8aa83051-d31f-414d-83de-55d4999dab13", - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.plugin.id", + "customLabel": "Total Plugins with Exploit Available" + }, + "schema": "metric" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.plugin\" and tenable_sc.plugin.exploit.is_available : true ", + "language": "kuery" }, - "panelRefName": "panel_1" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 15, + "w": 24, + "h": 15, + "i": "67693723-8202-4c0d-9b37-8b42cea0d511" + }, + "panelIndex": "67693723-8202-4c0d-9b37-8b42cea0d511", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 0, + "width": 543 + } + ] + } + }, + "savedVis": { + "title": "[Tenable SC] Top 10 Most Common Solutions", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "" }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 24, - "h": 15, - "i": "67693723-8202-4c0d-9b37-8b42cea0d511" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "67693723-8202-4c0d-9b37-8b42cea0d511", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "colWidth": [ - { - "colIndex": 0, - "width": 543 - } - ] - } - } + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.plugin.solution", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Most Common Solutions" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.plugin\"", + "language": "kuery" }, - "panelRefName": "panel_2" + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "tenable_sc.plugin.solution", + "negate": true, + "params": { + "query": "" + }, + "type": "phrase", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + }, + "query": { + "match_phrase": { + "tenable_sc.plugin.solution": "" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 15, + "w": 24, + "h": 15, + "i": "133ae7d6-9129-468c-8e2f-b22753ff092f" + }, + "panelIndex": "133ae7d6-9129-468c-8e2f-b22753ff092f", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Tenable SC] Distribution of Plugins by Plugin Type", + "description": "", + "uiState": {}, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 15, - "w": 24, - "h": 15, - "i": "133ae7d6-9129-468c-8e2f-b22753ff092f" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.plugin.id", + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "133ae7d6-9129-468c-8e2f-b22753ff092f", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.plugin.type", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Plugin Type" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.plugin\" ", + "language": "kuery" }, - "panelRefName": "panel_3" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 30, + "w": 24, + "h": 15, + "i": "b9a78373-1b89-4c61-8a77-cc91d185503a" + }, + "panelIndex": "b9a78373-1b89-4c61-8a77-cc91d185503a", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Tenable SC] Distribution of Plugins based on Risk Factors", + "description": "", + "uiState": {}, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 30, - "w": 24, - "h": 15, - "i": "b9a78373-1b89-4c61-8a77-cc91d185503a" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.plugin.id", + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "b9a78373-1b89-4c61-8a77-cc91d185503a", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.plugin.risk_factor", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Risk Factors" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.plugin\" ", + "language": "kuery" }, - "panelRefName": "panel_4" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 30, + "w": 24, + "h": 15, + "i": "2cd3b9f8-370d-4303-85f6-cd1e59608cbf" + }, + "panelIndex": "2cd3b9f8-370d-4303-85f6-cd1e59608cbf", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Tenable SC] Plugin vulnerabilities with and without Patches", + "description": "", + "uiState": {}, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 30, - "w": 24, - "h": 15, - "i": "2cd3b9f8-370d-4303-85f6-cd1e59608cbf" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.plugin.id", + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "2cd3b9f8-370d-4303-85f6-cd1e59608cbf", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + { + "id": "2", + "enabled": true, + "type": "filters", + "params": { + "filters": [ + { + "input": { + "query": "tenable_sc.plugin.is_patch_published : false ", + "language": "kuery" + }, + "label": "Vulnerabilities without Patches" + }, + { + "input": { + "query": "tenable_sc.plugin.is_patch_published : true ", + "language": "kuery" + }, + "label": "Vulnerabilities with Patches" + } + ] + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.plugin\"", + "language": "kuery" }, - "panelRefName": "panel_5" + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "tenable_sc.plugin.is_patch_published", + "negate": false, + "type": "exists", + "value": "exists", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" + }, + "query": { + "exists": { + "field": "tenable_sc.plugin.is_patch_published" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } - ], - "timeRestore": false, - "title": "[Tenable SC] Plugins", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-726dfad0-2c0d-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "tenable_sc-68ce24a0-2c0d-11ec-b3e0-f3fd7c471f4b", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "tenable_sc-c7547240-2c0d-11ec-b3e0-f3fd7c471f4b", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "tenable_sc-12120d60-2c0e-11ec-b3e0-f3fd7c471f4b", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "tenable_sc-578e2360-2c0e-11ec-b3e0-f3fd7c471f4b", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "tenable_sc-8dd5b500-2c0e-11ec-b3e0-f3fd7c471f4b", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "tenable_sc-dc64f5b0-2ccb-11ec-af51-75b163cdcc43", - "name": "panel_5", - "type": "visualization" + } } + } ], - "type": "dashboard", - "updated_at": "2021-10-26T09:26:13.313Z", - "version": "WzQwMjMsMV0=" + "timeRestore": false, + "title": "[Tenable SC] Plugins", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "249b5ebe-82ed-4d42-9dad-e6f150b320a3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8aa83051-d31f-414d-83de-55d4999dab13:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "67693723-8202-4c0d-9b37-8b42cea0d511:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "133ae7d6-9129-468c-8e2f-b22753ff092f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b9a78373-1b89-4c61-8a77-cc91d185503a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2cd3b9f8-370d-4303-85f6-cd1e59608cbf:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2cd3b9f8-370d-4303-85f6-cd1e59608cbf:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/tenable_sc/kibana/dashboard/tenable_sc-b9b277f0-2c11-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/dashboard/tenable_sc-b9b277f0-2c11-11ec-b3e0-f3fd7c471f4b.json index ee1b4bc78fe..b55be624c3b 100644 --- a/packages/tenable_sc/kibana/dashboard/tenable_sc-b9b277f0-2c11-11ec-b3e0-f3fd7c471f4b.json +++ b/packages/tenable_sc/kibana/dashboard/tenable_sc-b9b277f0-2c11-11ec-b3e0-f3fd7c471f4b.json @@ -1,225 +1,805 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "tenable_sc-b9b277f0-2c11-11ec-b3e0-f3fd7c471f4b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:57:14.541Z", + "version": "WzY0NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Vulnerability Selector", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "vulnerability.id", + "id": "1644314295235", + "indexPatternRefName": "control_0_index_pattern", + "label": "Vulnerability ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 8, + "i": "e3625770-e6f9-45aa-810a-ea7d32c48b74", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "e3625770-e6f9-45aa-810a-ea7d32c48b74", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "e3625770-e6f9-45aa-810a-ea7d32c48b74", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "ae58ea8e-a23d-440d-8469-dc7f3f3f3e1e", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "ae58ea8e-a23d-440d-8469-dc7f3f3f3e1e", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.16.2" + "panelIndex": "e3625770-e6f9-45aa-810a-ea7d32c48b74", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Host Selector", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "host.hostname", + "id": "1644314837318", + "indexPatternRefName": "control_0_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "bf059760-95e6-46c2-bdc1-547af136837d", - "w": 16, - "x": 0, - "y": 8 + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "ae58ea8e-a23d-440d-8469-dc7f3f3f3e1e", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "ae58ea8e-a23d-440d-8469-dc7f3f3f3e1e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Total Vulnerabilities", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true }, - "panelIndex": "bf059760-95e6-46c2-bdc1-547af136837d", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.16.2" + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.vulnerability.custom_hash", + "customLabel": "Total Vulnerabilities" + }, + "schema": "metric" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", + "language": "kuery" }, - "gridData": { - "h": 12, - "i": "4ecd24fc-90c0-42cf-9137-8e04474a0b9a", - "w": 16, - "x": 16, - "y": 8 + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + }, + "gridData": { + "h": 12, + "i": "bf059760-95e6-46c2-bdc1-547af136837d", + "w": 16, + "x": 0, + "y": 8 + }, + "panelIndex": "bf059760-95e6-46c2-bdc1-547af136837d", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Total Active Vulnerabilities", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true }, - "panelIndex": "4ecd24fc-90c0-42cf-9137-8e04474a0b9a", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.16.2" + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.vulnerability.custom_hash", + "customLabel": "Total Active Vulnerabilities" + }, + "schema": "metric" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", + "language": "kuery" }, - "gridData": { - "h": 12, - "i": "6c43b47d-95bf-441e-ad97-43fa4caa3e1e", - "w": 16, - "x": 32, - "y": 8 + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "tenable_sc.vulnerability.patch.is_published", + "negate": false, + "params": { + "query": false + }, + "type": "phrase", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" + }, + "query": { + "match_phrase": { + "tenable_sc.vulnerability.patch.is_published": false + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + }, + "gridData": { + "h": 12, + "i": "4ecd24fc-90c0-42cf-9137-8e04474a0b9a", + "w": 16, + "x": 16, + "y": 8 + }, + "panelIndex": "4ecd24fc-90c0-42cf-9137-8e04474a0b9a", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Total Patched Vulnerabilities", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true }, - "panelIndex": "6c43b47d-95bf-441e-ad97-43fa4caa3e1e", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.16.2" + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "d9013e57-9763-4ee5-ab25-2b0105ca4553", - "w": 48, - "x": 0, - "y": 20 + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.vulnerability.custom_hash", + "customLabel": "Total Patched Vulnerabilities" + }, + "schema": "metric" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", + "language": "kuery" }, - "panelIndex": "d9013e57-9763-4ee5-ab25-2b0105ca4553", - "panelRefName": "panel_5", - "type": "search", - "version": "7.16.2" + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "tenable_sc.vulnerability.patch.is_published", + "negate": false, + "params": { + "query": true + }, + "type": "phrase", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" + }, + "query": { + "match_phrase": { + "tenable_sc.vulnerability.patch.is_published": true + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + }, + "gridData": { + "h": 12, + "i": "6c43b47d-95bf-441e-ad97-43fa4caa3e1e", + "w": 16, + "x": 32, + "y": 8 + }, + "panelIndex": "6c43b47d-95bf-441e-ad97-43fa4caa3e1e", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "d9013e57-9763-4ee5-ab25-2b0105ca4553", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "d9013e57-9763-4ee5-ab25-2b0105ca4553", + "panelRefName": "panel_5", + "type": "search", + "version": "7.16.2" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Top 10 Vulnerabilities by VPR Score", + "description": "", + "uiState": {}, + "params": { + "type": "histogram", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": false, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "VPR Score" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "histogram", + "mode": "stacked", + "data": { + "label": "VPR Score", + "id": "1" + }, + "interpolate": "linear", + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "showCircles": true, + "circlesRadius": 3 + } + ], + "radiusRatio": 0, + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "temperature" + }, + "addLegend": true, + "legendPosition": "right", + "times": [], + "addTimeMarker": false, + "truncateLegend": true, + "maxLegendLines": 1, + "labels": { + "show": false + }, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "top_hits", + "params": { + "field": "tenable_sc.vulnerability.vpr.score", + "aggregate": "max", + "size": 10, + "sortField": "tenable_sc.vulnerability.vpr.score", + "sortOrder": "desc", + "json": "{\"sort\" : [{ \"tenable_sc.vulnerability.vpr.score\" : {\"unmapped_type\" : \"long\"} }]}", + "customLabel": "VPR Score" + }, + "schema": "metric" }, - "gridData": { - "h": 14, - "i": "d4ddeb5d-9d99-4163-9954-6aa50de01147", - "w": 16, - "x": 0, - "y": 38 + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.vulnerability.custom_hash", + "orderBy": "_key", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Vulnerability ID" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", + "language": "kuery" }, - "panelIndex": "d4ddeb5d-9d99-4163-9954-6aa50de01147", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "tenable_sc.vulnerability.vpr.score", + "negate": false, + "type": "exists", + "value": "exists", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" + }, + "query": { + "exists": { + "field": "tenable_sc.vulnerability.vpr.score" + } } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + }, + "gridData": { + "h": 14, + "i": "d4ddeb5d-9d99-4163-9954-6aa50de01147", + "w": 16, + "x": 0, + "y": 38 + }, + "panelIndex": "d4ddeb5d-9d99-4163-9954-6aa50de01147", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Tenable SC] Distribution of Vulnerabilities by Severity", + "description": "", + "uiState": {}, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.vulnerability.custom_hash", + "customLabel": "Count" + }, + "schema": "metric" }, - "gridData": { - "h": 14, - "i": "e6f63aa5-1f62-4d6e-b903-6d0c96926bb8", - "w": 16, - "x": 16, - "y": 38 + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "vulnerability.severity", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Severity" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", + "language": "kuery" }, - "panelIndex": "e6f63aa5-1f62-4d6e-b903-6d0c96926bb8", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.16.2" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + }, + "gridData": { + "h": 14, + "i": "e6f63aa5-1f62-4d6e-b903-6d0c96926bb8", + "w": 16, + "x": 16, + "y": 38 + }, + "panelIndex": "e6f63aa5-1f62-4d6e-b903-6d0c96926bb8", + "type": "visualization", + "version": "7.14.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Top 10 Vulnerable IPs", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.vulnerability.custom_hash", + "customLabel": "Count" + }, + "schema": "metric" }, - "gridData": { - "h": 14, - "i": "13b27c09-267b-42f4-a67b-8a407a5b380c", - "w": 16, - "x": 32, - "y": 38 + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.vulnerability.ip", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Top Vulnerable IPs" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", + "language": "kuery" }, - "panelIndex": "13b27c09-267b-42f4-a67b-8a407a5b380c", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.16.2" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } - ], - "timeRestore": false, - "title": "[Tenable SC] Vulnerabilities", - "version": 1 + } + }, + "gridData": { + "h": 14, + "i": "13b27c09-267b-42f4-a67b-8a407a5b380c", + "w": 16, + "x": 32, + "y": 38 + }, + "panelIndex": "13b27c09-267b-42f4-a67b-8a407a5b380c", + "type": "visualization", + "version": "7.14.0" + } + ], + "timeRestore": false, + "title": "[Tenable SC] Vulnerabilities", + "version": 1 + }, + "references": [ + { + "id": "tenable_sc-e23be000-8970-11ec-a56b-9fd8deec1ba2", + "name": "panel_5", + "type": "search" }, - "coreMigrationVersion": "7.16.2", - "id": "tenable_sc-b9b277f0-2c11-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "dashboard": "7.16.0" + { + "type": "index-pattern", + "name": "e3625770-e6f9-45aa-810a-ea7d32c48b74:control_0_index_pattern", + "id": "logs-*" }, - "references": [ - { - "id": "tenable_sc-d27cc590-88c5-11ec-a56b-9fd8deec1ba2", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "tenable_sc-2b883920-88c7-11ec-a56b-9fd8deec1ba2", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "tenable_sc-5bc40b40-2c16-11ec-b3e0-f3fd7c471f4b", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "tenable_sc-d4fe2930-2c13-11ec-b3e0-f3fd7c471f4b", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "tenable_sc-20a11b40-2c14-11ec-b3e0-f3fd7c471f4b", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "tenable_sc-e23be000-8970-11ec-a56b-9fd8deec1ba2", - "name": "panel_5", - "type": "search" - }, - { - "id": "tenable_sc-eccc5090-2cd2-11ec-af51-75b163cdcc43", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "tenable_sc-7a7c8900-2c15-11ec-b3e0-f3fd7c471f4b", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "tenable_sc-8f3552c0-2c13-11ec-b3e0-f3fd7c471f4b", - "name": "panel_8", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "ae58ea8e-a23d-440d-8469-dc7f3f3f3e1e:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bf059760-95e6-46c2-bdc1-547af136837d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4ecd24fc-90c0-42cf-9137-8e04474a0b9a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4ecd24fc-90c0-42cf-9137-8e04474a0b9a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6c43b47d-95bf-441e-ad97-43fa4caa3e1e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6c43b47d-95bf-441e-ad97-43fa4caa3e1e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d4ddeb5d-9d99-4163-9954-6aa50de01147:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d4ddeb5d-9d99-4163-9954-6aa50de01147:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "e6f63aa5-1f62-4d6e-b903-6d0c96926bb8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13b27c09-267b-42f4-a67b-8a407a5b380c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/tenable_sc/kibana/dashboard/tenable_sc-d340bc30-30bd-11ec-b7d2-eba3454d2335.json b/packages/tenable_sc/kibana/dashboard/tenable_sc-d340bc30-30bd-11ec-b7d2-eba3454d2335.json index 19c97e58cf6..0115cb6b5f7 100644 --- a/packages/tenable_sc/kibana/dashboard/tenable_sc-d340bc30-30bd-11ec-b7d2-eba3454d2335.json +++ b/packages/tenable_sc/kibana/dashboard/tenable_sc-d340bc30-30bd-11ec-b7d2-eba3454d2335.json @@ -1,149 +1,472 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "tenable_sc-d340bc30-30bd-11ec-b7d2-eba3454d2335", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T06:57:14.541Z", + "version": "WzY0NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 0, + "w": 24, + "h": 15, + "i": "16dcc5a1-aa4f-4f44-940b-7917b408c492" }, - "panelsJSON": [ - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 0, - "w": 24, - "h": 15, - "i": "16dcc5a1-aa4f-4f44-940b-7917b408c492" + "panelIndex": "16dcc5a1-aa4f-4f44-940b-7917b408c492", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Total Assets", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true }, - "panelIndex": "16dcc5a1-aa4f-4f44-940b-7917b408c492", - "embeddableConfig": { - "enhancements": {} + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } + }, + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.asset.custom_hash", + "customLabel": "Total Assets" + }, + "schema": "metric" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.asset\"", + "language": "kuery" }, - "panelRefName": "panel_0" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 0, + "w": 24, + "h": 15, + "i": "09f26c22-2342-406d-bec0-7f42203e3c80" + }, + "panelIndex": "09f26c22-2342-406d-bec0-7f42203e3c80", + "embeddableConfig": { + "vis": { + "legendOpen": true + }, + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Distribution of Assets by Repository data format", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 0, - "w": 24, - "h": 15, - "i": "09f26c22-2342-406d-bec0-7f42203e3c80" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.asset.custom_hash", + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "09f26c22-2342-406d-bec0-7f42203e3c80", - "embeddableConfig": { - "vis": { - "legendOpen": true - }, - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.asset.repository.data_format", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Repository data format" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.asset\" ", + "language": "kuery" }, - "panelRefName": "panel_1" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 15, + "w": 24, + "h": 15, + "i": "48d83932-2136-42fc-bf36-2b332dceebba" + }, + "panelIndex": "48d83932-2136-42fc-bf36-2b332dceebba", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Tenable SC] Distribution of Assets by Policy Name", + "description": "", + "uiState": {}, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 15, - "w": 24, - "h": 15, - "i": "48d83932-2136-42fc-bf36-2b332dceebba" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.asset.custom_hash", + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "48d83932-2136-42fc-bf36-2b332dceebba", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.asset.policy.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Policy Name" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.asset\" ", + "language": "kuery" }, - "panelRefName": "panel_2" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 15, + "w": 24, + "h": 15, + "i": "972fc33f-ca09-4df7-a8a1-2c26a8df9ab6" + }, + "panelIndex": "972fc33f-ca09-4df7-a8a1-2c26a8df9ab6", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Tenable SC] Top 10 DNS Names", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "" }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 24, - "h": 15, - "i": "972fc33f-ca09-4df7-a8a1-2c26a8df9ab6" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.asset.custom_hash", + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "972fc33f-ca09-4df7-a8a1-2c26a8df9ab6", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.asset.dns.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "DNS Name" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.asset\"", + "language": "kuery" }, - "panelRefName": "panel_3" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 30, + "w": 24, + "h": 15, + "i": "9ed95605-e96d-4fcd-b202-f53a565ade4a" + }, + "panelIndex": "9ed95605-e96d-4fcd-b202-f53a565ade4a", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Tenable SC] Distribution of Assets in Repositories", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 30, - "w": 24, - "h": 15, - "i": "9ed95605-e96d-4fcd-b202-f53a565ade4a" + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "tenable_sc.asset.custom_hash", + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "9ed95605-e96d-4fcd-b202-f53a565ade4a", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "tenable_sc.asset.repository.name", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Repository Name" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"tenable_sc.asset\"", + "language": "kuery" }, - "panelRefName": "panel_4" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } - ], - "timeRestore": false, - "title": "[Tenable SC] Assets", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-d340bc30-30bd-11ec-b7d2-eba3454d2335", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "tenable_sc-8b4a4cd0-30bc-11ec-b7d2-eba3454d2335", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "tenable_sc-b1c8bb30-30bc-11ec-b7d2-eba3454d2335", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "tenable_sc-5de3dfd0-30bd-11ec-b7d2-eba3454d2335", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "tenable_sc-c16a8ae0-30bd-11ec-b7d2-eba3454d2335", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "tenable_sc-773a1570-323a-11ec-b7d2-eba3454d2335", - "name": "panel_4", - "type": "visualization" + } } + } ], - "type": "dashboard", - "updated_at": "2021-10-21T08:12:17.267Z", - "version": "WzM0NjgsMV0=" + "timeRestore": false, + "title": "[Tenable SC] Assets", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "16dcc5a1-aa4f-4f44-940b-7917b408c492:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "09f26c22-2342-406d-bec0-7f42203e3c80:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48d83932-2136-42fc-bf36-2b332dceebba:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "972fc33f-ca09-4df7-a8a1-2c26a8df9ab6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9ed95605-e96d-4fcd-b202-f53a565ade4a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-12120d60-2c0e-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-12120d60-2c0e-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 0bc7cc8063a..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-12120d60-2c0e-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.plugin\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "tenable_sc.plugin.solution", - "negate": true, - "params": { - "query": "" - }, - "type": "phrase", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - }, - "query": { - "match_phrase": { - "tenable_sc.plugin.solution": "" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Top 10 Most Common Solutions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Top 10 Most Common Solutions", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.plugin.solution", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Most Common Solutions" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "tenable_sc-12120d60-2c0e-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-14T09:47:28.992Z", - "version": "WzI0MTg4LDZd" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-20a11b40-2c14-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-20a11b40-2c14-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 2ae4515acc6..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-20a11b40-2c14-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "tenable_sc.vulnerability.patch.is_published", - "negate": false, - "params": { - "query": true - }, - "type": "phrase", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "match_phrase": { - "tenable_sc.vulnerability.patch.is_published": true - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Total Patched Vulnerabilities", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Total Patched Vulnerabilities", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.vulnerability.custom_hash", - "customLabel": "Total Patched Vulnerabilities" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-20a11b40-2c14-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T11:23:26.501Z", - "version": "WzUzNDQsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-2b883920-88c7-11ec-a56b-9fd8deec1ba2.json b/packages/tenable_sc/kibana/visualization/tenable_sc-2b883920-88c7-11ec-a56b-9fd8deec1ba2.json deleted file mode 100644 index 243dc0a9098..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-2b883920-88c7-11ec-a56b-9fd8deec1ba2.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Tenable SC] Host Selector", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "host.hostname", - "id": "1644314837318", - "indexPatternRefName": "control_0_index_pattern", - "label": "Hostname", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "[Tenable SC] Host Selector", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "tenable_sc-2b883920-88c7-11ec-a56b-9fd8deec1ba2", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-578e2360-2c0e-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-578e2360-2c0e-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 786ea16985f..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-578e2360-2c0e-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.plugin\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Distribution of Plugins by Plugin Type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Distribution of Plugins by Plugin Type", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.plugin.id", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.plugin.type", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Plugin Type" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-578e2360-2c0e-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T09:26:13.313Z", - "version": "WzQwMjAsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-5bc40b40-2c16-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-5bc40b40-2c16-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index f0352a61794..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-5bc40b40-2c16-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Total Vulnerabilities", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Total Vulnerabilities", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.vulnerability.custom_hash", - "customLabel": "Total Vulnerabilities" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-5bc40b40-2c16-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T09:35:11.519Z", - "version": "WzQyNjYsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-5de3dfd0-30bd-11ec-b7d2-eba3454d2335.json b/packages/tenable_sc/kibana/visualization/tenable_sc-5de3dfd0-30bd-11ec-b7d2-eba3454d2335.json deleted file mode 100644 index b8a124c5541..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-5de3dfd0-30bd-11ec-b7d2-eba3454d2335.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.asset\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Distribution of Assets by Policy Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Distribution of Assets by Policy Name", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.asset.custom_hash", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.asset.policy.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Policy Name" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-5de3dfd0-30bd-11ec-b7d2-eba3454d2335", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-21T08:10:56.520Z", - "version": "WzM0MTcsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-68ce24a0-2c0d-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-68ce24a0-2c0d-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 75557840997..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-68ce24a0-2c0d-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.plugin\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Total Plugins", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Total Plugins", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.plugin.id", - "customLabel": "Total Plugins" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-68ce24a0-2c0d-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-11T08:35:06.953Z", - "version": "WzkyMCwxXQ==" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-773a1570-323a-11ec-b7d2-eba3454d2335.json b/packages/tenable_sc/kibana/visualization/tenable_sc-773a1570-323a-11ec-b7d2-eba3454d2335.json deleted file mode 100644 index 253dd168cb0..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-773a1570-323a-11ec-b7d2-eba3454d2335.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.asset\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Distribution of Assets in Repositories", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Tenable SC] Distribution of Assets in Repositories", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.asset.custom_hash", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.asset.repository.name", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Repository Name" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-773a1570-323a-11ec-b7d2-eba3454d2335", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-21T08:15:11.635Z", - "version": "WzM2MzQsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-7a7c8900-2c15-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-7a7c8900-2c15-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 62bf1930650..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-7a7c8900-2c15-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Distribution of Vulnerabilities by Severity", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Distribution of Vulnerabilities by Severity", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.vulnerability.custom_hash", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "vulnerability.severity", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Severity" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-7a7c8900-2c15-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T09:35:11.519Z", - "version": "WzQyNzAsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-8b4a4cd0-30bc-11ec-b7d2-eba3454d2335.json b/packages/tenable_sc/kibana/visualization/tenable_sc-8b4a4cd0-30bc-11ec-b7d2-eba3454d2335.json deleted file mode 100644 index 06bd71370b5..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-8b4a4cd0-30bc-11ec-b7d2-eba3454d2335.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.asset\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Total Assets", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Total Assets", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.asset.custom_hash", - "customLabel": "Total Assets" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-8b4a4cd0-30bc-11ec-b7d2-eba3454d2335", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-21T06:27:59.104Z", - "version": "WzI1OTYsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-8dd5b500-2c0e-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-8dd5b500-2c0e-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index c759579cff8..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-8dd5b500-2c0e-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.plugin\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Distribution of Plugins based on Risk Factors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Distribution of Plugins based on Risk Factors", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.plugin.id", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.plugin.risk_factor", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Risk Factors" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-8dd5b500-2c0e-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T09:26:13.313Z", - "version": "WzQwMjEsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-8f3552c0-2c13-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-8f3552c0-2c13-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 7bb1bd81532..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-8f3552c0-2c13-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Top 10 Vulnerable IPs", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Top 10 Vulnerable IPs", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.vulnerability.custom_hash", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.vulnerability.ip", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Top Vulnerable IPs" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "" - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-8f3552c0-2c13-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T09:35:11.519Z", - "version": "WzQyNzEsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-b1c8bb30-30bc-11ec-b7d2-eba3454d2335.json b/packages/tenable_sc/kibana/visualization/tenable_sc-b1c8bb30-30bc-11ec-b7d2-eba3454d2335.json deleted file mode 100644 index 87c8d3aefc2..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-b1c8bb30-30bc-11ec-b7d2-eba3454d2335.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.asset\" ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Distribution of Assets by Repository data format", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Tenable SC] Distribution of Assets by Repository data format", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.asset.custom_hash", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.asset.repository.data_format", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Repository data format" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-b1c8bb30-30bc-11ec-b7d2-eba3454d2335", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-21T08:09:50.493Z", - "version": "WzMzNzAsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-c16a8ae0-30bd-11ec-b7d2-eba3454d2335.json b/packages/tenable_sc/kibana/visualization/tenable_sc-c16a8ae0-30bd-11ec-b7d2-eba3454d2335.json deleted file mode 100644 index 1359163ad0c..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-c16a8ae0-30bd-11ec-b7d2-eba3454d2335.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.asset\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Top 10 DNS Names", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Top 10 DNS Names", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.asset.custom_hash", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.asset.dns.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "DNS Name" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "" - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-c16a8ae0-30bd-11ec-b7d2-eba3454d2335", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-21T08:10:17.107Z", - "version": "WzMzOTAsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-c7547240-2c0d-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-c7547240-2c0d-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 0488ab1d555..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-c7547240-2c0d-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.plugin\" and tenable_sc.plugin.exploit.is_available : true ", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Total Plugins with exploit available", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Total Plugins with exploit available", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.plugin.id", - "customLabel": "Total Plugins with Exploit Available" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-c7547240-2c0d-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T09:26:13.313Z", - "version": "WzQwMTgsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-d27cc590-88c5-11ec-a56b-9fd8deec1ba2.json b/packages/tenable_sc/kibana/visualization/tenable_sc-d27cc590-88c5-11ec-a56b-9fd8deec1ba2.json deleted file mode 100644 index b0f3e8fc966..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-d27cc590-88c5-11ec-a56b-9fd8deec1ba2.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Tenable SC] Vulnerability Selector", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "vulnerability.id", - "id": "1644314295235", - "indexPatternRefName": "control_0_index_pattern", - "label": "Vulnerability ID", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "[Tenable SC] Vulnerability Selector", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.16.2", - "id": "tenable_sc-d27cc590-88c5-11ec-a56b-9fd8deec1ba2", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-d4fe2930-2c13-11ec-b3e0-f3fd7c471f4b.json b/packages/tenable_sc/kibana/visualization/tenable_sc-d4fe2930-2c13-11ec-b3e0-f3fd7c471f4b.json deleted file mode 100644 index 5157f300d25..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-d4fe2930-2c13-11ec-b3e0-f3fd7c471f4b.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "tenable_sc.vulnerability.patch.is_published", - "negate": false, - "params": { - "query": false - }, - "type": "phrase", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "match_phrase": { - "tenable_sc.vulnerability.patch.is_published": false - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Total Active Vulnerabilities", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Total Active Vulnerabilities", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.vulnerability.custom_hash", - "customLabel": "Total Active Vulnerabilities" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-d4fe2930-2c13-11ec-b3e0-f3fd7c471f4b", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T11:23:00.527Z", - "version": "WzUzMTEsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-dc64f5b0-2ccb-11ec-af51-75b163cdcc43.json b/packages/tenable_sc/kibana/visualization/tenable_sc-dc64f5b0-2ccb-11ec-af51-75b163cdcc43.json deleted file mode 100644 index a71fa12e9ab..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-dc64f5b0-2ccb-11ec-af51-75b163cdcc43.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.plugin\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "tenable_sc.plugin.is_patch_published", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "tenable_sc.plugin.is_patch_published" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Plugin vulnerabilities with and without Patches", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Plugin vulnerabilities with and without Patches", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "tenable_sc.plugin.id", - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "filters", - "params": { - "filters": [ - { - "input": { - "query": "tenable_sc.plugin.is_patch_published : false ", - "language": "kuery" - }, - "label": "Vulnerabilities without Patches" - }, - { - "input": { - "query": "tenable_sc.plugin.is_patch_published : true ", - "language": "kuery" - }, - "label": "Vulnerabilities with Patches" - } - ] - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-dc64f5b0-2ccb-11ec-af51-75b163cdcc43", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-10-26T11:20:51.927Z", - "version": "WzUyNjEsMV0=" -} \ No newline at end of file diff --git a/packages/tenable_sc/kibana/visualization/tenable_sc-eccc5090-2cd2-11ec-af51-75b163cdcc43.json b/packages/tenable_sc/kibana/visualization/tenable_sc-eccc5090-2cd2-11ec-af51-75b163cdcc43.json deleted file mode 100644 index d0c06a139be..00000000000 --- a/packages/tenable_sc/kibana/visualization/tenable_sc-eccc5090-2cd2-11ec-af51-75b163cdcc43.json +++ /dev/null @@ -1,183 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"tenable_sc.vulnerability\" ", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "tenable_sc.vulnerability.vpr.score", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "tenable_sc.vulnerability.vpr.score" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Tenable SC] Top 10 Vulnerabilities by VPR Score", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Tenable SC] Top 10 Vulnerabilities by VPR Score", - "type": "histogram", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "top_hits", - "params": { - "field": "tenable_sc.vulnerability.vpr.score", - "aggregate": "max", - "size": 10, - "sortField": "tenable_sc.vulnerability.vpr.score", - "sortOrder": "desc", - "json": "{\"sort\" : [{ \"tenable_sc.vulnerability.vpr.score\" : {\"unmapped_type\" : \"long\"} }]}", - "customLabel": "VPR Score" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "tenable_sc.vulnerability.custom_hash", - "orderBy": "_key", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Vulnerability ID" - }, - "schema": "segment" - } - ], - "params": { - "type": "histogram", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": false, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "VPR Score" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "histogram", - "mode": "stacked", - "data": { - "label": "VPR Score", - "id": "1" - }, - "interpolate": "linear", - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "showCircles": true, - "circlesRadius": 3 - } - ], - "radiusRatio": 0, - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "temperature" - }, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": { - "show": false - }, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "tenable_sc-eccc5090-2cd2-11ec-af51-75b163cdcc43", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-16T08:25:19.158Z", - "version": "WzI2MzEsMV0=" -} \ No newline at end of file From 37f648cbbc10d686a6b33e8ea97c1640e187fefd Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:30:31 +0530 Subject: [PATCH 037/103] migrate zeek to by_value --- ...-7cbb5410-3700-11e9-aa6d-ff445a78330c.json | 866 ++++++++++++++---- ...-1df7ea80-370d-11e9-aa6d-ff445a78330c.json | 88 -- ...-466e5850-370d-11e9-aa6d-ff445a78330c.json | 88 -- ...-649acd40-370d-11e9-aa6d-ff445a78330c.json | 88 -- ...-9436c270-370d-11e9-aa6d-ff445a78330c.json | 88 -- ...-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json | 103 --- ...-e042fda0-370d-11e9-aa6d-ff445a78330c.json | 88 -- ...-f8c40810-370d-11e9-aa6d-ff445a78330c.json | 59 -- 8 files changed, 667 insertions(+), 801 deletions(-) delete mode 100644 packages/zeek/kibana/visualization/zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c.json delete mode 100644 packages/zeek/kibana/visualization/zeek-466e5850-370d-11e9-aa6d-ff445a78330c.json delete mode 100644 packages/zeek/kibana/visualization/zeek-649acd40-370d-11e9-aa6d-ff445a78330c.json delete mode 100644 packages/zeek/kibana/visualization/zeek-9436c270-370d-11e9-aa6d-ff445a78330c.json delete mode 100644 packages/zeek/kibana/visualization/zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json delete mode 100644 packages/zeek/kibana/visualization/zeek-e042fda0-370d-11e9-aa6d-ff445a78330c.json delete mode 100644 packages/zeek/kibana/visualization/zeek-f8c40810-370d-11e9-aa6d-ff445a78330c.json diff --git a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json index a60709aa737..2b4e315dec6 100644 --- a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json +++ b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json @@ -1,221 +1,689 @@ { - "attributes": { - "description": "Overview of Zeek", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:00:14.083Z", + "version": "WzYzNCwxXQ==", + "attributes": { + "description": "Overview of Zeek", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Transport [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 20 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "2", - "w": 16, - "x": 0, - "y": 20 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "3", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Protocols [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "4", - "w": 16, - "x": 32, - "y": 20 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Traffic Direction [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "5", - "w": 16, - "x": 0, - "y": 32 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.direction", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top DNS Domains [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "6", - "w": 16, - "x": 16, - "y": 32 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.dns.query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 16, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top URL Domains [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "7", - "w": 16, - "x": 32, - "y": 32 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "6", + "w": 16, + "x": 16, + "y": 32 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top SSL Servers [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "8", - "w": 48, - "x": 0, - "y": 44 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.ssl.server.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "7", + "w": 16, + "x": 32, + "y": 32 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Number of Sessions Overtime [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Geo [Logs Zeek]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 3.3505, - "lon": 10.89865, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 20, - "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "type": "map", - "version": "8.0.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ], - "timeRestore": false, - "title": "[Logs Zeek] Overview", - "version": 1 + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Geo [Logs Zeek]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 3.3505, + "lon": 10.89865, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 20, + "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", + "type": "map", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Logs Zeek] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb:layer_1_source_index_pattern", + "type": "index-pattern" }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "dashboard": "8.0.0" + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "references": [ - { - "id": "zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "zeek-466e5850-370d-11e9-aa6d-ff445a78330c", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "zeek-649acd40-370d-11e9-aa6d-ff445a78330c", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "zeek-9436c270-370d-11e9-aa6d-ff445a78330c", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "zeek-e042fda0-370d-11e9-aa6d-ff445a78330c", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "zeek-f8c40810-370d-11e9-aa6d-ff445a78330c", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 462bd85f7f1..00000000000 --- a/packages/zeek/kibana/visualization/zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Network Transport [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Transport [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-466e5850-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-466e5850-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 414ef94f960..00000000000 --- a/packages/zeek/kibana/visualization/zeek-466e5850-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Network Protocols [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Protocols [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-466e5850-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-649acd40-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-649acd40-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 9d1024ceb19..00000000000 --- a/packages/zeek/kibana/visualization/zeek-649acd40-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Network Traffic Direction [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.direction", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Traffic Direction [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-649acd40-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-9436c270-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-9436c270-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 531131972a4..00000000000 --- a/packages/zeek/kibana/visualization/zeek-9436c270-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Top DNS Domains [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "zeek.dns.query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top DNS Domains [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-9436c270-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index b68142d1752..00000000000 --- a/packages/zeek/kibana/visualization/zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Top URL Domains [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "buckets": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other" - } - }, - "params": {} - } - ], - "metric": { - "accessor": 1, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top URL Domains [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-e042fda0-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-e042fda0-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 204ebfdad97..00000000000 --- a/packages/zeek/kibana/visualization/zeek-e042fda0-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Top SSL Servers [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "zeek.ssl.server.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top SSL Servers [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-e042fda0-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-f8c40810-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-f8c40810-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index a8153a5b32a..00000000000 --- a/packages/zeek/kibana/visualization/zeek-f8c40810-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Number of Sessions Overtime [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Number of Sessions Overtime [Logs Zeek]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-f8c40810-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file From 8842ce43305e2c0ce5d9ca9d05de6d053b6b5b21 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:56:25 +0530 Subject: [PATCH 038/103] migrate zscaler_zia to by_value --- ...-66597790-4ded-11ec-ad09-d9f49962d407.json | 1446 ++++++++++++--- ...-85380a00-4de3-11ec-ad09-d9f49962d407.json | 1577 ++++++++++++++--- ...-9447f5b0-4eaf-11ec-9527-b704eaaa5c53.json | 824 +++++++-- ...-d4977590-4de8-11ec-ad09-d9f49962d407.json | 504 ++++-- ...-48a188a0-4de8-11ec-ad09-d9f49962d407.json | 123 -- ...-0334d8c0-4de4-11ec-ad09-d9f49962d407.json | 174 -- ...-05cc16a0-4eae-11ec-9527-b704eaaa5c53.json | 71 - ...-2958ae90-4de5-11ec-ad09-d9f49962d407.json | 146 -- ...-2c8eb9f0-4eae-11ec-9527-b704eaaa5c53.json | 89 - ...-35612ae0-4de6-11ec-ad09-d9f49962d407.json | 173 -- ...-3faec910-4ded-11ec-ad09-d9f49962d407.json | 207 --- ...-4d4b4fa0-4eae-11ec-9527-b704eaaa5c53.json | 89 - ...-4e583660-4deb-11ec-ad09-d9f49962d407.json | 71 - ...-5b68c940-4eaf-11ec-9527-b704eaaa5c53.json | 173 -- ...-5ebff250-4de5-11ec-ad09-d9f49962d407.json | 167 -- ...-63155460-4e82-11ec-ad09-d9f49962d407.json | 150 -- ...-652829d0-4eb9-11ec-9527-b704eaaa5c53.json | 71 - ...-68d16b80-4de4-11ec-ad09-d9f49962d407.json | 174 -- ...-6d29cc50-4de8-11ec-ad09-d9f49962d407.json | 89 - ...-72169a60-4deb-11ec-ad09-d9f49962d407.json | 71 - ...-7a0a40d0-4de3-11ec-ad09-d9f49962d407.json | 102 -- ...-8058c4e0-4eae-11ec-9527-b704eaaa5c53.json | 89 - ...-91813c00-4de8-11ec-ad09-d9f49962d407.json | 89 - ...-9e6d2890-4deb-11ec-ad09-d9f49962d407.json | 71 - ...-a536b890-4e80-11ec-ad09-d9f49962d407.json | 174 -- ...-a9ac0260-4de3-11ec-ad09-d9f49962d407.json | 98 - ...-bcddbd40-4ead-11ec-9527-b704eaaa5c53.json | 71 - ...-bd00f230-4de8-11ec-ad09-d9f49962d407.json | 147 -- ...-c8b23580-4de3-11ec-ad09-d9f49962d407.json | 71 - ...-da1734d0-4deb-11ec-ad09-d9f49962d407.json | 71 - ...-db1241f0-4e80-11ec-ad09-d9f49962d407.json | 147 -- ...-dff0d0b0-4dea-11ec-ad09-d9f49962d407.json | 102 -- ...-e4f2aa20-4ead-11ec-9527-b704eaaa5c53.json | 71 - ...-e54e9f20-4de4-11ec-ad09-d9f49962d407.json | 146 -- ...-f5a2e730-4deb-11ec-ad09-d9f49962d407.json | 71 - 35 files changed, 3606 insertions(+), 4303 deletions(-) delete mode 100644 packages/zscaler_zia/kibana/map/zscaler_zia-48a188a0-4de8-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-0334d8c0-4de4-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-05cc16a0-4eae-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-2958ae90-4de5-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-2c8eb9f0-4eae-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-35612ae0-4de6-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-3faec910-4ded-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-4d4b4fa0-4eae-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-4e583660-4deb-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-5b68c940-4eaf-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-5ebff250-4de5-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-63155460-4e82-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-652829d0-4eb9-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-68d16b80-4de4-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-6d29cc50-4de8-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-72169a60-4deb-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-7a0a40d0-4de3-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-8058c4e0-4eae-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-91813c00-4de8-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-9e6d2890-4deb-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-a536b890-4e80-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-a9ac0260-4de3-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-bcddbd40-4ead-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-bd00f230-4de8-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-c8b23580-4de3-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-da1734d0-4deb-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-db1241f0-4e80-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-dff0d0b0-4dea-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-e4f2aa20-4ead-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-e54e9f20-4de4-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zia/kibana/visualization/zscaler_zia-f5a2e730-4deb-11ec-ad09-d9f49962d407.json diff --git a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-66597790-4ded-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-66597790-4ded-11ec-ad09-d9f49962d407.json index 6bec1ec3877..41ca6d9e1b4 100644 --- a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-66597790-4ded-11ec-ad09-d9f49962d407.json +++ b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-66597790-4ded-11ec-ad09-d9f49962d407.json @@ -1,288 +1,1228 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "zscaler_zia-66597790-4ded-11ec-ad09-d9f49962d407", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:26:11.116Z", + "version": "WzYxNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Total Threats detected by Firewall", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Threats", + "field": "zscaler_zia.firewall.threat.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "zscaler_zia.firewall.threat.name", + "negate": true, + "params": { + "query": "None" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "zscaler_zia.firewall.threat.name": "None" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "06eebe5f-c6d6-4bc3-910c-dfb31b4eed15", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "06eebe5f-c6d6-4bc3-910c-dfb31b4eed15", - "w": 24, - "x": 0, - "y": 0 + "panelIndex": "06eebe5f-c6d6-4bc3-910c-dfb31b4eed15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Threats detected by Firewall", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "06eebe5f-c6d6-4bc3-910c-dfb31b4eed15", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Name", + "field": "zscaler_zia.firewall.threat.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "zscaler_zia.firewall.threat.name", + "negate": true, + "params": { + "query": "None" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "zscaler_zia.firewall.threat.name": "None" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "bd3fd0c0-bb65-48d3-abe6-00fa3513cfeb", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "bd3fd0c0-bb65-48d3-abe6-00fa3513cfeb", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Destination Country", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "horizontal_bar", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "bd3fd0c0-bb65-48d3-abe6-00fa3513cfeb", - "w": 24, - "x": 24, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Country", + "field": "destination.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3263f825-0d4b-4579-865a-29901566da89", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3263f825-0d4b-4579-865a-29901566da89", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 rule", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "bd3fd0c0-bb65-48d3-abe6-00fa3513cfeb", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Rules", + "exclude": "None", + "field": "rule.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 9 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "fd1d5738-f049-4d39-8a9c-c99f00026abc", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "fd1d5738-f049-4d39-8a9c-c99f00026abc", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Server Source IP", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "3263f825-0d4b-4579-865a-29901566da89", - "w": 24, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Server Source IP", + "field": "zscaler_zia.firewall.server.source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "14e74949-6df9-4178-bd6c-fb3f2af4e44f", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "14e74949-6df9-4178-bd6c-fb3f2af4e44f", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Tunnel IPs", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "3263f825-0d4b-4579-865a-29901566da89", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Tunnel IPs", + "field": "zscaler_zia.firewall.tunnel.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "f54d9f84-ff3e-4246-9d53-af54076bacf4", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "f54d9f84-ff3e-4246-9d53-af54076bacf4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Client Source IP", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "fd1d5738-f049-4d39-8a9c-c99f00026abc", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 21, + "i": "a2629365-4540-4700-abd5-299070e39233", + "w": 16, + "x": 32, + "y": 48 + }, + "panelIndex": "a2629365-4540-4700-abd5-299070e39233", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Server Destination IP", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "fd1d5738-f049-4d39-8a9c-c99f00026abc", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Server Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 21, + "i": "90e1564e-ec66-4a1f-9416-53a3fef9b577", + "w": 16, + "x": 0, + "y": 48 + }, + "panelIndex": "90e1564e-ec66-4a1f-9416-53a3fef9b577", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Client Destination IP", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 18, - "i": "14e74949-6df9-4178-bd6c-fb3f2af4e44f", - "w": 24, - "x": 0, - "y": 30 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client Destination IP", + "field": "zscaler_zia.firewall.client.destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } + } + } + }, + "gridData": { + "h": 21, + "i": "ff526e93-a3f7-4155-b493-bb0427f87001", + "w": 16, + "x": 16, + "y": 48 + }, + "panelIndex": "ff526e93-a3f7-4155-b493-bb0427f87001", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 7, + "width": 123.44444444444446 }, - "panelIndex": "14e74949-6df9-4178-bd6c-fb3f2af4e44f", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "colIndex": 4, + "width": 230.56944444444446 }, - "gridData": { - "h": 18, - "i": "f54d9f84-ff3e-4246-9d53-af54076bacf4", - "w": 24, - "x": 24, - "y": 30 + { + "colIndex": 1, + "width": 150.56944444444443 }, - "panelIndex": "f54d9f84-ff3e-4246-9d53-af54076bacf4", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "colIndex": 0, + "width": 164.40277777777774 }, - "gridData": { - "h": 21, - "i": "a2629365-4540-4700-abd5-299070e39233", - "w": 16, - "x": 32, - "y": 48 + { + "colIndex": 6, + "width": 109.0027777777778 }, - "panelIndex": "a2629365-4540-4700-abd5-299070e39233", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "colIndex": 5, + "width": 110.75277777777777 + }, + { + "colIndex": 8, + "width": 90.08611111111111 }, - "gridData": { - "h": 21, - "i": "90e1564e-ec66-4a1f-9416-53a3fef9b577", - "w": 16, - "x": 0, - "y": 48 + { + "colIndex": 3, + "width": 176.5861111111111 }, - "panelIndex": "90e1564e-ec66-4a1f-9416-53a3fef9b577", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.16.2" + { + "colIndex": 2, + "width": 222.58611111111122 + } + ] + } + }, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of Firewall Events by Threat Category, IP Category, Traffic Forwarding Method, network application that accessed web, Destination NAT policy applied, Action, Department, Location, Used Protocol", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "ff526e93-a3f7-4155-b493-bb0427f87001", - "w": 16, - "x": 16, - "y": 48 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Category", + "field": "zscaler_zia.firewall.threat.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "ff526e93-a3f7-4155-b493-bb0427f87001", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.16.2" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "params": { - "colWidth": [ - { - "colIndex": 7, - "width": 123.44444444444446 - }, - { - "colIndex": 4, - "width": 230.56944444444446 - }, - { - "colIndex": 1, - "width": 150.56944444444443 - }, - { - "colIndex": 0, - "width": 164.40277777777774 - }, - { - "colIndex": 6, - "width": 109.0027777777778 - }, - { - "colIndex": 5, - "width": 110.75277777777777 - }, - { - "colIndex": 8, - "width": 90.08611111111111 - }, - { - "colIndex": 3, - "width": 176.5861111111111 - }, - { - "colIndex": 2, - "width": 222.58611111111122 - } - ] - } - } + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "IP Category", + "field": "zscaler_zia.firewall.ip_category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Traffic Forwarding Method", + "field": "zscaler_zia.firewall.tunnel.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 15, - "i": "89b6c2a3-3ae8-4bfc-9af0-0711f588ce30", - "w": 48, - "x": 0, - "y": 69 + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Application Name", + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "89b6c2a3-3ae8-4bfc-9af0-0711f588ce30", - "panelRefName": "panel_9", - "title": "[Zscaler] [ZIA] Distribution of Firewall Events by Threat Category, IP Category, Traffic Forwarding Method, Application, Destination NAT policy applied, Action, Department, Location, Used Protocol", - "type": "visualization", - "version": "7.16.2" + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination NAT policy applied", + "field": "zscaler_zia.firewall.nat", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "10", + "params": { + "customLabel": "Location", + "field": "zscaler_zia.firewall.location.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Department", + "field": "zscaler_zia.firewall.department", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Protocol Used", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.firewall\"" + } + } } - ], - "timeRestore": false, - "title": "[Zscaler] [ZIA] Firewall Logs", - "version": 1 - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-66597790-4ded-11ec-ad09-d9f49962d407", - "migrationVersion": { - "dashboard": "8.1.0" - }, - "references": [ - { - "id": "zscaler_zia-dff0d0b0-4dea-11ec-ad09-d9f49962d407", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "zscaler_zia-a536b890-4e80-11ec-ad09-d9f49962d407", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "zscaler_zia-db1241f0-4e80-11ec-ad09-d9f49962d407", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "zscaler_zia-63155460-4e82-11ec-ad09-d9f49962d407", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "zscaler_zia-72169a60-4deb-11ec-ad09-d9f49962d407", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "zscaler_zia-4e583660-4deb-11ec-ad09-d9f49962d407", - "name": "panel_5", - "type": "visualization" + } }, - { - "id": "zscaler_zia-da1734d0-4deb-11ec-ad09-d9f49962d407", - "name": "panel_6", - "type": "visualization" + "gridData": { + "h": 15, + "i": "89b6c2a3-3ae8-4bfc-9af0-0711f588ce30", + "w": 48, + "x": 0, + "y": 69 }, - { - "id": "zscaler_zia-9e6d2890-4deb-11ec-ad09-d9f49962d407", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "zscaler_zia-f5a2e730-4deb-11ec-ad09-d9f49962d407", - "name": "panel_8", - "type": "visualization" - }, - { - "id": "zscaler_zia-3faec910-4ded-11ec-ad09-d9f49962d407", - "name": "panel_9", - "type": "visualization" - } + "panelIndex": "89b6c2a3-3ae8-4bfc-9af0-0711f588ce30", + "title": "[Zscaler] [ZIA] Distribution of Firewall Events by Threat Category, IP Category, Traffic Forwarding Method, Application, Destination NAT policy applied, Action, Department, Location, Used Protocol", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Zscaler] [ZIA] Firewall Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "06eebe5f-c6d6-4bc3-910c-dfb31b4eed15:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "06eebe5f-c6d6-4bc3-910c-dfb31b4eed15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bd3fd0c0-bb65-48d3-abe6-00fa3513cfeb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bd3fd0c0-bb65-48d3-abe6-00fa3513cfeb:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3263f825-0d4b-4579-865a-29901566da89:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd1d5738-f049-4d39-8a9c-c99f00026abc:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14e74949-6df9-4178-bd6c-fb3f2af4e44f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f54d9f84-ff3e-4246-9d53-af54076bacf4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a2629365-4540-4700-abd5-299070e39233:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "90e1564e-ec66-4a1f-9416-53a3fef9b577:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ff526e93-a3f7-4155-b493-bb0427f87001:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "89b6c2a3-3ae8-4bfc-9af0-0711f588ce30:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-85380a00-4de3-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-85380a00-4de3-11ec-ad09-d9f49962d407.json index 081b00ab99f..282fdf47804 100644 --- a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-85380a00-4de3-11ec-ad09-d9f49962d407.json +++ b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-85380a00-4de3-11ec-ad09-d9f49962d407.json @@ -1,243 +1,1370 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "zscaler_zia-85380a00-4de3-11ec-ad09-d9f49962d407", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:26:11.116Z", + "version": "WzYxNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Total Threats", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Threats", + "field": "zscaler_zia.web.threat.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "zscaler_zia.web.threat.name", + "negate": true, + "params": { + "query": "None" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "zscaler_zia.web.threat.name": "None" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "677982f9-75a5-4420-a0e4-65778e28370f", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "677982f9-75a5-4420-a0e4-65778e28370f", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "gridData": { + "h": 15, + "i": "677982f9-75a5-4420-a0e4-65778e28370f", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "677982f9-75a5-4420-a0e4-65778e28370f", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Threats by name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "329767e7-da25-44aa-ab86-b18b9f6e3a24", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "329767e7-da25-44aa-ab86-b18b9f6e3a24", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Name", + "field": "zscaler_zia.web.threat.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "zscaler_zia.web.threat.name", + "negate": true, + "params": { + "query": "None" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "zscaler_zia.web.threat.name": "None" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "329767e7-da25-44aa-ab86-b18b9f6e3a24", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "329767e7-da25-44aa-ab86-b18b9f6e3a24", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 App Name accessing Web", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "dbf7121d-902c-4979-a56a-aeecb89dc781", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "dbf7121d-902c-4979-a56a-aeecb89dc781", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "App Name", + "field": "zscaler_zia.web.app.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "dbf7121d-902c-4979-a56a-aeecb89dc781", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "dbf7121d-902c-4979-a56a-aeecb89dc781", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Rule Name", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4421e7b7-c2b0-4463-8646-03616ddfe9cb", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "4421e7b7-c2b0-4463-8646-03616ddfe9cb", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Rule Name", + "field": "rule.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "rule.name", + "negate": true, + "params": { + "query": "None" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "rule.name": "None" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4421e7b7-c2b0-4463-8646-03616ddfe9cb", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "4421e7b7-c2b0-4463-8646-03616ddfe9cb", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Rule type", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ade94ac6-4269-4d88-9e63-5295cee65475", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "ade94ac6-4269-4d88-9e63-5295cee65475", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Rule Type", + "field": "rule.ruleset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "rule.ruleset", + "negate": true, + "params": { + "query": "None" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "rule.ruleset": "None" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "ade94ac6-4269-4d88-9e63-5295cee65475", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ade94ac6-4269-4d88-9e63-5295cee65475", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Users", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "95e9a752-3269-4679-b1a8-3826fc6fd463", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "95e9a752-3269-4679-b1a8-3826fc6fd463", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "95e9a752-3269-4679-b1a8-3826fc6fd463", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "95e9a752-3269-4679-b1a8-3826fc6fd463", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 URL Categories", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1c2c054a-b244-4f93-84b2-68e4228a2956", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "1c2c054a-b244-4f93-84b2-68e4228a2956", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zscaler_zia.web.url.category.sub", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "1c2c054a-b244-4f93-84b2-68e4228a2956", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "1c2c054a-b244-4f93-84b2-68e4228a2956", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Protocol of Web Events Over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "35acb8fb-304a-4651-88fa-6f080c7b258b", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "35acb8fb-304a-4651-88fa-6f080c7b258b", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15y", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "35acb8fb-304a-4651-88fa-6f080c7b258b", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "35acb8fb-304a-4651-88fa-6f080c7b258b", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of Web Events by Action, Malware Category, App Class, Response Code, Department, Username, URL", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": true, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 22, - "i": "1f29cb86-55d1-4caa-b012-3d8e674fb401", - "w": 48, - "x": 0, - "y": 60 - }, - "panelIndex": "1f29cb86-55d1-4caa-b012-3d8e674fb401", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Username", + "field": "source.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Malware Category", + "field": "zscaler_zia.web.malware.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Application Class", + "field": "zscaler_zia.web.app.class", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Response Code", + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Department", + "field": "zscaler_zia.web.department", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "URL", + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\"" + } + } + } + } + }, + "gridData": { + "h": 22, + "i": "1f29cb86-55d1-4caa-b012-3d8e674fb401", + "w": 48, + "x": 0, + "y": 60 + }, + "panelIndex": "1f29cb86-55d1-4caa-b012-3d8e674fb401", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 failed URLs", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f2101d90-704b-46e5-b73a-567fb731bcda", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "f2101d90-704b-46e5-b73a-567fb731bcda", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "URL", + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.web\" and not http.response.status_code: \"200\"" + } + } } - ], - "timeRestore": false, - "title": "[Zscaler] [ZIA] Web Logs", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "f2101d90-704b-46e5-b73a-567fb731bcda", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "f2101d90-704b-46e5-b73a-567fb731bcda", + "type": "visualization", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Zscaler] [ZIA] Web Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "677982f9-75a5-4420-a0e4-65778e28370f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-85380a00-4de3-11ec-ad09-d9f49962d407", - "migrationVersion": { - "dashboard": "8.1.0" + { + "type": "index-pattern", + "name": "677982f9-75a5-4420-a0e4-65778e28370f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "references": [ - { - "id": "zscaler_zia-7a0a40d0-4de3-11ec-ad09-d9f49962d407", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "zscaler_zia-a9ac0260-4de3-11ec-ad09-d9f49962d407", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "zscaler_zia-c8b23580-4de3-11ec-ad09-d9f49962d407", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "zscaler_zia-68d16b80-4de4-11ec-ad09-d9f49962d407", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "zscaler_zia-0334d8c0-4de4-11ec-ad09-d9f49962d407", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "zscaler_zia-2958ae90-4de5-11ec-ad09-d9f49962d407", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "zscaler_zia-e54e9f20-4de4-11ec-ad09-d9f49962d407", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "zscaler_zia-5ebff250-4de5-11ec-ad09-d9f49962d407", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "zscaler_zia-35612ae0-4de6-11ec-ad09-d9f49962d407", - "name": "panel_8", - "type": "visualization" - }, - { - "id": "zscaler_zia-652829d0-4eb9-11ec-9527-b704eaaa5c53", - "name": "panel_9", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "329767e7-da25-44aa-ab86-b18b9f6e3a24:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "329767e7-da25-44aa-ab86-b18b9f6e3a24:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dbf7121d-902c-4979-a56a-aeecb89dc781:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4421e7b7-c2b0-4463-8646-03616ddfe9cb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4421e7b7-c2b0-4463-8646-03616ddfe9cb:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ade94ac6-4269-4d88-9e63-5295cee65475:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ade94ac6-4269-4d88-9e63-5295cee65475:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "95e9a752-3269-4679-b1a8-3826fc6fd463:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1c2c054a-b244-4f93-84b2-68e4228a2956:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "35acb8fb-304a-4651-88fa-6f080c7b258b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1f29cb86-55d1-4caa-b012-3d8e674fb401:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f2101d90-704b-46e5-b73a-567fb731bcda:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-9447f5b0-4eaf-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-9447f5b0-4eaf-11ec-9527-b704eaaa5c53.json index 35b0cd5de83..4b2d38b8aad 100644 --- a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-9447f5b0-4eaf-11ec-9527-b704eaaa5c53.json +++ b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-9447f5b0-4eaf-11ec-9527-b704eaaa5c53.json @@ -1,180 +1,698 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "zscaler_zia-9447f5b0-4eaf-11ec-9527-b704eaaa5c53", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:26:11.116Z", + "version": "WzYxNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Tunnel Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "temperature", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Tunnel Type", + "field": "zscaler_zia.tunnel.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.tunnel\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "fa228027-f96f-4c6c-8ff2-ba35c24ab5f3", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "fa228027-f96f-4c6c-8ff2-ba35c24ab5f3", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "fa228027-f96f-4c6c-8ff2-ba35c24ab5f3", - "panelRefName": "panel_0", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "panelIndex": "fa228027-f96f-4c6c-8ff2-ba35c24ab5f3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Vendor Name of Edge Device", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "486db5cd-c4a8-4a4f-b794-3811989c9f2a", - "w": 24, - "x": 24, - "y": 0 + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "temperature", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "486db5cd-c4a8-4a4f-b794-3811989c9f2a", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Vendor Name of Edge Device", + "field": "zscaler_zia.tunnel.vendor.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.tunnel\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "486db5cd-c4a8-4a4f-b794-3811989c9f2a", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "486db5cd-c4a8-4a4f-b794-3811989c9f2a", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Location", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "temperature", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "dedfb661-d4dc-4748-a286-8af6d668bd05", - "w": 24, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Location", + "field": "zscaler_zia.tunnel.location.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.tunnel\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "dedfb661-d4dc-4748-a286-8af6d668bd05", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "dedfb661-d4dc-4748-a286-8af6d668bd05", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Tunnel Action Name", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "dedfb661-d4dc-4748-a286-8af6d668bd05", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Tunnel Action Name", + "field": "zscaler_zia.tunnel.action.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.tunnel\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6ab75387-2a14-4d5f-adef-2ab49ed51674", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "6ab75387-2a14-4d5f-adef-2ab49ed51674", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Source IPs", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6ab75387-2a14-4d5f-adef-2ab49ed51674", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.tunnel\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b757507b-409b-4695-b558-daff6d0382db", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "b757507b-409b-4695-b558-daff6d0382db", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 Destination IPs", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "6ab75387-2a14-4d5f-adef-2ab49ed51674", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.tunnel\"" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "75e785d6-2c8f-4608-b204-4688a66ad14e", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "75e785d6-2c8f-4608-b204-4688a66ad14e", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Encryption Algorithm, Authentication Algorithm, Authentication Type, Tunnel Action name, Protocol, Source IP, Destination IP", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "b757507b-409b-4695-b558-daff6d0382db", - "w": 24, - "x": 0, - "y": 30 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Encryption Algorithm", + "field": "zscaler_zia.tunnel.encryption.algorithm", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "b757507b-409b-4695-b558-daff6d0382db", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Authentication Algorithm", + "field": "zscaler_zia.tunnel.authentication.algorithm", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 15, - "i": "75e785d6-2c8f-4608-b204-4688a66ad14e", - "w": 24, - "x": 24, - "y": 30 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Authentication Type", + "field": "zscaler_zia.tunnel.authentication.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "75e785d6-2c8f-4608-b204-4688a66ad14e", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Tunnel Action Name", + "field": "zscaler_zia.tunnel.action.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Protocol", + "field": "zscaler_zia.tunnel.policy.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 19, - "i": "b92519fe-1070-4e1f-a38d-8796c26af893", - "w": 48, - "x": 0, - "y": 45 + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "b92519fe-1070-4e1f-a38d-8796c26af893", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.tunnel\"" + } + } } - ], - "timeRestore": false, - "title": "[Zscaler] [ZIA] Tunnel Logs", - "version": 1 - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-9447f5b0-4eaf-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "dashboard": "8.1.0" - }, - "references": [ - { - "id": "zscaler_zia-2c8eb9f0-4eae-11ec-9527-b704eaaa5c53", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "zscaler_zia-8058c4e0-4eae-11ec-9527-b704eaaa5c53", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "zscaler_zia-4d4b4fa0-4eae-11ec-9527-b704eaaa5c53", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "zscaler_zia-bcddbd40-4ead-11ec-9527-b704eaaa5c53", - "name": "panel_3", - "type": "visualization" + } }, - { - "id": "zscaler_zia-e4f2aa20-4ead-11ec-9527-b704eaaa5c53", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 19, + "i": "b92519fe-1070-4e1f-a38d-8796c26af893", + "w": 48, + "x": 0, + "y": 45 }, - { - "id": "zscaler_zia-05cc16a0-4eae-11ec-9527-b704eaaa5c53", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "zscaler_zia-5b68c940-4eaf-11ec-9527-b704eaaa5c53", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "b92519fe-1070-4e1f-a38d-8796c26af893", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Zscaler] [ZIA] Tunnel Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "fa228027-f96f-4c6c-8ff2-ba35c24ab5f3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "486db5cd-c4a8-4a4f-b794-3811989c9f2a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dedfb661-d4dc-4748-a286-8af6d668bd05:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6ab75387-2a14-4d5f-adef-2ab49ed51674:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b757507b-409b-4695-b558-daff6d0382db:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "75e785d6-2c8f-4608-b204-4688a66ad14e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b92519fe-1070-4e1f-a38d-8796c26af893:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-d4977590-4de8-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-d4977590-4de8-11ec-ad09-d9f49962d407.json index cc87d6b271c..1b757133c1f 100644 --- a/packages/zscaler_zia/kibana/dashboard/zscaler_zia-d4977590-4de8-11ec-ad09-d9f49962d407.json +++ b/packages/zscaler_zia/kibana/dashboard/zscaler_zia-d4977590-4de8-11ec-ad09-d9f49962d407.json @@ -1,131 +1,407 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "zscaler_zia-d4977590-4de8-11ec-ad09-d9f49962d407", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:26:11.116Z", + "version": "WzYxNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 180, + "minLat": -66.51326, + "minLon": -180 + }, + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 1.06 + }, + "openTOCDetails": [], + "attributes": { + "title": "[Zscaler] [ZIA] DNS Events by Region", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset: \\\"zscaler_zia.dns\\\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-5y\",\"to\":\"now\"},\"zoom\":1.06}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"9d6d7cae-7cff-491c-abc8-40d6d4f575b0\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\",\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"03c492fe-96d8-48ab-a5b4-3eec4ae2a230\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset: \\\"zscaler_zia.dns\\\"\"},\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"636e2366-af59-41da-a0af-83b10b7a1b47\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]" + } + }, + "gridData": { + "h": 17, + "i": "8b4eb1df-17aa-4d80-8b26-1920b5150cad", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "8b4eb1df-17aa-4d80-8b26-1920b5150cad", + "type": "map", + "version": "8.1.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of DNS Events by Department", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "temperature", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Department", + "field": "zscaler_zia.dns.department", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.dns\"" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "gridData": { + "h": 17, + "i": "db8f6083-5ad4-4a49-84a3-f89318befd32", + "w": 24, + "x": 0, + "y": 17 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 180, - "minLat": -66.51326, - "minLon": -180 - }, - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 1.06 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 17, - "i": "8b4eb1df-17aa-4d80-8b26-1920b5150cad", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "8b4eb1df-17aa-4d80-8b26-1920b5150cad", - "panelRefName": "panel_0", - "type": "map", - "version": "7.16.0-SNAPSHOT" + "panelIndex": "db8f6083-5ad4-4a49-84a3-f89318befd32", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Distribution of DNS Events by Request Action", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "db8f6083-5ad4-4a49-84a3-f89318befd32", - "w": 24, - "x": 0, - "y": 17 - }, - "panelIndex": "db8f6083-5ad4-4a49-84a3-f89318befd32", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "temperature", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "13fd9028-3dd5-4262-b7bb-3cba5d6c98cd", - "w": 24, - "x": 24, - "y": 17 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "13fd9028-3dd5-4262-b7bb-3cba5d6c98cd", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Request Action", + "field": "zscaler_zia.dns.request.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.dns\"" + } + } + } + } + }, + "gridData": { + "h": 17, + "i": "13fd9028-3dd5-4262-b7bb-3cba5d6c98cd", + "w": 24, + "x": 24, + "y": 17 + }, + "panelIndex": "13fd9028-3dd5-4262-b7bb-3cba5d6c98cd", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler] [ZIA] Top 10 DNS Rules", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "temperature", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "47b652f2-0e00-4b5d-9e94-b5ade2b0c6e6", - "w": 48, - "x": 0, - "y": 34 + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "47b652f2-0e00-4b5d-9e94-b5ade2b0c6e6", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.16.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Rules", + "field": "zscaler_zia.dns.request.rule.label", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset: \"zscaler_zia.dns\"" + } + } } - ], - "timeRestore": false, - "title": "[Zscaler] [ZIA] DNS Logs", - "version": 1 - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-d4977590-4de8-11ec-ad09-d9f49962d407", - "migrationVersion": { - "dashboard": "8.1.0" - }, - "references": [ - { - "id": "zscaler_zia-48a188a0-4de8-11ec-ad09-d9f49962d407", - "name": "panel_0", - "type": "map" - }, - { - "id": "zscaler_zia-6d29cc50-4de8-11ec-ad09-d9f49962d407", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "zscaler_zia-91813c00-4de8-11ec-ad09-d9f49962d407", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "47b652f2-0e00-4b5d-9e94-b5ade2b0c6e6", + "w": 48, + "x": 0, + "y": 34 }, - { - "id": "zscaler_zia-bd00f230-4de8-11ec-ad09-d9f49962d407", - "name": "panel_3", - "type": "visualization" - } + "panelIndex": "47b652f2-0e00-4b5d-9e94-b5ade2b0c6e6", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Zscaler] [ZIA] DNS Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "8b4eb1df-17aa-4d80-8b26-1920b5150cad:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "db8f6083-5ad4-4a49-84a3-f89318befd32:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13fd9028-3dd5-4262-b7bb-3cba5d6c98cd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "47b652f2-0e00-4b5d-9e94-b5ade2b0c6e6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/map/zscaler_zia-48a188a0-4de8-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/map/zscaler_zia-48a188a0-4de8-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 3a0528acbbe..00000000000 --- a/packages/zscaler_zia/kibana/map/zscaler_zia-48a188a0-4de8-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "9d6d7cae-7cff-491c-abc8-40d6d4f575b0", - "includeInFitToBounds": true, - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "lightModeDefault": "road_map", - "type": "EMS_TMS" - }, - "style": { - "type": "TILE" - }, - "type": "EMS_VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "03c492fe-96d8-48ab-a5b4-3eec4ae2a230", - "includeInFitToBounds": true, - "label": null, - "maxZoom": 24, - "minZoom": 0, - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.dns\"" - }, - "sourceDescriptor": { - "applyForceRefresh": true, - "applyGlobalQuery": true, - "applyGlobalTime": true, - "geoField": "source.geo.location", - "id": "636e2366-af59-41da-a0af-83b10b7a1b47", - "indexPatternRefName": "layer_1_source_index_pattern", - "metrics": [ - { - "type": "count" - } - ], - "requestType": "heatmap", - "resolution": "COARSE", - "type": "ES_GEO_GRID" - }, - "style": { - "colorRampName": "theclassic", - "type": "HEATMAP" - }, - "type": "HEATMAP", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 19.94277, - "lon": 0 - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.dns\"" - }, - "refreshConfig": { - "interval": 0, - "isPaused": true - }, - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "browserLocation": { - "zoom": 2 - }, - "disableInteractive": false, - "disableTooltipControl": false, - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "hideLayerControl": false, - "hideToolbarOverlay": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - }, - "timeFilters": { - "from": "now-5y", - "to": "now" - }, - "zoom": 1.06 - }, - "title": "[Zscaler] [ZIA] DNS Events by Region", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-48a188a0-4de8-11ec-ad09-d9f49962d407", - "migrationVersion": { - "map": "8.1.0" - }, - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-0334d8c0-4de4-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-0334d8c0-4de4-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 5ad790e4f13..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-0334d8c0-4de4-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "rule.ruleset", - "negate": true, - "params": { - "query": "None" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "rule.ruleset": "None" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Rule type", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Rule Type", - "field": "rule.ruleset", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 Rule type", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-0334d8c0-4de4-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-05cc16a0-4eae-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-05cc16a0-4eae-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index e863df872a5..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-05cc16a0-4eae-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.tunnel\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Destination IPs", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination IP", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Destination IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-05cc16a0-4eae-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-2958ae90-4de5-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-2958ae90-4de5-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 7ff761b44fc..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-2958ae90-4de5-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Users", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.email", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 Users", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-2958ae90-4de5-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-2c8eb9f0-4eae-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-2c8eb9f0-4eae-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 26a843495a8..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-2c8eb9f0-4eae-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.tunnel\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Tunnel Type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Tunnel Type", - "field": "zscaler_zia.tunnel.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "temperature", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Tunnel Type", - "type": "pie" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-2c8eb9f0-4eae-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-35612ae0-4de6-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-35612ae0-4de6-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 3f69687d7e6..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-35612ae0-4de6-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of Web Events by Action, Malware Category, App Class, Response Code, Department, Username, URL", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Username", - "field": "source.user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Malware Category", - "field": "zscaler_zia.web.malware.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Application Class", - "field": "zscaler_zia.web.app.class", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Response Code", - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Department", - "field": "zscaler_zia.web.department", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "URL", - "field": "url.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": true, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Distribution of Web Events by Action, Malware Category, App Class, Response Code, Department, Username, URL", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-35612ae0-4de6-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-3faec910-4ded-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-3faec910-4ded-11ec-ad09-d9f49962d407.json deleted file mode 100644 index b48ec098080..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-3faec910-4ded-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,207 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of Firewall Events by Threat Category, IP Category, Traffic Forwarding Method, network application that accessed web, Destination NAT policy applied, Action, Department, Location, Used Protocol", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Category", - "field": "zscaler_zia.firewall.threat.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "IP Category", - "field": "zscaler_zia.firewall.ip_category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Traffic Forwarding Method", - "field": "zscaler_zia.firewall.tunnel.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Application Name", - "field": "network.application", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination NAT policy applied", - "field": "zscaler_zia.firewall.nat", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "10", - "params": { - "customLabel": "Location", - "field": "zscaler_zia.firewall.location.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Department", - "field": "zscaler_zia.firewall.department", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "9", - "params": { - "customLabel": "Protocol Used", - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Distribution of Firewall Events by Threat Category, IP Category, Traffic Forwarding Method, network application that accessed web, Destination NAT policy applied, Action, Department, Location, Used Protocol", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-3faec910-4ded-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-4d4b4fa0-4eae-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-4d4b4fa0-4eae-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 7f5b0ebfc06..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-4d4b4fa0-4eae-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.tunnel\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Location", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Location", - "field": "zscaler_zia.tunnel.location.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "temperature", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Location", - "type": "pie" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-4d4b4fa0-4eae-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-4e583660-4deb-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-4e583660-4deb-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 7049307a2c9..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-4e583660-4deb-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Tunnel IPs", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Tunnel IPs", - "field": "zscaler_zia.firewall.tunnel.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Tunnel IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-4e583660-4deb-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-5b68c940-4eaf-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-5b68c940-4eaf-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 16121ffdc94..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-5b68c940-4eaf-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.tunnel\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Encryption Algorithm, Authentication Algorithm, Authentication Type, Tunnel Action name, Protocol, Source IP, Destination IP", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Encryption Algorithm", - "field": "zscaler_zia.tunnel.encryption.algorithm", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Authentication Algorithm", - "field": "zscaler_zia.tunnel.authentication.algorithm", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Authentication Type", - "field": "zscaler_zia.tunnel.authentication.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Tunnel Action Name", - "field": "zscaler_zia.tunnel.action.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Protocol", - "field": "zscaler_zia.tunnel.policy.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Destination IP", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Encryption algorithm, Authentication algorithm, Authentication Type, Action name, Protocol, Source IP, Destination IP", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-5b68c940-4eaf-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-5ebff250-4de5-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-5ebff250-4de5-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 892d02814ae..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-5ebff250-4de5-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Protocol of Web Events Over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15y", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30d" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Protocol", - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Protocol of Web Events Over time", - "type": "line" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-5ebff250-4de5-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-63155460-4e82-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-63155460-4e82-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 5433d10be85..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-63155460-4e82-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 rule", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Rules", - "exclude": "None", - "field": "rule.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 9 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 rule", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-63155460-4e82-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-652829d0-4eb9-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-652829d0-4eb9-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 14200e1db93..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-652829d0-4eb9-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\" and not http.response.status_code: \"200\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 failed URLs", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "URL", - "field": "url.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 failed URLs", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-652829d0-4eb9-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-68d16b80-4de4-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-68d16b80-4de4-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 546771149eb..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-68d16b80-4de4-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "rule.name", - "negate": true, - "params": { - "query": "None" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "rule.name": "None" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Rule Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Rule Name", - "field": "rule.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 Rule Name", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-68d16b80-4de4-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-6d29cc50-4de8-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-6d29cc50-4de8-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 66719ab2f17..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-6d29cc50-4de8-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.dns\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of DNS Events by Department", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Department", - "field": "zscaler_zia.dns.department", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "temperature", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Zscaler] [ZIA] Distribution of DNS Events by Department", - "type": "pie" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-6d29cc50-4de8-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-72169a60-4deb-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-72169a60-4deb-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 9bd5c1fa51f..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-72169a60-4deb-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Server Source IP", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Server Source IP", - "field": "zscaler_zia.firewall.server.source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Server Source IP", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-72169a60-4deb-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-7a0a40d0-4de3-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-7a0a40d0-4de3-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 08b9cd4fba0..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-7a0a40d0-4de3-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "zscaler_zia.web.threat.name", - "negate": true, - "params": { - "query": "None" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "zscaler_zia.web.threat.name": "None" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Total Threats", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Threats", - "field": "zscaler_zia.web.threat.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Zscaler] [ZIA] Total Threats", - "type": "metric" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-7a0a40d0-4de3-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-8058c4e0-4eae-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-8058c4e0-4eae-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index b988b8b2883..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-8058c4e0-4eae-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.tunnel\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Vendor Name of Edge Device", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Vendor Name of Edge Device", - "field": "zscaler_zia.tunnel.vendor.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "temperature", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Zscaler] [ZIA] Distribution of Tunnel Events by Vendor Name of Edge Device", - "type": "pie" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-8058c4e0-4eae-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-91813c00-4de8-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-91813c00-4de8-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 92ded91328f..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-91813c00-4de8-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.dns\"" - } - } - }, - "title": "[Zscaler] [ZIA] Distribution of DNS Events by Request Action", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Request Action", - "field": "zscaler_zia.dns.request.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "temperature", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Zscaler] [ZIA] Distribution of DNS Events by Request Action", - "type": "pie" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-91813c00-4de8-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-9e6d2890-4deb-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-9e6d2890-4deb-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 2bde940e35e..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-9e6d2890-4deb-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Server Destination IP", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Server Destination IP", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Server Destination IP", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-9e6d2890-4deb-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-a536b890-4e80-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-a536b890-4e80-11ec-ad09-d9f49962d407.json deleted file mode 100644 index d9f80f29584..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-a536b890-4e80-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "zscaler_zia.firewall.threat.name", - "negate": true, - "params": { - "query": "None" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "zscaler_zia.firewall.threat.name": "None" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Threats detected by Firewall", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Name", - "field": "zscaler_zia.firewall.threat.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 Threats detected by Firewall", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-a536b890-4e80-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-a9ac0260-4de3-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-a9ac0260-4de3-11ec-ad09-d9f49962d407.json deleted file mode 100644 index d6c82373827..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-a9ac0260-4de3-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "zscaler_zia.web.threat.name", - "negate": true, - "params": { - "query": "None" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "zscaler_zia.web.threat.name": "None" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Threats by name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Name", - "field": "zscaler_zia.web.threat.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Threats by name", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-a9ac0260-4de3-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-bcddbd40-4ead-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-bcddbd40-4ead-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index df07c7ab593..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-bcddbd40-4ead-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.tunnel\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Tunnel Action Name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Tunnel Action Name", - "field": "zscaler_zia.tunnel.action.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Tunnel Action Name", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-bcddbd40-4ead-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-bd00f230-4de8-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-bd00f230-4de8-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 77b55dc97ec..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-bd00f230-4de8-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.dns\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 DNS Rules", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Rules", - "field": "zscaler_zia.dns.request.rule.label", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 DNS Rules", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-bd00f230-4de8-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-c8b23580-4de3-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-c8b23580-4de3-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 6119cb80edf..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-c8b23580-4de3-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 App Name accessing Web", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "App Name", - "field": "zscaler_zia.web.app.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 App Name accessing Web", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-c8b23580-4de3-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-da1734d0-4deb-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-da1734d0-4deb-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 7dee1854458..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-da1734d0-4deb-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Client Source IP", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Client Source IP", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-da1734d0-4deb-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-db1241f0-4e80-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-db1241f0-4e80-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 1aadd82cd7e..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-db1241f0-4e80-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Destination Country", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Country", - "field": "destination.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "horizontal_bar", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 Destination Country", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-db1241f0-4e80-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-dff0d0b0-4dea-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-dff0d0b0-4dea-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 1b3b9419c4f..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-dff0d0b0-4dea-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "zscaler_zia.firewall.threat.name", - "negate": true, - "params": { - "query": "None" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "zscaler_zia.firewall.threat.name": "None" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Total Threats detected by Firewall", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Threats", - "field": "zscaler_zia.firewall.threat.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Zscaler] [ZIA] Total Threats detected by Firewall", - "type": "metric" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-dff0d0b0-4dea-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-e4f2aa20-4ead-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-e4f2aa20-4ead-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 628743893bc..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-e4f2aa20-4ead-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.tunnel\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Source IPs", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Source IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-e4f2aa20-4ead-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-e54e9f20-4de4-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-e54e9f20-4de4-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 1ff2792c917..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-e54e9f20-4de4-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.web\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 URL Categories", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "zscaler_zia.web.url.category.sub", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "temperature", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "[Zscaler] [ZIA] Top 10 URL Categories", - "type": "horizontal_bar" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-e54e9f20-4de4-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zscaler_zia/kibana/visualization/zscaler_zia-f5a2e730-4deb-11ec-ad09-d9f49962d407.json b/packages/zscaler_zia/kibana/visualization/zscaler_zia-f5a2e730-4deb-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 9055494a87e..00000000000 --- a/packages/zscaler_zia/kibana/visualization/zscaler_zia-f5a2e730-4deb-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset: \"zscaler_zia.firewall\"" - } - } - }, - "title": "[Zscaler] [ZIA] Top 10 Client Destination IP", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client Destination IP", - "field": "zscaler_zia.firewall.client.destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Zscaler] [ZIA] Top 10 Client Destination IP", - "type": "table" - } - }, - "coreMigrationVersion": "8.1.2", - "id": "zscaler_zia-f5a2e730-4deb-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file From a24d262699bacaa36590a2c3207bab9fa2d66a10 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 12:58:58 +0530 Subject: [PATCH 039/103] migrate zscaler_zpa to by_value --- ...-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json | 470 ++++-- ...-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json | 1440 +++++++++++++---- ...-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json | 1277 ++++++++++++--- ...-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json | 489 ++++-- ...-1f09dc30-4c4f-11ec-9023-a76a2cb41dcd.json | 120 -- ...-43836b20-4c55-11ec-9023-a76a2cb41dcd.json | 120 -- ...-5a0f9320-4c44-11ec-9023-a76a2cb41dcd.json | 120 -- ...-dff56dd0-4ce8-11ec-9023-a76a2cb41dcd.json | 121 -- ...-17759700-4c5b-11ec-9023-a76a2cb41dcd.json | 105 -- ...-1b2c06c0-4eb5-11ec-9527-b704eaaa5c53.json | 149 -- ...-1b5846e0-4c44-11ec-9023-a76a2cb41dcd.json | 91 -- ...-23d03780-4eb8-11ec-9527-b704eaaa5c53.json | 87 - ...-2fffbd90-4d29-11ec-ad09-d9f49962d407.json | 91 -- ...-4cf30750-4d0a-11ec-ad09-d9f49962d407.json | 101 -- ...-4ea78dd0-4c49-11ec-9023-a76a2cb41dcd.json | 91 -- ...-552331e0-4c4f-11ec-9023-a76a2cb41dcd.json | 91 -- ...-76176ed0-4c4e-11ec-9023-a76a2cb41dcd.json | 151 -- ...-82076ba0-4e74-11ec-ad09-d9f49962d407.json | 198 --- ...-860071f0-4c55-11ec-9023-a76a2cb41dcd.json | 75 - ...-89a91550-4c5a-11ec-9023-a76a2cb41dcd.json | 73 - ...-8ca8eb00-4c5e-11ec-9023-a76a2cb41dcd.json | 125 -- ...-9f334ef0-4c4f-11ec-9023-a76a2cb41dcd.json | 91 -- ...-b0fa5650-4c55-11ec-9023-a76a2cb41dcd.json | 77 - ...-be0fc2e0-4c63-11ec-9023-a76a2cb41dcd.json | 75 - ...-c8d009c0-4c4e-11ec-9023-a76a2cb41dcd.json | 77 - ...-ccbe7ed0-4c4a-11ec-9023-a76a2cb41dcd.json | 92 -- ...-d0c885a0-4c5b-11ec-9023-a76a2cb41dcd.json | 177 -- ...-d124a2a0-4c4b-11ec-9023-a76a2cb41dcd.json | 73 - ...-d8e44aa0-5992-11ec-b2d0-45019404f2e5.json | 109 -- ...-e86c2d90-4c49-11ec-9023-a76a2cb41dcd.json | 73 - ...-f03d3c90-4c5c-11ec-9023-a76a2cb41dcd.json | 177 -- ...-f2e526e0-4c63-11ec-9023-a76a2cb41dcd.json | 91 -- ...-fc5f4ea0-4ebe-11ec-9527-b704eaaa5c53.json | 73 - 33 files changed, 2835 insertions(+), 3935 deletions(-) delete mode 100644 packages/zscaler_zpa/kibana/map/zscaler_zpa-1f09dc30-4c4f-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/map/zscaler_zpa-43836b20-4c55-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/map/zscaler_zpa-5a0f9320-4c44-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/map/zscaler_zpa-dff56dd0-4ce8-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-17759700-4c5b-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b2c06c0-4eb5-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b5846e0-4c44-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-23d03780-4eb8-11ec-9527-b704eaaa5c53.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-2fffbd90-4d29-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4cf30750-4d0a-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4ea78dd0-4c49-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-552331e0-4c4f-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-76176ed0-4c4e-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-82076ba0-4e74-11ec-ad09-d9f49962d407.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-860071f0-4c55-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-89a91550-4c5a-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-8ca8eb00-4c5e-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-9f334ef0-4c4f-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-b0fa5650-4c55-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-be0fc2e0-4c63-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-c8d009c0-4c4e-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-ccbe7ed0-4c4a-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d0c885a0-4c5b-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d124a2a0-4c4b-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d8e44aa0-5992-11ec-b2d0-45019404f2e5.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-e86c2d90-4c49-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f03d3c90-4c5c-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f2e526e0-4c63-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/visualization/zscaler_zpa-fc5f4ea0-4ebe-11ec-9527-b704eaaa5c53.json diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json index 57a04d39d3b..3fdd4606832 100644 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json @@ -1,136 +1,366 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [] - } + "id": "zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:28:45.260Z", + "version": "WzY1NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", + "language": "kuery" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.14.0", + "type": "map", + "gridData": { + "x": 0, + "y": 0, + "w": 48, + "h": 18, + "i": "26f3b155-53ad-40e1-a01d-e469c7193d9d" }, - "panelsJSON": [ - { - "version": "7.16.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 0, - "y": 0, - "w": 48, - "h": 18, - "i": "26f3b155-53ad-40e1-a01d-e469c7193d9d" - }, - "panelIndex": "26f3b155-53ad-40e1-a01d-e469c7193d9d", - "embeddableConfig": { - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 1.06 - }, - "mapBuffer": { - "minLon": -180, - "minLat": -66.51326, - "maxLon": 180, - "maxLat": 66.51326 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} - }, - "panelRefName": "panel_0" + "panelIndex": "26f3b155-53ad-40e1-a01d-e469c7193d9d", + "embeddableConfig": { + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 1.06 + }, + "mapBuffer": { + "minLon": -180, + "minLat": -66.51326, + "maxLon": 180, + "maxLat": 66.51326 + }, + "isLayerTOCOpen": true, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "[Zscaler][ZPA] Browser Access Events by Region", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"zoom\":0.77,\"center\":{\"lon\":35.52056,\"lat\":-0.77104},\"timeFilters\":{\"from\":\"now-5y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.browser_access\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"44962ab1-9a18-493c-a7c4-4408f7df2ca7\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"client.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 18, + "w": 16, + "h": 15, + "i": "2b16dc24-ff32-475b-8dd7-cb51f5d93954" + }, + "panelIndex": "2b16dc24-ff32-475b-8dd7-cb51f5d93954", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of Browser Access by Exporter", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 18, - "w": 16, - "h": 15, - "i": "2b16dc24-ff32-475b-8dd7-cb51f5d93954" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "2b16dc24-ff32-475b-8dd7-cb51f5d93954", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.browser_access.exporter", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Exporter" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", + "language": "kuery" }, - "panelRefName": "panel_1" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 32, + "y": 18, + "w": 16, + "h": 15, + "i": "ac107bfb-95e0-4f77-9aec-9674891d047b" + }, + "panelIndex": "ac107bfb-95e0-4f77-9aec-9674891d047b", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of Browser Access by Browser", + "description": "", + "uiState": {}, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 32, - "y": 18, - "w": 16, - "h": 15, - "i": "ac107bfb-95e0-4f77-9aec-9674891d047b" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "ac107bfb-95e0-4f77-9aec-9674891d047b", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user_agent.name", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Browser" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", + "language": "kuery" }, - "panelRefName": "panel_2" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 16, + "y": 18, + "w": 16, + "h": 15, + "i": "286696da-f87c-4872-b7c7-6a20f8584ea6" + }, + "panelIndex": "286696da-f87c-4872-b7c7-6a20f8584ea6", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of OS across user.", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "default" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + }, + "row": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 16, - "y": 18, - "w": 16, - "h": 15, - "i": "286696da-f87c-4872-b7c7-6a20f8584ea6" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "user.name" + }, + "schema": "metric" }, - "panelIndex": "286696da-f87c-4872-b7c7-6a20f8584ea6", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user_agent.os.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing" + }, + "schema": "segment" }, - "panelRefName": "panel_3" + { + "id": "3", + "enabled": true, + "type": "terms", + "params": { + "field": "user_agent.os.version", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", + "language": "kuery" + }, + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] Browser Access Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "zscaler_zpa-5a0f9320-4c44-11ec-9023-a76a2cb41dcd", - "name": "panel_0", - "type": "map" - }, - { - "id": "zscaler_zpa-1b5846e0-4c44-11ec-9023-a76a2cb41dcd", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "zscaler_zpa-23d03780-4eb8-11ec-9527-b704eaaa5c53", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "zscaler_zpa-d8e44aa0-5992-11ec-b2d0-45019404f2e5", - "name": "panel_3", - "type": "visualization" + } } + } ], - "type": "dashboard", - "updated_at": "2021-12-10T08:26:57.853Z", - "version": "WzEwNjcsMV0=" + "timeRestore": false, + "title": "[Zscaler][ZPA] Browser Access Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "26f3b155-53ad-40e1-a01d-e469c7193d9d:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2b16dc24-ff32-475b-8dd7-cb51f5d93954:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ac107bfb-95e0-4f77-9aec-9674891d047b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "286696da-f87c-4872-b7c7-6a20f8584ea6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json index 64c3c59c2be..8cd7279f433 100644 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json @@ -1,397 +1,1119 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:28:45.260Z", + "version": "WzY1NywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.14.0", + "type": "map", + "gridData": { + "x": 0, + "y": 0, + "w": 48, + "h": 22, + "i": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9" }, - "panelsJSON": [ - { - "version": "7.16.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 0, - "y": 0, - "w": 48, - "h": 22, - "i": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9" - }, - "panelIndex": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9", - "embeddableConfig": { - "mapCenter": { - "lat": 1.7677, - "lon": 0, - "zoom": 1.06 - }, - "mapBuffer": { - "minLon": -270, - "minLat": -85.05113, - "maxLon": 270, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} + "panelIndex": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9", + "embeddableConfig": { + "mapCenter": { + "lat": 1.7677, + "lon": 0, + "zoom": 1.06 + }, + "mapBuffer": { + "minLon": -270, + "minLat": -85.05113, + "maxLon": 270, + "maxLat": 85.05113 + }, + "isLayerTOCOpen": true, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "[Zscaler][ZPA] Users by region", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"zoom\":1.06,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.user_status\\\" OR data_stream.dataset : \\\"zscaler_zpa.user_activity\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"31d17945-828a-4b1e-9d63-5ff628cae1b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"client.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 22, + "w": 16, + "h": 14, + "i": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e" + }, + "panelIndex": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Total Users", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true }, - "panelRefName": "panel_0" + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 22, - "w": 16, - "h": 14, - "i": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e" - }, - "panelIndex": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e", - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "user.name", + "customLabel": "Total Users" + }, + "schema": "metric" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", + "language": "kuery" }, - "panelRefName": "panel_1" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 16, + "y": 22, + "w": 15, + "h": 14, + "i": "dc65087e-2242-4e8b-86a0-61e1c0da98f5" + }, + "panelIndex": "dc65087e-2242-4e8b-86a0-61e1c0da98f5", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of Users by Connection Status", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 16, - "y": 22, - "w": 15, - "h": 14, - "i": "dc65087e-2242-4e8b-86a0-61e1c0da98f5" - }, - "panelIndex": "dc65087e-2242-4e8b-86a0-61e1c0da98f5", - "embeddableConfig": { - "enhancements": {} - }, - "panelRefName": "panel_2" + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 31, - "y": 22, - "w": 17, - "h": 14, - "i": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5", - "embeddableConfig": { - "vis": { - "legendOpen": true - }, - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.user_activity.connection.status", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Connection Status" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", + "language": "kuery" }, - "panelRefName": "panel_3" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 31, + "y": 22, + "w": 17, + "h": 14, + "i": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5" + }, + "panelIndex": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5", + "embeddableConfig": { + "vis": { + "legendOpen": true + }, + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of User by Session Status", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 36, - "w": 24, - "h": 15, - "i": "d8929019-59a4-4158-b1f1-b769f1b8ed3c" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "d8929019-59a4-4158-b1f1-b769f1b8ed3c", - "embeddableConfig": { - "vis": { - "legendOpen": true - }, - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.user_status.session.status", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Session Status" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", + "language": "kuery" }, - "panelRefName": "panel_4" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 36, + "w": 24, + "h": 15, + "i": "d8929019-59a4-4158-b1f1-b769f1b8ed3c" + }, + "panelIndex": "d8929019-59a4-4158-b1f1-b769f1b8ed3c", + "embeddableConfig": { + "vis": { + "legendOpen": true + }, + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of User by Client type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 36, - "w": 24, - "h": 15, - "i": "8f582a11-a96d-42ab-a4af-8723737dedc0" + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "8f582a11-a96d-42ab-a4af-8723737dedc0", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.user_status.client.type", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Client Type" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", + "language": "kuery" }, - "panelRefName": "panel_5" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 36, + "w": 24, + "h": 15, + "i": "8f582a11-a96d-42ab-a4af-8723737dedc0" + }, + "panelIndex": "8f582a11-a96d-42ab-a4af-8723737dedc0", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top Countries with Users", + "description": "", + "uiState": {}, + "params": { + "type": "histogram", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "left", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 200 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "bottom", + "show": true, + "scale": { + "type": "linear", + "mode": "normal" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": true, + "truncate": 100 + }, + "title": { + "text": "Count" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "histogram", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "interpolate": "linear", + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "temperature" + }, + "addLegend": true, + "legendPosition": "right", + "times": [], + "addTimeMarker": false, + "truncateLegend": true, + "maxLegendLines": 1, + "labels": {}, + "radiusRatio": 0, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 51, - "w": 16, - "h": 15, - "i": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb" + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "client.geo.country_iso_code", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Country Code" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", + "language": "kuery" }, - "panelRefName": "panel_6" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 51, + "w": 16, + "h": 15, + "i": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb" + }, + "panelIndex": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top 10 Active Users", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 16, - "y": 51, - "w": 16, - "h": 15, - "i": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "User Name" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\" and zscaler_zpa.user_activity.connection.status : \"active\"", + "language": "kuery" }, - "panelRefName": "panel_7" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 16, + "y": 51, + "w": 16, + "h": 15, + "i": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a" + }, + "panelIndex": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of Users per Application (Top 10)", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 32, - "y": 51, - "w": 16, - "h": 15, - "i": "5fbfcc7f-07b1-4751-a569-04a0104a9806" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "Count" + }, + "schema": "metric" + }, + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.user_activity.application", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Application Name" + }, + "schema": "bucket" }, - "panelIndex": "5fbfcc7f-07b1-4751-a569-04a0104a9806", - "embeddableConfig": { - "enhancements": {} + { + "id": "3", + "enabled": true, + "type": "terms", + "params": { + "field": "user.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Username" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", + "language": "kuery" }, - "panelRefName": "panel_8" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 32, + "y": 51, + "w": 16, + "h": 15, + "i": "5fbfcc7f-07b1-4751-a569-04a0104a9806" + }, + "panelIndex": "5fbfcc7f-07b1-4751-a569-04a0104a9806", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top 10 AppGroups", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 66, - "w": 24, - "h": 15, - "i": "429030c5-d674-4696-8aac-9385e886ce19" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "429030c5-d674-4696-8aac-9385e886ce19", - "embeddableConfig": { - "savedVis": { - "id": "", - "title": "[Zscaler][ZPA] Slowest Applications", - "description": "", - "type": "metrics", - "params": { - "time_range_mode": "entire_time_range", - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "bar_color_rules": [ - { - "id": "4ac99360-4dd5-11ec-9c7f-599fe68d9667" - } - ], - "drop_last_bucket": 0, - "id": "81cebc93-9e11-4079-9241-baa103cd5db6", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "pivot_id": "client.ip", - "pivot_label": "Client IP", - "pivot_type": "string", - "series": [ - { - "time_range_mode": "entire_time_range", - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "hidden": false, - "id": "a5e34d80-4dd6-11ec-9c7f-599fe68d9667", - "label": "Application Setup Time (Time in microseconds)", - "line_width": 1, - "metrics": [ - { - "id": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "json.ServerSetupTime" - }, - { - "id": "5adf7740-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "json.ConnectionSetupTime" - }, - { - "id": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "json.ConnectorZENSetupTime" - }, - { - "id": "7956fef0-4dfa-11ec-9c7f-599fe68d9667", - "type": "math", - "variables": [ - { - "id": "7ad8bcf0-4dfa-11ec-9c7f-599fe68d9667", - "name": "a", - "field": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667" - }, - { - "id": "80181f30-4dfa-11ec-9c7f-599fe68d9667", - "name": "b", - "field": "5adf7740-4dfa-11ec-9c7f-599fe68d9667" - }, - { - "id": "81c5f640-4dfa-11ec-9c7f-599fe68d9667", - "name": "c", - "field": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667" - } - ], - "script": "params.a + params.b + params.c" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "table", - "use_kibana_indexes": true, - "index_pattern_ref_name": "metrics_429030c5-d674-4696-8aac-9385e886ce19_0_index_pattern" - }, - "uiState": {}, - "data": { - "aggs": [], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\" ", - "language": "kuery" - }, - "filter": [] - } - } + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.user_activity.app_group", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "App Groups" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", + "language": "kuery" + }, + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 66, + "w": 24, + "h": 15, + "i": "429030c5-d674-4696-8aac-9385e886ce19" + }, + "panelIndex": "429030c5-d674-4696-8aac-9385e886ce19", + "embeddableConfig": { + "savedVis": { + "title": "[Zscaler][ZPA] Slowest Applications", + "description": "", + "uiState": {}, + "params": { + "time_range_mode": "entire_time_range", + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "4ac99360-4dd5-11ec-9c7f-599fe68d9667" + } + ], + "drop_last_bucket": 0, + "id": "81cebc93-9e11-4079-9241-baa103cd5db6", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "pivot_id": "client.ip", + "pivot_label": "Client IP", + "pivot_type": "string", + "series": [ + { + "time_range_mode": "entire_time_range", + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "hidden": false, + "id": "a5e34d80-4dd6-11ec-9c7f-599fe68d9667", + "label": "Application Setup Time (in microseconds)", + "line_width": 1, + "metrics": [ + { + "id": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667", + "type": "avg", + "field": "zscaler_zpa.user_activity.server_setup_time" + }, + { + "id": "5adf7740-4dfa-11ec-9c7f-599fe68d9667", + "type": "avg", + "field": "zscaler_zpa.user_activity.connection.setup_time" + }, + { + "id": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667", + "type": "avg", + "field": "zscaler_zpa.user_activity.connector_zen_setup_time" }, - "enhancements": {}, - "table": { - "sort": { - "column": "_default_", - "order": "desc" + { + "id": "7956fef0-4dfa-11ec-9c7f-599fe68d9667", + "type": "math", + "variables": [ + { + "id": "7ad8bcf0-4dfa-11ec-9c7f-599fe68d9667", + "name": "a", + "field": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667" + }, + { + "id": "80181f30-4dfa-11ec-9c7f-599fe68d9667", + "name": "b", + "field": "5adf7740-4dfa-11ec-9c7f-599fe68d9667" + }, + { + "id": "81c5f640-4dfa-11ec-9c7f-599fe68d9667", + "name": "c", + "field": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667" } + ], + "script": "params.a + params.b + params.c" } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "table", + "use_kibana_indexes": true, + "index_pattern_ref_name": "metrics_0_index_pattern" + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", + "language": "kuery" }, - "panelRefName": "panel_9" + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "zscaler_zpa.user_activity.connector_zen_setup_time", + "negate": false, + "type": "exists", + "value": "exists", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.connector_zen_setup_time" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "zscaler_zpa.user_activity.connection.setup_time", + "negate": false, + "type": "exists", + "value": "exists", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.connection.setup_time" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "zscaler_zpa.user_activity.server_setup_time", + "negate": false, + "type": "exists", + "value": "exists", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.server_setup_time" + } + } + } + ] + } + } + }, + "enhancements": {}, + "table": { + "sort": { + "column": "_default_", + "order": "desc" + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 66, + "w": 24, + "h": 15, + "i": "911a577a-4b0e-44e2-80c8-3a70407f8a22" + }, + "panelIndex": "911a577a-4b0e-44e2-80c8-3a70407f8a22", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Slowest Connector Server", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 66, - "w": 24, - "h": 15, - "i": "911a577a-4b0e-44e2-80c8-3a70407f8a22" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "avg", + "params": { + "field": "zscaler_zpa.user_activity.server_setup_time", + "customLabel": "Server Setup Time (in microseconds)" + }, + "schema": "metric" }, - "panelIndex": "911a577a-4b0e-44e2-80c8-3a70407f8a22", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "client.ip", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Host" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", + "language": "kuery" }, - "panelRefName": "panel_10" + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "zscaler_zpa.user_activity.server_setup_time", + "negate": false, + "type": "exists", + "value": "exists", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.server_setup_time" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] User Activity and Status Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "zscaler_zpa-1f09dc30-4c4f-11ec-9023-a76a2cb41dcd", - "name": "panel_0", - "type": "map" - }, - { - "id": "zscaler_zpa-c8d009c0-4c4e-11ec-9023-a76a2cb41dcd", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "zscaler_zpa-4ea78dd0-4c49-11ec-9023-a76a2cb41dcd", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "zscaler_zpa-9f334ef0-4c4f-11ec-9023-a76a2cb41dcd", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "zscaler_zpa-552331e0-4c4f-11ec-9023-a76a2cb41dcd", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "zscaler_zpa-76176ed0-4c4e-11ec-9023-a76a2cb41dcd", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "zscaler_zpa-e86c2d90-4c49-11ec-9023-a76a2cb41dcd", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "zscaler_zpa-ccbe7ed0-4c4a-11ec-9023-a76a2cb41dcd", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "zscaler_zpa-d124a2a0-4c4b-11ec-9023-a76a2cb41dcd", - "name": "panel_8", - "type": "visualization" - }, - { - "id": "zscaler_zpa-82076ba0-4e74-11ec-ad09-d9f49962d407", - "name": "panel_9", - "type": "visualization" - }, - { - "id": "zscaler_zpa-4cf30750-4d0a-11ec-ad09-d9f49962d407", - "name": "panel_10", - "type": "visualization" + } } + } ], - "type": "dashboard", - "updated_at": "2021-11-26T12:58:31.486Z", - "version": "WzU4NjcsMV0=" + "timeRestore": false, + "title": "[Zscaler][ZPA] User Activity and Status Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "dc65087e-2242-4e8b-86a0-61e1c0da98f5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8929019-59a4-4158-b1f1-b769f1b8ed3c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8f582a11-a96d-42ab-a4af-8723737dedc0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5fbfcc7f-07b1-4751-a569-04a0104a9806:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "429030c5-d674-4696-8aac-9385e886ce19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "429030c5-d674-4696-8aac-9385e886ce19:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "429030c5-d674-4696-8aac-9385e886ce19:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "429030c5-d674-4696-8aac-9385e886ce19:metrics_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "911a577a-4b0e-44e2-80c8-3a70407f8a22:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "911a577a-4b0e-44e2-80c8-3a70407f8a22:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json index 0252915d947..4000e0b52a4 100644 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json @@ -1,273 +1,1070 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:28:45.260Z", + "version": "WzY1OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" + }, + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.14.0", + "type": "map", + "gridData": { + "x": 0, + "y": 0, + "w": 48, + "h": 15, + "i": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "panelIndex": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d", + "embeddableConfig": { + "mapCenter": { + "lat": 0, + "lon": 115.86278, + "zoom": 0.6 + }, + "mapBuffer": { + "minLon": -360, + "minLat": -89.78601, + "maxLon": 540, + "maxLat": 89.78601 + }, + "isLayerTOCOpen": true, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "[Zscaler][ZPA] App Connectors by region", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"zoom\":0.15,\"center\":{\"lon\":-130.09157,\"lat\":0},\"timeFilters\":{\"from\":\"now-50y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.app_connector_status\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"3099042d-0154-49b6-8c0c-f492730c5835\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"observer.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" + } + } + }, + { + "version": "7.14.0", + "type": "map", + "gridData": { + "x": 0, + "y": 15, + "w": 48, + "h": 18, + "i": "304163ec-bce7-4995-99cd-7892cf6e4277" }, - "panelsJSON": [ - { - "version": "7.16.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 0, - "y": 0, - "w": 48, - "h": 15, - "i": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d" - }, - "panelIndex": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d", - "embeddableConfig": { - "mapCenter": { - "lat": 0, - "lon": 115.86278, - "zoom": 0.6 - }, - "mapBuffer": { - "minLon": -360, - "minLat": -89.78601, - "maxLon": 540, - "maxLat": 89.78601 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} + "panelIndex": "304163ec-bce7-4995-99cd-7892cf6e4277", + "embeddableConfig": { + "mapCenter": { + "lat": 20.96631, + "lon": -81.88323, + "zoom": 0.69 + }, + "mapBuffer": { + "minLon": -360, + "minLat": -85.05113, + "maxLon": 180, + "maxLat": 85.05113 + }, + "isLayerTOCOpen": true, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "[Zscaler][ZPA] Connector Groups by region", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"zoom\":0.69,\"center\":{\"lon\":-81.88323,\"lat\":20.96631},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.app_connector_status\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"72f12276-ca0b-455c-a518-bf4493c7d673\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"observer.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"cardinality\",\"field\":\"zscaler_zpa.app_connector_status.connector.group\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 33, + "w": 16, + "h": 15, + "i": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850" + }, + "panelIndex": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Total App Connectors", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "addLegend": false, + "type": "metric", + "metric": { + "percentageMode": false, + "useRanges": false, + "colorSchema": "Green to Red", + "metricColorMode": "None", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "labels": { + "show": true }, - "panelRefName": "panel_0" + "invertColors": false, + "style": { + "bgFill": "#000", + "bgColor": false, + "labelColor": false, + "subText": "", + "fontSize": 60 + } + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 0, - "y": 15, - "w": 48, - "h": 18, - "i": "304163ec-bce7-4995-99cd-7892cf6e4277" - }, - "panelIndex": "304163ec-bce7-4995-99cd-7892cf6e4277", - "embeddableConfig": { - "mapCenter": { - "lat": 20.96631, - "lon": -81.88323, - "zoom": 0.69 - }, - "mapBuffer": { - "minLon": -360, - "minLat": -85.05113, - "maxLon": 180, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "cardinality", + "params": { + "field": "zscaler_zpa.app_connector_status.connector.name", + "customLabel": "Total App Connectors" + }, + "schema": "metric" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" }, - "panelRefName": "panel_1" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 16, + "y": 33, + "w": 16, + "h": 15, + "i": "a6f8c118-5b3d-4339-8037-21651b658e0a" + }, + "panelIndex": "a6f8c118-5b3d-4339-8037-21651b658e0a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top 10 ZEN with frequent usage", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 33, - "w": 16, - "h": 15, - "i": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.zen", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "ZEN" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" }, - "panelRefName": "panel_2" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 32, + "y": 33, + "w": 16, + "h": 15, + "i": "99a58fff-e3ec-42df-9f37-f69008909dc1" + }, + "panelIndex": "99a58fff-e3ec-42df-9f37-f69008909dc1", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top 10 Connectors by name", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 16, - "y": 33, - "w": 16, - "h": 15, - "i": "a6f8c118-5b3d-4339-8037-21651b658e0a" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "a6f8c118-5b3d-4339-8037-21651b658e0a", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.connector.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Connector Name" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" }, - "panelRefName": "panel_3" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 48, + "w": 24, + "h": 15, + "i": "f2952e7e-2165-4908-a9a6-6ebf385438e2" + }, + "panelIndex": "f2952e7e-2165-4908-a9a6-6ebf385438e2", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] CPU Utilization by Connector over time", + "description": "", + "uiState": {}, + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "CPU Utilization" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "CPU Utilization", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "linear", + "times": [], + "addTimeMarker": false, + "truncateLegend": true, + "maxLegendLines": 1, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 32, - "y": 33, - "w": 16, - "h": 15, - "i": "99a58fff-e3ec-42df-9f37-f69008909dc1" + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "top_hits", + "params": { + "field": "host.cpu.usage", + "aggregate": "concat", + "size": 10, + "sortField": "@timestamp", + "sortOrder": "desc", + "customLabel": "CPU Utilization" + }, + "schema": "metric" + }, + { + "id": "2", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-15d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "12h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {}, + "customLabel": "" + }, + "schema": "segment" }, - "panelIndex": "99a58fff-e3ec-42df-9f37-f69008909dc1", - "embeddableConfig": { - "enhancements": {} + { + "id": "3", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.connector.name", + "orderBy": "_key", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Connector Name" + }, + "schema": "group" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" }, - "panelRefName": "panel_4" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 48, + "w": 24, + "h": 15, + "i": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1" + }, + "panelIndex": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Memory Utilization by Connector over time", + "description": "", + "uiState": {}, + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "Memory Utilization" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "Memory Utilization", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "linear", + "times": [], + "addTimeMarker": false, + "truncateLegend": true, + "maxLegendLines": 1, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 48, - "w": 24, - "h": 15, - "i": "f2952e7e-2165-4908-a9a6-6ebf385438e2" + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "top_hits", + "params": { + "field": "zscaler_zpa.app_connector_status.memory.utilization", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc", + "customLabel": "Memory Utilization" + }, + "schema": "metric" }, - "panelIndex": "f2952e7e-2165-4908-a9a6-6ebf385438e2", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-15d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "12h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {}, + "customLabel": "" + }, + "schema": "segment" + }, + { + "id": "3", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.connector.name", + "orderBy": "_key", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Connector Name" + }, + "schema": "group" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" }, - "panelRefName": "panel_5" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 63, + "w": 24, + "h": 16, + "i": "b1fccb13-65ac-413c-b600-674dfb9b42d5" + }, + "panelIndex": "b1fccb13-65ac-413c-b600-674dfb9b42d5", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of App Connector Status by Session Type", + "description": "", + "uiState": {}, + "params": { + "type": "histogram", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "left", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 200 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "bottom", + "show": true, + "scale": { + "type": "linear", + "mode": "normal" + }, + "labels": { + "show": true, + "rotate": 0, + "filter": true, + "truncate": 100 + }, + "title": { + "text": "" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "histogram", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "interpolate": "linear", + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "temperature" + }, + "addLegend": true, + "legendPosition": "right", + "times": [], + "addTimeMarker": false, + "truncateLegend": true, + "maxLegendLines": 1, + "labels": {}, + "radiusRatio": 0, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 48, - "w": 24, - "h": 15, - "i": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1" + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.session.type", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Session Type" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" }, - "panelRefName": "panel_6" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 63, + "w": 24, + "h": 16, + "i": "1d384991-def5-4620-b55f-31e9a8b3218a" + }, + "panelIndex": "1d384991-def5-4620-b55f-31e9a8b3218a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top 10 Connector with highest uptime", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 63, - "w": 24, - "h": 16, - "i": "b1fccb13-65ac-413c-b600-674dfb9b42d5" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "top_hits", + "params": { + "field": "zscaler_zpa.app_connector_status.connector_up_time", + "aggregate": "max", + "size": 10, + "sortField": "@timestamp", + "sortOrder": "desc", + "customLabel": "Connector UpTime" + }, + "schema": "metric" }, - "panelIndex": "b1fccb13-65ac-413c-b600-674dfb9b42d5", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.connector.name", + "orderBy": "_key", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Connector Name" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" }, - "panelRefName": "panel_7" + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "zscaler_zpa.app_connector_status.connector_up_time", + "negate": false, + "type": "exists", + "value": "exists", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" + }, + "query": { + "exists": { + "field": "zscaler_zpa.app_connector_status.connector_up_time" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 79, + "w": 48, + "h": 15, + "i": "cfd0d990-2314-4b7c-bad4-07b895bf4b55" + }, + "panelIndex": "cfd0d990-2314-4b7c-bad4-07b895bf4b55", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of App Connector by Session Type, Session Status, OS Platform", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false, + "row": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 63, - "w": 24, - "h": 16, - "i": "1d384991-def5-4620-b55f-31e9a8b3218a" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "1d384991-def5-4620-b55f-31e9a8b3218a", - "embeddableConfig": { - "enhancements": {} + { + "id": "4", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.connector.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Connector Name" + }, + "schema": "bucket" }, - "panelRefName": "panel_8" - }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 79, - "w": 48, - "h": 15, - "i": "cfd0d990-2314-4b7c-bad4-07b895bf4b55" + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.session.status", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Session Status" + }, + "schema": "bucket" }, - "panelIndex": "cfd0d990-2314-4b7c-bad4-07b895bf4b55", - "embeddableConfig": { - "enhancements": {} + { + "id": "3", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.app_connector_status.session.type", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Session Type" + }, + "schema": "bucket" }, - "panelRefName": "panel_9" + { + "id": "5", + "enabled": true, + "type": "terms", + "params": { + "field": "observer.os.platform", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "OS Platform" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", + "language": "kuery" + }, + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] App Connector Status", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "zscaler_zpa-43836b20-4c55-11ec-9023-a76a2cb41dcd", - "name": "panel_0", - "type": "map" - }, - { - "id": "zscaler_zpa-dff56dd0-4ce8-11ec-9023-a76a2cb41dcd", - "name": "panel_1", - "type": "map" - }, - { - "id": "zscaler_zpa-b0fa5650-4c55-11ec-9023-a76a2cb41dcd", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "zscaler_zpa-860071f0-4c55-11ec-9023-a76a2cb41dcd", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "zscaler_zpa-89a91550-4c5a-11ec-9023-a76a2cb41dcd", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "zscaler_zpa-d0c885a0-4c5b-11ec-9023-a76a2cb41dcd", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "zscaler_zpa-f03d3c90-4c5c-11ec-9023-a76a2cb41dcd", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "zscaler_zpa-1b2c06c0-4eb5-11ec-9527-b704eaaa5c53", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "zscaler_zpa-17759700-4c5b-11ec-9023-a76a2cb41dcd", - "name": "panel_8", - "type": "visualization" - }, - { - "id": "zscaler_zpa-8ca8eb00-4c5e-11ec-9023-a76a2cb41dcd", - "name": "panel_9", - "type": "visualization" + } } + } ], - "type": "dashboard", - "updated_at": "2021-12-06T11:14:42.883Z", - "version": "WzQ4MTU1LDFd" + "timeRestore": false, + "title": "[Zscaler][ZPA] App Connector Status", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "304163ec-bce7-4995-99cd-7892cf6e4277:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a6f8c118-5b3d-4339-8037-21651b658e0a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "99a58fff-e3ec-42df-9f37-f69008909dc1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f2952e7e-2165-4908-a9a6-6ebf385438e2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b1fccb13-65ac-413c-b600-674dfb9b42d5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1d384991-def5-4620-b55f-31e9a8b3218a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1d384991-def5-4620-b55f-31e9a8b3218a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cfd0d990-2314-4b7c-bad4-07b895bf4b55:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json index 27f0ea00df9..a539e249f8f 100644 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json @@ -1,142 +1,387 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T07:28:45.260Z", + "version": "WzY1OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 0, + "w": 24, + "h": 15, + "i": "c61f1028-287d-427a-80dd-7530fe1d407b" }, - "panelsJSON": [ - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 0, - "w": 24, - "h": 15, - "i": "c61f1028-287d-427a-80dd-7530fe1d407b" - }, - "panelIndex": "c61f1028-287d-427a-80dd-7530fe1d407b", - "embeddableConfig": { - "enhancements": {} - }, - "panelRefName": "panel_0" + "panelIndex": "c61f1028-287d-427a-80dd-7530fe1d407b", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top Users with most activities", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 0, - "w": 24, - "h": 15, - "i": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "Count" + }, + "schema": "metric" }, - "panelIndex": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "User" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.audit\"", + "language": "kuery" }, - "panelRefName": "panel_1" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 0, + "w": 24, + "h": 15, + "i": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b" + }, + "panelIndex": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of Audit Events by type of Operation", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 24, - "h": 15, - "i": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66" + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.audit.operation_type", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Audit Operation type" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.audit\"", + "language": "kuery" }, - "panelRefName": "panel_2" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 15, + "w": 24, + "h": 15, + "i": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66" + }, + "panelIndex": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Distribution of Audit Events by Object Type", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "version": "7.16.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 15, - "w": 24, - "h": 15, - "i": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c" + "params": { + "type": "pie", + "addTooltip": true, + "addLegend": true, + "legendPosition": "right", + "nestedLegend": false, + "truncateLegend": true, + "maxLegendLines": 1, + "distinctColors": false, + "isDonut": false, + "palette": { + "type": "palette", + "name": "temperature" + }, + "labels": { + "show": true, + "last_level": false, + "values": true, + "valuesFormat": "percent", + "percentDecimals": 2, + "truncate": 100, + "position": "default" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.audit.object.type", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Object Type" + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.audit\"", + "language": "kuery" }, - "panelRefName": "panel_3" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } + } + } + } + }, + { + "version": "7.14.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 15, + "w": 24, + "h": 15, + "i": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c" + }, + "panelIndex": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Zscaler][ZPA] Top 10 Objects on which most operations are performed", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "", + "autoFitRowToContent": false }, - { - "version": "7.16.0-SNAPSHOT", - "type": "search", - "gridData": { - "x": 0, - "y": 30, - "w": 48, - "h": 21, - "i": "b4f9406f-ee08-487d-924a-1012fa15442c" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "b4f9406f-ee08-487d-924a-1012fa15442c", - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "zscaler_zpa.audit.object.name", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Object Name" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "data_stream.dataset : \"zscaler_zpa.audit\"", + "language": "kuery" }, - "title": "[Zscaler][ZPA] Audit Operations Details", - "panelRefName": "panel_4" + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + } } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] Audit Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "zscaler_zpa-be0fc2e0-4c63-11ec-9023-a76a2cb41dcd", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "zscaler_zpa-f2e526e0-4c63-11ec-9023-a76a2cb41dcd", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "zscaler_zpa-2fffbd90-4d29-11ec-ad09-d9f49962d407", - "name": "panel_2", - "type": "visualization" + } + } + }, + { + "version": "7.16.0-SNAPSHOT", + "type": "search", + "gridData": { + "x": 0, + "y": 30, + "w": 48, + "h": 21, + "i": "b4f9406f-ee08-487d-924a-1012fa15442c" }, - { - "id": "zscaler_zpa-fc5f4ea0-4ebe-11ec-9527-b704eaaa5c53", - "name": "panel_3", - "type": "visualization" + "panelIndex": "b4f9406f-ee08-487d-924a-1012fa15442c", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53", - "name": "panel_4", - "type": "search" - } + "title": "[Zscaler][ZPA] Audit Operations Details", + "panelRefName": "panel_4" + } ], - "type": "dashboard", - "updated_at": "2021-12-03T05:25:34.232Z", - "version": "WzI0ODQyLDFd" + "timeRestore": false, + "title": "[Zscaler][ZPA] Audit Logs", + "version": 1 + }, + "references": [ + { + "id": "zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53", + "name": "panel_4", + "type": "search" + }, + { + "type": "index-pattern", + "name": "c61f1028-287d-427a-80dd-7530fe1d407b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/map/zscaler_zpa-1f09dc30-4c4f-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/map/zscaler_zpa-1f09dc30-4c4f-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index e2c08cd4dda..00000000000 --- a/packages/zscaler_zpa/kibana/map/zscaler_zpa-1f09dc30-4c4f-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "sourceDescriptor": { - "type": "EMS_TMS", - "isAutoSelect": true - }, - "id": "31d17945-828a-4b1e-9d63-5ff628cae1b3", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 1, - "visible": true, - "style": { - "type": "TILE" - }, - "includeInFitToBounds": true, - "type": "VECTOR_TILE" - }, - { - "sourceDescriptor": { - "geoField": "client.geo.location", - "requestType": "heatmap", - "id": "aab6b218-afd7-47cf-825f-a39f7b57b1fe", - "type": "ES_GEO_GRID", - "applyGlobalQuery": true, - "applyGlobalTime": true, - "applyForceRefresh": true, - "metrics": [ - { - "type": "count" - } - ], - "resolution": "COARSE", - "indexPatternRefName": "layer_1_source_index_pattern" - }, - "id": "0a3d538b-2454-4860-aa46-46f706c738b1", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 0.75, - "visible": true, - "style": { - "type": "HEATMAP", - "colorRampName": "theclassic" - }, - "includeInFitToBounds": true, - "type": "HEATMAP" - } - ], - "mapStateJSON": { - "zoom": 1.06, - "center": { - "lon": 0, - "lat": 19.94277 - }, - "timeFilters": { - "from": "now-15y", - "to": "now" - }, - "refreshConfig": { - "isPaused": true, - "interval": 0 - }, - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_status\" OR data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filters": [], - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "disableInteractive": false, - "disableTooltipControl": false, - "hideToolbarOverlay": false, - "hideLayerControl": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "browserLocation": { - "zoom": 2 - }, - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - } - }, - "title": "[Zscaler][ZPA] Users by region", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-1f09dc30-4c4f-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "map": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map", - "updated_at": "2021-12-02T08:37:35.859Z", - "version": "WzExMDE5LDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/map/zscaler_zpa-43836b20-4c55-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/map/zscaler_zpa-43836b20-4c55-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 4a84b191dc6..00000000000 --- a/packages/zscaler_zpa/kibana/map/zscaler_zpa-43836b20-4c55-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "sourceDescriptor": { - "type": "EMS_TMS", - "isAutoSelect": true - }, - "id": "3099042d-0154-49b6-8c0c-f492730c5835", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 1, - "visible": true, - "style": { - "type": "TILE" - }, - "includeInFitToBounds": true, - "type": "VECTOR_TILE" - }, - { - "sourceDescriptor": { - "geoField": "observer.geo.location", - "requestType": "heatmap", - "id": "aab6b218-afd7-47cf-825f-a39f7b57b1fe", - "type": "ES_GEO_GRID", - "applyGlobalQuery": true, - "applyGlobalTime": true, - "applyForceRefresh": true, - "metrics": [ - { - "type": "count" - } - ], - "resolution": "COARSE", - "indexPatternRefName": "layer_1_source_index_pattern" - }, - "id": "0a3d538b-2454-4860-aa46-46f706c738b1", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 0.75, - "visible": true, - "style": { - "type": "HEATMAP", - "colorRampName": "theclassic" - }, - "includeInFitToBounds": true, - "type": "HEATMAP" - } - ], - "mapStateJSON": { - "zoom": 0.15, - "center": { - "lon": -130.09157, - "lat": 0 - }, - "timeFilters": { - "from": "now-50y", - "to": "now" - }, - "refreshConfig": { - "isPaused": true, - "interval": 0 - }, - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filters": [], - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "disableInteractive": false, - "disableTooltipControl": false, - "hideToolbarOverlay": false, - "hideLayerControl": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "browserLocation": { - "zoom": 2 - }, - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - } - }, - "title": "[Zscaler][ZPA] App Connectors by region", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-43836b20-4c55-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "map": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map", - "updated_at": "2021-12-02T08:29:02.976Z", - "version": "WzEwNjk0LDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/map/zscaler_zpa-5a0f9320-4c44-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/map/zscaler_zpa-5a0f9320-4c44-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 644e25952a1..00000000000 --- a/packages/zscaler_zpa/kibana/map/zscaler_zpa-5a0f9320-4c44-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "sourceDescriptor": { - "type": "EMS_TMS", - "isAutoSelect": true - }, - "id": "44962ab1-9a18-493c-a7c4-4408f7df2ca7", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 1, - "visible": true, - "style": { - "type": "TILE" - }, - "includeInFitToBounds": true, - "type": "VECTOR_TILE" - }, - { - "sourceDescriptor": { - "geoField": "client.geo.location", - "requestType": "heatmap", - "id": "aab6b218-afd7-47cf-825f-a39f7b57b1fe", - "type": "ES_GEO_GRID", - "applyGlobalQuery": true, - "applyGlobalTime": true, - "applyForceRefresh": true, - "metrics": [ - { - "type": "count" - } - ], - "resolution": "COARSE", - "indexPatternRefName": "layer_1_source_index_pattern" - }, - "id": "0a3d538b-2454-4860-aa46-46f706c738b1", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 0.75, - "visible": true, - "style": { - "type": "HEATMAP", - "colorRampName": "theclassic" - }, - "includeInFitToBounds": true, - "type": "HEATMAP" - } - ], - "mapStateJSON": { - "zoom": 0.77, - "center": { - "lon": 35.52056, - "lat": -0.77104 - }, - "timeFilters": { - "from": "now-5y", - "to": "now" - }, - "refreshConfig": { - "isPaused": true, - "interval": 0 - }, - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filters": [], - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "disableInteractive": false, - "disableTooltipControl": false, - "hideToolbarOverlay": false, - "hideLayerControl": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "browserLocation": { - "zoom": 2 - }, - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - } - }, - "title": "[Zscaler][ZPA] Browser Access Events by Region", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-5a0f9320-4c44-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "map": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map", - "updated_at": "2021-12-07T14:31:15.512Z", - "version": "WzE0ODIsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/map/zscaler_zpa-dff56dd0-4ce8-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/map/zscaler_zpa-dff56dd0-4ce8-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index cabd7fa16ee..00000000000 --- a/packages/zscaler_zpa/kibana/map/zscaler_zpa-dff56dd0-4ce8-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "sourceDescriptor": { - "type": "EMS_TMS", - "isAutoSelect": true - }, - "id": "72f12276-ca0b-455c-a518-bf4493c7d673", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 1, - "visible": true, - "style": { - "type": "TILE" - }, - "includeInFitToBounds": true, - "type": "VECTOR_TILE" - }, - { - "sourceDescriptor": { - "geoField": "observer.geo.location", - "requestType": "heatmap", - "id": "aab6b218-afd7-47cf-825f-a39f7b57b1fe", - "type": "ES_GEO_GRID", - "applyGlobalQuery": true, - "applyGlobalTime": true, - "applyForceRefresh": true, - "metrics": [ - { - "type": "cardinality", - "field": "zscaler_zpa.app_connector_status.connector.group" - } - ], - "resolution": "COARSE", - "indexPatternRefName": "layer_1_source_index_pattern" - }, - "id": "0a3d538b-2454-4860-aa46-46f706c738b1", - "label": null, - "minZoom": 0, - "maxZoom": 24, - "alpha": 0.75, - "visible": true, - "style": { - "type": "HEATMAP", - "colorRampName": "theclassic" - }, - "includeInFitToBounds": true, - "type": "HEATMAP" - } - ], - "mapStateJSON": { - "zoom": 0.69, - "center": { - "lon": -81.88323, - "lat": 20.96631 - }, - "timeFilters": { - "from": "now-15y", - "to": "now" - }, - "refreshConfig": { - "isPaused": true, - "interval": 0 - }, - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filters": [], - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "disableInteractive": false, - "disableTooltipControl": false, - "hideToolbarOverlay": false, - "hideLayerControl": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "browserLocation": { - "zoom": 2 - }, - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - } - }, - "title": "[Zscaler][ZPA] Connector Groups by region", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-dff56dd0-4ce8-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "map": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map", - "updated_at": "2021-12-16T06:12:52.253Z", - "version": "WzIwNDUsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-17759700-4c5b-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-17759700-4c5b-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index d1cc94ab82e..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-17759700-4c5b-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.app_connector_status.connector_up_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.app_connector_status.connector_up_time" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top 10 Connector with highest uptime", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top 10 Connector with highest uptime", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "top_hits", - "params": { - "field": "zscaler_zpa.app_connector_status.connector_up_time", - "aggregate": "max", - "size": 10, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "Connector UpTime" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "_key", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-17759700-4c5b-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-16T06:17:25.442Z", - "version": "WzIxMjgsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b2c06c0-4eb5-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b2c06c0-4eb5-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 600b219ceed..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b2c06c0-4eb5-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of App Connector Status by Session Type", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of App Connector Status by Session Type", - "type": "horizontal_bar", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.session.type", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Type" - }, - "schema": "segment" - } - ], - "params": { - "type": "histogram", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "left", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 200 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "bottom", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": true, - "truncate": 100 - }, - "title": { - "text": "" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "histogram", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "interpolate": "linear", - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "temperature" - }, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 0, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-1b2c06c0-4eb5-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T08:15:40.723Z", - "version": "WzEwMzAzLDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b5846e0-4c44-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b5846e0-4c44-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index e83efee0a54..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-1b5846e0-4c44-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of Browser Access by Exporter", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of Browser Access by Exporter", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.browser_access.exporter", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Exporter" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-1b5846e0-4c44-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-06T10:33:40.004Z", - "version": "WzQ3NjY5LDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-23d03780-4eb8-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-23d03780-4eb8-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 56fee5e6d69..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-23d03780-4eb8-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of Browser Access by Browser", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of Browser Access by Browser", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user_agent.name", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Browser" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-23d03780-4eb8-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-06T10:33:52.939Z", - "version": "WzQ3Njk2LDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-2fffbd90-4d29-11ec-ad09-d9f49962d407.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-2fffbd90-4d29-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 9c969514461..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-2fffbd90-4d29-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of Audit Events by Object Type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of Audit Events by Object Type", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.audit.object.type", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Object Type" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-2fffbd90-4d29-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T07:26:39.134Z", - "version": "Wzk0NDIsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4cf30750-4d0a-11ec-ad09-d9f49962d407.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4cf30750-4d0a-11ec-ad09-d9f49962d407.json deleted file mode 100644 index 1f6c41d53a2..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4cf30750-4d0a-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.server_setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.server_setup_time" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Slowest Connector Server", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Slowest Connector Server", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "avg", - "params": { - "field": "zscaler_zpa.user_activity.server_setup_time", - "customLabel": "Server Setup Time (in microseconds)" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "client.ip", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Host" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-4cf30750-4d0a-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-03T10:15:04.677Z", - "version": "WzMxMzkyLDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4ea78dd0-4c49-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4ea78dd0-4c49-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 1d7915cc00b..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-4ea78dd0-4c49-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of Users by Connection Status", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of Users by Connection Status", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_activity.connection.status", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connection Status" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-4ea78dd0-4c49-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-03T09:46:37.308Z", - "version": "WzI5OTg1LDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-552331e0-4c4f-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-552331e0-4c4f-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index b084d338430..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-552331e0-4c4f-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of User by Client type", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of User by Client type", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_status.client.type", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Client Type" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-552331e0-4c4f-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-26T12:58:31.486Z", - "version": "WzU4NjAsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-76176ed0-4c4e-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-76176ed0-4c4e-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index b8349688628..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-76176ed0-4c4e-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top Countries with Users", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top Countries with Users", - "type": "horizontal_bar", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "client.geo.country_iso_code", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Country Code" - }, - "schema": "segment" - } - ], - "params": { - "type": "histogram", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "left", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 200 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "bottom", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": true, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "histogram", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "interpolate": "linear", - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "temperature" - }, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 0, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-76176ed0-4c4e-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-26T12:58:31.486Z", - "version": "WzU4NjEsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-82076ba0-4e74-11ec-ad09-d9f49962d407.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-82076ba0-4e74-11ec-ad09-d9f49962d407.json deleted file mode 100644 index de226cc5ad8..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-82076ba0-4e74-11ec-ad09-d9f49962d407.json +++ /dev/null @@ -1,198 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.connector_zen_setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.connector_zen_setup_time" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.connection.setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.connection.setup_time" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.server_setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.server_setup_time" - } - } - } - ] - } - }, - "title": "[Zscaler][ZPA] Slowest Applications", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Slowest Applications", - "type": "metrics", - "aggs": [], - "params": { - "time_range_mode": "entire_time_range", - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "bar_color_rules": [ - { - "id": "4ac99360-4dd5-11ec-9c7f-599fe68d9667" - } - ], - "drop_last_bucket": 0, - "id": "81cebc93-9e11-4079-9241-baa103cd5db6", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "pivot_id": "client.ip", - "pivot_label": "Client IP", - "pivot_type": "string", - "series": [ - { - "time_range_mode": "entire_time_range", - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "hidden": false, - "id": "a5e34d80-4dd6-11ec-9c7f-599fe68d9667", - "label": "Application Setup Time (in microseconds)", - "line_width": 1, - "metrics": [ - { - "id": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "zscaler_zpa.user_activity.server_setup_time" - }, - { - "id": "5adf7740-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "zscaler_zpa.user_activity.connection.setup_time" - }, - { - "id": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "zscaler_zpa.user_activity.connector_zen_setup_time" - }, - { - "id": "7956fef0-4dfa-11ec-9c7f-599fe68d9667", - "type": "math", - "variables": [ - { - "id": "7ad8bcf0-4dfa-11ec-9c7f-599fe68d9667", - "name": "a", - "field": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667" - }, - { - "id": "80181f30-4dfa-11ec-9c7f-599fe68d9667", - "name": "b", - "field": "5adf7740-4dfa-11ec-9c7f-599fe68d9667" - }, - { - "id": "81c5f640-4dfa-11ec-9c7f-599fe68d9667", - "name": "c", - "field": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667" - } - ], - "script": "params.a + params.b + params.c" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "table", - "use_kibana_indexes": true, - "index_pattern_ref_name": "metrics_0_index_pattern" - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-82076ba0-4e74-11ec-ad09-d9f49962d407", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "metrics_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-03T10:14:36.668Z", - "version": "WzMxMzYxLDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-860071f0-4c55-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-860071f0-4c55-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 82637040b8d..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-860071f0-4c55-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top 10 ZEN with frequent usage", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top 10 ZEN with frequent usage", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.zen", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "ZEN" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-860071f0-4c55-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T08:10:02.798Z", - "version": "WzEwMDYxLDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-89a91550-4c5a-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-89a91550-4c5a-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 24df6a8a566..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-89a91550-4c5a-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top 10 Connectors by name", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top 10 Connectors by name", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-89a91550-4c5a-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T08:10:44.274Z", - "version": "WzEwMDk1LDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-8ca8eb00-4c5e-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-8ca8eb00-4c5e-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 07481d5e072..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-8ca8eb00-4c5e-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of App Connector by Session Type, Session Status, OS Platform", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of App Connector by Session Type, Session Status, OS Platform", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "bucket" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.session.status", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Status" - }, - "schema": "bucket" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.session.type", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Type" - }, - "schema": "bucket" - }, - { - "id": "5", - "enabled": true, - "type": "terms", - "params": { - "field": "observer.os.platform", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "OS Platform" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false, - "row": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-8ca8eb00-4c5e-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T08:23:25.330Z", - "version": "WzEwNTIxLDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-9f334ef0-4c4f-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-9f334ef0-4c4f-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index eb12ca4e173..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-9f334ef0-4c4f-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of User by Session Status", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of User by Session Status", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_status.session.status", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Status" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-9f334ef0-4c4f-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-26T12:58:31.486Z", - "version": "WzU4NTksMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-b0fa5650-4c55-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-b0fa5650-4c55-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 911546ac03a..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-b0fa5650-4c55-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Total App Connectors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Total App Connectors", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "customLabel": "Total App Connectors" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-b0fa5650-4c55-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T07:57:25.973Z", - "version": "Wzk4MjIsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-be0fc2e0-4c63-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-be0fc2e0-4c63-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index db1f4209066..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-be0fc2e0-4c63-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top Users with most activities", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top Users with most activities", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "User" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-be0fc2e0-4c63-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T07:24:53.458Z", - "version": "WzkzMjksMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-c8d009c0-4c4e-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-c8d009c0-4c4e-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 10c42acd741..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-c8d009c0-4c4e-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Total Users", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Total Users", - "type": "metric", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "user.name", - "customLabel": "Total Users" - }, - "schema": "metric" - } - ], - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-c8d009c0-4c4e-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-26T12:58:31.486Z", - "version": "WzU4NTcsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-ccbe7ed0-4c4a-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-ccbe7ed0-4c4a-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 935842d7368..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-ccbe7ed0-4c4a-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of Users per Application (Top 10)", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of Users per Application (Top 10)", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_activity.application", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Application Name" - }, - "schema": "bucket" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "user.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Username" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-ccbe7ed0-4c4a-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-26T12:58:31.486Z", - "version": "WzU4NjMsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d0c885a0-4c5b-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d0c885a0-4c5b-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 9cea071ae5c..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d0c885a0-4c5b-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,177 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] CPU Utilization by Connector over time", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] CPU Utilization by Connector over time", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "top_hits", - "params": { - "field": "host.cpu.usage", - "aggregate": "concat", - "size": 10, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "CPU Utilization" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-15d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "12h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {}, - "customLabel": "" - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "_key", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "group" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "CPU Utilization" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "CPU Utilization", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-d0c885a0-4c5b-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T08:13:27.959Z", - "version": "WzEwMjAzLDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d124a2a0-4c4b-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d124a2a0-4c4b-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index bcfb43b9c63..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d124a2a0-4c4b-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top 10 AppGroups", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top 10 AppGroups", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_activity.app_group", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "App Groups" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-d124a2a0-4c4b-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-11-26T12:58:31.486Z", - "version": "WzU4NjQsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d8e44aa0-5992-11ec-b2d0-45019404f2e5.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d8e44aa0-5992-11ec-b2d0-45019404f2e5.json deleted file mode 100644 index d12c7455940..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-d8e44aa0-5992-11ec-b2d0-45019404f2e5.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of OS across user.", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of OS across user.", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "user.name" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user_agent.os.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "user_agent.os.version", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "default" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - }, - "row": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-d8e44aa0-5992-11ec-b2d0-45019404f2e5", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-10T08:26:18.069Z", - "version": "WzEwNTMsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-e86c2d90-4c49-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-e86c2d90-4c49-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index ba5f6fc4003..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-e86c2d90-4c49-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\" and zscaler_zpa.user_activity.connection.status : \"active\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top 10 Active Users", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top 10 Active Users", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "User Name" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-e86c2d90-4c49-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-03T09:50:43.417Z", - "version": "WzMwMjYwLDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f03d3c90-4c5c-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f03d3c90-4c5c-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 0878d86a459..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f03d3c90-4c5c-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,177 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Memory Utilization by Connector over time", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Memory Utilization by Connector over time", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "top_hits", - "params": { - "field": "zscaler_zpa.app_connector_status.memory.utilization", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "Memory Utilization" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-15d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "12h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {}, - "customLabel": "" - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "_key", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "group" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Memory Utilization" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Memory Utilization", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-f03d3c90-4c5c-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T08:14:55.427Z", - "version": "WzEwMjU4LDFd" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f2e526e0-4c63-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f2e526e0-4c63-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index b00eed9fa8e..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-f2e526e0-4c63-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Distribution of Audit Events by type of Operation", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Distribution of Audit Events by type of Operation", - "type": "pie", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.audit.operation_type", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Audit Operation type" - }, - "schema": "segment" - } - ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-f2e526e0-4c63-11ec-9023-a76a2cb41dcd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T07:25:49.816Z", - "version": "WzkzNjMsMV0=" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-fc5f4ea0-4ebe-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-fc5f4ea0-4ebe-11ec-9527-b704eaaa5c53.json deleted file mode 100644 index 5294dc4d4b1..00000000000 --- a/packages/zscaler_zpa/kibana/visualization/zscaler_zpa-fc5f4ea0-4ebe-11ec-9527-b704eaaa5c53.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - }, - "title": "[Zscaler][ZPA] Top 10 Objects on which most operations are performed", - "uiStateJSON": {}, - "version": 1, - "visState": { - "title": "[Zscaler][ZPA] Top 10 Objects on which most operations are performed", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.audit.object.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Object Name" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - } - } - }, - "coreMigrationVersion": "7.16.0", - "id": "zscaler_zpa-fc5f4ea0-4ebe-11ec-9527-b704eaaa5c53", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-12-02T07:27:29.190Z", - "version": "Wzk0NjYsMV0=" -} \ No newline at end of file From 84e007138191ea4002295d0f7621db49c2a397f8 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 13:42:43 +0530 Subject: [PATCH 040/103] all inlined gcp --- .../dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json | 6 +++--- .../dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json | 6 +++--- .../dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json | 6 +++--- .../dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json | 6 +++--- .../dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json | 6 +++--- .../dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json | 6 +++--- .../dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json | 6 +++--- .../dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json | 6 +++--- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json b/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json index 2dada268897..98e4d88155f 100644 --- a/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json +++ b/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcxNCwxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyMiwxXQ==", "attributes": { "description": "Overview of the audit log data from Google Cloud.", "hits": 0, @@ -640,5 +640,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json index ed6618e1991..be095d035a4 100644 --- a/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json +++ b/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcxNSwxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyMywxXQ==", "attributes": { "description": "Overview of Google Cloud Load Balancing TCP SSL Proxy Metrics\n\n", "hits": 0, @@ -525,5 +525,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json index e25a5709343..7a249c1138f 100644 --- a/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json +++ b/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcxNiwxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyNCwxXQ==", "attributes": { "description": "Overview of Google Cloud Billing Metrics", "hits": 0, @@ -716,5 +716,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json b/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json index a3d271940ec..54084f4626e 100644 --- a/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json +++ b/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcxNywxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyNSwxXQ==", "attributes": { "description": "Overview of the firewall log data from Google Cloud.", "hits": 0, @@ -1750,5 +1750,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json index 81a1e9717c8..65d86ec558a 100644 --- a/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json +++ b/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcxOCwxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyNiwxXQ==", "attributes": { "description": "Overview of GCP Load Balancing L3 Metrics", "hits": 0, @@ -434,5 +434,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json b/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json index 2b9d97a0c4e..4eff0394770 100644 --- a/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json +++ b/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcxOSwxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyNywxXQ==", "attributes": { "description": "Overview of the VPC flow log data from Google Cloud.", "hits": 0, @@ -1720,5 +1720,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json index e50bfe0221d..e9e7e566d66 100644 --- a/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json +++ b/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcyMCwxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyOCwxXQ==", "attributes": { "description": "Overview of GCP Load Balancing HTTPS Metrics", "hits": 0, @@ -566,5 +566,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json b/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json index 6cf73e5311c..423f82a4ea2 100644 --- a/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json +++ b/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-09-14T09:47:20.533Z", - "version": "WzcyMSwxXQ==", + "updated_at": "2022-10-28T08:12:34.039Z", + "version": "WzYyOSwxXQ==", "attributes": { "description": "Overview of GCP Compute Metrics", "hits": 0, @@ -682,5 +682,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.6" + "coreMigrationVersion": "7.17.3" } \ No newline at end of file From 7339783a3a0aac142a1dc266250230b76cabc567 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 20:36:47 +0530 Subject: [PATCH 041/103] bump kib version o365, okta, osquery --- packages/o365/manifest.yml | 2 +- packages/okta/manifest.yml | 2 +- packages/osquery/manifest.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index b2ca2c4cf21..67634aa4b79 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: [security] conditions: - kibana.version: ^7.14.0 || ^8.0.0 + kibana.version: ^7.17.0 || ^8.0.0 icons: - src: /img/logo-integrations-microsoft-365.svg title: Microsoft Office 365 diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index 31fa7decc64..8b131beebf3 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: [security] conditions: - kibana.version: ^7.14.0 || ^8.0.0 + kibana.version: ^7.17.0 || ^8.0.0 icons: - src: /img/okta-logo.svg title: Okta diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index ac98421c4b6..1c6a0868031 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -15,7 +15,7 @@ categories: - security - os_system conditions: - kibana.version: ^7.14.0 || ^8.0.0 + kibana.version: ^7.17.0 || ^8.0.0 screenshots: - src: /img/kibana-osquery-compatibility.png title: kibana osquery compatibility From 3e613b24725ae26ee090abf54c143f45a56d9f20 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 28 Oct 2022 20:46:55 +0530 Subject: [PATCH 042/103] all inlined infoblox_nios --- ...-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json | 1262 +++++++------ ...-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json | 869 ++------- ...-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json | 1561 ++++------------- 3 files changed, 1100 insertions(+), 2592 deletions(-) diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json index 7c57a0e7f57..647b8805d73 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json @@ -1,722 +1,664 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "id": "infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T15:15:26.772Z", + "version": "WzYyMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "DHCP" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "infoblox_nios.log.type": "DHCP" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5ab31944-bb04-4fcd-9734-6dd0a050581b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "5ab31944-bb04-4fcd-9734-6dd0a050581b", + "panelRefName": "panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "panelRefName": "panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "76c2205b-d288-41b8-bd79-33e76a42289a", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "76c2205b-d288-41b8-bd79-33e76a42289a", + "panelRefName": "panel_76c2205b-d288-41b8-bd79-33e76a42289a", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "panelRefName": "panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "DHCP" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "DHCP" - } - } + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpack\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" } - ], - "query": { - "language": "kuery", - "query": "" + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" } - } - } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Count of Leases Renewed Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} } }, "gridData": { "h": 15, - "i": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e", + "i": "e1c539c2-d236-4767-86da-469124ac35fa", "w": 24, "x": 0, "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5ab31944-bb04-4fcd-9734-6dd0a050581b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "5ab31944-bb04-4fcd-9734-6dd0a050581b", - "panelRefName": "panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "panelRefName": "panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "76c2205b-d288-41b8-bd79-33e76a42289a", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "76c2205b-d288-41b8-bd79-33e76a42289a", - "panelRefName": "panel_76c2205b-d288-41b8-bd79-33e76a42289a", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "panelRefName": "panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "type": "search", - "version": "7.17.0" + "panelIndex": "e1c539c2-d236-4767-86da-469124ac35fa", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpack\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Renewed Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" } - }, - "gridData": { - "h": 15, - "i": "e1c539c2-d236-4767-86da-469124ac35fa", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "e1c539c2-d236-4767-86da-469124ac35fa", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpdecline\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Declined Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpdecline\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" } - }, - "gridData": { - "h": 15, - "i": "5767168a-28c2-49c8-9e1c-10210600e8ca", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "5767168a-28c2-49c8-9e1c-10210600e8ca", - "type": "visualization", - "version": "7.17.0" + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpexpire\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Expired Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", - "type": "visualization", - "version": "7.17.0" + "title": "Count of Leases Declined Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "5767168a-28c2-49c8-9e1c-10210600e8ca", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "5767168a-28c2-49c8-9e1c-10210600e8ca", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcprelease\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Released Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpexpire\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" } - }, - "gridData": { - "h": 15, - "i": "1141be07-af74-407b-ab41-805d9abf7a9d", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "1141be07-af74-407b-ab41-805d9abf7a9d", - "type": "visualization", - "version": "7.17.0" + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "310773ab-50b9-45eb-b84b-d5ac4dd962ff": { - "columnOrder": [ - "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", - "0552e5bb-f6f0-4619-a623-b95cbb3c3561" - ], - "columns": { - "0552e5bb-f6f0-4619-a623-b95cbb3c3561": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24491aaa-9a7c-4f4e-aea5-9621bc64c38a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "MAC Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.mac" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", - "isTransposed": false - } - ], - "layerId": "310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "layerType": "data" - } - }, - "title": "Top 10 MAC Address [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", - "title": "Top 10 MAC Address [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] DHCP", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "infoblox_nios-71f7a570-b4dd-11ec-80e1-4bd67c5762eb", - "name": "5ab31944-bb04-4fcd-9734-6dd0a050581b:panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", - "type": "search" - }, - { - "id": "infoblox_nios-7103abb0-b4e1-11ec-80e1-4bd67c5762eb", - "name": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba:panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "type": "search" - }, - { - "id": "infoblox_nios-4559ff50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "76c2205b-d288-41b8-bd79-33e76a42289a:panel_76c2205b-d288-41b8-bd79-33e76a42289a", - "type": "search" - }, - { - "id": "infoblox_nios-8d55bb50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "76cacd94-5599-43e7-bcde-e1e19c7d8e96:panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "type": "search" + "title": "Count of Leases Expired Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "e1c539c2-d236-4767-86da-469124ac35fa:metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "5767168a-28c2-49c8-9e1c-10210600e8ca:metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", - "type": "index-pattern" + "panelIndex": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcprelease\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Count of Leases Released Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8:metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "1141be07-af74-407b-ab41-805d9abf7a9d", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "1141be07-af74-407b-ab41-805d9abf7a9d:metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", - "type": "index-pattern" + "panelIndex": "1141be07-af74-407b-ab41-805d9abf7a9d", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "310773ab-50b9-45eb-b84b-d5ac4dd962ff": { + "columnOrder": [ + "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", + "0552e5bb-f6f0-4619-a623-b95cbb3c3561" + ], + "columns": { + "0552e5bb-f6f0-4619-a623-b95cbb3c3561": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24491aaa-9a7c-4f4e-aea5-9621bc64c38a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "MAC Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.mac" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", + "isTransposed": false + } + ], + "layerId": "310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "layerType": "data" + } + }, + "title": "Top 10 MAC Address [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "type": "index-pattern" - } + "panelIndex": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", + "title": "Top 10 MAC Address [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + } ], "timeRestore": false, "title": "[Logs Infoblox NIOS] DHCP", "version": 1 }, "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, { "id": "infoblox_nios-71f7a570-b4dd-11ec-80e1-4bd67c5762eb", - "name": "panel_3", + "name": "5ab31944-bb04-4fcd-9734-6dd0a050581b:panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", "type": "search" }, { "id": "infoblox_nios-7103abb0-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_5", + "name": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba:panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", "type": "search" }, { "id": "infoblox_nios-4559ff50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_7", + "name": "76c2205b-d288-41b8-bd79-33e76a42289a:panel_76c2205b-d288-41b8-bd79-33e76a42289a", "type": "search" }, { "id": "infoblox_nios-8d55bb50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_8", + "name": "76cacd94-5599-43e7-bcde-e1e19c7d8e96:panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", "type": "search" }, { - "type": "index-pattern", - "name": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e:metrics_0_index_pattern", - "id": "logs-*" + "id": "logs-*", + "name": "e1c539c2-d236-4767-86da-469124ac35fa:metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "d0884783-30e6-47ed-bfca-99d4b0b423e9:metrics_0_index_pattern", - "id": "logs-*" + "id": "logs-*", + "name": "5767168a-28c2-49c8-9e1c-10210600e8ca:metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b:metrics_0_index_pattern", - "id": "logs-*" + "id": "logs-*", + "name": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8:metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "1141be07-af74-407b-ab41-805d9abf7a9d:metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "id": "logs-*" + "id": "logs-*", + "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "b3562120-30fb-4068-8f51-016a4d463d54:metrics_0_index_pattern", - "id": "logs-*" + "id": "logs-*", + "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "type": "index-pattern" } ], "migrationVersion": { diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json index f1c74a39df3..7f97c194896 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json @@ -1,573 +1,63 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "AUDIT" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "AUDIT" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search", - "version": "7.17.0" + "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T15:15:26.772Z", + "version": "WzYyMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", - "version": "7.17.0" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { - "columnOrder": [ - "fcb0dd34-08f1-4b12-a947-66514002a247", - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "columns": { - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fcb0dd34-08f1-4b12-a947-66514002a247": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a80ffa5e-4561-415e-9059-04eb43007744", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, + { + "$state": { + "store": "appState" }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3b197aef-e049-44df-a30f-fc807fdb1718": { - "columnOrder": [ - "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "4eb788c2-ebce-473d-bfb0-ee0409862740" - ], - "columns": { - "4eb788c2-ebce-473d-bfb0-ee0409862740": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6786ed8f-346e-419e-b8a7-1eea3d76b317": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Failure", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - }, - "e9c4594f-2e2d-4750-9b04-eb1632f13753": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Via", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "infoblox_nios.log.audit.apparently_via" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login_denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login_denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "isTransposed": false - }, - { - "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "isTransposed": false - }, - { - "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "isTransposed": false - } - ], - "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", - "layerType": "data" - } - }, - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5afac073-fbf9-4826-b39b-dc95b0000227", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "AUDIT" + }, + "type": "phrase" }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9688c841-6bb3-4369-8c27-894421c9ea56": { - "columnOrder": [ - "392073ca-09fb-4349-826e-fe44effa2a8e", - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" - ], - "columns": { - "392073ca-09fb-4349-826e-fe44effa2a8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "isTransposed": false - } - ], - "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", - "layerType": "data" - } - }, - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "query": { + "match_phrase": { + "infoblox_nios.log.type": "AUDIT" + } } + } ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search" - }, - { - "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "type": "search" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" + "query": { + "language": "kuery", + "query": "" } } }, @@ -577,12 +67,56 @@ "useMargins": true }, "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efab2208-7c53-44d0-ab95-44e4f536b001", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", + "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search", + "version": "7.17.0" + }, { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "title": "Created and Deleted Objects [Logs Infoblox NIOS]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -629,7 +163,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + "query": "" }, "visualization": { "axisTitlesVisibilitySettings": { @@ -686,38 +220,44 @@ } }, "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", + "i": "a80ffa5e-4561-415e-9059-04eb43007744", "w": 48, "x": 0, "y": 0 }, - "panelIndex": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", + "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -826,7 +366,7 @@ ], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + "query": "" }, "visualization": { "columns": [ @@ -853,44 +393,40 @@ } }, "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", + "i": "5afac073-fbf9-4826-b39b-dc95b0000227", "w": 24, "x": 0, "y": 15 }, - "panelIndex": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", + "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -937,7 +473,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + "query": "" }, "visualization": { "columns": [ @@ -956,65 +492,22 @@ } }, "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", + "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", "w": 24, "x": 24, "y": 15 }, - "panelIndex": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", + "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", "title": "Top 10 Login User Name [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_3", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_4", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", "version": "7.17.0" } ], @@ -1023,50 +516,60 @@ "version": 1 }, "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, { "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "panel_3", + "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", "type": "search" }, { "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "panel_4", + "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", "type": "search" }, { - "type": "index-pattern", - "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "id": "logs-*" + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "id": "logs-*" + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:filter-index-pattern-0", - "id": "logs-*" + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "id": "logs-*" + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" } ], "migrationVersion": { diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json index 358459d7e33..71d54dcfc63 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json @@ -1,1018 +1,63 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "DNS" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "DNS" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "panelRefName": "panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "panelRefName": "panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.response_code" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Flag", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.header_flags" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "66c59159-c694-4f18-acdc-4a0ee8f24e44", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "66c59159-c694-4f18-acdc-4a0ee8f24e44", - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Class", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.question.class" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3dbd8734-c5a9-4b69-82ab-441be9c681df", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "3dbd8734-c5a9-4b69-82ab-441be9c681df", - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-28T15:15:26.772Z", + "version": "WzYyNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.port" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Answer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.answers.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae613e8d-a0c5-464d-90ad-ef352d122514", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "ae613e8d-a0c5-464d-90ad-ef352d122514", - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, + { + "$state": { + "store": "appState" }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7b2fd611-413f-42a2-a4ae-6b14098521bd", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "7b2fd611-413f-42a2-a4ae-6b14098521bd", - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "DNS" + }, + "type": "phrase" }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Query Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "eff09424-7521-473d-88ab-368aa2d33b69", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "eff09424-7521-473d-88ab-368aa2d33b69", - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" + "query": { + "match_phrase": { + "infoblox_nios.log.type": "DNS" + } } + } ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] DNS", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", - "name": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca:panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "type": "search" - }, - { - "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", - "name": "33030bbb-3670-4b20-ab01-b0eb157ea4e5:panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "type": "search" - }, - { - "id": "logs-*", - "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" + "query": { + "language": "kuery", + "query": "" } } }, @@ -1024,10 +69,52 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "panelRefName": "panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "panelRefName": "panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1075,7 +162,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "layers": [ @@ -1099,39 +186,40 @@ } }, "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", + "i": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", "w": 24, "x": 0, "y": 0 }, - "panelIndex": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", + "panelIndex": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1179,7 +267,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "layers": [ @@ -1203,39 +291,40 @@ } }, "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", + "i": "66c59159-c694-4f18-acdc-4a0ee8f24e44", "w": 24, "x": 24, "y": 0 }, - "panelIndex": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", + "panelIndex": "66c59159-c694-4f18-acdc-4a0ee8f24e44", "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1283,7 +372,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "layers": [ @@ -1307,39 +396,40 @@ } }, "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", + "i": "3dbd8734-c5a9-4b69-82ab-441be9c681df", "w": 24, "x": 0, "y": 15 }, - "panelIndex": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", + "panelIndex": "3dbd8734-c5a9-4b69-82ab-441be9c681df", "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1386,7 +476,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "columns": [ @@ -1405,39 +495,40 @@ } }, "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", + "i": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", "w": 24, "x": 24, "y": 15 }, - "panelIndex": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", + "panelIndex": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1484,7 +575,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "columns": [ @@ -1504,39 +595,40 @@ } }, "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "d91a4b30-da3a-402b-a7b7-542680808c83", + "i": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", "w": 24, "x": 0, "y": 30 }, - "panelIndex": "d91a4b30-da3a-402b-a7b7-542680808c83", + "panelIndex": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1583,7 +675,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "columns": [ @@ -1602,39 +694,40 @@ } }, "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "820c618a-04ef-4d1d-95e4-76be0a783c03", + "i": "ae613e8d-a0c5-464d-90ad-ef352d122514", "w": 24, "x": 24, "y": 30 }, - "panelIndex": "820c618a-04ef-4d1d-95e4-76be0a783c03", + "panelIndex": "ae613e8d-a0c5-464d-90ad-ef352d122514", "title": "Top 10 Answer Name [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1681,7 +774,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "columns": [ @@ -1700,71 +793,40 @@ } }, "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "1129632e-0004-4421-bf56-406d8499a2bb", + "i": "7b2fd611-413f-42a2-a4ae-6b14098521bd", "w": 24, "x": 0, "y": 45 }, - "panelIndex": "1129632e-0004-4421-bf56-406d8499a2bb", + "panelIndex": "7b2fd611-413f-42a2-a4ae-6b14098521bd", "title": "Top 10 Question Name [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "panelRefName": "panel_7", - "type": "search", "version": "7.17.0" }, { "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "panelRefName": "panel_8", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, "attributes": { "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], "state": { "datasourceStates": { "indexpattern": { @@ -1811,7 +873,7 @@ "filters": [], "query": { "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "query": "" }, "visualization": { "columns": [ @@ -1830,32 +892,23 @@ } }, "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "5a855a3a-e38e-432e-b09a-0960167960cd", + "i": "eff09424-7521-473d-88ab-368aa2d33b69", "w": 24, "x": 24, "y": 45 }, - "panelIndex": "5a855a3a-e38e-432e-b09a-0960167960cd", + "panelIndex": "eff09424-7521-473d-88ab-368aa2d33b69", "title": "Top 10 Query Type [Logs Infoblox NIOS]", "type": "lens", - "version": "7.16.0" + "version": "7.17.0" } ], "timeRestore": false, @@ -1863,95 +916,105 @@ "version": 1 }, "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, { "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", - "name": "panel_7", + "name": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca:panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", "type": "search" }, { "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", - "name": "panel_8", + "name": "33030bbb-3670-4b20-ab01-b0eb157ea4e5:panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", "type": "search" }, { - "type": "index-pattern", - "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "id": "logs-*" + "id": "logs-*", + "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "id": "logs-*" + "id": "logs-*", + "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "id": "logs-*" + "id": "logs-*", + "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" + "id": "logs-*", + "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" + "id": "logs-*", + "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" + "id": "logs-*", + "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" + "id": "logs-*", + "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-current-indexpattern", - "id": "logs-*" + "id": "logs-*", + "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "type": "index-pattern", - "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" + "id": "logs-*", + "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" } ], "migrationVersion": { From 4158ba5ca07bd4623e14fc1d7ad709d0c027c98f Mon Sep 17 00:00:00 2001 From: kcreddy Date: Sun, 30 Oct 2022 15:22:34 +0530 Subject: [PATCH 043/103] add changelog entries --- packages/1password/changelog.yml | 5 +++++ packages/1password/manifest.yml | 2 +- packages/auditd/changelog.yml | 5 +++++ packages/auditd/manifest.yml | 2 +- packages/auditd_manager/changelog.yml | 5 +++++ packages/auditd_manager/manifest.yml | 2 +- packages/auth0/changelog.yml | 5 +++++ packages/auth0/manifest.yml | 2 +- packages/carbon_black_cloud/changelog.yml | 5 +++++ packages/carbon_black_cloud/manifest.yml | 2 +- packages/cef/changelog.yml | 5 +++++ packages/cef/manifest.yml | 2 +- packages/cisco/changelog.yml | 5 +++++ packages/cisco/manifest.yml | 2 +- packages/cisco_asa/changelog.yml | 5 +++++ packages/cisco_asa/manifest.yml | 2 +- packages/cisco_duo/changelog.yml | 5 +++++ packages/cisco_duo/manifest.yml | 2 +- packages/cisco_ise/changelog.yml | 5 +++++ packages/cisco_ise/manifest.yml | 2 +- packages/cisco_secure_email_gateway/changelog.yml | 5 +++++ packages/cisco_secure_email_gateway/manifest.yml | 2 +- packages/cloudflare/changelog.yml | 5 +++++ packages/cloudflare/manifest.yml | 2 +- packages/cyberarkpas/changelog.yml | 5 +++++ packages/cyberarkpas/manifest.yml | 2 +- packages/gcp/changelog.yml | 5 +++++ packages/gcp/manifest.yml | 2 +- packages/github/changelog.yml | 5 +++++ packages/github/manifest.yml | 2 +- packages/hashicorp_vault/changelog.yml | 5 +++++ packages/hashicorp_vault/manifest.yml | 2 +- packages/hid_bravura_monitor/changelog.yml | 5 +++++ packages/hid_bravura_monitor/manifest.yml | 2 +- packages/infoblox_nios/changelog.yml | 5 +++++ packages/infoblox_nios/manifest.yml | 2 +- packages/iptables/changelog.yml | 5 +++++ packages/iptables/manifest.yml | 2 +- packages/microsoft/changelog.yml | 5 +++++ packages/microsoft/manifest.yml | 2 +- packages/microsoft_defender_endpoint/changelog.yml | 5 +++++ packages/microsoft_defender_endpoint/manifest.yml | 2 +- packages/mimecast/changelog.yml | 5 +++++ packages/mimecast/manifest.yml | 2 +- packages/netflow/changelog.yml | 5 +++++ packages/netflow/manifest.yml | 2 +- packages/netskope/changelog.yml | 5 +++++ packages/netskope/manifest.yml | 2 +- packages/network_traffic/changelog.yml | 5 +++++ packages/network_traffic/manifest.yml | 2 +- packages/o365/changelog.yml | 5 +++++ packages/o365/manifest.yml | 2 +- packages/okta/changelog.yml | 5 +++++ packages/okta/manifest.yml | 2 +- packages/osquery/changelog.yml | 5 +++++ packages/osquery/manifest.yml | 2 +- packages/panw/changelog.yml | 5 +++++ packages/panw/manifest.yml | 2 +- packages/pfsense/changelog.yml | 5 +++++ packages/pfsense/manifest.yml | 2 +- packages/proofpoint_tap/changelog.yml | 5 +++++ packages/proofpoint_tap/manifest.yml | 2 +- packages/qnap_nas/changelog.yml | 5 +++++ packages/qnap_nas/manifest.yml | 2 +- packages/santa/changelog.yml | 5 +++++ packages/santa/manifest.yml | 2 +- packages/sentinel_one/changelog.yml | 5 +++++ packages/sentinel_one/manifest.yml | 2 +- packages/sonicwall_firewall/changelog.yml | 5 +++++ packages/sonicwall_firewall/manifest.yml | 2 +- packages/suricata/changelog.yml | 5 +++++ packages/suricata/manifest.yml | 2 +- packages/tenable_sc/changelog.yml | 5 +++++ packages/tenable_sc/manifest.yml | 2 +- packages/zeek/changelog.yml | 5 +++++ packages/zeek/manifest.yml | 2 +- packages/zscaler_zia/changelog.yml | 5 +++++ packages/zscaler_zia/manifest.yml | 2 +- packages/zscaler_zpa/changelog.yml | 5 +++++ packages/zscaler_zpa/manifest.yml | 2 +- 80 files changed, 240 insertions(+), 40 deletions(-) diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index b50a7eb6dc8..0acc7168956 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.6.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml index 2c8be310255..5587e5f9846 100644 --- a/packages/1password/manifest.yml +++ b/packages/1password/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: 1password title: "1Password" -version: 1.6.0 +version: 1.6.1 license: basic description: Collect logs from 1Password with Elastic Agent. type: integration diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 391e21dc07c..4d71ce8a9c0 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.3.5" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "3.3.4" changes: - description: Remove duplicate fields. diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index 625b1497d0e..5455f14dd10 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd Logs -version: "3.3.4" +version: "3.3.5" release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index 0291f2a88ea..24454a8b969 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/auditd_manager/manifest.yml b/packages/auditd_manager/manifest.yml index 86465dfc947..5f10f6eac99 100644 --- a/packages/auditd_manager/manifest.yml +++ b/packages/auditd_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auditd_manager title: "Auditd Manager" -version: "1.3.0" +version: "1.3.1" release: ga license: basic description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel." diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index 1a18a5a944e..a220996a100 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.2" changes: - description: Remove duplicate field. diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index 524c602d69e..b8fd6cbbbc6 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auth0 title: "Auth0" -version: 1.2.2 +version: 1.2.3 license: basic description: Collect logs from Auth0 with Elastic Agent. type: integration diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 94995104bd8..dc5659be520 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.1" changes: - description: Remove duplicate fields. diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index 6e169bdfa20..73cf6051a84 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.3.1" +version: "1.3.2" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index d31a419c52a..6c94c874fce 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.5" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.3.4" changes: - description: Remove duplicate fields. diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index a56419f83cc..b1115002fbd 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: Common Event Format (CEF) -version: 2.3.4 +version: 2.3.5 release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration diff --git a/packages/cisco/changelog.yml b/packages/cisco/changelog.yml index ed20c974cd2..6592a2b544c 100644 --- a/packages/cisco/changelog.yml +++ b/packages/cisco/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.4" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "0.13.3" changes: - description: Update readme file diff --git a/packages/cisco/manifest.yml b/packages/cisco/manifest.yml index 2b4ec970c68..64b166a5d54 100644 --- a/packages/cisco/manifest.yml +++ b/packages/cisco/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco title: Cisco -version: 0.13.3 +version: 0.13.4 license: basic description: Deprecated. Use a specific Cisco package instead. type: integration diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 6e6db0bf56a..a937edf0855 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.8.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.8.0" changes: - description: Harmonise with pipeline with Cisco FTD. diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index f76c1e86272..81575b6dccc 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: "2.8.0" +version: "2.8.1" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 85330d69482..d3beb0aac48 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.2" changes: - description: Fix handling of empty event lists. diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 650856088b8..7d8c413488a 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: "1.5.2" +version: "1.5.3" license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index 2775d365066..aec68ba08d0 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.1" changes: - description: Remove duplicate fields. diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 7c2bb606200..381cc9172f5 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: "1.1.1" +version: "1.1.2" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index ffa68c9a61c..94464e9751b 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.0.1" changes: - description: Remove duplicate fields. diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index 614abb46b48..44dfaee9118 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: "1.0.1" +version: "1.0.2" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index 76b12772ca6..e792fe18081 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.5" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.2.4" changes: - description: Remove duplicate fields. diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index cce82a04855..46807da46b5 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: 2.2.4 +version: 2.2.5 release: ga description: Collect logs from Cloudflare with Elastic Agent. type: integration diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 7377142daa3..1381183a2e7 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.6.2" changes: - description: Remove duplicate field. diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index c6fea8c7325..1f177b28602 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security -version: 2.6.2 +version: "2.6.3" release: ga description: Collect logs from CyberArk Privileged Access Security with Elastic Agent. type: integration diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index faf03fd2c43..ce49bc77957 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.13.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.13.0" changes: - description: Migrate dashboard by values diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index eecda9f04ba..c6f711badbd 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: "2.13.0" +version: "2.13.1" release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index b8fdf3f2028..1427537855d 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.0" changes: - description: Add org endpoints for code_scanning and secret_scanning along with dashboards diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index 577ae18ff7e..4d677e807d6 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: 1.5.0 +version: 1.5.1 release: ga description: Collect logs from GitHub with Elastic Agent. type: integration diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index 44111fa98b8..78e6eadd23f 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.7.0" changes: - description: Update mappings for Hashicorp Vault 1.11. diff --git a/packages/hashicorp_vault/manifest.yml b/packages/hashicorp_vault/manifest.yml index 173084aa768..bb8d4529baf 100644 --- a/packages/hashicorp_vault/manifest.yml +++ b/packages/hashicorp_vault/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hashicorp_vault title: Hashicorp Vault -version: "1.7.0" +version: "1.7.1" license: basic description: Collect logs and metrics from Hashicorp Vault with Elastic Agent. type: integration diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index b091e687739..f969dc6e1af 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.4" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.3" changes: - description: Remove duplicate field. diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index eb84150daee..d275cf0fedb 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Hitachi ID Bravura Monitor -version: "1.2.3" +version: "1.2.4" categories: ["security"] release: ga description: Collect logs from Hitachi ID Security Fabric with Elastic Agent. diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index 5a121a26d27..156a000960c 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: '1.3.2' changes: - description: Remove saved library visualizations and add an on_failure processor to the date and convert processors. diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index 53c8b987ff9..a9c8dd0e428 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_nios title: Infoblox NIOS -version: '1.3.2' +version: '1.3.3' license: basic description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index d1008999356..ab9f434d76d 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.0" changes: - description: Allow parsing of ulogd v2 TOS field in logs. diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 70555d5bdb1..5966c9ab0a3 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables -version: "1.1.0" +version: "1.1.1" release: ga description: Collect logs from Iptables with Elastic Agent. type: integration diff --git a/packages/microsoft/changelog.yml b/packages/microsoft/changelog.yml index a3f35e968a2..264e69a30aa 100644 --- a/packages/microsoft/changelog.yml +++ b/packages/microsoft/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/microsoft/manifest.yml b/packages/microsoft/manifest.yml index 319e9c23464..31e3b505a3a 100644 --- a/packages/microsoft/manifest.yml +++ b/packages/microsoft/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft title: Microsoft -version: 1.2.1 +version: 1.2.2 description: Deprecated. Use a specific Microsoft package instead. categories: - "network" diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 604c5df0f75..d1ad54e30aa 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.4.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index e68bb08ccfc..369a9beeb76 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: "2.4.0" +version: "2.4.1" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "network" diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 868a05267ff..78e5f5bf7db 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index dae49cb57ba..3bf9b010fa0 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: 1.3.0 +version: 1.3.1 license: basic description: Collect logs from Mimecast with Elastic Agent. type: integration diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index 12ac745acf5..cfdd547fbe0 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.6" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.2.5" changes: - description: Fix invalid Kibana search indexRefName reference. diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index a466849f985..a75c6cf1954 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netflow title: NetFlow Records -version: "2.2.5" +version: "2.2.6" license: basic description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. type: integration diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index 165e4c2b842..a387d1dbb75 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index ce3a82b3e65..c69ece110a8 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netskope title: "Netskope" -version: "1.3.1" +version: "1.3.2" license: basic description: Collect logs from Netskope with Elastic Agent. type: integration diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index ae6ba897ca0..8f24f81ff85 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.6.1" changes: - description: Add security category to package metadata. diff --git a/packages/network_traffic/manifest.yml b/packages/network_traffic/manifest.yml index 58e316c8d5f..fa90458e865 100644 --- a/packages/network_traffic/manifest.yml +++ b/packages/network_traffic/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: network_traffic title: Network Packet Capture -version: "1.6.1" +version: "1.6.2" license: basic description: Capture and analyze network traffic from a host with Elastic Agent. type: integration diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index 9726c3d0347..2fce62ef9d2 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.8.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index 67634aa4b79..b1550fb5900 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Microsoft 365 -version: 1.8.2 +version: 1.8.3 release: ga description: Collect logs from Microsoft 365 with Elastic Agent. type: integration diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 206b61e9078..546a097f3bd 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.4" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.10.3" changes: - description: Mark url config option as a required field diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index 8b131beebf3..21efb296426 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta -version: 1.10.3 +version: 1.10.4 release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index 1b9410de60c..f07cc344145 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index 1c6a0868031..cffe7523533 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -1,6 +1,6 @@ name: osquery title: Osquery Logs -version: 1.5.0 +version: 1.5.1 release: ga description: Collect logs from Osquery with Elastic Agent. type: integration diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 9b33070335e..4a6edf3f14e 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.1.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "3.1.2" changes: - description: Fix handling of event.outcome. diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index e1bed8eb621..181b552eaa6 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Next-Gen Firewall -version: 3.1.2 +version: 3.1.3 release: ga description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index 346c44b9aee..b59693b1b24 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 6e15fda7e65..b07b58b6b8f 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -1,6 +1,6 @@ name: pfsense title: pfSense -version: "1.3.2" +version: "1.3.3" release: ga description: Collect logs from pfSense and OPNsense with Elastic Agent. type: integration diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index c1ac0f849f1..cf49e5f21a3 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.1" changes: - description: Remove unused visualizations diff --git a/packages/proofpoint_tap/manifest.yml b/packages/proofpoint_tap/manifest.yml index 6391f230c28..b430eb2b9b3 100644 --- a/packages/proofpoint_tap/manifest.yml +++ b/packages/proofpoint_tap/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint_tap title: Proofpoint TAP -version: "1.1.1" +version: "1.1.2" license: basic description: Collect logs from Proofpoint TAP with Elastic Agent. type: integration diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 6bd4b57d923..6d58a6c1537 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.4.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index 7d02ba2d5f7..57c9bb2816c 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -1,6 +1,6 @@ name: qnap_nas title: QNAP NAS -version: "1.4.1" +version: "1.4.2" release: ga description: Collect logs from QNAP NAS devices with Elastic Agent. type: integration diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index e0ea7a02f0b..1b6f4b14624 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.3.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "3.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index a20db0dd9cb..6ed3dafdc52 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -1,6 +1,6 @@ name: santa title: Google Santa -version: 3.3.0 +version: 3.3.1 release: ga description: Collect logs from Google Santa with Elastic Agent. type: integration diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index d493f571144..34c579c5bcd 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.2" changes: - description: Ensure stability of related.hash array ordering. diff --git a/packages/sentinel_one/manifest.yml b/packages/sentinel_one/manifest.yml index 31352dfc1a0..16e59333df7 100644 --- a/packages/sentinel_one/manifest.yml +++ b/packages/sentinel_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sentinel_one title: SentinelOne -version: "1.2.2" +version: "1.2.3" license: basic description: Collect logs from SentinelOne with Elastic Agent. type: integration diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index 7dd59fce894..b62b511e6bc 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index c4ad0353396..816ea006a12 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sonicwall_firewall title: "SonicWall Firewall" -version: "1.0.0" +version: "1.0.1" license: basic release: ga description: "Integration for SonicWall firewall logs" diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index 7aa6583b550..654ca449fb1 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.4.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index cb8c329d816..b7936bc3d93 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -1,6 +1,6 @@ name: suricata title: Suricata -version: 2.4.2 +version: 2.4.3 release: ga description: Collect logs from Suricata with Elastic Agent. type: integration diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index c4c905a8035..3cb4037a92c 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.4.1" changes: - description: Fix an indefinite pagination bug by adding explicit pagination termination conditions. In Agent versions >= 8.2.0 pagination termination was never happening. diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml index 9385ac7051f..41e2395677b 100644 --- a/packages/tenable_sc/manifest.yml +++ b/packages/tenable_sc/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: tenable_sc title: Tenable.sc # The version must be updated in the pipeline as well. Until elastic/kibana#121310 is implemented we will have to manually sync these. -version: "1.4.1" +version: "1.4.2" license: basic description: | Collect logs from Tenable.sc with Elastic Agent. diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 5c5e937e84b..0cc2840c7ab 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.3" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.5.2" changes: - description: Remove duplicate field. diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index 9971dd3b95d..7b83856739b 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek -version: 2.5.2 +version: 2.5.3 release: ga description: Collect logs from Zeek with Elastic Agent. type: integration diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index fc35243b00b..1206cfa965b 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.4.1" changes: - description: Remap network.protocol to valid values for web data stream. diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index 1b3e0b22dcc..fab97a06fc8 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zia title: Zscaler Internet Access -version: 2.4.1 +version: 2.4.2 license: basic description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index 4cacf518980..ad8eb90747c 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Migrate dashboards to by_value + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index d4713fec29d..3b1b7369b25 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zpa title: "Zscaler Private Access" -version: "1.2.1" +version: "1.2.2" license: basic description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. type: integration From 012e67633418d8c47ed0b5871b70b5dfd4e0e920 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Mon, 31 Oct 2022 21:14:54 +0530 Subject: [PATCH 044/103] update desc for users --- packages/1password/changelog.yml | 2 +- packages/auditd/changelog.yml | 2 +- packages/auditd_manager/changelog.yml | 2 +- packages/auth0/changelog.yml | 2 +- packages/carbon_black_cloud/changelog.yml | 2 +- packages/cef/changelog.yml | 2 +- packages/cisco/changelog.yml | 2 +- packages/cisco_asa/changelog.yml | 2 +- packages/cisco_duo/changelog.yml | 2 +- packages/cisco_ise/changelog.yml | 2 +- packages/cisco_secure_email_gateway/changelog.yml | 2 +- packages/cloudflare/changelog.yml | 2 +- packages/cyberarkpas/changelog.yml | 2 +- packages/gcp/changelog.yml | 2 +- packages/github/changelog.yml | 2 +- packages/hashicorp_vault/changelog.yml | 2 +- packages/hid_bravura_monitor/changelog.yml | 2 +- packages/infoblox_nios/changelog.yml | 2 +- packages/iptables/changelog.yml | 2 +- packages/microsoft/changelog.yml | 2 +- packages/microsoft_defender_endpoint/changelog.yml | 2 +- packages/mimecast/changelog.yml | 2 +- packages/netflow/changelog.yml | 2 +- packages/netskope/changelog.yml | 2 +- packages/network_traffic/changelog.yml | 2 +- packages/o365/changelog.yml | 2 +- packages/okta/changelog.yml | 2 +- packages/osquery/changelog.yml | 2 +- packages/panw/changelog.yml | 2 +- packages/pfsense/changelog.yml | 2 +- packages/proofpoint_tap/changelog.yml | 2 +- packages/qnap_nas/changelog.yml | 2 +- packages/santa/changelog.yml | 2 +- packages/sentinel_one/changelog.yml | 2 +- packages/sonicwall_firewall/changelog.yml | 2 +- packages/suricata/changelog.yml | 2 +- packages/tenable_sc/changelog.yml | 2 +- packages/zeek/changelog.yml | 2 +- packages/zscaler_zia/changelog.yml | 2 +- packages/zscaler_zpa/changelog.yml | 2 +- 40 files changed, 40 insertions(+), 40 deletions(-) diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index 0acc7168956..3c2ec982015 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.6.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.6.0" diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 4d71ce8a9c0..1ad2d4a9cf6 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "3.3.5" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "3.3.4" diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index 24454a8b969..d0e7ec374c6 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.3.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.0" diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index a220996a100..2371d93717c 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.2.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.2" diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index dc5659be520..dbbf5942df3 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.3.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.1" diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index 6c94c874fce..719bd9be752 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.3.5" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.3.4" diff --git a/packages/cisco/changelog.yml b/packages/cisco/changelog.yml index 6592a2b544c..d32feba08e8 100644 --- a/packages/cisco/changelog.yml +++ b/packages/cisco/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "0.13.4" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "0.13.3" diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index a937edf0855..41df03af55d 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.8.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.8.0" diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index d3beb0aac48..fa8507cabe9 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.5.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.2" diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index aec68ba08d0..ec37f5d82f7 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.1.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.1" diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index f8980f0b372..2df3f4ca089 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.1.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.0" diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index e792fe18081..25a9977bb96 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.2.5" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.2.4" diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 1381183a2e7..ea30b33cd91 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.6.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.6.2" diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index ce49bc77957..15f1b3f889a 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.13.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.13.0" diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index 1427537855d..43126004282 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.5.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.0" diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index 78e6eadd23f..ae75f6abdd8 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.7.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.7.0" diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index f969dc6e1af..f3fe5f0a74f 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.2.4" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.3" diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index 156a000960c..73b2c935a3c 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.3.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: '1.3.2' diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index ab9f434d76d..31df1f2000a 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.1.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.0" diff --git a/packages/microsoft/changelog.yml b/packages/microsoft/changelog.yml index 264e69a30aa..b95ae7d2a68 100644 --- a/packages/microsoft/changelog.yml +++ b/packages/microsoft/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.2.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.1" diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index d1ad54e30aa..55595549e39 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.4.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.4.0" diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 78e5f5bf7db..67f4f2e3b39 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,6 +1,6 @@ - version: "1.3.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.0" diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index cfdd547fbe0..c73e7405702 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.2.6" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.2.5" diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index a387d1dbb75..06986ae7b26 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.3.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.1" diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index 8f24f81ff85..e55095234e8 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.6.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.6.1" diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index 2fce62ef9d2..de45f178cc7 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.8.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.8.2" diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 546a097f3bd..a76028591b8 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.10.4" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.10.3" diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index f07cc344145..19624473b57 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.5.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.0" diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 4a6edf3f14e..8fc425431e4 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "3.1.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "3.1.2" diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index b59693b1b24..ae583ad1826 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.3.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.2" diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index cf49e5f21a3..329ba2a0f63 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.1.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.1" diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 6d58a6c1537..54fa00d6012 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.4.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.4.1" diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index 1b6f4b14624..f5ac5ae2571 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "3.3.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "3.3.0" diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index 34c579c5bcd..c0ecf7c512f 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.2.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.2" diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index b62b511e6bc..b671ff5f109 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.0.1" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.0.0" diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index 654ca449fb1..0acd58b5bea 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.4.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.4.2" diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index 3cb4037a92c..8ac9e551b72 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.4.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.4.1" diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 0cc2840c7ab..09e2885d445 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.5.3" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.5.2" diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 1206cfa965b..2b67cede15d 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.4.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "2.4.1" diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index ad8eb90747c..976a08c1caf 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "1.2.2" changes: - - description: Migrate dashboards to by_value + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load type: enhancement link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.1" From 58fed2f8c29fa1c616df73c735c4281212e678a2 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 20:57:49 +0530 Subject: [PATCH 045/103] Revert "migrate auditd_manager to by_value" This reverts commit 333fb171c133f926712ca54514a3353ecb7a6b70. --- ...-693a5f40-c243-11e7-8692-232bd1143e8a.json | 1257 ++++++++--------- ...-7de391b0-c1ca-11e7-8995-936807a28b16.json | 627 ++++---- ...-c0ac2c00-c1c0-11e7-8995-936807a28b16.json | 561 ++++---- 3 files changed, 1215 insertions(+), 1230 deletions(-) diff --git a/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json b/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json index 9da0124256d..fa68cd21aaf 100644 --- a/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json +++ b/packages/auditd_manager/kibana/dashboard/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a.json @@ -1,656 +1,651 @@ { - "id": "auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:09:46.476Z", - "version": "WzU3NCwxXQ==", - "attributes": { - "description": "Summary of socket related syscall events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd_manager.auditd" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { + "attributes": { + "description": "Summary of socket related syscall events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], + "highlightAll": true, "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - **Sockets** - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } + "language": "kuery", + "query": "data_stream.dataset:auditd_manager.auditd" + }, + "version": true + } }, - "gridData": { - "h": 4, - "i": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "darkTheme": false, + "useMargins": false }, - "panelIndex": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "95b603d0-c252-11e7-8a68-93ffe9ec5950" - } - ], - "bar_color_rules": [ - { - "id": "2cebb0c0-c252-11e7-8a68-93ffe9ec5950" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "auditd.summary.object.type:socket" - }, - "gauge_color_rules": [ - { - "id": "6c891740-c252-11e7-8a68-93ffe9ec5950" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "legend_position": "left", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "syscall", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - **Sockets** - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "auditd.data.syscall" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "uiState": {} - } - }, - "gridData": { - "h": 12, - "i": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", - "title": "[Auditd Manager] Socket Syscalls Time Series", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Socket Family", - "field": "auditd.data.socket.family", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 4, + "i": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Syscall", - "field": "auditd.data.syscall", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "2b0bfe71-70d5-431c-a7ae-45b965ce1b16", + "type": "visualization", + "version": "8.2.0" }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendDisplay": "show", - "legendPosition": "left", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } - }, - "gridData": { - "h": 16, - "i": "843ccc25-3963-4bd5-838e-b40019bcf3c5", - "w": 24, - "x": 0, - "y": 16 - }, - "panelIndex": "843ccc25-3963-4bd5-838e-b40019bcf3c5", - "title": "[Auditd Manager] Socket Families", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": {} + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "95b603d0-c252-11e7-8a68-93ffe9ec5950" + } + ], + "bar_color_rules": [ + { + "id": "2cebb0c0-c252-11e7-8a68-93ffe9ec5950" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "auditd.summary.object.type:socket" + }, + "gauge_color_rules": [ + { + "id": "6c891740-c252-11e7-8a68-93ffe9ec5950" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "left", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "syscall", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "auditd.data.syscall" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "uiState": {} + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Exe", - "field": "auditd.summary.how", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 12, + "i": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "a9f3b71d-3b8f-44c0-b581-ba208c117e05", + "title": "[Auditd Manager] Socket Syscalls Time Series", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Socket Family", + "field": "auditd.data.socket.family", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Syscall", + "field": "auditd.data.syscall", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendDisplay": "show", + "legendPosition": "left", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Address", - "field": "auditd.summary.object.primary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 16, + "i": "843ccc25-3963-4bd5-838e-b40019bcf3c5", + "w": 24, + "x": 0, + "y": 16 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Port", - "field": "auditd.summary.object.secondary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "apply": true, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "auditd.summary.object.secondary", - "negate": true, - "params": { - "query": "0", - "type": "phrase" - }, - "type": "phrase", - "value": "0" - }, - "query": { - "match": { - "auditd.summary.object.secondary": { - "query": "0", - "type": "phrase" + "panelIndex": "843ccc25-3963-4bd5-838e-b40019bcf3c5", + "title": "[Auditd Manager] Socket Families", + "type": "visualization", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Exe", + "field": "auditd.summary.how", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Address", + "field": "auditd.summary.object.primary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Port", + "field": "auditd.summary.object.secondary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "apply": true, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "auditd.summary.object.secondary", + "negate": true, + "params": { + "query": "0", + "type": "phrase" + }, + "type": "phrase", + "value": "0" + }, + "query": { + "match": { + "auditd.summary.object.secondary": { + "query": "0", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } } - } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - } - }, - "gridData": { - "h": 16, - "i": "1e9272d7-090a-443b-bc0c-3d8afae53e76", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "1e9272d7-090a-443b-bc0c-3d8afae53e76", - "title": "[Auditd Manager] Bind (non-ephemeral)", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Exe", - "field": "process.executable", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Address", - "field": "auditd.summary.object.primary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 16, + "i": "1e9272d7-090a-443b-bc0c-3d8afae53e76", + "w": 24, + "x": 24, + "y": 16 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Port", - "field": "auditd.summary.object.secondary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "1e9272d7-090a-443b-bc0c-3d8afae53e76", + "title": "[Auditd Manager] Bind (non-ephemeral)", + "type": "visualization", + "version": "8.2.0" }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - } - }, - "gridData": { - "h": 20, - "i": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", - "w": 24, - "x": 0, - "y": 32 - }, - "panelIndex": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", - "title": "[Auditd Manager] Connect", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Addresses", - "emptyAsNull": false, - "field": "auditd.summary.object.primary" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Exe", + "field": "process.executable", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Address", + "field": "auditd.summary.object.primary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Port", + "field": "auditd.summary.object.secondary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Exe", - "field": "process.executable", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 20, + "i": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", + "w": 24, + "x": 0, + "y": 32 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Syscall", - "field": "auditd.data.syscall", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e", + "title": "[Auditd Manager] Connect", + "type": "visualization", + "version": "8.2.0" }, - "type": "table", - "uiState": { - "spy": { - "mode": { - "fill": false, - "name": null - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Addresses", + "emptyAsNull": false, + "field": "auditd.summary.object.primary" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Exe", + "field": "process.executable", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Syscall", + "field": "auditd.data.syscall", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "spy": { + "mode": { + "fill": false, + "name": null + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "cd08c022-92e5-4012-a94d-6e459948c42c", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "cd08c022-92e5-4012-a94d-6e459948c42c", + "title": "[Auditd Manager] Accept / Recvfrom Unique Address Table", + "type": "visualization", + "version": "8.2.0" } - } + ], + "timeRestore": false, + "title": "[Auditd Manager] Sockets", + "version": 1 + }, + "coreMigrationVersion": "8.2.0", + "id": "auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "843ccc25-3963-4bd5-838e-b40019bcf3c5:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" }, - "gridData": { - "h": 20, - "i": "cd08c022-92e5-4012-a94d-6e459948c42c", - "w": 24, - "x": 24, - "y": 32 + { + "id": "auditd_manager-b4c93470-c240-11e7-8692-232bd1143e8a", + "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:search_0", + "type": "search" }, - "panelIndex": "cd08c022-92e5-4012-a94d-6e459948c42c", - "title": "[Auditd Manager] Accept / Recvfrom Unique Address Table", - "type": "visualization", - "version": "8.2.0" - } + { + "id": "logs-*", + "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "auditd_manager-5438b030-c246-11e7-8692-232bd1143e8a", + "name": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e:search_0", + "type": "search" + }, + { + "id": "auditd_manager-e8734160-c24c-11e7-8692-232bd1143e8a", + "name": "cd08c022-92e5-4012-a94d-6e459948c42c:search_0", + "type": "search" + } ], - "timeRestore": false, - "title": "[Auditd Manager] Sockets", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "843ccc25-3963-4bd5-838e-b40019bcf3c5:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "auditd_manager-b4c93470-c240-11e7-8692-232bd1143e8a", - "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "1e9272d7-090a-443b-bc0c-3d8afae53e76:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "auditd_manager-5438b030-c246-11e7-8692-232bd1143e8a", - "name": "d91afd3e-4c8e-41d9-b038-78bcffbe1e0e:search_0", - "type": "search" - }, - { - "id": "auditd_manager-e8734160-c24c-11e7-8692-232bd1143e8a", - "name": "cd08c022-92e5-4012-a94d-6e459948c42c:search_0", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json b/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json index 165442f51ec..da1deead6e9 100644 --- a/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json +++ b/packages/auditd_manager/kibana/dashboard/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16.json @@ -1,332 +1,327 @@ { - "id": "auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:09:46.476Z", - "version": "WzU3NSwxXQ==", - "attributes": { - "description": "Overview of kernel executions", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd_manager.auditd" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "6", - "w": 48, - "x": 0, - "y": 16 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "search", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { + "attributes": { + "description": "Overview of kernel executions", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], + "highlightAll": true, "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - **Executions**", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" + "language": "kuery", + "query": "data_stream.dataset:auditd_manager.auditd" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "auditd.summary.actor.primary", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 45, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "type": "tagcloud", - "uiState": {} - } + "version": true + } }, - "gridData": { - "h": 12, - "i": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", - "w": 16, - "x": 32, - "y": 4 + "optionsJSON": { + "darkTheme": false, + "useMargins": false }, - "panelIndex": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", - "title": "[Auditd Manager] Primary Username Tag Cloud", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "2", - "params": { - "field": "process.executable", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 20, + "i": "6", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "6", + "panelRefName": "panel_6", + "type": "search", + "version": "8.2.0" }, - "description": "", - "params": { - "maxFontSize": 45, - "minFontSize": 14, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "#### [Overview](/app/dashboards#/view/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16) - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - **Executions**", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 4, + "i": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "f2ce7c72-d0f9-41a5-8738-11d4820c0774", + "type": "visualization", + "version": "8.2.0" }, - "type": "tagcloud", - "uiState": {} - } - }, - "gridData": { - "h": 12, - "i": "459f779e-e668-4048-a1d5-fa5806262646", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "459f779e-e668-4048-a1d5-fa5806262646", - "title": "[Auditd Manager] Executable Name Tag Cloud", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auditd.summary.actor.primary", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "maxFontSize": 45, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "type": "tagcloud", + "uiState": {} + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "auditd.data.exit", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 12, + "i": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67", + "title": "[Auditd Manager] Primary Username Tag Cloud", + "type": "visualization", + "version": "8.2.0" }, - "description": "Command executions", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "process.executable", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "maxFontSize": 45, + "minFontSize": 14, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "type": "tagcloud", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "459f779e-e668-4048-a1d5-fa5806262646", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "459f779e-e668-4048-a1d5-fa5806262646", + "title": "[Auditd Manager] Executable Name Tag Cloud", + "type": "visualization", + "version": "8.2.0" }, - "type": "pie", - "uiState": {} - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auditd.data.exit", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "Command executions", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "b65a07a2-a0d7-4dab-921a-8afbe066d025", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "b65a07a2-a0d7-4dab-921a-8afbe066d025", + "title": "[Auditd Manager] Error Codes", + "type": "visualization", + "version": "8.2.0" + } + ], + "timeRestore": false, + "title": "[Auditd Manager] Executions", + "version": 1 + }, + "coreMigrationVersion": "8.2.0", + "id": "auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", + "name": "6:panel_6", + "type": "search" }, - "gridData": { - "h": 12, - "i": "b65a07a2-a0d7-4dab-921a-8afbe066d025", - "w": 16, - "x": 16, - "y": 4 + { + "id": "logs-*", + "name": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" }, - "panelIndex": "b65a07a2-a0d7-4dab-921a-8afbe066d025", - "title": "[Auditd Manager] Error Codes", - "type": "visualization", - "version": "8.2.0" - } + { + "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", + "name": "459f779e-e668-4048-a1d5-fa5806262646:search_0", + "type": "search" + }, + { + "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", + "name": "b65a07a2-a0d7-4dab-921a-8afbe066d025:search_0", + "type": "search" + } ], - "timeRestore": false, - "title": "[Auditd Manager] Executions", - "version": 1 - }, - "references": [ - { - "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", - "name": "6:panel_6", - "type": "search" - }, - { - "id": "logs-*", - "name": "4dd0c4a9-2eeb-4bba-bcdb-ca6c2e389e67:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", - "name": "459f779e-e668-4048-a1d5-fa5806262646:search_0", - "type": "search" - }, - { - "id": "auditd_manager-d382f5b0-c1c6-11e7-8995-936807a28b16", - "name": "b65a07a2-a0d7-4dab-921a-8afbe066d025:search_0", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json b/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json index c0d24f1b994..0a6c0b20a2b 100644 --- a/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json +++ b/packages/auditd_manager/kibana/dashboard/auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16.json @@ -1,298 +1,293 @@ { - "id": "auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:09:46.476Z", - "version": "WzU3NiwxXQ==", - "attributes": { - "description": "Summary of Linux kernel audit events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd_manager.auditd" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "5", - "w": 48, - "x": 0, - "y": 16 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { + "attributes": { + "description": "Summary of Linux kernel audit events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], + "highlightAll": true, "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "#### **Overview** - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } + "language": "kuery", + "query": "data_stream.dataset:auditd_manager.auditd" + }, + "version": true + } }, - "gridData": { - "h": 4, - "i": "7969164a-3810-485c-b3ad-948b1930f6d0", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "darkTheme": false, + "useMargins": false }, - "panelIndex": "7969164a-3810-485c-b3ad-948b1930f6d0", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 20, + "i": "5", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "8.2.0" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "58c95a20-c1bd-11e7-938f-ab0645b6c431" - } - ], - "bar_color_rules": [ - { - "id": "5bfc71a0-c1bd-11e7-938f-ab0645b6c431" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "" - }, - "gauge_color_rules": [ - { - "id": "5d20a650-c1bd-11e7-938f-ab0645b6c431" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "legend_position": "left", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "Actions", - "line_width": 1, - "metrics": [ - { - "id": "6b9fb2d0-c1bc-11e7-938f-ab0645b6c431", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "#### **Overview** - [Sockets](/app/dashboards#/view/auditd_manager-693a5f40-c243-11e7-8692-232bd1143e8a) - [Executions](/app/dashboards#/view/auditd_manager-7de391b0-c1ca-11e7-8995-936807a28b16)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "event.action" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "uiState": {} - } - }, - "gridData": { - "h": 12, - "i": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", - "w": 28, - "x": 0, - "y": 4 - }, - "panelIndex": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", - "title": "[Auditd Manager] Event Actions", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category", - "field": "event.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 4, + "i": "7969164a-3810-485c-b3ad-948b1930f6d0", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "7969164a-3810-485c-b3ad-948b1930f6d0", + "type": "visualization", + "version": "8.2.0" }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": {} + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "58c95a20-c1bd-11e7-938f-ab0645b6c431" + } + ], + "bar_color_rules": [ + { + "id": "5bfc71a0-c1bd-11e7-938f-ab0645b6c431" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "5d20a650-c1bd-11e7-938f-ab0645b6c431" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "legend_position": "left", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Actions", + "line_width": 1, + "metrics": [ + { + "id": "6b9fb2d0-c1bc-11e7-938f-ab0645b6c431", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "event.action" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", + "w": 28, + "x": 0, + "y": 4 + }, + "panelIndex": "c89b1ae9-3f74-4088-bb68-a0fdcf3aad94", + "title": "[Auditd Manager] Event Actions", + "type": "visualization", + "version": "8.2.0" }, - "type": "pie", - "uiState": {} - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Category", + "field": "event.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", + "w": 20, + "x": 28, + "y": 4 + }, + "panelIndex": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", + "title": "[Auditd Manager] Event Categories", + "type": "visualization", + "version": "8.2.0" + } + ], + "timeRestore": false, + "title": "[Auditd Manager] Overview", + "version": 1 + }, + "coreMigrationVersion": "8.2.0", + "id": "auditd_manager-c0ac2c00-c1c0-11e7-8995-936807a28b16", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", + "name": "5:panel_5", + "type": "search" }, - "gridData": { - "h": 12, - "i": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", - "w": 20, - "x": 28, - "y": 4 + { + "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", + "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:search_0", + "type": "search" }, - "panelIndex": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5", - "title": "[Auditd Manager] Event Categories", - "type": "visualization", - "version": "8.2.0" - } + { + "id": "logs-*", + "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Auditd Manager] Overview", - "version": 1 - }, - "references": [ - { - "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", - "name": "5:panel_5", - "type": "search" - }, - { - "id": "auditd_manager-0f10c430-c1c3-11e7-8995-936807a28b16", - "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "af0b3b3c-90d5-4490-a2d0-9c0050d2adf5:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file From 75c065c5ce735713363a9ffacd864fbd6d910c35 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 20:59:31 +0530 Subject: [PATCH 046/103] revert auditd_manager changelog --- packages/auditd_manager/changelog.yml | 5 ----- packages/auditd_manager/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index d0e7ec374c6..0291f2a88ea 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.3.1" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/auditd_manager/manifest.yml b/packages/auditd_manager/manifest.yml index 5f10f6eac99..86465dfc947 100644 --- a/packages/auditd_manager/manifest.yml +++ b/packages/auditd_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auditd_manager title: "Auditd Manager" -version: "1.3.1" +version: "1.3.0" release: ga license: basic description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel." From f25d8320018a8885b65092907388f30b568ac8e3 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:00:33 +0530 Subject: [PATCH 047/103] Revert "migrate cyberarkpas to by_value" This reverts commit 1c79ed6f390bcf75a706cbcb875d7b24b9c3625f. --- ...-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json | 2666 ++++++++--------- 1 file changed, 1325 insertions(+), 1341 deletions(-) diff --git a/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json b/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json index e7175f6f88b..b7e1d7eb255 100644 --- a/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json +++ b/packages/cyberarkpas/kibana/dashboard/cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6.json @@ -1,1392 +1,1376 @@ { - "id": "cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:48:32.339Z", - "version": "WzYyMiwxXQ==", - "attributes": { - "description": "Dashboard for CyberArk Privileged Access Security events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cyberarkpas.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cyberarkpas.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "7.16.0", - "type": "visualization", - "gridData": { - "h": 9, - "i": "1007fa0d-a6a1-4682-a346-a90acc179da5", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "1007fa0d-a6a1-4682-a346-a90acc179da5", - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "controls": [ - { - "fieldName": "observer.hostname", - "id": "1617726994032", - "indexPattern": "logs-*", - "indexPatternRefName": "control_0_index_pattern", - "label": " By Vault host", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "event.code", - "id": "1617811797137", - "indexPattern": "logs-*", - "indexPatternRefName": "control_1_index_pattern", - "label": "By event code", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "", - "type": "input_control_vis", - "uiState": {} - }, - "type": "visualization" - }, - "title": "Filters" - }, - { - "version": "7.16.0", - "type": "visualization", - "gridData": { - "h": 13, - "i": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", - "w": 38, - "x": 10, - "y": 0 - }, - "panelIndex": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "filter": { - "language": "kuery", - "query": "data_stream.dataset:\"cyberarkpas.audit\" " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "", - "interval": "", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "hide_in_legend": 0, - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ + "attributes": { + "description": "Dashboard for CyberArk Privileged Access Security events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "rainbow", - "params": { - "colors": [ - "#68BC00", - "#009CE0", - "#B0BC00", - "#16A5A5", - "#D33115", - "#E27300", - "#FCC400", - "#7B64FF", - "#FA28FF", - "#333333", - "#808080", - "#194D33", - "#0062B1", - "#808900", - "#0C797D", - "#9F0500", - "#C45100", - "#FB9E00", - "#653294", - "#AB149E", - "#0F1419", - "#666666" - ], - "gradient": false - }, - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_color_mode": null, - "split_mode": "terms", - "stacked": "stacked", - "terms_field": "cyberarkpas.audit.desc", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "type": "timeseries", - "use_kibana_indexes": false, - "drop_last_bucket": 1 - }, - "title": "", - "type": "metrics", - "uiState": {} - }, - "type": "visualization" - }, - "title": "event types by time" - }, - { - "version": "7.16.0", - "type": "lens", - "gridData": { - "h": 4, - "i": "af9e9f0b-a40c-411e-b441-2a779983ed24", - "w": 10, - "x": 0, - "y": 9 - }, - "panelIndex": "af9e9f0b-a40c-411e-b441-2a779983ed24", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "33bc0096-e418-4f81-9c7c-7fdd16cc5203": { - "columnOrder": [ - "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12" - ], - "columns": { - "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": " ", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12", - "layerId": "33bc0096-e418-4f81-9c7c-7fdd16cc5203", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Count of events" - }, - { - "version": "7.16.0", - "type": "lens", - "gridData": { - "h": 13, - "i": "7031905a-92ab-4e0e-aa58-72f1c07ff409", - "w": 10, - "x": 0, - "y": 13 - }, - "panelIndex": "7031905a-92ab-4e0e-aa58-72f1c07ff409", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "de047c06-a965-47aa-8a15-8b0266d5abc3": { - "columnOrder": [ - "b916e5f5-a64a-49f1-b37a-ee1825fc61a4", - "3effd03e-0ed9-4e2d-ba8e-d77ae505092e" - ], - "columns": { - "3effd03e-0ed9-4e2d-ba8e-d77ae505092e": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "$state": { + "store": "appState" }, - "b916e5f5-a64a-49f1-b37a-ee1825fc61a4": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", - "type": "column" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cyberarkpas.audit" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.outcome" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cyberarkpas.audit" + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b916e5f5-a64a-49f1-b37a-ee1825fc61a4" - ], - "layerId": "de047c06-a965-47aa-8a15-8b0266d5abc3", - "legendDisplay": "default", - "metric": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", - "nestedLegend": false, - "numberDisplay": "percent", - "layerType": "data" - } ], - "shape": "donut" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + "query": { + "language": "kuery", + "query": "" + } + } }, - "title": "Breakdown by outcome" - }, - { - "version": "7.16.0", - "type": "lens", - "gridData": { - "h": 13, - "i": "a24b9c0c-da95-4016-9fe5-2c0d34005832", - "w": 11, - "x": 10, - "y": 13 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "a24b9c0c-da95-4016-9fe5-2c0d34005832", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "19858811-84d1-4f50-901c-dc1451972324": { - "columnOrder": [ - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "e3526253-18e0-4122-b112-ee5b4b9e23d7" - ], - "columns": { - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.user.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.user.name" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "e3526253-18e0-4122-b112-ee5b4b9e23d7": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cyberarkpas.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cyberarkpas.audit" + "description": "", + "params": { + "controls": [ + { + "fieldName": "observer.hostname", + "id": "1617726994032", + "indexPattern": "logs-*", + "indexPatternRefName": "control_0_index_pattern", + "label": " By Vault host", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "event.code", + "id": "1617811797137", + "indexPattern": "logs-*", + "indexPatternRefName": "control_1_index_pattern", + "label": "By event code", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "", + "type": "input_control_vis", + "uiState": {} } - } }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.code", - "negate": false, - "params": [ - "308", - "22", - "319", - "295" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "308" - } - }, - { - "match_phrase": { - "event.code": "22" - } + "gridData": { + "h": 9, + "i": "1007fa0d-a6a1-4682-a346-a90acc179da5", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "1007fa0d-a6a1-4682-a346-a90acc179da5", + "title": "Filters", + "type": "visualization", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "match_phrase": { - "event.code": "319" - } + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "logs-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "data_stream.dataset:\"cyberarkpas.audit\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "hide_in_legend": 0, + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "rainbow", + "params": { + "colors": [ + "#68BC00", + "#009CE0", + "#B0BC00", + "#16A5A5", + "#D33115", + "#E27300", + "#FCC400", + "#7B64FF", + "#FA28FF", + "#333333", + "#808080", + "#194D33", + "#0062B1", + "#808900", + "#0C797D", + "#9F0500", + "#C45100", + "#FB9E00", + "#653294", + "#AB149E", + "#0F1419", + "#666666" + ], + "gradient": false + }, + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "cyberarkpas.audit.desc", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "type": "timeseries", + "use_kibana_indexes": true }, - { - "match_phrase": { - "event.code": "295" - } - } - ] + "title": "", + "type": "metrics", + "uiState": {} } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", - "81dcff19-b14a-4e4b-999e-dbbcbdfdf816" - ], - "layerId": "19858811-84d1-4f50-901c-dc1451972324", - "legendDisplay": "default", - "metric": "e3526253-18e0-4122-b112-ee5b4b9e23d7", - "nestedLegend": false, - "numberDisplay": "percent", - "layerType": "data" - } - ], - "shape": "donut" - } + }, + "gridData": { + "h": 13, + "i": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e", + "title": "event types by time", + "type": "visualization", + "version": "7.12.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top 10 user credentials accessed" - }, - { - "version": "7.16.0", - "type": "lens", - "gridData": { - "h": 13, - "i": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", - "w": 27, - "x": 21, - "y": 13 - }, - "panelIndex": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "50325938-6a9e-4a26-946e-4468e68c6591": { - "columnOrder": [ - "8a965540-daa1-4848-80bb-96ddf53a328f", - "c05a39ad-2983-4f4a-900d-a939ecbda504", - "a808a872-71b5-4a76-a939-354f68991881" - ], - "columns": { - "8a965540-daa1-4848-80bb-96ddf53a328f": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a808a872-71b5-4a76-a939-354f68991881", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 2 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - }, - "a808a872-71b5-4a76-a939-354f68991881": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Credentials accessed", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "33bc0096-e418-4f81-9c7c-7fdd16cc5203": { + "columnOrder": [ + "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12" + ], + "columns": { + "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": " ", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12", + "layerId": "33bc0096-e418-4f81-9c7c-7fdd16cc5203" + } }, - "c05a39ad-2983-4f4a-900d-a939ecbda504": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cyberarkpas.audit" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cyberarkpas.audit" - } - } + "enhancements": {}, + "hidePanelTitles": false }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.code", - "negate": false, - "params": [ - "308", - "22", - "319", - "295", - "38" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "308" - } - }, - { - "match_phrase": { - "event.code": "22" - } - }, - { - "match_phrase": { - "event.code": "319" - } - }, - { - "match_phrase": { - "event.code": "295" - } + "gridData": { + "h": 4, + "i": "af9e9f0b-a40c-411e-b441-2a779983ed24", + "w": 10, + "x": 0, + "y": 9 + }, + "panelIndex": "af9e9f0b-a40c-411e-b441-2a779983ed24", + "title": "Count of events", + "type": "lens", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "de047c06-a965-47aa-8a15-8b0266d5abc3": { + "columnOrder": [ + "b916e5f5-a64a-49f1-b37a-ee1825fc61a4", + "3effd03e-0ed9-4e2d-ba8e-d77ae505092e" + ], + "columns": { + "3effd03e-0ed9-4e2d-ba8e-d77ae505092e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "b916e5f5-a64a-49f1-b37a-ee1825fc61a4": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b916e5f5-a64a-49f1-b37a-ee1825fc61a4" + ], + "layerId": "de047c06-a965-47aa-8a15-8b0266d5abc3", + "legendDisplay": "default", + "metric": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } }, - { - "match_phrase": { - "event.code": "38" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "7031905a-92ab-4e0e-aa58-72f1c07ff409", + "w": 10, + "x": 0, + "y": 13 }, - "layers": [ - { - "accessors": [ - "a808a872-71b5-4a76-a939-354f68991881" - ], - "layerId": "50325938-6a9e-4a26-946e-4468e68c6591", - "position": "top", - "seriesType": "area_stacked", - "showGridlines": false, - "splitAccessor": "8a965540-daa1-4848-80bb-96ddf53a328f", - "xAccessor": "c05a39ad-2983-4f4a-900d-a939ecbda504", - "layerType": "data" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "7031905a-92ab-4e0e-aa58-72f1c07ff409", + "title": "Breakdown by outcome", + "type": "lens", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "19858811-84d1-4f50-901c-dc1451972324": { + "columnOrder": [ + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "e3526253-18e0-4122-b112-ee5b4b9e23d7" + ], + "columns": { + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.user.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.user.name" + }, + "e3526253-18e0-4122-b112-ee5b4b9e23d7": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cyberarkpas.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cyberarkpas.audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.code", + "negate": false, + "params": [ + "308", + "22", + "319", + "295" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "308" + } + }, + { + "match_phrase": { + "event.code": "22" + } + }, + { + "match_phrase": { + "event.code": "319" + } + }, + { + "match_phrase": { + "event.code": "295" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816", + "81dcff19-b14a-4e4b-999e-dbbcbdfdf816" + ], + "layerId": "19858811-84d1-4f50-901c-dc1451972324", + "legendDisplay": "default", + "metric": "e3526253-18e0-4122-b112-ee5b4b9e23d7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "area_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "a24b9c0c-da95-4016-9fe5-2c0d34005832", + "w": 11, + "x": 10, + "y": 13 }, - "valueLabels": "hide" - } + "panelIndex": "a24b9c0c-da95-4016-9fe5-2c0d34005832", + "title": "Top 10 user credentials accessed", + "type": "lens", + "version": "7.12.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Credential access by time" - }, - { - "version": "7.16.0", - "type": "lens", - "gridData": { - "h": 23, - "i": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", - "w": 15, - "x": 0, - "y": 26 - }, - "panelIndex": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "105faf70-8330-46b3-a82a-573a383068fa": { - "columnOrder": [ - "c51d6847-2fcc-4d13-a44f-49786cb979ed", - "d73b823b-ae68-4e73-bbe2-90a35bc825e7", - "c0147524-accc-4dee-a4fc-44199e3459f1" - ], - "columns": { - "c0147524-accc-4dee-a4fc-44199e3459f1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Authentications", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c51d6847-2fcc-4d13-a44f-49786cb979ed": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Users", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c0147524-accc-4dee-a4fc-44199e3459f1", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 8 - }, - "scale": "ordinal", - "sourceField": "user.name" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "50325938-6a9e-4a26-946e-4468e68c6591": { + "columnOrder": [ + "8a965540-daa1-4848-80bb-96ddf53a328f", + "c05a39ad-2983-4f4a-900d-a939ecbda504", + "a808a872-71b5-4a76-a939-354f68991881" + ], + "columns": { + "8a965540-daa1-4848-80bb-96ddf53a328f": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a808a872-71b5-4a76-a939-354f68991881", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 2 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + }, + "a808a872-71b5-4a76-a939-354f68991881": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Credentials accessed", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c05a39ad-2983-4f4a-900d-a939ecbda504": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cyberarkpas.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cyberarkpas.audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.code", + "negate": false, + "params": [ + "308", + "22", + "319", + "295", + "38" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "308" + } + }, + { + "match_phrase": { + "event.code": "22" + } + }, + { + "match_phrase": { + "event.code": "319" + } + }, + { + "match_phrase": { + "event.code": "295" + } + }, + { + "match_phrase": { + "event.code": "38" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "a808a872-71b5-4a76-a939-354f68991881" + ], + "layerId": "50325938-6a9e-4a26-946e-4468e68c6591", + "position": "top", + "seriesType": "area_stacked", + "showGridlines": false, + "splitAccessor": "8a965540-daa1-4848-80bb-96ddf53a328f", + "xAccessor": "c05a39ad-2983-4f4a-900d-a939ecbda504" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "area_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "d73b823b-ae68-4e73-bbe2-90a35bc825e7": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "type": "alphabetical" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", + "w": 27, + "x": 21, + "y": 13 + }, + "panelIndex": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a", + "title": "Credential access by time", + "type": "lens", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 2 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.category", - "negate": false, - "params": [ - "authentication" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.category": "authentication" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "105faf70-8330-46b3-a82a-573a383068fa": { + "columnOrder": [ + "c51d6847-2fcc-4d13-a44f-49786cb979ed", + "d73b823b-ae68-4e73-bbe2-90a35bc825e7", + "c0147524-accc-4dee-a4fc-44199e3459f1" + ], + "columns": { + "c0147524-accc-4dee-a4fc-44199e3459f1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Authentications", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c51d6847-2fcc-4d13-a44f-49786cb979ed": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Users", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c0147524-accc-4dee-a4fc-44199e3459f1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 8 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "d73b823b-ae68-4e73-bbe2-90a35bc825e7": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 2 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.category", + "negate": false, + "params": [ + "authentication" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.category": "authentication" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "c0147524-accc-4dee-a4fc-44199e3459f1" + ], + "layerId": "105faf70-8330-46b3-a82a-573a383068fa", + "palette": { + "name": "status", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "splitAccessor": "d73b823b-ae68-4e73-bbe2-90a35bc825e7", + "xAccessor": "c51d6847-2fcc-4d13-a44f-49786cb979ed" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 23, + "i": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", + "w": 15, + "x": 0, + "y": 26 }, - "layers": [ - { - "accessors": [ - "c0147524-accc-4dee-a4fc-44199e3459f1" - ], - "layerId": "105faf70-8330-46b3-a82a-573a383068fa", - "palette": { - "name": "status", - "type": "palette" + "panelIndex": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a", + "title": "Vault Authentication attempts", + "type": "lens", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":null,\"isAutoSelect\":true},\"id\":\"a3734143-d6e1-4551-b0b1-8282a37e151b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"label\":\"logs-* | Source Point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"source.ip\",\"tooltipProperties\":[\"host.name\",\"source.ip\",\"source.domain\",\"source.geo.country_iso_code\",\"source.as.organization.name\"],\"id\":\"5f2b25a1-01ea-45ca-a4a2-f1a670c3b149\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":22},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"home\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"2ad8e318-4ef4-4e89-94f2-f37e395c488c\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Destination point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"destination.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"destination.ip\",\"tooltipProperties\":[\"host.name\",\"destination.ip\",\"destination.domain\",\"destination.geo.country_iso_code\",\"destination.as.organization.name\"],\"id\":\"bc95f479-964f-4498-be1e-376d34a01b0a\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":35},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#D36086\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"dbb878c8-4039-49f1-b2ff-ab7fb942ba55\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Line\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"destination.bytes\"}],\"id\":\"faf6884d-b7cb-41dd-ab86-95970d7c59d2\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":8,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"9c450fbf-b009-4b53-9810-2f47ca8dcfa8\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]}]", + "mapStateJSON": "{\"zoom\":1.24,\"center\":{\"lon\":-49.38072,\"lat\":7.87497},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" }, - "position": "top", - "seriesType": "bar_horizontal_stacked", - "showGridlines": false, - "splitAccessor": "d73b823b-ae68-4e73-bbe2-90a35bc825e7", - "xAccessor": "c51d6847-2fcc-4d13-a44f-49786cb979ed", - "layerType": "data" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 148.88690000000003, + "maxLon": 438.09868, + "minLat": -116.68142, + "minLon": -417.60444 + }, + "mapCenter": { + "lat": 43.83453, + "lon": 10.24712, + "zoom": 1 + }, + "openTOCDetails": [] }, - "preferredSeriesType": "bar_horizontal_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 23, + "i": "cd1e20e7-706f-4d02-949c-d9f5908bad67", + "w": 33, + "x": 15, + "y": 26 }, - "valueLabels": "hide" - } + "panelIndex": "cd1e20e7-706f-4d02-949c-d9f5908bad67", + "title": "Network sources and destinations", + "type": "map", + "version": "7.12.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Vault Authentication attempts" - }, - { - "version": "7.16.0", - "type": "map", - "gridData": { - "h": 23, - "i": "cd1e20e7-706f-4d02-949c-d9f5908bad67", - "w": 33, - "x": 15, - "y": 26 - }, - "panelIndex": "cd1e20e7-706f-4d02-949c-d9f5908bad67", - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":null,\"isAutoSelect\":true},\"id\":\"a3734143-d6e1-4551-b0b1-8282a37e151b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"label\":\"logs-* | Source Point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"source.ip\",\"tooltipProperties\":[\"host.name\",\"source.ip\",\"source.domain\",\"source.geo.country_iso_code\",\"source.as.organization.name\"],\"id\":\"5f2b25a1-01ea-45ca-a4a2-f1a670c3b149\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":22},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"home\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"2ad8e318-4ef4-4e89-94f2-f37e395c488c\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Destination point\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"destination.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"destination.ip\",\"tooltipProperties\":[\"host.name\",\"destination.ip\",\"destination.domain\",\"destination.geo.country_iso_code\",\"destination.as.organization.name\"],\"id\":\"bc95f479-964f-4498-be1e-376d34a01b0a\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":35},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#D36086\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"dbb878c8-4039-49f1-b2ff-ab7fb942ba55\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"logs-* | Line\",\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"destination.bytes\"}],\"id\":\"faf6884d-b7cb-41dd-ab86-95970d7c59d2\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":8,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"9c450fbf-b009-4b53-9810-2f47ca8dcfa8\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]}]", - "mapStateJSON": "{\"zoom\":1.24,\"center\":{\"lon\":-49.38072,\"lat\":7.87497},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 148.88690000000003, - "maxLon": 438.09868, - "minLat": -116.68142, - "minLon": -417.60444 - }, - "mapCenter": { - "lat": 43.83453, - "lon": 10.24712, - "zoom": 1 - }, - "openTOCDetails": [], - "type": "map" - }, - "title": "Network sources and destinations" - }, - { - "version": "7.16.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "c6305b30-a7e2-4cc3-b49b-db99031f150e", - "w": 15, - "x": 0, - "y": 49 - }, - "panelIndex": "c6305b30-a7e2-4cc3-b49b-db99031f150e", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "028c5c1e-79f9-4999-8438-4889ac2b714c": { - "columnOrder": [ - "e55346c7-87bc-49f4-9215-8a36931d05f4", - "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" - ], - "columns": { - "e55346c7-87bc-49f4-9215-8a36931d05f4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Users", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user.name" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "028c5c1e-79f9-4999-8438-4889ac2b714c": { + "columnOrder": [ + "e55346c7-87bc-49f4-9215-8a36931d05f4", + "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" + ], + "columns": { + "e55346c7-87bc-49f4-9215-8a36931d05f4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Users", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "f2cd86e2-fb91-48b2-b8dd-e98395d28e00": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Failed authentications", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" + ], + "layerId": "028c5c1e-79f9-4999-8438-4889ac2b714c", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "e55346c7-87bc-49f4-9215-8a36931d05f4", + "yConfig": [ + { + "color": "#d36086", + "forAccessor": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "f2cd86e2-fb91-48b2-b8dd-e98395d28e00": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Failed authentications", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.category", - "negate": false, - "params": { - "query": "authentication" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "authentication" - } - } + "enhancements": {}, + "hidePanelTitles": false }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "c6305b30-a7e2-4cc3-b49b-db99031f150e", + "w": 15, + "x": 0, + "y": 49 }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "c6305b30-a7e2-4cc3-b49b-db99031f150e", + "title": "Top users by failed authentications to Vault", + "type": "lens", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" - ], - "layerId": "028c5c1e-79f9-4999-8438-4889ac2b714c", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "e55346c7-87bc-49f4-9215-8a36931d05f4", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00" - } + "gridData": { + "h": 15, + "i": "96a2c711-40a3-4dfc-87f5-4b193078e05a", + "w": 33, + "x": 15, + "y": 49 + }, + "panelIndex": "96a2c711-40a3-4dfc-87f5-4b193078e05a", + "panelRefName": "panel_9", + "title": "Credential Access", + "version": "7.12.0" + }, + { + "embeddableConfig": { + "columns": [ + "observer.hostname", + "cyberarkpas.audit.action", + "cyberarkpas.audit.issuer", + "cyberarkpas.audit.safe", + "file.path" ], - "layerType": "data" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 18, + "i": "6cd62115-65e7-416f-8da7-96b0d7a9d932", + "w": 48, + "x": 0, + "y": 64 }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + "panelIndex": "6cd62115-65e7-416f-8da7-96b0d7a9d932", + "panelRefName": "panel_10", + "title": "All logs", + "version": "7.12.0" + } + ], + "timeRestore": false, + "title": "[Logs CyberArk PAS] Overview", + "version": 1 + }, + "coreMigrationVersion": "7.12.0", + "id": "cyberarkpas-eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "control_0_index_pattern", + "type": "index-pattern" }, - "title": "Top users by failed authentications to Vault" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + { + "id": "logs-*", + "name": "control_1_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "96a2c711-40a3-4dfc-87f5-4b193078e05a", - "w": 33, - "x": 15, - "y": 49 + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "96a2c711-40a3-4dfc-87f5-4b193078e05a", - "panelRefName": "panel_9", - "title": "Credential Access", - "version": "7.12.0" - }, - { - "embeddableConfig": { - "columns": [ - "observer.hostname", - "cyberarkpas.audit.action", - "cyberarkpas.audit.issuer", - "cyberarkpas.audit.safe", - "file.path" - ], - "enhancements": {}, - "hidePanelTitles": false + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", + "type": "index-pattern" }, - "gridData": { - "h": 18, - "i": "6cd62115-65e7-416f-8da7-96b0d7a9d932", - "w": 48, - "x": 0, - "y": 64 + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "6cd62115-65e7-416f-8da7-96b0d7a9d932", - "panelRefName": "panel_10", - "title": "All logs", - "version": "7.12.0" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_2_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "layer_3_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "cyberarkpas-a9b82df0-97a5-11eb-bbf8-d77aef8ad7a6", + "name": "panel_9", + "type": "search" + }, + { + "id": "cyberarkpas-fec0d170-96f7-11eb-bbf8-d77aef8ad7a6", + "name": "panel_10", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs CyberArk PAS] Overview", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "layer_2_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "layer_3_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "cyberarkpas-a9b82df0-97a5-11eb-bbf8-d77aef8ad7a6", - "name": "panel_9", - "type": "search" - }, - { - "id": "cyberarkpas-fec0d170-96f7-11eb-bbf8-d77aef8ad7a6", - "name": "panel_10", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "7.16.0" - }, - "coreMigrationVersion": "7.16.0" + "type": "dashboard" } \ No newline at end of file From e351a64a97e7e49a51ed1ddd1f1bb84fbf073e52 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:01:15 +0530 Subject: [PATCH 048/103] revert cyberarkpas changelog --- packages/cyberarkpas/changelog.yml | 5 ----- packages/cyberarkpas/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index ea30b33cd91..7377142daa3 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "2.6.3" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "2.6.2" changes: - description: Remove duplicate field. diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index 1f177b28602..38719ea66e6 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security -version: "2.6.3" +version: "2.6.2" release: ga description: Collect logs from CyberArk Privileged Access Security with Elastic Agent. type: integration From cfa1464a191efa72d3b49ac11a686b6bcc2eee95 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:02:18 +0530 Subject: [PATCH 049/103] Revert "all inlined gcp" This reverts commit 84e007138191ea4002295d0f7621db49c2a397f8. --- .../dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json | 6 +++--- .../dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json | 6 +++--- .../dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json | 6 +++--- .../dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json | 6 +++--- .../dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json | 6 +++--- .../dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json | 6 +++--- .../dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json | 6 +++--- .../dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json | 6 +++--- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json b/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json index 98e4d88155f..2dada268897 100644 --- a/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json +++ b/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyMiwxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNCwxXQ==", "attributes": { "description": "Overview of the audit log data from Google Cloud.", "hits": 0, @@ -640,5 +640,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json index be095d035a4..ed6618e1991 100644 --- a/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json +++ b/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyMywxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNSwxXQ==", "attributes": { "description": "Overview of Google Cloud Load Balancing TCP SSL Proxy Metrics\n\n", "hits": 0, @@ -525,5 +525,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json index 7a249c1138f..e25a5709343 100644 --- a/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json +++ b/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyNCwxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNiwxXQ==", "attributes": { "description": "Overview of Google Cloud Billing Metrics", "hits": 0, @@ -716,5 +716,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json b/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json index 54084f4626e..a3d271940ec 100644 --- a/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json +++ b/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyNSwxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNywxXQ==", "attributes": { "description": "Overview of the firewall log data from Google Cloud.", "hits": 0, @@ -1750,5 +1750,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json index 65d86ec558a..81a1e9717c8 100644 --- a/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json +++ b/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyNiwxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxOCwxXQ==", "attributes": { "description": "Overview of GCP Load Balancing L3 Metrics", "hits": 0, @@ -434,5 +434,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json b/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json index 4eff0394770..2b9d97a0c4e 100644 --- a/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json +++ b/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyNywxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxOSwxXQ==", "attributes": { "description": "Overview of the VPC flow log data from Google Cloud.", "hits": 0, @@ -1720,5 +1720,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json index e9e7e566d66..e50bfe0221d 100644 --- a/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json +++ b/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyOCwxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcyMCwxXQ==", "attributes": { "description": "Overview of GCP Load Balancing HTTPS Metrics", "hits": 0, @@ -566,5 +566,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json b/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json index 423f82a4ea2..6cf73e5311c 100644 --- a/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json +++ b/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T08:12:34.039Z", - "version": "WzYyOSwxXQ==", + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcyMSwxXQ==", "attributes": { "description": "Overview of GCP Compute Metrics", "hits": 0, @@ -682,5 +682,5 @@ "migrationVersion": { "dashboard": "7.17.3" }, - "coreMigrationVersion": "7.17.3" + "coreMigrationVersion": "7.17.6" } \ No newline at end of file From 6893aa7b8c5a3c93402ebfc20f4824149e775a90 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:03:19 +0530 Subject: [PATCH 050/103] revert gcp changelog --- packages/gcp/changelog.yml | 5 ----- packages/gcp/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index 15f1b3f889a..faf03fd2c43 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "2.13.1" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "2.13.0" changes: - description: Migrate dashboard by values diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index c6f711badbd..eecda9f04ba 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: "2.13.1" +version: "2.13.0" release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration From b7e3a0fd22d9eedc81ac77be8e8dc267dc8900af Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:03:29 +0530 Subject: [PATCH 051/103] Revert "github already inlined" This reverts commit d60df91ac3584d1e7a185b204affa3a65e43e9cd. --- ...-4da91aa0-12fc-11ed-af77-016e1a977d80.json | 6581 ++++++++--------- ...-591d69e0-17b6-11ed-809a-7b4be950fe9c.json | 5431 +++++++------- ...-6197be80-220c-11ed-88c4-e3caca48250a.json | 4857 ++++++------ ...-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json | 3699 +++++---- ...-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json | 920 +-- ...-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json | 1982 ++--- 6 files changed, 11725 insertions(+), 11745 deletions(-) diff --git a/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json b/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json index 9c79ceca1f1..10d04c87796 100644 --- a/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json +++ b/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json @@ -1,3413 +1,3408 @@ { - "id": "github-4da91aa0-12fc-11ed-af77-016e1a977d80", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:22:26.869Z", - "version": "WzY4MywxXQ==", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{}}},\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\",\"enhancements\":{}}}}" - }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": "Code Scanning", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": [ - "code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.action": "code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } - }, - "title": "Total Alerts Created [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{}}},\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\",\"enhancements\":{}}}}" }, - "gridData": { - "h": 5, - "i": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", - "w": 14, - "x": 0, - "y": 0 - }, - "panelIndex": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Found/Fixed Ratio", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "count()/count(kql='github.state:dismissed')", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "scale": "ratio" + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.state:dismissed" - }, - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" + "meta": { + "alias": "Code Scanning", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": [ + "code_scanning" + ], + "type": "phrases" }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "location": { - "max": 43, - "min": 0 - }, - "name": "divide", - "text": "count()/count(kql='github.state:dismissed')", - "type": "function" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.action": "code_scanning" + } + } + ] } - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "scale": "ratio" } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } + ], + "query": { + "language": "kuery", + "query": "" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } - }, - "title": "Alerts Found/Fixed Ratio [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 5, - "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "w": 14, - "x": 14, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true }, - "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5b02c858-e981-4dc4-a3bc-1d563549180a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cbc5557e-f6b9-4140-90b2-3100f33083c4": { - "columnOrder": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc", - "4525c4ae-5f82-4b4d-9867-48e4aba462fd" - ], - "columns": { - "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Open vs Resolved", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.most_recent_instance.state" + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } }, - "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "5b02c858-e981-4dc4-a3bc-1d563549180a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Total Alerts Created [GitHub Code Scanning]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.54, - "groups": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc" - ], - "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", - "layerType": "data", - "legendDisplay": "show", - "legendPosition": "right", - "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "palette": { - "name": "default", - "type": "palette" + "enhancements": {} }, - "shape": "donut" - } + "gridData": { + "h": 5, + "i": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", + "type": "lens", + "version": "8.4.1" }, - "title": "Open vs Resolved/Dismissed [GitHub Code Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "w": 20, - "x": 28, - "y": 0 - }, - "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5d417c98-6b80-42b4-9183-15bf539c9c46", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "type": "index-pattern" } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "5d417c98-6b80-42b4-9183-15bf539c9c46", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", - "key": "github.code_scanning.state", - "negate": false, - "params": { - "query": "open" + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Found/Fixed Ratio", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } + }, + "formula": "count()/count(kql='github.state:dismissed')", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.state:dismissed" + }, + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "location": { + "max": 43, + "min": 0 + }, + "name": "divide", + "text": "count()/count(kql='github.state:dismissed')", + "type": "function" + } + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Alerts Found/Fixed Ratio [GitHub Code Scanning]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.code_scanning.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" + "enhancements": {}, + "hidePanelTitles": false }, - "textAlign": "center" - } - }, - "title": "Open Alerts Count [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "w": 14, - "x": 0, - "y": 5 - }, - "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1d49d476-9ca6-44e0-8501-35c7f63ed984", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "e33d2853-5b3d-4be9-9312-2d8da64d9523" - ], - "columns": { - "e33d2853-5b3d-4be9-9312-2d8da64d9523": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Mean time to resolve an alert", - "operationType": "average", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "github.code_scanning.time_to_resolution.sec" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1d49d476-9ca6-44e0-8501-35c7f63ed984", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } + "gridData": { + "h": 5, + "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "w": 14, + "x": 14, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", - "key": "github.code_scanning.time_to_resolution.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "github.code_scanning.time_to_resolution.sec" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } + "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "type": "lens", + "version": "8.4.1" }, - "title": "Mean Time to Resolution [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 5, - "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "w": 14, - "x": 14, - "y": 5 - }, - "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "title": "Mean Time To Resolution [GitHub Code Scanning]", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "960abe90-416f-4075-aaef-2cc0a3af1707", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" + { + "id": "logs-*", + "name": "5b02c858-e981-4dc4-a3bc-1d563549180a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cbc5557e-f6b9-4140-90b2-3100f33083c4": { + "columnOrder": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc", + "4525c4ae-5f82-4b4d-9867-48e4aba462fd" + ], + "columns": { + "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Open vs Resolved", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.most_recent_instance.state" + }, + "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "5b02c858-e981-4dc4-a3bc-1d563549180a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.54, + "groups": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc" + ], + "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", + "layerType": "data", + "legendDisplay": "show", + "legendPosition": "right", + "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } + "title": "Open vs Resolved/Dismissed [GitHub Code Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "960abe90-416f-4075-aaef-2cc0a3af1707", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" + "gridData": { + "h": 15, + "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "w": 20, + "x": 28, + "y": 0 }, - "textAlign": "center" - } + "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "type": "lens", + "version": "8.4.1" }, - "title": "Resolved/Dismissed Alerts Count [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 5, - "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "w": 14, - "x": 0, - "y": 10 - }, - "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2ce8a419-debd-4a37-85e6-c7b49e61604f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d8a21374-4117-4796-96e2-ecd47f2babd2": { - "columnOrder": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" - ], - "columns": { - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Ratio between the alerts generated and the number of commits", - "operationType": "formula", - "params": { - "formula": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", - "isFormulaBroken": false - }, - "references": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" - ], - "scale": "ratio" - }, - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", - "operationType": "unique_count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "github.code_scanning.most_recent_instance.commit_sha" - }, - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" - ], - "location": { - "max": 74, - "min": 0 - }, - "name": "divide", - "text": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", - "type": "function" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5d417c98-6b80-42b4-9183-15bf539c9c46", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "type": "index-pattern" } - }, - "references": [ - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", - "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2ce8a419-debd-4a37-85e6-c7b49e61604f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", - "layerId": "d8a21374-4117-4796-96e2-ecd47f2babd2", - "layerType": "data", - "textAlign": "center" - } - }, - "title": "Alert/Commit Ratio [GitHub Code Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", - "w": 14, - "x": 14, - "y": 10 - }, - "panelIndex": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1d50dadb-a088-4e8b-842f-8d84e6378658", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "5d417c98-6b80-42b4-9183-15bf539c9c46", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "key": "github.code_scanning.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.code_scanning.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count ", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" + "title": "Open Alerts Count [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "w": 14, + "x": 0, + "y": 5 + }, + "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" + { + "id": "logs-*", + "name": "1d49d476-9ca6-44e0-8501-35c7f63ed984", + "type": "index-pattern" }, - "secondaryFields": [ - "github.repository.name" + { + "id": "logs-*", + "name": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "e33d2853-5b3d-4be9-9312-2d8da64d9523" + ], + "columns": { + "e33d2853-5b3d-4be9-9312-2d8da64d9523": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Mean time to resolve an alert", + "operationType": "average", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "github.code_scanning.time_to_resolution.sec" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1d49d476-9ca6-44e0-8501-35c7f63ed984", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "key": "github.code_scanning.time_to_resolution.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "github.code_scanning.time_to_resolution.sec" + } + } + } ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1d50dadb-a088-4e8b-842f-8d84e6378658", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Mean Time to Resolution [GitHub Code Scanning]", + "visualizationType": "lnsMetric" }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 5, + "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "w": 14, + "x": 14, + "y": 5 }, - "valueLabels": "hide" - } + "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "title": "Mean Time To Resolution [GitHub Code Scanning]", + "type": "lens", + "version": "8.4.1" }, - "title": "Alerts count by owner and by repository [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "w": 25, - "x": 0, - "y": 15 - }, - "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "63aad513-3506-45e9-8c13-d2ee49f689ab", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top repositories contributing to alerts by owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "type": "index-pattern" }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "8cca4d83-a822-4b67-97cd-27649e1d7c68": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.repository.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "id": "logs-*", + "name": "960abe90-416f-4075-aaef-2cc0a3af1707", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "960abe90-416f-4075-aaef-2cc0a3af1707", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "63aad513-3506-45e9-8c13-d2ee49f689ab", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Resolved/Dismissed Alerts Count [GitHub Code Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 5, + "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "w": 14, + "x": 0, + "y": 10 + }, + "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "type": "lens", + "version": "8.4.1" }, - "title": "Aerts % by owner and by repository [GitHub Code Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "w": 23, - "x": 25, - "y": 15 - }, - "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "title": "Alerts % by owner and by repository [GitHub Code Scanning]", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14d80078-f238-406f-9a34-bae0f8616bc0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Tool", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "2ce8a419-debd-4a37-85e6-c7b49e61604f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d8a21374-4117-4796-96e2-ecd47f2babd2": { + "columnOrder": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" + ], + "columns": { + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Ratio between the alerts generated and the number of commits", + "operationType": "formula", + "params": { + "formula": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", + "isFormulaBroken": false + }, + "references": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2" + ], + "scale": "ratio" + }, + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Ratio between the alerts and the number of commits generated", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Ratio between the alerts and the number of commits generated", + "operationType": "unique_count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "github.code_scanning.most_recent_instance.commit_sha" + }, + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Ratio between the alerts and the number of commits generated", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" + ], + "location": { + "max": 74, + "min": 0 + }, + "name": "divide", + "text": "count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)", + "type": "function" + } + }, + "references": [ + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0", + "c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.tool.name" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2ce8a419-debd-4a37-85e6-c7b49e61604f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", + "layerId": "d8a21374-4117-4796-96e2-ecd47f2babd2", + "layerType": "data", + "textAlign": "center" + } }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "14d80078-f238-406f-9a34-bae0f8616bc0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Alert/Commit Ratio [GitHub Code Scanning]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 5, + "i": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", + "w": 14, + "x": 14, + "y": 10 }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", + "type": "lens", + "version": "8.4.1" }, - "title": "Tool Contribution Count [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "4e77167a-4642-4cbb-8430-2197e2f31666", - "w": 14, - "x": 0, - "y": 27 - }, - "panelIndex": "4e77167a-4642-4cbb-8430-2197e2f31666", - "title": "Tool Contribution [GitHub Code Scanning]", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e696efc1-4a91-44d3-ad68-618f00d80703", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of github.code_scanning.tool.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "1d50dadb-a088-4e8b-842f-8d84e6378658", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count ", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "github.repository.name" + ], + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1d50dadb-a088-4e8b-842f-8d84e6378658", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.tool.name" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "e696efc1-4a91-44d3-ad68-618f00d80703", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Alerts count by owner and by repository [GitHub Code Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 2, - "legendPosition": "right", - "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "shape": "donut" - } + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "w": 25, + "x": 0, + "y": 15 + }, + "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "type": "lens", + "version": "8.4.1" }, - "title": "Tool Contribution [GitHub Code Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "5135da2a-0093-4b71-a35a-c2b8877d22dd", - "w": 11, - "x": 14, - "y": 27 - }, - "panelIndex": "5135da2a-0093-4b71-a35a-c2b8877d22dd", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a9c37a5a-574a-411d-9420-2e53045288f3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "00866684-5176-499e-9517-eff9e9102155", - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "00866684-5176-499e-9517-eff9e9102155": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.code_scanning.tool.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "63aad513-3506-45e9-8c13-d2ee49f689ab", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top repositories contributing to alerts by owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "8cca4d83-a822-4b67-97cd-27649e1d7c68": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.repository.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + }, + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.tool.name" - }, - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": false, - "interval": "d" - }, - "scale": "interval", - "sourceField": "@timestamp" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "63aad513-3506-45e9-8c13-d2ee49f689ab", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a9c37a5a-574a-411d-9420-2e53045288f3", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Aerts % by owner and by repository [GitHub Code Scanning]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right" + "gridData": { + "h": 12, + "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "w": 23, + "x": 25, + "y": 15 }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "title": "Alerts % by owner and by repository [GitHub Code Scanning]", + "type": "lens", + "version": "8.4.1" }, - "title": "Daily Tool Contribution [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "7a3f8c53-407b-4862-9dc3-10dccfe06426", - "w": 23, - "x": 25, - "y": 27 - }, - "panelIndex": "7a3f8c53-407b-4862-9dc3-10dccfe06426", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "14d80078-f238-406f-9a34-bae0f8616bc0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Tool", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.tool.name" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "14d80078-f238-406f-9a34-bae0f8616bc0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Tool Contribution Count [GitHub Code Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 13, + "i": "4e77167a-4642-4cbb-8430-2197e2f31666", + "w": 14, + "x": 0, + "y": 27 }, - "layers": [ - { - "accessors": [ - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "yConfig": [ - { - "axisMode": "auto", - "color": "#b9a888", - "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "show" - } + "panelIndex": "4e77167a-4642-4cbb-8430-2197e2f31666", + "title": "Tool Contribution [GitHub Code Scanning]", + "type": "lens", + "version": "8.4.1" }, - "title": "Alert Severity Count [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "9653b170-7606-461f-9ac4-bf58547f30db", - "w": 14, - "x": 0, - "y": 40 - }, - "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ad0255d-c017-4880-b3dd-d60cb17375c1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e696efc1-4a91-44d3-ad68-618f00d80703", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of github.code_scanning.tool.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.tool.name" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "e696efc1-4a91-44d3-ad68-618f00d80703", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "3ad0255d-c017-4880-b3dd-d60cb17375c1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 2, + "legendPosition": "right", + "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "shape": "donut" + } + }, + "title": "Tool Contribution [GitHub Code Scanning]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "default", - "type": "palette" + "enhancements": {} }, - "shape": "donut" - } + "gridData": { + "h": 13, + "i": "5135da2a-0093-4b71-a35a-c2b8877d22dd", + "w": 11, + "x": 14, + "y": 27 + }, + "panelIndex": "5135da2a-0093-4b71-a35a-c2b8877d22dd", + "type": "lens", + "version": "8.4.1" }, - "title": "Alert Severity % [GitHub Code Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "563a073c-7de0-4095-b0ac-127caed562f2", - "w": 11, - "x": 14, - "y": 40 - }, - "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a760085-cbc8-4b89-8401-4eb7f686cc80", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "00866684-5176-499e-9517-eff9e9102155", - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "00866684-5176-499e-9517-eff9e9102155": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "a9c37a5a-574a-411d-9420-2e53045288f3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "00866684-5176-499e-9517-eff9e9102155", + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "00866684-5176-499e-9517-eff9e9102155": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.code_scanning.tool.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.tool.name" + }, + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "d" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - }, - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": false, - "interval": "d" - }, - "scale": "interval", - "sourceField": "@timestamp" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a9c37a5a-574a-411d-9420-2e53045288f3", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8a760085-cbc8-4b89-8401-4eb7f686cc80", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Daily Tool Contribution [GitHub Code Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right" + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "7a3f8c53-407b-4862-9dc3-10dccfe06426", + "w": 23, + "x": 25, + "y": 27 }, - "valueLabels": "hide" - } + "panelIndex": "7a3f8c53-407b-4862-9dc3-10dccfe06426", + "type": "lens", + "version": "8.4.1" }, - "title": "Daily Alerts Count by Severity [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "w": 23, - "x": 25, - "y": 40 - }, - "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.rule.severity" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "yConfig": [ + { + "axisMode": "auto", + "color": "#b9a888", + "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "show" + } + }, + "title": "Alert Severity Count [GitHub Code Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "9653b170-7606-461f-9ac4-bf58547f30db", + "w": 14, + "x": 0, + "y": 40 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "yConfig": [ - { - "axisMode": "auto", - "color": "#f1ceb0", - "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "show" - } + "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", + "type": "lens", + "version": "8.4.1" }, - "title": "Rule Severity [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "c8b71fb6-3611-4788-a05f-fc9336b277f5", - "w": 14, - "x": 0, - "y": 53 - }, - "panelIndex": "c8b71fb6-3611-4788-a05f-fc9336b277f5", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "68463b79-453f-4a36-a9a5-e747691dbbc9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a5a3e567-da48-48df-902a-28bb45019016": { - "columnOrder": [ - "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b", - "9797f885-5bd5-4511-8dba-7867ef8fd09a" - ], - "columns": { - "9797f885-5bd5-4511-8dba-7867ef8fd09a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 10 Rules", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9797f885-5bd5-4511-8dba-7867ef8fd09a", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "3ad0255d-c017-4880-b3dd-d60cb17375c1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "rule.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "68463b79-453f-4a36-a9a5-e747691dbbc9", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "3ad0255d-c017-4880-b3dd-d60cb17375c1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "Alert Severity % [GitHub Code Scanning]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "9797f885-5bd5-4511-8dba-7867ef8fd09a" - ], - "layerId": "a5a3e567-da48-48df-902a-28bb45019016", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b" - } - ], - "legend": { - "floatingColumns": 1, - "horizontalAlignment": "right", - "isInside": true, - "isVisible": true, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": false, - "verticalAlignment": "top" + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "563a073c-7de0-4095-b0ac-127caed562f2", + "w": 11, + "x": 14, + "y": 40 }, - "valueLabels": "hide" - } + "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", + "type": "lens", + "version": "8.4.1" }, - "title": "Top Rules [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "26c79a62-100e-4eb4-b878-621e2be8570d", - "w": 34, - "x": 14, - "y": 53 - }, - "panelIndex": "26c79a62-100e-4eb4-b878-621e2be8570d", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17dc082e-1cb5-4483-901a-9c220d911bac": { - "columnOrder": [ - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "columns": { - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top files responsible for alerts", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a760085-cbc8-4b89-8401-4eb7f686cc80", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "00866684-5176-499e-9517-eff9e9102155", + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "00866684-5176-499e-9517-eff9e9102155": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + }, + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "d" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8a760085-cbc8-4b89-8401-4eb7f686cc80", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.most_recent_instance.location.path" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "b907d8f2-1395-4737-a7db-25bd080be94d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Daily Alerts Count by Severity [GitHub Code Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 13, + "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "w": 23, + "x": 25, + "y": 40 }, - "layers": [ - { - "accessors": [ - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" - } - ], - "legend": { - "isInside": false, - "isVisible": true, - "position": "right", - "showSingleSeries": false + "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.rule.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "yConfig": [ + { + "axisMode": "auto", + "color": "#f1ceb0", + "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "show" + } + }, + "title": "Rule Severity [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "c8b71fb6-3611-4788-a05f-fc9336b277f5", + "w": 14, + "x": 0, + "y": 53 }, - "valueLabels": "hide" - } + "panelIndex": "c8b71fb6-3611-4788-a05f-fc9336b277f5", + "type": "lens", + "version": "8.4.1" }, - "title": "Top files [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "41578b87-d820-42df-92d5-69af2643d793", - "w": 36, - "x": 0, - "y": 66 - }, - "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "eeb76646-d085-43fb-bad2-e7e78e3470fa", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2321cd3f-039b-44be-90a5-03028195d49e": { - "columnOrder": [ - "37a962c0-4797-484d-b2e6-00a280b3edc2", - "871b560f-f208-41a2-978b-b97664f99807" - ], - "columns": { - "37a962c0-4797-484d-b2e6-00a280b3edc2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "871b560f-f208-41a2-978b-b97664f99807", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "68463b79-453f-4a36-a9a5-e747691dbbc9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a5a3e567-da48-48df-902a-28bb45019016": { + "columnOrder": [ + "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b", + "9797f885-5bd5-4511-8dba-7867ef8fd09a" + ], + "columns": { + "9797f885-5bd5-4511-8dba-7867ef8fd09a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top 10 Rules", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9797f885-5bd5-4511-8dba-7867ef8fd09a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "68463b79-453f-4a36-a9a5-e747691dbbc9", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.code_scanning.dismissed_by.login" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "9797f885-5bd5-4511-8dba-7867ef8fd09a" + ], + "layerId": "a5a3e567-da48-48df-902a-28bb45019016", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b" + } + ], + "legend": { + "floatingColumns": 1, + "horizontalAlignment": "right", + "isInside": true, + "isVisible": true, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": false, + "verticalAlignment": "top" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "871b560f-f208-41a2-978b-b97664f99807": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "eeb76646-d085-43fb-bad2-e7e78e3470fa", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Top Rules [GitHub Code Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "26c79a62-100e-4eb4-b878-621e2be8570d", + "w": 34, + "x": 14, + "y": 53 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "871b560f-f208-41a2-978b-b97664f99807" - ], - "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "26c79a62-100e-4eb4-b878-621e2be8570d", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17dc082e-1cb5-4483-901a-9c220d911bac": { + "columnOrder": [ + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "columns": { + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top files responsible for alerts", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.most_recent_instance.location.path" + }, + "b907d8f2-1395-4737-a7db-25bd080be94d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" + } + ], + "legend": { + "isInside": false, + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Top files [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "41578b87-d820-42df-92d5-69af2643d793", + "w": 36, + "x": 0, + "y": 66 }, - "valueLabels": "hide" - } + "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", + "type": "lens", + "version": "8.4.1" }, - "title": "Top users dismissing alerts [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "w": 12, - "x": 36, - "y": 66 - }, - "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "type": "lens", - "version": "8.4.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "deab5558-7fec-4cfa-b152-24203a046301", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ebd4f001-671a-4772-a2c4-b07f94e34845": { - "columnOrder": [ - "fc40a758-e2ae-45db-88c1-439660cb7f66", - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "columns": { - "5caf7916-eab1-42d2-b591-41039ee8ed72": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eeb76646-d085-43fb-bad2-e7e78e3470fa", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2321cd3f-039b-44be-90a5-03028195d49e": { + "columnOrder": [ + "37a962c0-4797-484d-b2e6-00a280b3edc2", + "871b560f-f208-41a2-978b-b97664f99807" + ], + "columns": { + "37a962c0-4797-484d-b2e6-00a280b3edc2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "871b560f-f208-41a2-978b-b97664f99807", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.code_scanning.dismissed_by.login" + }, + "871b560f-f208-41a2-978b-b97664f99807": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "eeb76646-d085-43fb-bad2-e7e78e3470fa", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "871b560f-f208-41a2-978b-b97664f99807" + ], + "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "fc40a758-e2ae-45db-88c1-439660cb7f66": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "deab5558-7fec-4cfa-b152-24203a046301", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.code_scanning" + "title": "Top users dismissing alerts [GitHub Code Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "w": 12, + "x": 36, + "y": 66 }, - "layers": [ - { - "accessors": [ - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "type": "lens", + "version": "8.4.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "deab5558-7fec-4cfa-b152-24203a046301", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ebd4f001-671a-4772-a2c4-b07f94e34845": { + "columnOrder": [ + "fc40a758-e2ae-45db-88c1-439660cb7f66", + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "columns": { + "5caf7916-eab1-42d2-b591-41039ee8ed72": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fc40a758-e2ae-45db-88c1-439660cb7f66": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "deab5558-7fec-4cfa-b152-24203a046301", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.code_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Events Timeline [GitHub Code Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 12, + "i": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", + "w": 48, + "x": 0, + "y": 81 }, - "valueLabels": "hide" - } - }, - "title": "Events Timeline [GitHub Code Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "panelIndex": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", + "type": "lens", + "version": "8.4.1" + } + ], + "timeRestore": false, + "title": "[GitHub] Code Scanning Alerts", + "version": 1 + }, + "coreMigrationVersion": "8.4.1", + "id": "github-4da91aa0-12fc-11ed-af77-016e1a977d80", + "migrationVersion": { + "dashboard": "8.4.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:5b02c858-e981-4dc4-a3bc-1d563549180a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:5d417c98-6b80-42b4-9183-15bf539c9c46", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:1d49d476-9ca6-44e0-8501-35c7f63ed984", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:960abe90-416f-4075-aaef-2cc0a3af1707", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:2ce8a419-debd-4a37-85e6-c7b49e61604f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:1d50dadb-a088-4e8b-842f-8d84e6378658", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:63aad513-3506-45e9-8c13-d2ee49f689ab", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:14d80078-f238-406f-9a34-bae0f8616bc0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:e696efc1-4a91-44d3-ad68-618f00d80703", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:a9c37a5a-574a-411d-9420-2e53045288f3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:3ad0255d-c017-4880-b3dd-d60cb17375c1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:8a760085-cbc8-4b89-8401-4eb7f686cc80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26c79a62-100e-4eb4-b878-621e2be8570d:indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26c79a62-100e-4eb4-b878-621e2be8570d:68463b79-453f-4a36-a9a5-e747691dbbc9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" }, - "gridData": { - "h": 12, - "i": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", - "w": 48, - "x": 0, - "y": 81 + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:eeb76646-d085-43fb-bad2-e7e78e3470fa", + "type": "index-pattern" }, - "panelIndex": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", - "type": "lens", - "version": "8.4.1" - } + { + "id": "logs-*", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:deab5558-7fec-4cfa-b152-24203a046301", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_3d506940-8d8f-4f4f-8fa8-5ac070d1dc36:optionsListDataView", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[GitHub] Code Scanning Alerts", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:4fa3d8de-226f-4ff3-ab95-b9167e6ff115", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:5b02c858-e981-4dc4-a3bc-1d563549180a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:5d417c98-6b80-42b4-9183-15bf539c9c46", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:c10f8d54-f8a4-45cf-8c17-527a0b914e14", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:1d49d476-9ca6-44e0-8501-35c7f63ed984", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:960abe90-416f-4075-aaef-2cc0a3af1707", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:2ce8a419-debd-4a37-85e6-c7b49e61604f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:1d50dadb-a088-4e8b-842f-8d84e6378658", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:63aad513-3506-45e9-8c13-d2ee49f689ab", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4e77167a-4642-4cbb-8430-2197e2f31666:14d80078-f238-406f-9a34-bae0f8616bc0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:e696efc1-4a91-44d3-ad68-618f00d80703", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:a9c37a5a-574a-411d-9420-2e53045288f3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:c1f5c308-cb41-49d7-9d2b-034ddea6eec8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:3ad0255d-c017-4880-b3dd-d60cb17375c1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:8a760085-cbc8-4b89-8401-4eb7f686cc80", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26c79a62-100e-4eb4-b878-621e2be8570d:indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26c79a62-100e-4eb4-b878-621e2be8570d:68463b79-453f-4a36-a9a5-e747691dbbc9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:eeb76646-d085-43fb-bad2-e7e78e3470fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:deab5558-7fec-4cfa-b152-24203a046301", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_3d506940-8d8f-4f4f-8fa8-5ac070d1dc36:optionsListDataView", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "8.4.0" - }, - "coreMigrationVersion": "8.4.1" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json b/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json index f83678486e0..96459148280 100644 --- a/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json +++ b/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json @@ -1,2811 +1,2806 @@ { - "id": "github-591d69e0-17b6-11ed-809a-7b4be950fe9c", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:22:26.869Z", - "version": "WzY4NCwxXQ==", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"66d2324e-be32-41be-b685-54ba2cc58c2b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"66d2324e-be32-41be-b685-54ba2cc58c2b\",\"enhancements\":{}}},\"54e33c68-ad08-412f-852a-f669391018b0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"54e33c68-ad08-412f-852a-f669391018b0\",\"enhancements\":{}}},\"9fd25971-d168-4a50-985f-9e1bb266c93e\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"9fd25971-d168-4a50-985f-9e1bb266c93e\",\"enhancements\":{}}},\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\",\"enhancements\":{}}}}" - }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": "Secret Scanning", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": [ - "secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.action": "secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a27a9357-b353-46a3-9116-530f354b09b9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Secrets Found", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a27a9357-b353-46a3-9116-530f354b09b9", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } - }, - "title": "Total Secrets Found [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", - "w": 14, - "x": 0, - "y": 0 + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"66d2324e-be32-41be-b685-54ba2cc58c2b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"66d2324e-be32-41be-b685-54ba2cc58c2b\",\"enhancements\":{}}},\"54e33c68-ad08-412f-852a-f669391018b0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"54e33c68-ad08-412f-852a-f669391018b0\",\"enhancements\":{}}},\"9fd25971-d168-4a50-985f-9e1bb266c93e\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"9fd25971-d168-4a50-985f-9e1bb266c93e\",\"enhancements\":{}}},\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\",\"enhancements\":{}}}}" }, - "panelIndex": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ef2a4614-151f-42d0-8707-257d009298ea", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Secrets Found/Fixed Ratio", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "count()/count(kql='github.state:dismissed or github.state:resolved')", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Secrets Found/Fixed Ratio", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.state:dismissed or github.state:resolved" - }, - "isBucketed": false, - "label": "Part of Secrets Found/Fixed Ratio", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" + "meta": { + "alias": "Secret Scanning", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": [ + "secret_scanning" + ], + "type": "phrases" }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Secrets Found/Fixed Ratio", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "location": { - "max": 68, - "min": 0 - }, - "name": "divide", - "text": "count()/count(kql='github.state:dismissed or github.state:resolved')", - "type": "function" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.action": "secret_scanning" + } + } + ] } - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "scale": "ratio" } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ef2a4614-151f-42d0-8707-257d009298ea", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } + ], + "query": { + "language": "kuery", + "query": "" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } - }, - "title": "Secrets Found/Fixed Ratio [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 5, - "i": "277a4af7-61c6-40d9-80a6-2d73df097618", - "w": 14, - "x": 14, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true }, - "panelIndex": "277a4af7-61c6-40d9-80a6-2d73df097618", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cbc5557e-f6b9-4140-90b2-3100f33083c4": { - "columnOrder": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc", - "4525c4ae-5f82-4b4d-9867-48e4aba462fd" - ], - "columns": { - "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Open vs Resolved", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "a27a9357-b353-46a3-9116-530f354b09b9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Secrets Found", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.state" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a27a9357-b353-46a3-9116-530f354b09b9", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } }, - "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc" - ], - "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", - "layerType": "data", - "legendDisplay": "show", - "legendPosition": "right", - "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "palette": { - "name": "default", - "type": "palette" + "title": "Total Secrets Found [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "shape": "donut" - } + "gridData": { + "h": 5, + "i": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", + "type": "lens", + "version": "8.3.0" }, - "title": "Open vs Fixed/Resolved Secrets[GitHub Secret Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "51a087d0-9c56-4047-9404-b4b7b37497b0", - "w": 20, - "x": 28, - "y": 0 - }, - "panelIndex": "51a087d0-9c56-4047-9404-b4b7b37497b0", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ef2a4614-151f-42d0-8707-257d009298ea", + "type": "index-pattern" } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "key": "github.state", - "negate": false, - "params": { - "query": "open" + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Secrets Found/Fixed Ratio", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } + }, + "formula": "count()/count(kql='github.state:dismissed or github.state:resolved')", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Secrets Found/Fixed Ratio", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.state:dismissed or github.state:resolved" + }, + "isBucketed": false, + "label": "Part of Secrets Found/Fixed Ratio", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Secrets Found/Fixed Ratio", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "location": { + "max": 68, + "min": 0 + }, + "name": "divide", + "text": "count()/count(kql='github.state:dismissed or github.state:resolved')", + "type": "function" + } + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ef2a4614-151f-42d0-8707-257d009298ea", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Secrets Found/Fixed Ratio [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" + "enhancements": {} }, - "textAlign": "center" - } - }, - "title": "Open Secrets Count [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", - "w": 14, - "x": 0, - "y": 5 - }, - "panelIndex": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9c0d6963-bc22-4d2d-9028-20e603d307e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dac33af7-8640-4326-8c95-afddf6194657", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "e33d2853-5b3d-4be9-9312-2d8da64d9523" - ], - "columns": { - "e33d2853-5b3d-4be9-9312-2d8da64d9523": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Mean time to resolve an alert", - "operationType": "average", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "github.secret_scanning.time_to_resolution.sec" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "9c0d6963-bc22-4d2d-9028-20e603d307e7", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.secret_scanning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } + "gridData": { + "h": 5, + "i": "277a4af7-61c6-40d9-80a6-2d73df097618", + "w": 14, + "x": 14, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "dac33af7-8640-4326-8c95-afddf6194657", - "key": "github.secret_scanning.time_to_resolution.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "github.secret_scanning.time_to_resolution.sec" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } + "panelIndex": "277a4af7-61c6-40d9-80a6-2d73df097618", + "type": "lens", + "version": "8.3.0" }, - "title": "Mean Time to Resolution [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", - "w": 14, - "x": 14, - "y": 5 - }, - "panelIndex": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9f91f71-3727-4bf1-9d0a-2742347e223f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cbc5557e-f6b9-4140-90b2-3100f33083c4": { + "columnOrder": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc", + "4525c4ae-5f82-4b4d-9867-48e4aba462fd" + ], + "columns": { + "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Open vs Resolved", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.state" + }, + "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc" + ], + "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", + "layerType": "data", + "legendDisplay": "show", + "legendPosition": "right", + "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "e9f91f71-3727-4bf1-9d0a-2742347e223f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } + "title": "Open vs Fixed/Resolved Secrets[GitHub Secret Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" + "gridData": { + "h": 15, + "i": "51a087d0-9c56-4047-9404-b4b7b37497b0", + "w": 20, + "x": 28, + "y": 0 }, - "textAlign": "center" - } + "panelIndex": "51a087d0-9c56-4047-9404-b4b7b37497b0", + "type": "lens", + "version": "8.3.0" }, - "title": "Fixed Secrets Count [GitHub Secret Scanning]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "892ed6dd-afe7-4685-bebb-5f1a70b44692", - "w": 14, - "x": 0, - "y": 10 - }, - "panelIndex": "892ed6dd-afe7-4685-bebb-5f1a70b44692", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "89debdad-d323-4640-918b-2c38d061e212", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "type": "index-pattern" }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Found Secrets by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count by repository", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" + { + "id": "logs-*", + "name": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [ - "github.repository.name" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "89debdad-d323-4640-918b-2c38d061e212", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } + }, + "title": "Open Secrets Count [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true + "enhancements": {} }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 5, + "i": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", + "w": 14, + "x": 0, + "y": 5 }, - "valueLabels": "hide" - } + "panelIndex": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", + "type": "lens", + "version": "8.3.0" }, - "title": "Found Secrets count by owner and by repository [GitHub Secret Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "429f2ded-1aca-42cd-9190-9afddb03eabf", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "429f2ded-1aca-42cd-9190-9afddb03eabf", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "11287d36-4d96-447c-b336-56ae03fcbc16", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top repositories contributing to alerts by owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "9c0d6963-bc22-4d2d-9028-20e603d307e7", + "type": "index-pattern" }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "8cca4d83-a822-4b67-97cd-27649e1d7c68": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.repository.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "id": "logs-*", + "name": "dac33af7-8640-4326-8c95-afddf6194657", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "e33d2853-5b3d-4be9-9312-2d8da64d9523" + ], + "columns": { + "e33d2853-5b3d-4be9-9312-2d8da64d9523": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Mean time to resolve an alert", + "operationType": "average", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "github.secret_scanning.time_to_resolution.sec" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "9c0d6963-bc22-4d2d-9028-20e603d307e7", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "dac33af7-8640-4326-8c95-afddf6194657", + "key": "github.secret_scanning.time_to_resolution.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "github.secret_scanning.time_to_resolution.sec" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" + "visualization": { + "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "11287d36-4d96-447c-b336-56ae03fcbc16", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Mean Time to Resolution [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 10, + "i": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", + "w": 14, + "x": 14, + "y": 5 + }, + "panelIndex": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", + "type": "lens", + "version": "8.3.0" }, - "title": "Found Secrets % by owner and by repository [GitHub Secret Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "a7adc099-113f-4113-b592-24b5ceff484e", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "a7adc099-113f-4113-b592-24b5ceff484e", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "25c2db0c-d286-407e-9c0b-55252a2ad165", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Secret Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9f91f71-3727-4bf1-9d0a-2742347e223f", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "e9f91f71-3727-4bf1-9d0a-2742347e223f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Found Secrets", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "25c2db0c-d286-407e-9c0b-55252a2ad165", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", - "key": "github.state", - "negate": false, - "params": { - "query": "open" + "title": "Fixed Secrets Count [GitHub Secret Scanning]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 5, + "i": "892ed6dd-afe7-4685-bebb-5f1a70b44692", + "w": 14, + "x": 0, + "y": 10 }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "892ed6dd-afe7-4685-bebb-5f1a70b44692", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Secrets Count by Type [GitHub Secret Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "883397dd-0064-48f2-b257-c8ed4295b0b9", - "w": 24, - "x": 0, - "y": 27 - }, - "panelIndex": "883397dd-0064-48f2-b257-c8ed4295b0b9", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Secrets by Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "89debdad-d323-4640-918b-2c38d061e212", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Found Secrets by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count by repository", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "github.repository.name" + ], + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "89debdad-d323-4640-918b-2c38d061e212", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", - "key": "github.state", - "negate": false, - "params": { - "query": "open" + "title": "Found Secrets count by owner and by repository [GitHub Secret Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "257a7d8d-1315-4775-97d9-e679c0f3aa79" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 5, - "legendPosition": "right", - "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "shape": "donut" - } + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "429f2ded-1aca-42cd-9190-9afddb03eabf", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "429f2ded-1aca-42cd-9190-9afddb03eabf", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Secrets % by Type [GitHub Secret Scanning]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "d0ec4a50-b9da-4775-9f64-5389f898aee3", - "w": 24, - "x": 24, - "y": 27 - }, - "panelIndex": "d0ec4a50-b9da-4775-9f64-5389f898aee3", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "725aa594-f41c-4b3e-a6cf-8c115b602f57": { - "columnOrder": [ - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "197c6dc3-cb49-4482-8381-a89e27cc960f", - "e81fb515-1196-411c-818d-8f4d837ce000", - "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", - "753cfcd3-a745-4003-9d55-c19e0ffbd43f", - "5cf0999f-989a-465c-a12d-3549cad8584a", - "308e4990-dd31-471d-a467-d9c8a775476d", - "432976f9-4218-49dc-9922-f7dc093cbaa1" - ], - "columns": { - "197c6dc3-cb49-4482-8381-a89e27cc960f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner/Organization", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2059204b-f8ae-4a1f-911e-c7ed705f2ba9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + { + "id": "logs-*", + "name": "11287d36-4d96-447c-b336-56ae03fcbc16", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top repositories contributing to alerts by owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "8cca4d83-a822-4b67-97cd-27649e1d7c68": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.repository.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + }, + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "11287d36-4d96-447c-b336-56ae03fcbc16", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" - }, - "308e4990-dd31-471d-a467-d9c8a775476d": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "432976f9-4218-49dc-9922-f7dc093cbaa1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.secret_scanning.time_to_resolution.sec: *" - }, - "isBucketed": false, - "label": "Time To Resolution", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "github.secret_scanning.time_to_resolution.sec" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "5cf0999f-989a-465c-a12d-3549cad8584a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Resolved By User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + "title": "Found Secrets % by owner and by repository [GitHub Secret Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "a7adc099-113f-4113-b592-24b5ceff484e", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "a7adc099-113f-4113-b592-24b5ceff484e", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "25c2db0c-d286-407e-9c0b-55252a2ad165", + "type": "index-pattern" }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.resolved_by.login" - }, - "753cfcd3-a745-4003-9d55-c19e0ffbd43f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Resolution", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + { + "id": "logs-*", + "name": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Secret Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Found Secrets", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "25c2db0c-d286-407e-9c0b-55252a2ad165", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.resolution" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Fixed Secret", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + "title": "Open Secrets Count by Type [GitHub Secret Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "883397dd-0064-48f2-b257-c8ed4295b0b9", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "883397dd-0064-48f2-b257-c8ed4295b0b9", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "type": "index-pattern" }, - "size": 1000 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret" - }, - "e81fb515-1196-411c-818d-8f4d837ce000": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Repository", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + { + "id": "logs-*", + "name": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Secrets by Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "257a7d8d-1315-4775-97d9-e679c0f3aa79" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 5, + "legendPosition": "right", + "metric": "e1d8072b-7268-444a-864e-ef1117b17b65", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "shape": "donut" + } }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "hidden": false, - "isTransposed": false, - "width": 242.75 - }, - { - "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", - "isTransposed": false - }, - { - "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", - "isTransposed": false - }, - { - "columnId": "753cfcd3-a745-4003-9d55-c19e0ffbd43f", - "isTransposed": false - }, - { - "columnId": "5cf0999f-989a-465c-a12d-3549cad8584a", - "isTransposed": false - }, - { - "columnId": "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", - "isTransposed": false - }, - { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "hidden": true, - "isTransposed": false - }, - { - "columnId": "432976f9-4218-49dc-9922-f7dc093cbaa1", - "isTransposed": false - } - ], - "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", - "layerType": "data" - } + "title": "Open Secrets % by Type [GitHub Secret Scanning]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "d0ec4a50-b9da-4775-9f64-5389f898aee3", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "d0ec4a50-b9da-4775-9f64-5389f898aee3", + "type": "lens", + "version": "8.3.0" }, - "title": "Fixed Secrets [GitHub Secret Scanning]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", - "w": 48, - "x": 0, - "y": 40 - }, - "panelIndex": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "725aa594-f41c-4b3e-a6cf-8c115b602f57": { - "columnOrder": [ - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "197c6dc3-cb49-4482-8381-a89e27cc960f", - "e81fb515-1196-411c-818d-8f4d837ce000", - "4b29a17b-d4c4-4d29-a120-296f69b2875e", - "3b3eb320-881a-4786-bcb3-d2400e38a3d3", - "308e4990-dd31-471d-a467-d9c8a775476d" - ], - "columns": { - "197c6dc3-cb49-4482-8381-a89e27cc960f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner/Organization", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "type": "index-pattern" }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "308e4990-dd31-471d-a467-d9c8a775476d": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "3b3eb320-881a-4786-bcb3-d2400e38a3d3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Alert URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + { + "id": "logs-*", + "name": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "725aa594-f41c-4b3e-a6cf-8c115b602f57": { + "columnOrder": [ + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "197c6dc3-cb49-4482-8381-a89e27cc960f", + "e81fb515-1196-411c-818d-8f4d837ce000", + "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", + "753cfcd3-a745-4003-9d55-c19e0ffbd43f", + "5cf0999f-989a-465c-a12d-3549cad8584a", + "308e4990-dd31-471d-a467-d9c8a775476d", + "432976f9-4218-49dc-9922-f7dc093cbaa1" + ], + "columns": { + "197c6dc3-cb49-4482-8381-a89e27cc960f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner/Organization", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2059204b-f8ae-4a1f-911e-c7ed705f2ba9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" + }, + "308e4990-dd31-471d-a467-d9c8a775476d": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "432976f9-4218-49dc-9922-f7dc093cbaa1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.secret_scanning.time_to_resolution.sec: *" + }, + "isBucketed": false, + "label": "Time To Resolution", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "github.secret_scanning.time_to_resolution.sec" + }, + "5cf0999f-989a-465c-a12d-3549cad8584a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Resolved By User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.resolved_by.login" + }, + "753cfcd3-a745-4003-9d55-c19e0ffbd43f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Resolution", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.resolution" + }, + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Fixed Secret", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 1000 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret" + }, + "e81fb515-1196-411c-818d-8f4d837ce000": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Repository", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.url" + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "hidden": false, + "isTransposed": false, + "width": 242.75 + }, + { + "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", + "isTransposed": false + }, + { + "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", + "isTransposed": false + }, + { + "columnId": "753cfcd3-a745-4003-9d55-c19e0ffbd43f", + "isTransposed": false + }, + { + "columnId": "5cf0999f-989a-465c-a12d-3549cad8584a", + "isTransposed": false + }, + { + "columnId": "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", + "isTransposed": false + }, + { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "hidden": true, + "isTransposed": false + }, + { + "columnId": "432976f9-4218-49dc-9922-f7dc093cbaa1", + "isTransposed": false + } + ], + "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", + "layerType": "data" + } }, - "4b29a17b-d4c4-4d29-a120-296f69b2875e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + "title": "Fixed Secrets [GitHub Secret Scanning]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "type": "index-pattern" }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret_type_display_name" - }, - "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Found Secret", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" + { + "id": "logs-*", + "name": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "725aa594-f41c-4b3e-a6cf-8c115b602f57": { + "columnOrder": [ + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "197c6dc3-cb49-4482-8381-a89e27cc960f", + "e81fb515-1196-411c-818d-8f4d837ce000", + "4b29a17b-d4c4-4d29-a120-296f69b2875e", + "3b3eb320-881a-4786-bcb3-d2400e38a3d3", + "308e4990-dd31-471d-a467-d9c8a775476d" + ], + "columns": { + "197c6dc3-cb49-4482-8381-a89e27cc960f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner/Organization", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "308e4990-dd31-471d-a467-d9c8a775476d": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "3b3eb320-881a-4786-bcb3-d2400e38a3d3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Alert URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.url" + }, + "4b29a17b-d4c4-4d29-a120-296f69b2875e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret_type_display_name" + }, + "98acffa4-7380-4b18-9f9a-4025ca8ac0c6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Found Secret", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 1000 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.secret" + }, + "e81fb515-1196-411c-818d-8f4d837ce000": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Repository", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 1 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "key": "github.state", + "negate": false, + "params": [ + "open" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "open" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 1000 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.secret" + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "hidden": false, + "isTransposed": false, + "width": 242.75 + }, + { + "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", + "isTransposed": false + }, + { + "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", + "isTransposed": false + }, + { + "columnId": "3b3eb320-881a-4786-bcb3-d2400e38a3d3", + "isTransposed": false + }, + { + "columnId": "4b29a17b-d4c4-4d29-a120-296f69b2875e", + "isTransposed": false + }, + { + "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", + "hidden": true, + "isTransposed": false + } + ], + "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 + }, + "rowHeight": "custom", + "rowHeightLines": 2 + } }, - "e81fb515-1196-411c-818d-8f4d837ce000": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Repository", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } + "title": "Found Secrets [GitHub Secret Scanning]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", - "key": "github.state", - "negate": false, - "params": [ - "open" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "open" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", - "hidden": false, - "isTransposed": false, - "width": 242.75 - }, - { - "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", - "isTransposed": false - }, - { - "columnId": "e81fb515-1196-411c-818d-8f4d837ce000", - "isTransposed": false - }, - { - "columnId": "3b3eb320-881a-4786-bcb3-d2400e38a3d3", - "isTransposed": false - }, - { - "columnId": "4b29a17b-d4c4-4d29-a120-296f69b2875e", - "isTransposed": false - }, - { - "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", - "hidden": true, - "isTransposed": false - } - ], - "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", - "layerType": "data", - "paging": { - "enabled": true, - "size": 10 + "gridData": { + "h": 15, + "i": "991aa388-e5d6-469b-911a-1cbcd1b84417", + "w": 48, + "x": 0, + "y": 55 }, - "rowHeight": "custom", - "rowHeightLines": 2 - } + "panelIndex": "991aa388-e5d6-469b-911a-1cbcd1b84417", + "type": "lens", + "version": "8.3.0" }, - "title": "Found Secrets [GitHub Secret Scanning]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "991aa388-e5d6-469b-911a-1cbcd1b84417", - "w": 48, - "x": 0, - "y": 55 - }, - "panelIndex": "991aa388-e5d6-469b-911a-1cbcd1b84417", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8908ff94-5bd3-4a76-b219-1ba7128998c6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2321cd3f-039b-44be-90a5-03028195d49e": { - "columnOrder": [ - "37a962c0-4797-484d-b2e6-00a280b3edc2", - "871b560f-f208-41a2-978b-b97664f99807" - ], - "columns": { - "37a962c0-4797-484d-b2e6-00a280b3edc2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "871b560f-f208-41a2-978b-b97664f99807", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "8908ff94-5bd3-4a76-b219-1ba7128998c6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2321cd3f-039b-44be-90a5-03028195d49e": { + "columnOrder": [ + "37a962c0-4797-484d-b2e6-00a280b3edc2", + "871b560f-f208-41a2-978b-b97664f99807" + ], + "columns": { + "37a962c0-4797-484d-b2e6-00a280b3edc2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "871b560f-f208-41a2-978b-b97664f99807", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.resolved_by.login" + }, + "871b560f-f208-41a2-978b-b97664f99807": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Fixed Secrets Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.resolved_by.login" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8908ff94-5bd3-4a76-b219-1ba7128998c6", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "871b560f-f208-41a2-978b-b97664f99807" + ], + "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "871b560f-f208-41a2-978b-b97664f99807": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Fixed Secrets Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8908ff94-5bd3-4a76-b219-1ba7128998c6", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "871b560f-f208-41a2-978b-b97664f99807" - ], - "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Top users resolving secrets [GitHub Secret Scanning]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 11, + "i": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", + "w": 15, + "x": 33, + "y": 70 }, - "valueLabels": "hide" - } + "panelIndex": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", + "type": "lens", + "version": "8.3.0" }, - "title": "Top users resolving secrets [GitHub Secret Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", - "w": 15, - "x": 33, - "y": 70 - }, - "panelIndex": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ebd4f001-671a-4772-a2c4-b07f94e34845": { - "columnOrder": [ - "fc40a758-e2ae-45db-88c1-439660cb7f66", - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "columns": { - "5caf7916-eab1-42d2-b591-41039ee8ed72": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ebd4f001-671a-4772-a2c4-b07f94e34845": { + "columnOrder": [ + "fc40a758-e2ae-45db-88c1-439660cb7f66", + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "columns": { + "5caf7916-eab1-42d2-b591-41039ee8ed72": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fc40a758-e2ae-45db-88c1-439660cb7f66": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "fc40a758-e2ae-45db-88c1-439660cb7f66": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.secret_scanning" + "title": "Events Timeline [GitHub Secret Scanning]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "enhancements": {} }, - "layers": [ - { - "accessors": [ - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 11, + "i": "36cee00b-70b3-4bb5-a4b3-2448061135f8", + "w": 33, + "x": 0, + "y": 70 }, - "valueLabels": "hide" - } - }, - "title": "Events Timeline [GitHub Secret Scanning]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "panelIndex": "36cee00b-70b3-4bb5-a4b3-2448061135f8", + "type": "lens", + "version": "8.3.0" + } + ], + "timeRestore": false, + "title": "[GitHub] Secret Scanning Alerts", + "version": 1 + }, + "coreMigrationVersion": "8.4.1", + "id": "github-591d69e0-17b6-11ed-809a-7b4be950fe9c", + "migrationVersion": { + "dashboard": "8.4.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:99882a8f-757f-4692-b7dd-56e561a7a5ac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:fac9d156-24f2-409d-9f1b-200dbd5a9b5a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_bcb03b9e-5278-4d66-a4da-762d41ec13cd:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:a27a9357-b353-46a3-9116-530f354b09b9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "277a4af7-61c6-40d9-80a6-2d73df097618:ef2a4614-151f-42d0-8707-257d009298ea", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:d4cc48c0-fb83-4b1d-9c91-369a087165c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:9c0d6963-bc22-4d2d-9028-20e603d307e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:dac33af7-8640-4326-8c95-afddf6194657", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "gridData": { - "h": 11, - "i": "36cee00b-70b3-4bb5-a4b3-2448061135f8", - "w": 33, - "x": 0, - "y": 70 + { + "id": "logs-*", + "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:e9f91f71-3727-4bf1-9d0a-2742347e223f", + "type": "index-pattern" }, - "panelIndex": "36cee00b-70b3-4bb5-a4b3-2448061135f8", - "type": "lens", - "version": "8.3.0" - } + { + "id": "logs-*", + "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:f34d1f77-a34c-4ac9-ab7a-6892d9505a80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:89debdad-d323-4640-918b-2c38d061e212", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7adc099-113f-4113-b592-24b5ceff484e:11287d36-4d96-447c-b336-56ae03fcbc16", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:25c2db0c-d286-407e-9c0b-55252a2ad165", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:8908ff94-5bd3-4a76-b219-1ba7128998c6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[GitHub] Secret Scanning Alerts", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:99882a8f-757f-4692-b7dd-56e561a7a5ac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:fac9d156-24f2-409d-9f1b-200dbd5a9b5a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_bcb03b9e-5278-4d66-a4da-762d41ec13cd:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:a27a9357-b353-46a3-9116-530f354b09b9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "277a4af7-61c6-40d9-80a6-2d73df097618:ef2a4614-151f-42d0-8707-257d009298ea", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:d7c9ae82-adc1-4169-a1ac-2fea90204f25", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:b2d41cbe-238c-4c90-994d-d8e8f1668a44", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:9c0d6963-bc22-4d2d-9028-20e603d307e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:dac33af7-8640-4326-8c95-afddf6194657", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:e9f91f71-3727-4bf1-9d0a-2742347e223f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:89debdad-d323-4640-918b-2c38d061e212", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7adc099-113f-4113-b592-24b5ceff484e:11287d36-4d96-447c-b336-56ae03fcbc16", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:25c2db0c-d286-407e-9c0b-55252a2ad165", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:acfd1c9a-be16-4275-ae7d-0ad42b060de0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:c26ebed6-b942-43ed-9f00-ccf3c5842f5f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:94bf6c5a-a948-40c1-95a7-52d11ef68bad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:8908ff94-5bd3-4a76-b219-1ba7128998c6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "8.4.0" - }, - "coreMigrationVersion": "8.4.1" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json b/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json index 135d96cb4e5..e3240769f3a 100644 --- a/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json +++ b/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json @@ -1,2517 +1,2512 @@ { - "id": "github-6197be80-220c-11ed-88c4-e3caca48250a", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:22:26.869Z", - "version": "WzY4NSwxXQ==", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\",\"enhancements\":{},\"selectedOptions\":[]}},\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\",\"enhancements\":{},\"selectedOptions\":[]}},\"91415c25-696a-4928-92e3-2c578e14c7a3\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"91415c25-696a-4928-92e3-2c578e14c7a3\",\"enhancements\":{}}},\"a1e7b5ed-b636-4db8-87e1-779863061f45\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"a1e7b5ed-b636-4db8-87e1-779863061f45\",\"enhancements\":{},\"selectedOptions\":[]}}}" - }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": "Dependabot", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": [ - "dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.action": "dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85aacdea-d37b-4e6a-ae32-81077ddccb60", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "85aacdea-d37b-4e6a-ae32-81077ddccb60", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } - }, - "title": "Total Alerts Created [GitHub Dependabot]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", - "w": 14, - "x": 0, - "y": 0 + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\",\"enhancements\":{},\"selectedOptions\":[]}},\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\",\"enhancements\":{},\"selectedOptions\":[]}},\"91415c25-696a-4928-92e3-2c578e14c7a3\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"91415c25-696a-4928-92e3-2c578e14c7a3\",\"enhancements\":{}}},\"a1e7b5ed-b636-4db8-87e1-779863061f45\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"a1e7b5ed-b636-4db8-87e1-779863061f45\",\"enhancements\":{},\"selectedOptions\":[]}}}" }, - "panelIndex": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Found/Fixed Ratio", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "count()/count(kql='github.state:dismissed')", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "github.state:dismissed" - }, - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" + "meta": { + "alias": "Dependabot", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": [ + "dependabot" + ], + "type": "phrases" }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "location": { - "max": 43, - "min": 0 - }, - "name": "divide", - "text": "count()/count(kql='github.state:dismissed')", - "type": "function" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.action": "dependabot" + } + } + ] } - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" - ], - "scale": "ratio" } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + ], + "query": { + "language": "kuery", + "query": "" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } - }, - "title": "Alerts Found/Fixed Ratio [GitHub Dependabot]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 8, - "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "w": 14, - "x": 14, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true }, - "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cbc5557e-f6b9-4140-90b2-3100f33083c4": { - "columnOrder": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc", - "4525c4ae-5f82-4b4d-9867-48e4aba462fd" - ], - "columns": { - "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Open vs Resolved", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "85aacdea-d37b-4e6a-ae32-81077ddccb60", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.state" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "85aacdea-d37b-4e6a-ae32-81077ddccb60", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } }, - "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + "title": "Total Alerts Created [GitHub Dependabot]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.54, - "groups": [ - "3ef214a7-820c-42e3-b2b0-5daa7566fedc" - ], - "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", - "layerType": "data", - "legendDisplay": "show", - "legendPosition": "right", - "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": true - } - ], - "palette": { - "name": "default", - "type": "palette" + "enhancements": {} }, - "shape": "donut" - } + "gridData": { + "h": 5, + "i": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", + "type": "lens", + "version": "8.3.0" }, - "title": "Open vs Resolved/Dismissed [GitHub Dependabot]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "w": 20, - "x": 28, - "y": 0 - }, - "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "type": "index-pattern" } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Found/Fixed Ratio", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } + }, + "formula": "count()/count(kql='github.state:dismissed')", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "github.state:dismissed" + }, + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "location": { + "max": 43, + "min": 0 + }, + "name": "divide", + "text": "count()/count(kql='github.state:dismissed')", + "type": "function" + } + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } + }, + "title": "Alerts Found/Fixed Ratio [GitHub Dependabot]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", - "key": "github.state", - "negate": false, - "params": [ - "open" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "open" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" + "gridData": { + "h": 8, + "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "w": 14, + "x": 14, + "y": 0 }, - "textAlign": "center" - } + "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Alerts Count [GitHub Dependabot]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "w": 14, - "x": 0, - "y": 5 - }, - "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cbc5557e-f6b9-4140-90b2-3100f33083c4": { + "columnOrder": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc", + "4525c4ae-5f82-4b4d-9867-48e4aba462fd" + ], + "columns": { + "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Open vs Resolved", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.state" + }, + "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.54, + "groups": [ + "3ef214a7-820c-42e3-b2b0-5daa7566fedc" + ], + "layerId": "cbc5557e-f6b9-4140-90b2-3100f33083c4", + "layerType": "data", + "legendDisplay": "show", + "legendPosition": "right", + "metric": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": true + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + "title": "Open vs Resolved/Dismissed [GitHub Dependabot]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" + "gridData": { + "h": 15, + "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "w": 20, + "x": 28, + "y": 0 }, - "textAlign": "center" - } + "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", + "type": "lens", + "version": "8.3.0" }, - "title": "Resolved/Dismissed Alerts Count [GitHub Dependabot]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 5, - "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "w": 14, - "x": 0, - "y": 10 - }, - "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "006ef10a-8064-4e48-8ff1-413c550d6204", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "e33d2853-5b3d-4be9-9312-2d8da64d9523" - ], - "columns": { - "e33d2853-5b3d-4be9-9312-2d8da64d9523": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Mean time to resolve an alert", - "operationType": "average", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "event.duration" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "key": "github.state", + "negate": false, + "params": [ + "open" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "open" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } + }, + "title": "Open Alerts Count [GitHub Dependabot]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "006ef10a-8064-4e48-8ff1-413c550d6204", - "key": "event.duration", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "event.duration" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "textAlign": "center" - } + "gridData": { + "h": 5, + "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "w": 14, + "x": 0, + "y": 5 + }, + "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", + "type": "lens", + "version": "8.3.0" }, - "title": "Mean Time to Resolution [GitHub Dependabot]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 7, - "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "w": 14, - "x": 14, - "y": 8 - }, - "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "title": "Mean Time To Resolution [GitHub Dependabot]", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d3e8e716-b6e8-4db6-8948-87e49827aebb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "type": "index-pattern" }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count by repository", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" + { + "id": "logs-*", + "name": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [ - "github.repository.name" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d3e8e716-b6e8-4db6-8948-87e49827aebb", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } + }, + "title": "Resolved/Dismissed Alerts Count [GitHub Dependabot]", + "visualizationType": "lnsMetric" }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 5, + "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "w": 14, + "x": 0, + "y": 10 }, - "valueLabels": "hide" - } + "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "type": "lens", + "version": "8.3.0" }, - "title": "Alerts count by owner and by repository [GitHub Dependabot]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "w": 25, - "x": 0, - "y": 15 - }, - "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top repositories contributing to alerts by owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "type": "index-pattern" }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "8cca4d83-a822-4b67-97cd-27649e1d7c68": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.repository.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "id": "logs-*", + "name": "006ef10a-8064-4e48-8ff1-413c550d6204", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "e33d2853-5b3d-4be9-9312-2d8da64d9523" + ], + "columns": { + "e33d2853-5b3d-4be9-9312-2d8da64d9523": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Mean time to resolve an alert", + "operationType": "average", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "event.duration" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "006ef10a-8064-4e48-8ff1-413c550d6204", + "key": "event.duration", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "event.duration" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" + "visualization": { + "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", + "colorMode": "None", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "textAlign": "center" + } }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "8cca4d83-a822-4b67-97cd-27649e1d7c68" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Mean Time to Resolution [GitHub Dependabot]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 7, + "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "w": 14, + "x": 14, + "y": 8 + }, + "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "title": "Mean Time To Resolution [GitHub Dependabot]", + "type": "lens", + "version": "8.3.0" }, - "title": "Aerts % by owner and by repository [GitHub Dependabot]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "w": 23, - "x": 25, - "y": 15 - }, - "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fc66a292-57a3-4510-b6f8-681eeb768e10", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "d3e8e716-b6e8-4db6-8948-87e49827aebb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count by repository", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "github.repository.name" + ], + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "fc66a292-57a3-4510-b6f8-681eeb768e10", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d3e8e716-b6e8-4db6-8948-87e49827aebb", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Alerts count by owner and by repository [GitHub Dependabot]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "yConfig": [ - { - "axisMode": "auto", - "color": "#b9a888", - "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false + "gridData": { + "h": 12, + "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "w": 25, + "x": 0, + "y": 15 }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "show" - } + "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", + "type": "lens", + "version": "8.3.0" }, - "title": "Alert Severity Count [GitHub Dependabot]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "9653b170-7606-461f-9ac4-bf58547f30db", - "w": 14, - "x": 0, - "y": 27 - }, - "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d7218e2e-18ae-4710-8364-1a4cbfee519c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "04d54e71-2f6e-462a-8858-74d8668335df": { - "columnOrder": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71", - "21ef31d9-60e5-4fe1-8767-950697790bab" - ], - "columns": { - "21ef31d9-60e5-4fe1-8767-950697790bab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "713d9fda-d630-485d-b2af-f6aa22ea7a71": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top repositories contributing to alerts by owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "8cca4d83-a822-4b67-97cd-27649e1d7c68": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.repository.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + }, + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d7218e2e-18ae-4710-8364-1a4cbfee519c", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "8cca4d83-a822-4b67-97cd-27649e1d7c68" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Aerts % by owner and by repository [GitHub Dependabot]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "713d9fda-d630-485d-b2af-f6aa22ea7a71" - ], - "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "default", - "type": "palette" + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "w": 23, + "x": 25, + "y": 15 }, - "shape": "donut" - } + "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", + "type": "lens", + "version": "8.3.0" }, - "title": "Alert Severity % [GitHub Dependabot]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "563a073c-7de0-4095-b0ac-127caed562f2", - "w": 11, - "x": 14, - "y": 27 - }, - "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1f3f8544-c39b-4384-985e-d45107d279fb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "631035e6-8678-47ee-9a8c-c6a87f6c1757": { - "columnOrder": [ - "00866684-5176-499e-9517-eff9e9102155", - "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "columns": { - "00866684-5176-499e-9517-eff9e9102155": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of github.severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "fc66a292-57a3-4510-b6f8-681eeb768e10", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.severity" - }, - "257a7d8d-1315-4775-97d9-e679c0f3aa79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": false, - "interval": "d" - }, - "scale": "interval", - "sourceField": "@timestamp" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "fc66a292-57a3-4510-b6f8-681eeb768e10", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "yConfig": [ + { + "axisMode": "auto", + "color": "#b9a888", + "forAccessor": "21ef31d9-60e5-4fe1-8767-950697790bab" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "show" + } }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1f3f8544-c39b-4384-985e-d45107d279fb", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + "title": "Alert Severity Count [GitHub Dependabot]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e1d8072b-7268-444a-864e-ef1117b17b65" - ], - "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", - "layerType": "data", - "seriesType": "bar", - "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", - "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", - "yConfig": [ - { - "color": "#6dc9cd", - "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right" + "gridData": { + "h": 13, + "i": "9653b170-7606-461f-9ac4-bf58547f30db", + "w": 14, + "x": 0, + "y": 27 }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", + "type": "lens", + "version": "8.3.0" }, - "title": "Daily Alerts Count by Severity [GitHub Dependabot]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "w": 23, - "x": 25, - "y": 27 - }, - "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17dc082e-1cb5-4483-901a-9c220d911bac": { - "columnOrder": [ - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "columns": { - "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top files responsible for alerts", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "d7218e2e-18ae-4710-8364-1a4cbfee519c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04d54e71-2f6e-462a-8858-74d8668335df": { + "columnOrder": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71", + "21ef31d9-60e5-4fe1-8767-950697790bab" + ], + "columns": { + "21ef31d9-60e5-4fe1-8767-950697790bab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "713d9fda-d630-485d-b2af-f6aa22ea7a71": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21ef31d9-60e5-4fe1-8767-950697790bab", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d7218e2e-18ae-4710-8364-1a4cbfee519c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.dependabot.vulnerable_manifest_path" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "713d9fda-d630-485d-b2af-f6aa22ea7a71" + ], + "layerId": "04d54e71-2f6e-462a-8858-74d8668335df", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "metric": "21ef31d9-60e5-4fe1-8767-950697790bab", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } }, - "b907d8f2-1395-4737-a7db-25bd080be94d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alert Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + "title": "Alert Severity % [GitHub Dependabot]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "b907d8f2-1395-4737-a7db-25bd080be94d" - ], - "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" - } - ], - "legend": { - "isInside": false, - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "563a073c-7de0-4095-b0ac-127caed562f2", + "w": 11, + "x": 14, + "y": 27 }, - "valueLabels": "hide" - } + "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", + "type": "lens", + "version": "8.3.0" }, - "title": "Top files [GitHub Dependabot]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "41578b87-d820-42df-92d5-69af2643d793", - "w": 36, - "x": 0, - "y": 40 - }, - "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2321cd3f-039b-44be-90a5-03028195d49e": { - "columnOrder": [ - "37a962c0-4797-484d-b2e6-00a280b3edc2", - "871b560f-f208-41a2-978b-b97664f99807" - ], - "columns": { - "37a962c0-4797-484d-b2e6-00a280b3edc2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "871b560f-f208-41a2-978b-b97664f99807", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "1f3f8544-c39b-4384-985e-d45107d279fb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "631035e6-8678-47ee-9a8c-c6a87f6c1757": { + "columnOrder": [ + "00866684-5176-499e-9517-eff9e9102155", + "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "columns": { + "00866684-5176-499e-9517-eff9e9102155": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of github.severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1d8072b-7268-444a-864e-ef1117b17b65", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.severity" + }, + "257a7d8d-1315-4775-97d9-e679c0f3aa79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "d" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.dependabot.dismisser.login" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1f3f8544-c39b-4384-985e-d45107d279fb", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e1d8072b-7268-444a-864e-ef1117b17b65" + ], + "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", + "layerType": "data", + "seriesType": "bar", + "splitAccessor": "00866684-5176-499e-9517-eff9e9102155", + "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", + "yConfig": [ + { + "color": "#6dc9cd", + "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "871b560f-f208-41a2-978b-b97664f99807": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + "title": "Daily Alerts Count by Severity [GitHub Dependabot]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 13, + "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "w": 23, + "x": 25, + "y": 27 }, - "layers": [ - { - "accessors": [ - "871b560f-f208-41a2-978b-b97664f99807" - ], - "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17dc082e-1cb5-4483-901a-9c220d911bac": { + "columnOrder": [ + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5", + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "columns": { + "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top files responsible for alerts", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b907d8f2-1395-4737-a7db-25bd080be94d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.dependabot.vulnerable_manifest_path" + }, + "b907d8f2-1395-4737-a7db-25bd080be94d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alert Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "b907d8f2-1395-4737-a7db-25bd080be94d" + ], + "layerId": "17dc082e-1cb5-4483-901a-9c220d911bac", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5" + } + ], + "legend": { + "isInside": false, + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Top files [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "41578b87-d820-42df-92d5-69af2643d793", + "w": 36, + "x": 0, + "y": 40 }, - "valueLabels": "hide" - } + "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", + "type": "lens", + "version": "8.3.0" }, - "title": "Top users dismissing alerts [GitHub Dependabot]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "w": 12, - "x": 36, - "y": 40 - }, - "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "349014a7-1097-4c4b-9805-13b39d46d0bd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ebd4f001-671a-4772-a2c4-b07f94e34845": { - "columnOrder": [ - "fc40a758-e2ae-45db-88c1-439660cb7f66", - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "columns": { - "5caf7916-eab1-42d2-b591-41039ee8ed72": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2321cd3f-039b-44be-90a5-03028195d49e": { + "columnOrder": [ + "37a962c0-4797-484d-b2e6-00a280b3edc2", + "871b560f-f208-41a2-978b-b97664f99807" + ], + "columns": { + "37a962c0-4797-484d-b2e6-00a280b3edc2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "871b560f-f208-41a2-978b-b97664f99807", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.dependabot.dismisser.login" + }, + "871b560f-f208-41a2-978b-b97664f99807": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "871b560f-f208-41a2-978b-b97664f99807" + ], + "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "fc40a758-e2ae-45db-88c1-439660cb7f66": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "349014a7-1097-4c4b-9805-13b39d46d0bd", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.dependabot" + "title": "Top users dismissing alerts [GitHub Dependabot]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "w": 12, + "x": 36, + "y": 40 }, - "layers": [ - { - "accessors": [ - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "349014a7-1097-4c4b-9805-13b39d46d0bd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ebd4f001-671a-4772-a2c4-b07f94e34845": { + "columnOrder": [ + "fc40a758-e2ae-45db-88c1-439660cb7f66", + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "columns": { + "5caf7916-eab1-42d2-b591-41039ee8ed72": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fc40a758-e2ae-45db-88c1-439660cb7f66": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "349014a7-1097-4c4b-9805-13b39d46d0bd", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "5caf7916-eab1-42d2-b591-41039ee8ed72" + ], + "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Events Timeline [GitHub Dependabot]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "12673c47-9148-47a4-a8ab-07a7f06304c7", + "w": 48, + "x": 0, + "y": 55 }, - "valueLabels": "hide" - } - }, - "title": "Events Timeline [GitHub Dependabot]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + "panelIndex": "12673c47-9148-47a4-a8ab-07a7f06304c7", + "type": "lens", + "version": "8.3.0" + } + ], + "timeRestore": false, + "title": "[GitHub] Dependabot Alerts", + "version": 1 + }, + "coreMigrationVersion": "8.4.1", + "id": "github-6197be80-220c-11ed-88c4-e3caca48250a", + "migrationVersion": { + "dashboard": "8.4.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:960abe90-416f-4075-aaef-2cc0a3af1707", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:17e2088a-3bc2-4868-bc76-7cf83644301c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:ba32e691-eaea-469b-8dd5-3aeb2fbc2cd7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:dd40a269-9585-4d63-ad58-7a70f2bf3cfc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:0922f2e7-6ee9-45a2-baa6-42dde24c181d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:6ff40899-6691-449c-afa9-e266b9f272f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:351f20af-163e-47d3-831f-f02b469287b3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:a9c37a5a-574a-411d-9420-2e53045288f3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_2132f9ab-9cce-423a-beed-e02e6d4d5ed9:optionsListDataView", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "12673c47-9148-47a4-a8ab-07a7f06304c7", - "w": 48, - "x": 0, - "y": 55 + { + "id": "logs-*", + "name": "controlGroup_2f1b6c0b-96fc-479a-b7ef-145c84df585e:optionsListDataView", + "type": "index-pattern" }, - "panelIndex": "12673c47-9148-47a4-a8ab-07a7f06304c7", - "type": "lens", - "version": "8.3.0" - } + { + "id": "logs-*", + "name": "controlGroup_91415c25-696a-4928-92e3-2c578e14c7a3:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_a1e7b5ed-b636-4db8-87e1-779863061f45:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:85aacdea-d37b-4e6a-ae32-81077ddccb60", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:006ef10a-8064-4e48-8ff1-413c550d6204", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:d3e8e716-b6e8-4db6-8948-87e49827aebb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:fc66a292-57a3-4510-b6f8-681eeb768e10", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:d7218e2e-18ae-4710-8364-1a4cbfee519c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:1f3f8544-c39b-4384-985e-d45107d279fb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:349014a7-1097-4c4b-9805-13b39d46d0bd", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[GitHub] Dependabot Alerts", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:960abe90-416f-4075-aaef-2cc0a3af1707", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:17e2088a-3bc2-4868-bc76-7cf83644301c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:ba32e691-eaea-469b-8dd5-3aeb2fbc2cd7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:dd40a269-9585-4d63-ad58-7a70f2bf3cfc", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:0922f2e7-6ee9-45a2-baa6-42dde24c181d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:6ff40899-6691-449c-afa9-e266b9f272f6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:351f20af-163e-47d3-831f-f02b469287b3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:a9c37a5a-574a-411d-9420-2e53045288f3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_2132f9ab-9cce-423a-beed-e02e6d4d5ed9:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_2f1b6c0b-96fc-479a-b7ef-145c84df585e:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_91415c25-696a-4928-92e3-2c578e14c7a3:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_a1e7b5ed-b636-4db8-87e1-779863061f45:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:85aacdea-d37b-4e6a-ae32-81077ddccb60", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:a849fd8c-6f48-4f51-9f6f-ab6e7862171c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:bbb4d277-741b-49c1-bc79-77a6ee15e94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:7196f033-fe4d-41cb-b3c7-4c45300d6a68", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:8977fa6e-37e6-4a2b-a032-d181646ef8cf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:006ef10a-8064-4e48-8ff1-413c550d6204", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:d3e8e716-b6e8-4db6-8948-87e49827aebb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:badbb3b4-d90f-44b5-bf22-2e47716a3e09", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:fc66a292-57a3-4510-b6f8-681eeb768e10", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:d7218e2e-18ae-4710-8364-1a4cbfee519c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:1f3f8544-c39b-4384-985e-d45107d279fb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:09303186-e13c-4afb-b6f1-bf3eeb7d1423", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:2074f8e1-7a11-4232-9ac4-09bfe773beb8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:349014a7-1097-4c4b-9805-13b39d46d0bd", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "8.4.0" - }, - "coreMigrationVersion": "8.4.1" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json b/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json index fb98eff47b5..d41423c1065 100644 --- a/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json +++ b/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json @@ -1,1914 +1,1909 @@ { - "id": "github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:22:26.869Z", - "version": "WzY4NiwxXQ==", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/ Organization\",\"id\":\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\",\"enhancements\":{},\"selectedOptions\":[]}},\"05d7ed66-221a-437a-9e07-5094ce9d57e0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"05d7ed66-221a-437a-9e07-5094ce9d57e0\",\"enhancements\":{}}},\"b1a338bb-89af-425e-91eb-1c8a32641422\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"b1a338bb-89af-425e-91eb-1c8a32641422\",\"selectedOptions\":[],\"enhancements\":{}}},\"5c430006-8043-4e34-96dd-34b596dcba61\":{\"order\":4,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"5c430006-8043-4e34-96dd-34b596dcba61\",\"enhancements\":{},\"selectedOptions\":[]}},\"81297eab-88c0-477b-8132-39cbb430b6c7\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Alert Type\",\"id\":\"81297eab-88c0-477b-8132-39cbb430b6c7\",\"selectedOptions\":[],\"enhancements\":{}}}}" - }, - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncTooltips": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "efd3c729-3f58-4e1f-b05f-4178051021ee", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f8b858f-a1ee-4d69-a100-d59282acd94d": { - "columnOrder": [ - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" - ], - "columns": { - "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "efd3c729-3f58-4e1f-b05f-4178051021ee", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/ Organization\",\"id\":\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\",\"enhancements\":{},\"selectedOptions\":[]}},\"05d7ed66-221a-437a-9e07-5094ce9d57e0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"05d7ed66-221a-437a-9e07-5094ce9d57e0\",\"enhancements\":{}}},\"b1a338bb-89af-425e-91eb-1c8a32641422\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"b1a338bb-89af-425e-91eb-1c8a32641422\",\"selectedOptions\":[],\"enhancements\":{}}},\"5c430006-8043-4e34-96dd-34b596dcba61\":{\"order\":4,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"5c430006-8043-4e34-96dd-34b596dcba61\",\"enhancements\":{},\"selectedOptions\":[]}},\"81297eab-88c0-477b-8132-39cbb430b6c7\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Alert Type\",\"id\":\"81297eab-88c0-477b-8132-39cbb430b6c7\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", - "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", - "layerType": "data", - "textAlign": "center", - "titlePosition": "top" - } - }, - "title": "Total Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 5, - "i": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", - "w": 14, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncTooltips": false, + "useMargins": true }, - "panelIndex": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "68c402d4-a28c-4161-9f6c-663cd4930df6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e125b149-a8ea-47b7-914c-508a7972c074": { - "columnOrder": [ - "25824925-c28e-4f16-b354-5e6e25ecea6a", - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "columns": { - "25824925-c28e-4f16-b354-5e6e25ecea6a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "filters", - "params": { + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efd3c729-3f58-4e1f-b05f-4178051021ee", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f8b858f-a1ee-4d69-a100-d59282acd94d": { + "columnOrder": [ + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" + ], + "columns": { + "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, "filters": [ - { - "input": { - "language": "kuery", - "query": "github.severity : \"critical\" " - }, - "label": "Critical" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"high\" " - }, - "label": "High" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"medium\" " - }, - "label": "Medium" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"low\"" - }, - "label": "Low" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"undefined\" " - }, - "label": "Undefined" - } - ] - }, - "scale": "ordinal" - }, - "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "68c402d4-a28c-4161-9f6c-663cd4930df6", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "efd3c729-3f58-4e1f-b05f-4178051021ee", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", + "layerType": "data", + "textAlign": "center", + "titlePosition": "top" + } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "25824925-c28e-4f16-b354-5e6e25ecea6a", - "yConfig": [ - { - "color": "#ca8eae", - "forAccessor": "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Total Alerts Count [GitHub Advanced Security]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 5, + "i": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", + "w": 14, + "x": 0, + "y": 0 }, - "valueLabels": "hide" - } + "panelIndex": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Alerts Count by Severity [GitHub Advanced Security]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "84209174-8b73-47ed-9324-45e7713370d0", - "w": 16, - "x": 14, - "y": 0 - }, - "panelIndex": "84209174-8b73-47ed-9324-45e7713370d0", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "408457e7-219e-4fb4-9352-7dc82c8d514c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e125b149-a8ea-47b7-914c-508a7972c074": { - "columnOrder": [ - "25824925-c28e-4f16-b354-5e6e25ecea6a", - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "columns": { - "25824925-c28e-4f16-b354-5e6e25ecea6a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "filters", - "params": { + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "68c402d4-a28c-4161-9f6c-663cd4930df6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e125b149-a8ea-47b7-914c-508a7972c074": { + "columnOrder": [ + "25824925-c28e-4f16-b354-5e6e25ecea6a", + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "columns": { + "25824925-c28e-4f16-b354-5e6e25ecea6a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "github.severity : \"critical\" " + }, + "label": "Critical" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"high\" " + }, + "label": "High" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"medium\" " + }, + "label": "Medium" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"low\"" + }, + "label": "Low" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"undefined\" " + }, + "label": "Undefined" + } + ] + }, + "scale": "ordinal" + }, + "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, "filters": [ - { - "input": { - "language": "kuery", - "query": "github.severity : \"critical\" " + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "68c402d4-a28c-4161-9f6c-663cd4930df6", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "label": "Critical" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"high\" " + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "label": "High" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"medium\" " + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "label": "Medium" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"low\"" + "layers": [ + { + "accessors": [ + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "25824925-c28e-4f16-b354-5e6e25ecea6a", + "yConfig": [ + { + "color": "#ca8eae", + "forAccessor": "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "label": "Low" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"undefined\" " + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "label": "Undefined" - } - ] - }, - "scale": "ordinal" - }, - "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "408457e7-219e-4fb4-9352-7dc82c8d514c", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "valueLabels": "hide" + } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "25824925-c28e-4f16-b354-5e6e25ecea6a" - ], - "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", - "layerType": "data", - "legendDisplay": "show", - "metric": "aaa67d72-aba4-4af4-a4f5-66e37fffed84", - "nestedLegend": false, - "numberDisplay": "percent", - "percentDecimals": 1 - } - ], - "palette": { - "name": "default", - "type": "palette" + "title": "Open Alerts Count by Severity [GitHub Advanced Security]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "84209174-8b73-47ed-9324-45e7713370d0", + "w": 16, + "x": 14, + "y": 0 }, - "shape": "donut" - } + "panelIndex": "84209174-8b73-47ed-9324-45e7713370d0", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Alerts % by Severity [GitHub Advanced Security]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", - "w": 18, - "x": 30, - "y": 0 - }, - "panelIndex": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ab223632-68bc-4417-a2d3-0c3cd145a537", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8676bd1a-86f1-4fac-ab02-6c382be33410", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open Alerts", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "408457e7-219e-4fb4-9352-7dc82c8d514c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e125b149-a8ea-47b7-914c-508a7972c074": { + "columnOrder": [ + "25824925-c28e-4f16-b354-5e6e25ecea6a", + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "columns": { + "25824925-c28e-4f16-b354-5e6e25ecea6a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "github.severity : \"critical\" " + }, + "label": "Critical" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"high\" " + }, + "label": "High" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"medium\" " + }, + "label": "Medium" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"low\"" + }, + "label": "Low" + }, + { + "input": { + "language": "kuery", + "query": "github.severity : \"undefined\" " + }, + "label": "Undefined" + } + ] + }, + "scale": "ordinal" + }, + "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "408457e7-219e-4fb4-9352-7dc82c8d514c", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "25824925-c28e-4f16-b354-5e6e25ecea6a" + ], + "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", + "layerType": "data", + "legendDisplay": "show", + "metric": "aaa67d72-aba4-4af4-a4f5-66e37fffed84", + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 1 + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" } - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ab223632-68bc-4417-a2d3-0c3cd145a537", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + "title": "Open Alerts % by Severity [GitHub Advanced Security]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8676bd1a-86f1-4fac-ab02-6c382be33410", - "key": "github.state", - "negate": false, - "params": [ - "open" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "open" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" + "gridData": { + "h": 15, + "i": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", + "w": 18, + "x": 30, + "y": 0 }, - "textAlign": "center" - } + "panelIndex": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "c5e57455-3945-4457-973f-7b6a1e5579d8", - "w": 14, - "x": 0, - "y": 5 - }, - "panelIndex": "c5e57455-3945-4457-973f-7b6a1e5579d8", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "45e7ae11-a8b3-4f60-a280-de442326d1ec", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0753d483-b32c-441f-87dc-bb862221e11c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { - "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "45e7ae11-a8b3-4f60-a280-de442326d1ec", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + { + "id": "logs-*", + "name": "ab223632-68bc-4417-a2d3-0c3cd145a537", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8676bd1a-86f1-4fac-ab02-6c382be33410", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open Alerts", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ab223632-68bc-4417-a2d3-0c3cd145a537", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8676bd1a-86f1-4fac-ab02-6c382be33410", + "key": "github.state", + "negate": false, + "params": [ + "open" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "open" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 1 + }, + { + "color": "#cc5642", + "stop": 1000 + } + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1 + }, + { + "color": "#d6bf57", + "stop": 1000 + }, + { + "color": "#cc5642", + "stop": 1001 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } + "title": "Open Alerts Count [GitHub Advanced Security]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "0753d483-b32c-441f-87dc-bb862221e11c", - "key": "github.state", - "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" + "gridData": { + "h": 5, + "i": "c5e57455-3945-4457-973f-7b6a1e5579d8", + "w": 14, + "x": 0, + "y": 5 }, - "textAlign": "center" - } + "panelIndex": "c5e57455-3945-4457-973f-7b6a1e5579d8", + "type": "lens", + "version": "8.3.0" }, - "title": "Resolved/Dismissed Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "c15d5d40-d18a-4960-8b6d-d47da3611f99", - "w": 14, - "x": 0, - "y": 10 - }, - "panelIndex": "c15d5d40-d18a-4960-8b6d-d47da3611f99", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3e44335-794f-455e-9e40-c22201daaa1c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { - "columnOrder": [ - "1e393f28-24a9-40af-830b-654785bf6236", - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "columns": { - "1e393f28-24a9-40af-830b-654785bf6236": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "45e7ae11-a8b3-4f60-a280-de442326d1ec", + "type": "index-pattern" }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts count by repository", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" - ], - "scale": "ratio" - }, - "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Alerts count by repository", - "operationType": "count", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of github.repository.owner.login + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" + { + "id": "logs-*", + "name": "0753d483-b32c-441f-87dc-bb862221e11c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { + "columnOrder": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "columns": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "secondaryFields": [ - "github.repository.name" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "45e7ae11-a8b3-4f60-a280-de442326d1ec", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "0753d483-b32c-441f-87dc-bb862221e11c", + "key": "github.state", + "negate": false, + "params": [ + "dismissed", + "resolved" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "github.state": "dismissed" + } + }, + { + "match_phrase": { + "github.state": "resolved" + } + } + ] + } + } + } ], - "size": 50 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "colorMode": "Labels", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "palette": { + "name": "positive", + "params": { + "continuity": "above", + "maxSteps": 5, + "name": "positive", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#bbdad3", + "stop": 0 + }, + { + "color": "#77b6a8", + "stop": 8 + }, + { + "color": "#209280", + "stop": 16 + } + ] + }, + "type": "palette" + }, + "textAlign": "center" + } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a3e44335-794f-455e-9e40-c22201daaa1c", - "key": "github.state", - "negate": false, - "params": { - "query": "open" + "title": "Resolved/Dismissed Alerts Count [GitHub Advanced Security]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 5, + "i": "c15d5d40-d18a-4960-8b6d-d47da3611f99", + "w": 14, + "x": 0, + "y": 10 }, - "layers": [ - { - "accessors": [ - "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" - ], - "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" + "panelIndex": "c15d5d40-d18a-4960-8b6d-d47da3611f99", + "type": "lens", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3e44335-794f-455e-9e40-c22201daaa1c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2592c6ef-cf07-4080-b4fe-014cc142e3c8": { + "columnOrder": [ + "1e393f28-24a9-40af-830b-654785bf6236", + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c", + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "columns": { + "1e393f28-24a9-40af-830b-654785bf6236": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts count by repository", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0" + ], + "scale": "ratio" + }, + "2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Alerts count by repository", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of github.repository.owner.login + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "github.repository.name" + ], + "size": 50 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a3e44335-794f-455e-9e40-c22201daaa1c", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e911c1d-57e0-4dab-b9f2-3e8660f1527c" + ], + "layerId": "2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "bar", + "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", + "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" + } + ], + "legend": { + "isVisible": true, + "maxLines": 5, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Open Alerts count by owner and by repository [GitHub Advanced Security]", + "visualizationType": "lnsXY" }, - "seriesType": "bar", - "splitAccessor": "727c7778-d3ac-48b4-a1e9-fd2308ad7bf2", - "xAccessor": "1e393f28-24a9-40af-830b-654785bf6236" - } - ], - "legend": { - "isVisible": true, - "maxLines": 5, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true + "enhancements": {} }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", + "w": 24, + "x": 0, + "y": 15 }, - "valueLabels": "hide" - } + "panelIndex": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Alerts count by owner and by repository [GitHub Advanced Security]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "e0343042-35ac-4a43-9fe5-639da6a8ee6e", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Owner", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", + "type": "index-pattern" }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.owner.login" - }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "e0343042-35ac-4a43-9fe5-639da6a8ee6e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Repository", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "type": "column" + { + "id": "logs-*", + "name": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "e0343042-35ac-4a43-9fe5-639da6a8ee6e", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Owner", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.owner.login" + }, + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "e0343042-35ac-4a43-9fe5-639da6a8ee6e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Repository", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.repository.name" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.repository.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "e0343042-35ac-4a43-9fe5-639da6a8ee6e" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "default", + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", - "key": "github.state", - "negate": false, - "params": { - "query": "open" + "title": "Open Alerts % by owner and by repository [GitHub Advanced Security]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "e0343042-35ac-4a43-9fe5-639da6a8ee6e" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "default", - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Alerts % by owner and by repository [GitHub Advanced Security]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bbb675c9-c535-483e-9337-69a2a81eb2da", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "288f00c3-3a7a-4b8a-bb49-75818491a337", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a1e90df6-e435-44e9-b298-d77ce349f33b": { - "columnOrder": [ - "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", - "155686d5-4e87-48a3-b7d2-540deed5a270" - ], - "columns": { - "155686d5-4e87-48a3-b7d2-540deed5a270": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Alert Type", - "operationType": "filters", - "params": { + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bbb675c9-c535-483e-9337-69a2a81eb2da", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "288f00c3-3a7a-4b8a-bb49-75818491a337", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a1e90df6-e435-44e9-b298-d77ce349f33b": { + "columnOrder": [ + "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", + "155686d5-4e87-48a3-b7d2-540deed5a270" + ], + "columns": { + "155686d5-4e87-48a3-b7d2-540deed5a270": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Alert Type", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.code_scanning\" " + }, + "label": "Code Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.secret_scanning\" " + }, + "label": "Secret Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.dependabot\" " + }, + "label": "Dependabot" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, "filters": [ - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.code_scanning\" " + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "bbb675c9-c535-483e-9337-69a2a81eb2da", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "label": "Code Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.secret_scanning\" " - }, - "label": "Secret Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.dependabot\" " + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "288f00c3-3a7a-4b8a-bb49-75818491a337", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "155686d5-4e87-48a3-b7d2-540deed5a270" + ], + "layerId": "a1e90df6-e435-44e9-b298-d77ce349f33b", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", + "yConfig": [ + { + "color": "#e9b78b", + "forAccessor": "155686d5-4e87-48a3-b7d2-540deed5a270" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "label": "Dependabot" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "bbb675c9-c535-483e-9337-69a2a81eb2da", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "288f00c3-3a7a-4b8a-bb49-75818491a337", - "key": "github.state", - "negate": false, - "params": { - "query": "open" + "title": "Open Alerts by Type [GitHub Advanced Security]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "155686d5-4e87-48a3-b7d2-540deed5a270" - ], - "layerId": "a1e90df6-e435-44e9-b298-d77ce349f33b", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "2d80e2e5-e516-4746-9f9a-113f2c4ef2cb", - "yConfig": [ - { - "color": "#e9b78b", - "forAccessor": "155686d5-4e87-48a3-b7d2-540deed5a270" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "54ab8e3f-ba53-4cf0-8769-745688302f45", + "w": 24, + "x": 0, + "y": 30 }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide" - } + "panelIndex": "54ab8e3f-ba53-4cf0-8769-745688302f45", + "type": "lens", + "version": "8.3.0" }, - "title": "Open Alerts by Type [GitHub Advanced Security]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "54ab8e3f-ba53-4cf0-8769-745688302f45", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "54ab8e3f-ba53-4cf0-8769-745688302f45", - "type": "lens", - "version": "8.3.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "34b1f197-92c5-4838-ae73-3ba9e9260015", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91e1a389-34e8-4332-9dbb-bd883d71dd85": { - "columnOrder": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" - ], - "columns": { - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "34b1f197-92c5-4838-ae73-3ba9e9260015", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91e1a389-34e8-4332-9dbb-bd883d71dd85": { + "columnOrder": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f", + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5" + ], + "columns": { + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.code_scanning\" " + }, + "label": "Code Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.secret_scanning\" " + }, + "label": "Secret Scanning" + }, + { + "input": { + "language": "kuery", + "query": "data_stream.dataset : \"github.dependabot\" " + }, + "label": "Dependabot" + } + ] + }, + "scale": "ordinal" + }, + "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, "filters": [ - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.code_scanning\" " - }, - "label": "Code Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.secret_scanning\" " - }, - "label": "Secret Scanning" - }, - { - "input": { - "language": "kuery", - "query": "data_stream.dataset : \"github.dependabot\" " + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "34b1f197-92c5-4838-ae73-3ba9e9260015", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning", + "github.dependabot" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] + } + } }, - "label": "Dependabot" - } - ] - }, - "scale": "ordinal" - }, - "c53bee8d-06ca-4728-b6bc-2761d77a9ef5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "34b1f197-92c5-4838-ae73-3ba9e9260015", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "key": "github.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.state": "open" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "emptySizeRatio": 0.3, + "groups": [ + "894fb0b1-f0bd-4dbe-885b-0b41c339e84f" + ], + "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 5, + "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 1 + } + ], + "shape": "donut" + } }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", - "key": "github.state", - "negate": false, - "params": { - "query": "open" + "title": "Open Alerts % by Type [GitHub Advanced Security]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "github.state": "open" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "emptySizeRatio": 0.3, - "groups": [ - "894fb0b1-f0bd-4dbe-885b-0b41c339e84f" - ], - "layerId": "91e1a389-34e8-4332-9dbb-bd883d71dd85", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 5, - "metric": "c53bee8d-06ca-4728-b6bc-2761d77a9ef5", - "nestedLegend": false, - "numberDisplay": "percent", - "percentDecimals": 1 - } - ], - "shape": "donut" - } - }, - "title": "Open Alerts % by Type [GitHub Advanced Security]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", + "type": "lens", + "version": "8.3.0" + } + ], + "timeRestore": false, + "title": "[GitHub] Advanced Security Overview", + "version": 1 + }, + "coreMigrationVersion": "8.4.1", + "id": "github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c", + "migrationVersion": { + "dashboard": "8.4.0" + }, + "references": [ + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:7593b627-5a3f-46a0-a8f9-33e6b6acc9a5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:3aea78d1-4e8f-47cb-a54b-11acf0506c06", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_b1a338bb-89af-425e-91eb-1c8a32641422:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_5c430006-8043-4e34-96dd-34b596dcba61:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", - "w": 24, - "x": 24, - "y": 30 + { + "id": "logs-*", + "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "type": "index-pattern" }, - "panelIndex": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", - "type": "lens", - "version": "8.3.0" - } + { + "id": "logs-*", + "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:efd3c729-3f58-4e1f-b05f-4178051021ee", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84209174-8b73-47ed-9324-45e7713370d0:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84209174-8b73-47ed-9324-45e7713370d0:68c402d4-a28c-4161-9f6c-663cd4930df6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:408457e7-219e-4fb4-9352-7dc82c8d514c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:ab223632-68bc-4417-a2d3-0c3cd145a537", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:8676bd1a-86f1-4fac-ab02-6c382be33410", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:45e7ae11-a8b3-4f60-a280-de442326d1ec", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:0753d483-b32c-441f-87dc-bb862221e11c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:656c4d05-b350-45a5-aa87-f83fbdbf2f26", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:a3e44335-794f-455e-9e40-c22201daaa1c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:e8ef33ad-82e2-4282-ae42-1ee5b478bde8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:bbb675c9-c535-483e-9337-69a2a81eb2da", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:288f00c3-3a7a-4b8a-bb49-75818491a337", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:34b1f197-92c5-4838-ae73-3ba9e9260015", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[GitHub] Advanced Security Overview", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:7593b627-5a3f-46a0-a8f9-33e6b6acc9a5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:3aea78d1-4e8f-47cb-a54b-11acf0506c06", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_b1a338bb-89af-425e-91eb-1c8a32641422:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_5c430006-8043-4e34-96dd-34b596dcba61:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:efd3c729-3f58-4e1f-b05f-4178051021ee", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "84209174-8b73-47ed-9324-45e7713370d0:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "84209174-8b73-47ed-9324-45e7713370d0:68c402d4-a28c-4161-9f6c-663cd4930df6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:408457e7-219e-4fb4-9352-7dc82c8d514c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:ab223632-68bc-4417-a2d3-0c3cd145a537", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:8676bd1a-86f1-4fac-ab02-6c382be33410", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:45e7ae11-a8b3-4f60-a280-de442326d1ec", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:0753d483-b32c-441f-87dc-bb862221e11c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:a3e44335-794f-455e-9e40-c22201daaa1c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:69dd980b-29ae-4a8c-b2e9-f4566786f5d3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:bbb675c9-c535-483e-9337-69a2a81eb2da", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:288f00c3-3a7a-4b8a-bb49-75818491a337", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:34b1f197-92c5-4838-ae73-3ba9e9260015", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "8.4.0" - }, - "coreMigrationVersion": "8.4.1" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json b/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json index cc605803e22..eee16a0936f 100644 --- a/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json +++ b/packages/github/kibana/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0.json @@ -1,480 +1,480 @@ { - "id": "github-8bfd8310-205c-11ec-8b10-11a4c5e322a0", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:22:26.869Z", - "version": "WzY4NywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 7, - "i": "af01806a-78b1-4068-8d69-fa2ca952f365", - "w": 48, - "x": 0, - "y": 0 + "id": "github-8bfd8310-205c-11ec-8b10-11a4c5e322a0", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-06T09:28:45.116Z", + "version": "WzM3NzQsMV0=", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "panelIndex": "af01806a-78b1-4068-8d69-fa2ca952f365", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Controls Audit [GitHub]", - "description": "", - "uiState": {}, - "params": { - "controls": [ - { - "fieldName": "github.org", - "id": "1632831213212", - "indexPatternRefName": "control_0_index_pattern", - "label": "Organization", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "github.repo", - "id": "1632831234336", - "indexPatternRefName": "control_1_index_pattern", - "label": "Repository", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.name", - "id": "1632872599896", - "indexPatternRefName": "control_2_index_pattern", - "label": "Actor", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.target.name", - "id": "1632872564349", - "indexPatternRefName": "control_3_index_pattern", - "label": "Users", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 7, + "i": "af01806a-78b1-4068-8d69-fa2ca952f365", + "w": 48, + "x": 0, + "y": 0 }, - { - "fieldName": "event.action", - "id": "1632874177516", - "indexPatternRefName": "control_4_index_pattern", - "label": "Action", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" + "panelIndex": "af01806a-78b1-4068-8d69-fa2ca952f365", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Controls Audit [GitHub]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "github.org", + "id": "1632831213212", + "indexPatternRefName": "control_0_index_pattern", + "label": "Organization", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "github.repo", + "id": "1632831234336", + "indexPatternRefName": "control_1_index_pattern", + "label": "Repository", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.name", + "id": "1632872599896", + "indexPatternRefName": "control_2_index_pattern", + "label": "Actor", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.target.name", + "id": "1632872564349", + "indexPatternRefName": "control_3_index_pattern", + "label": "Users", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "event.action", + "id": "1632874177516", + "indexPatternRefName": "control_4_index_pattern", + "label": "Action", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false }, - "type": "input_control_vis", - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.audit" - }, - "type": "phrase" + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "7d42442c-83c9-420d-8ef4-883eeb150687", + "w": 24, + "x": 0, + "y": 7 + }, + "panelIndex": "7d42442c-83c9-420d-8ef4-883eeb150687", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.audit" - } + "savedVis": { + "title": "User Changes [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 0, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "value" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie", + "legendDisplay": "hide", + "legendSize": "auto" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 15, - "i": "7d42442c-83c9-420d-8ef4-883eeb150687", - "w": 24, - "x": 0, - "y": 7 - }, - "panelIndex": "7d42442c-83c9-420d-8ef4-883eeb150687", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "User Changes [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 0, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "value" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie", - "legendDisplay": "hide", - "legendSize": "auto" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", + "w": 24, + "x": 24, + "y": 7 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 15, - "i": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", - "w": 24, - "x": 24, - "y": 7 - }, - "panelIndex": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "User Change Timeline [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "panelIndex": "76db3a0d-7562-4436-acd5-3cbfd4f6d044", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Change Timeline [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-18M", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "1w" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "legendSize": "auto" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "7.16.0", + "type": "search", + "gridData": { + "h": 15, + "i": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", + "w": 48, + "x": 0, + "y": 22 }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-18M", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "1w" - }, - "schema": "segment", - "type": "date_histogram" + "panelIndex": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelRefName": "panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464" } - } - } - }, - { - "version": "7.16.0", - "type": "search", - "gridData": { - "h": 15, - "i": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", - "w": 48, - "x": 0, - "y": 22 + ], + "timeRestore": false, + "title": "[GitHub] User Change Audit", + "version": 1 + }, + "references": [ + { + "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0", + "name": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464:panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464", + "type": "search" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_0_index_pattern", + "id": "logs-*" }, - "panelIndex": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464", - "embeddableConfig": { - "enhancements": {} + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_1_index_pattern", + "id": "logs-*" }, - "panelRefName": "panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464" - } + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "7d42442c-83c9-420d-8ef4-883eeb150687:search_0", + "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "76db3a0d-7562-4436-acd5-3cbfd4f6d044:search_0", + "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" + } ], - "timeRestore": false, - "title": "[GitHub] User Change Audit", - "version": 1 - }, - "references": [ - { - "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0", - "name": "1e435c96-c37f-4eb5-a4e5-2d446b2bf464:panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464", - "type": "search" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_1_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_2_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_3_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "af01806a-78b1-4068-8d69-fa2ca952f365:control_4_index_pattern", - "id": "logs-*" - }, - { - "type": "search", - "name": "7d42442c-83c9-420d-8ef4-883eeb150687:search_0", - "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" + "migrationVersion": { + "dashboard": "8.4.0" }, - { - "type": "search", - "name": "76db3a0d-7562-4436-acd5-3cbfd4f6d044:search_0", - "id": "github-173f1050-20ae-11ec-8b10-11a4c5e322a0" - } - ], - "migrationVersion": { - "dashboard": "8.4.0" - }, - "coreMigrationVersion": "8.4.1" + "coreMigrationVersion": "8.4.1" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json b/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json index 41c4f4be968..c0981d3916e 100644 --- a/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json +++ b/packages/github/kibana/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0.json @@ -1,1021 +1,1021 @@ { - "id": "github-dcee84c0-2059-11ec-8b10-11a4c5e322a0", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:22:26.869Z", - "version": "WzY4OCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 7, - "i": "63210180-c999-4d93-8d7a-f2fcb810ad1b", - "w": 41, - "x": 0, - "y": 0 - }, - "panelIndex": "63210180-c999-4d93-8d7a-f2fcb810ad1b", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Controls Audit [GitHub]", - "description": "", - "uiState": {}, - "params": { - "controls": [ - { - "fieldName": "github.org", - "id": "1632831213212", - "indexPatternRefName": "control_0_index_pattern", - "label": "Organization", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "github.repo", - "id": "1632831234336", - "indexPatternRefName": "control_1_index_pattern", - "label": "Repository", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.name", - "id": "1632872599896", - "indexPatternRefName": "control_2_index_pattern", - "label": "Actor", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.target.name", - "id": "1632872564349", - "indexPatternRefName": "control_3_index_pattern", - "label": "Users", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "event.action", - "id": "1632874177516", - "indexPatternRefName": "control_4_index_pattern", - "label": "Action", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "type": "input_control_vis", - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "github.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 7, - "i": "b37e0c71-2cc3-4895-b839-383ce53561a8", - "w": 7, - "x": 41, - "y": 0 - }, - "panelIndex": "b37e0c71-2cc3-4895-b839-383ce53561a8", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Total Events [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": " " - }, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { + "id": "github-dcee84c0-2059-11ec-8b10-11a4c5e322a0", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-06T09:28:45.116Z", + "version": "WzM3NzUsMV0=", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 19, - "i": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", - "w": 48, - "x": 0, - "y": 7 }, - "panelIndex": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events over time [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 7, + "i": "63210180-c999-4d93-8d7a-f2fcb810ad1b", + "w": 41, + "x": 0, + "y": 0 + }, + "panelIndex": "63210180-c999-4d93-8d7a-f2fcb810ad1b", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Controls Audit [GitHub]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "github.org", + "id": "1632831213212", + "indexPatternRefName": "control_0_index_pattern", + "label": "Organization", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "github.repo", + "id": "1632831234336", + "indexPatternRefName": "control_1_index_pattern", + "label": "Repository", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.name", + "id": "1632872599896", + "indexPatternRefName": "control_2_index_pattern", + "label": "Actor", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.target.name", + "id": "1632872564349", + "indexPatternRefName": "control_3_index_pattern", + "label": "Users", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "event.action", + "id": "1632874177516", + "indexPatternRefName": "control_4_index_pattern", + "label": "Action", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 7, + "i": "b37e0c71-2cc3-4895-b839-383ce53561a8", + "w": 7, + "x": 41, + "y": 0 + }, + "panelIndex": "b37e0c71-2cc3-4895-b839-383ce53561a8", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Events [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": " " + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + }, + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 19, + "i": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", + "w": 48, + "x": 0, + "y": 7 + }, + "panelIndex": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events over time [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-18M", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "1w" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "legendSize": "auto" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.4.0", + "type": "map", + "gridData": { + "h": 18, + "i": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", + "w": 37, + "x": 0, + "y": 26 }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-18M", - "to": "now" + "panelIndex": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", + "embeddableConfig": { + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 360, + "minLat": -85.05113, + "minLon": -540 }, - "useNormalizedEsInterval": true, - "used_interval": "1w" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" + "mapCenter": { + "lat": 27.08856, + "lon": -30.5613, + "zoom": 1 + }, + "openTOCDetails": [], + "attributes": { + "title": "Activity Map by Actor Location [GitHub]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":0,\"lon\":-29.82486},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-18M\",\"to\":\"now\"},\"zoom\":0.56}", + "layerListJSON": "[{\"alpha\":0.75,\"id\":\"a427cb7d-077b-4c8a-8741-74f8f03283e2\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#6092C0\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#4379aa\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a0ea096b-e0eb-43dd-8f75-c0d8c0e4ac9a\",\"includeInFitToBounds\":true,\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"id\":\"167d9148-ad58-4fa1-99eb-c3e75fc75f96\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\",\"indexPatternTitle\":\"logs-*\",\"term\":\"client.geo.country_iso_code\",\"type\":\"ES_TERM_SOURCE\"}}],\"label\":\"Events by Country\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" + } } - } - } - } - } - }, - { - "version": "8.4.0", - "type": "map", - "gridData": { - "h": 18, - "i": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", - "w": 37, - "x": 0, - "y": 26 - }, - "panelIndex": "88887e58-b192-4c9b-85c7-14d18a6c1c0d", - "embeddableConfig": { - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 360, - "minLat": -85.05113, - "minLon": -540 - }, - "mapCenter": { - "lat": 27.08856, - "lon": -30.5613, - "zoom": 1 - }, - "openTOCDetails": [], - "attributes": { - "title": "Activity Map by Actor Location [GitHub]", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"center\":{\"lat\":0,\"lon\":-29.82486},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-18M\",\"to\":\"now\"},\"zoom\":0.56}", - "layerListJSON": "[{\"alpha\":0.75,\"id\":\"a427cb7d-077b-4c8a-8741-74f8f03283e2\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#6092C0\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#4379aa\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a0ea096b-e0eb-43dd-8f75-c0d8c0e4ac9a\",\"includeInFitToBounds\":true,\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"id\":\"167d9148-ad58-4fa1-99eb-c3e75fc75f96\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\",\"indexPatternTitle\":\"logs-*\",\"term\":\"client.geo.country_iso_code\",\"type\":\"ES_TERM_SOURCE\"}}],\"label\":\"Events by Country\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"],\"type\":\"EMS_FILE\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 18, - "i": "0c469087-fb3f-46d3-8962-c49d2e50f70c", - "w": 11, - "x": 37, - "y": 26 - }, - "panelIndex": "0c469087-fb3f-46d3-8962-c49d2e50f70c", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Events per Organization [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "value" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie", - "legendDisplay": "hide", - "legendSize": "auto" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 18, + "i": "0c469087-fb3f-46d3-8962-c49d2e50f70c", + "w": 11, + "x": 37, + "y": 26 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "github.org", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 19, - "i": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", - "w": 25, - "x": 0, - "y": 44 - }, - "panelIndex": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Event Types [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "panelIndex": "0c469087-fb3f-46d3-8962-c49d2e50f70c", + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Events per Organization [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "value" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie", + "legendDisplay": "hide", + "legendSize": "auto" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "github.org", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "legendSize": "auto" }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 19, + "i": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", + "w": 25, + "x": 0, + "y": 44 }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 19, - "i": "9ed1cfce-9337-4813-8df5-14a1280bb351", - "w": 23, - "x": 25, - "y": 44 - }, - "panelIndex": "9ed1cfce-9337-4813-8df5-14a1280bb351", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Active Users [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "panelIndex": "108cd1b7-ce79-4558-ae38-5f1bb93961fe", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Event Types [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "legendSize": "auto" }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 19, + "i": "9ed1cfce-9337-4813-8df5-14a1280bb351", + "w": 23, + "x": 25, + "y": 44 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - } - }, - { - "version": "8.3.0", - "type": "visualization", - "gridData": { - "h": 17, - "i": "d48a66a5-50e7-4cab-9b16-767bfa427860", - "w": 48, - "x": 0, - "y": 63 - }, - "panelIndex": "d48a66a5-50e7-4cab-9b16-767bfa427860", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Active Repositories [GitHub]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "panelIndex": "9ed1cfce-9337-4813-8df5-14a1280bb351", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Active Users [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - ], - "legendSize": "auto" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.3.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "d48a66a5-50e7-4cab-9b16-767bfa427860", + "w": 48, + "x": 0, + "y": 63 }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Repository", - "field": "github.repo", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" + "panelIndex": "d48a66a5-50e7-4cab-9b16-767bfa427860", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Active Repositories [GitHub]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "legendSize": "auto" + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Repository", + "field": "github.repo", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } } - } } - } + ], + "timeRestore": false, + "title": "[GitHub] Audit Log Activity", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "b37e0c71-2cc3-4895-b839-383ce53561a8:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "index-pattern", + "name": "88887e58-b192-4c9b-85c7-14d18a6c1c0d:layer_1_join_0_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "0c469087-fb3f-46d3-8962-c49d2e50f70c:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "108cd1b7-ce79-4558-ae38-5f1bb93961fe:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "9ed1cfce-9337-4813-8df5-14a1280bb351:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + }, + { + "type": "search", + "name": "d48a66a5-50e7-4cab-9b16-767bfa427860:search_0", + "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" } - } ], - "timeRestore": false, - "title": "[GitHub] Audit Log Activity", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_1_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_2_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_3_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "63210180-c999-4d93-8d7a-f2fcb810ad1b:control_4_index_pattern", - "id": "logs-*" - }, - { - "type": "search", - "name": "b37e0c71-2cc3-4895-b839-383ce53561a8:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "search", - "name": "fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "index-pattern", - "name": "88887e58-b192-4c9b-85c7-14d18a6c1c0d:layer_1_join_0_index_pattern", - "id": "logs-*" - }, - { - "type": "search", - "name": "0c469087-fb3f-46d3-8962-c49d2e50f70c:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "search", - "name": "108cd1b7-ce79-4558-ae38-5f1bb93961fe:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - }, - { - "type": "search", - "name": "9ed1cfce-9337-4813-8df5-14a1280bb351:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" + "migrationVersion": { + "dashboard": "8.4.0" }, - { - "type": "search", - "name": "d48a66a5-50e7-4cab-9b16-767bfa427860:search_0", - "id": "github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0" - } - ], - "migrationVersion": { - "dashboard": "8.4.0" - }, - "coreMigrationVersion": "8.4.1" + "coreMigrationVersion": "8.4.1" } \ No newline at end of file From 8c72561fadefabc424d92ed8b24484f14e42c058 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:03:53 +0530 Subject: [PATCH 052/103] revert github changelog --- packages/github/changelog.yml | 5 ----- packages/github/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index 43126004282..b8fdf3f2028 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.5.1" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.0" changes: - description: Add org endpoints for code_scanning and secret_scanning along with dashboards diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index 4d677e807d6..577ae18ff7e 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: 1.5.1 +version: 1.5.0 release: ga description: Collect logs from GitHub with Elastic Agent. type: integration From 0fb34d97626d0aadaab14397b28904704e7b4644 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:04:11 +0530 Subject: [PATCH 053/103] Revert "hashicorp_vault already inlined" This reverts commit 1316d8c75ef5f90435d61cc604da2ed2f69232f9. --- ...-1f321db0-f4b8-11eb-a89a-7378b1713db5.json | 1933 +++++++------ ...-64b51280-f4ad-11eb-a89a-7378b1713db5.json | 2561 ++++++++--------- 2 files changed, 2242 insertions(+), 2252 deletions(-) diff --git a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json index 17bbb0b58db..19e96c0ba00 100644 --- a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json +++ b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5.json @@ -1,1001 +1,996 @@ { - "id": "hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:40:37.628Z", - "version": "WzQ5MSwxXQ==", - "attributes": { - "description": "Hashicorp Vault operational logs.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27ad0671-d838-464d-9949-250e95bf8ebf": { - "columnOrder": [ - "ff94d2dd-fe92-4157-929c-cceb4aa400d2", - "fd82c7ab-1504-4210-a3bd-bdee3f875c72", - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "columns": { - "834ca219-ed3e-4a48-b865-ac6e9d562b36": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ff94d2dd-fe92-4157-929c-cceb4aa400d2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of agent.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "agent.name" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "Hashicorp Vault operational logs.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27ad0671-d838-464d-9949-250e95bf8ebf": { + "columnOrder": [ + "ff94d2dd-fe92-4157-929c-cceb4aa400d2", + "fd82c7ab-1504-4210-a3bd-bdee3f875c72", + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "columns": { + "834ca219-ed3e-4a48-b865-ac6e9d562b36": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ff94d2dd-fe92-4157-929c-cceb4aa400d2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of agent.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "agent.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "ff94d2dd-fe92-4157-929c-cceb4aa400d2", + "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 9, + "i": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", + "w": 24, + "x": 0, + "y": 0 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", - "palette": { - "name": "default", - "type": "palette" + "panelIndex": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", + "title": "Log Volume by Agent", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47ee6385-76b6-4b42-b35d-583cd8208fb4": { + "columnOrder": [ + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" + ], + "columns": { + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Logs", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", + "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "ff94d2dd-fe92-4157-929c-cceb4aa400d2", - "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 6, + "i": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", + "w": 8, + "x": 24, + "y": 0 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f", - "title": "Log Volume by Agent", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47ee6385-76b6-4b42-b35d-583cd8208fb4": { - "columnOrder": [ - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" - ], - "columns": { - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Logs", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", - "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", - "w": 8, - "x": 24, - "y": 0 - }, - "panelIndex": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47ee6385-76b6-4b42-b35d-583cd8208fb4": { - "columnOrder": [ - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" - ], - "columns": { - "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Errors", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47ee6385-76b6-4b42-b35d-583cd8208fb4": { + "columnOrder": [ + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f" + ], + "columns": { + "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Errors", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "log.level", + "negate": false, + "params": { + "query": "error" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.level": "error" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", + "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "log.level", - "negate": false, - "params": { - "query": "error" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.level": "error" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "f9cb4f81-44c1-4b1b-9a1e-b4087e7c562f", - "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", - "w": 8, - "x": 32, - "y": 0 - }, - "panelIndex": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47ee6385-76b6-4b42-b35d-583cd8208fb4": { - "columnOrder": [ - "85994c44-017f-4c95-9bec-f54add925f28" - ], - "columns": { - "85994c44-017f-4c95-9bec-f54add925f28": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Agents", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "agent.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } + "gridData": { + "h": 6, + "i": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", + "w": 8, + "x": 32, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "log.level", - "negate": false, - "params": { - "query": "error" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.level": "error" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "85994c44-017f-4c95-9bec-f54add925f28", - "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" - } + "panelIndex": "fa55332a-4ac9-4c7f-b8f1-a4031542120d", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "759e3b76-90f0-453a-932c-5aee1c56ad73", - "w": 8, - "x": 40, - "y": 0 - }, - "panelIndex": "759e3b76-90f0-453a-932c-5aee1c56ad73", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "w": 24, - "x": 24, - "y": 6 - }, - "panelIndex": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "panelRefName": "panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "type": "search", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27ad0671-d838-464d-9949-250e95bf8ebf": { - "columnOrder": [ - "10b83fe4-fecd-4487-8a05-b7c4665a00bc", - "fd82c7ab-1504-4210-a3bd-bdee3f875c72", - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "columns": { - "10b83fe4-fecd-4487-8a05-b7c4665a00bc": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of log.level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "log.level" - }, - "834ca219-ed3e-4a48-b865-ac6e9d562b36": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47ee6385-76b6-4b42-b35d-583cd8208fb4": { + "columnOrder": [ + "85994c44-017f-4c95-9bec-f54add925f28" + ], + "columns": { + "85994c44-017f-4c95-9bec-f54add925f28": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Agents", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "agent.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "log.level", + "negate": false, + "params": { + "query": "error" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.level": "error" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "85994c44-017f-4c95-9bec-f54add925f28", + "layerId": "47ee6385-76b6-4b42-b35d-583cd8208fb4" + } }, - "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {} }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 6, + "i": "759e3b76-90f0-453a-932c-5aee1c56ad73", + "w": 8, + "x": 40, + "y": 0 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "10b83fe4-fecd-4487-8a05-b7c4665a00bc", - "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "759e3b76-90f0-453a-932c-5aee1c56ad73", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 21, + "i": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "w": 24, + "x": 24, + "y": 6 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "panelRefName": "panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "type": "search", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "58781719-8e14-400f-963a-8652bcf90d28", - "w": 24, - "x": 0, - "y": 9 - }, - "panelIndex": "58781719-8e14-400f-963a-8652bcf90d28", - "title": "Log Volume by Level", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27ad0671-d838-464d-9949-250e95bf8ebf": { - "columnOrder": [ - "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", - "fd82c7ab-1504-4210-a3bd-bdee3f875c72", - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "columns": { - "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of log.logger", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "log.logger" - }, - "834ca219-ed3e-4a48-b865-ac6e9d562b36": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27ad0671-d838-464d-9949-250e95bf8ebf": { + "columnOrder": [ + "10b83fe4-fecd-4487-8a05-b7c4665a00bc", + "fd82c7ab-1504-4210-a3bd-bdee3f875c72", + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "columns": { + "10b83fe4-fecd-4487-8a05-b7c4665a00bc": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of log.level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "log.level" + }, + "834ca219-ed3e-4a48-b865-ac6e9d562b36": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "10b83fe4-fecd-4487-8a05-b7c4665a00bc", + "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.log" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 9, + "i": "58781719-8e14-400f-963a-8652bcf90d28", + "w": 24, + "x": 0, + "y": 9 }, - "layers": [ - { - "accessors": [ - "834ca219-ed3e-4a48-b865-ac6e9d562b36" - ], - "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", - "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "58781719-8e14-400f-963a-8652bcf90d28", + "title": "Log Volume by Level", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27ad0671-d838-464d-9949-250e95bf8ebf": { + "columnOrder": [ + "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", + "fd82c7ab-1504-4210-a3bd-bdee3f875c72", + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "columns": { + "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of log.logger", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "834ca219-ed3e-4a48-b865-ac6e9d562b36", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "log.logger" + }, + "834ca219-ed3e-4a48-b865-ac6e9d562b36": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fd82c7ab-1504-4210-a3bd-bdee3f875c72": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "834ca219-ed3e-4a48-b865-ac6e9d562b36" + ], + "layerId": "27ad0671-d838-464d-9949-250e95bf8ebf", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "7b7c1c13-da7f-4cf6-bfb2-66bae7714e71", + "xAccessor": "fd82c7ab-1504-4210-a3bd-bdee3f875c72" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 9, + "i": "f9db514e-50b6-44bc-b142-252f6b11ba02", + "w": 24, + "x": 0, + "y": 18 }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "panelIndex": "f9db514e-50b6-44bc-b142-252f6b11ba02", + "title": "Log Volume by Logger", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Hashicorp Vault] Operational Logs", + "version": 1 + }, + "coreMigrationVersion": "7.15.0", + "id": "hashicorp_vault-1f321db0-f4b8-11eb-a89a-7378b1713db5", + "migrationVersion": { + "dashboard": "7.14.0" + }, + "references": [ + { + "id": "logs-*", + "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-1", + "type": "index-pattern" }, - "gridData": { - "h": 9, - "i": "f9db514e-50b6-44bc-b142-252f6b11ba02", - "w": 24, - "x": 0, - "y": 18 + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "f9db514e-50b6-44bc-b142-252f6b11ba02", - "title": "Log Volume by Logger", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - } + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "hashicorp_vault-80603d50-f4b9-11eb-a89a-7378b1713db5", + "name": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6:panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", + "type": "search" + }, + { + "id": "logs-*", + "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58781719-8e14-400f-963a-8652bcf90d28:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:filter-index-pattern-0", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Hashicorp Vault] Operational Logs", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1ac68c0e-3c5a-49d6-81d3-5f4700cc709f:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c875e4a1-139b-4197-b9cb-fffb0fa5ab72:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fa55332a-4ac9-4c7f-b8f1-a4031542120d:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:indexpattern-datasource-layer-47ee6385-76b6-4b42-b35d-583cd8208fb4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "759e3b76-90f0-453a-932c-5aee1c56ad73:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "hashicorp_vault-80603d50-f4b9-11eb-a89a-7378b1713db5", - "name": "12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6:panel_12f4a1f5-9ea6-423c-9c5a-7ab88558f5a6", - "type": "search" - }, - { - "id": "logs-*", - "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "58781719-8e14-400f-963a-8652bcf90d28:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "58781719-8e14-400f-963a-8652bcf90d28:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:indexpattern-datasource-layer-27ad0671-d838-464d-9949-250e95bf8ebf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f9db514e-50b6-44bc-b142-252f6b11ba02:filter-index-pattern-0", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.14.0" - }, - "coreMigrationVersion": "7.14.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json index d70c5526bd1..077c90fbf32 100644 --- a/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json +++ b/packages/hashicorp_vault/kibana/dashboard/hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5.json @@ -1,1327 +1,1322 @@ { - "id": "hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T10:40:37.628Z", - "version": "WzQ5MiwxXQ==", - "attributes": { - "description": "Hashicorp Vault audit logs overview.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { - "columnOrder": [ - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" - ], - "columns": { - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "hashicorp_vault.audit.type", - "negate": false, - "params": { - "query": "request" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.type": "request" - } - } + "attributes": { + "description": "Hashicorp Vault audit logs overview.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", - "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 8, - "i": "83f33557-0d9d-4e73-bb7e-227b39132484", - "w": 10, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "83f33557-0d9d-4e73-bb7e-227b39132484", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b847cacb-e41b-429c-8f53-8cdf53bea465": { - "columnOrder": [ - "6a4f3808-ff70-42b5-8357-752540a94412" - ], - "columns": { - "6a4f3808-ff70-42b5-8357-752540a94412": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests with root token policy", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { + "columnOrder": [ + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" + ], + "columns": { + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Requests", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "hashicorp_vault.audit.type", + "negate": false, + "params": { + "query": "request" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.type": "request" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", + "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "hashicorp_vault.audit.auth.policies", - "negate": false, - "params": { - "query": "root" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.auth.policies": "root" - } - } + "gridData": { + "h": 8, + "i": "83f33557-0d9d-4e73-bb7e-227b39132484", + "w": 10, + "x": 0, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "hashicorp_vault.audit.type", - "negate": false, - "params": { - "query": "request" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.type": "request" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "6a4f3808-ff70-42b5-8357-752540a94412", - "layerId": "b847cacb-e41b-429c-8f53-8cdf53bea465" - } + "panelIndex": "83f33557-0d9d-4e73-bb7e-227b39132484", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "0232f3be-806f-40d8-ae0b-40aa512e6541", - "w": 9, - "x": 10, - "y": 0 - }, - "panelIndex": "0232f3be-806f-40d8-ae0b-40aa512e6541", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { - "columnOrder": [ - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" - ], - "columns": { - "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Denied Requests", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b847cacb-e41b-429c-8f53-8cdf53bea465": { + "columnOrder": [ + "6a4f3808-ff70-42b5-8357-752540a94412" + ], + "columns": { + "6a4f3808-ff70-42b5-8357-752540a94412": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Requests with root token policy", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "hashicorp_vault.audit.auth.policies", + "negate": false, + "params": { + "query": "root" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.auth.policies": "root" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "hashicorp_vault.audit.type", + "negate": false, + "params": { + "query": "request" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.type": "request" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "6a4f3808-ff70-42b5-8357-752540a94412", + "layerId": "b847cacb-e41b-429c-8f53-8cdf53bea465" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } + "enhancements": {} }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "hashicorp_vault.audit.type", - "negate": false, - "params": { - "query": "request" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hashicorp_vault.audit.type": "request" - } - } + "gridData": { + "h": 8, + "i": "0232f3be-806f-40d8-ae0b-40aa512e6541", + "w": 9, + "x": 10, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.type", - "negate": false, - "params": { - "query": "denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.type": "denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", - "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" - } + "panelIndex": "0232f3be-806f-40d8-ae0b-40aa512e6541", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "23805a5e-7dde-403d-bc28-3314fd3db7d4", - "w": 9, - "x": 19, - "y": 0 - }, - "panelIndex": "23805a5e-7dde-403d-bc28-3314fd3db7d4", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "489fa819-f474-4d04-a6be-fe36193109b0": { - "columnOrder": [ - "300deebb-15ad-44be-98b7-1dbe04d6b19d", - "4463bb63-735c-4f2e-99d8-c0e71a836b13" - ], - "columns": { - "300deebb-15ad-44be-98b7-1dbe04d6b19d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mount Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4463bb63-735c-4f2e-99d8-c0e71a836b13", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0": { + "columnOrder": [ + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad" + ], + "columns": { + "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Denied Requests", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "hashicorp_vault.audit.type", + "negate": false, + "params": { + "query": "request" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hashicorp_vault.audit.type": "request" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.type", + "negate": false, + "params": { + "query": "denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "hashicorp_vault.audit.request.mount_type" + "visualization": { + "accessor": "c48424bb-1a3b-47e2-8e0b-aa98eac0cdad", + "layerId": "2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0" + } }, - "4463bb63-735c-4f2e-99d8-c0e71a836b13": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "300deebb-15ad-44be-98b7-1dbe04d6b19d" - ], - "layerId": "489fa819-f474-4d04-a6be-fe36193109b0", - "legendDisplay": "show", - "metric": "4463bb63-735c-4f2e-99d8-c0e71a836b13", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "23805a5e-7dde-403d-bc28-3314fd3db7d4", + "w": 9, + "x": 19, + "y": 0 + }, + "panelIndex": "23805a5e-7dde-403d-bc28-3314fd3db7d4", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "9087a437-92b3-4cb4-a750-ae68b0858e09", - "w": 11, - "x": 28, - "y": 0 - }, - "panelIndex": "9087a437-92b3-4cb4-a750-ae68b0858e09", - "title": "Mount Type", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2c264c26-91e6-4a34-aea3-01d6f88ed30b": { - "columnOrder": [ - "d5f83108-804a-43e1-860a-aa4a81914a1c", - "c3d83176-87df-4196-a0a4-c52050c7b024" - ], - "columns": { - "c3d83176-87df-4196-a0a4-c52050c7b024": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d5f83108-804a-43e1-860a-aa4a81914a1c": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of hashicorp_vault.audit.auth.token_policies", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c3d83176-87df-4196-a0a4-c52050c7b024", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "hashicorp_vault.audit.auth.token_policies" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "489fa819-f474-4d04-a6be-fe36193109b0": { + "columnOrder": [ + "300deebb-15ad-44be-98b7-1dbe04d6b19d", + "4463bb63-735c-4f2e-99d8-c0e71a836b13" + ], + "columns": { + "300deebb-15ad-44be-98b7-1dbe04d6b19d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mount Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4463bb63-735c-4f2e-99d8-c0e71a836b13", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "hashicorp_vault.audit.request.mount_type" + }, + "4463bb63-735c-4f2e-99d8-c0e71a836b13": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "300deebb-15ad-44be-98b7-1dbe04d6b19d" + ], + "layerId": "489fa819-f474-4d04-a6be-fe36193109b0", + "legendDisplay": "show", + "metric": "4463bb63-735c-4f2e-99d8-c0e71a836b13", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d5f83108-804a-43e1-860a-aa4a81914a1c" - ], - "layerId": "2c264c26-91e6-4a34-aea3-01d6f88ed30b", - "legendDisplay": "default", - "metric": "c3d83176-87df-4196-a0a4-c52050c7b024", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "kibana_palette", - "type": "palette" + "enhancements": {}, + "hidePanelTitles": false }, - "shape": "treemap" - } + "gridData": { + "h": 8, + "i": "9087a437-92b3-4cb4-a750-ae68b0858e09", + "w": 11, + "x": 28, + "y": 0 + }, + "panelIndex": "9087a437-92b3-4cb4-a750-ae68b0858e09", + "title": "Mount Type", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 29, - "i": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", - "w": 9, - "x": 39, - "y": 0 - }, - "panelIndex": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", - "title": "Auth Token Policies", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "791d2c5a-3c3a-4225-8221-6e03777579de": { - "columnOrder": [ - "31c54481-0421-4f67-8f39-659fa8cbc7fe", - "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6", - "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" - ], - "columns": { - "31c54481-0421-4f67-8f39-659fa8cbc7fe": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 4 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - }, - "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2c264c26-91e6-4a34-aea3-01d6f88ed30b": { + "columnOrder": [ + "d5f83108-804a-43e1-860a-aa4a81914a1c", + "c3d83176-87df-4196-a0a4-c52050c7b024" + ], + "columns": { + "c3d83176-87df-4196-a0a4-c52050c7b024": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "d5f83108-804a-43e1-860a-aa4a81914a1c": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of hashicorp_vault.audit.auth.token_policies", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c3d83176-87df-4196-a0a4-c52050c7b024", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "hashicorp_vault.audit.auth.token_policies" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d5f83108-804a-43e1-860a-aa4a81914a1c" + ], + "layerId": "2c264c26-91e6-4a34-aea3-01d6f88ed30b", + "legendDisplay": "default", + "metric": "c3d83176-87df-4196-a0a4-c52050c7b024", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shape": "treemap" + } }, - "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" - ], - "layerId": "791d2c5a-3c3a-4225-8221-6e03777579de", - "palette": { - "name": "status", - "type": "palette" - }, - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "31c54481-0421-4f67-8f39-659fa8cbc7fe", - "xAccessor": "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 29, + "i": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", + "w": 9, + "x": 39, + "y": 0 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3", + "title": "Auth Token Policies", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "62d57354-4600-4729-a898-1b0e5eee57af", - "w": 19, - "x": 0, - "y": 8 - }, - "panelIndex": "62d57354-4600-4729-a898-1b0e5eee57af", - "title": "Event Outcome", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "874c0b4f-299a-4ae6-a04d-c06072907352": { - "columnOrder": [ - "1949c67d-972f-480f-a44e-a8efad60bc6f", - "d4a9db3d-1864-4a8e-b255-34f3516babd2" - ], - "columns": { - "1949c67d-972f-480f-a44e-a8efad60bc6f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operation", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d4a9db3d-1864-4a8e-b255-34f3516babd2", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "791d2c5a-3c3a-4225-8221-6e03777579de": { + "columnOrder": [ + "31c54481-0421-4f67-8f39-659fa8cbc7fe", + "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6", + "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" + ], + "columns": { + "31c54481-0421-4f67-8f39-659fa8cbc7fe": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "event.outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 4 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + }, + "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "hashicorp_vault.audit.request.operation" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "ae60a0fa-37fb-42ca-8f3d-bc2b02daf701" + ], + "layerId": "791d2c5a-3c3a-4225-8221-6e03777579de", + "palette": { + "name": "status", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "31c54481-0421-4f67-8f39-659fa8cbc7fe", + "xAccessor": "9835d7b6-3e7c-43d5-85a6-de1ddaa1a9e6" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "d4a9db3d-1864-4a8e-b255-34f3516babd2": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "d4a9db3d-1864-4a8e-b255-34f3516babd2" - ], - "layerId": "874c0b4f-299a-4ae6-a04d-c06072907352", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "1949c67d-972f-480f-a44e-a8efad60bc6f" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 8, + "i": "62d57354-4600-4729-a898-1b0e5eee57af", + "w": 19, + "x": 0, + "y": 8 }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "62d57354-4600-4729-a898-1b0e5eee57af", + "title": "Event Outcome", + "type": "lens", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "874c0b4f-299a-4ae6-a04d-c06072907352": { + "columnOrder": [ + "1949c67d-972f-480f-a44e-a8efad60bc6f", + "d4a9db3d-1864-4a8e-b255-34f3516babd2" + ], + "columns": { + "1949c67d-972f-480f-a44e-a8efad60bc6f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operation", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d4a9db3d-1864-4a8e-b255-34f3516babd2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "hashicorp_vault.audit.request.operation" + }, + "d4a9db3d-1864-4a8e-b255-34f3516babd2": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "d4a9db3d-1864-4a8e-b255-34f3516babd2" + ], + "layerId": "874c0b4f-299a-4ae6-a04d-c06072907352", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "1949c67d-972f-480f-a44e-a8efad60bc6f" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 8, + "i": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", + "w": 9, + "x": 19, + "y": 8 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", + "title": "Operation Type", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", - "w": 9, - "x": 19, - "y": 8 - }, - "panelIndex": "a088f6c5-449d-4515-9665-b7a96aaa5cc5", - "title": "Operation Type", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb": { - "columnOrder": [ - "602d11b6-cd45-45ba-b1fa-6430016e4eda", - "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b" - ], - "columns": { - "602d11b6-cd45-45ba-b1fa-6430016e4eda": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb": { + "columnOrder": [ + "602d11b6-cd45-45ba-b1fa-6430016e4eda", + "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b" + ], + "columns": { + "602d11b6-cd45-45ba-b1fa-6430016e4eda": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "event.type" + }, + "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "event.type" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hashicorp_vault.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hashicorp_vault.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "602d11b6-cd45-45ba-b1fa-6430016e4eda" + ], + "layerId": "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", + "legendDisplay": "show", + "metric": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } }, - "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hashicorp_vault.audit" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hashicorp_vault.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "602d11b6-cd45-45ba-b1fa-6430016e4eda" - ], - "layerId": "7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", - "legendDisplay": "show", - "metric": "8f9e210a-1ce1-4b3d-8f87-2a80fe3e034b", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", + "w": 11, + "x": 28, + "y": 8 + }, + "panelIndex": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", + "title": "Event Type", + "type": "lens", + "version": "7.15.0-SNAPSHOT" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"d6bce6c1-3b22-4697-ab6d-3073b7064328\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"4d111e7b-044b-44c0-a962-7dc284f4f0f2\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"58c4d1f7-a53b-4b96-be01-93fc8e8232cc\",\"label\":\"Source Location\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"query\":{\"query\":\"data_stream.dataset:\\\"hashicorp_vault.audit\\\" \",\"language\":\"kuery\"}}]", + "mapStateJSON": "{\"zoom\":1.53,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-30d/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 180, + "minLat": -66.51326, + "minLon": -180 + }, + "mapCenter": { + "lat": 44.16871, + "lon": -22.15634, + "zoom": 1.53 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 13, + "i": "761dd3e0-7eb2-4738-a475-1007d78b900f", + "w": 39, + "x": 0, + "y": 16 + }, + "panelIndex": "761dd3e0-7eb2-4738-a475-1007d78b900f", + "title": "Source Locations", + "type": "map", + "version": "7.15.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Hashicorp Vault] Audit Logs", + "version": 1 + }, + "coreMigrationVersion": "7.15.0", + "id": "hashicorp_vault-64b51280-f4ad-11eb-a89a-7378b1713db5", + "migrationVersion": { + "dashboard": "7.14.0" + }, + "references": [ + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", + "type": "index-pattern" }, - "gridData": { - "h": 8, - "i": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", - "w": 11, - "x": 28, - "y": 8 + { + "id": "logs-*", + "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:filter-index-pattern-0", + "type": "index-pattern" }, - "panelIndex": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61", - "title": "Event Type", - "type": "lens", - "version": "7.15.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"d6bce6c1-3b22-4697-ab6d-3073b7064328\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"4d111e7b-044b-44c0-a962-7dc284f4f0f2\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"58c4d1f7-a53b-4b96-be01-93fc8e8232cc\",\"label\":\"Source Location\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[],\"query\":{\"query\":\"data_stream.dataset:\\\"hashicorp_vault.audit\\\" \",\"language\":\"kuery\"}}]", - "mapStateJSON": "{\"zoom\":1.53,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-30d/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 180, - "minLat": -66.51326, - "minLon": -180 - }, - "mapCenter": { - "lat": 44.16871, - "lon": -22.15634, - "zoom": 1.53 - }, - "openTOCDetails": [] + { + "id": "logs-*", + "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 13, - "i": "761dd3e0-7eb2-4738-a475-1007d78b900f", - "w": 39, - "x": 0, - "y": 16 + { + "id": "logs-*", + "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", + "type": "index-pattern" }, - "panelIndex": "761dd3e0-7eb2-4738-a475-1007d78b900f", - "title": "Source Locations", - "type": "map", - "version": "7.15.0-SNAPSHOT" - } + { + "id": "logs-*", + "name": "62d57354-4600-4729-a898-1b0e5eee57af:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "761dd3e0-7eb2-4738-a475-1007d78b900f:layer_1_source_index_pattern", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Hashicorp Vault] Audit Logs", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83f33557-0d9d-4e73-bb7e-227b39132484:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:indexpattern-datasource-layer-b847cacb-e41b-429c-8f53-8cdf53bea465", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0232f3be-806f-40d8-ae0b-40aa512e6541:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:indexpattern-datasource-layer-2fd4f863-dc26-44d1-9b43-7f4fc3ed14c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23805a5e-7dde-403d-bc28-3314fd3db7d4:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:indexpattern-datasource-layer-489fa819-f474-4d04-a6be-fe36193109b0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9087a437-92b3-4cb4-a750-ae68b0858e09:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:indexpattern-datasource-layer-2c264c26-91e6-4a34-aea3-01d6f88ed30b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4db8db34-66f4-4f1c-ba4b-53cafe0c21a3:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62d57354-4600-4729-a898-1b0e5eee57af:indexpattern-datasource-layer-791d2c5a-3c3a-4225-8221-6e03777579de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62d57354-4600-4729-a898-1b0e5eee57af:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:indexpattern-datasource-layer-874c0b4f-299a-4ae6-a04d-c06072907352", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a088f6c5-449d-4515-9665-b7a96aaa5cc5:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:indexpattern-datasource-layer-7ac3e29e-e4e0-4e19-bac4-22565cfe0bcb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1c552cd9-e6c2-4b0a-87a8-7bdc13f7ce61:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "761dd3e0-7eb2-4738-a475-1007d78b900f:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.14.0" - }, - "coreMigrationVersion": "7.14.0" + "type": "dashboard" } \ No newline at end of file From 0bead65927342b49ca46684b0df49e92b9f4c6d3 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:04:58 +0530 Subject: [PATCH 054/103] revert hashicorp_vault changelog --- packages/hashicorp_vault/changelog.yml | 5 ----- packages/hashicorp_vault/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index ae75f6abdd8..44111fa98b8 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.7.1" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "1.7.0" changes: - description: Update mappings for Hashicorp Vault 1.11. diff --git a/packages/hashicorp_vault/manifest.yml b/packages/hashicorp_vault/manifest.yml index bb8d4529baf..173084aa768 100644 --- a/packages/hashicorp_vault/manifest.yml +++ b/packages/hashicorp_vault/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hashicorp_vault title: Hashicorp Vault -version: "1.7.1" +version: "1.7.0" license: basic description: Collect logs and metrics from Hashicorp Vault with Elastic Agent. type: integration From 31e44523fecfd0c03bba7465f3cf8233a0439eef Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:08:17 +0530 Subject: [PATCH 055/103] Revert "all inlined infoblox_nios" This reverts commit 3e613b24725ae26ee090abf54c143f45a56d9f20. --- ...-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json | 1262 ++++++------- ...-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json | 869 +++++++-- ...-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json | 1561 +++++++++++++---- 3 files changed, 2592 insertions(+), 1100 deletions(-) diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json index 647b8805d73..7c57a0e7f57 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json @@ -1,664 +1,722 @@ { - "id": "infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T15:15:26.772Z", - "version": "WzYyMiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "DHCP" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "DHCP" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5ab31944-bb04-4fcd-9734-6dd0a050581b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "5ab31944-bb04-4fcd-9734-6dd0a050581b", - "panelRefName": "panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "panelRefName": "panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "76c2205b-d288-41b8-bd79-33e76a42289a", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "76c2205b-d288-41b8-bd79-33e76a42289a", - "panelRefName": "panel_76c2205b-d288-41b8-bd79-33e76a42289a", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "panelRefName": "panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpack\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "DHCP" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "infoblox_nios.log.type": "DHCP" + } + } } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" + ], + "query": { + "language": "kuery", + "query": "" } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Count of Leases Renewed Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} + } + } } }, "gridData": { "h": 15, - "i": "e1c539c2-d236-4767-86da-469124ac35fa", + "i": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e", "w": 24, "x": 0, "y": 0 }, - "panelIndex": "e1c539c2-d236-4767-86da-469124ac35fa", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5ab31944-bb04-4fcd-9734-6dd0a050581b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "5ab31944-bb04-4fcd-9734-6dd0a050581b", + "panelRefName": "panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", + "type": "search", + "version": "7.17.0" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpdecline\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "panelRefName": "panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "type": "search", + "version": "7.17.0" }, - "title": "Count of Leases Declined Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "5767168a-28c2-49c8-9e1c-10210600e8ca", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "5767168a-28c2-49c8-9e1c-10210600e8ca", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "76c2205b-d288-41b8-bd79-33e76a42289a", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "76c2205b-d288-41b8-bd79-33e76a42289a", + "panelRefName": "panel_76c2205b-d288-41b8-bd79-33e76a42289a", + "type": "search", + "version": "7.17.0" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcpexpire\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" - } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "panelRefName": "panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "type": "search", + "version": "7.17.0" }, - "title": "Count of Leases Expired Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpack\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Count of Leases Renewed Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "e1c539c2-d236-4767-86da-469124ac35fa", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "e1c539c2-d236-4767-86da-469124ac35fa", + "type": "visualization", + "version": "7.17.0" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "99bb2283-08ad-483a-8912-5039ced3b47e", - "index_pattern_ref_name": "metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", - "interval": "1d", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "d12231fe-9878-4b9f-860f-ff926684e751", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpdecline\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Count of Leases Declined Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": null, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "event.action : \"dhcprelease\"" - }, - "id": "53443750-b50b-11ec-b3d6-27b037885c54", - "label": "Count" + }, + "gridData": { + "h": 15, + "i": "5767168a-28c2-49c8-9e1c-10210600e8ca", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "5767168a-28c2-49c8-9e1c-10210600e8ca", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcpexpire\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Count of Leases Expired Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} } - ], - "split_mode": "filters", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 0, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 15, + "i": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8", + "type": "visualization", + "version": "7.17.0" }, - "title": "Count of Leases Released Over Time [Logs Infoblox NIOS]", - "type": "metrics", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "1141be07-af74-407b-ab41-805d9abf7a9d", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "1141be07-af74-407b-ab41-805d9abf7a9d", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "310773ab-50b9-45eb-b84b-d5ac4dd962ff": { - "columnOrder": [ - "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", - "0552e5bb-f6f0-4619-a623-b95cbb3c3561" - ], - "columns": { - "0552e5bb-f6f0-4619-a623-b95cbb3c3561": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "24491aaa-9a7c-4f4e-aea5-9621bc64c38a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "MAC Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.mac" - } - }, - "incompleteColumns": {} + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "99bb2283-08ad-483a-8912-5039ced3b47e", + "index_pattern_ref_name": "metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", + "interval": "1d", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "d12231fe-9878-4b9f-860f-ff926684e751", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "id": "6bd0749b-2071-4cb9-9287-2e7fe244c469", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "event.action : \"dhcprelease\"" + }, + "id": "53443750-b50b-11ec-b3d6-27b037885c54", + "label": "Count" + } + ], + "split_mode": "filters", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 0, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Count of Leases Released Over Time [Logs Infoblox NIOS]", + "type": "metrics", + "uiState": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", - "isTransposed": false - } - ], - "layerId": "310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "layerType": "data" - } + }, + "gridData": { + "h": 15, + "i": "1141be07-af74-407b-ab41-805d9abf7a9d", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "1141be07-af74-407b-ab41-805d9abf7a9d", + "type": "visualization", + "version": "7.17.0" }, - "title": "Top 10 MAC Address [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "310773ab-50b9-45eb-b84b-d5ac4dd962ff": { + "columnOrder": [ + "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", + "0552e5bb-f6f0-4619-a623-b95cbb3c3561" + ], + "columns": { + "0552e5bb-f6f0-4619-a623-b95cbb3c3561": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24491aaa-9a7c-4f4e-aea5-9621bc64c38a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "MAC Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.mac" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24491aaa-9a7c-4f4e-aea5-9621bc64c38a", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "0552e5bb-f6f0-4619-a623-b95cbb3c3561", + "isTransposed": false + } + ], + "layerId": "310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "layerType": "data" + } + }, + "title": "Top 10 MAC Address [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", + "title": "Top 10 MAC Address [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Infoblox NIOS] DHCP", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", - "w": 24, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "infoblox_nios-71f7a570-b4dd-11ec-80e1-4bd67c5762eb", + "name": "5ab31944-bb04-4fcd-9734-6dd0a050581b:panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", + "type": "search" + }, + { + "id": "infoblox_nios-7103abb0-b4e1-11ec-80e1-4bd67c5762eb", + "name": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba:panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "type": "search" + }, + { + "id": "infoblox_nios-4559ff50-b4e1-11ec-80e1-4bd67c5762eb", + "name": "76c2205b-d288-41b8-bd79-33e76a42289a:panel_76c2205b-d288-41b8-bd79-33e76a42289a", + "type": "search" + }, + { + "id": "infoblox_nios-8d55bb50-b4e1-11ec-80e1-4bd67c5762eb", + "name": "76cacd94-5599-43e7-bcde-e1e19c7d8e96:panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "type": "search" + }, + { + "id": "logs-*", + "name": "e1c539c2-d236-4767-86da-469124ac35fa:metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5767168a-28c2-49c8-9e1c-10210600e8ca:metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", + "type": "index-pattern" }, - "panelIndex": "489a5d78-23c6-4d68-bb5f-ac23c60785e4", - "title": "Top 10 MAC Address [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8:metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1141be07-af74-407b-ab41-805d9abf7a9d:metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "type": "index-pattern" + } ], "timeRestore": false, "title": "[Logs Infoblox NIOS] DHCP", "version": 1 }, "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, { "id": "infoblox_nios-71f7a570-b4dd-11ec-80e1-4bd67c5762eb", - "name": "5ab31944-bb04-4fcd-9734-6dd0a050581b:panel_5ab31944-bb04-4fcd-9734-6dd0a050581b", + "name": "panel_3", "type": "search" }, { "id": "infoblox_nios-7103abb0-b4e1-11ec-80e1-4bd67c5762eb", - "name": "2720e747-2fe6-431c-ba1c-ca7f7cb648ba:panel_2720e747-2fe6-431c-ba1c-ca7f7cb648ba", + "name": "panel_5", "type": "search" }, { "id": "infoblox_nios-4559ff50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "76c2205b-d288-41b8-bd79-33e76a42289a:panel_76c2205b-d288-41b8-bd79-33e76a42289a", + "name": "panel_7", "type": "search" }, { "id": "infoblox_nios-8d55bb50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "76cacd94-5599-43e7-bcde-e1e19c7d8e96:panel_76cacd94-5599-43e7-bcde-e1e19c7d8e96", + "name": "panel_8", "type": "search" }, { - "id": "logs-*", - "name": "e1c539c2-d236-4767-86da-469124ac35fa:metrics_e1c539c2-d236-4767-86da-469124ac35fa_0_index_pattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e:metrics_0_index_pattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "5767168a-28c2-49c8-9e1c-10210600e8ca:metrics_5767168a-28c2-49c8-9e1c-10210600e8ca_0_index_pattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "d0884783-30e6-47ed-bfca-99d4b0b423e9:metrics_0_index_pattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "4b06a1a7-f698-4add-a789-8ce4c11a7ab8:metrics_4b06a1a7-f698-4add-a789-8ce4c11a7ab8_0_index_pattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b:metrics_0_index_pattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "1141be07-af74-407b-ab41-805d9abf7a9d:metrics_1141be07-af74-407b-ab41-805d9abf7a9d_0_index_pattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", + "id": "logs-*" }, { - "id": "logs-*", - "name": "489a5d78-23c6-4d68-bb5f-ac23c60785e4:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "type": "index-pattern" + "type": "index-pattern", + "name": "b3562120-30fb-4068-8f51-016a4d463d54:metrics_0_index_pattern", + "id": "logs-*" } ], "migrationVersion": { diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json index 7f97c194896..f1c74a39df3 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json @@ -1,63 +1,573 @@ { - "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T15:15:26.772Z", - "version": "WzYyMywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "AUDIT" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "infoblox_nios.log.type": "AUDIT" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efab2208-7c53-44d0-ab95-44e4f536b001", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", + "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search", + "version": "7.17.0" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "title": "Created and Deleted Objects [Logs Infoblox NIOS]", + "type": "search", + "version": "7.17.0" }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { + "columnOrder": [ + "fcb0dd34-08f1-4b12-a947-66514002a247", + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "columns": { + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fcb0dd34-08f1-4b12-a947-66514002a247": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", + "yConfig": [ + { + "color": "#d36086", + "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a80ffa5e-4561-415e-9059-04eb43007744", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "AUDIT" - }, - "type": "phrase" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3b197aef-e049-44df-a30f-fc807fdb1718": { + "columnOrder": [ + "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "4eb788c2-ebce-473d-bfb0-ee0409862740" + ], + "columns": { + "4eb788c2-ebce-473d-bfb0-ee0409862740": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "6786ed8f-346e-419e-b8a7-1eea3d76b317": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Failure", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "e9c4594f-2e2d-4750-9b04-eb1632f13753": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Via", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "infoblox_nios.log.audit.apparently_via" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.action", + "negate": false, + "params": { + "query": "login_denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "login_denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "isTransposed": false + }, + { + "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "isTransposed": false + }, + { + "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "isTransposed": false + } + ], + "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", + "layerType": "data" + } + }, + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "5afac073-fbf9-4826-b39b-dc95b0000227", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "AUDIT" - } + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9688c841-6bb3-4369-8c27-894421c9ea56": { + "columnOrder": [ + "392073ca-09fb-4349-826e-fe44effa2a8e", + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" + ], + "columns": { + "392073ca-09fb-4349-826e-fe44effa2a8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "isTransposed": false + } + ], + "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", + "layerType": "data" + } + }, + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" } - } ], - "query": { - "language": "kuery", - "query": "" + "timeRestore": false, + "title": "[Logs Infoblox NIOS] Audit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", + "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search" + }, + { + "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", + "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "type": "search" + }, + { + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" } } }, @@ -67,56 +577,12 @@ "useMargins": true }, "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search", - "version": "7.17.0" - }, { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -163,7 +629,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" }, "visualization": { "axisTitlesVisibilitySettings": { @@ -220,44 +686,38 @@ } }, "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "a80ffa5e-4561-415e-9059-04eb43007744", + "i": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", "w": 48, "x": 0, "y": 0 }, - "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", + "panelIndex": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -366,7 +826,7 @@ ], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" }, "visualization": { "columns": [ @@ -393,40 +853,44 @@ } }, "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "5afac073-fbf9-4826-b39b-dc95b0000227", + "i": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", "w": 24, "x": 0, "y": 15 }, - "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", + "panelIndex": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -473,7 +937,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" }, "visualization": { "columns": [ @@ -492,22 +956,65 @@ } }, "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "i": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", "w": 24, "x": 24, "y": 15 }, - "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "panelIndex": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", "title": "Top 10 Login User Name [Logs Infoblox NIOS]", "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efab2208-7c53-44d0-ab95-44e4f536b001", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", + "panelRefName": "panel_3", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "panelRefName": "panel_4", + "title": "Created and Deleted Objects [Logs Infoblox NIOS]", + "type": "search", "version": "7.17.0" } ], @@ -516,60 +1023,50 @@ "version": 1 }, "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, { "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "name": "panel_3", "type": "search" }, { "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "name": "panel_4", "type": "search" }, { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" + "type": "index-pattern", + "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "id": "logs-*" }, { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" + "type": "index-pattern", + "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "id": "logs-*" }, { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", - "type": "index-pattern" + "type": "index-pattern", + "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:filter-index-pattern-0", + "id": "logs-*" }, { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" + "type": "index-pattern", + "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "id": "logs-*" } ], "migrationVersion": { diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json index 71d54dcfc63..358459d7e33 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json @@ -1,63 +1,1018 @@ { - "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T15:15:26.772Z", - "version": "WzYyNCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "DNS" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "infoblox_nios.log.type": "DNS" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "panelRefName": "panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "type": "search", + "version": "7.17.0" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "panelRefName": "panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "type": "search", + "version": "7.17.0" }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.response_code" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", + "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "DNS" - }, - "type": "phrase" + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Flag", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.header_flags" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "66c59159-c694-4f18-acdc-4a0ee8f24e44", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "66c59159-c694-4f18-acdc-4a0ee8f24e44", + "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "DNS" - } + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Question Class", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.question.class" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3dbd8734-c5a9-4b69-82ab-441be9c681df", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3dbd8734-c5a9-4b69-82ab-441be9c681df", + "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", + "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.port" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", + "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Answer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.answers.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Answer Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae613e8d-a0c5-464d-90ad-ef352d122514", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "ae613e8d-a0c5-464d-90ad-ef352d122514", + "title": "Top 10 Answer Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Question Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Question Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "7b2fd611-413f-42a2-a4ae-6b14098521bd", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "7b2fd611-413f-42a2-a4ae-6b14098521bd", + "title": "Top 10 Question Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Query Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Query Type [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "eff09424-7521-473d-88ab-368aa2d33b69", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "eff09424-7521-473d-88ab-368aa2d33b69", + "title": "Top 10 Query Type [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" } - } ], - "query": { - "language": "kuery", - "query": "" + "timeRestore": false, + "title": "[Logs Infoblox NIOS] DNS", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", + "name": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca:panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "type": "search" + }, + { + "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", + "name": "33030bbb-3670-4b20-ab01-b0eb157ea4e5:panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "type": "search" + }, + { + "id": "logs-*", + "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" } } }, @@ -69,52 +1024,10 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "panelRefName": "panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "panelRefName": "panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -162,7 +1075,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "layers": [ @@ -186,40 +1099,39 @@ } }, "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", + "i": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", "w": 24, "x": 0, "y": 0 }, - "panelIndex": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", + "panelIndex": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -267,7 +1179,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "layers": [ @@ -291,40 +1203,39 @@ } }, "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "66c59159-c694-4f18-acdc-4a0ee8f24e44", + "i": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", "w": 24, "x": 24, "y": 0 }, - "panelIndex": "66c59159-c694-4f18-acdc-4a0ee8f24e44", + "panelIndex": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -372,7 +1283,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "layers": [ @@ -396,40 +1307,39 @@ } }, "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "3dbd8734-c5a9-4b69-82ab-441be9c681df", + "i": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", "w": 24, "x": 0, "y": 15 }, - "panelIndex": "3dbd8734-c5a9-4b69-82ab-441be9c681df", + "panelIndex": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -476,7 +1386,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "columns": [ @@ -495,40 +1405,39 @@ } }, "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", + "i": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", "w": 24, "x": 24, "y": 15 }, - "panelIndex": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", + "panelIndex": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -575,7 +1484,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "columns": [ @@ -595,40 +1504,39 @@ } }, "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", + "i": "d91a4b30-da3a-402b-a7b7-542680808c83", "w": 24, "x": 0, "y": 30 }, - "panelIndex": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", + "panelIndex": "d91a4b30-da3a-402b-a7b7-542680808c83", "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -675,7 +1583,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "columns": [ @@ -694,40 +1602,39 @@ } }, "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "ae613e8d-a0c5-464d-90ad-ef352d122514", + "i": "820c618a-04ef-4d1d-95e4-76be0a783c03", "w": 24, "x": 24, "y": 30 }, - "panelIndex": "ae613e8d-a0c5-464d-90ad-ef352d122514", + "panelIndex": "820c618a-04ef-4d1d-95e4-76be0a783c03", "title": "Top 10 Answer Name [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" }, { "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -774,7 +1681,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "columns": [ @@ -793,40 +1700,71 @@ } }, "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "7b2fd611-413f-42a2-a4ae-6b14098521bd", + "i": "1129632e-0004-4421-bf56-406d8499a2bb", "w": 24, "x": 0, "y": 45 }, - "panelIndex": "7b2fd611-413f-42a2-a4ae-6b14098521bd", + "panelIndex": "1129632e-0004-4421-bf56-406d8499a2bb", "title": "Top 10 Question Name [Logs Infoblox NIOS]", "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "panelRefName": "panel_7", + "type": "search", "version": "7.17.0" }, { "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "panelRefName": "panel_8", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, "attributes": { "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], "state": { "datasourceStates": { "indexpattern": { @@ -873,7 +1811,7 @@ "filters": [], "query": { "language": "kuery", - "query": "" + "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" }, "visualization": { "columns": [ @@ -892,23 +1830,32 @@ } }, "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ] + } }, "gridData": { "h": 15, - "i": "eff09424-7521-473d-88ab-368aa2d33b69", + "i": "5a855a3a-e38e-432e-b09a-0960167960cd", "w": 24, "x": 24, "y": 45 }, - "panelIndex": "eff09424-7521-473d-88ab-368aa2d33b69", + "panelIndex": "5a855a3a-e38e-432e-b09a-0960167960cd", "title": "Top 10 Query Type [Logs Infoblox NIOS]", "type": "lens", - "version": "7.17.0" + "version": "7.16.0" } ], "timeRestore": false, @@ -916,105 +1863,95 @@ "version": 1 }, "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, { "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", - "name": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca:panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "name": "panel_7", "type": "search" }, { "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", - "name": "33030bbb-3670-4b20-ab01-b0eb157ea4e5:panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "name": "panel_8", "type": "search" }, { - "id": "logs-*", - "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" + "type": "index-pattern", + "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "id": "logs-*" }, { - "id": "logs-*", - "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" + "type": "index-pattern", + "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "id": "logs-*" }, { - "id": "logs-*", - "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" + "type": "index-pattern", + "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "id": "logs-*" }, { - "id": "logs-*", - "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" + "type": "index-pattern", + "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" }, { - "id": "logs-*", - "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" + "type": "index-pattern", + "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" }, { - "id": "logs-*", - "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" + "type": "index-pattern", + "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" }, { - "id": "logs-*", - "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" + "type": "index-pattern", + "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" }, { - "id": "logs-*", - "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "type": "index-pattern", + "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-current-indexpattern", + "id": "logs-*" }, { - "id": "logs-*", - "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" + "type": "index-pattern", + "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "id": "logs-*" } ], "migrationVersion": { From 1a07fe027b2d1124af2536f0fbf6aa636b076696 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:09:15 +0530 Subject: [PATCH 056/103] revert infoblox_nios changelog --- packages/infoblox_nios/changelog.yml | 5 ----- packages/infoblox_nios/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index 73b2c935a3c..5a121a26d27 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.3.3" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: '1.3.2' changes: - description: Remove saved library visualizations and add an on_failure processor to the date and convert processors. diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index a9c8dd0e428..53c8b987ff9 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_nios title: Infoblox NIOS -version: '1.3.3' +version: '1.3.2' license: basic description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration From 92fa07c0b9dde33c70fdd6cd05b1ae55ad78c408 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:10:12 +0530 Subject: [PATCH 057/103] Revert "migrate panw to by_value" This reverts commit 0e872c8897e24f6cd131184dbcdc76e0b586cb4b. --- ...-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json | 1317 ++++--- ...-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json | 3117 ++++++++-------- ...-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json | 1051 +++--- ...-772964e0-7591-11e9-aacf-79a3704914a0.json | 2613 +++++++------- ...-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json | 1469 ++++---- ...-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json | 1297 ++++--- ...-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json | 1327 ++++--- ...-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json | 1269 ++++--- ...-e40ba240-7572-11e9-976e-65a8f47cc4c1.json | 3137 ++++++++--------- ...-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json | 2731 +++++++------- 10 files changed, 9639 insertions(+), 9689 deletions(-) diff --git a/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json index 9c528cbd08f..cc6a6774426 100644 --- a/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e.json @@ -1,690 +1,685 @@ { - "id": "panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU3NCwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS HIP Match and Correlated Events Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"CORRELATION\" or panw.panos.type: \"HIP-MATCH\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b": { - "columnOrder": [ - "213aacfe-f046-4624-b371-f854e932f413", - "bef17b31-4c6f-42cf-b272-cd400397487c" - ], - "columns": { - "213aacfe-f046-4624-b371-f854e932f413": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operating System", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "bef17b31-4c6f-42cf-b272-cd400397487c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.full" - }, - "bef17b31-4c6f-42cf-b272-cd400397487c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "Palo Alto Networks PAN-OS HIP Match and Correlated Events Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"CORRELATION\" or panw.panos.type: \"HIP-MATCH\")" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "213aacfe-f046-4624-b371-f854e932f413" - ], - "layerId": "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", - "layerType": "data", - "legendDisplay": "default", - "metric": "bef17b31-4c6f-42cf-b272-cd400397487c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 15, - "i": "a022bf97-bef4-4918-ac28-4c48f0dbc048", - "w": 17, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "a022bf97-bef4-4918-ac28-4c48f0dbc048", - "title": "Distribution of HIP Events by Operating System [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7f464e45-4071-44f2-b122-136cc384955a": { - "columnOrder": [ - "52feda80-444c-4544-bc15-bb4425f238f4", - "fa644902-2280-4df7-a3ab-329ed5ea5506" - ], - "columns": { - "52feda80-444c-4544-bc15-bb4425f238f4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "HIP Match Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "fa644902-2280-4df7-a3ab-329ed5ea5506", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b": { + "columnOrder": [ + "213aacfe-f046-4624-b371-f854e932f413", + "bef17b31-4c6f-42cf-b272-cd400397487c" + ], + "columns": { + "213aacfe-f046-4624-b371-f854e932f413": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operating System", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "bef17b31-4c6f-42cf-b272-cd400397487c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.full" + }, + "bef17b31-4c6f-42cf-b272-cd400397487c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.matchname" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "213aacfe-f046-4624-b371-f854e932f413" + ], + "layerId": "c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", + "layerType": "data", + "legendDisplay": "default", + "metric": "bef17b31-4c6f-42cf-b272-cd400397487c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "fa644902-2280-4df7-a3ab-329ed5ea5506": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "a022bf97-bef4-4918-ac28-4c48f0dbc048", + "w": 17, + "x": 0, + "y": 0 }, - "layers": [ - { - "accessors": [ - "fa644902-2280-4df7-a3ab-329ed5ea5506" - ], - "layerId": "7f464e45-4071-44f2-b122-136cc384955a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "52feda80-444c-4544-bc15-bb4425f238f4" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "a022bf97-bef4-4918-ac28-4c48f0dbc048", + "title": "Distribution of HIP Events by Operating System [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7f464e45-4071-44f2-b122-136cc384955a": { + "columnOrder": [ + "52feda80-444c-4544-bc15-bb4425f238f4", + "fa644902-2280-4df7-a3ab-329ed5ea5506" + ], + "columns": { + "52feda80-444c-4544-bc15-bb4425f238f4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "HIP Match Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "fa644902-2280-4df7-a3ab-329ed5ea5506", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.matchname" + }, + "fa644902-2280-4df7-a3ab-329ed5ea5506": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "fa644902-2280-4df7-a3ab-329ed5ea5506" + ], + "layerId": "7f464e45-4071-44f2-b122-136cc384955a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "52feda80-444c-4544-bc15-bb4425f238f4" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "c3058ed9-5860-4652-a8aa-86b0a2a46806", + "w": 16, + "x": 17, + "y": 0 }, - "valueLabels": "hide" - } + "panelIndex": "c3058ed9-5860-4652-a8aa-86b0a2a46806", + "title": "Distribution of HIP Events by HIP Match Name [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c3058ed9-5860-4652-a8aa-86b0a2a46806", - "w": 16, - "x": 17, - "y": 0 - }, - "panelIndex": "c3058ed9-5860-4652-a8aa-86b0a2a46806", - "title": "Distribution of HIP Events by HIP Match Name [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "13017eeb-8282-4291-a21c-aad1432731cf": { - "columnOrder": [ - "c76c4451-34be-4ce1-b91c-9f4cd84cd693", - "12ec2de6-7681-4d61-8772-15389b3df118" - ], - "columns": { - "12ec2de6-7681-4d61-8772-15389b3df118": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "c76c4451-34be-4ce1-b91c-9f4cd84cd693": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "HIP Match Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "12ec2de6-7681-4d61-8772-15389b3df118", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "13017eeb-8282-4291-a21c-aad1432731cf": { + "columnOrder": [ + "c76c4451-34be-4ce1-b91c-9f4cd84cd693", + "12ec2de6-7681-4d61-8772-15389b3df118" + ], + "columns": { + "12ec2de6-7681-4d61-8772-15389b3df118": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "c76c4451-34be-4ce1-b91c-9f4cd84cd693": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "HIP Match Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "12ec2de6-7681-4d61-8772-15389b3df118", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.matchtype" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.matchtype" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c76c4451-34be-4ce1-b91c-9f4cd84cd693" - ], - "layerId": "13017eeb-8282-4291-a21c-aad1432731cf", - "layerType": "data", - "legendDisplay": "default", - "metric": "12ec2de6-7681-4d61-8772-15389b3df118", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "2ec6098c-96f5-43d7-b068-7a155484fde2", - "w": 15, - "x": 33, - "y": 0 - }, - "panelIndex": "2ec6098c-96f5-43d7-b068-7a155484fde2", - "title": "Distribution of HIP Events by HIP Match Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ecea3039-c2bb-4d00-94c8-8cdc634e78e5": { - "columnOrder": [ - "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362", - "50b7a409-5678-4e93-a760-f08c03f4f9a5" - ], - "columns": { - "50b7a409-5678-4e93-a760-f08c03f4f9a5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type: \"HIPMATCH\" or panw.panos.type: \"HIP-MATCH\")" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c76c4451-34be-4ce1-b91c-9f4cd84cd693" + ], + "layerId": "13017eeb-8282-4291-a21c-aad1432731cf", + "layerType": "data", + "legendDisplay": "default", + "metric": "12ec2de6-7681-4d61-8772-15389b3df118", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "50b7a409-5678-4e93-a760-f08c03f4f9a5", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2ec6098c-96f5-43d7-b068-7a155484fde2", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "2ec6098c-96f5-43d7-b068-7a155484fde2", + "title": "Distribution of HIP Events by HIP Match Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ecea3039-c2bb-4d00-94c8-8cdc634e78e5": { + "columnOrder": [ + "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362", + "50b7a409-5678-4e93-a760-f08c03f4f9a5" + ], + "columns": { + "50b7a409-5678-4e93-a760-f08c03f4f9a5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "50b7a409-5678-4e93-a760-f08c03f4f9a5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362" - ], - "layerId": "ecea3039-c2bb-4d00-94c8-8cdc634e78e5", - "layerType": "data", - "legendDisplay": "default", - "metric": "50b7a409-5678-4e93-a760-f08c03f4f9a5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7d23e185-ac62-4c2a-9538-c8a08d972231", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "7d23e185-ac62-4c2a-9538-c8a08d972231", - "title": "Distribution of Correlated Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e": { - "columnOrder": [ - "db7c247a-7051-46f3-ac80-76737c7c839d", - "c1834fd1-09ac-4c72-9f98-e13000c3c28a" - ], - "columns": { - "c1834fd1-09ac-4c72-9f98-e13000c3c28a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d4d2f14d-b7e3-4ad9-a00b-b6de8e0c3362" + ], + "layerId": "ecea3039-c2bb-4d00-94c8-8cdc634e78e5", + "layerType": "data", + "legendDisplay": "default", + "metric": "50b7a409-5678-4e93-a760-f08c03f4f9a5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "db7c247a-7051-46f3-ac80-76737c7c839d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "7d23e185-ac62-4c2a-9538-c8a08d972231", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "7d23e185-ac62-4c2a-9538-c8a08d972231", + "title": "Distribution of Correlated Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e": { + "columnOrder": [ + "db7c247a-7051-46f3-ac80-76737c7c839d", + "c1834fd1-09ac-4c72-9f98-e13000c3c28a" + ], + "columns": { + "c1834fd1-09ac-4c72-9f98-e13000c3c28a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "db7c247a-7051-46f3-ac80-76737c7c839d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.object.name" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.object.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "db7c247a-7051-46f3-ac80-76737c7c839d" - ], - "layerId": "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", - "layerType": "data", - "legendDisplay": "default", - "metric": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type: \"CORRELATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "db7c247a-7051-46f3-ac80-76737c7c839d" + ], + "layerId": "d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", + "layerType": "data", + "legendDisplay": "default", + "metric": "c1834fd1-09ac-4c72-9f98-e13000c3c28a", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fd6b1cb2-9972-45bb-933f-dd4fae739199", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "fd6b1cb2-9972-45bb-933f-dd4fae739199", + "title": "Distribution of Correlated Events by Correlation Object Name [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "1d88372a-3942-430d-81da-769e97f4b550", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "1d88372a-3942-430d-81da-769e97f4b550", + "panelRefName": "panel_1d88372a-3942-430d-81da-769e97f4b550", + "type": "search", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "184022a9-caeb-489e-b6a7-0449993693f5", + "w": 48, + "x": 0, + "y": 49 + }, + "panelIndex": "184022a9-caeb-489e-b6a7-0449993693f5", + "panelRefName": "panel_184022a9-caeb-489e-b6a7-0449993693f5", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] HIP Match and Correlated Events", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-0c0fa830-dca5-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "fd6b1cb2-9972-45bb-933f-dd4fae739199", - "w": 24, - "x": 24, - "y": 15 + { + "id": "logs-*", + "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", + "type": "index-pattern" }, - "panelIndex": "fd6b1cb2-9972-45bb-933f-dd4fae739199", - "title": "Distribution of Correlated Events by Correlation Object Name [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 19, - "i": "1d88372a-3942-430d-81da-769e97f4b550", - "w": 48, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", + "type": "index-pattern" }, - "panelIndex": "1d88372a-3942-430d-81da-769e97f4b550", - "panelRefName": "panel_1d88372a-3942-430d-81da-769e97f4b550", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 19, - "i": "184022a9-caeb-489e-b6a7-0449993693f5", - "w": 48, - "x": 0, - "y": 49 + { + "id": "logs-*", + "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", + "type": "index-pattern" }, - "panelIndex": "184022a9-caeb-489e-b6a7-0449993693f5", - "panelRefName": "panel_184022a9-caeb-489e-b6a7-0449993693f5", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", + "type": "index-pattern" + }, + { + "id": "panw-6d0ea500-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "1d88372a-3942-430d-81da-769e97f4b550:panel_1d88372a-3942-430d-81da-769e97f4b550", + "type": "search" + }, + { + "id": "panw-79d117f0-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "184022a9-caeb-489e-b6a7-0449993693f5:panel_184022a9-caeb-489e-b6a7-0449993693f5", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] HIP Match and Correlated Events", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a022bf97-bef4-4918-ac28-4c48f0dbc048:indexpattern-datasource-layer-c84bd12b-13d4-4cd1-99cb-e08d7d4f152b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3058ed9-5860-4652-a8aa-86b0a2a46806:indexpattern-datasource-layer-7f464e45-4071-44f2-b122-136cc384955a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2ec6098c-96f5-43d7-b068-7a155484fde2:indexpattern-datasource-layer-13017eeb-8282-4291-a21c-aad1432731cf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7d23e185-ac62-4c2a-9538-c8a08d972231:indexpattern-datasource-layer-ecea3039-c2bb-4d00-94c8-8cdc634e78e5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fd6b1cb2-9972-45bb-933f-dd4fae739199:indexpattern-datasource-layer-d6ba7cff-ca10-4ab8-826f-dcfa8ce68d0e", - "type": "index-pattern" - }, - { - "id": "panw-6d0ea500-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "1d88372a-3942-430d-81da-769e97f4b550:panel_1d88372a-3942-430d-81da-769e97f4b550", - "type": "search" - }, - { - "id": "panw-79d117f0-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "184022a9-caeb-489e-b6a7-0449993693f5:panel_184022a9-caeb-489e-b6a7-0449993693f5", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json index da5d5b238f0..a5aebfdff9e 100644 --- a/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e.json @@ -1,1622 +1,1617 @@ { - "id": "panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU3NSwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS Decryption Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0a1f2b2a-3817-47b2-9ded-a2772d821cc1": { - "columnOrder": [ - "5656e6ee-cecb-455b-a0f0-47237ed058f3", - "169ca387-1f16-454b-acc6-c73c7de21561" - ], - "columns": { - "169ca387-1f16-454b-acc6-c73c7de21561": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "5656e6ee-cecb-455b-a0f0-47237ed058f3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "169ca387-1f16-454b-acc6-c73c7de21561", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "network.application" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "Palo Alto Networks PAN-OS Decryption Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "169ca387-1f16-454b-acc6-c73c7de21561" - ], - "layerId": "0a1f2b2a-3817-47b2-9ded-a2772d821cc1", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "5656e6ee-cecb-455b-a0f0-47237ed058f3" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 15, - "i": "273c129c-8842-432b-b61c-1a5f51e62780", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "273c129c-8842-432b-b61c-1a5f51e62780", - "title": "Distribution of Decryption Events by Application [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e3456bbd-160b-404f-9528-7405677dea0f": { - "columnOrder": [ - "dd605c7a-a46e-4792-bc82-ca3ce60c9f36", - "96706faa-7161-41bf-a6af-99d770fbbec1" - ], - "columns": { - "96706faa-7161-41bf-a6af-99d770fbbec1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "dd605c7a-a46e-4792-bc82-ca3ce60c9f36": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "96706faa-7161-41bf-a6af-99d770fbbec1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dd605c7a-a46e-4792-bc82-ca3ce60c9f36" - ], - "layerId": "e3456bbd-160b-404f-9528-7405677dea0f", - "layerType": "data", - "legendDisplay": "default", - "metric": "96706faa-7161-41bf-a6af-99d770fbbec1", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "60877c36-6915-4458-9734-0045530351d2", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "60877c36-6915-4458-9734-0045530351d2", - "title": "Distribution of Decryption Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f": { - "columnOrder": [ - "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff", - "38e78a86-5605-4737-ac42-9d7971a4eca2" - ], - "columns": { - "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Chain Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "38e78a86-5605-4737-ac42-9d7971a4eca2", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0a1f2b2a-3817-47b2-9ded-a2772d821cc1": { + "columnOrder": [ + "5656e6ee-cecb-455b-a0f0-47237ed058f3", + "169ca387-1f16-454b-acc6-c73c7de21561" + ], + "columns": { + "169ca387-1f16-454b-acc6-c73c7de21561": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "5656e6ee-cecb-455b-a0f0-47237ed058f3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "169ca387-1f16-454b-acc6-c73c7de21561", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "network.application" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.chain_status" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "169ca387-1f16-454b-acc6-c73c7de21561" + ], + "layerId": "0a1f2b2a-3817-47b2-9ded-a2772d821cc1", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "5656e6ee-cecb-455b-a0f0-47237ed058f3" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "38e78a86-5605-4737-ac42-9d7971a4eca2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff" - ], - "layerId": "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", - "layerType": "data", - "legendDisplay": "default", - "metric": "38e78a86-5605-4737-ac42-9d7971a4eca2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "273c129c-8842-432b-b61c-1a5f51e62780", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "273c129c-8842-432b-b61c-1a5f51e62780", + "title": "Distribution of Decryption Events by Application [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", - "title": "Distribution of Decryption Events by Chain Status [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "10ee237f-72a3-4b39-985b-16d59be50d6a": { - "columnOrder": [ - "739a9191-bc05-4441-9e3e-f4cd17beca61", - "cf793881-83c9-4d7c-9165-91969d514bbf" - ], - "columns": { - "739a9191-bc05-4441-9e3e-f4cd17beca61": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Proxy Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "cf793881-83c9-4d7c-9165-91969d514bbf", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e3456bbd-160b-404f-9528-7405677dea0f": { + "columnOrder": [ + "dd605c7a-a46e-4792-bc82-ca3ce60c9f36", + "96706faa-7161-41bf-a6af-99d770fbbec1" + ], + "columns": { + "96706faa-7161-41bf-a6af-99d770fbbec1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "dd605c7a-a46e-4792-bc82-ca3ce60c9f36": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "96706faa-7161-41bf-a6af-99d770fbbec1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.proxy_type" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dd605c7a-a46e-4792-bc82-ca3ce60c9f36" + ], + "layerId": "e3456bbd-160b-404f-9528-7405677dea0f", + "layerType": "data", + "legendDisplay": "default", + "metric": "96706faa-7161-41bf-a6af-99d770fbbec1", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "cf793881-83c9-4d7c-9165-91969d514bbf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "cf793881-83c9-4d7c-9165-91969d514bbf" - ], - "layerId": "10ee237f-72a3-4b39-985b-16d59be50d6a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "739a9191-bc05-4441-9e3e-f4cd17beca61" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "60877c36-6915-4458-9734-0045530351d2", + "w": 24, + "x": 24, + "y": 0 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "60877c36-6915-4458-9734-0045530351d2", + "title": "Distribution of Decryption Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", - "title": "Distribution of Decryption Events by Proxy Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "91f1752b-14fd-4366-a964-592e86a37d44": { - "columnOrder": [ - "27b3efdd-051e-4b22-bf84-4daa570470b1", - "2da3bd48-780e-49dd-aaa1-ae672efe47e6" - ], - "columns": { - "27b3efdd-051e-4b22-bf84-4daa570470b1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Error Message", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f": { + "columnOrder": [ + "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff", + "38e78a86-5605-4737-ac42-9d7971a4eca2" + ], + "columns": { + "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Chain Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "38e78a86-5605-4737-ac42-9d7971a4eca2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.chain_status" + }, + "38e78a86-5605-4737-ac42-9d7971a4eca2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.error_message" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "2aa5f290-d9db-4440-a2f7-e70f7e4e60ff" + ], + "layerId": "36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", + "layerType": "data", + "legendDisplay": "default", + "metric": "38e78a86-5605-4737-ac42-9d7971a4eca2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "2da3bd48-780e-49dd-aaa1-ae672efe47e6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "columns": [ - { - "columnId": "27b3efdd-051e-4b22-bf84-4daa570470b1", - "isTransposed": false - }, - { - "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", - "isTransposed": false - } - ], - "layerId": "91f1752b-14fd-4366-a964-592e86a37d44", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "fc2e238c-bfdb-46bf-8058-4247a049c1f9", + "title": "Distribution of Decryption Events by Chain Status [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "535ac774-beac-497a-8638-564774234ede", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "535ac774-beac-497a-8638-564774234ede", - "title": "Top 10 Error [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0a283787-56f6-4ce7-a9f0-91bdd61831ce": { - "columnOrder": [ - "4903d888-08e2-4a48-b18d-54f89392bf82", - "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" - ], - "columns": { - "4903d888-08e2-4a48-b18d-54f89392bf82": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Server Name Indication", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "10ee237f-72a3-4b39-985b-16d59be50d6a": { + "columnOrder": [ + "739a9191-bc05-4441-9e3e-f4cd17beca61", + "cf793881-83c9-4d7c-9165-91969d514bbf" + ], + "columns": { + "739a9191-bc05-4441-9e3e-f4cd17beca61": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Proxy Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "cf793881-83c9-4d7c-9165-91969d514bbf", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.proxy_type" + }, + "cf793881-83c9-4d7c-9165-91969d514bbf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "tls.client.server_name" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "cf793881-83c9-4d7c-9165-91969d514bbf" + ], + "layerId": "10ee237f-72a3-4b39-985b-16d59be50d6a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "739a9191-bc05-4441-9e3e-f4cd17beca61" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "ddca6015-ca04-42a0-b78b-ce0d5ad20a08": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "columns": [ - { - "columnId": "4903d888-08e2-4a48-b18d-54f89392bf82" - }, - { - "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" - } - ], - "layerId": "0a283787-56f6-4ce7-a9f0-91bdd61831ce", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "6591258a-e52b-45be-91e2-4f4e1b6b2ada", + "title": "Distribution of Decryption Events by Proxy Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e683dc3b-605f-41e5-8032-11433a7d70be", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "e683dc3b-605f-41e5-8032-11433a7d70be", - "title": "Top 10 Server Name Indication with most Failed Connections [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9ad4ffee-bb6c-4326-aa74-a134b520da03": { - "columnOrder": [ - "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", - "189c38f5-e74a-49c6-801c-eb0e643b360f" - ], - "columns": { - "189c38f5-e74a-49c6-801c-eb0e643b360f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Source Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "columns": [ - { - "columnId": "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", - "isTransposed": false - }, - { - "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", - "isTransposed": false - } - ], - "layerId": "9ad4ffee-bb6c-4326-aa74-a134b520da03", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", - "title": "Top 10 Source Address with most Failed Connections [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "261ac1f2-5198-4650-a17b-15c7b57ee371": { - "columnOrder": [ - "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", - "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9" - ], - "columns": { - "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Destination Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "91f1752b-14fd-4366-a964-592e86a37d44": { + "columnOrder": [ + "27b3efdd-051e-4b22-bf84-4daa570470b1", + "2da3bd48-780e-49dd-aaa1-ae672efe47e6" + ], + "columns": { + "27b3efdd-051e-4b22-bf84-4daa570470b1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Error Message", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.error_message" + }, + "2da3bd48-780e-49dd-aaa1-ae672efe47e6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "columns": [ - { - "columnId": "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", - "isTransposed": false - }, - { - "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", - "isTransposed": false - } - ], - "layerId": "261ac1f2-5198-4650-a17b-15c7b57ee371", - "layerType": "data" - } + "visualization": { + "columns": [ + { + "columnId": "27b3efdd-051e-4b22-bf84-4daa570470b1", + "isTransposed": false + }, + { + "columnId": "2da3bd48-780e-49dd-aaa1-ae672efe47e6", + "isTransposed": false + } + ], + "layerId": "91f1752b-14fd-4366-a964-592e86a37d44", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "535ac774-beac-497a-8638-564774234ede", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "535ac774-beac-497a-8638-564774234ede", + "title": "Top 10 Error [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e31c9509-4414-4cf5-827a-3df1714c8f3f", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "e31c9509-4414-4cf5-827a-3df1714c8f3f", - "title": "Top 10 Destination Address with most Failed Connections [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "03ce0c58-ab6f-4550-bc18-39fd5cbee55a": { - "columnOrder": [ - "3e03329e-329b-43fe-b2f8-f245b96eedb7", - "e6337ddb-d93c-4008-a4aa-43ff23e4634d" - ], - "columns": { - "3e03329e-329b-43fe-b2f8-f245b96eedb7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Key Exchange Algorithm", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e6337ddb-d93c-4008-a4aa-43ff23e4634d", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0a283787-56f6-4ce7-a9f0-91bdd61831ce": { + "columnOrder": [ + "4903d888-08e2-4a48-b18d-54f89392bf82", + "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" + ], + "columns": { + "4903d888-08e2-4a48-b18d-54f89392bf82": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Server Name Indication", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "tls.client.server_name" + }, + "ddca6015-ca04-42a0-b78b-ce0d5ad20a08": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.tls.key_exchange_algorithm" + "visualization": { + "columns": [ + { + "columnId": "4903d888-08e2-4a48-b18d-54f89392bf82" + }, + { + "columnId": "ddca6015-ca04-42a0-b78b-ce0d5ad20a08" + } + ], + "layerId": "0a283787-56f6-4ce7-a9f0-91bdd61831ce", + "layerType": "data" + } }, - "e6337ddb-d93c-4008-a4aa-43ff23e4634d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "e6337ddb-d93c-4008-a4aa-43ff23e4634d" - ], - "layerId": "03ce0c58-ab6f-4550-bc18-39fd5cbee55a", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "3e03329e-329b-43fe-b2f8-f245b96eedb7" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "e683dc3b-605f-41e5-8032-11433a7d70be", + "w": 24, + "x": 24, + "y": 30 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "e683dc3b-605f-41e5-8032-11433a7d70be", + "title": "Top 10 Server Name Indication with most Failed Connections [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", - "title": "Distribution of Decryption Events by Key Exchange Algorithm [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3": { - "columnOrder": [ - "d66c218a-cb16-4e33-98c4-503372e356d2", - "6d600efe-e5b5-4eb4-97aa-58ddbf143985" - ], - "columns": { - "6d600efe-e5b5-4eb4-97aa-58ddbf143985": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "d66c218a-cb16-4e33-98c4-503372e356d2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Encryption Algorithm", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6d600efe-e5b5-4eb4-97aa-58ddbf143985", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9ad4ffee-bb6c-4326-aa74-a134b520da03": { + "columnOrder": [ + "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", + "189c38f5-e74a-49c6-801c-eb0e643b360f" + ], + "columns": { + "189c38f5-e74a-49c6-801c-eb0e643b360f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "tls.cipher" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "columnId": "a6cc5fb0-05bd-4088-9ea6-f97a9413eb7a", + "isTransposed": false + }, + { + "columnId": "189c38f5-e74a-49c6-801c-eb0e643b360f", + "isTransposed": false + } + ], + "layerId": "9ad4ffee-bb6c-4326-aa74-a134b520da03", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", + "w": 24, + "x": 0, + "y": 45 }, - "layers": [ - { - "accessors": [ - "6d600efe-e5b5-4eb4-97aa-58ddbf143985" - ], - "layerId": "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "d66c218a-cb16-4e33-98c4-503372e356d2" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "b68d2d9e-6dee-47fb-8918-51e47b18ead0", + "title": "Top 10 Source Address with most Failed Connections [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "261ac1f2-5198-4650-a17b-15c7b57ee371": { + "columnOrder": [ + "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", + "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9" + ], + "columns": { + "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "columnId": "fa1aaf6c-7f94-4c9c-b462-fb30e6df3478", + "isTransposed": false + }, + { + "columnId": "00d0a2eb-48ff-4d03-9a3c-9992d8f35ee9", + "isTransposed": false + } + ], + "layerId": "261ac1f2-5198-4650-a17b-15c7b57ee371", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "e31c9509-4414-4cf5-827a-3df1714c8f3f", + "w": 24, + "x": 24, + "y": 45 }, - "valueLabels": "hide" - } + "panelIndex": "e31c9509-4414-4cf5-827a-3df1714c8f3f", + "title": "Top 10 Destination Address with most Failed Connections [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", - "title": "Distribution of Decryption Events by Encryption Algorithm [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2bdbdf21-3cdc-4a09-9527-0cf6b034952b": { - "columnOrder": [ - "be15de7a-45d1-4d79-92a3-5f800c77511d", - "bce6f5ad-597b-4473-8fb8-6e975ba927b5", - "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", - "633cc635-0352-44f5-8eaf-66bd75f9f080" - ], - "columns": { - "633cc635-0352-44f5-8eaf-66bd75f9f080": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "bce6f5ad-597b-4473-8fb8-6e975ba927b5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "03ce0c58-ab6f-4550-bc18-39fd5cbee55a": { + "columnOrder": [ + "3e03329e-329b-43fe-b2f8-f245b96eedb7", + "e6337ddb-d93c-4008-a4aa-43ff23e4634d" + ], + "columns": { + "3e03329e-329b-43fe-b2f8-f245b96eedb7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Key Exchange Algorithm", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e6337ddb-d93c-4008-a4aa-43ff23e4634d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.tls.key_exchange_algorithm" + }, + "e6337ddb-d93c-4008-a4aa-43ff23e4634d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e6337ddb-d93c-4008-a4aa-43ff23e4634d" + ], + "layerId": "03ce0c58-ab6f-4550-bc18-39fd5cbee55a", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "3e03329e-329b-43fe-b2f8-f245b96eedb7" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "be15de7a-45d1-4d79-92a3-5f800c77511d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd", + "title": "Distribution of Decryption Events by Key Exchange Algorithm [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3": { + "columnOrder": [ + "d66c218a-cb16-4e33-98c4-503372e356d2", + "6d600efe-e5b5-4eb4-97aa-58ddbf143985" + ], + "columns": { + "6d600efe-e5b5-4eb4-97aa-58ddbf143985": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d66c218a-cb16-4e33-98c4-503372e356d2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Encryption Algorithm", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6d600efe-e5b5-4eb4-97aa-58ddbf143985", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "tls.cipher" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "6d600efe-e5b5-4eb4-97aa-58ddbf143985" + ], + "layerId": "e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "d66c218a-cb16-4e33-98c4-503372e356d2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "dbb2a798-6ac3-4134-8fc4-689a8bd7c381": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93", + "title": "Distribution of Decryption Events by Encryption Algorithm [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2bdbdf21-3cdc-4a09-9527-0cf6b034952b": { + "columnOrder": [ + "be15de7a-45d1-4d79-92a3-5f800c77511d", + "bce6f5ad-597b-4473-8fb8-6e975ba927b5", + "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", + "633cc635-0352-44f5-8eaf-66bd75f9f080" + ], + "columns": { + "633cc635-0352-44f5-8eaf-66bd75f9f080": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "bce6f5ad-597b-4473-8fb8-6e975ba927b5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" + }, + "be15de7a-45d1-4d79-92a3-5f800c77511d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" + }, + "dbb2a798-6ac3-4134-8fc4-689a8bd7c381": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "be15de7a-45d1-4d79-92a3-5f800c77511d" - }, - { - "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080" - }, - { - "columnId": "bce6f5ad-597b-4473-8fb8-6e975ba927b5", - "isTransposed": false - }, - { - "columnId": "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", - "isTransposed": false - } - ], - "layerId": "2bdbdf21-3cdc-4a09-9527-0cf6b034952b", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "01669ea1-9180-42ff-8cc8-05a23c12780e", - "w": 30, - "x": 0, - "y": 75 - }, - "panelIndex": "01669ea1-9180-42ff-8cc8-05a23c12780e", - "title": "Top 10 Decryption Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0a46389d-3f5c-4328-b48a-fe24ecd5486c": { - "columnOrder": [ - "c244fc71-33cf-4b65-9a3f-fad84925238c", - "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" - ], - "columns": { - "bec308e9-4ffb-45cd-ab8e-6d9eb625e457": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "be15de7a-45d1-4d79-92a3-5f800c77511d" + }, + { + "columnId": "633cc635-0352-44f5-8eaf-66bd75f9f080" + }, + { + "columnId": "bce6f5ad-597b-4473-8fb8-6e975ba927b5", + "isTransposed": false + }, + { + "columnId": "dbb2a798-6ac3-4134-8fc4-689a8bd7c381", + "isTransposed": false + } + ], + "layerId": "2bdbdf21-3cdc-4a09-9527-0cf6b034952b", + "layerType": "data" + } }, - "c244fc71-33cf-4b65-9a3f-fad84925238c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Hash Algorithm", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "bec308e9-4ffb-45cd-ab8e-6d9eb625e457", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "01669ea1-9180-42ff-8cc8-05a23c12780e", + "w": 30, + "x": 0, + "y": 75 + }, + "panelIndex": "01669ea1-9180-42ff-8cc8-05a23c12780e", + "title": "Top 10 Decryption Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0a46389d-3f5c-4328-b48a-fe24ecd5486c": { + "columnOrder": [ + "c244fc71-33cf-4b65-9a3f-fad84925238c", + "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" + ], + "columns": { + "bec308e9-4ffb-45cd-ab8e-6d9eb625e457": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "c244fc71-33cf-4b65-9a3f-fad84925238c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Hash Algorithm", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "bec308e9-4ffb-45cd-ab8e-6d9eb625e457", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.tls.auth" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.tls.auth" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"DECRYPTION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" + ], + "layerId": "0a46389d-3f5c-4328-b48a-fe24ecd5486c", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "c244fc71-33cf-4b65-9a3f-fad84925238c" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "91822551-bc1a-4aec-af03-80405ca46542", + "w": 18, + "x": 30, + "y": 75 }, - "layers": [ - { - "accessors": [ - "bec308e9-4ffb-45cd-ab8e-6d9eb625e457" - ], - "layerId": "0a46389d-3f5c-4328-b48a-fe24ecd5486c", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "c244fc71-33cf-4b65-9a3f-fad84925238c" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "91822551-bc1a-4aec-af03-80405ca46542", + "title": "Distribution of Decryption Events by Hash Algorithm [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 21, + "i": "60d06a77-6706-46d9-b97f-1cc189450891", + "w": 48, + "x": 0, + "y": 90 }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "panelIndex": "60d06a77-6706-46d9-b97f-1cc189450891", + "panelRefName": "panel_60d06a77-6706-46d9-b97f-1cc189450891", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Decryption", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-42d2b320-dcec-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "91822551-bc1a-4aec-af03-80405ca46542", - "w": 18, - "x": 30, - "y": 75 + { + "id": "logs-*", + "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "91822551-bc1a-4aec-af03-80405ca46542", - "title": "Distribution of Decryption Events by Hash Algorithm [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "60d06a77-6706-46d9-b97f-1cc189450891", - "w": 48, - "x": 0, - "y": 90 + { + "id": "logs-*", + "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "60d06a77-6706-46d9-b97f-1cc189450891", - "panelRefName": "panel_60d06a77-6706-46d9-b97f-1cc189450891", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", + "type": "index-pattern" + }, + { + "id": "panw-cfbe1f60-ddb7-11ec-8e76-9b3b99f98cd4", + "name": "60d06a77-6706-46d9-b97f-1cc189450891:panel_60d06a77-6706-46d9-b97f-1cc189450891", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] Decryption", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "273c129c-8842-432b-b61c-1a5f51e62780:indexpattern-datasource-layer-0a1f2b2a-3817-47b2-9ded-a2772d821cc1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "60877c36-6915-4458-9734-0045530351d2:indexpattern-datasource-layer-e3456bbd-160b-404f-9528-7405677dea0f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fc2e238c-bfdb-46bf-8058-4247a049c1f9:indexpattern-datasource-layer-36bcd8e7-dfb0-435b-9d4f-684c5de8bd6f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6591258a-e52b-45be-91e2-4f4e1b6b2ada:indexpattern-datasource-layer-10ee237f-72a3-4b39-985b-16d59be50d6a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "535ac774-beac-497a-8638-564774234ede:indexpattern-datasource-layer-91f1752b-14fd-4366-a964-592e86a37d44", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e683dc3b-605f-41e5-8032-11433a7d70be:indexpattern-datasource-layer-0a283787-56f6-4ce7-a9f0-91bdd61831ce", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b68d2d9e-6dee-47fb-8918-51e47b18ead0:indexpattern-datasource-layer-9ad4ffee-bb6c-4326-aa74-a134b520da03", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e31c9509-4414-4cf5-827a-3df1714c8f3f:indexpattern-datasource-layer-261ac1f2-5198-4650-a17b-15c7b57ee371", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d57fec0d-1edb-4f4e-bd99-5dddec0bf3bd:indexpattern-datasource-layer-03ce0c58-ab6f-4550-bc18-39fd5cbee55a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "298f3f11-1cbf-4a06-a02a-df2eecd1fa93:indexpattern-datasource-layer-e26158f2-dce6-4e2e-9d82-1b9072dcb9e3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "01669ea1-9180-42ff-8cc8-05a23c12780e:indexpattern-datasource-layer-2bdbdf21-3cdc-4a09-9527-0cf6b034952b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "91822551-bc1a-4aec-af03-80405ca46542:indexpattern-datasource-layer-0a46389d-3f5c-4328-b48a-fe24ecd5486c", - "type": "index-pattern" - }, - { - "id": "panw-cfbe1f60-ddb7-11ec-8e76-9b3b99f98cd4", - "name": "60d06a77-6706-46d9-b97f-1cc189450891:panel_60d06a77-6706-46d9-b97f-1cc189450891", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json index f352e05984f..6033d8e1721 100644 --- a/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e.json @@ -1,552 +1,547 @@ { - "id": "panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU3NiwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS Authentication Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e52d1a17-8798-4630-9614-4cb542506555": { - "columnOrder": [ - "dfea1029-8c01-41c7-b84b-088f6e614cfc", - "0c196e85-7a8b-439c-9011-fe2f81668719" - ], - "columns": { - "0c196e85-7a8b-439c-9011-fe2f81668719": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "dfea1029-8c01-41c7-b84b-088f6e614cfc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0c196e85-7a8b-439c-9011-fe2f81668719", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.client_type" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "Palo Alto Networks PAN-OS Authentication Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dfea1029-8c01-41c7-b84b-088f6e614cfc" - ], - "layerId": "e52d1a17-8798-4630-9614-4cb542506555", - "layerType": "data", - "legendDisplay": "default", - "metric": "0c196e85-7a8b-439c-9011-fe2f81668719", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 15, - "i": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", - "title": "Distribution of Authentication Events by Client Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "073d7d3a-fa2f-4f19-98cc-ea964520d7c5": { - "columnOrder": [ - "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775", - "b518d262-9d79-412e-b15d-9bc5be6261b3" - ], - "columns": { - "b518d262-9d79-412e-b15d-9bc5be6261b3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Authentication Protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b518d262-9d79-412e-b15d-9bc5be6261b3", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e52d1a17-8798-4630-9614-4cb542506555": { + "columnOrder": [ + "dfea1029-8c01-41c7-b84b-088f6e614cfc", + "0c196e85-7a8b-439c-9011-fe2f81668719" + ], + "columns": { + "0c196e85-7a8b-439c-9011-fe2f81668719": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "dfea1029-8c01-41c7-b84b-088f6e614cfc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0c196e85-7a8b-439c-9011-fe2f81668719", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.client_type" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.authentication.protocol" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775" - ], - "layerId": "073d7d3a-fa2f-4f19-98cc-ea964520d7c5", - "layerType": "data", - "legendDisplay": "default", - "metric": "b518d262-9d79-412e-b15d-9bc5be6261b3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", - "title": "Distribution of Authentication Events by Authentication Protocol [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6fa71679-0b9a-44c0-b19d-d810670058ec": { - "columnOrder": [ - "975ffa1d-0864-4901-ba82-945d44d87b58", - "220d4410-a7de-490a-999e-112ab874b778" - ], - "columns": { - "220d4410-a7de-490a-999e-112ab874b778": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dfea1029-8c01-41c7-b84b-088f6e614cfc" + ], + "layerId": "e52d1a17-8798-4630-9614-4cb542506555", + "layerType": "data", + "legendDisplay": "default", + "metric": "0c196e85-7a8b-439c-9011-fe2f81668719", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "975ffa1d-0864-4901-ba82-945d44d87b58": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Authentication Policy", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "220d4410-a7de-490a-999e-112ab874b778", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "21b7d1ad-b200-4fce-b8cb-7847e32ab480", + "title": "Distribution of Authentication Events by Client Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "073d7d3a-fa2f-4f19-98cc-ea964520d7c5": { + "columnOrder": [ + "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775", + "b518d262-9d79-412e-b15d-9bc5be6261b3" + ], + "columns": { + "b518d262-9d79-412e-b15d-9bc5be6261b3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b518d262-9d79-412e-b15d-9bc5be6261b3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.authentication.protocol" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.authentication.policy" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c5c05e1c-2dd6-4eb1-bf00-705ebf64f775" + ], + "layerId": "073d7d3a-fa2f-4f19-98cc-ea964520d7c5", + "layerType": "data", + "legendDisplay": "default", + "metric": "b518d262-9d79-412e-b15d-9bc5be6261b3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", + "w": 24, + "x": 24, + "y": 0 }, - "layers": [ - { - "accessors": [ - "220d4410-a7de-490a-999e-112ab874b778" - ], - "layerId": "6fa71679-0b9a-44c0-b19d-d810670058ec", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "975ffa1d-0864-4901-ba82-945d44d87b58" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee", + "title": "Distribution of Authentication Events by Authentication Protocol [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6fa71679-0b9a-44c0-b19d-d810670058ec": { + "columnOrder": [ + "975ffa1d-0864-4901-ba82-945d44d87b58", + "220d4410-a7de-490a-999e-112ab874b778" + ], + "columns": { + "220d4410-a7de-490a-999e-112ab874b778": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "975ffa1d-0864-4901-ba82-945d44d87b58": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Policy", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "220d4410-a7de-490a-999e-112ab874b778", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.authentication.policy" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "220d4410-a7de-490a-999e-112ab874b778" + ], + "layerId": "6fa71679-0b9a-44c0-b19d-d810670058ec", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "975ffa1d-0864-4901-ba82-945d44d87b58" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "bdf830aa-fe16-49fb-bb72-17542e5932f5", + "w": 24, + "x": 24, + "y": 15 }, - "valueLabels": "hide" - } + "panelIndex": "bdf830aa-fe16-49fb-bb72-17542e5932f5", + "title": "Distribution of Authentication Events by Authentication Policy [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "bdf830aa-fe16-49fb-bb72-17542e5932f5", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "bdf830aa-fe16-49fb-bb72-17542e5932f5", - "title": "Distribution of Authentication Events by Authentication Policy [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4811ae4b-f894-4276-b730-320888d3aeb6": { - "columnOrder": [ - "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e", - "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7" - ], - "columns": { - "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4811ae4b-f894-4276-b730-320888d3aeb6": { + "columnOrder": [ + "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e", + "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7" + ], + "columns": { + "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.event.result" + }, + "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.event.result" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e" + ], + "layerId": "4811ae4b-f894-4276-b730-320888d3aeb6", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"AUTHENTICATION\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "36af69fb-3b5d-4e0d-952a-7a8bdeda6e8e" - ], - "layerId": "4811ae4b-f894-4276-b730-320888d3aeb6", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5ed43f4-74ed-4671-a6db-b746ebcd4aa7", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", + "title": "Distribution of Authentication Events by Event Outcome [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 17, + "i": "d56dc109-3cca-4989-a0d0-dc7ad005e962", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "d56dc109-3cca-4989-a0d0-dc7ad005e962", + "panelRefName": "panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Authentication ", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-4782db40-dccc-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", - "w": 24, - "x": 0, - "y": 15 + { + "id": "logs-*", + "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c", - "title": "Distribution of Authentication Events by Event Outcome [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", + "type": "index-pattern" }, - "gridData": { - "h": 17, - "i": "d56dc109-3cca-4989-a0d0-dc7ad005e962", - "w": 48, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "d56dc109-3cca-4989-a0d0-dc7ad005e962", - "panelRefName": "panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", + "type": "index-pattern" + }, + { + "id": "panw-a93a1c80-dcd7-11ec-8b8b-1fae02ab6a5e", + "name": "d56dc109-3cca-4989-a0d0-dc7ad005e962:panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] Authentication ", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "21b7d1ad-b200-4fce-b8cb-7847e32ab480:indexpattern-datasource-layer-e52d1a17-8798-4630-9614-4cb542506555", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b88c12a4-6370-4960-8a73-cee4ea7cc8ee:indexpattern-datasource-layer-073d7d3a-fa2f-4f19-98cc-ea964520d7c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bdf830aa-fe16-49fb-bb72-17542e5932f5:indexpattern-datasource-layer-6fa71679-0b9a-44c0-b19d-d810670058ec", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "249ca03f-fdfb-49c7-8eaa-b0f8a65f879c:indexpattern-datasource-layer-4811ae4b-f894-4276-b730-320888d3aeb6", - "type": "index-pattern" - }, - { - "id": "panw-a93a1c80-dcd7-11ec-8b8b-1fae02ab6a5e", - "name": "d56dc109-3cca-4989-a0d0-dc7ad005e962:panel_d56dc109-3cca-4989-a0d0-dc7ad005e962", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json b/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json index 85f20f6ef3c..f725cece055 100644 --- a/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json +++ b/packages/panw/kibana/dashboard/panw-772964e0-7591-11e9-aacf-79a3704914a0.json @@ -1,1362 +1,1357 @@ { - "id": "panw-772964e0-7591-11e9-aacf-79a3704914a0", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU3NywxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS Threats Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"THREAT\" )" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a3d05f76-dd3f-4d40-931b-a59e7ea49080": { - "columnOrder": [ - "51d4cc4b-15ac-4906-a3a8-67de279ac6ed", - "06f548fe-cd57-4d0b-9388-08ed0073a7c7" - ], - "columns": { - "06f548fe-cd57-4d0b-9388-08ed0073a7c7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "attributes": { + "description": "Palo Alto Networks PAN-OS Threats Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"THREAT\" )" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a3d05f76-dd3f-4d40-931b-a59e7ea49080": { + "columnOrder": [ + "51d4cc4b-15ac-4906-a3a8-67de279ac6ed", + "06f548fe-cd57-4d0b-9388-08ed0073a7c7" + ], + "columns": { + "06f548fe-cd57-4d0b-9388-08ed0073a7c7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "51d4cc4b-15ac-4906-a3a8-67de279ac6ed": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "51d4cc4b-15ac-4906-a3a8-67de279ac6ed" + ], + "layerId": "a3d05f76-dd3f-4d40-931b-a59e7ea49080", + "layerType": "data", + "legendDisplay": "default", + "metric": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "51d4cc4b-15ac-4906-a3a8-67de279ac6ed": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", - "type": "column" + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", + "w": 15, + "x": 0, + "y": 38 + }, + "panelIndex": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", + "title": "Distribution of Threat Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d5a1b5bb-cf67-41e9-a1ad-433316867264": { + "columnOrder": [ + "ecd723b0-2069-4cd2-9996-5dc76e2e73ad", + "0717629b-3eba-4193-a867-d36009af50a1" + ], + "columns": { + "0717629b-3eba-4193-a867-d36009af50a1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ecd723b0-2069-4cd2-9996-5dc76e2e73ad": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0717629b-3eba-4193-a867-d36009af50a1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.threat_category" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "51d4cc4b-15ac-4906-a3a8-67de279ac6ed" - ], - "layerId": "a3d05f76-dd3f-4d40-931b-a59e7ea49080", - "layerType": "data", - "legendDisplay": "default", - "metric": "06f548fe-cd57-4d0b-9388-08ed0073a7c7", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "0717629b-3eba-4193-a867-d36009af50a1" + ], + "layerId": "d5a1b5bb-cf67-41e9-a1ad-433316867264", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "ecd723b0-2069-4cd2-9996-5dc76e2e73ad" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Distribution of Threat Events by Category [Logs PANW]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f82c318d-bd14-496b-b394-622831db934c", + "w": 16, + "x": 15, + "y": 38 + }, + "panelIndex": "f82c318d-bd14-496b-b394-622831db934c", + "title": "Distribution of Threat Events by Category [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", - "w": 15, - "x": 0, - "y": 38 - }, - "panelIndex": "67c826e3-7781-4aca-8ff9-bc67292b1ca1", - "title": "Distribution of Threat Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d5a1b5bb-cf67-41e9-a1ad-433316867264": { - "columnOrder": [ - "ecd723b0-2069-4cd2-9996-5dc76e2e73ad", - "0717629b-3eba-4193-a867-d36009af50a1" - ], - "columns": { - "0717629b-3eba-4193-a867-d36009af50a1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f": { + "columnOrder": [ + "66cc3a68-d2bb-441c-8a00-478163b1b8e0", + "9f65908b-8654-4491-888f-d0991db0f7a8" + ], + "columns": { + "66cc3a68-d2bb-441c-8a00-478163b1b8e0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Network Direction", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9f65908b-8654-4491-888f-d0991db0f7a8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.direction" + }, + "9f65908b-8654-4491-888f-d0991db0f7a8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "66cc3a68-d2bb-441c-8a00-478163b1b8e0" + ], + "layerId": "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", + "layerType": "data", + "legendDisplay": "default", + "metric": "9f65908b-8654-4491-888f-d0991db0f7a8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ecd723b0-2069-4cd2-9996-5dc76e2e73ad": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0717629b-3eba-4193-a867-d36009af50a1", - "type": "column" + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", + "w": 17, + "x": 31, + "y": 38 + }, + "panelIndex": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", + "title": "Distribution of Threat Events by Network Direction [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7": { + "columnOrder": [ + "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca", + "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff", + "cc06ff3e-e79f-4104-91c3-4f07d432abc0", + "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" + ], + "columns": { + "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" + }, + "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" + }, + "cc06ff3e-e79f-4104-91c3-4f07d432abc0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.threat_category" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca" + }, + { + "columnId": "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff" + }, + { + "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" + }, + { + "columnId": "cc06ff3e-e79f-4104-91c3-4f07d432abc0", + "isTransposed": false + } + ], + "layerId": "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", + "layerType": "data" + } + }, + "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "369cb2e5-09c2-484f-902f-d21ed0b12715", + "w": 29, + "x": 0, + "y": 53 }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "369cb2e5-09c2-484f-902f-d21ed0b12715", + "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8a11de6f-5795-4d18-b650-7f604d291bdb": { + "columnOrder": [ + "05b09057-70e7-4477-be13-7ba86fd871d2", + "e60a92a8-1680-463d-9fb1-9f3a4ebeb900" + ], + "columns": { + "05b09057-70e7-4477-be13-7ba86fd871d2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + }, + "e60a92a8-1680-463d-9fb1-9f3a4ebeb900": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "05b09057-70e7-4477-be13-7ba86fd871d2" + ], + "layerId": "8a11de6f-5795-4d18-b650-7f604d291bdb", + "layerType": "data", + "legendDisplay": "default", + "metric": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", + "w": 19, + "x": 29, + "y": 53 }, - "layers": [ - { - "accessors": [ - "0717629b-3eba-4193-a867-d36009af50a1" - ], - "layerId": "d5a1b5bb-cf67-41e9-a1ad-433316867264", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "ecd723b0-2069-4cd2-9996-5dc76e2e73ad" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", + "title": "Distribution of Threat Events by Action taken for Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 20, + "i": "1908844a-1839-46f9-ab71-8b49013e83dc", + "w": 48, + "x": 0, + "y": 68 }, - "valueLabels": "hide" - } + "panelIndex": "1908844a-1839-46f9-ab71-8b49013e83dc", + "panelRefName": "panel_1908844a-1839-46f9-ab71-8b49013e83dc", + "type": "search", + "version": "8.2.1" }, - "title": "Distribution of Threat Events by Category [Logs PANW]", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f82c318d-bd14-496b-b394-622831db934c", - "w": 16, - "x": 15, - "y": 38 - }, - "panelIndex": "f82c318d-bd14-496b-b394-622831db934c", - "title": "Distribution of Threat Events by Category [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f": { - "columnOrder": [ - "66cc3a68-d2bb-441c-8a00-478163b1b8e0", - "9f65908b-8654-4491-888f-d0991db0f7a8" - ], - "columns": { - "66cc3a68-d2bb-441c-8a00-478163b1b8e0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Network Direction", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9f65908b-8654-4491-888f-d0991db0f7a8", - "type": "column" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extendToTimeRange": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30s" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.direction" + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - "9f65908b-8654-4491-888f-d0991db0f7a8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "type": "histogram", + "uiState": { + "vis": { + "legendOpen": false + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "66cc3a68-d2bb-441c-8a00-478163b1b8e0" - ], - "layerId": "1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", - "layerType": "data", - "legendDisplay": "default", - "metric": "9f65908b-8654-4491-888f-d0991db0f7a8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + }, + "gridData": { + "h": 15, + "i": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", + "w": 31, + "x": 0, + "y": 0 + }, + "panelIndex": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", + "title": "Threat outcome histogram [Logs PANW]", + "type": "visualization", + "version": "8.2.1" }, - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", - "w": 17, - "x": 31, - "y": 38 - }, - "panelIndex": "c31f75c3-c6c8-4635-aa14-83a6d98a019f", - "title": "Distribution of Threat Events by Network Direction [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7": { - "columnOrder": [ - "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca", - "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff", - "cc06ff3e-e79f-4104-91c3-4f07d432abc0", - "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" - ], - "columns": { - "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", - "type": "column" + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" + "truncateLegend": true, + "type": "pie" }, - "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } + } + } + }, + "gridData": { + "h": 15, + "i": "b3292515-c2df-40ad-9412-8a7118f359f2", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "b3292515-c2df-40ad-9412-8a7118f359f2", + "title": "Outcome by threat type [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "panw.panos.threat.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" + "scale": "linear", + "showLabel": true }, - "cc06ff3e-e79f-4104-91c3-4f07d432abc0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef", - "type": "column" + "type": "tagcloud", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "4fa92d5e-402a-4544-81dc-aa3303069cd8", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "4fa92d5e-402a-4544-81dc-aa3303069cd8", + "title": "Top threats by name [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "scale": "linear", + "showLabel": true + }, + "type": "tagcloud", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "43c73b91-ec1f-47ec-a10b-66465bd818c0", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "43c73b91-ec1f-47ec-a10b-66465bd818c0", + "title": "Top threats by resource [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "inbound" + }, + "type": "phrase", + "value": "inbound" + }, + "query": { + "match": { + "network.direction": { + "query": "inbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" + "totalFunc": "sum" + }, + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "bbe53163-fdce-47bd-80ae-8b5e1a2d0dca" - }, - { - "columnId": "9b4e5f8c-4c3c-4317-8eed-973dcb9db8ff" - }, - { - "columnId": "1bc0aa2c-de2e-40d8-9ae9-cabdeb8985ef" - }, - { - "columnId": "cc06ff3e-e79f-4104-91c3-4f07d432abc0", - "isTransposed": false - } - ], - "layerId": "cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", - "layerType": "data" - } + }, + "gridData": { + "h": 8, + "i": "10996873-dcb7-4085-96fc-6a1f618df47f", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "10996873-dcb7-4085-96fc-6a1f618df47f", + "title": "Top attackers (clients) [Logs PANW]", + "type": "visualization", + "version": "8.2.1" }, - "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "369cb2e5-09c2-484f-902f-d21ed0b12715", - "w": 29, - "x": 0, - "y": 53 - }, - "panelIndex": "369cb2e5-09c2-484f-902f-d21ed0b12715", - "title": "Top 10 Threat Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8a11de6f-5795-4d18-b650-7f604d291bdb": { - "columnOrder": [ - "05b09057-70e7-4477-be13-7ba86fd871d2", - "e60a92a8-1680-463d-9fb1-9f3a4ebeb900" - ], - "columns": { - "05b09057-70e7-4477-be13-7ba86fd871d2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "outbound" + }, + "type": "phrase", + "value": "outbound" + }, + "query": { + "match": { + "network.direction": { + "query": "outbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" + "totalFunc": "sum" }, - "e60a92a8-1680-463d-9fb1-9f3a4ebeb900": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"THREAT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "05b09057-70e7-4477-be13-7ba86fd871d2" - ], - "layerId": "8a11de6f-5795-4d18-b650-7f604d291bdb", - "layerType": "data", - "legendDisplay": "default", - "metric": "e60a92a8-1680-463d-9fb1-9f3a4ebeb900", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "visualizationType": "lnsPie" - }, - "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "23129235-e707-47ea-95d9-f41e61c8a895", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "23129235-e707-47ea-95d9-f41e61c8a895", + "title": "Top attackers (servers) [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Threats Overview", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-772964e0-7591-11e9-aacf-79a3704914a0", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", - "w": 19, - "x": 29, - "y": 53 + { + "id": "logs-*", + "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", + "type": "index-pattern" }, - "panelIndex": "fb7712b0-5b15-47fa-9281-a0462cbe7df3", - "title": "Distribution of Threat Events by Action taken for Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 20, - "i": "1908844a-1839-46f9-ab71-8b49013e83dc", - "w": 48, - "x": 0, - "y": 68 + { + "id": "logs-*", + "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", + "type": "index-pattern" }, - "panelIndex": "1908844a-1839-46f9-ab71-8b49013e83dc", - "panelRefName": "panel_1908844a-1839-46f9-ab71-8b49013e83dc", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extendToTimeRange": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30s" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "uiState": { - "vis": { - "legendOpen": false - } - } - } + { + "id": "logs-*", + "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", - "w": 31, - "x": 0, - "y": 0 + { + "id": "logs-*", + "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", + "type": "index-pattern" }, - "panelIndex": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe", - "title": "Threat outcome histogram [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - } + { + "id": "logs-*", + "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "b3292515-c2df-40ad-9412-8a7118f359f2", - "w": 17, - "x": 31, - "y": 0 + { + "id": "logs-*", + "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", + "type": "index-pattern" }, - "panelIndex": "b3292515-c2df-40ad-9412-8a7118f359f2", - "title": "Outcome by threat type [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "panw.panos.threat.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "type": "tagcloud", - "uiState": {} - } + { + "id": "logs-*", + "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "4fa92d5e-402a-4544-81dc-aa3303069cd8", - "w": 24, - "x": 0, - "y": 15 + { + "id": "logs-*", + "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", + "type": "index-pattern" }, - "panelIndex": "4fa92d5e-402a-4544-81dc-aa3303069cd8", - "title": "Top threats by name [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "type": "tagcloud", - "uiState": {} - } + { + "id": "panw-37acbca0-ddb1-11ec-8e76-9b3b99f98cd4", + "name": "1908844a-1839-46f9-ab71-8b49013e83dc:panel_1908844a-1839-46f9-ab71-8b49013e83dc", + "type": "search" }, - "gridData": { - "h": 15, - "i": "43c73b91-ec1f-47ec-a10b-66465bd818c0", - "w": 24, - "x": 24, - "y": 15 + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe:search_0", + "type": "search" }, - "panelIndex": "43c73b91-ec1f-47ec-a10b-66465bd818c0", - "title": "Top threats by resource [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "network.direction", - "negate": false, - "params": { - "query": "inbound" - }, - "type": "phrase", - "value": "inbound" - }, - "query": { - "match": { - "network.direction": { - "query": "inbound", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - } + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "b3292515-c2df-40ad-9412-8a7118f359f2:search_0", + "type": "search" }, - "gridData": { - "h": 8, - "i": "10996873-dcb7-4085-96fc-6a1f618df47f", - "w": 24, - "x": 0, - "y": 30 + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "4fa92d5e-402a-4544-81dc-aa3303069cd8:search_0", + "type": "search" }, - "panelIndex": "10996873-dcb7-4085-96fc-6a1f618df47f", - "title": "Top attackers (clients) [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "server.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "network.direction", - "negate": false, - "params": { - "query": "outbound" - }, - "type": "phrase", - "value": "outbound" - }, - "query": { - "match": { - "network.direction": { - "query": "outbound", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - } + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "43c73b91-ec1f-47ec-a10b-66465bd818c0:search_0", + "type": "search" }, - "gridData": { - "h": 8, - "i": "23129235-e707-47ea-95d9-f41e61c8a895", - "w": 24, - "x": 24, - "y": 30 + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "10996873-dcb7-4085-96fc-6a1f618df47f:search_0", + "type": "search" }, - "panelIndex": "23129235-e707-47ea-95d9-f41e61c8a895", - "title": "Top attackers (servers) [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "10996873-dcb7-4085-96fc-6a1f618df47f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "23129235-e707-47ea-95d9-f41e61c8a895:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "23129235-e707-47ea-95d9-f41e61c8a895:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs PANW] Threats Overview", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "67c826e3-7781-4aca-8ff9-bc67292b1ca1:indexpattern-datasource-layer-a3d05f76-dd3f-4d40-931b-a59e7ea49080", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f82c318d-bd14-496b-b394-622831db934c:indexpattern-datasource-layer-d5a1b5bb-cf67-41e9-a1ad-433316867264", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c31f75c3-c6c8-4635-aa14-83a6d98a019f:indexpattern-datasource-layer-1062c7c9-1b53-4e2e-bd44-cbfd4120e98f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "369cb2e5-09c2-484f-902f-d21ed0b12715:indexpattern-datasource-layer-cabdc807-0aea-4ae6-aaec-f3e1b4b5b5e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb7712b0-5b15-47fa-9281-a0462cbe7df3:indexpattern-datasource-layer-8a11de6f-5795-4d18-b650-7f604d291bdb", - "type": "index-pattern" - }, - { - "id": "panw-37acbca0-ddb1-11ec-8e76-9b3b99f98cd4", - "name": "1908844a-1839-46f9-ab71-8b49013e83dc:panel_1908844a-1839-46f9-ab71-8b49013e83dc", - "type": "search" - }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "3dea2152-2d20-4bba-a864-5ea1d3dc17fe:search_0", - "type": "search" - }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "b3292515-c2df-40ad-9412-8a7118f359f2:search_0", - "type": "search" - }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "4fa92d5e-402a-4544-81dc-aa3303069cd8:search_0", - "type": "search" - }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "43c73b91-ec1f-47ec-a10b-66465bd818c0:search_0", - "type": "search" - }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "10996873-dcb7-4085-96fc-6a1f618df47f:search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "10996873-dcb7-4085-96fc-6a1f618df47f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "panw-3cea1360-7569-11e9-976e-65a8f47cc4c1", - "name": "23129235-e707-47ea-95d9-f41e61c8a895:search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "23129235-e707-47ea-95d9-f41e61c8a895:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json index ba5fc4bd04c..fc296b62290 100644 --- a/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e.json @@ -1,769 +1,764 @@ { - "id": "panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU3OCwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS Tunnel Inspection Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"START\" or panw.panos.type : \"END\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde": { - "columnOrder": [ - "7e6a3792-3507-4434-9b77-8ca6aea81079", - "21b245cd-141c-4703-b367-d12f2f6c1136" - ], - "columns": { - "21b245cd-141c-4703-b367-d12f2f6c1136": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "7e6a3792-3507-4434-9b77-8ca6aea81079": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21b245cd-141c-4703-b367-d12f2f6c1136", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "Palo Alto Networks PAN-OS Tunnel Inspection Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"START\" or panw.panos.type : \"END\")" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21b245cd-141c-4703-b367-d12f2f6c1136" - ], - "layerId": "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "7e6a3792-3507-4434-9b77-8ca6aea81079" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 15, - "i": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", - "title": "Distribution of Tunnel Inspection Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6df3a91b-cce2-4790-84a0-4858e371e552": { - "columnOrder": [ - "693d67bd-a405-4282-8457-50269406edaf", - "59e84e50-c216-49c5-b864-e280fdde0a84" - ], - "columns": { - "59e84e50-c216-49c5-b864-e280fdde0a84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "693d67bd-a405-4282-8457-50269406edaf": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action Source", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "59e84e50-c216-49c5-b864-e280fdde0a84", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde": { + "columnOrder": [ + "7e6a3792-3507-4434-9b77-8ca6aea81079", + "21b245cd-141c-4703-b367-d12f2f6c1136" + ], + "columns": { + "21b245cd-141c-4703-b367-d12f2f6c1136": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "7e6a3792-3507-4434-9b77-8ca6aea81079": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21b245cd-141c-4703-b367-d12f2f6c1136", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action_source" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "693d67bd-a405-4282-8457-50269406edaf" - ], - "layerId": "6df3a91b-cce2-4790-84a0-4858e371e552", - "layerType": "data", - "legendDisplay": "default", - "metric": "59e84e50-c216-49c5-b864-e280fdde0a84", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", - "title": "Distribution of Tunnel Inspection Events by Action Source [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5cb94a55-3162-4bcd-be88-ce2871be6a3d": { - "columnOrder": [ - "ca0521cc-a275-4458-8c13-e585c78d4365", - "21934bcf-0897-4322-8084-24a7cf6bf1b3" - ], - "columns": { - "21934bcf-0897-4322-8084-24a7cf6bf1b3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ca0521cc-a275-4458-8c13-e585c78d4365": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Session End Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21934bcf-0897-4322-8084-24a7cf6bf1b3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.endreason" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "21934bcf-0897-4322-8084-24a7cf6bf1b3" - ], - "layerId": "5cb94a55-3162-4bcd-be88-ce2871be6a3d", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "ca0521cc-a275-4458-8c13-e585c78d4365" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21b245cd-141c-4703-b367-d12f2f6c1136" + ], + "layerId": "6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "7e6a3792-3507-4434-9b77-8ca6aea81079" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", + "w": 24, + "x": 0, + "y": 0 }, - "valueLabels": "hide" - } + "panelIndex": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44", + "title": "Distribution of Tunnel Inspection Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fb982903-1c86-4ad9-aded-2de46206551f", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "fb982903-1c86-4ad9-aded-2de46206551f", - "title": "Distribution of Tunnel Inspection Events by Session End Reason [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "70ca1329-cf39-4816-b13f-3dab3c4d6494": { - "columnOrder": [ - "a99caad4-da12-4027-be29-b99a2569915e", - "ac9733ca-3550-4e96-afec-540283f41f18" - ], - "columns": { - "a99caad4-da12-4027-be29-b99a2569915e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ac9733ca-3550-4e96-afec-540283f41f18", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6df3a91b-cce2-4790-84a0-4858e371e552": { + "columnOrder": [ + "693d67bd-a405-4282-8457-50269406edaf", + "59e84e50-c216-49c5-b864-e280fdde0a84" + ], + "columns": { + "59e84e50-c216-49c5-b864-e280fdde0a84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "693d67bd-a405-4282-8457-50269406edaf": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action Source", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "59e84e50-c216-49c5-b864-e280fdde0a84", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action_source" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "log.level" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "693d67bd-a405-4282-8457-50269406edaf" + ], + "layerId": "6df3a91b-cce2-4790-84a0-4858e371e552", + "layerType": "data", + "legendDisplay": "default", + "metric": "59e84e50-c216-49c5-b864-e280fdde0a84", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ac9733ca-3550-4e96-afec-540283f41f18": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", + "w": 24, + "x": 24, + "y": 0 }, - "layers": [ - { - "accessors": [ - "ac9733ca-3550-4e96-afec-540283f41f18" - ], - "layerId": "70ca1329-cf39-4816-b13f-3dab3c4d6494", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "a99caad4-da12-4027-be29-b99a2569915e" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee", + "title": "Distribution of Tunnel Inspection Events by Action Source [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fb233b78-36b6-4c60-9261-d2d66351615c", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "fb233b78-36b6-4c60-9261-d2d66351615c", - "title": "Distribution of Tunnel Inspection Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce": { - "columnOrder": [ - "bcd1e5be-8e01-422b-abea-9c478588ddfc", - "e86b56a8-7497-442b-8ded-de12329b45e5", - "b2172c86-de6c-4bbe-8247-a3c2590e2103", - "e97c489f-bd56-481b-837b-d36a20b34d1f" - ], - "columns": { - "b2172c86-de6c-4bbe-8247-a3c2590e2103": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5cb94a55-3162-4bcd-be88-ce2871be6a3d": { + "columnOrder": [ + "ca0521cc-a275-4458-8c13-e585c78d4365", + "21934bcf-0897-4322-8084-24a7cf6bf1b3" + ], + "columns": { + "21934bcf-0897-4322-8084-24a7cf6bf1b3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ca0521cc-a275-4458-8c13-e585c78d4365": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session End Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21934bcf-0897-4322-8084-24a7cf6bf1b3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.endreason" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "21934bcf-0897-4322-8084-24a7cf6bf1b3" + ], + "layerId": "5cb94a55-3162-4bcd-be88-ce2871be6a3d", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "ca0521cc-a275-4458-8c13-e585c78d4365" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "bcd1e5be-8e01-422b-abea-9c478588ddfc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fb982903-1c86-4ad9-aded-2de46206551f", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "fb982903-1c86-4ad9-aded-2de46206551f", + "title": "Distribution of Tunnel Inspection Events by Session End Reason [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "70ca1329-cf39-4816-b13f-3dab3c4d6494": { + "columnOrder": [ + "a99caad4-da12-4027-be29-b99a2569915e", + "ac9733ca-3550-4e96-afec-540283f41f18" + ], + "columns": { + "a99caad4-da12-4027-be29-b99a2569915e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ac9733ca-3550-4e96-afec-540283f41f18", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "log.level" + }, + "ac9733ca-3550-4e96-afec-540283f41f18": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "ac9733ca-3550-4e96-afec-540283f41f18" + ], + "layerId": "70ca1329-cf39-4816-b13f-3dab3c4d6494", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "a99caad4-da12-4027-be29-b99a2569915e" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "e86b56a8-7497-442b-8ded-de12329b45e5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fb233b78-36b6-4c60-9261-d2d66351615c", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "fb233b78-36b6-4c60-9261-d2d66351615c", + "title": "Distribution of Tunnel Inspection Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce": { + "columnOrder": [ + "bcd1e5be-8e01-422b-abea-9c478588ddfc", + "e86b56a8-7497-442b-8ded-de12329b45e5", + "b2172c86-de6c-4bbe-8247-a3c2590e2103", + "e97c489f-bd56-481b-837b-d36a20b34d1f" + ], + "columns": { + "b2172c86-de6c-4bbe-8247-a3c2590e2103": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + }, + "bcd1e5be-8e01-422b-abea-9c478588ddfc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" + }, + "e86b56a8-7497-442b-8ded-de12329b45e5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" + }, + "e97c489f-bd56-481b-837b-d36a20b34d1f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "bcd1e5be-8e01-422b-abea-9c478588ddfc" + }, + { + "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f" + }, + { + "columnId": "e86b56a8-7497-442b-8ded-de12329b45e5", + "isTransposed": false + }, + { + "columnId": "b2172c86-de6c-4bbe-8247-a3c2590e2103", + "isTransposed": false + } + ], + "layerId": "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", + "layerType": "data" + } }, - "e97c489f-bd56-481b-837b-d36a20b34d1f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"START\" or panw.panos.type : \"END\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "bcd1e5be-8e01-422b-abea-9c478588ddfc" - }, - { - "columnId": "e97c489f-bd56-481b-837b-d36a20b34d1f" - }, - { - "columnId": "e86b56a8-7497-442b-8ded-de12329b45e5", - "isTransposed": false - }, - { - "columnId": "b2172c86-de6c-4bbe-8247-a3c2590e2103", - "isTransposed": false - } - ], - "layerId": "f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "c643144e-e2db-4ead-9cd8-141294a75623", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "c643144e-e2db-4ead-9cd8-141294a75623", + "title": "Top 10 Tunnel Inspection Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "ac84049b-504e-45a5-a13d-1980d05d97eb", + "w": 48, + "x": 0, + "y": 46 + }, + "panelIndex": "ac84049b-504e-45a5-a13d-1980d05d97eb", + "panelRefName": "panel_ac84049b-504e-45a5-a13d-1980d05d97eb", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Tunnel Inspection", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-a663eea0-dd72-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", + "type": "index-pattern" }, - "gridData": { - "h": 16, - "i": "c643144e-e2db-4ead-9cd8-141294a75623", - "w": 48, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "c643144e-e2db-4ead-9cd8-141294a75623", - "title": "Top 10 Tunnel Inspection Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "ac84049b-504e-45a5-a13d-1980d05d97eb", - "w": 48, - "x": 0, - "y": 46 + { + "id": "logs-*", + "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "ac84049b-504e-45a5-a13d-1980d05d97eb", - "panelRefName": "panel_ac84049b-504e-45a5-a13d-1980d05d97eb", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", + "type": "index-pattern" + }, + { + "id": "panw-8dc6b590-ddb2-11ec-8e76-9b3b99f98cd4", + "name": "ac84049b-504e-45a5-a13d-1980d05d97eb:panel_ac84049b-504e-45a5-a13d-1980d05d97eb", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] Tunnel Inspection", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dd9f7550-60d1-47eb-8eeb-52083aa4ca44:indexpattern-datasource-layer-6d63676a-a9db-4c0c-86b0-8ccc7ad82fde", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f5b59e4c-b2fe-4c84-b52f-716d9a4d6bee:indexpattern-datasource-layer-6df3a91b-cce2-4790-84a0-4858e371e552", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb982903-1c86-4ad9-aded-2de46206551f:indexpattern-datasource-layer-5cb94a55-3162-4bcd-be88-ce2871be6a3d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fb233b78-36b6-4c60-9261-d2d66351615c:indexpattern-datasource-layer-70ca1329-cf39-4816-b13f-3dab3c4d6494", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c643144e-e2db-4ead-9cd8-141294a75623:indexpattern-datasource-layer-f9e58045-70b3-4aef-9d18-7e4d04b8b3ce", - "type": "index-pattern" - }, - { - "id": "panw-8dc6b590-ddb2-11ec-8e76-9b3b99f98cd4", - "name": "ac84049b-504e-45a5-a13d-1980d05d97eb:panel_ac84049b-504e-45a5-a13d-1980d05d97eb", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json index c0d056fd2b5..a32c28714cb 100644 --- a/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e.json @@ -1,681 +1,676 @@ { - "id": "panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU3OSwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS IP-Tag and User-ID Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"IPTAG\" or panw.panos.type : \"USERID\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "00227f39-4c34-492b-883a-b0825797198d": { - "columnOrder": [ - "3e05e9a0-3e50-455b-a506-c0cc593a8926", - "66a95165-9de2-4d9f-8d69-98694516b780" - ], - "columns": { - "3e05e9a0-3e50-455b-a506-c0cc593a8926": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasource" - }, - "66a95165-9de2-4d9f-8d69-98694516b780": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "Palo Alto Networks PAN-OS IP-Tag and User-ID Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"IPTAG\" or panw.panos.type : \"USERID\")" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" - }, - "visualization": { - "columns": [ - { - "columnId": "3e05e9a0-3e50-455b-a506-c0cc593a8926", - "isTransposed": false - }, - { - "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", - "isTransposed": false - } - ], - "layerId": "00227f39-4c34-492b-883a-b0825797198d", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 15, - "i": "61d5b8a1-e36b-46e2-a067-859e3824a38f", - "w": 16, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "61d5b8a1-e36b-46e2-a067-859e3824a38f", - "title": "Top 10 Data Source for User ID [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "dbe59458-a6f9-4a01-8db6-5546f2b20398": { - "columnOrder": [ - "7566b611-84c5-4dea-9b39-faacdfe6b59e", - "a9347045-127d-4b00-8d0a-4cc006048b01" - ], - "columns": { - "7566b611-84c5-4dea-9b39-faacdfe6b59e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a9347045-127d-4b00-8d0a-4cc006048b01", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "00227f39-4c34-492b-883a-b0825797198d": { + "columnOrder": [ + "3e05e9a0-3e50-455b-a506-c0cc593a8926", + "66a95165-9de2-4d9f-8d69-98694516b780" + ], + "columns": { + "3e05e9a0-3e50-455b-a506-c0cc593a8926": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasource" + }, + "66a95165-9de2-4d9f-8d69-98694516b780": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasourcetype" + "visualization": { + "columns": [ + { + "columnId": "3e05e9a0-3e50-455b-a506-c0cc593a8926", + "isTransposed": false + }, + { + "columnId": "66a95165-9de2-4d9f-8d69-98694516b780", + "isTransposed": false + } + ], + "layerId": "00227f39-4c34-492b-883a-b0825797198d", + "layerType": "data" + } }, - "a9347045-127d-4b00-8d0a-4cc006048b01": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7566b611-84c5-4dea-9b39-faacdfe6b59e" - ], - "layerId": "dbe59458-a6f9-4a01-8db6-5546f2b20398", - "layerType": "data", - "legendDisplay": "default", - "metric": "a9347045-127d-4b00-8d0a-4cc006048b01", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "61d5b8a1-e36b-46e2-a067-859e3824a38f", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "61d5b8a1-e36b-46e2-a067-859e3824a38f", + "title": "Top 10 Data Source for User ID [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "941c1cbf-1fc0-41be-9d8a-df76024585ed", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "941c1cbf-1fc0-41be-9d8a-df76024585ed", - "title": "Distribution of User-ID Events by Data Source Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec158676-ba28-40a2-ab8d-84cd4d151a76": { - "columnOrder": [ - "9415e527-14ad-40e1-8fa6-a81227f7c7b8", - "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" - ], - "columns": { - "3864ce11-c9b2-4639-b67c-3bd1d5081c0e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "9415e527-14ad-40e1-8fa6-a81227f7c7b8": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dbe59458-a6f9-4a01-8db6-5546f2b20398": { + "columnOrder": [ + "7566b611-84c5-4dea-9b39-faacdfe6b59e", + "a9347045-127d-4b00-8d0a-4cc006048b01" + ], + "columns": { + "7566b611-84c5-4dea-9b39-faacdfe6b59e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a9347045-127d-4b00-8d0a-4cc006048b01", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasourcetype" + }, + "a9347045-127d-4b00-8d0a-4cc006048b01": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasourcename" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" - }, - "visualization": { - "columns": [ - { - "columnId": "9415e527-14ad-40e1-8fa6-a81227f7c7b8" - }, - { - "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" - } - ], - "layerId": "ec158676-ba28-40a2-ab8d-84cd4d151a76", - "layerType": "data" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"USERID\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7566b611-84c5-4dea-9b39-faacdfe6b59e" + ], + "layerId": "dbe59458-a6f9-4a01-8db6-5546f2b20398", + "layerType": "data", + "legendDisplay": "default", + "metric": "a9347045-127d-4b00-8d0a-4cc006048b01", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "941c1cbf-1fc0-41be-9d8a-df76024585ed", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "941c1cbf-1fc0-41be-9d8a-df76024585ed", + "title": "Distribution of User-ID Events by Data Source Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "35573a15-e15f-42e4-b243-ab139267a873", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "35573a15-e15f-42e4-b243-ab139267a873", - "title": "Top 10 Data Source for IP-Tag [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "fc2c72df-2fcb-4a90-b990-d990352efd07": { - "columnOrder": [ - "f18795e8-c1d7-426f-8e69-d8a3084d67da", - "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" - ], - "columns": { - "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec158676-ba28-40a2-ab8d-84cd4d151a76": { + "columnOrder": [ + "9415e527-14ad-40e1-8fa6-a81227f7c7b8", + "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" + ], + "columns": { + "3864ce11-c9b2-4639-b67c-3bd1d5081c0e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "9415e527-14ad-40e1-8fa6-a81227f7c7b8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasourcename" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" + }, + "visualization": { + "columns": [ + { + "columnId": "9415e527-14ad-40e1-8fa6-a81227f7c7b8" + }, + { + "columnId": "3864ce11-c9b2-4639-b67c-3bd1d5081c0e" + } + ], + "layerId": "ec158676-ba28-40a2-ab8d-84cd4d151a76", + "layerType": "data" + } }, - "f18795e8-c1d7-426f-8e69-d8a3084d67da": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Sub-Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "35573a15-e15f-42e4-b243-ab139267a873", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "35573a15-e15f-42e4-b243-ab139267a873", + "title": "Top 10 Data Source for IP-Tag [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fc2c72df-2fcb-4a90-b990-d990352efd07": { + "columnOrder": [ + "f18795e8-c1d7-426f-8e69-d8a3084d67da", + "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" + ], + "columns": { + "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "f18795e8-c1d7-426f-8e69-d8a3084d67da": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Sub-Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasource_subtype" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasource_subtype" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" + ], + "layerId": "fc2c72df-2fcb-4a90-b990-d990352efd07", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "f18795e8-c1d7-426f-8e69-d8a3084d67da" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "e6730938-3631-4d17-9812-8e38d9d05c99", + "w": 24, + "x": 0, + "y": 15 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "e6730938-3631-4d17-9812-8e38d9d05c99", + "title": "Distribution of IP-Tag Events by Data Source Sub-Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "037c403c-bd13-4906-a005-9b22e2d1da06": { + "columnOrder": [ + "f5b1dbed-702e-4c76-affe-eff39e446a1b", + "820e7237-ee90-4e86-9d17-f49a00ed86e3" + ], + "columns": { + "820e7237-ee90-4e86-9d17-f49a00ed86e3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "f5b1dbed-702e-4c76-affe-eff39e446a1b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Data Source Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "820e7237-ee90-4e86-9d17-f49a00ed86e3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.datasource_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f5b1dbed-702e-4c76-affe-eff39e446a1b" + ], + "layerId": "037c403c-bd13-4906-a005-9b22e2d1da06", + "layerType": "data", + "legendDisplay": "default", + "metric": "820e7237-ee90-4e86-9d17-f49a00ed86e3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "e8d522a7-91cd-4f22-8929-8bd77fb9c8a4" - ], - "layerId": "fc2c72df-2fcb-4a90-b990-d990352efd07", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "f18795e8-c1d7-426f-8e69-d8a3084d67da" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", + "w": 24, + "x": 24, + "y": 15 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", + "title": "Distribution of IP-Tag Events by Data Source Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 20, + "i": "0882d210-3b7d-480e-b2e6-a75725e6b209", + "w": 48, + "x": 0, + "y": 30 }, - "valueLabels": "hide" - } + "panelIndex": "0882d210-3b7d-480e-b2e6-a75725e6b209", + "panelRefName": "panel_0882d210-3b7d-480e-b2e6-a75725e6b209", + "type": "search", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "81552440-e2d4-4843-86db-8c06c1ca8cac", + "w": 48, + "x": 0, + "y": 50 + }, + "panelIndex": "81552440-e2d4-4843-86db-8c06c1ca8cac", + "panelRefName": "panel_81552440-e2d4-4843-86db-8c06c1ca8cac", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] User-ID and IP-Tag", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-a8dc42e0-dcc8-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "e6730938-3631-4d17-9812-8e38d9d05c99", - "w": 24, - "x": 0, - "y": 15 + { + "id": "logs-*", + "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", + "type": "index-pattern" }, - "panelIndex": "e6730938-3631-4d17-9812-8e38d9d05c99", - "title": "Distribution of IP-Tag Events by Data Source Sub-Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "037c403c-bd13-4906-a005-9b22e2d1da06": { - "columnOrder": [ - "f5b1dbed-702e-4c76-affe-eff39e446a1b", - "820e7237-ee90-4e86-9d17-f49a00ed86e3" - ], - "columns": { - "820e7237-ee90-4e86-9d17-f49a00ed86e3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "f5b1dbed-702e-4c76-affe-eff39e446a1b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Data Source Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "820e7237-ee90-4e86-9d17-f49a00ed86e3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.datasource_type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"IPTAG\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "f5b1dbed-702e-4c76-affe-eff39e446a1b" - ], - "layerId": "037c403c-bd13-4906-a005-9b22e2d1da06", - "layerType": "data", - "legendDisplay": "default", - "metric": "820e7237-ee90-4e86-9d17-f49a00ed86e3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "id": "logs-*", + "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", - "w": 24, - "x": 24, - "y": 15 + { + "id": "logs-*", + "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", + "type": "index-pattern" }, - "panelIndex": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270", - "title": "Distribution of IP-Tag Events by Data Source Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 20, - "i": "0882d210-3b7d-480e-b2e6-a75725e6b209", - "w": 48, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", + "type": "index-pattern" }, - "panelIndex": "0882d210-3b7d-480e-b2e6-a75725e6b209", - "panelRefName": "panel_0882d210-3b7d-480e-b2e6-a75725e6b209", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "81552440-e2d4-4843-86db-8c06c1ca8cac", - "w": 48, - "x": 0, - "y": 50 + { + "id": "logs-*", + "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", + "type": "index-pattern" }, - "panelIndex": "81552440-e2d4-4843-86db-8c06c1ca8cac", - "panelRefName": "panel_81552440-e2d4-4843-86db-8c06c1ca8cac", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", + "type": "index-pattern" + }, + { + "id": "panw-0ffe1200-ddb9-11ec-8e76-9b3b99f98cd4", + "name": "0882d210-3b7d-480e-b2e6-a75725e6b209:panel_0882d210-3b7d-480e-b2e6-a75725e6b209", + "type": "search" + }, + { + "id": "panw-1d9d5060-ddb9-11ec-8e76-9b3b99f98cd4", + "name": "81552440-e2d4-4843-86db-8c06c1ca8cac:panel_81552440-e2d4-4843-86db-8c06c1ca8cac", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] User-ID and IP-Tag", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "61d5b8a1-e36b-46e2-a067-859e3824a38f:indexpattern-datasource-layer-00227f39-4c34-492b-883a-b0825797198d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "941c1cbf-1fc0-41be-9d8a-df76024585ed:indexpattern-datasource-layer-dbe59458-a6f9-4a01-8db6-5546f2b20398", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "35573a15-e15f-42e4-b243-ab139267a873:indexpattern-datasource-layer-ec158676-ba28-40a2-ab8d-84cd4d151a76", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e6730938-3631-4d17-9812-8e38d9d05c99:indexpattern-datasource-layer-fc2c72df-2fcb-4a90-b990-d990352efd07", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb6b4fd6-7fc5-431d-b96a-1e72dbf6d270:indexpattern-datasource-layer-037c403c-bd13-4906-a005-9b22e2d1da06", - "type": "index-pattern" - }, - { - "id": "panw-0ffe1200-ddb9-11ec-8e76-9b3b99f98cd4", - "name": "0882d210-3b7d-480e-b2e6-a75725e6b209:panel_0882d210-3b7d-480e-b2e6-a75725e6b209", - "type": "search" - }, - { - "id": "panw-1d9d5060-ddb9-11ec-8e76-9b3b99f98cd4", - "name": "81552440-e2d4-4843-86db-8c06c1ca8cac:panel_81552440-e2d4-4843-86db-8c06c1ca8cac", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json index 9f36557f909..8e87f4f6e89 100644 --- a/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e.json @@ -1,693 +1,688 @@ { - "id": "panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU4MCwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS GlobalProtect Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b885a331-0d6a-4c4b-ac16-69791da1415a": { - "columnOrder": [ - "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4", - "f732884a-6a3c-42c0-befe-cbc19e52fd4d" - ], - "columns": { - "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Gateway", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f732884a-6a3c-42c0-befe-cbc19e52fd4d", - "type": "column" + "attributes": { + "description": "Palo Alto Networks PAN-OS GlobalProtect Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b885a331-0d6a-4c4b-ac16-69791da1415a": { + "columnOrder": [ + "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4", + "f732884a-6a3c-42c0-befe-cbc19e52fd4d" + ], + "columns": { + "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Gateway", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f732884a-6a3c-42c0-befe-cbc19e52fd4d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.gateway" + }, + "f732884a-6a3c-42c0-befe-cbc19e52fd4d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.gateway" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "f732884a-6a3c-42c0-befe-cbc19e52fd4d" + ], + "layerId": "b885a331-0d6a-4c4b-ac16-69791da1415a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "f732884a-6a3c-42c0-befe-cbc19e52fd4d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", + "w": 16, + "x": 0, + "y": 0 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "f732884a-6a3c-42c0-befe-cbc19e52fd4d" - ], - "layerId": "b885a331-0d6a-4c4b-ac16-69791da1415a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "08595c67-bee0-4cb5-82d6-9fdc6b76b4b4" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", + "title": "Distribution of GlobalProtect Events by Gateway [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "95e42d6f-5c27-4924-9b0b-2a349fcb3107", - "title": "Distribution of GlobalProtect Events by Gateway [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6": { - "columnOrder": [ - "cbdcd122-6cd8-45fc-b91b-bf75092fa140", - "c93dde3a-8225-449d-8989-89d62f7e64e6" - ], - "columns": { - "c93dde3a-8225-449d-8989-89d62f7e64e6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "cbdcd122-6cd8-45fc-b91b-bf75092fa140": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Connect Method to Gateway", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c93dde3a-8225-449d-8989-89d62f7e64e6", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.connect_method" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "cbdcd122-6cd8-45fc-b91b-bf75092fa140" - ], - "layerId": "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", - "layerType": "data", - "legendDisplay": "default", - "metric": "c93dde3a-8225-449d-8989-89d62f7e64e6", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "636c04bb-8acb-4fca-b5e2-001c56fdf058", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "636c04bb-8acb-4fca-b5e2-001c56fdf058", - "title": "Distribution of GlobalProtect Events by Connect Method to Gateway [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47129d2c-02d8-4672-90ef-320770c3e8e3": { - "columnOrder": [ - "bdd142d5-00a0-4fc3-a229-a4f61ae67857", - "8cc22ce9-9823-482b-a3d3-28e91f46ad29" - ], - "columns": { - "8cc22ce9-9823-482b-a3d3-28e91f46ad29": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "bdd142d5-00a0-4fc3-a229-a4f61ae67857": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Authentication Method", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6": { + "columnOrder": [ + "cbdcd122-6cd8-45fc-b91b-bf75092fa140", + "c93dde3a-8225-449d-8989-89d62f7e64e6" + ], + "columns": { + "c93dde3a-8225-449d-8989-89d62f7e64e6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "cbdcd122-6cd8-45fc-b91b-bf75092fa140": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connect Method to Gateway", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c93dde3a-8225-449d-8989-89d62f7e64e6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.connect_method" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.auth_method" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "bdd142d5-00a0-4fc3-a229-a4f61ae67857" - ], - "layerId": "47129d2c-02d8-4672-90ef-320770c3e8e3", - "layerType": "data", - "legendDisplay": "default", - "metric": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "cbdcd122-6cd8-45fc-b91b-bf75092fa140" + ], + "layerId": "fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", + "layerType": "data", + "legendDisplay": "default", + "metric": "c93dde3a-8225-449d-8989-89d62f7e64e6", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "636c04bb-8acb-4fca-b5e2-001c56fdf058", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "636c04bb-8acb-4fca-b5e2-001c56fdf058", + "title": "Distribution of GlobalProtect Events by Connect Method to Gateway [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "73f1567a-13b6-472f-ac8a-1995dc15f625", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "73f1567a-13b6-472f-ac8a-1995dc15f625", - "title": "Distribution of GlobalProtect Events by Authentication Method [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "70c151c6-d178-4fdd-8866-b2788dccbbcd": { - "columnOrder": [ - "39e018bf-de15-43bc-af87-5f7270f32d31", - "87920d79-a632-45b3-a079-613ce967dac0" - ], - "columns": { - "39e018bf-de15-43bc-af87-5f7270f32d31": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Gateway Selection Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "87920d79-a632-45b3-a079-613ce967dac0", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47129d2c-02d8-4672-90ef-320770c3e8e3": { + "columnOrder": [ + "bdd142d5-00a0-4fc3-a229-a4f61ae67857", + "8cc22ce9-9823-482b-a3d3-28e91f46ad29" + ], + "columns": { + "8cc22ce9-9823-482b-a3d3-28e91f46ad29": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "bdd142d5-00a0-4fc3-a229-a4f61ae67857": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Method", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.auth_method" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.selection_type" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "bdd142d5-00a0-4fc3-a229-a4f61ae67857" + ], + "layerId": "47129d2c-02d8-4672-90ef-320770c3e8e3", + "layerType": "data", + "legendDisplay": "default", + "metric": "8cc22ce9-9823-482b-a3d3-28e91f46ad29", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "87920d79-a632-45b3-a079-613ce967dac0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "39e018bf-de15-43bc-af87-5f7270f32d31" - ], - "layerId": "70c151c6-d178-4fdd-8866-b2788dccbbcd", - "layerType": "data", - "legendDisplay": "default", - "metric": "87920d79-a632-45b3-a079-613ce967dac0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "73f1567a-13b6-472f-ac8a-1995dc15f625", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "73f1567a-13b6-472f-ac8a-1995dc15f625", + "title": "Distribution of GlobalProtect Events by Authentication Method [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5f85a927-93b7-48a4-87ca-c958a13a9609", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5f85a927-93b7-48a4-87ca-c958a13a9609", - "title": "Distribution of GlobalProtect Events by Gateway Selection Method [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "939b1f80-7730-48d2-a3ad-05209f3b1c7f": { - "columnOrder": [ - "78099651-0ffc-4a94-af03-4ee36fe275e5", - "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49", - "0120c97f-ddd8-4167-aefb-434d8602e94d" - ], - "columns": { - "0120c97f-ddd8-4167-aefb-434d8602e94d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "78099651-0ffc-4a94-af03-4ee36fe275e5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operating System", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "70c151c6-d178-4fdd-8866-b2788dccbbcd": { + "columnOrder": [ + "39e018bf-de15-43bc-af87-5f7270f32d31", + "87920d79-a632-45b3-a079-613ce967dac0" + ], + "columns": { + "39e018bf-de15-43bc-af87-5f7270f32d31": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Gateway Selection Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "87920d79-a632-45b3-a079-613ce967dac0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.selection_type" + }, + "87920d79-a632-45b3-a079-613ce967dac0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.family" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "39e018bf-de15-43bc-af87-5f7270f32d31" + ], + "layerId": "70c151c6-d178-4fdd-8866-b2788dccbbcd", + "layerType": "data", + "legendDisplay": "default", + "metric": "87920d79-a632-45b3-a079-613ce967dac0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Version", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "5f85a927-93b7-48a4-87ca-c958a13a9609", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5f85a927-93b7-48a4-87ca-c958a13a9609", + "title": "Distribution of GlobalProtect Events by Gateway Selection Method [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "939b1f80-7730-48d2-a3ad-05209f3b1c7f": { + "columnOrder": [ + "78099651-0ffc-4a94-af03-4ee36fe275e5", + "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49", + "0120c97f-ddd8-4167-aefb-434d8602e94d" + ], + "columns": { + "0120c97f-ddd8-4167-aefb-434d8602e94d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "78099651-0ffc-4a94-af03-4ee36fe275e5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operating System", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.family" + }, + "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0120c97f-ddd8-4167-aefb-434d8602e94d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.client_ver" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.client_ver" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "78099651-0ffc-4a94-af03-4ee36fe275e5", - "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49" - ], - "layerId": "939b1f80-7730-48d2-a3ad-05209f3b1c7f", - "layerType": "data", - "legendDisplay": "default", - "metric": "0120c97f-ddd8-4167-aefb-434d8602e94d", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GLOBALPROTECT\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "78099651-0ffc-4a94-af03-4ee36fe275e5", + "7e4a9873-3ac5-4c25-bd7c-dbe1f763bb49" + ], + "layerId": "939b1f80-7730-48d2-a3ad-05209f3b1c7f", + "layerType": "data", + "legendDisplay": "default", + "metric": "0120c97f-ddd8-4167-aefb-434d8602e94d", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "84297b75-0138-4f95-b416-2e79c77afd4d", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "84297b75-0138-4f95-b416-2e79c77afd4d", + "title": "Distribution of GlobalProtect Events by Operating System and Client Version [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "panelRefName": "panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Global Protect", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-b1a9f7a0-dcaa-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "84297b75-0138-4f95-b416-2e79c77afd4d", - "w": 24, - "x": 24, - "y": 15 + { + "id": "logs-*", + "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", + "type": "index-pattern" }, - "panelIndex": "84297b75-0138-4f95-b416-2e79c77afd4d", - "title": "Distribution of GlobalProtect Events by Operating System and Client Version [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 19, - "i": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "w": 48, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", + "type": "index-pattern" }, - "panelIndex": "81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "panelRefName": "panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", + "type": "index-pattern" + }, + { + "id": "panw-24a5cf50-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "81ef2c1c-2bea-4e89-97fa-7c90e465678f:panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] Global Protect", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "95e42d6f-5c27-4924-9b0b-2a349fcb3107:indexpattern-datasource-layer-b885a331-0d6a-4c4b-ac16-69791da1415a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "636c04bb-8acb-4fca-b5e2-001c56fdf058:indexpattern-datasource-layer-fcde90cc-e6a9-46c6-a7c4-937c63d02ce6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "73f1567a-13b6-472f-ac8a-1995dc15f625:indexpattern-datasource-layer-47129d2c-02d8-4672-90ef-320770c3e8e3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5f85a927-93b7-48a4-87ca-c958a13a9609:indexpattern-datasource-layer-70c151c6-d178-4fdd-8866-b2788dccbbcd", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "84297b75-0138-4f95-b416-2e79c77afd4d:indexpattern-datasource-layer-939b1f80-7730-48d2-a3ad-05209f3b1c7f", - "type": "index-pattern" - }, - { - "id": "panw-24a5cf50-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "81ef2c1c-2bea-4e89-97fa-7c90e465678f:panel_81ef2c1c-2bea-4e89-97fa-7c90e465678f", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json index 0b24a7c3f93..f705f78486a 100644 --- a/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e.json @@ -1,662 +1,657 @@ { - "id": "panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU4MSwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS Config and System Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"CONFIG\" or panw.panos.type : \"SYSTEM\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2fae76dc-439c-42c6-81af-3652ed79395a": { - "columnOrder": [ - "ae5c7550-3c45-4df7-9be6-12d7e0cca95e", - "21fa1b87-c70a-44fd-906e-f3f4b597c600" - ], - "columns": { - "21fa1b87-c70a-44fd-906e-f3f4b597c600": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "attributes": { + "description": "Palo Alto Networks PAN-OS Config and System Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"CONFIG\" or panw.panos.type : \"SYSTEM\")" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2fae76dc-439c-42c6-81af-3652ed79395a": { + "columnOrder": [ + "ae5c7550-3c45-4df7-9be6-12d7e0cca95e", + "21fa1b87-c70a-44fd-906e-f3f4b597c600" + ], + "columns": { + "21fa1b87-c70a-44fd-906e-f3f4b597c600": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ae5c7550-3c45-4df7-9be6-12d7e0cca95e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "21fa1b87-c70a-44fd-906e-f3f4b597c600", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.client_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ae5c7550-3c45-4df7-9be6-12d7e0cca95e" + ], + "layerId": "2fae76dc-439c-42c6-81af-3652ed79395a", + "layerType": "data", + "legendDisplay": "default", + "metric": "21fa1b87-c70a-44fd-906e-f3f4b597c600", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ae5c7550-3c45-4df7-9be6-12d7e0cca95e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "21fa1b87-c70a-44fd-906e-f3f4b597c600", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", + "title": "Distribution of Config Events by Client [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "71288c95-38cf-4960-9e02-bad9022fed89": { + "columnOrder": [ + "dba2cfc5-3469-41f9-b48c-44bef1fec682", + "59530055-7bef-442b-a30a-2836f96aed1c" + ], + "columns": { + "59530055-7bef-442b-a30a-2836f96aed1c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "dba2cfc5-3469-41f9-b48c-44bef1fec682": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Result of Configuration Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "59530055-7bef-442b-a30a-2836f96aed1c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.result" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.client_type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ae5c7550-3c45-4df7-9be6-12d7e0cca95e" - ], - "layerId": "2fae76dc-439c-42c6-81af-3652ed79395a", - "layerType": "data", - "legendDisplay": "default", - "metric": "21fa1b87-c70a-44fd-906e-f3f4b597c600", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dba2cfc5-3469-41f9-b48c-44bef1fec682" + ], + "layerId": "71288c95-38cf-4960-9e02-bad9022fed89", + "layerType": "data", + "legendDisplay": "default", + "metric": "59530055-7bef-442b-a30a-2836f96aed1c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", + "title": "Distribution of Config Events by Result of Configuration Action [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a", - "title": "Distribution of Config Events by Client [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "71288c95-38cf-4960-9e02-bad9022fed89": { - "columnOrder": [ - "dba2cfc5-3469-41f9-b48c-44bef1fec682", - "59530055-7bef-442b-a30a-2836f96aed1c" - ], - "columns": { - "59530055-7bef-442b-a30a-2836f96aed1c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e5736d39-58c7-4d25-b1a6-678a9343ce65": { + "columnOrder": [ + "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", + "370fc305-4037-4274-bb63-d6531892cf56" + ], + "columns": { + "2a9bb41d-ee93-4068-b6b7-bce4b6e86485": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Command", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "370fc305-4037-4274-bb63-d6531892cf56", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.cmd" + }, + "370fc305-4037-4274-bb63-d6531892cf56": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" + }, + "visualization": { + "columns": [ + { + "columnId": "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", + "isTransposed": false + }, + { + "columnId": "370fc305-4037-4274-bb63-d6531892cf56", + "isTransposed": false + } + ], + "layerId": "e5736d39-58c7-4d25-b1a6-678a9343ce65", + "layerType": "data" + } }, - "dba2cfc5-3469-41f9-b48c-44bef1fec682": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Result of Configuration Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "59530055-7bef-442b-a30a-2836f96aed1c", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6de0f512-eff6-4299-8aa7-2945b991c526", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "6de0f512-eff6-4299-8aa7-2945b991c526", + "title": "Top 10 Command performed by the Admin [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 20, + "i": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "w": 48, + "x": 0, + "y": 15 + }, + "panelIndex": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "panelRefName": "panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0ad02752-8f13-4a8b-bf71-f85d01d0079f": { + "columnOrder": [ + "6c047f97-3b11-4f12-899b-4b613f618d42", + "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3" + ], + "columns": { + "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "6c047f97-3b11-4f12-899b-4b613f618d42": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Module", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.module" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.result" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dba2cfc5-3469-41f9-b48c-44bef1fec682" - ], - "layerId": "71288c95-38cf-4960-9e02-bad9022fed89", - "layerType": "data", - "legendDisplay": "default", - "metric": "59530055-7bef-442b-a30a-2836f96aed1c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "6c047f97-3b11-4f12-899b-4b613f618d42" + ], + "layerId": "0ad02752-8f13-4a8b-bf71-f85d01d0079f", + "layerType": "data", + "legendDisplay": "default", + "metric": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", + "title": "Distribution of System Events by Module [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d", - "title": "Distribution of Config Events by Result of Configuration Action [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e5736d39-58c7-4d25-b1a6-678a9343ce65": { - "columnOrder": [ - "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", - "370fc305-4037-4274-bb63-d6531892cf56" - ], - "columns": { - "2a9bb41d-ee93-4068-b6b7-bce4b6e86485": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Command", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "370fc305-4037-4274-bb63-d6531892cf56", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cb623bef-dc47-4006-b664-410b86519536": { + "columnOrder": [ + "d1e12f64-ba47-4271-b8e9-59670d855c0c", + "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca" + ], + "columns": { + "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d1e12f64-ba47-4271-b8e9-59670d855c0c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.cmd" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d1e12f64-ba47-4271-b8e9-59670d855c0c" + ], + "layerId": "cb623bef-dc47-4006-b664-410b86519536", + "layerType": "data", + "legendDisplay": "default", + "metric": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "370fc305-4037-4274-bb63-d6531892cf56": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"CONFIG\"" - }, - "visualization": { - "columns": [ - { - "columnId": "2a9bb41d-ee93-4068-b6b7-bce4b6e86485", - "isTransposed": false - }, - { - "columnId": "370fc305-4037-4274-bb63-d6531892cf56", - "isTransposed": false - } - ], - "layerId": "e5736d39-58c7-4d25-b1a6-678a9343ce65", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "f58e08fd-d5da-4ce8-9b3b-06534e199357", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "f58e08fd-d5da-4ce8-9b3b-06534e199357", + "title": "Distribution of System Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "90cc1874-fa55-4459-98a9-0b8507f7de3b", + "w": 48, + "x": 0, + "y": 50 + }, + "panelIndex": "90cc1874-fa55-4459-98a9-0b8507f7de3b", + "panelRefName": "panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] System and Config", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-d3e36450-dce1-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "6de0f512-eff6-4299-8aa7-2945b991c526", - "w": 16, - "x": 32, - "y": 0 + { + "id": "logs-*", + "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", + "type": "index-pattern" }, - "panelIndex": "6de0f512-eff6-4299-8aa7-2945b991c526", - "title": "Top 10 Command performed by the Admin [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 20, - "i": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "w": 48, - "x": 0, - "y": 15 + { + "id": "logs-*", + "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", + "type": "index-pattern" }, - "panelIndex": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "panelRefName": "panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0ad02752-8f13-4a8b-bf71-f85d01d0079f": { - "columnOrder": [ - "6c047f97-3b11-4f12-899b-4b613f618d42", - "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3" - ], - "columns": { - "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "6c047f97-3b11-4f12-899b-4b613f618d42": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Module", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.module" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "6c047f97-3b11-4f12-899b-4b613f618d42" - ], - "layerId": "0ad02752-8f13-4a8b-bf71-f85d01d0079f", - "layerType": "data", - "legendDisplay": "default", - "metric": "3cd0a5b1-41f3-4793-b7a8-b23e9c3631f3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "id": "logs-*", + "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", - "w": 24, - "x": 0, - "y": 35 + { + "id": "logs-*", + "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", + "type": "index-pattern" }, - "panelIndex": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58", - "title": "Distribution of System Events by Module [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cb623bef-dc47-4006-b664-410b86519536": { - "columnOrder": [ - "d1e12f64-ba47-4271-b8e9-59670d855c0c", - "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca" - ], - "columns": { - "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "d1e12f64-ba47-4271-b8e9-59670d855c0c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SYSTEM\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d1e12f64-ba47-4271-b8e9-59670d855c0c" - ], - "layerId": "cb623bef-dc47-4006-b664-410b86519536", - "layerType": "data", - "legendDisplay": "default", - "metric": "b4c3d6f4-3083-4c14-ac7d-cdc7108f38ca", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "id": "panw-c53134a0-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9:panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", + "type": "search" }, - "gridData": { - "h": 15, - "i": "f58e08fd-d5da-4ce8-9b3b-06534e199357", - "w": 24, - "x": 24, - "y": 35 + { + "id": "logs-*", + "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "f58e08fd-d5da-4ce8-9b3b-06534e199357", - "title": "Distribution of System Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "90cc1874-fa55-4459-98a9-0b8507f7de3b", - "w": 48, - "x": 0, - "y": 50 + { + "id": "logs-*", + "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "90cc1874-fa55-4459-98a9-0b8507f7de3b", - "panelRefName": "panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", + "type": "index-pattern" + }, + { + "id": "panw-d01e7260-ddb8-11ec-8e76-9b3b99f98cd4", + "name": "90cc1874-fa55-4459-98a9-0b8507f7de3b:panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] System and Config", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "59c0b5a7-0e8a-4d6a-888b-09a251a5fd4a:indexpattern-datasource-layer-2fae76dc-439c-42c6-81af-3652ed79395a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fafbb55a-9be4-4df5-a9e3-cdb4d00a051d:indexpattern-datasource-layer-71288c95-38cf-4960-9e02-bad9022fed89", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6de0f512-eff6-4299-8aa7-2945b991c526:indexpattern-datasource-layer-e5736d39-58c7-4d25-b1a6-678a9343ce65", - "type": "index-pattern" - }, - { - "id": "panw-c53134a0-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9:panel_57e5f1fd-85cb-4ba3-ad08-397ef6d0d7f9", - "type": "search" - }, - { - "id": "logs-*", - "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d299f2c7-bd4f-47f8-84bd-58e86fc21c58:indexpattern-datasource-layer-0ad02752-8f13-4a8b-bf71-f85d01d0079f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f58e08fd-d5da-4ce8-9b3b-06534e199357:indexpattern-datasource-layer-cb623bef-dc47-4006-b664-410b86519536", - "type": "index-pattern" - }, - { - "id": "panw-d01e7260-ddb8-11ec-8e76-9b3b99f98cd4", - "name": "90cc1874-fa55-4459-98a9-0b8507f7de3b:panel_90cc1874-fa55-4459-98a9-0b8507f7de3b", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json b/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json index 8f6116b0101..221f10cfbf2 100644 --- a/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json +++ b/packages/panw/kibana/dashboard/panw-e40ba240-7572-11e9-976e-65a8f47cc4c1.json @@ -1,1627 +1,1622 @@ { - "id": "panw-e40ba240-7572-11e9-976e-65a8f47cc4c1", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU4MiwxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS Networks Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"f1552cbe-a7ee-44aa-8267-84a5becc47b0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e05f7ca1-ad23-44f5-ba1e-fd4593862f64\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"1a4eafd8-1bc1-42c8-9679-cffe5c9f7d81\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Source Flows Map [Logs PANW]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", - "type": "map", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"b690c8fa-43ee-4991-9db5-9ea7243272d1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4fafc878-ca54-4363-9bd9-7b9af45ee80a\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"846dde31-2090-4d3b-85d4-8a6e3bee3ec7\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Flows Map [Logs PANW]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "attributes": { + "description": "Palo Alto Networks PAN-OS Networks Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + } + } }, - "gridData": { - "h": 15, - "i": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", - "w": 24, - "x": 24, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", - "type": "map", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1c2d6cb2-e621-4508-b091-68698e3cbdc5": { - "columnOrder": [ - "229cfee3-124b-40f5-bcd0-1d7ee1b34edd", - "56729bfd-ea64-42a8-9753-ef696d89f487" - ], - "columns": { - "229cfee3-124b-40f5-bcd0-1d7ee1b34edd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action Source", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "56729bfd-ea64-42a8-9753-ef696d89f487", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"f1552cbe-a7ee-44aa-8267-84a5becc47b0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e05f7ca1-ad23-44f5-ba1e-fd4593862f64\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"1a4eafd8-1bc1-42c8-9679-cffe5c9f7d81\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Source Flows Map [Logs PANW]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "c31e5ac3-5063-4124-9a6f-b01af9e160b4", + "type": "map", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"b690c8fa-43ee-4991-9db5-9ea7243272d1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4fafc878-ca54-4363-9bd9-7b9af45ee80a\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Flows Map [Logs PANW]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"846dde31-2090-4d3b-85d4-8a6e3bee3ec7\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Flows Map [Logs PANW]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2b2d20f7-1d92-47e1-b44d-223c78a812a2", + "type": "map", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1c2d6cb2-e621-4508-b091-68698e3cbdc5": { + "columnOrder": [ + "229cfee3-124b-40f5-bcd0-1d7ee1b34edd", + "56729bfd-ea64-42a8-9753-ef696d89f487" + ], + "columns": { + "229cfee3-124b-40f5-bcd0-1d7ee1b34edd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action Source", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "56729bfd-ea64-42a8-9753-ef696d89f487", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action_source" + }, + "56729bfd-ea64-42a8-9753-ef696d89f487": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action_source" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "56729bfd-ea64-42a8-9753-ef696d89f487" + ], + "layerId": "1c2d6cb2-e621-4508-b091-68698e3cbdc5", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "229cfee3-124b-40f5-bcd0-1d7ee1b34edd" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "56729bfd-ea64-42a8-9753-ef696d89f487": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", + "w": 15, + "x": 0, + "y": 45 }, - "layers": [ - { - "accessors": [ - "56729bfd-ea64-42a8-9753-ef696d89f487" - ], - "layerId": "1c2d6cb2-e621-4508-b091-68698e3cbdc5", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "229cfee3-124b-40f5-bcd0-1d7ee1b34edd" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", + "title": "Distribution of Traffic Events by Action Source [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "43b12ac6-d4db-411f-b08e-f5f4075e0be5": { + "columnOrder": [ + "2d5e41f9-eeab-4d27-a10e-22832cee676f", + "4de61db4-2821-402e-873a-47127e6d9b40" + ], + "columns": { + "2d5e41f9-eeab-4d27-a10e-22832cee676f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Tunnel Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4de61db4-2821-402e-873a-47127e6d9b40", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.tunnel_type" + }, + "4de61db4-2821-402e-873a-47127e6d9b40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "2d5e41f9-eeab-4d27-a10e-22832cee676f" + ], + "layerId": "43b12ac6-d4db-411f-b08e-f5f4075e0be5", + "layerType": "data", + "legendDisplay": "default", + "metric": "4de61db4-2821-402e-873a-47127e6d9b40", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", + "w": 16, + "x": 15, + "y": 45 }, - "valueLabels": "hide" - } + "panelIndex": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", + "title": "Distribution of Traffic Events by Tunnel Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", - "w": 15, - "x": 0, - "y": 45 - }, - "panelIndex": "93b617ff-5dac-4353-a0ec-6c37ed4c2531", - "title": "Distribution of Traffic Events by Action Source [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "43b12ac6-d4db-411f-b08e-f5f4075e0be5": { - "columnOrder": [ - "2d5e41f9-eeab-4d27-a10e-22832cee676f", - "4de61db4-2821-402e-873a-47127e6d9b40" - ], - "columns": { - "2d5e41f9-eeab-4d27-a10e-22832cee676f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Tunnel Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4de61db4-2821-402e-873a-47127e6d9b40", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0104fc7a-d74d-4b79-96f9-5b21d7d0940d": { + "columnOrder": [ + "ff0392e1-30de-492d-a628-c7142a500f78", + "da04cda5-8263-4e5d-8135-aa6dfd0f0f82" + ], + "columns": { + "da04cda5-8263-4e5d-8135-aa6dfd0f0f82": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ff0392e1-30de-492d-a628-c7142a500f78": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.tunnel_type" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ff0392e1-30de-492d-a628-c7142a500f78" + ], + "layerId": "0104fc7a-d74d-4b79-96f9-5b21d7d0940d", + "layerType": "data", + "legendDisplay": "default", + "metric": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "4de61db4-2821-402e-873a-47127e6d9b40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "2d5e41f9-eeab-4d27-a10e-22832cee676f" - ], - "layerId": "43b12ac6-d4db-411f-b08e-f5f4075e0be5", - "layerType": "data", - "legendDisplay": "default", - "metric": "4de61db4-2821-402e-873a-47127e6d9b40", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", + "w": 17, + "x": 31, + "y": 45 + }, + "panelIndex": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", + "title": "Distribution of Traffic Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", - "w": 16, - "x": 15, - "y": 45 - }, - "panelIndex": "5c9269a0-1965-4ad6-8490-2f9c73a5224d", - "title": "Distribution of Traffic Events by Tunnel Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0104fc7a-d74d-4b79-96f9-5b21d7d0940d": { - "columnOrder": [ - "ff0392e1-30de-492d-a628-c7142a500f78", - "da04cda5-8263-4e5d-8135-aa6dfd0f0f82" - ], - "columns": { - "da04cda5-8263-4e5d-8135-aa6dfd0f0f82": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ff0392e1-30de-492d-a628-c7142a500f78": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "80fb7018-784a-46f3-bf53-9ee5c04cc299": { + "columnOrder": [ + "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d", + "ab98b24d-f7d3-473e-904b-a72d4eaa7968", + "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", + "acde10ea-a51a-4ab6-9f04-413ef5727c85" + ], + "columns": { + "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" + }, + "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + }, + "ab98b24d-f7d3-473e-904b-a72d4eaa7968": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" + }, + "acde10ea-a51a-4ab6-9f04-413ef5727c85": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ff0392e1-30de-492d-a628-c7142a500f78" - ], - "layerId": "0104fc7a-d74d-4b79-96f9-5b21d7d0940d", - "layerType": "data", - "legendDisplay": "default", - "metric": "da04cda5-8263-4e5d-8135-aa6dfd0f0f82", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d" + }, + { + "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85" + }, + { + "columnId": "ab98b24d-f7d3-473e-904b-a72d4eaa7968", + "isTransposed": false + }, + { + "columnId": "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", + "isTransposed": false + } + ], + "layerId": "80fb7018-784a-46f3-bf53-9ee5c04cc299", + "layerType": "data" + } + }, + "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2921706d-6ceb-4030-bdb3-d18db36af7e5", + "w": 29, + "x": 0, + "y": 60 + }, + "panelIndex": "2921706d-6ceb-4030-bdb3-d18db36af7e5", + "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", - "w": 17, - "x": 31, - "y": 45 - }, - "panelIndex": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14", - "title": "Distribution of Traffic Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "80fb7018-784a-46f3-bf53-9ee5c04cc299": { - "columnOrder": [ - "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d", - "ab98b24d-f7d3-473e-904b-a72d4eaa7968", - "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", - "acde10ea-a51a-4ab6-9f04-413ef5727c85" - ], - "columns": { - "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc": { + "columnOrder": [ + "ca1f351d-5799-4a5a-88b6-a8278a82c44e", + "ae53c772-e53d-49a6-b2f8-aeb04615690f" + ], + "columns": { + "ae53c772-e53d-49a6-b2f8-aeb04615690f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ca1f351d-5799-4a5a-88b6-a8278a82c44e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session End Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae53c772-e53d-49a6-b2f8-aeb04615690f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.endreason" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "ae53c772-e53d-49a6-b2f8-aeb04615690f" + ], + "layerId": "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "ca1f351d-5799-4a5a-88b6-a8278a82c44e" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", - "type": "column" + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", + "w": 19, + "x": 29, + "y": 60 + }, + "panelIndex": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", + "title": "Distribution of Traffic Events by Session End Reason [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "w": 48, + "x": 0, + "y": 75 + }, + "panelIndex": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "panelRefName": "panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extendToTimeRange": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "30s" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_terminated" + }, + "type": "phrase", + "value": "flow_terminated" + }, + "query": { + "match": { + "event.action": { + "query": "flow_terminated", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "isVislibVis": true, + "labels": { + "show": false }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - }, - "ab98b24d-f7d3-473e-904b-a72d4eaa7968": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85", - "type": "column" + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - "acde10ea-a51a-4ab6-9f04-413ef5727c85": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "type": "histogram", + "uiState": { + "vis": { + "legendOpen": false + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "4cdf8d0b-c1eb-42af-b21e-64643c45ca2d" - }, - { - "columnId": "acde10ea-a51a-4ab6-9f04-413ef5727c85" - }, - { - "columnId": "ab98b24d-f7d3-473e-904b-a72d4eaa7968", - "isTransposed": false - }, - { - "columnId": "4dd82d3f-23e1-4a92-b59e-4d9d3d2cdbe0", - "isTransposed": false - } - ], - "layerId": "80fb7018-784a-46f3-bf53-9ee5c04cc299", - "layerType": "data" - } + }, + "gridData": { + "h": 15, + "i": "64dcfd5b-2640-432b-81b7-60405232b4a3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "64dcfd5b-2640-432b-81b7-60405232b4a3", + "title": "Flow Creation Histogram [Logs PANW]", + "type": "visualization", + "version": "8.2.1" }, - "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "2921706d-6ceb-4030-bdb3-d18db36af7e5", - "w": 29, - "x": 0, - "y": 60 - }, - "panelIndex": "2921706d-6ceb-4030-bdb3-d18db36af7e5", - "title": "Top 10 Traffic Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc": { - "columnOrder": [ - "ca1f351d-5799-4a5a-88b6-a8278a82c44e", - "ae53c772-e53d-49a6-b2f8-aeb04615690f" - ], - "columns": { - "ae53c772-e53d-49a6-b2f8-aeb04615690f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "observer.ingress.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } }, - "ca1f351d-5799-4a5a-88b6-a8278a82c44e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Session End Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae53c772-e53d-49a6-b2f8-aeb04615690f", - "type": "column" + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.endreason" + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "horizontal_bar", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "uiState": { + "vis": { + "legendOpen": false + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"TRAFFIC\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "49836c0a-6ee7-4ed7-adc9-444169243b4c", + "w": 12, + "x": 24, + "y": 15 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "49836c0a-6ee7-4ed7-adc9-444169243b4c", + "title": "Source Zone breakout [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "observer.egress.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "horizontal_bar", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "horizontal_bar", + "uiState": {} + } }, - "layers": [ - { - "accessors": [ - "ae53c772-e53d-49a6-b2f8-aeb04615690f" - ], - "layerId": "3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "ca1f351d-5799-4a5a-88b6-a8278a82c44e" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", + "w": 12, + "x": 36, + "y": 15 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", + "title": "Destination Zone breakout [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", + "w": 24, + "x": 24, + "y": 30 }, - "valueLabels": "hide" - } + "panelIndex": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", + "title": "Network Application breakout [Logs PANW]", + "type": "visualization", + "version": "8.2.1" }, - "visualizationType": "lnsXY" - }, - "enhancements": {} + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "emptyAsNull": false + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addTooltip": true, + "distinctColors": true, + "emptySizeRatio": 0.3, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendDisplay": "show", + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "60d64f0c-372d-40fd-b522-0d13a7513795", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "60d64f0c-372d-40fd-b522-0d13a7513795", + "title": "Event Outcome by Transport and Destination Port [Logs PANW]", + "type": "visualization", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] Network Flows", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-e40ba240-7572-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "c31e5ac3-5063-4124-9a6f-b01af9e160b4:layer_1_source_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", - "w": 19, - "x": 29, - "y": 60 + { + "id": "logs-*", + "name": "2b2d20f7-1d92-47e1-b44d-223c78a812a2:layer_1_source_index_pattern", + "type": "index-pattern" }, - "panelIndex": "ed22ae2c-66ec-4426-87b6-2384aa38fe59", - "title": "Distribution of Traffic Events by Session End Reason [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "w": 48, - "x": 0, - "y": 75 + { + "id": "logs-*", + "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", + "type": "index-pattern" }, - "panelIndex": "a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "panelRefName": "panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extendToTimeRange": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30s" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": true, - "params": { - "query": "flow_terminated" - }, - "type": "phrase", - "value": "flow_terminated" - }, - "query": { - "match": { - "event.action": { - "query": "flow_terminated", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "uiState": { - "vis": { - "legendOpen": false - } - } - } + { + "id": "logs-*", + "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "64dcfd5b-2640-432b-81b7-60405232b4a3", - "w": 24, - "x": 0, - "y": 15 + { + "id": "logs-*", + "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", + "type": "index-pattern" }, - "panelIndex": "64dcfd5b-2640-432b-81b7-60405232b4a3", - "title": "Flow Creation Histogram [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "observer.ingress.zone", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": true, - "params": { - "query": "flow_started" - }, - "type": "phrase", - "value": "flow_started" - }, - "query": { - "match": { - "event.action": { - "query": "flow_started", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "horizontal_bar", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "uiState": { - "vis": { - "legendOpen": false - } - } - } + { + "id": "logs-*", + "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "49836c0a-6ee7-4ed7-adc9-444169243b4c", - "w": 12, - "x": 24, - "y": 15 + { + "id": "logs-*", + "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", + "type": "index-pattern" }, - "panelIndex": "49836c0a-6ee7-4ed7-adc9-444169243b4c", - "title": "Source Zone breakout [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "observer.egress.zone", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": true, - "params": { - "query": "flow_started" - }, - "type": "phrase", - "value": "flow_started" - }, - "query": { - "match": { - "event.action": { - "query": "flow_started", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "horizontal_bar", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "uiState": {} - } + { + "id": "logs-*", + "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", - "w": 12, - "x": 36, - "y": 15 + { + "id": "logs-*", + "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", + "type": "index-pattern" }, - "panelIndex": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4", - "title": "Destination Zone breakout [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.application", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } + { + "id": "logs-*", + "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", - "w": 24, - "x": 24, - "y": 30 + { + "id": "logs-*", + "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", + "type": "index-pattern" }, - "panelIndex": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d", - "title": "Network Application breakout [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "emptyAsNull": false - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addTooltip": true, - "distinctColors": true, - "emptySizeRatio": 0.3, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendDisplay": "show", - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "uiState": {} - } + { + "id": "panw-9df5cdf0-ddaf-11ec-8e76-9b3b99f98cd4", + "name": "a2049bc0-48d4-40f0-882a-2191b99d6a8f:panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", + "type": "search" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:search_0", + "type": "search" + }, + { + "id": "logs-*", + "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "60d64f0c-372d-40fd-b522-0d13a7513795", - "w": 24, - "x": 0, - "y": 30 + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:search_0", + "type": "search" }, - "panelIndex": "60d64f0c-372d-40fd-b522-0d13a7513795", - "title": "Event Outcome by Transport and Destination Port [Logs PANW]", - "type": "visualization", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d:search_0", + "type": "search" + }, + { + "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "60d64f0c-372d-40fd-b522-0d13a7513795:search_0", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] Network Flows", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "c31e5ac3-5063-4124-9a6f-b01af9e160b4:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2b2d20f7-1d92-47e1-b44d-223c78a812a2:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "93b617ff-5dac-4353-a0ec-6c37ed4c2531:indexpattern-datasource-layer-1c2d6cb2-e621-4508-b091-68698e3cbdc5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5c9269a0-1965-4ad6-8490-2f9c73a5224d:indexpattern-datasource-layer-43b12ac6-d4db-411f-b08e-f5f4075e0be5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9fad24ef-e4b2-4d82-aebb-eebc302d4b14:indexpattern-datasource-layer-0104fc7a-d74d-4b79-96f9-5b21d7d0940d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2921706d-6ceb-4030-bdb3-d18db36af7e5:indexpattern-datasource-layer-80fb7018-784a-46f3-bf53-9ee5c04cc299", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ed22ae2c-66ec-4426-87b6-2384aa38fe59:indexpattern-datasource-layer-3fa812b2-58e7-4e77-9cf8-5d748f3cbcfc", - "type": "index-pattern" - }, - { - "id": "panw-9df5cdf0-ddaf-11ec-8e76-9b3b99f98cd4", - "name": "a2049bc0-48d4-40f0-882a-2191b99d6a8f:panel_a2049bc0-48d4-40f0-882a-2191b99d6a8f", - "type": "search" - }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "64dcfd5b-2640-432b-81b7-60405232b4a3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "49836c0a-6ee7-4ed7-adc9-444169243b4c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "b9165d23-d0b1-4a49-8a75-a461e7ea45a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "c5a5b70d-b612-445f-8a8a-2fbdf682bd4d:search_0", - "type": "search" - }, - { - "id": "panw-290685e0-7569-11e9-976e-65a8f47cc4c1", - "name": "60d64f0c-372d-40fd-b522-0d13a7513795:search_0", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json b/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json index f9519e79ab0..9958ed562bb 100644 --- a/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json +++ b/packages/panw/kibana/dashboard/panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e.json @@ -1,1417 +1,1412 @@ { - "id": "panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T22:06:16.816Z", - "version": "WzU4MywxXQ==", - "attributes": { - "description": "Palo Alto Networks PAN-OS GTP and SCTP Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"GTP\" or panw.panos.type : \"SCTP\")" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "37953b09-6cff-411c-bdb4-b6ab4667cfbf": { - "columnOrder": [ - "2e42246b-8906-4ff5-b644-1e6d90928a2e", - "d9c80c61-73d9-4246-897e-aa458c07440f" - ], - "columns": { - "2e42246b-8906-4ff5-b644-1e6d90928a2e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d9c80c61-73d9-4246-897e-aa458c07440f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.application" - }, - "d9c80c61-73d9-4246-897e-aa458c07440f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "Palo Alto Networks PAN-OS GTP and SCTP Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and (panw.panos.type : \"GTP\" or panw.panos.type : \"SCTP\")" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "2e42246b-8906-4ff5-b644-1e6d90928a2e" - ], - "layerId": "37953b09-6cff-411c-bdb4-b6ab4667cfbf", - "layerType": "data", - "legendDisplay": "default", - "metric": "d9c80c61-73d9-4246-897e-aa458c07440f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 15, - "i": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", - "title": "Distribution of GTP Events by Tunneling Protocol [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d945ceac-e350-45bc-8f86-8056e6b4777c": { - "columnOrder": [ - "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64", - "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8" - ], - "columns": { - "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "37953b09-6cff-411c-bdb4-b6ab4667cfbf": { + "columnOrder": [ + "2e42246b-8906-4ff5-b644-1e6d90928a2e", + "d9c80c61-73d9-4246-897e-aa458c07440f" + ], + "columns": { + "2e42246b-8906-4ff5-b644-1e6d90928a2e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d9c80c61-73d9-4246-897e-aa458c07440f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.application" + }, + "d9c80c61-73d9-4246-897e-aa458c07440f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64" - ], - "layerId": "d945ceac-e350-45bc-8f86-8056e6b4777c", - "layerType": "data", - "legendDisplay": "default", - "metric": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6503dfff-48b2-4894-b16d-202fd2c279ac", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "6503dfff-48b2-4894-b16d-202fd2c279ac", - "title": "Distribution of GTP Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "95b34e65-f823-4168-acb3-6de1c847a6c9": { - "columnOrder": [ - "53c725ee-0984-4504-8f5c-5a88b7c7729e", - "6bb29f78-f893-4e4a-964d-9543503100b2" - ], - "columns": { - "53c725ee-0984-4504-8f5c-5a88b7c7729e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Radio Access Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6bb29f78-f893-4e4a-964d-9543503100b2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.radio_access_technology_type" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "2e42246b-8906-4ff5-b644-1e6d90928a2e" + ], + "layerId": "37953b09-6cff-411c-bdb4-b6ab4667cfbf", + "layerType": "data", + "legendDisplay": "default", + "metric": "d9c80c61-73d9-4246-897e-aa458c07440f", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "6bb29f78-f893-4e4a-964d-9543503100b2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "53c725ee-0984-4504-8f5c-5a88b7c7729e" - ], - "layerId": "95b34e65-f823-4168-acb3-6de1c847a6c9", - "layerType": "data", - "legendDisplay": "default", - "metric": "6bb29f78-f893-4e4a-964d-9543503100b2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a", + "title": "Distribution of GTP Events by Tunneling Protocol [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d893cb39-94bb-4c57-9821-d14848a3cf62", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "d893cb39-94bb-4c57-9821-d14848a3cf62", - "title": "Distribution of GTP Events by Radio Access Technology [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ab52534a-d6bd-4d65-9809-5e6151646028": { - "columnOrder": [ - "401aab5f-22de-48c0-93c0-1f85451b39ba", - "73a018de-4600-4374-9d78-da2c48b8ec8e" - ], - "columns": { - "401aab5f-22de-48c0-93c0-1f85451b39ba": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "GTP Message Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "73a018de-4600-4374-9d78-da2c48b8ec8e", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d945ceac-e350-45bc-8f86-8056e6b4777c": { + "columnOrder": [ + "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64", + "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8" + ], + "columns": { + "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.message_type" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d92fb0e9-ac4e-4d91-a9f3-ce057a107c64" + ], + "layerId": "d945ceac-e350-45bc-8f86-8056e6b4777c", + "layerType": "data", + "legendDisplay": "default", + "metric": "6b2ca86a-28cd-4047-a4f8-e9a33c0341b8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "73a018de-4600-4374-9d78-da2c48b8ec8e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "401aab5f-22de-48c0-93c0-1f85451b39ba" - ], - "layerId": "ab52534a-d6bd-4d65-9809-5e6151646028", - "layerType": "data", - "legendDisplay": "default", - "metric": "73a018de-4600-4374-9d78-da2c48b8ec8e", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6503dfff-48b2-4894-b16d-202fd2c279ac", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "6503dfff-48b2-4894-b16d-202fd2c279ac", + "title": "Distribution of GTP Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "62030e7d-6766-4a90-8bd1-04ea752de4b8", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "62030e7d-6766-4a90-8bd1-04ea752de4b8", - "title": "Distribution of GTP Events by GTP Message Type [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "090bed90-65fa-4a6b-95cd-41cc89e205e1": { - "columnOrder": [ - "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26", - "bf904371-c8ba-4db1-a3bf-10a120d7e391", - "ea893821-5b67-4a4e-bbd0-83e101313647", - "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" - ], - "columns": { - "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Risk Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "95b34e65-f823-4168-acb3-6de1c847a6c9": { + "columnOrder": [ + "53c725ee-0984-4504-8f5c-5a88b7c7729e", + "6bb29f78-f893-4e4a-964d-9543503100b2" + ], + "columns": { + "53c725ee-0984-4504-8f5c-5a88b7c7729e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Radio Access Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6bb29f78-f893-4e4a-964d-9543503100b2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.radio_access_technology_type" + }, + "6bb29f78-f893-4e4a-964d-9543503100b2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.risk_level" - }, - "b761b153-6e66-4c26-9152-f1c8e8ddb1ac": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "53c725ee-0984-4504-8f5c-5a88b7c7729e" + ], + "layerId": "95b34e65-f823-4168-acb3-6de1c847a6c9", + "layerType": "data", + "legendDisplay": "default", + "metric": "6bb29f78-f893-4e4a-964d-9543503100b2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "bf904371-c8ba-4db1-a3bf-10a120d7e391": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d893cb39-94bb-4c57-9821-d14848a3cf62", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "d893cb39-94bb-4c57-9821-d14848a3cf62", + "title": "Distribution of GTP Events by Radio Access Technology [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ab52534a-d6bd-4d65-9809-5e6151646028": { + "columnOrder": [ + "401aab5f-22de-48c0-93c0-1f85451b39ba", + "73a018de-4600-4374-9d78-da2c48b8ec8e" + ], + "columns": { + "401aab5f-22de-48c0-93c0-1f85451b39ba": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "GTP Message Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "73a018de-4600-4374-9d78-da2c48b8ec8e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.message_type" + }, + "73a018de-4600-4374-9d78-da2c48b8ec8e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.category" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "401aab5f-22de-48c0-93c0-1f85451b39ba" + ], + "layerId": "ab52534a-d6bd-4d65-9809-5e6151646028", + "layerType": "data", + "legendDisplay": "default", + "metric": "73a018de-4600-4374-9d78-da2c48b8ec8e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ea893821-5b67-4a4e-bbd0-83e101313647": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Technology", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "62030e7d-6766-4a90-8bd1-04ea752de4b8", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "62030e7d-6766-4a90-8bd1-04ea752de4b8", + "title": "Distribution of GTP Events by GTP Message Type [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "090bed90-65fa-4a6b-95cd-41cc89e205e1": { + "columnOrder": [ + "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26", + "bf904371-c8ba-4db1-a3bf-10a120d7e391", + "ea893821-5b67-4a4e-bbd0-83e101313647", + "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" + ], + "columns": { + "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Risk Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.risk_level" + }, + "b761b153-6e66-4c26-9152-f1c8e8ddb1ac": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "bf904371-c8ba-4db1-a3bf-10a120d7e391": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.category" + }, + "ea893821-5b67-4a4e-bbd0-83e101313647": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Technology", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "panw.panos.application.technology" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "panw.panos.application.technology" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type :\"GTP\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26" - }, - { - "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" - }, - { - "columnId": "bf904371-c8ba-4db1-a3bf-10a120d7e391", - "isTransposed": false - }, - { - "columnId": "ea893821-5b67-4a4e-bbd0-83e101313647", - "isTransposed": false - } - ], - "layerId": "090bed90-65fa-4a6b-95cd-41cc89e205e1", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", - "w": 30, - "x": 0, - "y": 30 - }, - "panelIndex": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", - "title": "Top 10 GTP Events with Highest Application Risk [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7c5c56c1-1c2d-4b04-829c-e6708722edb5": { - "columnOrder": [ - "a4e93049-e21a-40bb-ac4c-f14870d2be28", - "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67" - ], - "columns": { - "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type :\"GTP\"" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "89e2ab5a-d5a1-46c9-b17d-9024c98fbb26" + }, + { + "columnId": "b761b153-6e66-4c26-9152-f1c8e8ddb1ac" + }, + { + "columnId": "bf904371-c8ba-4db1-a3bf-10a120d7e391", + "isTransposed": false + }, + { + "columnId": "ea893821-5b67-4a4e-bbd0-83e101313647", + "isTransposed": false + } + ], + "layerId": "090bed90-65fa-4a6b-95cd-41cc89e205e1", + "layerType": "data" + } }, - "a4e93049-e21a-40bb-ac4c-f14870d2be28": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", + "w": 30, + "x": 0, + "y": 30 + }, + "panelIndex": "da1fdcfd-a120-4eb6-bd40-93731a66af2a", + "title": "Top 10 GTP Events with Highest Application Risk [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7c5c56c1-1c2d-4b04-829c-e6708722edb5": { + "columnOrder": [ + "a4e93049-e21a-40bb-ac4c-f14870d2be28", + "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67" + ], + "columns": { + "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "a4e93049-e21a-40bb-ac4c-f14870d2be28": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a4e93049-e21a-40bb-ac4c-f14870d2be28" - ], - "layerId": "7c5c56c1-1c2d-4b04-829c-e6708722edb5", - "layerType": "data", - "legendDisplay": "default", - "metric": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3d040105-b7ad-4af9-95ef-b0b39df4f108", - "w": 18, - "x": 30, - "y": 30 - }, - "panelIndex": "3d040105-b7ad-4af9-95ef-b0b39df4f108", - "title": "Distribution of GTP Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "panelRefName": "panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "type": "search", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8899e6ee-bb67-41c3-9d68-54d139f158c5": { - "columnOrder": [ - "6e89644d-eddc-4e20-9f14-e85dd45f27d2", - "19764130-3b6d-4478-a9d0-0c5eadab7b7c" - ], - "columns": { - "19764130-3b6d-4478-a9d0-0c5eadab7b7c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"GTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a4e93049-e21a-40bb-ac4c-f14870d2be28" + ], + "layerId": "7c5c56c1-1c2d-4b04-829c-e6708722edb5", + "layerType": "data", + "legendDisplay": "default", + "metric": "48311c6c-e2ad-4bbf-a1b6-34c6f4764d67", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "6e89644d-eddc-4e20-9f14-e85dd45f27d2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "SCTP Association End Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3d040105-b7ad-4af9-95ef-b0b39df4f108", + "w": 18, + "x": 30, + "y": 30 + }, + "panelIndex": "3d040105-b7ad-4af9-95ef-b0b39df4f108", + "title": "Distribution of GTP Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 20, + "i": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "panelRefName": "panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "type": "search", + "version": "8.2.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8899e6ee-bb67-41c3-9d68-54d139f158c5": { + "columnOrder": [ + "6e89644d-eddc-4e20-9f14-e85dd45f27d2", + "19764130-3b6d-4478-a9d0-0c5eadab7b7c" + ], + "columns": { + "19764130-3b6d-4478-a9d0-0c5eadab7b7c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "6e89644d-eddc-4e20-9f14-e85dd45f27d2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "SCTP Association End Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.sctp.assoc_end_reason" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.sctp.assoc_end_reason" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "6e89644d-eddc-4e20-9f14-e85dd45f27d2" - ], - "layerId": "8899e6ee-bb67-41c3-9d68-54d139f158c5", - "layerType": "data", - "legendDisplay": "default", - "metric": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "6e89644d-eddc-4e20-9f14-e85dd45f27d2" + ], + "layerId": "8899e6ee-bb67-41c3-9d68-54d139f158c5", + "layerType": "data", + "legendDisplay": "default", + "metric": "19764130-3b6d-4478-a9d0-0c5eadab7b7c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", + "w": 16, + "x": 0, + "y": 65 + }, + "panelIndex": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", + "title": "Distribution of SCTP Events by SCTP Association End Reason [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", - "w": 16, - "x": 0, - "y": 65 - }, - "panelIndex": "5ed3e745-5f78-4873-bb42-8159bb09f8dc", - "title": "Distribution of SCTP Events by SCTP Association End Reason [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "74cb4c8b-d3a7-42e0-af64-03572454b444": { - "columnOrder": [ - "392aaef7-65c9-44cf-a61f-45eab7b41642", - "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6" - ], - "columns": { - "392aaef7-65c9-44cf-a61f-45eab7b41642": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Operation Code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "74cb4c8b-d3a7-42e0-af64-03572454b444": { + "columnOrder": [ + "392aaef7-65c9-44cf-a61f-45eab7b41642", + "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6" + ], + "columns": { + "392aaef7-65c9-44cf-a61f-45eab7b41642": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operation Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.op_code" + }, + "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.op_code" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "392aaef7-65c9-44cf-a61f-45eab7b41642" + ], + "layerId": "74cb4c8b-d3a7-42e0-af64-03572454b444", + "layerType": "data", + "legendDisplay": "default", + "metric": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "392aaef7-65c9-44cf-a61f-45eab7b41642" - ], - "layerId": "74cb4c8b-d3a7-42e0-af64-03572454b444", - "layerType": "data", - "legendDisplay": "default", - "metric": "ccd030e5-3709-4fca-a2c2-5b9ec23d29c6", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "facc00d8-cfd3-4475-8407-632ca7083abe", + "w": 15, + "x": 16, + "y": 65 + }, + "panelIndex": "facc00d8-cfd3-4475-8407-632ca7083abe", + "title": "Distribution of SCTP Events by Operation Code [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "facc00d8-cfd3-4475-8407-632ca7083abe", - "w": 15, - "x": 16, - "y": 65 - }, - "panelIndex": "facc00d8-cfd3-4475-8407-632ca7083abe", - "title": "Distribution of SCTP Events by Operation Code [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4c84f3fe-a72a-4ed6-9859-34f408db5ed0": { - "columnOrder": [ - "fc6926b0-8681-45e3-953a-4cd54adcdfdb", - "5ab2e7c2-6c93-4948-a172-7628061d9ac8" - ], - "columns": { - "5ab2e7c2-6c93-4948-a172-7628061d9ac8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "fc6926b0-8681-45e3-953a-4cd54adcdfdb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4c84f3fe-a72a-4ed6-9859-34f408db5ed0": { + "columnOrder": [ + "fc6926b0-8681-45e3-953a-4cd54adcdfdb", + "5ab2e7c2-6c93-4948-a172-7628061d9ac8" + ], + "columns": { + "5ab2e7c2-6c93-4948-a172-7628061d9ac8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "fc6926b0-8681-45e3-953a-4cd54adcdfdb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "log.level" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "log.level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "fc6926b0-8681-45e3-953a-4cd54adcdfdb" - ], - "layerId": "4c84f3fe-a72a-4ed6-9859-34f408db5ed0", - "layerType": "data", - "legendDisplay": "default", - "metric": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "fc6926b0-8681-45e3-953a-4cd54adcdfdb" + ], + "layerId": "4c84f3fe-a72a-4ed6-9859-34f408db5ed0", + "layerType": "data", + "legendDisplay": "default", + "metric": "5ab2e7c2-6c93-4948-a172-7628061d9ac8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "70be4044-e443-471d-afa2-8c9ad770c1cf", + "w": 17, + "x": 31, + "y": 65 + }, + "panelIndex": "70be4044-e443-471d-afa2-8c9ad770c1cf", + "title": "Distribution of SCTP Events by Severity [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "70be4044-e443-471d-afa2-8c9ad770c1cf", - "w": 17, - "x": 31, - "y": 65 - }, - "panelIndex": "70be4044-e443-471d-afa2-8c9ad770c1cf", - "title": "Distribution of SCTP Events by Severity [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f": { - "columnOrder": [ - "b44e1938-0591-40b2-b5f6-e02e9849da69", - "f5ff81ac-d2dd-419e-baef-ad6508a26281" - ], - "columns": { - "b44e1938-0591-40b2-b5f6-e02e9849da69": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f5ff81ac-d2dd-419e-baef-ad6508a26281", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f": { + "columnOrder": [ + "b44e1938-0591-40b2-b5f6-e02e9849da69", + "f5ff81ac-d2dd-419e-baef-ad6508a26281" + ], + "columns": { + "b44e1938-0591-40b2-b5f6-e02e9849da69": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f5ff81ac-d2dd-419e-baef-ad6508a26281", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.action" + }, + "f5ff81ac-d2dd-419e-baef-ad6508a26281": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.action" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b44e1938-0591-40b2-b5f6-e02e9849da69" + ], + "layerId": "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", + "layerType": "data", + "legendDisplay": "default", + "metric": "f5ff81ac-d2dd-419e-baef-ad6508a26281", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "f5ff81ac-d2dd-419e-baef-ad6508a26281": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b44e1938-0591-40b2-b5f6-e02e9849da69" - ], - "layerId": "ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", - "layerType": "data", - "legendDisplay": "default", - "metric": "f5ff81ac-d2dd-419e-baef-ad6508a26281", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "7f515d29-459d-45c9-9e53-05f1822e90bf", + "w": 24, + "x": 0, + "y": 80 + }, + "panelIndex": "7f515d29-459d-45c9-9e53-05f1822e90bf", + "title": "Distribution of SCTP Events by Action taken on Session [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7f515d29-459d-45c9-9e53-05f1822e90bf", - "w": 24, - "x": 0, - "y": 80 - }, - "panelIndex": "7f515d29-459d-45c9-9e53-05f1822e90bf", - "title": "Distribution of SCTP Events by Action taken on Session [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "34c3c1e6-8715-4350-a814-8d4a92963eb9": { - "columnOrder": [ - "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37", - "fe38243b-d323-4825-898e-b06434925a09" - ], - "columns": { - "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "SCTP Filter Matched", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "fe38243b-d323-4825-898e-b06434925a09", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "34c3c1e6-8715-4350-a814-8d4a92963eb9": { + "columnOrder": [ + "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37", + "fe38243b-d323-4825-898e-b06434925a09" + ], + "columns": { + "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "SCTP Filter Matched", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "fe38243b-d323-4825-898e-b06434925a09", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "panw.panos.sctp.filter" + }, + "fe38243b-d323-4825-898e-b06434925a09": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "panw.panos.sctp.filter" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37" + ], + "layerId": "34c3c1e6-8715-4350-a814-8d4a92963eb9", + "layerType": "data", + "legendDisplay": "default", + "metric": "fe38243b-d323-4825-898e-b06434925a09", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "fe38243b-d323-4825-898e-b06434925a09": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"panw.panos\" and panw.panos.type : \"SCTP\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "9618fef3-ccaa-4691-ae3b-a5cc9f3aaf37" - ], - "layerId": "34c3c1e6-8715-4350-a814-8d4a92963eb9", - "layerType": "data", - "legendDisplay": "default", - "metric": "fe38243b-d323-4825-898e-b06434925a09", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "38bf38e1-1bce-432d-9f95-1350427f72f4", + "w": 24, + "x": 24, + "y": 80 + }, + "panelIndex": "38bf38e1-1bce-432d-9f95-1350427f72f4", + "title": "Distribution of SCTP Events by SCTP Filter Matched [Logs PANW]", + "type": "lens", + "version": "8.2.1" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "w": 48, + "x": 0, + "y": 95 + }, + "panelIndex": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "panelRefName": "panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "type": "search", + "version": "8.2.1" + } + ], + "timeRestore": false, + "title": "[Logs PANW] GTP and SCTP", + "version": 1 + }, + "coreMigrationVersion": "8.2.1", + "id": "panw-f84a1440-dcf7-11ec-8b8b-1fae02ab6a5e", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", + "type": "index-pattern" + }, + { + "id": "panw-89e2f970-ddb7-11ec-8e76-9b3b99f98cd4", + "name": "4abbd412-3516-4fdc-9796-c4c3aa34d48a:panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", + "type": "search" + }, + { + "id": "logs-*", + "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "38bf38e1-1bce-432d-9f95-1350427f72f4", - "w": 24, - "x": 24, - "y": 80 + { + "id": "logs-*", + "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", + "type": "index-pattern" }, - "panelIndex": "38bf38e1-1bce-432d-9f95-1350427f72f4", - "title": "Distribution of SCTP Events by SCTP Filter Matched [Logs PANW]", - "type": "lens", - "version": "8.2.1" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 19, - "i": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "w": 48, - "x": 0, - "y": 95 + { + "id": "logs-*", + "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", + "type": "index-pattern" }, - "panelIndex": "72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "panelRefName": "panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "type": "search", - "version": "8.2.1" - } + { + "id": "logs-*", + "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", + "type": "index-pattern" + }, + { + "id": "panw-92083d90-ddb7-11ec-8e76-9b3b99f98cd4", + "name": "72bdd19e-c6f3-471a-894e-6dde6b0dab68:panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", + "type": "search" + } ], - "timeRestore": false, - "title": "[Logs PANW] GTP and SCTP", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d24a3e24-73f6-4e1f-84f7-5885b8bf817a:indexpattern-datasource-layer-37953b09-6cff-411c-bdb4-b6ab4667cfbf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6503dfff-48b2-4894-b16d-202fd2c279ac:indexpattern-datasource-layer-d945ceac-e350-45bc-8f86-8056e6b4777c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d893cb39-94bb-4c57-9821-d14848a3cf62:indexpattern-datasource-layer-95b34e65-f823-4168-acb3-6de1c847a6c9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "62030e7d-6766-4a90-8bd1-04ea752de4b8:indexpattern-datasource-layer-ab52534a-d6bd-4d65-9809-5e6151646028", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "da1fdcfd-a120-4eb6-bd40-93731a66af2a:indexpattern-datasource-layer-090bed90-65fa-4a6b-95cd-41cc89e205e1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3d040105-b7ad-4af9-95ef-b0b39df4f108:indexpattern-datasource-layer-7c5c56c1-1c2d-4b04-829c-e6708722edb5", - "type": "index-pattern" - }, - { - "id": "panw-89e2f970-ddb7-11ec-8e76-9b3b99f98cd4", - "name": "4abbd412-3516-4fdc-9796-c4c3aa34d48a:panel_4abbd412-3516-4fdc-9796-c4c3aa34d48a", - "type": "search" - }, - { - "id": "logs-*", - "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5ed3e745-5f78-4873-bb42-8159bb09f8dc:indexpattern-datasource-layer-8899e6ee-bb67-41c3-9d68-54d139f158c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "facc00d8-cfd3-4475-8407-632ca7083abe:indexpattern-datasource-layer-74cb4c8b-d3a7-42e0-af64-03572454b444", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "70be4044-e443-471d-afa2-8c9ad770c1cf:indexpattern-datasource-layer-4c84f3fe-a72a-4ed6-9859-34f408db5ed0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7f515d29-459d-45c9-9e53-05f1822e90bf:indexpattern-datasource-layer-ab7a5671-1d41-43f4-8af3-cd2f9e20c48f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "38bf38e1-1bce-432d-9f95-1350427f72f4:indexpattern-datasource-layer-34c3c1e6-8715-4350-a814-8d4a92963eb9", - "type": "index-pattern" - }, - { - "id": "panw-92083d90-ddb7-11ec-8e76-9b3b99f98cd4", - "name": "72bdd19e-c6f3-471a-894e-6dde6b0dab68:panel_72bdd19e-c6f3-471a-894e-6dde6b0dab68", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file From 987d472e97919ca120f07cdafc05ce7b054c9fd0 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:11:00 +0530 Subject: [PATCH 058/103] revert panw changelog --- packages/panw/changelog.yml | 5 ----- packages/panw/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 8fc425431e4..9b33070335e 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "3.1.3" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "3.1.2" changes: - description: Fix handling of event.outcome. diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index 181b552eaa6..e1bed8eb621 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Next-Gen Firewall -version: 3.1.3 +version: 3.1.2 release: ga description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration From 7044b0606f5434d5bf9e2e29a9972007d7d6233d Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:24:06 +0530 Subject: [PATCH 059/103] Revert "all inlined in proofpoint_tap" This reverts commit 75a24faf960f14df979bea9516a8e969f1ca7972. --- ...-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json | 1437 +++++---- ...-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json | 1399 ++++---- ...-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json | 2803 ++++++++--------- ...-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json | 2305 +++++++------- 4 files changed, 3962 insertions(+), 3982 deletions(-) diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json index 9ffcf16da4a..204d188fde2 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9.json @@ -1,746 +1,741 @@ { - "id": "proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:32:30.064Z", - "version": "WzYyMiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "w": 48, - "x": 0, - "y": 67 - }, - "panelIndex": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "panelRefName": "panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4ff0e011-970a-4b60-9158-962f4e89fbbe": { - "columnOrder": [ - "dc762ac8-6645-45a7-ba44-b3fbd0309338" - ], - "columns": { - "dc762ac8-6645-45a7-ba44-b3fbd0309338": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Clicks", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", - "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", - "layerType": "data" - } - }, - "title": "Count of Clicks [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 15, - "i": "39f0263c-ab86-416a-8048-83d13edbdbab", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "39f0263c-ab86-416a-8048-83d13edbdbab", - "title": "Count of Clicks [Logs Proofpoint TAP]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "09466534-a461-4fbb-850b-fba8df6b7c37": { - "columnOrder": [ - "caef084e-7dca-43d6-8538-a2806796463e", - "8c76f7ef-0d3f-4558-8835-17fa53443a49", - "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" - ], - "columns": { - "8c76f7ef-0d3f-4558-8835-17fa53443a49": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" - ], - "scale": "ratio" - }, - "8c76f7ef-0d3f-4558-8835-17fa53443a49X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of count()", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "w": 48, + "x": 0, + "y": 67 + }, + "panelIndex": "aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "panelRefName": "panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4ff0e011-970a-4b60-9158-962f4e89fbbe": { + "columnOrder": [ + "dc762ac8-6645-45a7-ba44-b3fbd0309338" + ], + "columns": { + "dc762ac8-6645-45a7-ba44-b3fbd0309338": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Clicks", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", + "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", + "layerType": "data" + } }, - "caef084e-7dca-43d6-8538-a2806796463e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" + "title": "Count of Clicks [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "39f0263c-ab86-416a-8048-83d13edbdbab", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "39f0263c-ab86-416a-8048-83d13edbdbab", + "title": "Count of Clicks [Logs Proofpoint TAP]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "asc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_blocked.classification" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "caef084e-7dca-43d6-8538-a2806796463e" - ], - "layerId": "09466534-a461-4fbb-850b-fba8df6b7c37", - "layerType": "data", - "legendDisplay": "default", - "metric": "8c76f7ef-0d3f-4558-8835-17fa53443a49", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "09466534-a461-4fbb-850b-fba8df6b7c37": { + "columnOrder": [ + "caef084e-7dca-43d6-8538-a2806796463e", + "8c76f7ef-0d3f-4558-8835-17fa53443a49", + "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" + ], + "columns": { + "8c76f7ef-0d3f-4558-8835-17fa53443a49": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "formula", + "params": { + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "8c76f7ef-0d3f-4558-8835-17fa53443a49X0" + ], + "scale": "ratio" + }, + "8c76f7ef-0d3f-4558-8835-17fa53443a49X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of count()", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "caef084e-7dca-43d6-8538-a2806796463e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_blocked.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "caef084e-7dca-43d6-8538-a2806796463e" + ], + "layerId": "09466534-a461-4fbb-850b-fba8df6b7c37", + "layerType": "data", + "legendDisplay": "default", + "metric": "8c76f7ef-0d3f-4558-8835-17fa53443a49", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d6f150e5-a82f-453c-867a-3c0f40ba826b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "d6f150e5-a82f-453c-867a-3c0f40ba826b", + "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "d6f150e5-a82f-453c-867a-3c0f40ba826b", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "d6f150e5-a82f-453c-867a-3c0f40ba826b", - "title": "Distribution of Blocked Clicks by Classification [Logs Proofpoint TAP]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "062ab937-584b-4266-b89a-e0965350fd15": { - "columnOrder": [ - "b4231a92-a121-4d7b-8975-7deb595868c2", - "e4a9c4a7-4e05-4669-8842-47a87900ad7c" - ], - "columns": { - "b4231a92-a121-4d7b-8975-7deb595868c2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "062ab937-584b-4266-b89a-e0965350fd15": { + "columnOrder": [ + "b4231a92-a121-4d7b-8975-7deb595868c2", + "e4a9c4a7-4e05-4669-8842-47a87900ad7c" + ], + "columns": { + "b4231a92-a121-4d7b-8975-7deb595868c2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "url.full" + }, + "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "url.full" + "visualization": { + "columns": [ + { + "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", + "isTransposed": false + }, + { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "isTransposed": false + } + ], + "layerId": "062ab937-584b-4266-b89a-e0965350fd15", + "layerType": "data" + } }, - "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", - "isTransposed": false - }, - { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "isTransposed": false - } - ], - "layerId": "062ab937-584b-4266-b89a-e0965350fd15", - "layerType": "data" - } + "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "b921de2f-edd5-4539-bb51-c94c5ddf4541", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "b921de2f-edd5-4539-bb51-c94c5ddf4541", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b921de2f-edd5-4539-bb51-c94c5ddf4541", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "b921de2f-edd5-4539-bb51-c94c5ddf4541", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + }, + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4240bdb9-8306-43fe-8b7a-815e70e28fec", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "4240bdb9-8306-43fe-8b7a-815e70e28fec", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4240bdb9-8306-43fe-8b7a-815e70e28fec", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "4240bdb9-8306-43fe-8b7a-815e70e28fec", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f7d425df-4f7d-4e18-993d-b8a10cdffe22": { - "columnOrder": [ - "967f19a8-3944-4a64-a05f-037bcf1f238c", - "ea922d0b-14cf-4625-b038-71d6a627f340" - ], - "columns": { - "967f19a8-3944-4a64-a05f-037bcf1f238c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ea922d0b-14cf-4625-b038-71d6a627f340", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_blocked.threat.status" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f7d425df-4f7d-4e18-993d-b8a10cdffe22": { + "columnOrder": [ + "967f19a8-3944-4a64-a05f-037bcf1f238c", + "ea922d0b-14cf-4625-b038-71d6a627f340" + ], + "columns": { + "967f19a8-3944-4a64-a05f-037bcf1f238c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ea922d0b-14cf-4625-b038-71d6a627f340", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_blocked.threat.status" + }, + "ea922d0b-14cf-4625-b038-71d6a627f340": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "967f19a8-3944-4a64-a05f-037bcf1f238c" + ], + "layerId": "f7d425df-4f7d-4e18-993d-b8a10cdffe22", + "layerType": "data", + "legendDisplay": "default", + "metric": "ea922d0b-14cf-4625-b038-71d6a627f340", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ea922d0b-14cf-4625-b038-71d6a627f340": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "967f19a8-3944-4a64-a05f-037bcf1f238c" - ], - "layerId": "f7d425df-4f7d-4e18-993d-b8a10cdffe22", - "layerType": "data", - "legendDisplay": "default", - "metric": "ea922d0b-14cf-4625-b038-71d6a627f340", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Blocked Clicks by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Blocked Clicks by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { - "columnOrder": [ - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "366f6367-65c3-4e65-8c28-f41b1ef719cf" - ], - "columns": { - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { + "columnOrder": [ + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "366f6367-65c3-4e65-8c28-f41b1ef719cf" + ], + "columns": { + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "366f6367-65c3-4e65-8c28-f41b1ef719cf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.ip" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "isTransposed": false + }, + { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "isTransposed": false + } + ], + "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "layerType": "data" + } }, - "366f6367-65c3-4e65-8c28-f41b1ef719cf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "isTransposed": false - }, - { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "isTransposed": false - } - ], - "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "layerType": "data" - } + "title": "Top 10 Click IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3afffe1a-ab24-4a60-bb83-1973840a6b89", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "3afffe1a-ab24-4a60-bb83-1973840a6b89", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Click IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Clicks on URL by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 270, + "minLat": -66.51326, + "minLon": -270 + }, + "mapCenter": { + "lat": 51.78838, + "lon": 18.18583, + "zoom": 1.14 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 22, + "i": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", + "type": "map", + "version": "7.17.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Blocked Clicks", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "proofpoint_tap-3ad578f0-b5a6-11ec-a9d0-e94ed15a14b9", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", + "name": "aa104adb-fbc4-4019-9fda-9f1ca4886d64:panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", + "type": "search" + }, + { + "id": "logs-*", + "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "3afffe1a-ab24-4a60-bb83-1973840a6b89", - "w": 24, - "x": 24, - "y": 30 + { + "id": "logs-*", + "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", + "type": "index-pattern" }, - "panelIndex": "3afffe1a-ab24-4a60-bb83-1973840a6b89", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Clicks on URL by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 270, - "minLat": -66.51326, - "minLon": -270 - }, - "mapCenter": { - "lat": 51.78838, - "lon": 18.18583, - "zoom": 1.14 - }, - "openTOCDetails": [] + { + "id": "logs-*", + "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 22, - "i": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", - "w": 48, - "x": 0, - "y": 45 + { + "id": "logs-*", + "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" }, - "panelIndex": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f", - "type": "map", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f:layer_1_source_index_pattern", + "type": "index-pattern" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Blocked Clicks", - "version": 1 - }, - "references": [ - { - "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", - "name": "aa104adb-fbc4-4019-9fda-9f1ca4886d64:panel_aa104adb-fbc4-4019-9fda-9f1ca4886d64", - "type": "search" - }, - { - "id": "logs-*", - "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "39f0263c-ab86-416a-8048-83d13edbdbab:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d6f150e5-a82f-453c-867a-3c0f40ba826b:indexpattern-datasource-layer-09466534-a461-4fbb-850b-fba8df6b7c37", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b921de2f-edd5-4539-bb51-c94c5ddf4541:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4240bdb9-8306-43fe-8b7a-815e70e28fec:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "37d32a2d-1d55-4da8-a1f0-4d5ad81c0f89:indexpattern-datasource-layer-f7d425df-4f7d-4e18-993d-b8a10cdffe22", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3afffe1a-ab24-4a60-bb83-1973840a6b89:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2e6e0f5d-6968-46c7-9ccf-d0324b2e467f:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json index 9ca18e92b73..9409beb4eee 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9.json @@ -1,726 +1,721 @@ { - "id": "proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:32:30.064Z", - "version": "WzYyMywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 22, - "i": "7fe02808-920c-4356-a052-d449b2e57ed5", - "w": 48, - "x": 0, - "y": 66 - }, - "panelIndex": "7fe02808-920c-4356-a052-d449b2e57ed5", - "panelRefName": "panel_7fe02808-920c-4356-a052-d449b2e57ed5", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4ff0e011-970a-4b60-9158-962f4e89fbbe": { - "columnOrder": [ - "dc762ac8-6645-45a7-ba44-b3fbd0309338" - ], - "columns": { - "dc762ac8-6645-45a7-ba44-b3fbd0309338": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Clicks", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", - "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", - "layerType": "data" - } - }, - "title": "Count of Clicks [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 15, - "i": "2d93f439-bff8-4e48-b469-fca11e18ba81", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "2d93f439-bff8-4e48-b469-fca11e18ba81", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4": { - "columnOrder": [ - "f13e79eb-00ed-4e68-98b5-b5c927055fec", - "0466e119-38e8-4d0a-a48f-9b2e7a89d213" - ], - "columns": { - "0466e119-38e8-4d0a-a48f-9b2e7a89d213": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f13e79eb-00ed-4e68-98b5-b5c927055fec": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 22, + "i": "7fe02808-920c-4356-a052-d449b2e57ed5", + "w": 48, + "x": 0, + "y": 66 + }, + "panelIndex": "7fe02808-920c-4356-a052-d449b2e57ed5", + "panelRefName": "panel_7fe02808-920c-4356-a052-d449b2e57ed5", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_permitted.classification" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "f13e79eb-00ed-4e68-98b5-b5c927055fec" - ], - "layerId": "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", - "layerType": "data", - "legendDisplay": "default", - "metric": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4ff0e011-970a-4b60-9158-962f4e89fbbe": { + "columnOrder": [ + "dc762ac8-6645-45a7-ba44-b3fbd0309338" + ], + "columns": { + "dc762ac8-6645-45a7-ba44-b3fbd0309338": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Clicks", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "dc762ac8-6645-45a7-ba44-b3fbd0309338", + "layerId": "4ff0e011-970a-4b60-9158-962f4e89fbbe", + "layerType": "data" + } + }, + "title": "Count of Clicks [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2d93f439-bff8-4e48-b469-fca11e18ba81", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2d93f439-bff8-4e48-b469-fca11e18ba81", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Permitted Clicks by Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "05a16b7a-9e32-4398-b547-b44ba5dd1572", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "05a16b7a-9e32-4398-b547-b44ba5dd1572", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c4191f86-9c54-4a06-a3dd-842b3ef7c241": { - "columnOrder": [ - "a3e04efb-2f37-464b-a6f2-23c0e19d790d", - "40a5f8c4-9eb3-4dcf-8520-acdb820944df" - ], - "columns": { - "40a5f8c4-9eb3-4dcf-8520-acdb820944df": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4": { + "columnOrder": [ + "f13e79eb-00ed-4e68-98b5-b5c927055fec", + "0466e119-38e8-4d0a-a48f-9b2e7a89d213" + ], + "columns": { + "0466e119-38e8-4d0a-a48f-9b2e7a89d213": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "f13e79eb-00ed-4e68-98b5-b5c927055fec": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_permitted.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f13e79eb-00ed-4e68-98b5-b5c927055fec" + ], + "layerId": "1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", + "layerType": "data", + "legendDisplay": "default", + "metric": "0466e119-38e8-4d0a-a48f-9b2e7a89d213", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "a3e04efb-2f37-464b-a6f2-23c0e19d790d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", - "type": "column" + "title": "Distribution of Permitted Clicks by Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "05a16b7a-9e32-4398-b547-b44ba5dd1572", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "05a16b7a-9e32-4398-b547-b44ba5dd1572", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.clicks_permitted.threat.status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a3e04efb-2f37-464b-a6f2-23c0e19d790d" - ], - "layerId": "c4191f86-9c54-4a06-a3dd-842b3ef7c241", - "layerType": "data", - "legendDisplay": "default", - "metric": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c4191f86-9c54-4a06-a3dd-842b3ef7c241": { + "columnOrder": [ + "a3e04efb-2f37-464b-a6f2-23c0e19d790d", + "40a5f8c4-9eb3-4dcf-8520-acdb820944df" + ], + "columns": { + "40a5f8c4-9eb3-4dcf-8520-acdb820944df": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "a3e04efb-2f37-464b-a6f2-23c0e19d790d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.clicks_permitted.threat.status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.clicks_permitted\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a3e04efb-2f37-464b-a6f2-23c0e19d790d" + ], + "layerId": "c4191f86-9c54-4a06-a3dd-842b3ef7c241", + "layerType": "data", + "legendDisplay": "default", + "metric": "40a5f8c4-9eb3-4dcf-8520-acdb820944df", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Permitted Clicks by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Permitted Clicks by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "771e46d7-ce5c-4c0d-81b2-841e283abf2c", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "062ab937-584b-4266-b89a-e0965350fd15": { - "columnOrder": [ - "b4231a92-a121-4d7b-8975-7deb595868c2", - "e4a9c4a7-4e05-4669-8842-47a87900ad7c" - ], - "columns": { - "b4231a92-a121-4d7b-8975-7deb595868c2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "url.full" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "062ab937-584b-4266-b89a-e0965350fd15": { + "columnOrder": [ + "b4231a92-a121-4d7b-8975-7deb595868c2", + "e4a9c4a7-4e05-4669-8842-47a87900ad7c" + ], + "columns": { + "b4231a92-a121-4d7b-8975-7deb595868c2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "url.full" + }, + "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", + "isTransposed": false + }, + { + "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", + "isTransposed": false + } + ], + "layerId": "062ab937-584b-4266-b89a-e0965350fd15", + "layerType": "data" + } }, - "e4a9c4a7-4e05-4669-8842-47a87900ad7c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "b4231a92-a121-4d7b-8975-7deb595868c2", - "isTransposed": false - }, - { - "columnId": "e4a9c4a7-4e05-4669-8842-47a87900ad7c", - "isTransposed": false - } - ], - "layerId": "062ab937-584b-4266-b89a-e0965350fd15", - "layerType": "data" - } + "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Malicious URL [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + }, + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "85ab74a3-eb94-47f2-9592-6654f540d9d5", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "85ab74a3-eb94-47f2-9592-6654f540d9d5", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "85ab74a3-eb94-47f2-9592-6654f540d9d5", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "85ab74a3-eb94-47f2-9592-6654f540d9d5", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { - "columnOrder": [ - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "366f6367-65c3-4e65-8c28-f41b1ef719cf" - ], - "columns": { - "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4080ef48-91f4-4339-a059-fa6a9d0fcce8": { + "columnOrder": [ + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "366f6367-65c3-4e65-8c28-f41b1ef719cf" + ], + "columns": { + "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "366f6367-65c3-4e65-8c28-f41b1ef719cf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.ip" + "visualization": { + "columns": [ + { + "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", + "isTransposed": false + }, + { + "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", + "isTransposed": false + } + ], + "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "layerType": "data" + } }, - "366f6367-65c3-4e65-8c28-f41b1ef719cf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "2f67b930-a92f-41ef-96cd-5d9cc5de8d8d", - "isTransposed": false - }, - { - "columnId": "366f6367-65c3-4e65-8c28-f41b1ef719cf", - "isTransposed": false - } - ], - "layerId": "4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "layerType": "data" - } + "title": "Top 10 Click IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "bae14c77-2488-49e8-87e1-f60be58b1ad9", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "bae14c77-2488-49e8-87e1-f60be58b1ad9", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Click IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Clicks on URL by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 180, + "minLat": -66.51326, + "minLon": -180 + }, + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 1.14 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 21, + "i": "b4c89de9-9f07-4261-8fd5-554b89dbb714", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "b4c89de9-9f07-4261-8fd5-554b89dbb714", + "type": "map", + "version": "7.17.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Permitted Clicks", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "proofpoint_tap-770903b0-b5aa-11ec-a9d0-e94ed15a14b9", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", + "name": "7fe02808-920c-4356-a052-d449b2e57ed5:panel_7fe02808-920c-4356-a052-d449b2e57ed5", + "type": "search" + }, + { + "id": "logs-*", + "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "bae14c77-2488-49e8-87e1-f60be58b1ad9", - "w": 24, - "x": 24, - "y": 30 + { + "id": "logs-*", + "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "bae14c77-2488-49e8-87e1-f60be58b1ad9", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"1d744b4f-b6df-4195-bfea-8e64340b7da1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"48984da5-6c09-4c75-86d5-b9c1791d120d\",\"includeInFitToBounds\":true,\"label\":\"Clicks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"35e48033-3f9a-4228-98be-980fff6c70a1\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.14}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Clicks on URL by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 180, - "minLat": -66.51326, - "minLon": -180 - }, - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 1.14 - }, - "openTOCDetails": [] + { + "id": "logs-*", + "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "b4c89de9-9f07-4261-8fd5-554b89dbb714", - "w": 48, - "x": 0, - "y": 45 + { + "id": "logs-*", + "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "b4c89de9-9f07-4261-8fd5-554b89dbb714", - "type": "map", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4c89de9-9f07-4261-8fd5-554b89dbb714:layer_1_source_index_pattern", + "type": "index-pattern" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Permitted Clicks", - "version": 1 - }, - "references": [ - { - "id": "proofpoint_tap-717803c0-b130-11ec-8e58-3fc548a48fe4", - "name": "7fe02808-920c-4356-a052-d449b2e57ed5:panel_7fe02808-920c-4356-a052-d449b2e57ed5", - "type": "search" - }, - { - "id": "logs-*", - "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2d93f439-bff8-4e48-b469-fca11e18ba81:indexpattern-datasource-layer-4ff0e011-970a-4b60-9158-962f4e89fbbe", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "05a16b7a-9e32-4398-b547-b44ba5dd1572:indexpattern-datasource-layer-1c93261b-da1f-4d85-aaaf-3457bdcc6ff4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "771e46d7-ce5c-4c0d-81b2-841e283abf2c:indexpattern-datasource-layer-c4191f86-9c54-4a06-a3dd-842b3ef7c241", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "08dc3a8e-380f-4998-b83f-2791b6b8a4a5:indexpattern-datasource-layer-062ab937-584b-4266-b89a-e0965350fd15", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "85ab74a3-eb94-47f2-9592-6654f540d9d5:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bae14c77-2488-49e8-87e1-f60be58b1ad9:indexpattern-datasource-layer-4080ef48-91f4-4339-a059-fa6a9d0fcce8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b4c89de9-9f07-4261-8fd5-554b89dbb714:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json index bc952416472..3ca1374264e 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9.json @@ -1,1454 +1,1449 @@ { - "id": "proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:32:30.064Z", - "version": "WzYyNCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "e5247373-1ae6-403b-89b5-93281d642883", - "w": 48, - "x": 0, - "y": 111 - }, - "panelIndex": "e5247373-1ae6-403b-89b5-93281d642883", - "panelRefName": "panel_e5247373-1ae6-403b-89b5-93281d642883", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "66e9770d-b676-49a0-b502-b3cf64aae59d": { - "columnOrder": [ - "7afa9eab-9e68-42c1-a5f8-7891197560e2" - ], - "columns": { - "7afa9eab-9e68-42c1-a5f8-7891197560e2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Messages", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", - "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", - "layerType": "data" - } - }, - "title": "Count of Messages [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 15, - "i": "2cfc095d-92da-4512-bf45-21f3a7508129", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "2cfc095d-92da-4512-bf45-21f3a7508129", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e7630b81-f809-4d49-b269-1788bdbdf649": { - "columnOrder": [ - "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "ba6e6c21-db26-4ce1-9608-ebc8562ee460" - ], - "columns": { - "8a033b2f-c808-4ae0-b593-862e401fd4d0": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "e5247373-1ae6-403b-89b5-93281d642883", + "w": 48, + "x": 0, + "y": 111 + }, + "panelIndex": "e5247373-1ae6-403b-89b5-93281d642883", + "panelRefName": "panel_e5247373-1ae6-403b-89b5-93281d642883", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "66e9770d-b676-49a0-b502-b3cf64aae59d": { + "columnOrder": [ + "7afa9eab-9e68-42c1-a5f8-7891197560e2" + ], + "columns": { + "7afa9eab-9e68-42c1-a5f8-7891197560e2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Messages", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", + "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", + "layerType": "data" + } }, - "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "isTransposed": false - }, - { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "isTransposed": false - } - ], - "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", - "layerType": "data" - } + "title": "Count of Messages [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2cfc095d-92da-4512-bf45-21f3a7508129", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2cfc095d-92da-4512-bf45-21f3a7508129", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Sender IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efdb9e8c-8541-401c-acc6-767c1a637db4", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "efdb9e8c-8541-401c-acc6-767c1a637db4", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "402e61cc-9dba-466f-9269-27b48dd2e4a1": { - "columnOrder": [ - "d1076744-9ca0-4908-a16f-ef349e2cd32a", - "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241" - ], - "columns": { - "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d1076744-9ca0-4908-a16f-ef349e2cd32a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Disposition", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.message_parts.disposition" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d1076744-9ca0-4908-a16f-ef349e2cd32a" - ], - "layerId": "402e61cc-9dba-466f-9269-27b48dd2e4a1", - "layerType": "data", - "legendDisplay": "default", - "metric": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Blocked Messages by Disposition [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "637266a0-908f-40ee-aa10-55569e7cbd29", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "637266a0-908f-40ee-aa10-55569e7cbd29", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a0987be1-b682-412e-8d46-a4ad00e985c1": { - "columnOrder": [ - "74697bb2-b72f-4b6e-b651-06f50ef31467", - "87ce1993-56c0-4458-9cb1-ae12af5a629a" - ], - "columns": { - "74697bb2-b72f-4b6e-b651-06f50ef31467": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rewritten URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "87ce1993-56c0-4458-9cb1-ae12af5a629a", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e7630b81-f809-4d49-b269-1788bdbdf649": { + "columnOrder": [ + "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "ba6e6c21-db26-4ce1-9608-ebc8562ee460" + ], + "columns": { + "8a033b2f-c808-4ae0-b593-862e401fd4d0": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.completely_rewritten" + "visualization": { + "columns": [ + { + "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "isTransposed": false + }, + { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "isTransposed": false + } + ], + "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", + "layerType": "data" + } }, - "87ce1993-56c0-4458-9cb1-ae12af5a629a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "74697bb2-b72f-4b6e-b651-06f50ef31467" - ], - "layerId": "a0987be1-b682-412e-8d46-a4ad00e985c1", - "layerType": "data", - "legendDisplay": "default", - "metric": "87ce1993-56c0-4458-9cb1-ae12af5a629a", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Sender IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efdb9e8c-8541-401c-acc6-767c1a637db4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "efdb9e8c-8541-401c-acc6-767c1a637db4", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Blocked Messages by Rewritten URL [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3e565fd9-f29d-41b5-a084-7393d29028d9", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "3e565fd9-f29d-41b5-a084-7393d29028d9", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "402e61cc-9dba-466f-9269-27b48dd2e4a1": { + "columnOrder": [ + "d1076744-9ca0-4908-a16f-ef349e2cd32a", + "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241" + ], + "columns": { + "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "d1076744-9ca0-4908-a16f-ef349e2cd32a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Disposition", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.message_parts.disposition" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d1076744-9ca0-4908-a16f-ef349e2cd32a" + ], + "layerId": "402e61cc-9dba-466f-9269-27b48dd2e4a1", + "layerType": "data", + "legendDisplay": "default", + "metric": "9b3ba2ba-191d-4e9b-bf2c-ebaf2c43e241", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "title": "Distribution of Blocked Messages by Disposition [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "637266a0-908f-40ee-aa10-55569e7cbd29", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "637266a0-908f-40ee-aa10-55569e7cbd29", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e327fec5-d799-4b3f-acfc-32c1ecaac682": { - "columnOrder": [ - "f096fb9b-5208-4f47-b5a5-0ad3de754fda", - "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8" - ], - "columns": { - "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f096fb9b-5208-4f47-b5a5-0ad3de754fda": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.threat_info_map.classification" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "f096fb9b-5208-4f47-b5a5-0ad3de754fda" - ], - "layerId": "e327fec5-d799-4b3f-acfc-32c1ecaac682", - "layerType": "data", - "legendDisplay": "default", - "metric": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Blocked Messages by Threat Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a3d367ee-91bb-421d-b6fc-27daabd46a54", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "a3d367ee-91bb-421d-b6fc-27daabd46a54", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f2e404cb-ffef-4218-a7d7-20a1972f7fe5": { - "columnOrder": [ - "86527e47-1073-45bd-8f35-657f4d277b62", - "f40e0576-52c6-4c09-8b8e-446699fed30e" - ], - "columns": { - "86527e47-1073-45bd-8f35-657f4d277b62": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f40e0576-52c6-4c09-8b8e-446699fed30e", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a0987be1-b682-412e-8d46-a4ad00e985c1": { + "columnOrder": [ + "74697bb2-b72f-4b6e-b651-06f50ef31467", + "87ce1993-56c0-4458-9cb1-ae12af5a629a" + ], + "columns": { + "74697bb2-b72f-4b6e-b651-06f50ef31467": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rewritten URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "87ce1993-56c0-4458-9cb1-ae12af5a629a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.completely_rewritten" + }, + "87ce1993-56c0-4458-9cb1-ae12af5a629a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.status" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "74697bb2-b72f-4b6e-b651-06f50ef31467" + ], + "layerId": "a0987be1-b682-412e-8d46-a4ad00e985c1", + "layerType": "data", + "legendDisplay": "default", + "metric": "87ce1993-56c0-4458-9cb1-ae12af5a629a", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "f40e0576-52c6-4c09-8b8e-446699fed30e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "86527e47-1073-45bd-8f35-657f4d277b62" - ], - "layerId": "f2e404cb-ffef-4218-a7d7-20a1972f7fe5", - "layerType": "data", - "legendDisplay": "default", - "metric": "f40e0576-52c6-4c09-8b8e-446699fed30e", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Blocked Messages by Rewritten URL [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3e565fd9-f29d-41b5-a084-7393d29028d9", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "3e565fd9-f29d-41b5-a084-7393d29028d9", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Blocked Messages by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3a258b28-29d4-4719-a65e-db1153b954fc", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "3a258b28-29d4-4719-a65e-db1153b954fc", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "01c9ddee-f668-4ee5-8bb6-98e74d2e1439": { - "columnOrder": [ - "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d", - "47666138-8fdd-4735-9a26-d5586276afe9" - ], - "columns": { - "47666138-8fdd-4735-9a26-d5586276afe9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Sandbox Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "47666138-8fdd-4735-9a26-d5586276afe9", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.message_parts.sandbox_status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d" - ], - "layerId": "01c9ddee-f668-4ee5-8bb6-98e74d2e1439", - "layerType": "data", - "legendDisplay": "default", - "metric": "47666138-8fdd-4735-9a26-d5586276afe9", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Blocked Messages by Sandbox Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "850608eb-ca33-452f-a129-c4719224c52f", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "850608eb-ca33-452f-a129-c4719224c52f", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691": { - "columnOrder": [ - "73dab922-14a4-4c5c-a297-9873a91dad59", - "b12333e5-b88d-4a3e-96bb-467efc2745b5" - ], - "columns": { - "73dab922-14a4-4c5c-a297-9873a91dad59": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b12333e5-b88d-4a3e-96bb-467efc2745b5", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + }, + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.type" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - "b12333e5-b88d-4a3e-96bb-467efc2745b5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "73dab922-14a4-4c5c-a297-9873a91dad59" - ], - "layerId": "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", - "layerType": "data", - "legendDisplay": "default", - "metric": "b12333e5-b88d-4a3e-96bb-467efc2745b5", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "2371e369-c82c-4443-bbf5-9d2b119fb9e9", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Blocked Messages by Threat Type [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c9517aa1-8122-434d-b93d-719030617688", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "c9517aa1-8122-434d-b93d-719030617688", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { - "columnOrder": [ - "4507c7f7-7878-40d4-905f-50360a596573", - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "columns": { - "4507c7f7-7878-40d4-905f-50360a596573": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Email Mailer", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.x_mailer" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e327fec5-d799-4b3f-acfc-32c1ecaac682": { + "columnOrder": [ + "f096fb9b-5208-4f47-b5a5-0ad3de754fda", + "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8" + ], + "columns": { + "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "f096fb9b-5208-4f47-b5a5-0ad3de754fda": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.threat_info_map.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f096fb9b-5208-4f47-b5a5-0ad3de754fda" + ], + "layerId": "e327fec5-d799-4b3f-acfc-32c1ecaac682", + "layerType": "data", + "legendDisplay": "default", + "metric": "8b4a490d-a36c-4a6a-86b0-7dea7d28c2c8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Distribution of Blocked Messages by Threat Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "a3d367ee-91bb-421d-b6fc-27daabd46a54", + "w": 24, + "x": 24, + "y": 30 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "a3d367ee-91bb-421d-b6fc-27daabd46a54", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f2e404cb-ffef-4218-a7d7-20a1972f7fe5": { + "columnOrder": [ + "86527e47-1073-45bd-8f35-657f4d277b62", + "f40e0576-52c6-4c09-8b8e-446699fed30e" + ], + "columns": { + "86527e47-1073-45bd-8f35-657f4d277b62": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f40e0576-52c6-4c09-8b8e-446699fed30e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.status" + }, + "f40e0576-52c6-4c09-8b8e-446699fed30e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "86527e47-1073-45bd-8f35-657f4d277b62" + ], + "layerId": "f2e404cb-ffef-4218-a7d7-20a1972f7fe5", + "layerType": "data", + "legendDisplay": "default", + "metric": "f40e0576-52c6-4c09-8b8e-446699fed30e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Blocked Messages by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "layers": [ - { - "accessors": [ - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "3a258b28-29d4-4719-a65e-db1153b954fc", + "w": 24, + "x": 0, + "y": 45 }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "3a258b28-29d4-4719-a65e-db1153b954fc", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "01c9ddee-f668-4ee5-8bb6-98e74d2e1439": { + "columnOrder": [ + "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d", + "47666138-8fdd-4735-9a26-d5586276afe9" + ], + "columns": { + "47666138-8fdd-4735-9a26-d5586276afe9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sandbox Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "47666138-8fdd-4735-9a26-d5586276afe9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.message_parts.sandbox_status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7d6f8989-f0ce-4a9c-b24e-42c9ad42431d" + ], + "layerId": "01c9ddee-f668-4ee5-8bb6-98e74d2e1439", + "layerType": "data", + "legendDisplay": "default", + "metric": "47666138-8fdd-4735-9a26-d5586276afe9", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Blocked Messages by Sandbox Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "850608eb-ca33-452f-a129-c4719224c52f", + "w": 24, + "x": 24, + "y": 45 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "850608eb-ca33-452f-a129-c4719224c52f", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6b458dd4-988b-44d1-bd30-1bfadd99712b", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "6b458dd4-988b-44d1-bd30-1bfadd99712b", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8bc257b1-f278-4281-b618-12892df43c90": { - "columnOrder": [ - "bd52eba0-e079-4b31-b053-d6d8e519b21d", - "a9cf6093-c996-4557-8819-3d2b273e62b0" - ], - "columns": { - "a9cf6093-c996-4557-8819-3d2b273e62b0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "bd52eba0-e079-4b31-b053-d6d8e519b21d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Quarantine Folder", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a9cf6093-c996-4557-8819-3d2b273e62b0", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.quarantine.folder" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "a9cf6093-c996-4557-8819-3d2b273e62b0" - ], - "layerId": "8bc257b1-f278-4281-b618-12892df43c90", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "bd52eba0-e079-4b31-b053-d6d8e519b21d" - } - ], - "legend": { - "isVisible": true, - "position": "right" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691": { + "columnOrder": [ + "73dab922-14a4-4c5c-a297-9873a91dad59", + "b12333e5-b88d-4a3e-96bb-467efc2745b5" + ], + "columns": { + "73dab922-14a4-4c5c-a297-9873a91dad59": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b12333e5-b88d-4a3e-96bb-467efc2745b5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.threat_info_map.threat.type" + }, + "b12333e5-b88d-4a3e-96bb-467efc2745b5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "73dab922-14a4-4c5c-a297-9873a91dad59" + ], + "layerId": "b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", + "layerType": "data", + "legendDisplay": "default", + "metric": "b12333e5-b88d-4a3e-96bb-467efc2745b5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Blocked Messages by Threat Type [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "preferredSeriesType": "bar", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "c9517aa1-8122-434d-b93d-719030617688", + "w": 24, + "x": 0, + "y": 60 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "c9517aa1-8122-434d-b93d-719030617688", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Blocked Messages by Quarantine Folder [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "91bf4cc9-d875-476b-afa9-353e6a6115d2", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "91bf4cc9-d875-476b-afa9-353e6a6115d2", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4b31f83f-2fc1-4509-8a5b-0c80eea8c627": { - "columnOrder": [ - "aec564b0-2091-4304-8a29-d839f9aec0aa", - "efe56213-9c9c-4215-91cd-907114802d3a" - ], - "columns": { - "aec564b0-2091-4304-8a29-d839f9aec0aa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Quarantine Rule", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "efe56213-9c9c-4215-91cd-907114802d3a", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { + "columnOrder": [ + "4507c7f7-7878-40d4-905f-50360a596573", + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "columns": { + "4507c7f7-7878-40d4-905f-50360a596573": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Email Mailer", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.x_mailer" + }, + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_blocked.quarantine.rule" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "efe56213-9c9c-4215-91cd-907114802d3a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "6b458dd4-988b-44d1-bd30-1bfadd99712b", + "w": 24, + "x": 24, + "y": 60 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "6b458dd4-988b-44d1-bd30-1bfadd99712b", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8bc257b1-f278-4281-b618-12892df43c90": { + "columnOrder": [ + "bd52eba0-e079-4b31-b053-d6d8e519b21d", + "a9cf6093-c996-4557-8819-3d2b273e62b0" + ], + "columns": { + "a9cf6093-c996-4557-8819-3d2b273e62b0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "bd52eba0-e079-4b31-b053-d6d8e519b21d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Quarantine Folder", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a9cf6093-c996-4557-8819-3d2b273e62b0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.quarantine.folder" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "a9cf6093-c996-4557-8819-3d2b273e62b0" + ], + "layerId": "8bc257b1-f278-4281-b618-12892df43c90", + "layerType": "data", + "position": "top", + "seriesType": "bar", + "showGridlines": false, + "xAccessor": "bd52eba0-e079-4b31-b053-d6d8e519b21d" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Blocked Messages by Quarantine Folder [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "layers": [ - { - "accessors": [ - "efe56213-9c9c-4215-91cd-907114802d3a" - ], - "layerId": "4b31f83f-2fc1-4509-8a5b-0c80eea8c627", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "aec564b0-2091-4304-8a29-d839f9aec0aa" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "91bf4cc9-d875-476b-afa9-353e6a6115d2", + "w": 24, + "x": 0, + "y": 75 }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "91bf4cc9-d875-476b-afa9-353e6a6115d2", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4b31f83f-2fc1-4509-8a5b-0c80eea8c627": { + "columnOrder": [ + "aec564b0-2091-4304-8a29-d839f9aec0aa", + "efe56213-9c9c-4215-91cd-907114802d3a" + ], + "columns": { + "aec564b0-2091-4304-8a29-d839f9aec0aa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Quarantine Rule", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "efe56213-9c9c-4215-91cd-907114802d3a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_blocked.quarantine.rule" + }, + "efe56213-9c9c-4215-91cd-907114802d3a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_blocked\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "efe56213-9c9c-4215-91cd-907114802d3a" + ], + "layerId": "4b31f83f-2fc1-4509-8a5b-0c80eea8c627", + "layerType": "data", + "position": "top", + "seriesType": "bar", + "showGridlines": false, + "xAccessor": "aec564b0-2091-4304-8a29-d839f9aec0aa" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Blocked Messages by Quarantine Rule [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", + "w": 24, + "x": 24, + "y": 75 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Blocked Messages by Quarantine Rule [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Sender of Messages by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 89.78601, + "maxLon": 720, + "minLat": -89.78601, + "minLon": -540 + }, + "mapCenter": { + "lat": 0, + "lon": 96.98463, + "zoom": 0.12 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 21, + "i": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", + "w": 48, + "x": 0, + "y": 90 + }, + "panelIndex": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", + "type": "map", + "version": "7.17.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Blocked Messages", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "proofpoint_tap-9899aae0-b5ad-11ec-a9d0-e94ed15a14b9", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", + "name": "e5247373-1ae6-403b-89b5-93281d642883:panel_e5247373-1ae6-403b-89b5-93281d642883", + "type": "search" + }, + { + "id": "logs-*", + "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", - "w": 24, - "x": 24, - "y": 75 + { + "id": "logs-*", + "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Sender of Messages by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 89.78601, - "maxLon": 720, - "minLat": -89.78601, - "minLon": -540 - }, - "mapCenter": { - "lat": 0, - "lon": 96.98463, - "zoom": 0.12 - }, - "openTOCDetails": [] + { + "id": "logs-*", + "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", - "w": 48, - "x": 0, - "y": 90 + { + "id": "logs-*", + "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e", - "type": "map", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e:layer_1_source_index_pattern", + "type": "index-pattern" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Blocked Messages", - "version": 1 - }, - "references": [ - { - "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", - "name": "e5247373-1ae6-403b-89b5-93281d642883:panel_e5247373-1ae6-403b-89b5-93281d642883", - "type": "search" - }, - { - "id": "logs-*", - "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2cfc095d-92da-4512-bf45-21f3a7508129:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "efdb9e8c-8541-401c-acc6-767c1a637db4:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "637266a0-908f-40ee-aa10-55569e7cbd29:indexpattern-datasource-layer-402e61cc-9dba-466f-9269-27b48dd2e4a1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3e565fd9-f29d-41b5-a084-7393d29028d9:indexpattern-datasource-layer-a0987be1-b682-412e-8d46-a4ad00e985c1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2371e369-c82c-4443-bbf5-9d2b119fb9e9:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3d367ee-91bb-421d-b6fc-27daabd46a54:indexpattern-datasource-layer-e327fec5-d799-4b3f-acfc-32c1ecaac682", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3a258b28-29d4-4719-a65e-db1153b954fc:indexpattern-datasource-layer-f2e404cb-ffef-4218-a7d7-20a1972f7fe5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "850608eb-ca33-452f-a129-c4719224c52f:indexpattern-datasource-layer-01c9ddee-f668-4ee5-8bb6-98e74d2e1439", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c9517aa1-8122-434d-b93d-719030617688:indexpattern-datasource-layer-b71a1c6d-1b9f-4b5f-ad26-7de6a5601691", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6b458dd4-988b-44d1-bd30-1bfadd99712b:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "91bf4cc9-d875-476b-afa9-353e6a6115d2:indexpattern-datasource-layer-8bc257b1-f278-4281-b618-12892df43c90", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f8ff2974-b1e9-4a81-a5af-8f5d6d13abce:indexpattern-datasource-layer-4b31f83f-2fc1-4509-8a5b-0c80eea8c627", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d40b322b-8b5a-4614-9a7f-f6bf33ba8e7e:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json index f51169be7fb..f0de223b92a 100644 --- a/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json +++ b/packages/proofpoint_tap/kibana/dashboard/proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9.json @@ -1,1194 +1,1189 @@ { - "id": "proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:32:30.064Z", - "version": "WzYyNSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 21, - "i": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "w": 48, - "x": 0, - "y": 96 - }, - "panelIndex": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "panelRefName": "panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "66e9770d-b676-49a0-b502-b3cf64aae59d": { - "columnOrder": [ - "7afa9eab-9e68-42c1-a5f8-7891197560e2" - ], - "columns": { - "7afa9eab-9e68-42c1-a5f8-7891197560e2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Messages", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", - "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", - "layerType": "data" - } - }, - "title": "Count of Messages [Logs Proofpoint TAP]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 15, - "i": "057e2ef6-0316-4896-ab34-8aafca79b009", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "057e2ef6-0316-4896-ab34-8aafca79b009", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e7630b81-f809-4d49-b269-1788bdbdf649": { - "columnOrder": [ - "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "ba6e6c21-db26-4ce1-9608-ebc8562ee460" - ], - "columns": { - "8a033b2f-c808-4ae0-b593-862e401fd4d0": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "w": 48, + "x": 0, + "y": 96 + }, + "panelIndex": "a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "panelRefName": "panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "66e9770d-b676-49a0-b502-b3cf64aae59d": { + "columnOrder": [ + "7afa9eab-9e68-42c1-a5f8-7891197560e2" + ], + "columns": { + "7afa9eab-9e68-42c1-a5f8-7891197560e2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Messages", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "7afa9eab-9e68-42c1-a5f8-7891197560e2", + "layerId": "66e9770d-b676-49a0-b502-b3cf64aae59d", + "layerType": "data" + } }, - "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", - "isTransposed": false - }, - { - "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", - "isTransposed": false - } - ], - "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", - "layerType": "data" - } + "title": "Count of Messages [Logs Proofpoint TAP]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "057e2ef6-0316-4896-ab34-8aafca79b009", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "057e2ef6-0316-4896-ab34-8aafca79b009", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Sender IP [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "410012cf-d8df-4277-ac28-305ea82a09a3": { - "columnOrder": [ - "05e673b3-ec58-44eb-ad0b-c88a43e44a8a", - "68cf8e68-186a-40c7-a199-0463ca8741d8" - ], - "columns": { - "05e673b3-ec58-44eb-ad0b-c88a43e44a8a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rewritten URL", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "68cf8e68-186a-40c7-a199-0463ca8741d8", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.completely_rewritten" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e7630b81-f809-4d49-b269-1788bdbdf649": { + "columnOrder": [ + "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "ba6e6c21-db26-4ce1-9608-ebc8562ee460" + ], + "columns": { + "8a033b2f-c808-4ae0-b593-862e401fd4d0": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "ba6e6c21-db26-4ce1-9608-ebc8562ee460": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "8a033b2f-c808-4ae0-b593-862e401fd4d0", + "isTransposed": false + }, + { + "columnId": "ba6e6c21-db26-4ce1-9608-ebc8562ee460", + "isTransposed": false + } + ], + "layerId": "e7630b81-f809-4d49-b269-1788bdbdf649", + "layerType": "data" + } }, - "68cf8e68-186a-40c7-a199-0463ca8741d8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "05e673b3-ec58-44eb-ad0b-c88a43e44a8a" - ], - "layerId": "410012cf-d8df-4277-ac28-305ea82a09a3", - "layerType": "data", - "legendDisplay": "default", - "metric": "68cf8e68-186a-40c7-a199-0463ca8741d8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Sender IP [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Delivered Messages by Rewritten URL [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006": { - "columnOrder": [ - "02195bc5-0e17-4c5d-bf4c-5bcf165cd993", - "22bcb44a-ba59-4c78-a069-277e45c5d6ef" - ], - "columns": { - "02195bc5-0e17-4c5d-bf4c-5bcf165cd993": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Disposition", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "410012cf-d8df-4277-ac28-305ea82a09a3": { + "columnOrder": [ + "05e673b3-ec58-44eb-ad0b-c88a43e44a8a", + "68cf8e68-186a-40c7-a199-0463ca8741d8" + ], + "columns": { + "05e673b3-ec58-44eb-ad0b-c88a43e44a8a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rewritten URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "68cf8e68-186a-40c7-a199-0463ca8741d8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.completely_rewritten" + }, + "68cf8e68-186a-40c7-a199-0463ca8741d8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.message_parts.disposition" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "05e673b3-ec58-44eb-ad0b-c88a43e44a8a" + ], + "layerId": "410012cf-d8df-4277-ac28-305ea82a09a3", + "layerType": "data", + "legendDisplay": "default", + "metric": "68cf8e68-186a-40c7-a199-0463ca8741d8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "22bcb44a-ba59-4c78-a069-277e45c5d6ef": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "02195bc5-0e17-4c5d-bf4c-5bcf165cd993" - ], - "layerId": "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", - "layerType": "data", - "legendDisplay": "default", - "metric": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Delivered Messages by Rewritten URL [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "f5b71bf4-d93b-4383-aee3-0fba04633f7e", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Delivered Messages by Disposition [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { - "columnOrder": [ - "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" - ], - "columns": { - "394062e2-3219-4ff0-b930-7dceb79cb5cd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006": { + "columnOrder": [ + "02195bc5-0e17-4c5d-bf4c-5bcf165cd993", + "22bcb44a-ba59-4c78-a069-277e45c5d6ef" + ], + "columns": { + "02195bc5-0e17-4c5d-bf4c-5bcf165cd993": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Disposition", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.message_parts.disposition" + }, + "22bcb44a-ba59-4c78-a069-277e45c5d6ef": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "02195bc5-0e17-4c5d-bf4c-5bcf165cd993" + ], + "layerId": "b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", + "layerType": "data", + "legendDisplay": "default", + "metric": "22bcb44a-ba59-4c78-a069-277e45c5d6ef", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", - "isTransposed": false - }, - { - "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", - "isTransposed": false - } - ], - "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "layerType": "data" - } + "title": "Distribution of Delivered Messages by Disposition [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Recipient [Logs Proofpoint TAP]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3dc5d286-d7b8-4a47-bd70-7699375f31de", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "3dc5d286-d7b8-4a47-bd70-7699375f31de", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5b8645f9-f56a-44ea-b567-dad4d9da2824": { - "columnOrder": [ - "bc4689d4-0411-44f9-add5-ffa0705584dc", - "612fda22-416a-4171-8854-f9cb30a4ae05" - ], - "columns": { - "612fda22-416a-4171-8854-f9cb30a4ae05": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "bc4689d4-0411-44f9-add5-ffa0705584dc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Classification", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "612fda22-416a-4171-8854-f9cb30a4ae05", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.threat_info_map.classification" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "bc4689d4-0411-44f9-add5-ffa0705584dc" - ], - "layerId": "5b8645f9-f56a-44ea-b567-dad4d9da2824", - "layerType": "data", - "legendDisplay": "default", - "metric": "612fda22-416a-4171-8854-f9cb30a4ae05", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Delivered Messages by Threat Classification [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "080a6554-cbad-4aa0-b8a6-d82de9dab805", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "080a6554-cbad-4aa0-b8a6-d82de9dab805", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17b04f1e-6124-4c6c-9464-e29a98d97bcf": { - "columnOrder": [ - "20a072f6-3895-45a1-a585-875852453a05", - "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0" - ], - "columns": { - "20a072f6-3895-45a1-a585-875852453a05": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec2f7bac-2077-4709-9d52-3ae3c0a582de": { + "columnOrder": [ + "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f" + ], + "columns": { + "394062e2-3219-4ff0-b930-7dceb79cb5cd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + }, + "8c5a8f23-a89c-459e-8fdb-07844dc1c19f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.status" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "394062e2-3219-4ff0-b930-7dceb79cb5cd", + "isTransposed": false + }, + { + "columnId": "8c5a8f23-a89c-459e-8fdb-07844dc1c19f", + "isTransposed": false + } + ], + "layerId": "ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "layerType": "data" + } }, - "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "20a072f6-3895-45a1-a585-875852453a05" - ], - "layerId": "17b04f1e-6124-4c6c-9464-e29a98d97bcf", - "layerType": "data", - "legendDisplay": "default", - "metric": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Recipient [Logs Proofpoint TAP]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3dc5d286-d7b8-4a47-bd70-7699375f31de", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "3dc5d286-d7b8-4a47-bd70-7699375f31de", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Delivered Messages by Threat Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "590e841c-2ef7-4ace-b981-4bb9d3160054": { - "columnOrder": [ - "7066eb8e-8f19-4826-adbb-7550c8ea2636", - "1bc5c276-8229-422d-bb16-a63859e6f34c" - ], - "columns": { - "1bc5c276-8229-422d-bb16-a63859e6f34c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7066eb8e-8f19-4826-adbb-7550c8ea2636": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Sandbox Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1bc5c276-8229-422d-bb16-a63859e6f34c", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.message_parts.sandbox_status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7066eb8e-8f19-4826-adbb-7550c8ea2636" - ], - "layerId": "590e841c-2ef7-4ace-b981-4bb9d3160054", - "layerType": "data", - "legendDisplay": "default", - "metric": "1bc5c276-8229-422d-bb16-a63859e6f34c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Delivered Messages by Sandbox Status [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c1acfbb3-c3ca-436d-b54e-47f288677136", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "c1acfbb3-c3ca-436d-b54e-47f288677136", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ecc13edd-9962-402c-b12e-180cccc46f08": { - "columnOrder": [ - "21d701b1-4d50-4480-94e0-bfd2616489f5", - "0bc203c5-ff36-4db6-ad1a-441828203815" - ], - "columns": { - "0bc203c5-ff36-4db6-ad1a-441828203815": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5b8645f9-f56a-44ea-b567-dad4d9da2824": { + "columnOrder": [ + "bc4689d4-0411-44f9-add5-ffa0705584dc", + "612fda22-416a-4171-8854-f9cb30a4ae05" + ], + "columns": { + "612fda22-416a-4171-8854-f9cb30a4ae05": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "bc4689d4-0411-44f9-add5-ffa0705584dc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Classification", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "612fda22-416a-4171-8854-f9cb30a4ae05", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.threat_info_map.classification" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "bc4689d4-0411-44f9-add5-ffa0705584dc" + ], + "layerId": "5b8645f9-f56a-44ea-b567-dad4d9da2824", + "layerType": "data", + "legendDisplay": "default", + "metric": "612fda22-416a-4171-8854-f9cb30a4ae05", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "21d701b1-4d50-4480-94e0-bfd2616489f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threat Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0bc203c5-ff36-4db6-ad1a-441828203815", - "type": "column" + "title": "Distribution of Delivered Messages by Threat Classification [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "080a6554-cbad-4aa0-b8a6-d82de9dab805", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "080a6554-cbad-4aa0-b8a6-d82de9dab805", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "21d701b1-4d50-4480-94e0-bfd2616489f5" - ], - "layerId": "ecc13edd-9962-402c-b12e-180cccc46f08", - "layerType": "data", - "legendDisplay": "default", - "metric": "0bc203c5-ff36-4db6-ad1a-441828203815", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17b04f1e-6124-4c6c-9464-e29a98d97bcf": { + "columnOrder": [ + "20a072f6-3895-45a1-a585-875852453a05", + "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0" + ], + "columns": { + "20a072f6-3895-45a1-a585-875852453a05": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.status" + }, + "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "20a072f6-3895-45a1-a585-875852453a05" + ], + "layerId": "17b04f1e-6124-4c6c-9464-e29a98d97bcf", + "layerType": "data", + "legendDisplay": "default", + "metric": "a4ba65e4-6bb1-401e-9a55-f90e5f5a32f0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Delivered Messages by Threat Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "ec9ba9eb-371c-430a-afc5-f6edf039bd91", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Delivered Messages by Threat Type [Logs Proofpoint TAP]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f1256b4b-8872-4d25-82cd-5a7004108d91", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "f1256b4b-8872-4d25-82cd-5a7004108d91", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { - "columnOrder": [ - "4507c7f7-7878-40d4-905f-50360a596573", - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "columns": { - "4507c7f7-7878-40d4-905f-50360a596573": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Email Mailer", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "590e841c-2ef7-4ace-b981-4bb9d3160054": { + "columnOrder": [ + "7066eb8e-8f19-4826-adbb-7550c8ea2636", + "1bc5c276-8229-422d-bb16-a63859e6f34c" + ], + "columns": { + "1bc5c276-8229-422d-bb16-a63859e6f34c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "7066eb8e-8f19-4826-adbb-7550c8ea2636": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sandbox Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1bc5c276-8229-422d-bb16-a63859e6f34c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.message_parts.sandbox_status" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.x_mailer" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7066eb8e-8f19-4826-adbb-7550c8ea2636" + ], + "layerId": "590e841c-2ef7-4ace-b981-4bb9d3160054", + "layerType": "data", + "legendDisplay": "default", + "metric": "1bc5c276-8229-422d-bb16-a63859e6f34c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Distribution of Delivered Messages by Sandbox Status [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "c1acfbb3-c3ca-436d-b54e-47f288677136", + "w": 24, + "x": 24, + "y": 45 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "c1acfbb3-c3ca-436d-b54e-47f288677136", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ecc13edd-9962-402c-b12e-180cccc46f08": { + "columnOrder": [ + "21d701b1-4d50-4480-94e0-bfd2616489f5", + "0bc203c5-ff36-4db6-ad1a-441828203815" + ], + "columns": { + "0bc203c5-ff36-4db6-ad1a-441828203815": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "21d701b1-4d50-4480-94e0-bfd2616489f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0bc203c5-ff36-4db6-ad1a-441828203815", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "proofpoint_tap.message_delivered.threat_info_map.threat.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"proofpoint_tap.message_delivered\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "21d701b1-4d50-4480-94e0-bfd2616489f5" + ], + "layerId": "ecc13edd-9962-402c-b12e-180cccc46f08", + "layerType": "data", + "legendDisplay": "default", + "metric": "0bc203c5-ff36-4db6-ad1a-441828203815", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Delivered Messages by Threat Type [Logs Proofpoint TAP]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "layers": [ - { - "accessors": [ - "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" - ], - "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "layerType": "data", - "seriesType": "bar", - "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "f1256b4b-8872-4d25-82cd-5a7004108d91", + "w": 24, + "x": 0, + "y": 60 }, - "preferredSeriesType": "bar", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "f1256b4b-8872-4d25-82cd-5a7004108d91", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "657c0ea2-d756-4c8e-8638-4a2cf8a00bad": { + "columnOrder": [ + "4507c7f7-7878-40d4-905f-50360a596573", + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "columns": { + "4507c7f7-7878-40d4-905f-50360a596573": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Email Mailer", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.x_mailer" + }, + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "d7959ce0-0861-4dd4-bdb3-42d8578ebd2f" + ], + "layerId": "657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "layerType": "data", + "seriesType": "bar", + "xAccessor": "4507c7f7-7878-40d4-905f-50360a596573" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "f721f663-e2fd-44c9-88bc-639bff7bc700", + "w": 24, + "x": 24, + "y": 60 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "f721f663-e2fd-44c9-88bc-639bff7bc700", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Messages by Email X_Mailer [Logs Proofpoint TAP]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Sender of Messages by Region [Logs Proofpoint TAP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 180, + "minLat": -66.51326, + "minLon": 0 + }, + "mapCenter": { + "lat": 33.09876, + "lon": 73.8871, + "zoom": 1.91 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 21, + "i": "de4c11a4-6831-4ad4-92b6-7dc434430690", + "w": 48, + "x": 0, + "y": 75 + }, + "panelIndex": "de4c11a4-6831-4ad4-92b6-7dc434430690", + "type": "map", + "version": "7.17.0" + } + ], + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs Proofpoint TAP] Delivered Messages", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "proofpoint_tap-ee5bc100-b5c8-11ec-a9d0-e94ed15a14b9", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", + "name": "a0cc1e4c-3327-478b-94ec-519ebf9582ab:panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", + "type": "search" + }, + { + "id": "logs-*", + "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "f721f663-e2fd-44c9-88bc-639bff7bc700", - "w": 24, - "x": 24, - "y": 60 + { + "id": "logs-*", + "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", + "type": "index-pattern" }, - "panelIndex": "f721f663-e2fd-44c9-88bc-639bff7bc700", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"c6a42104-e390-4c56-8ef8-5bd774773e72\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"f8e2c82c-56b8-425d-a79d-ab24baf35f89\",\"includeInFitToBounds\":true,\"label\":\"Sender\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"ce99667c-f3a0-4d3c-b0d0-6e6ba88f1a9e\",\"metrics\":[{\"label\":\"Count\",\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternId\":\"logs-*\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":33.09876,\"lon\":73.8871},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"zoom\":1.91}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Sender of Messages by Region [Logs Proofpoint TAP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 180, - "minLat": -66.51326, - "minLon": 0 - }, - "mapCenter": { - "lat": 33.09876, - "lon": 73.8871, - "zoom": 1.91 - }, - "openTOCDetails": [] + { + "id": "logs-*", + "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 21, - "i": "de4c11a4-6831-4ad4-92b6-7dc434430690", - "w": 48, - "x": 0, - "y": 75 + { + "id": "logs-*", + "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", + "type": "index-pattern" }, - "panelIndex": "de4c11a4-6831-4ad4-92b6-7dc434430690", - "type": "map", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "de4c11a4-6831-4ad4-92b6-7dc434430690:layer_1_source_index_pattern", + "type": "index-pattern" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs Proofpoint TAP] Delivered Messages", - "version": 1 - }, - "references": [ - { - "id": "proofpoint_tap-00dd5660-af9b-11ec-bf43-c372803d141d", - "name": "a0cc1e4c-3327-478b-94ec-519ebf9582ab:panel_a0cc1e4c-3327-478b-94ec-519ebf9582ab", - "type": "search" - }, - { - "id": "logs-*", - "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "057e2ef6-0316-4896-ab34-8aafca79b009:indexpattern-datasource-layer-66e9770d-b676-49a0-b502-b3cf64aae59d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e54a8fb5-eee6-409a-8065-91a4e7b3ac4f:indexpattern-datasource-layer-e7630b81-f809-4d49-b269-1788bdbdf649", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f5b71bf4-d93b-4383-aee3-0fba04633f7e:indexpattern-datasource-layer-410012cf-d8df-4277-ac28-305ea82a09a3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ddaa2940-7c3a-4d0c-8fad-a87d3d92725a:indexpattern-datasource-layer-b0d8b2b8-81ef-4c98-bad2-20e10a9d4006", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dc5d286-d7b8-4a47-bd70-7699375f31de:indexpattern-datasource-layer-ec2f7bac-2077-4709-9d52-3ae3c0a582de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "080a6554-cbad-4aa0-b8a6-d82de9dab805:indexpattern-datasource-layer-5b8645f9-f56a-44ea-b567-dad4d9da2824", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ec9ba9eb-371c-430a-afc5-f6edf039bd91:indexpattern-datasource-layer-17b04f1e-6124-4c6c-9464-e29a98d97bcf", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1acfbb3-c3ca-436d-b54e-47f288677136:indexpattern-datasource-layer-590e841c-2ef7-4ace-b981-4bb9d3160054", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f1256b4b-8872-4d25-82cd-5a7004108d91:indexpattern-datasource-layer-ecc13edd-9962-402c-b12e-180cccc46f08", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f721f663-e2fd-44c9-88bc-639bff7bc700:indexpattern-datasource-layer-657c0ea2-d756-4c8e-8638-4a2cf8a00bad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "de4c11a4-6831-4ad4-92b6-7dc434430690:layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file From f99c71ece1c9ce1412e73300b024fefbef1ceead Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:24:50 +0530 Subject: [PATCH 060/103] Revert "all inlined sentinel_one" This reverts commit 58a64cd576915c74d3160e3e1db7a7f449ef0d79. --- ...-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json | 4835 ++++++++--------- ...-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json | 1075 ++-- ...-67844880-bbb5-11ec-82b7-8fcb232e9538.json | 3987 +++++++------- ...-899f2630-bb27-11ec-82b7-8fcb232e9538.json | 1571 +++--- ...-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json | 1965 ++++--- 5 files changed, 6704 insertions(+), 6729 deletions(-) diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json index 04f77ec0946..a7ccecb9d97 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538.json @@ -1,2488 +1,2483 @@ { - "id": "sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:45:08.565Z", - "version": "WzYyMiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "58329672-9ca4-4454-9d78-c619ef956a6a": { - "columnOrder": [ - "d8990d07-439a-4335-9646-8fbcab6e268d" - ], - "columns": { - "d8990d07-439a-4335-9646-8fbcab6e268d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "d8990d07-439a-4335-9646-8fbcab6e268d", - "layerId": "58329672-9ca4-4454-9d78-c619ef956a6a", - "layerType": "data" - } - }, - "title": "Total Number of Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 6, - "i": "ac59079e-c791-449b-aeeb-d47504921dff", - "w": 12, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "ac59079e-c791-449b-aeeb-d47504921dff", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "01d7bdc3-638b-4d23-9ae6-d24678743470": { - "columnOrder": [ - "831e34ee-b0d6-44b1-81b7-2bfee2a628ab" - ], - "columns": { - "831e34ee-b0d6-44b1-81b7-2bfee2a628ab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": false, - "params": { - "query": "resolved" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "58329672-9ca4-4454-9d78-c619ef956a6a": { + "columnOrder": [ + "d8990d07-439a-4335-9646-8fbcab6e268d" + ], + "columns": { + "d8990d07-439a-4335-9646-8fbcab6e268d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "d8990d07-439a-4335-9646-8fbcab6e268d", + "layerId": "58329672-9ca4-4454-9d78-c619ef956a6a", + "layerType": "data" + } + }, + "title": "Total Number of Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "831e34ee-b0d6-44b1-81b7-2bfee2a628ab", - "layerId": "01d7bdc3-638b-4d23-9ae6-d24678743470", - "layerType": "data" - } + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "ac59079e-c791-449b-aeeb-d47504921dff", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "ac59079e-c791-449b-aeeb-d47504921dff", + "type": "lens", + "version": "7.17.0" }, - "title": "Total Resolved Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "1684da14-7484-42a6-91d6-b9659883e20d", - "w": 12, - "x": 12, - "y": 0 - }, - "panelIndex": "1684da14-7484-42a6-91d6-b9659883e20d", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849": { - "columnOrder": [ - "f3d83b7a-fc35-4c85-83f8-b41e12baddf6" - ], - "columns": { - "f3d83b7a-fc35-4c85-83f8-b41e12baddf6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": false, - "params": { - "query": "unresolved" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "01d7bdc3-638b-4d23-9ae6-d24678743470": { + "columnOrder": [ + "831e34ee-b0d6-44b1-81b7-2bfee2a628ab" + ], + "columns": { + "831e34ee-b0d6-44b1-81b7-2bfee2a628ab": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": false, + "params": { + "query": "resolved" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "831e34ee-b0d6-44b1-81b7-2bfee2a628ab", + "layerId": "01d7bdc3-638b-4d23-9ae6-d24678743470", + "layerType": "data" + } + }, + "title": "Total Resolved Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "unresolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "f3d83b7a-fc35-4c85-83f8-b41e12baddf6", - "layerId": "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", - "layerType": "data" - } + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "1684da14-7484-42a6-91d6-b9659883e20d", + "w": 12, + "x": 12, + "y": 0 + }, + "panelIndex": "1684da14-7484-42a6-91d6-b9659883e20d", + "type": "lens", + "version": "7.17.0" }, - "title": "Unresolved Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "030f8164-5e7d-4fb6-a779-d0537748a819", - "w": 12, - "x": 24, - "y": 0 - }, - "panelIndex": "030f8164-5e7d-4fb6-a779-d0537748a819", - "title": "Total Unresolved Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6f8f021f-aef7-458f-a0bb-445bd78741db": { - "columnOrder": [ - "1ede434b-a316-4e79-85b6-ffbfc41f379a" - ], - "columns": { - "1ede434b-a316-4e79-85b6-ffbfc41f379a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": false, - "params": { - "query": "resolved" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849": { + "columnOrder": [ + "f3d83b7a-fc35-4c85-83f8-b41e12baddf6" + ], + "columns": { + "f3d83b7a-fc35-4c85-83f8-b41e12baddf6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": false, + "params": { + "query": "unresolved" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "unresolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "f3d83b7a-fc35-4c85-83f8-b41e12baddf6", + "layerId": "8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", + "layerType": "data" + } + }, + "title": "Unresolved Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 6, + "i": "030f8164-5e7d-4fb6-a779-d0537748a819", + "w": 12, + "x": 24, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "sentinel_one.threat.mitigation.status", - "negate": false, - "params": { - "query": "active" + "panelIndex": "030f8164-5e7d-4fb6-a779-d0537748a819", + "title": "Total Unresolved Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6f8f021f-aef7-458f-a0bb-445bd78741db": { + "columnOrder": [ + "1ede434b-a316-4e79-85b6-ffbfc41f379a" + ], + "columns": { + "1ede434b-a316-4e79-85b6-ffbfc41f379a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": false, + "params": { + "query": "resolved" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "sentinel_one.threat.mitigation.status", + "negate": false, + "params": { + "query": "active" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.mitigation.status": "active" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "1ede434b-a316-4e79-85b6-ffbfc41f379a", + "layerId": "6f8f021f-aef7-458f-a0bb-445bd78741db", + "layerType": "data" + } + }, + "title": "Active Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.mitigation.status": "active" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "1ede434b-a316-4e79-85b6-ffbfc41f379a", - "layerId": "6f8f021f-aef7-458f-a0bb-445bd78741db", - "layerType": "data" - } + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 6, + "i": "075409b1-9d74-4399-8348-3101a2d22392", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "075409b1-9d74-4399-8348-3101a2d22392", + "title": "Active Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Active Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "075409b1-9d74-4399-8348-3101a2d22392", - "w": 12, - "x": 36, - "y": 0 - }, - "panelIndex": "075409b1-9d74-4399-8348-3101a2d22392", - "title": "Active Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "31be526e-c389-4f6d-93e8-27f1b7dcd0d0": { - "columnOrder": [ - "8ae53844-358d-4472-9d64-d7c2708fc29c" - ], - "columns": { - "8ae53844-358d-4472-9d64-d7c2708fc29c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "31be526e-c389-4f6d-93e8-27f1b7dcd0d0": { + "columnOrder": [ + "8ae53844-358d-4472-9d64-d7c2708fc29c" + ], + "columns": { + "8ae53844-358d-4472-9d64-d7c2708fc29c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "sentinel_one.threat.mitigation.status", + "negate": false, + "params": { + "query": "blocked" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.mitigation.status": "blocked" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "8ae53844-358d-4472-9d64-d7c2708fc29c", + "layerId": "31be526e-c389-4f6d-93e8-27f1b7dcd0d0", + "layerType": "data" + } + }, + "title": "Blocked Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } + "enhancements": {}, + "hidePanelTitles": false }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "sentinel_one.threat.mitigation.status", - "negate": false, - "params": { - "query": "blocked" + "gridData": { + "h": 8, + "i": "3ff8c08e-3a29-488c-b481-9b51accaae95", + "w": 16, + "x": 0, + "y": 6 + }, + "panelIndex": "3ff8c08e-3a29-488c-b481-9b51accaae95", + "title": "Total Blocked Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1c27890e-f153-4984-8c2f-6004a3779f71": { + "columnOrder": [ + "eb8375d7-8836-43bb-840a-88c8c2f11b43" + ], + "columns": { + "eb8375d7-8836-43bb-840a-88c8c2f11b43": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.mitigation.status", + "negate": false, + "params": { + "query": "mitigated" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.mitigation.status": "mitigated" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "eb8375d7-8836-43bb-840a-88c8c2f11b43", + "layerId": "1c27890e-f153-4984-8c2f-6004a3779f71", + "layerType": "data" + } + }, + "title": "Mitigated Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.mitigation.status": "blocked" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "8ae53844-358d-4472-9d64-d7c2708fc29c", - "layerId": "31be526e-c389-4f6d-93e8-27f1b7dcd0d0", - "layerType": "data" - } + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 8, + "i": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", + "w": 16, + "x": 16, + "y": 6 + }, + "panelIndex": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", + "title": "Total Mitigated Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Blocked Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "3ff8c08e-3a29-488c-b481-9b51accaae95", - "w": 16, - "x": 0, - "y": 6 - }, - "panelIndex": "3ff8c08e-3a29-488c-b481-9b51accaae95", - "title": "Total Blocked Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1c27890e-f153-4984-8c2f-6004a3779f71": { - "columnOrder": [ - "eb8375d7-8836-43bb-840a-88c8c2f11b43" - ], - "columns": { - "eb8375d7-8836-43bb-840a-88c8c2f11b43": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.mitigation.status", - "negate": false, - "params": { - "query": "mitigated" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "98a05273-ef46-4b59-8caa-86b7de9c9724": { + "columnOrder": [ + "9295a43b-ccd0-4d23-abf8-73586af8dac7" + ], + "columns": { + "9295a43b-ccd0-4d23-abf8-73586af8dac7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "sentinel_one.threat.mitigation.status : \"suspicious\" and data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "accessor": "9295a43b-ccd0-4d23-abf8-73586af8dac7", + "layerId": "98a05273-ef46-4b59-8caa-86b7de9c9724", + "layerType": "data" + } + }, + "title": "Detected - Suspicious Threats [Logs SentinelOne]", + "visualizationType": "lnsMetric" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.mitigation.status": "mitigated" - } - } + "enhancements": {}, + "hidePanelTitles": false }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" + "gridData": { + "h": 8, + "i": "14069c35-b940-4540-82f8-1ef2bb73dfe1", + "w": 16, + "x": 32, + "y": 6 + }, + "panelIndex": "14069c35-b940-4540-82f8-1ef2bb73dfe1", + "title": "Total Detected - Suspicious Threats [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9d8d04b8-42e9-488a-9c18-39f38153e46a": { + "columnOrder": [ + "3629412b-4ee6-4169-92d4-d5d8ebb7ab62", + "324989fb-f85e-4bbc-b7f9-b85472d54928" + ], + "columns": { + "324989fb-f85e-4bbc-b7f9-b85472d54928": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + }, + "3629412b-4ee6-4169-92d4-d5d8ebb7ab62": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Prevalent Threats", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "324989fb-f85e-4bbc-b7f9-b85472d54928", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.incident.status", + "negate": true, + "params": { + "query": "resolved" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "sentinel_one.threat.incident.status": "resolved" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "324989fb-f85e-4bbc-b7f9-b85472d54928" + ], + "layerId": "9d8d04b8-42e9-488a-9c18-39f38153e46a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "3629412b-4ee6-4169-92d4-d5d8ebb7ab62" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Most Prevalent Threats [Logs SentinelOne]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "eb8375d7-8836-43bb-840a-88c8c2f11b43", - "layerId": "1c27890e-f153-4984-8c2f-6004a3779f71", - "layerType": "data" - } + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "213a2279-8bb5-491b-b0f0-d5a7a2473670", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "213a2279-8bb5-491b-b0f0-d5a7a2473670", + "type": "lens", + "version": "7.17.0" }, - "title": "Mitigated Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", - "w": 16, - "x": 16, - "y": 6 - }, - "panelIndex": "d2411b38-52ad-47c2-b364-f1f42b7cd26a", - "title": "Total Mitigated Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "98a05273-ef46-4b59-8caa-86b7de9c9724": { - "columnOrder": [ - "9295a43b-ccd0-4d23-abf8-73586af8dac7" - ], - "columns": { - "9295a43b-ccd0-4d23-abf8-73586af8dac7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec6bf891-aedf-4b92-af42-54c04e749174": { + "columnOrder": [ + "7dc311c6-df3f-40ca-88e5-3925010191be", + "9934d429-8319-435c-8c72-57a56541dfcb" + ], + "columns": { + "7dc311c6-df3f-40ca-88e5-3925010191be": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Engine Detections", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9934d429-8319-435c-8c72-57a56541dfcb", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.detection.engines.title" + }, + "9934d429-8319-435c-8c72-57a56541dfcb": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7dc311c6-df3f-40ca-88e5-3925010191be" + ], + "layerId": "ec6bf891-aedf-4b92-af42-54c04e749174", + "layerType": "data", + "legendDisplay": "default", + "metric": "9934d429-8319-435c-8c72-57a56541dfcb", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Detections by Engine [Logs SentinelOne]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "sentinel_one.threat.mitigation.status : \"suspicious\" and data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "accessor": "9295a43b-ccd0-4d23-abf8-73586af8dac7", - "layerId": "98a05273-ef46-4b59-8caa-86b7de9c9724", - "layerType": "data" - } + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "14523f88-ccbb-45bc-9758-7263315630cb", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "14523f88-ccbb-45bc-9758-7263315630cb", + "type": "lens", + "version": "7.17.0" }, - "title": "Detected - Suspicious Threats [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "14069c35-b940-4540-82f8-1ef2bb73dfe1", - "w": 16, - "x": 32, - "y": 6 - }, - "panelIndex": "14069c35-b940-4540-82f8-1ef2bb73dfe1", - "title": "Total Detected - Suspicious Threats [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9d8d04b8-42e9-488a-9c18-39f38153e46a": { - "columnOrder": [ - "3629412b-4ee6-4169-92d4-d5d8ebb7ab62", - "324989fb-f85e-4bbc-b7f9-b85472d54928" - ], - "columns": { - "324989fb-f85e-4bbc-b7f9-b85472d54928": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f83c655e-003c-4cc5-a2e3-789acb23b691": { + "columnOrder": [ + "d427f2bd-912c-476e-85a7-3110216b3b8d", + "7fead18f-d40b-4539-ace7-5328e84140d2" + ], + "columns": { + "7fead18f-d40b-4539-ace7-5328e84140d2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + }, + "d427f2bd-912c-476e-85a7-3110216b3b8d": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.is_active : true " + }, + "label": "Active Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.is_active : false " + }, + "label": "Inactive Agents" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.agent.is_active", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.threat.agent.is_active" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d427f2bd-912c-476e-85a7-3110216b3b8d" + ], + "layerId": "f83c655e-003c-4cc5-a2e3-789acb23b691", + "layerType": "data", + "legendDisplay": "default", + "metric": "7fead18f-d40b-4539-ace7-5328e84140d2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "3629412b-4ee6-4169-92d4-d5d8ebb7ab62": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Prevalent Threats", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "324989fb-f85e-4bbc-b7f9-b85472d54928", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.incident.status", - "negate": true, - "params": { - "query": "resolved" + "title": "Distribution of Threats by Agent Status [Logs SentinelOne]", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "sentinel_one.threat.incident.status": "resolved" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "324989fb-f85e-4bbc-b7f9-b85472d54928" - ], - "layerId": "9d8d04b8-42e9-488a-9c18-39f38153e46a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "3629412b-4ee6-4169-92d4-d5d8ebb7ab62" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", + "w": 24, + "x": 0, + "y": 29 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", + "type": "lens", + "version": "7.17.0" }, - "title": "Most Prevalent Threats [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "213a2279-8bb5-491b-b0f0-d5a7a2473670", - "w": 24, - "x": 24, - "y": 14 - }, - "panelIndex": "213a2279-8bb5-491b-b0f0-d5a7a2473670", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ec6bf891-aedf-4b92-af42-54c04e749174": { - "columnOrder": [ - "7dc311c6-df3f-40ca-88e5-3925010191be", - "9934d429-8319-435c-8c72-57a56541dfcb" - ], - "columns": { - "7dc311c6-df3f-40ca-88e5-3925010191be": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Engine Detections", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9934d429-8319-435c-8c72-57a56541dfcb", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.detection.engines.title" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6f4336e8-7451-476e-89a5-fe65d93be571": { + "columnOrder": [ + "59424e47-b686-440e-b754-51a079ad1417", + "7c71fee2-7e8b-48d2-8344-767b3e76f207" + ], + "columns": { + "59424e47-b686-440e-b754-51a079ad1417": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7c71fee2-7e8b-48d2-8344-767b3e76f207", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.mitigation_status.action" + }, + "7c71fee2-7e8b-48d2-8344-767b3e76f207": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "59424e47-b686-440e-b754-51a079ad1417" + ], + "layerId": "6f4336e8-7451-476e-89a5-fe65d93be571", + "layerType": "data", + "legendDisplay": "default", + "metric": "7c71fee2-7e8b-48d2-8344-767b3e76f207", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "9934d429-8319-435c-8c72-57a56541dfcb": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7dc311c6-df3f-40ca-88e5-3925010191be" - ], - "layerId": "ec6bf891-aedf-4b92-af42-54c04e749174", - "layerType": "data", - "legendDisplay": "default", - "metric": "9934d429-8319-435c-8c72-57a56541dfcb", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Threats by Mitigation Status Action [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Detections by Engine [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "14523f88-ccbb-45bc-9758-7263315630cb", - "w": 24, - "x": 0, - "y": 14 - }, - "panelIndex": "14523f88-ccbb-45bc-9758-7263315630cb", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f83c655e-003c-4cc5-a2e3-789acb23b691": { - "columnOrder": [ - "d427f2bd-912c-476e-85a7-3110216b3b8d", - "7fead18f-d40b-4539-ace7-5328e84140d2" - ], - "columns": { - "7fead18f-d40b-4539-ace7-5328e84140d2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd": { + "columnOrder": [ + "039a2941-5111-4bf1-a02a-af4a8fe09609", + "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43" + ], + "columns": { + "039a2941-5111-4bf1-a02a-af4a8fe09609": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mitigation Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.mitigation_status.status" + }, + "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "039a2941-5111-4bf1-a02a-af4a8fe09609" + ], + "layerId": "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", + "layerType": "data", + "legendDisplay": "default", + "metric": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "d427f2bd-912c-476e-85a7-3110216b3b8d": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.is_active : true " + "title": "Distribution of Threats by Mitigation Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "accf3797-c215-44a4-829d-c9ff30758f7b", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "accf3797-c215-44a4-829d-c9ff30758f7b", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a64559b1-90c9-4859-9d5f-2585172bcda4": { + "columnOrder": [ + "e8b50532-e3ed-47d7-a0d4-7aaced47afa3", + "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" + ], + "columns": { + "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + }, + "e8b50532-e3ed-47d7-a0d4-7aaced47afa3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mitigation Mode", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.agent.mitigation_mode" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" + ], + "layerId": "a64559b1-90c9-4859-9d5f-2585172bcda4", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "e8b50532-e3ed-47d7-a0d4-7aaced47afa3" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "label": "Active Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.is_active : false " + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "label": "Inactive Agents" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.agent.is_active", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.threat.agent.is_active" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d427f2bd-912c-476e-85a7-3110216b3b8d" - ], - "layerId": "f83c655e-003c-4cc5-a2e3-789acb23b691", - "layerType": "data", - "legendDisplay": "default", - "metric": "7fead18f-d40b-4539-ace7-5328e84140d2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Threats by Agent Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", - "w": 24, - "x": 0, - "y": 29 - }, - "panelIndex": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6f4336e8-7451-476e-89a5-fe65d93be571": { - "columnOrder": [ - "59424e47-b686-440e-b754-51a079ad1417", - "7c71fee2-7e8b-48d2-8344-767b3e76f207" - ], - "columns": { - "59424e47-b686-440e-b754-51a079ad1417": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7c71fee2-7e8b-48d2-8344-767b3e76f207", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.mitigation_status.action" + "yRightExtent": { + "mode": "full" + } + } }, - "7c71fee2-7e8b-48d2-8344-767b3e76f207": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "59424e47-b686-440e-b754-51a079ad1417" - ], - "layerId": "6f4336e8-7451-476e-89a5-fe65d93be571", - "layerType": "data", - "legendDisplay": "default", - "metric": "7c71fee2-7e8b-48d2-8344-767b3e76f207", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Threats by Agent Mitigation Mode [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "301b13f1-59c8-40e0-80f8-ecc1892b938d", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "301b13f1-59c8-40e0-80f8-ecc1892b938d", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Threats by Mitigation Status Action [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", - "w": 24, - "x": 24, - "y": 29 - }, - "panelIndex": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd": { - "columnOrder": [ - "039a2941-5111-4bf1-a02a-af4a8fe09609", - "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43" - ], - "columns": { - "039a2941-5111-4bf1-a02a-af4a8fe09609": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mitigation Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.mitigation_status.status" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "da28cab9-5d08-4b0b-bbd6-2cf9952051b2": { + "columnOrder": [ + "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb", + "ae868bf2-36dc-418c-a6fc-43718e58cd78" + ], + "columns": { + "ae868bf2-36dc-418c-a6fc-43718e58cd78": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + }, + "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Confidence Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae868bf2-36dc-418c-a6fc-43718e58cd78", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.confidence_level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "ae868bf2-36dc-418c-a6fc-43718e58cd78" + ], + "layerId": "da28cab9-5d08-4b0b-bbd6-2cf9952051b2", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "039a2941-5111-4bf1-a02a-af4a8fe09609" - ], - "layerId": "c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", - "layerType": "data", - "legendDisplay": "default", - "metric": "86f6d3c9-4b8b-4d98-afae-df8ba9fd0e43", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Threats by Confidence Level [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "b8f90700-ca73-40c7-9257-8612aa86cc9f", + "w": 24, + "x": 0, + "y": 59 + }, + "panelIndex": "b8f90700-ca73-40c7-9257-8612aa86cc9f", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Threats by Mitigation Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "accf3797-c215-44a4-829d-c9ff30758f7b", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "accf3797-c215-44a4-829d-c9ff30758f7b", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a64559b1-90c9-4859-9d5f-2585172bcda4": { - "columnOrder": [ - "e8b50532-e3ed-47d7-a0d4-7aaced47afa3", - "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" - ], - "columns": { - "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c": { + "columnOrder": [ + "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f", + "7c555542-d2ad-4e9f-9779-305d5be0422a" + ], + "columns": { + "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Extension", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7c555542-d2ad-4e9f-9779-305d5be0422a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.file.extension.type" + }, + "7c555542-d2ad-4e9f-9779-305d5be0422a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "7c555542-d2ad-4e9f-9779-305d5be0422a" + ], + "layerId": "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "e8b50532-e3ed-47d7-a0d4-7aaced47afa3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mitigation Mode", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.agent.mitigation_mode" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "ad08fd36-cbe4-4baa-ac1d-9454a3fd297b" - ], - "layerId": "a64559b1-90c9-4859-9d5f-2585172bcda4", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "e8b50532-e3ed-47d7-a0d4-7aaced47afa3" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Distribution of Threats by File Extension Type [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", + "w": 24, + "x": 24, + "y": 59 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Threats by Agent Mitigation Mode [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "301b13f1-59c8-40e0-80f8-ecc1892b938d", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "301b13f1-59c8-40e0-80f8-ecc1892b938d", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "da28cab9-5d08-4b0b-bbd6-2cf9952051b2": { - "columnOrder": [ - "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb", - "ae868bf2-36dc-418c-a6fc-43718e58cd78" - ], - "columns": { - "ae868bf2-36dc-418c-a6fc-43718e58cd78": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3f121a5b-0179-4329-a945-a3d23d83172f": { + "columnOrder": [ + "d0e857c2-8d8d-4177-9667-36bacc56c5a1", + "cf378f6b-a6f6-4df2-933c-95224587ebf8" + ], + "columns": { + "cf378f6b-a6f6-4df2-933c-95224587ebf8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + }, + "d0e857c2-8d8d-4177-9667-36bacc56c5a1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Extension", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "threat.indicator.file.extension" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "columns": [ + { + "columnId": "d0e857c2-8d8d-4177-9667-36bacc56c5a1", + "isTransposed": false + }, + { + "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", + "isTransposed": false + } + ], + "layerId": "3f121a5b-0179-4329-a945-a3d23d83172f", + "layerType": "data" + } }, - "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Confidence Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae868bf2-36dc-418c-a6fc-43718e58cd78", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.confidence_level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "ae868bf2-36dc-418c-a6fc-43718e58cd78" - ], - "layerId": "da28cab9-5d08-4b0b-bbd6-2cf9952051b2", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "eb417ca9-4ef4-4280-8fd0-a8f7ca8261eb" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Top 10 File Extension [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "ed9a7061-e640-41f3-a838-3772f86e4be4", + "w": 24, + "x": 0, + "y": 74 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "ed9a7061-e640-41f3-a838-3772f86e4be4", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Threats by Confidence Level [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b8f90700-ca73-40c7-9257-8612aa86cc9f", - "w": 24, - "x": 0, - "y": 59 - }, - "panelIndex": "b8f90700-ca73-40c7-9257-8612aa86cc9f", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c": { - "columnOrder": [ - "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f", - "7c555542-d2ad-4e9f-9779-305d5be0422a" - ], - "columns": { - "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Extension", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7c555542-d2ad-4e9f-9779-305d5be0422a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.file.extension.type" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8": { + "columnOrder": [ + "33d893f0-097c-42d5-bf31-4460415368d4", + "d71d067f-c96c-4701-8f64-700b42388d59" + ], + "columns": { + "33d893f0-097c-42d5-bf31-4460415368d4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Incident Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d71d067f-c96c-4701-8f64-700b42388d59", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.incident.status" + }, + "d71d067f-c96c-4701-8f64-700b42388d59": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "d71d067f-c96c-4701-8f64-700b42388d59" + ], + "layerId": "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "33d893f0-097c-42d5-bf31-4460415368d4" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "7c555542-d2ad-4e9f-9779-305d5be0422a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "7c555542-d2ad-4e9f-9779-305d5be0422a" - ], - "layerId": "87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "4aa33c2e-9de0-4eb8-96d2-2e2c4da4c70f" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", + "w": 24, + "x": 24, + "y": 74 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", + "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Threats by File Extension Type [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", - "w": 24, - "x": 24, - "y": 59 - }, - "panelIndex": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3f121a5b-0179-4329-a945-a3d23d83172f": { - "columnOrder": [ - "d0e857c2-8d8d-4177-9667-36bacc56c5a1", - "cf378f6b-a6f6-4df2-933c-95224587ebf8" - ], - "columns": { - "cf378f6b-a6f6-4df2-933c-95224587ebf8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count", + "field": "sentinel_one.threat.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Technique Name", + "field": "threat.technique.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + } + } }, - "d0e857c2-8d8d-4177-9667-36bacc56c5a1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Extension", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "threat.indicator.file.extension" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "columns": [ - { - "columnId": "d0e857c2-8d8d-4177-9667-36bacc56c5a1", - "isTransposed": false - }, - { - "columnId": "cf378f6b-a6f6-4df2-933c-95224587ebf8", - "isTransposed": false - } - ], - "layerId": "3f121a5b-0179-4329-a945-a3d23d83172f", - "layerType": "data" - } - }, - "title": "Top 10 File Extension [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ed9a7061-e640-41f3-a838-3772f86e4be4", - "w": 24, - "x": 0, - "y": 74 - }, - "panelIndex": "ed9a7061-e640-41f3-a838-3772f86e4be4", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8": { - "columnOrder": [ - "33d893f0-097c-42d5-bf31-4460415368d4", - "d71d067f-c96c-4701-8f64-700b42388d59" - ], - "columns": { - "33d893f0-097c-42d5-bf31-4460415368d4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Incident Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d71d067f-c96c-4701-8f64-700b42388d59", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.incident.status" + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "default", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - "d71d067f-c96c-4701-8f64-700b42388d59": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} + "title": "Top 10 Threat Techniques [Logs SentinelOne]", + "type": "tagcloud", + "uiState": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "d71d067f-c96c-4701-8f64-700b42388d59" - ], - "layerId": "8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "33d893f0-097c-42d5-bf31-4460415368d4" - } - ], - "legend": { - "isVisible": true, - "position": "right" }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "6d788430-6b2b-4e7c-9468-36b0aebf8468", + "w": 24, + "x": 0, + "y": 89 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "6d788430-6b2b-4e7c-9468-36b0aebf8468", + "type": "visualization", + "version": "7.17.0" }, - "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", - "w": 24, - "x": 24, - "y": 74 - }, - "panelIndex": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4", - "title": "Distribution of Threats by Incident Status [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count", - "field": "sentinel_one.threat.id" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "71ff1569-960a-408c-8e00-df6b68186912": { + "columnOrder": [ + "9a221d90-b37c-4947-899a-a8806d7d25f1", + "d24c6b72-358d-4f01-ade3-cf9c228946e0" + ], + "columns": { + "9a221d90-b37c-4947-899a-a8806d7d25f1": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.infected : true " + }, + "label": "Infected Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.threat.agent.infected : false " + }, + "label": "Non-Infected Agents" + } + ] + }, + "scale": "ordinal" + }, + "d24c6b72-358d-4f01-ade3-cf9c228946e0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.threat.agent.infected", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.threat.agent.infected" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9a221d90-b37c-4947-899a-a8806d7d25f1" + ], + "layerId": "71ff1569-960a-408c-8e00-df6b68186912", + "layerType": "data", + "legendDisplay": "default", + "metric": "d24c6b72-358d-4f01-ade3-cf9c228946e0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Technique Name", - "field": "threat.technique.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - } - } + "gridData": { + "h": 15, + "i": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", + "w": 24, + "x": 24, + "y": 89 + }, + "panelIndex": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", + "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "default", - "type": "palette" - }, - "scale": "linear", - "showLabel": true + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9fe7a9cc-3417-4166-bdfc-5cdb85599981": { + "columnOrder": [ + "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", + "99d2033b-2144-4e21-ad23-a170fcac9408" + ], + "columns": { + "99d2033b-2144-4e21-ad23-a170fcac9408": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "sentinel_one.threat.id" + }, + "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Detection Engine", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.threat.detection.engines.title" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + }, + "visualization": { + "columns": [ + { + "columnId": "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", + "isTransposed": false + }, + { + "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", + "isTransposed": false + } + ], + "layerId": "9fe7a9cc-3417-4166-bdfc-5cdb85599981", + "layerType": "data" + } + }, + "title": "Distribution of Threats by Detection Engine [Logs SentinelOne] ", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", + "w": 24, + "x": 0, + "y": 104 + }, + "panelIndex": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Threat Techniques [Logs SentinelOne]", - "type": "tagcloud", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "6d788430-6b2b-4e7c-9468-36b0aebf8468", - "w": 24, - "x": 0, - "y": 89 - }, - "panelIndex": "6d788430-6b2b-4e7c-9468-36b0aebf8468", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "71ff1569-960a-408c-8e00-df6b68186912": { - "columnOrder": [ - "9a221d90-b37c-4947-899a-a8806d7d25f1", - "d24c6b72-358d-4f01-ade3-cf9c228946e0" - ], - "columns": { - "9a221d90-b37c-4947-899a-a8806d7d25f1": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.infected : true " - }, - "label": "Infected Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.threat.agent.infected : false " + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count", + "field": "sentinel_one.threat.id" + }, + "schema": "metric", + "type": "cardinality" }, - "label": "Non-Infected Agents" - } - ] - }, - "scale": "ordinal" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threat Classification", + "field": "sentinel_one.threat.classification", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.threat\"" + } + } }, - "d24c6b72-358d-4f01-ade3-cf9c228946e0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.threat.agent.infected", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.threat.agent.infected" + "description": "", + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "default", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "title": "Top Threats by Classification [Logs SentinelOne]", + "type": "tagcloud", + "uiState": {} } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "9a221d90-b37c-4947-899a-a8806d7d25f1" - ], - "layerId": "71ff1569-960a-408c-8e00-df6b68186912", - "layerType": "data", - "legendDisplay": "default", - "metric": "d24c6b72-358d-4f01-ade3-cf9c228946e0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "55d0b7da-986b-4e98-b476-f3768233dc8f", + "w": 24, + "x": 24, + "y": 104 + }, + "panelIndex": "55d0b7da-986b-4e98-b476-f3768233dc8f", + "type": "visualization", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs SentinelOne] Threats", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "sentinel_one-0dd17490-bbb8-11ec-82b7-8fcb232e9538", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", - "w": 24, - "x": 24, - "y": 89 + { + "id": "logs-*", + "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", + "type": "index-pattern" }, - "panelIndex": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3", - "title": "Distribution of Threats by Infected Agents [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9fe7a9cc-3417-4166-bdfc-5cdb85599981": { - "columnOrder": [ - "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", - "99d2033b-2144-4e21-ad23-a170fcac9408" - ], - "columns": { - "99d2033b-2144-4e21-ad23-a170fcac9408": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "sentinel_one.threat.id" - }, - "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Detection Engine", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.threat.detection.engines.title" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - }, - "visualization": { - "columns": [ - { - "columnId": "d0c8d1eb-750e-4d24-b6c3-245ca5bf9daa", - "isTransposed": false - }, - { - "columnId": "99d2033b-2144-4e21-ad23-a170fcac9408", - "isTransposed": false - } - ], - "layerId": "9fe7a9cc-3417-4166-bdfc-5cdb85599981", - "layerType": "data" - } - }, - "title": "Distribution of Threats by Detection Engine [Logs SentinelOne] ", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} + { + "id": "logs-*", + "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", - "w": 24, - "x": 0, - "y": 104 + { + "id": "logs-*", + "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", + "type": "index-pattern" }, - "panelIndex": "6080a8f0-54d7-4fae-884f-f34dbed69ea8", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count", - "field": "sentinel_one.threat.id" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Classification", - "field": "sentinel_one.threat.classification", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.threat\"" - } - } - }, - "description": "", - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "default", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "Top Threats by Classification [Logs SentinelOne]", - "type": "tagcloud", - "uiState": {} - } + { + "id": "logs-*", + "name": "1684da14-7484-42a6-91d6-b9659883e20d:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "030f8164-5e7d-4fb6-a779-d0537748a819:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-0", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "55d0b7da-986b-4e98-b476-f3768233dc8f", - "w": 24, - "x": 24, - "y": 104 + { + "id": "logs-*", + "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-1", + "type": "index-pattern" }, - "panelIndex": "55d0b7da-986b-4e98-b476-f3768233dc8f", - "type": "visualization", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6d788430-6b2b-4e7c-9468-36b0aebf8468:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55d0b7da-986b-4e98-b476-f3768233dc8f:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs SentinelOne] Threats", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ac59079e-c791-449b-aeeb-d47504921dff:indexpattern-datasource-layer-58329672-9ca4-4454-9d78-c619ef956a6a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1684da14-7484-42a6-91d6-b9659883e20d:indexpattern-datasource-layer-01d7bdc3-638b-4d23-9ae6-d24678743470", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1684da14-7484-42a6-91d6-b9659883e20d:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "030f8164-5e7d-4fb6-a779-d0537748a819:indexpattern-datasource-layer-8a4ab761-ffa9-4e3d-bd66-9cf0b7ee9849", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "030f8164-5e7d-4fb6-a779-d0537748a819:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:indexpattern-datasource-layer-6f8f021f-aef7-458f-a0bb-445bd78741db", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "075409b1-9d74-4399-8348-3101a2d22392:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:indexpattern-datasource-layer-31be526e-c389-4f6d-93e8-27f1b7dcd0d0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3ff8c08e-3a29-488c-b481-9b51accaae95:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:indexpattern-datasource-layer-1c27890e-f153-4984-8c2f-6004a3779f71", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d2411b38-52ad-47c2-b364-f1f42b7cd26a:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:indexpattern-datasource-layer-98a05273-ef46-4b59-8caa-86b7de9c9724", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14069c35-b940-4540-82f8-1ef2bb73dfe1:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:indexpattern-datasource-layer-9d8d04b8-42e9-488a-9c18-39f38153e46a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "213a2279-8bb5-491b-b0f0-d5a7a2473670:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14523f88-ccbb-45bc-9758-7263315630cb:indexpattern-datasource-layer-ec6bf891-aedf-4b92-af42-54c04e749174", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:indexpattern-datasource-layer-f83c655e-003c-4cc5-a2e3-789acb23b691", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dc9ba6b7-0c35-4333-99ad-653d57c20fd7:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0ae44b6f-3e90-4fce-96a0-a0bdf069ab0e:indexpattern-datasource-layer-6f4336e8-7451-476e-89a5-fe65d93be571", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "accf3797-c215-44a4-829d-c9ff30758f7b:indexpattern-datasource-layer-c5e5c6f0-5d4d-48f4-9ad4-727d5f1c0ebd", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "301b13f1-59c8-40e0-80f8-ecc1892b938d:indexpattern-datasource-layer-a64559b1-90c9-4859-9d5f-2585172bcda4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b8f90700-ca73-40c7-9257-8612aa86cc9f:indexpattern-datasource-layer-da28cab9-5d08-4b0b-bbd6-2cf9952051b2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9bdf752f-f767-44a4-bf05-51e0a27b7bbf:indexpattern-datasource-layer-87c51fc8-6c57-4d1c-a3f5-8b420f1d392c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ed9a7061-e640-41f3-a838-3772f86e4be4:indexpattern-datasource-layer-3f121a5b-0179-4329-a945-a3d23d83172f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e17f8b5f-d5de-4921-bb3a-9d3e7ef58ae4:indexpattern-datasource-layer-8662c82e-ca55-4ddc-81b6-2c4f9a3afbf8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6d788430-6b2b-4e7c-9468-36b0aebf8468:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:indexpattern-datasource-layer-71ff1569-960a-408c-8e00-df6b68186912", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1888de07-0e2f-4fc4-80e9-f3102e8b97b3:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6080a8f0-54d7-4fae-884f-f34dbed69ea8:indexpattern-datasource-layer-9fe7a9cc-3417-4166-bdfc-5cdb85599981", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "55d0b7da-986b-4e98-b476-f3768233dc8f:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json index b9af2aa0786..4b657cb373e 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538.json @@ -1,561 +1,556 @@ { - "id": "sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:45:08.565Z", - "version": "WzYyMywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "551abd38-5fb7-4b65-8582-5aefeb823354": { - "columnOrder": [ - "e7acea9a-d9f8-4717-bcc7-5f20c894af20" - ], - "columns": { - "e7acea9a-d9f8-4717-bcc7-5f20c894af20": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "accessor": "e7acea9a-d9f8-4717-bcc7-5f20c894af20", - "layerId": "551abd38-5fb7-4b65-8582-5aefeb823354", - "layerType": "data" - } - }, - "title": "Total Number of Groups [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 13, - "i": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", - "w": 15, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9003983d-2897-44e8-8d69-98131f4862c0": { - "columnOrder": [ - "e90d8830-87e6-44bd-b01d-05cf41281d45", - "eea9932f-21ee-4f28-b1a7-feb8b211c125" - ], - "columns": { - "e90d8830-87e6-44bd-b01d-05cf41281d45": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Group Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "eea9932f-21ee-4f28-b1a7-feb8b211c125", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.group.type" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "551abd38-5fb7-4b65-8582-5aefeb823354": { + "columnOrder": [ + "e7acea9a-d9f8-4717-bcc7-5f20c894af20" + ], + "columns": { + "e7acea9a-d9f8-4717-bcc7-5f20c894af20": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "accessor": "e7acea9a-d9f8-4717-bcc7-5f20c894af20", + "layerId": "551abd38-5fb7-4b65-8582-5aefeb823354", + "layerType": "data" + } }, - "eea9932f-21ee-4f28-b1a7-feb8b211c125": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "e90d8830-87e6-44bd-b01d-05cf41281d45" - ], - "layerId": "9003983d-2897-44e8-8d69-98131f4862c0", - "layerType": "data", - "legendDisplay": "default", - "metric": "eea9932f-21ee-4f28-b1a7-feb8b211c125", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Total Number of Groups [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "2e9c0218-0e41-4cc7-80fa-a135cd08357a", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Groups by Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", - "w": 16, - "x": 15, - "y": 0 - }, - "panelIndex": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "75ff32d0-b457-43b3-aaed-fa3bf295c083": { - "columnOrder": [ - "1e289288-8b66-476a-8143-1c1f7be49110", - "902abe3f-a4f0-46d8-bc58-955a9b578b7e" - ], - "columns": { - "1e289288-8b66-476a-8143-1c1f7be49110": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Group Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "902abe3f-a4f0-46d8-bc58-955a9b578b7e", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "group.name" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9003983d-2897-44e8-8d69-98131f4862c0": { + "columnOrder": [ + "e90d8830-87e6-44bd-b01d-05cf41281d45", + "eea9932f-21ee-4f28-b1a7-feb8b211c125" + ], + "columns": { + "e90d8830-87e6-44bd-b01d-05cf41281d45": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Group Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "eea9932f-21ee-4f28-b1a7-feb8b211c125", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.group.type" + }, + "eea9932f-21ee-4f28-b1a7-feb8b211c125": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "e90d8830-87e6-44bd-b01d-05cf41281d45" + ], + "layerId": "9003983d-2897-44e8-8d69-98131f4862c0", + "layerType": "data", + "legendDisplay": "default", + "metric": "eea9932f-21ee-4f28-b1a7-feb8b211c125", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "902abe3f-a4f0-46d8-bc58-955a9b578b7e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Agent Count", - "operationType": "max", - "scale": "ratio", - "sourceField": "sentinel_one.group.agent.count" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "902abe3f-a4f0-46d8-bc58-955a9b578b7e" - ], - "layerId": "75ff32d0-b457-43b3-aaed-fa3bf295c083", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "1e289288-8b66-476a-8143-1c1f7be49110" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Distribution of Groups by Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 13, + "i": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", + "w": 16, + "x": 15, + "y": 0 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "44491cae-8e0b-45dc-abdd-ea5d57f1f419", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Groups by Agent Count [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "26084a13-4083-4c3e-9f81-677b4ca38ca7", - "w": 17, - "x": 31, - "y": 0 - }, - "panelIndex": "26084a13-4083-4c3e-9f81-677b4ca38ca7", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1b0e558e-537e-40a9-bc0a-f8b42329c6b5": { - "columnOrder": [ - "b88243e5-5e92-47d3-b775-f0a9d71fadf6", - "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8" - ], - "columns": { - "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "75ff32d0-b457-43b3-aaed-fa3bf295c083": { + "columnOrder": [ + "1e289288-8b66-476a-8143-1c1f7be49110", + "902abe3f-a4f0-46d8-bc58-955a9b578b7e" + ], + "columns": { + "1e289288-8b66-476a-8143-1c1f7be49110": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Group Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "902abe3f-a4f0-46d8-bc58-955a9b578b7e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "group.name" + }, + "902abe3f-a4f0-46d8-bc58-955a9b578b7e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Agent Count", + "operationType": "max", + "scale": "ratio", + "sourceField": "sentinel_one.group.agent.count" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "902abe3f-a4f0-46d8-bc58-955a9b578b7e" + ], + "layerId": "75ff32d0-b457-43b3-aaed-fa3bf295c083", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "1e289288-8b66-476a-8143-1c1f7be49110" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "b88243e5-5e92-47d3-b775-f0a9d71fadf6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rank", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", - "type": "column" + "title": "Distribution of Groups by Agent Count [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "26084a13-4083-4c3e-9f81-677b4ca38ca7", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "26084a13-4083-4c3e-9f81-677b4ca38ca7", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.group.rank" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b88243e5-5e92-47d3-b775-f0a9d71fadf6" - ], - "layerId": "1b0e558e-537e-40a9-bc0a-f8b42329c6b5", - "layerType": "data", - "legendDisplay": "default", - "metric": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1b0e558e-537e-40a9-bc0a-f8b42329c6b5": { + "columnOrder": [ + "b88243e5-5e92-47d3-b775-f0a9d71fadf6", + "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8" + ], + "columns": { + "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" + }, + "b88243e5-5e92-47d3-b775-f0a9d71fadf6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rank", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.group.rank" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b88243e5-5e92-47d3-b775-f0a9d71fadf6" + ], + "layerId": "1b0e558e-537e-40a9-bc0a-f8b42329c6b5", + "layerType": "data", + "legendDisplay": "default", + "metric": "a6e675d7-f28f-4e37-9b0e-a0849fbaa6b8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Groups by Rank [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", + "w": 23, + "x": 0, + "y": 13 + }, + "panelIndex": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", + "title": "Distribution of Groups by Rank [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Groups by Rank [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc8dc395-79e3-40c5-9857-d0385fcdc791": { + "columnOrder": [ + "ddec8617-23ff-4060-8029-5973b691cacd", + "84fdcb1d-a681-41b1-b015-201cc40554f9" + ], + "columns": { + "84fdcb1d-a681-41b1-b015-201cc40554f9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "group.id" + }, + "ddec8617-23ff-4060-8029-5973b691cacd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Creator Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.full_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.group\"" + }, + "visualization": { + "columns": [ + { + "columnId": "ddec8617-23ff-4060-8029-5973b691cacd", + "isTransposed": false + }, + { + "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", + "isTransposed": false + } + ], + "layerId": "cc8dc395-79e3-40c5-9857-d0385fcdc791", + "layerType": "data" + } + }, + "title": "Top 10 Creator Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4694770f-8a83-4877-992c-1a078c45e3c6", + "w": 25, + "x": 23, + "y": 13 + }, + "panelIndex": "4694770f-8a83-4877-992c-1a078c45e3c6", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs SentinelOne] Groups", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "sentinel_one-5881f5f0-bb2c-11ec-82b7-8fcb232e9538", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", - "w": 23, - "x": 0, - "y": 13 + { + "id": "logs-*", + "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", + "type": "index-pattern" }, - "panelIndex": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7", - "title": "Distribution of Groups by Rank [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc8dc395-79e3-40c5-9857-d0385fcdc791": { - "columnOrder": [ - "ddec8617-23ff-4060-8029-5973b691cacd", - "84fdcb1d-a681-41b1-b015-201cc40554f9" - ], - "columns": { - "84fdcb1d-a681-41b1-b015-201cc40554f9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "group.id" - }, - "ddec8617-23ff-4060-8029-5973b691cacd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Creator Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.full_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.group\"" - }, - "visualization": { - "columns": [ - { - "columnId": "ddec8617-23ff-4060-8029-5973b691cacd", - "isTransposed": false - }, - { - "columnId": "84fdcb1d-a681-41b1-b015-201cc40554f9", - "isTransposed": false - } - ], - "layerId": "cc8dc395-79e3-40c5-9857-d0385fcdc791", - "layerType": "data" - } - }, - "title": "Top 10 Creator Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} + { + "id": "logs-*", + "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "4694770f-8a83-4877-992c-1a078c45e3c6", - "w": 25, - "x": 23, - "y": 13 + { + "id": "logs-*", + "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "4694770f-8a83-4877-992c-1a078c45e3c6", - "type": "lens", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs SentinelOne] Groups", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2e9c0218-0e41-4cc7-80fa-a135cd08357a:indexpattern-datasource-layer-551abd38-5fb7-4b65-8582-5aefeb823354", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "44491cae-8e0b-45dc-abdd-ea5d57f1f419:indexpattern-datasource-layer-9003983d-2897-44e8-8d69-98131f4862c0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "26084a13-4083-4c3e-9f81-677b4ca38ca7:indexpattern-datasource-layer-75ff32d0-b457-43b3-aaed-fa3bf295c083", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c4c1c721-dabf-4a99-bd53-934afe7bb4d7:indexpattern-datasource-layer-1b0e558e-537e-40a9-bc0a-f8b42329c6b5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4694770f-8a83-4877-992c-1a078c45e3c6:indexpattern-datasource-layer-cc8dc395-79e3-40c5-9857-d0385fcdc791", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json index 253bbc59880..7cc25c7ec1a 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538.json @@ -1,2050 +1,2045 @@ { - "id": "sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:45:08.565Z", - "version": "WzYyNCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "56dc7645-caa9-462c-abbd-496b8e73ba9c": { - "columnOrder": [ - "b504e88b-35dc-4481-b38b-617210c7054d", - "123404f0-3fb4-40b8-88d0-2debd9a5ebfc" - ], - "columns": { - "123404f0-3fb4-40b8-88d0-2debd9a5ebfc": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "b504e88b-35dc-4481-b38b-617210c7054d": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_active : true " - }, - "label": "Active Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_active : false " - }, - "label": "Inactive Agents" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_active", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_active" - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b504e88b-35dc-4481-b38b-617210c7054d" - ], - "layerId": "56dc7645-caa9-462c-abbd-496b8e73ba9c", - "layerType": "data", - "legendDisplay": "default", - "metric": "123404f0-3fb4-40b8-88d0-2debd9a5ebfc", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Active Agents Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + } }, - "gridData": { - "h": 15, - "i": "88da7d9d-b377-4455-a528-719f58c796f7", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "88da7d9d-b377-4455-a528-719f58c796f7", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ddc8b7d7-81b9-4d85-a686-7e723fc02c52": { - "columnOrder": [ - "76f65f2c-80e0-41fe-a2cf-d470ec579540", - "42960489-8884-48d3-89d4-f7e6ac04e3c8" - ], - "columns": { - "42960489-8884-48d3-89d4-f7e6ac04e3c8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "76f65f2c-80e0-41fe-a2cf-d470ec579540": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "56dc7645-caa9-462c-abbd-496b8e73ba9c": { + "columnOrder": [ + "b504e88b-35dc-4481-b38b-617210c7054d", + "123404f0-3fb4-40b8-88d0-2debd9a5ebfc" + ], + "columns": { + "123404f0-3fb4-40b8-88d0-2debd9a5ebfc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "b504e88b-35dc-4481-b38b-617210c7054d": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_active : true " + }, + "label": "Active Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_active : false " + }, + "label": "Inactive Agents" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.firewall_enabled : true " - }, - "label": "Enabled" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.firewall_enabled: false " - }, - "label": "Disabled" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.firewall_enabled", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.firewall_enabled" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "76f65f2c-80e0-41fe-a2cf-d470ec579540" - ], - "layerId": "ddc8b7d7-81b9-4d85-a686-7e723fc02c52", - "layerType": "data", - "legendDisplay": "default", - "metric": "42960489-8884-48d3-89d4-f7e6ac04e3c8", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Firewall Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", - "title": "Distribution of Agents with Firewall Status [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e4082dc4-e9cc-4589-aed3-bf66cdac7d34": { - "columnOrder": [ - "262773c9-227c-4f57-8bfc-530148301609", - "14960b41-614b-4650-90d9-5feec22c00ce" - ], - "columns": { - "14960b41-614b-4650-90d9-5feec22c00ce": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "262773c9-227c-4f57-8bfc-530148301609": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Scan Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "14960b41-614b-4650-90d9-5feec22c00ce", - "type": "column" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_active", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_active" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.scan.status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "262773c9-227c-4f57-8bfc-530148301609" - ], - "layerId": "e4082dc4-e9cc-4589-aed3-bf66cdac7d34", - "layerType": "data", - "legendDisplay": "default", - "metric": "14960b41-614b-4650-90d9-5feec22c00ce", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Scan Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a1308966-3dec-431c-82e3-29890ad87785", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "a1308966-3dec-431c-82e3-29890ad87785", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3": { - "columnOrder": [ - "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2", - "c986097b-d867-4c7f-a519-04be42d34916" - ], - "columns": { - "c986097b-d867-4c7f-a519-04be42d34916": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count ", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b504e88b-35dc-4481-b38b-617210c7054d" + ], + "layerId": "56dc7645-caa9-462c-abbd-496b8e73ba9c", + "layerType": "data", + "legendDisplay": "default", + "metric": "123404f0-3fb4-40b8-88d0-2debd9a5ebfc", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mitigation Mode", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c986097b-d867-4c7f-a519-04be42d34916", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.mitigation_mode" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "c986097b-d867-4c7f-a519-04be42d34916" - ], - "layerId": "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Distribution of Agents by Active Agents Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "88da7d9d-b377-4455-a528-719f58c796f7", + "w": 24, + "x": 0, + "y": 0 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "88da7d9d-b377-4455-a528-719f58c796f7", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by Mitigation Mode [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "46e7eb74-692b-4c09-b8cd-f7817757c592": { - "columnOrder": [ - "4394b62d-0267-4f42-9c8a-1e0f661181ca", - "669fda39-2f89-42f4-8f3d-24ebed033e42" - ], - "columns": { - "4394b62d-0267-4f42-9c8a-1e0f661181ca": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Group IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "669fda39-2f89-42f4-8f3d-24ebed033e42", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.group.ip" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ddc8b7d7-81b9-4d85-a686-7e723fc02c52": { + "columnOrder": [ + "76f65f2c-80e0-41fe-a2cf-d470ec579540", + "42960489-8884-48d3-89d4-f7e6ac04e3c8" + ], + "columns": { + "42960489-8884-48d3-89d4-f7e6ac04e3c8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "76f65f2c-80e0-41fe-a2cf-d470ec579540": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.firewall_enabled : true " + }, + "label": "Enabled" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.firewall_enabled: false " + }, + "label": "Disabled" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.firewall_enabled", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.firewall_enabled" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "76f65f2c-80e0-41fe-a2cf-d470ec579540" + ], + "layerId": "ddc8b7d7-81b9-4d85-a686-7e723fc02c52", + "layerType": "data", + "legendDisplay": "default", + "metric": "42960489-8884-48d3-89d4-f7e6ac04e3c8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "669fda39-2f89-42f4-8f3d-24ebed033e42": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count ", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "4394b62d-0267-4f42-9c8a-1e0f661181ca" - ], - "layerId": "46e7eb74-692b-4c09-b8cd-f7817757c592", - "layerType": "data", - "legendDisplay": "default", - "metric": "669fda39-2f89-42f4-8f3d-24ebed033e42", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Agents by Firewall Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b", + "title": "Distribution of Agents with Firewall Status [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by Group IP [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5b220d94-4542-4e91-82a5-6fddc2d1f450", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "5b220d94-4542-4e91-82a5-6fddc2d1f450", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "76063bf9-bddc-448f-805e-e53308972d0a": { - "columnOrder": [ - "96dd816b-0e55-4e31-9e5b-11f64820a453", - "2fb054c3-aaea-48a1-99c6-4de1dcd81881" - ], - "columns": { - "2fb054c3-aaea-48a1-99c6-4de1dcd81881": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "96dd816b-0e55-4e31-9e5b-11f64820a453": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Architecture", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.os.arch" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "96dd816b-0e55-4e31-9e5b-11f64820a453" - ], - "layerId": "76063bf9-bddc-448f-805e-e53308972d0a", - "layerType": "data", - "legendDisplay": "default", - "metric": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e4082dc4-e9cc-4589-aed3-bf66cdac7d34": { + "columnOrder": [ + "262773c9-227c-4f57-8bfc-530148301609", + "14960b41-614b-4650-90d9-5feec22c00ce" + ], + "columns": { + "14960b41-614b-4650-90d9-5feec22c00ce": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "262773c9-227c-4f57-8bfc-530148301609": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Scan Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "14960b41-614b-4650-90d9-5feec22c00ce", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.scan.status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "262773c9-227c-4f57-8bfc-530148301609" + ], + "layerId": "e4082dc4-e9cc-4589-aed3-bf66cdac7d34", + "layerType": "data", + "legendDisplay": "default", + "metric": "14960b41-614b-4650-90d9-5feec22c00ce", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Scan Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "a1308966-3dec-431c-82e3-29890ad87785", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "a1308966-3dec-431c-82e3-29890ad87785", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by OS Architecture [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4250d06c-8c4c-49ee-8199-3e153a355987", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "4250d06c-8c4c-49ee-8199-3e153a355987", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "67c6e93f-d08b-4c37-b01f-0d2b29874291": { - "columnOrder": [ - "6e3b93ec-b364-4d1a-8cd9-eb4250561a57", - "44eec685-7c49-4119-baf7-2547c57d857a" - ], - "columns": { - "44eec685-7c49-4119-baf7-2547c57d857a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3": { + "columnOrder": [ + "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2", + "c986097b-d867-4c7f-a519-04be42d34916" + ], + "columns": { + "c986097b-d867-4c7f-a519-04be42d34916": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count ", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mitigation Mode", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c986097b-d867-4c7f-a519-04be42d34916", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.mitigation_mode" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "c986097b-d867-4c7f-a519-04be42d34916" + ], + "layerId": "6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "e8c07bab-a3f7-4cc9-96aa-4affa24dbbb2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "6e3b93ec-b364-4d1a-8cd9-eb4250561a57": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Installer Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "44eec685-7c49-4119-baf7-2547c57d857a", - "type": "column" + "title": "Distribution of Agents by Mitigation Mode [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.installer_type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "44eec685-7c49-4119-baf7-2547c57d857a" - ], - "layerId": "67c6e93f-d08b-4c37-b01f-0d2b29874291", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "6e3b93ec-b364-4d1a-8cd9-eb4250561a57" - } - ], - "legend": { - "isVisible": true, - "position": "right" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "46e7eb74-692b-4c09-b8cd-f7817757c592": { + "columnOrder": [ + "4394b62d-0267-4f42-9c8a-1e0f661181ca", + "669fda39-2f89-42f4-8f3d-24ebed033e42" + ], + "columns": { + "4394b62d-0267-4f42-9c8a-1e0f661181ca": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Group IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "669fda39-2f89-42f4-8f3d-24ebed033e42", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.group.ip" + }, + "669fda39-2f89-42f4-8f3d-24ebed033e42": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count ", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "4394b62d-0267-4f42-9c8a-1e0f661181ca" + ], + "layerId": "46e7eb74-692b-4c09-b8cd-f7817757c592", + "layerType": "data", + "legendDisplay": "default", + "metric": "669fda39-2f89-42f4-8f3d-24ebed033e42", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Group IP [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "5b220d94-4542-4e91-82a5-6fddc2d1f450", + "w": 24, + "x": 0, + "y": 30 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "5b220d94-4542-4e91-82a5-6fddc2d1f450", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by Installer Type [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4": { - "columnOrder": [ - "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de", - "f951b023-b4c9-4f40-8e27-e3122b6db069" - ], - "columns": { - "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Machine Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f951b023-b4c9-4f40-8e27-e3122b6db069", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.machine.type" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "76063bf9-bddc-448f-805e-e53308972d0a": { + "columnOrder": [ + "96dd816b-0e55-4e31-9e5b-11f64820a453", + "2fb054c3-aaea-48a1-99c6-4de1dcd81881" + ], + "columns": { + "2fb054c3-aaea-48a1-99c6-4de1dcd81881": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "96dd816b-0e55-4e31-9e5b-11f64820a453": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Architecture", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.os.arch" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "96dd816b-0e55-4e31-9e5b-11f64820a453" + ], + "layerId": "76063bf9-bddc-448f-805e-e53308972d0a", + "layerType": "data", + "legendDisplay": "default", + "metric": "2fb054c3-aaea-48a1-99c6-4de1dcd81881", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "f951b023-b4c9-4f40-8e27-e3122b6db069": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de" - ], - "layerId": "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", - "layerType": "data", - "legendDisplay": "default", - "metric": "f951b023-b4c9-4f40-8e27-e3122b6db069", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Agents by OS Architecture [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4250d06c-8c4c-49ee-8199-3e153a355987", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "4250d06c-8c4c-49ee-8199-3e153a355987", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by Machine Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "595ba171-1de6-4b07-9f75-99d7b87fb828", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "595ba171-1de6-4b07-9f75-99d7b87fb828", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "06b2ffc3-7740-4e73-807a-ea80e0747b80": { - "columnOrder": [ - "0c348764-2e97-4ac5-829c-cd320b30e4d4", - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", - "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f" - ], - "columns": { - "0c348764-2e97-4ac5-829c-cd320b30e4d4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "67c6e93f-d08b-4c37-b01f-0d2b29874291": { + "columnOrder": [ + "6e3b93ec-b364-4d1a-8cd9-eb4250561a57", + "44eec685-7c49-4119-baf7-2547c57d857a" + ], + "columns": { + "44eec685-7c49-4119-baf7-2547c57d857a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "6e3b93ec-b364-4d1a-8cd9-eb4250561a57": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Installer Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "44eec685-7c49-4119-baf7-2547c57d857a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.installer_type" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.type" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "44eec685-7c49-4119-baf7-2547c57d857a" + ], + "layerId": "67c6e93f-d08b-4c37-b01f-0d2b29874291", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "6e3b93ec-b364-4d1a-8cd9-eb4250561a57" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" + "title": "Distribution of Agents by Installer Type [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "f2bbdd58-6b06-4b74-9b65-21858c9059c0", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4": { + "columnOrder": [ + "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de", + "f951b023-b4c9-4f40-8e27-e3122b6db069" + ], + "columns": { + "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Machine Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f951b023-b4c9-4f40-8e27-e3122b6db069", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.machine.type" + }, + "f951b023-b4c9-4f40-8e27-e3122b6db069": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a8c8f9a7-9950-4eb1-aef9-2e3c223c64de" + ], + "layerId": "dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", + "layerType": "data", + "legendDisplay": "default", + "metric": "f951b023-b4c9-4f40-8e27-e3122b6db069", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", - "type": "column" + "title": "Distribution of Agents by Machine Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "595ba171-1de6-4b07-9f75-99d7b87fb828", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "595ba171-1de6-4b07-9f75-99d7b87fb828", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", - "0c348764-2e97-4ac5-829c-cd320b30e4d4", - "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe" - ], - "layerId": "06b2ffc3-7740-4e73-807a-ea80e0747b80", - "layerType": "data", - "legendDisplay": "default", - "metric": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "06b2ffc3-7740-4e73-807a-ea80e0747b80": { + "columnOrder": [ + "0c348764-2e97-4ac5-829c-cd320b30e4d4", + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", + "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f" + ], + "columns": { + "0c348764-2e97-4ac5-829c-cd320b30e4d4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.type" + }, + "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe", + "0c348764-2e97-4ac5-829c-cd320b30e4d4", + "ae18bca1-5ee5-44cd-a845-4b6d5e2f9fbe" + ], + "layerId": "06b2ffc3-7740-4e73-807a-ea80e0747b80", + "layerType": "data", + "legendDisplay": "default", + "metric": "28cd1c1b-ab0a-40fb-a603-a1ddc4f0157f", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by OS Name, OS Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e1812890-1e55-4323-8016-fc7340d95b2f", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "e1812890-1e55-4323-8016-fc7340d95b2f", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by OS Name, OS Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e1812890-1e55-4323-8016-fc7340d95b2f", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "e1812890-1e55-4323-8016-fc7340d95b2f", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "456e2023-abf7-40b7-bbc4-35020ef2edd5": { - "columnOrder": [ - "13bfcde7-20c3-40f4-a865-9c8db705dde6", - "f8a1e135-5ef5-4e17-8660-369ab0230dd1" - ], - "columns": { - "13bfcde7-20c3-40f4-a865-9c8db705dde6": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "456e2023-abf7-40b7-bbc4-35020ef2edd5": { + "columnOrder": [ + "13bfcde7-20c3-40f4-a865-9c8db705dde6", + "f8a1e135-5ef5-4e17-8660-369ab0230dd1" + ], + "columns": { + "13bfcde7-20c3-40f4-a865-9c8db705dde6": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.infected : true " + }, + "label": "Infected Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.infected : false " + }, + "label": "Non-Infected Agents" + } + ] + }, + "scale": "ordinal" + }, + "f8a1e135-5ef5-4e17-8660-369ab0230dd1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.infected : true " - }, - "label": "Infected Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.infected : false " - }, - "label": "Non-Infected Agents" - } - ] - }, - "scale": "ordinal" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.infected", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.infected" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "13bfcde7-20c3-40f4-a865-9c8db705dde6" + ], + "layerId": "456e2023-abf7-40b7-bbc4-35020ef2edd5", + "layerType": "data", + "legendDisplay": "default", + "metric": "f8a1e135-5ef5-4e17-8660-369ab0230dd1", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "f8a1e135-5ef5-4e17-8660-369ab0230dd1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.infected", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.infected" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "13bfcde7-20c3-40f4-a865-9c8db705dde6" - ], - "layerId": "456e2023-abf7-40b7-bbc4-35020ef2edd5", - "layerType": "data", - "legendDisplay": "default", - "metric": "f8a1e135-5ef5-4e17-8660-369ab0230dd1", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Agents by Infected Agents Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "445f92f7-7a5f-4236-a8ac-df3087a536fe", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "445f92f7-7a5f-4236-a8ac-df3087a536fe", + "title": "Distribution of Agents by Infected Agents [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by Infected Agents Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "445f92f7-7a5f-4236-a8ac-df3087a536fe", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "445f92f7-7a5f-4236-a8ac-df3087a536fe", - "title": "Distribution of Agents by Infected Agents [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "94b7fb49-4faf-4114-baa6-2c621257fd25": { - "columnOrder": [ - "14e97f3a-9df8-494f-9190-6ff104f0e040", - "ab4aa055-75f5-45bc-8d34-883bc47f771a" - ], - "columns": { - "14e97f3a-9df8-494f-9190-6ff104f0e040": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Site Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "94b7fb49-4faf-4114-baa6-2c621257fd25": { + "columnOrder": [ + "14e97f3a-9df8-494f-9190-6ff104f0e040", + "ab4aa055-75f5-45bc-8d34-883bc47f771a" + ], + "columns": { + "14e97f3a-9df8-494f-9190-6ff104f0e040": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Site Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.site.name" + }, + "ab4aa055-75f5-45bc-8d34-883bc47f771a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.site.name" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "columns": [ + { + "columnId": "14e97f3a-9df8-494f-9190-6ff104f0e040", + "isTransposed": false + }, + { + "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", + "isTransposed": false + } + ], + "layerId": "94b7fb49-4faf-4114-baa6-2c621257fd25", + "layerType": "data" + } }, - "ab4aa055-75f5-45bc-8d34-883bc47f771a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "columns": [ - { - "columnId": "14e97f3a-9df8-494f-9190-6ff104f0e040", - "isTransposed": false - }, - { - "columnId": "ab4aa055-75f5-45bc-8d34-883bc47f771a", - "isTransposed": false - } - ], - "layerId": "94b7fb49-4faf-4114-baa6-2c621257fd25", - "layerType": "data" - } + "title": "Top 10 Site Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Site Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9767cd3d-c1a5-443e-9e79-64f2be92d73e": { - "columnOrder": [ - "91f47b2b-9e63-4958-9aeb-5d46537caaaa", - "f35cbfab-8158-4a67-b1ea-b4142fe750b4" - ], - "columns": { - "91f47b2b-9e63-4958-9aeb-5d46537caaaa": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9767cd3d-c1a5-443e-9e79-64f2be92d73e": { + "columnOrder": [ + "91f47b2b-9e63-4958-9aeb-5d46537caaaa", + "f35cbfab-8158-4a67-b1ea-b4142fe750b4" + ], + "columns": { + "91f47b2b-9e63-4958-9aeb-5d46537caaaa": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_up_to_date : true " + }, + "label": "Up To Date Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_up_to_date : false " + }, + "label": "Out Dated Agents" + } + ] + }, + "scale": "ordinal" + }, + "f35cbfab-8158-4a67-b1ea-b4142fe750b4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_up_to_date : true " + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_up_to_date", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_up_to_date" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "91f47b2b-9e63-4958-9aeb-5d46537caaaa" + ], + "layerId": "9767cd3d-c1a5-443e-9e79-64f2be92d73e", + "layerType": "data", + "legendDisplay": "default", + "metric": "f35cbfab-8158-4a67-b1ea-b4142fe750b4", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Up To Date Agents Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", + "title": "Distribution of Agents by Up To Date Agents [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "469a2da2-7e40-4e47-b882-b553ebc14bf2": { + "columnOrder": [ + "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3", + "699767aa-b223-466d-b751-833a7921e49a" + ], + "columns": { + "699767aa-b223-466d-b751-833a7921e49a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Active Threats", + "operationType": "median", + "scale": "ratio", + "sourceField": "sentinel_one.agent.active_threats_count" + }, + "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Computer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "699767aa-b223-466d-b751-833a7921e49a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "699767aa-b223-466d-b751-833a7921e49a" + ], + "layerId": "469a2da2-7e40-4e47-b882-b553ebc14bf2", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "label": "Up To Date Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_up_to_date : false " + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "label": "Out Dated Agents" - } - ] - }, - "scale": "ordinal" + "yRightExtent": { + "mode": "full" + } + } }, - "f35cbfab-8158-4a67-b1ea-b4142fe750b4": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_up_to_date", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_up_to_date" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "91f47b2b-9e63-4958-9aeb-5d46537caaaa" - ], - "layerId": "9767cd3d-c1a5-443e-9e79-64f2be92d73e", - "layerType": "data", - "legendDisplay": "default", - "metric": "f35cbfab-8158-4a67-b1ea-b4142fe750b4", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Computer Name by Active Threats [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Agents by Up To Date Agents Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5", - "title": "Distribution of Agents by Up To Date Agents [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "469a2da2-7e40-4e47-b882-b553ebc14bf2": { - "columnOrder": [ - "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3", - "699767aa-b223-466d-b751-833a7921e49a" - ], - "columns": { - "699767aa-b223-466d-b751-833a7921e49a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Active Threats", - "operationType": "median", - "scale": "ratio", - "sourceField": "sentinel_one.agent.active_threats_count" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "65fd11fd-a0e7-4507-ad95-82593ace9d23": { + "columnOrder": [ + "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d", + "337ab9f4-ba31-4b10-97c2-37a90555ebbf" + ], + "columns": { + "337ab9f4-ba31-4b10-97c2-37a90555ebbf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_pending_uninstall : true " + }, + "label": "Pending Uninstall" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_pending_uninstall: false " + }, + "label": "Not Pending Uninstall" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_pending_uninstall", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_pending_uninstall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d" + ], + "layerId": "65fd11fd-a0e7-4507-ad95-82593ace9d23", + "layerType": "data", + "legendDisplay": "default", + "metric": "337ab9f4-ba31-4b10-97c2-37a90555ebbf", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Computer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "699767aa-b223-466d-b751-833a7921e49a", - "type": "column" + "title": "Distribution of Agents by Pending Uninstall Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "699767aa-b223-466d-b751-833a7921e49a" - ], - "layerId": "469a2da2-7e40-4e47-b882-b553ebc14bf2", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "f9e8f30e-66a3-46c2-bf37-5a8a0be26ce3" - } - ], - "legend": { - "isVisible": true, - "position": "right" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "15c36245-dfc6-41bc-aca4-abe1dd16e8e5": { + "columnOrder": [ + "34e6ebff-5e97-4117-ae55-0ac219a091ae", + "b479de26-3fab-44c4-9f5c-ff493b2a7279" + ], + "columns": { + "34e6ebff-5e97-4117-ae55-0ac219a091ae": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Vulnerability Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b479de26-3fab-44c4-9f5c-ff493b2a7279", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.agent.apps_vulnerability_status" + }, + "b479de26-3fab-44c4-9f5c-ff493b2a7279": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "34e6ebff-5e97-4117-ae55-0ac219a091ae" + ], + "layerId": "15c36245-dfc6-41bc-aca4-abe1dd16e8e5", + "layerType": "data", + "legendDisplay": "default", + "metric": "b479de26-3fab-44c4-9f5c-ff493b2a7279", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Agents by Application Vulnerability Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "87c066da-976f-4df5-8ecf-a8b50b984eed", + "w": 24, + "x": 0, + "y": 105 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "87c066da-976f-4df5-8ecf-a8b50b984eed", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Computer Name by Active Threats [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1bc53fbf-f363-4273-9153-0e88fe027780": { + "columnOrder": [ + "acf8b38d-83f6-4585-87d3-789ccc365528", + "7ddca434-c6b4-4f23-983f-fa65333fd84a" + ], + "columns": { + "7ddca434-c6b4-4f23-983f-fa65333fd84a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "host.id" + }, + "acf8b38d-83f6-4585-87d3-789ccc365528": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_uninstalled : true " + }, + "label": "Uninstalled Agents" + }, + { + "input": { + "language": "kuery", + "query": "sentinel_one.agent.is_uninstalled: false " + }, + "label": "Installed Agents" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "sentinel_one.agent.is_uninstalled", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "sentinel_one.agent.is_uninstalled" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.agent\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "acf8b38d-83f6-4585-87d3-789ccc365528" + ], + "layerId": "1bc53fbf-f363-4273-9153-0e88fe027780", + "layerType": "data", + "legendDisplay": "default", + "metric": "7ddca434-c6b4-4f23-983f-fa65333fd84a", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Percentage of Uninstalled Agents [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e62614cf-e513-40e5-aea7-6abbacf4e73b", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "e62614cf-e513-40e5-aea7-6abbacf4e73b", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs SentinelOne] Agents", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "sentinel_one-67844880-bbb5-11ec-82b7-8fcb232e9538", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", - "w": 24, - "x": 0, - "y": 90 + { + "id": "logs-*", + "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", + "type": "index-pattern" }, - "panelIndex": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "65fd11fd-a0e7-4507-ad95-82593ace9d23": { - "columnOrder": [ - "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d", - "337ab9f4-ba31-4b10-97c2-37a90555ebbf" - ], - "columns": { - "337ab9f4-ba31-4b10-97c2-37a90555ebbf": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_pending_uninstall : true " - }, - "label": "Pending Uninstall" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_pending_uninstall: false " - }, - "label": "Not Pending Uninstall" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_pending_uninstall", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_pending_uninstall" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "dbe1fa00-5bae-49e9-9f6a-82a367d0f73d" - ], - "layerId": "65fd11fd-a0e7-4507-ad95-82593ace9d23", - "layerType": "data", - "legendDisplay": "default", - "metric": "337ab9f4-ba31-4b10-97c2-37a90555ebbf", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Pending Uninstall Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + { + "id": "logs-*", + "name": "88da7d9d-b377-4455-a528-719f58c796f7:filter-index-pattern-0", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", - "w": 24, - "x": 24, - "y": 90 + { + "id": "logs-*", + "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "28169c5e-d7e5-4b2d-a75c-78c6b477261f", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "15c36245-dfc6-41bc-aca4-abe1dd16e8e5": { - "columnOrder": [ - "34e6ebff-5e97-4117-ae55-0ac219a091ae", - "b479de26-3fab-44c4-9f5c-ff493b2a7279" - ], - "columns": { - "34e6ebff-5e97-4117-ae55-0ac219a091ae": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application Vulnerability Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b479de26-3fab-44c4-9f5c-ff493b2a7279", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.agent.apps_vulnerability_status" - }, - "b479de26-3fab-44c4-9f5c-ff493b2a7279": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "34e6ebff-5e97-4117-ae55-0ac219a091ae" - ], - "layerId": "15c36245-dfc6-41bc-aca4-abe1dd16e8e5", - "layerType": "data", - "legendDisplay": "default", - "metric": "b479de26-3fab-44c4-9f5c-ff493b2a7279", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Agents by Application Vulnerability Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + { + "id": "logs-*", + "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "87c066da-976f-4df5-8ecf-a8b50b984eed", - "w": 24, - "x": 0, - "y": 105 + { + "id": "logs-*", + "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:filter-index-pattern-0", + "type": "index-pattern" }, - "panelIndex": "87c066da-976f-4df5-8ecf-a8b50b984eed", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1bc53fbf-f363-4273-9153-0e88fe027780": { - "columnOrder": [ - "acf8b38d-83f6-4585-87d3-789ccc365528", - "7ddca434-c6b4-4f23-983f-fa65333fd84a" - ], - "columns": { - "7ddca434-c6b4-4f23-983f-fa65333fd84a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "host.id" - }, - "acf8b38d-83f6-4585-87d3-789ccc365528": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_uninstalled : true " - }, - "label": "Uninstalled Agents" - }, - { - "input": { - "language": "kuery", - "query": "sentinel_one.agent.is_uninstalled: false " - }, - "label": "Installed Agents" - } - ] - }, - "scale": "ordinal" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "sentinel_one.agent.is_uninstalled", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "sentinel_one.agent.is_uninstalled" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.agent\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "acf8b38d-83f6-4585-87d3-789ccc365528" - ], - "layerId": "1bc53fbf-f363-4273-9153-0e88fe027780", - "layerType": "data", - "legendDisplay": "default", - "metric": "7ddca434-c6b4-4f23-983f-fa65333fd84a", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Percentage of Uninstalled Agents [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + { + "id": "logs-*", + "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "e62614cf-e513-40e5-aea7-6abbacf4e73b", - "w": 24, - "x": 24, - "y": 105 + { + "id": "logs-*", + "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "e62614cf-e513-40e5-aea7-6abbacf4e73b", - "type": "lens", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:filter-index-pattern-0", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs SentinelOne] Agents", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "88da7d9d-b377-4455-a528-719f58c796f7:indexpattern-datasource-layer-56dc7645-caa9-462c-abbd-496b8e73ba9c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "88da7d9d-b377-4455-a528-719f58c796f7:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:indexpattern-datasource-layer-ddc8b7d7-81b9-4d85-a686-7e723fc02c52", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3158c9a2-f48a-42e2-ae82-e01c07a0a77b:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a1308966-3dec-431c-82e3-29890ad87785:indexpattern-datasource-layer-e4082dc4-e9cc-4589-aed3-bf66cdac7d34", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b4b87cb0-eccc-4b59-a6bc-5aca60f1cdb8:indexpattern-datasource-layer-6a90d9b3-18c1-4b5d-9ba1-0a4bbf0022e3", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5b220d94-4542-4e91-82a5-6fddc2d1f450:indexpattern-datasource-layer-46e7eb74-692b-4c09-b8cd-f7817757c592", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4250d06c-8c4c-49ee-8199-3e153a355987:indexpattern-datasource-layer-76063bf9-bddc-448f-805e-e53308972d0a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f2bbdd58-6b06-4b74-9b65-21858c9059c0:indexpattern-datasource-layer-67c6e93f-d08b-4c37-b01f-0d2b29874291", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "595ba171-1de6-4b07-9f75-99d7b87fb828:indexpattern-datasource-layer-dae671b1-cfe6-4d04-b4b6-8037b31a5fe4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e1812890-1e55-4323-8016-fc7340d95b2f:indexpattern-datasource-layer-06b2ffc3-7740-4e73-807a-ea80e0747b80", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:indexpattern-datasource-layer-456e2023-abf7-40b7-bbc4-35020ef2edd5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "445f92f7-7a5f-4236-a8ac-df3087a536fe:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fce4e5f5-f30f-473f-8bbf-9523a84a3f96:indexpattern-datasource-layer-94b7fb49-4faf-4114-baa6-2c621257fd25", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:indexpattern-datasource-layer-9767cd3d-c1a5-443e-9e79-64f2be92d73e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8fa0d643-4d93-45a8-a9ea-57f6e1cff5a5:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6230b4c-2b1a-4db7-96f5-a8b767794e6a:indexpattern-datasource-layer-469a2da2-7e40-4e47-b882-b553ebc14bf2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:indexpattern-datasource-layer-65fd11fd-a0e7-4507-ad95-82593ace9d23", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "28169c5e-d7e5-4b2d-a75c-78c6b477261f:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "87c066da-976f-4df5-8ecf-a8b50b984eed:indexpattern-datasource-layer-15c36245-dfc6-41bc-aca4-abe1dd16e8e5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:indexpattern-datasource-layer-1bc53fbf-f363-4273-9153-0e88fe027780", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e62614cf-e513-40e5-aea7-6abbacf4e73b:filter-index-pattern-0", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json index 126e9726361..1ea5370b44b 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538.json @@ -1,812 +1,807 @@ { - "id": "sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:45:08.565Z", - "version": "WzYyNSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3aa4f16e-85bd-466a-b665-445b6d5de2cd": { - "columnOrder": [ - "b9e2330d-e198-4126-a3b0-77e64079e984" - ], - "columns": { - "b9e2330d-e198-4126-a3b0-77e64079e984": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "accessor": "b9e2330d-e198-4126-a3b0-77e64079e984", - "layerId": "3aa4f16e-85bd-466a-b665-445b6d5de2cd", - "layerType": "data" - } - }, - "title": "Total Number of Activities [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 12, - "i": "6b1d0060-0c72-441e-9901-855d5ee70a67", - "w": 16, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "6b1d0060-0c72-441e-9901-855d5ee70a67", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c1284ad1-7648-410f-b78f-78a997f797cd": { - "columnOrder": [ - "328306c1-4f54-43a4-b22b-1a0d5d692b56", - "33e68f71-0393-4fc3-8560-b1ed069c6aff" - ], - "columns": { - "328306c1-4f54-43a4-b22b-1a0d5d692b56": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User ID", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3aa4f16e-85bd-466a-b665-445b6d5de2cd": { + "columnOrder": [ + "b9e2330d-e198-4126-a3b0-77e64079e984" + ], + "columns": { + "b9e2330d-e198-4126-a3b0-77e64079e984": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.id" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "accessor": "b9e2330d-e198-4126-a3b0-77e64079e984", + "layerId": "3aa4f16e-85bd-466a-b665-445b6d5de2cd", + "layerType": "data" + } }, - "33e68f71-0393-4fc3-8560-b1ed069c6aff": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "columns": [ - { - "columnId": "328306c1-4f54-43a4-b22b-1a0d5d692b56", - "isTransposed": false - }, - { - "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", - "isTransposed": false - } - ], - "layerId": "c1284ad1-7648-410f-b78f-78a997f797cd", - "layerType": "data" - } + "title": "Total Number of Activities [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "6b1d0060-0c72-441e-9901-855d5ee70a67", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "6b1d0060-0c72-441e-9901-855d5ee70a67", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 User ID [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "fe58dc4e-28bd-4efc-9995-4431b0128e73", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "fe58dc4e-28bd-4efc-9995-4431b0128e73", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c68f6ca1-bcfd-462e-8462-6c41882faa91": { - "columnOrder": [ - "20baeaa0-d2a6-4fd1-94b2-e1b9face320d", - "ad264914-7ee8-4563-9165-5c2f2d0cbdde" - ], - "columns": { - "20baeaa0-d2a6-4fd1-94b2-e1b9face320d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Agent ID", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c1284ad1-7648-410f-b78f-78a997f797cd": { + "columnOrder": [ + "328306c1-4f54-43a4-b22b-1a0d5d692b56", + "33e68f71-0393-4fc3-8560-b1ed069c6aff" + ], + "columns": { + "328306c1-4f54-43a4-b22b-1a0d5d692b56": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User ID", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.id" + }, + "33e68f71-0393-4fc3-8560-b1ed069c6aff": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.activity.agent.id" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "328306c1-4f54-43a4-b22b-1a0d5d692b56", + "isTransposed": false + }, + { + "columnId": "33e68f71-0393-4fc3-8560-b1ed069c6aff", + "isTransposed": false + } + ], + "layerId": "c1284ad1-7648-410f-b78f-78a997f797cd", + "layerType": "data" + } }, - "ad264914-7ee8-4563-9165-5c2f2d0cbdde": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "20baeaa0-d2a6-4fd1-94b2-e1b9face320d" - ], - "layerId": "c68f6ca1-bcfd-462e-8462-6c41882faa91", - "layerType": "data", - "legendDisplay": "default", - "metric": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 User ID [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "fe58dc4e-28bd-4efc-9995-4431b0128e73", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "fe58dc4e-28bd-4efc-9995-4431b0128e73", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Activities by Agent ID [Logs SentinelOne]]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "e9f9f5be-1784-4930-b656-b41e8baf100b", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "e9f9f5be-1784-4930-b656-b41e8baf100b", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "286fe5cf-c73d-4edf-9e11-04e266706ac0": { - "columnOrder": [ - "0c47280a-f6fa-4360-ab66-d64449fb9926", - "06382207-6085-4738-8cd7-5bc411702e69" - ], - "columns": { - "06382207-6085-4738-8cd7-5bc411702e69": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "0c47280a-f6fa-4360-ab66-d64449fb9926": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Account Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "06382207-6085-4738-8cd7-5bc411702e69", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.activity.account.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "columns": [ - { - "columnId": "0c47280a-f6fa-4360-ab66-d64449fb9926", - "isTransposed": false - }, - { - "columnId": "06382207-6085-4738-8cd7-5bc411702e69", - "isTransposed": false - } - ], - "layerId": "286fe5cf-c73d-4edf-9e11-04e266706ac0", - "layerType": "data" - } - }, - "title": "Top 10 Account Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "822b1071-df2f-43bd-84a8-da1bcdd97528", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "822b1071-df2f-43bd-84a8-da1bcdd97528", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3398cd0c-0707-4e86-8138-7823fd3fe3ad": { - "columnOrder": [ - "b87b3729-1100-4fe2-82a0-fcc4b5b65999", - "b06e82de-dde9-4eae-a13d-4c4702f60694" - ], - "columns": { - "b06e82de-dde9-4eae-a13d-4c4702f60694": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "b87b3729-1100-4fe2-82a0-fcc4b5b65999": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Family", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b06e82de-dde9-4eae-a13d-4c4702f60694", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c68f6ca1-bcfd-462e-8462-6c41882faa91": { + "columnOrder": [ + "20baeaa0-d2a6-4fd1-94b2-e1b9face320d", + "ad264914-7ee8-4563-9165-5c2f2d0cbdde" + ], + "columns": { + "20baeaa0-d2a6-4fd1-94b2-e1b9face320d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Agent ID", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.activity.agent.id" + }, + "ad264914-7ee8-4563-9165-5c2f2d0cbdde": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "os.family" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b87b3729-1100-4fe2-82a0-fcc4b5b65999" - ], - "layerId": "3398cd0c-0707-4e86-8138-7823fd3fe3ad", - "layerType": "data", - "legendDisplay": "default", - "metric": "b06e82de-dde9-4eae-a13d-4c4702f60694", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "20baeaa0-d2a6-4fd1-94b2-e1b9face320d" + ], + "layerId": "c68f6ca1-bcfd-462e-8462-6c41882faa91", + "layerType": "data", + "legendDisplay": "default", + "metric": "ad264914-7ee8-4563-9165-5c2f2d0cbdde", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Activities by Agent ID [Logs SentinelOne]]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "e9f9f5be-1784-4930-b656-b41e8baf100b", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "e9f9f5be-1784-4930-b656-b41e8baf100b", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Activities by OS Family [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "96472e81-2362-46b7-9a78-ced057e7f22b", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "96472e81-2362-46b7-9a78-ced057e7f22b", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "27449a92-7952-4cb5-aec7-c18c8110f077": { - "columnOrder": [ - "cd851cfb-18ee-4ba6-bf2b-61041da779c1", - "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", - "152f8820-ce3e-4d27-a8a6-a96858d54954" - ], - "columns": { - "152f8820-ce3e-4d27-a8a6-a96858d54954": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "286fe5cf-c73d-4edf-9e11-04e266706ac0": { + "columnOrder": [ + "0c47280a-f6fa-4360-ab66-d64449fb9926", + "06382207-6085-4738-8cd7-5bc411702e69" + ], + "columns": { + "06382207-6085-4738-8cd7-5bc411702e69": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "0c47280a-f6fa-4360-ab66-d64449fb9926": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Account Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "06382207-6085-4738-8cd7-5bc411702e69", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.activity.account.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "0c47280a-f6fa-4360-ab66-d64449fb9926", + "isTransposed": false + }, + { + "columnId": "06382207-6085-4738-8cd7-5bc411702e69", + "isTransposed": false + } + ], + "layerId": "286fe5cf-c73d-4edf-9e11-04e266706ac0", + "layerType": "data" + } }, - "c7d31b39-34dd-4c74-a4a9-bb34d381ff43": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Computer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", - "type": "column" + "title": "Top 10 Account Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "822b1071-df2f-43bd-84a8-da1bcdd97528", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "822b1071-df2f-43bd-84a8-da1bcdd97528", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3398cd0c-0707-4e86-8138-7823fd3fe3ad": { + "columnOrder": [ + "b87b3729-1100-4fe2-82a0-fcc4b5b65999", + "b06e82de-dde9-4eae-a13d-4c4702f60694" + ], + "columns": { + "b06e82de-dde9-4eae-a13d-4c4702f60694": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "b87b3729-1100-4fe2-82a0-fcc4b5b65999": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Family", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b06e82de-dde9-4eae-a13d-4c4702f60694", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "os.family" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b87b3729-1100-4fe2-82a0-fcc4b5b65999" + ], + "layerId": "3398cd0c-0707-4e86-8138-7823fd3fe3ad", + "layerType": "data", + "legendDisplay": "default", + "metric": "b06e82de-dde9-4eae-a13d-4c4702f60694", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "cd851cfb-18ee-4ba6-bf2b-61041da779c1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Primary Description", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", - "type": "column" + "title": "Distribution of Activities by OS Family [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "96472e81-2362-46b7-9a78-ced057e7f22b", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "96472e81-2362-46b7-9a78-ced057e7f22b", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.activity.description.primary" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "host.name", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "host.name" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "columns": [ - { - "columnId": "cd851cfb-18ee-4ba6-bf2b-61041da779c1", - "isTransposed": false - }, - { - "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", - "isTransposed": false - }, - { - "columnId": "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", - "isTransposed": false - } - ], - "layerId": "27449a92-7952-4cb5-aec7-c18c8110f077", - "layerType": "data" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "27449a92-7952-4cb5-aec7-c18c8110f077": { + "columnOrder": [ + "cd851cfb-18ee-4ba6-bf2b-61041da779c1", + "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", + "152f8820-ce3e-4d27-a8a6-a96858d54954" + ], + "columns": { + "152f8820-ce3e-4d27-a8a6-a96858d54954": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c7d31b39-34dd-4c74-a4a9-bb34d381ff43": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Computer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + }, + "cd851cfb-18ee-4ba6-bf2b-61041da779c1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Primary Description", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.activity.description.primary" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "host.name", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "host.name" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "cd851cfb-18ee-4ba6-bf2b-61041da779c1", + "isTransposed": false + }, + { + "columnId": "152f8820-ce3e-4d27-a8a6-a96858d54954", + "isTransposed": false + }, + { + "columnId": "c7d31b39-34dd-4c74-a4a9-bb34d381ff43", + "isTransposed": false + } + ], + "layerId": "27449a92-7952-4cb5-aec7-c18c8110f077", + "layerType": "data" + } + }, + "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6776b675-6e78-4293-9419-abb2052779a9", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "6776b675-6e78-4293-9419-abb2052779a9", + "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5abe3706-203c-48d8-afb0-96e3b47b163e": { + "columnOrder": [ + "bfb48360-d985-485c-8a3f-92e348223b55", + "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af" + ], + "columns": { + "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "bfb48360-d985-485c-8a3f-92e348223b55": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Computer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.activity\"" + }, + "visualization": { + "columns": [ + { + "columnId": "bfb48360-d985-485c-8a3f-92e348223b55", + "isTransposed": false + }, + { + "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", + "isTransposed": false + } + ], + "layerId": "5abe3706-203c-48d8-afb0-96e3b47b163e", + "layerType": "data" + } + }, + "title": "Top 10 Activities Count by Computer Name [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "60e34164-f433-4c23-bfa1-a84269e385dc", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "60e34164-f433-4c23-bfa1-a84269e385dc", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs SentinelOne] Activities", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "sentinel_one-899f2630-bb27-11ec-82b7-8fcb232e9538", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "6776b675-6e78-4293-9419-abb2052779a9", - "w": 24, - "x": 24, - "y": 27 + { + "id": "logs-*", + "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", + "type": "index-pattern" }, - "panelIndex": "6776b675-6e78-4293-9419-abb2052779a9", - "title": "Top 10 Primary Description by Computer Name [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5abe3706-203c-48d8-afb0-96e3b47b163e": { - "columnOrder": [ - "bfb48360-d985-485c-8a3f-92e348223b55", - "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af" - ], - "columns": { - "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "bfb48360-d985-485c-8a3f-92e348223b55": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Computer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.activity\"" - }, - "visualization": { - "columns": [ - { - "columnId": "bfb48360-d985-485c-8a3f-92e348223b55", - "isTransposed": false - }, - { - "columnId": "b56fdd4c-8aa5-4bee-822c-f46c1a7ff5af", - "isTransposed": false - } - ], - "layerId": "5abe3706-203c-48d8-afb0-96e3b47b163e", - "layerType": "data" - } - }, - "title": "Top 10 Activities Count by Computer Name [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} + { + "id": "logs-*", + "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "60e34164-f433-4c23-bfa1-a84269e385dc", - "w": 24, - "x": 0, - "y": 27 + { + "id": "logs-*", + "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "60e34164-f433-4c23-bfa1-a84269e385dc", - "type": "lens", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6776b675-6e78-4293-9419-abb2052779a9:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs SentinelOne] Activities", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6b1d0060-0c72-441e-9901-855d5ee70a67:indexpattern-datasource-layer-3aa4f16e-85bd-466a-b665-445b6d5de2cd", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fe58dc4e-28bd-4efc-9995-4431b0128e73:indexpattern-datasource-layer-c1284ad1-7648-410f-b78f-78a997f797cd", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9f9f5be-1784-4930-b656-b41e8baf100b:indexpattern-datasource-layer-c68f6ca1-bcfd-462e-8462-6c41882faa91", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "822b1071-df2f-43bd-84a8-da1bcdd97528:indexpattern-datasource-layer-286fe5cf-c73d-4edf-9e11-04e266706ac0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "96472e81-2362-46b7-9a78-ced057e7f22b:indexpattern-datasource-layer-3398cd0c-0707-4e86-8138-7823fd3fe3ad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6776b675-6e78-4293-9419-abb2052779a9:indexpattern-datasource-layer-27449a92-7952-4cb5-aec7-c18c8110f077", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6776b675-6e78-4293-9419-abb2052779a9:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "60e34164-f433-4c23-bfa1-a84269e385dc:indexpattern-datasource-layer-5abe3706-203c-48d8-afb0-96e3b47b163e", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json b/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json index c39c696986a..995d53fd21f 100644 --- a/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json +++ b/packages/sentinel_one/kibana/dashboard/sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538.json @@ -1,1018 +1,1013 @@ { - "id": "sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:45:08.565Z", - "version": "WzYyNiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "w": 48, - "x": 0, - "y": 57 - }, - "panelIndex": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "panelRefName": "panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "a70c9f24-f23c-453b-8c96-f1e710d919fc": { - "columnOrder": [ - "3da4d948-d5f9-414d-af6e-ea897044f260" - ], - "columns": { - "3da4d948-d5f9-414d-af6e-ea897044f260": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "accessor": "3da4d948-d5f9-414d-af6e-ea897044f260", - "layerId": "a70c9f24-f23c-453b-8c96-f1e710d919fc", - "layerType": "data" - } - }, - "title": "Total Number of Alerts [Logs SentinelOne]", - "visualizationType": "lnsMetric" - }, - "enhancements": {} + } }, - "gridData": { - "h": 12, - "i": "b1454cbc-86ff-4612-9129-bc0b2b710079", - "w": 11, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "b1454cbc-86ff-4612-9129-bc0b2b710079", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b50e4935-fe9a-460a-ab6d-43dcb1da50cb": { - "columnOrder": [ - "270e4c10-e504-46fa-be0a-05759a516322", - "de45442f-1e4f-4b15-acc9-abc576928301" - ], - "columns": { - "270e4c10-e504-46fa-be0a-05759a516322": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Family", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "de45442f-1e4f-4b15-acc9-abc576928301", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 17, + "i": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "w": 48, + "x": 0, + "y": 57 + }, + "panelIndex": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "panelRefName": "panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a70c9f24-f23c-453b-8c96-f1e710d919fc": { + "columnOrder": [ + "3da4d948-d5f9-414d-af6e-ea897044f260" + ], + "columns": { + "3da4d948-d5f9-414d-af6e-ea897044f260": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.os.family" + "visualization": { + "accessor": "3da4d948-d5f9-414d-af6e-ea897044f260", + "layerId": "a70c9f24-f23c-453b-8c96-f1e710d919fc", + "layerType": "data" + } }, - "de45442f-1e4f-4b15-acc9-abc576928301": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "270e4c10-e504-46fa-be0a-05759a516322" - ], - "layerId": "b50e4935-fe9a-460a-ab6d-43dcb1da50cb", - "layerType": "data", - "legendDisplay": "default", - "metric": "de45442f-1e4f-4b15-acc9-abc576928301", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Total Number of Alerts [Logs SentinelOne]", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "b1454cbc-86ff-4612-9129-bc0b2b710079", + "w": 11, + "x": 0, + "y": 0 + }, + "panelIndex": "b1454cbc-86ff-4612-9129-bc0b2b710079", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Alerts by OS Family [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "02d8b05a-a909-43e8-bab4-41c424e0e889", - "w": 19, - "x": 11, - "y": 0 - }, - "panelIndex": "02d8b05a-a909-43e8-bab4-41c424e0e889", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "da42b88e-21d2-434f-9bbc-a8386239736f": { - "columnOrder": [ - "20818763-4451-42db-bcfd-f17df146a699", - "dafcda2b-19bc-4796-beca-bfe8a90aa089" - ], - "columns": { - "20818763-4451-42db-bcfd-f17df146a699": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Agent Version", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "dafcda2b-19bc-4796-beca-bfe8a90aa089", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b50e4935-fe9a-460a-ab6d-43dcb1da50cb": { + "columnOrder": [ + "270e4c10-e504-46fa-be0a-05759a516322", + "de45442f-1e4f-4b15-acc9-abc576928301" + ], + "columns": { + "270e4c10-e504-46fa-be0a-05759a516322": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Family", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "de45442f-1e4f-4b15-acc9-abc576928301", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.family" + }, + "de45442f-1e4f-4b15-acc9-abc576928301": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.version" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "270e4c10-e504-46fa-be0a-05759a516322" + ], + "layerId": "b50e4935-fe9a-460a-ab6d-43dcb1da50cb", + "layerType": "data", + "legendDisplay": "default", + "metric": "de45442f-1e4f-4b15-acc9-abc576928301", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "dafcda2b-19bc-4796-beca-bfe8a90aa089": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "20818763-4451-42db-bcfd-f17df146a699" - ], - "layerId": "da42b88e-21d2-434f-9bbc-a8386239736f", - "layerType": "data", - "legendDisplay": "default", - "metric": "dafcda2b-19bc-4796-beca-bfe8a90aa089", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Alerts by OS Family [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 12, + "i": "02d8b05a-a909-43e8-bab4-41c424e0e889", + "w": 19, + "x": 11, + "y": 0 + }, + "panelIndex": "02d8b05a-a909-43e8-bab4-41c424e0e889", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "869821d9-6b7b-4b0a-be75-476ec72548c9", - "w": 18, - "x": 30, - "y": 0 - }, - "panelIndex": "869821d9-6b7b-4b0a-be75-476ec72548c9", - "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "bf67982d-968e-4dfc-9e1e-378fe14caa5a": { - "columnOrder": [ - "6bcb2e67-6f42-48ee-ae55-06508280e8b9", - "82538ec1-3110-4936-84f3-4894a3fbd634" - ], - "columns": { - "6bcb2e67-6f42-48ee-ae55-06508280e8b9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Treat As Threat", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "82538ec1-3110-4936-84f3-4894a3fbd634", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "da42b88e-21d2-434f-9bbc-a8386239736f": { + "columnOrder": [ + "20818763-4451-42db-bcfd-f17df146a699", + "dafcda2b-19bc-4796-beca-bfe8a90aa089" + ], + "columns": { + "20818763-4451-42db-bcfd-f17df146a699": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Agent Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "dafcda2b-19bc-4796-beca-bfe8a90aa089", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.version" + }, + "dafcda2b-19bc-4796-beca-bfe8a90aa089": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.rule.treat_as_threat" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "20818763-4451-42db-bcfd-f17df146a699" + ], + "layerId": "da42b88e-21d2-434f-9bbc-a8386239736f", + "layerType": "data", + "legendDisplay": "default", + "metric": "dafcda2b-19bc-4796-beca-bfe8a90aa089", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "82538ec1-3110-4936-84f3-4894a3fbd634": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "6bcb2e67-6f42-48ee-ae55-06508280e8b9" - ], - "layerId": "bf67982d-968e-4dfc-9e1e-378fe14caa5a", - "layerType": "data", - "legendDisplay": "default", - "metric": "82538ec1-3110-4936-84f3-4894a3fbd634", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "869821d9-6b7b-4b0a-be75-476ec72548c9", + "w": 18, + "x": 30, + "y": 0 + }, + "panelIndex": "869821d9-6b7b-4b0a-be75-476ec72548c9", + "title": "Distribution of Alerts by Agent Version [Logs SentinelOne]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Alerts by Treat As Threat [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "781400e7-5d84-4316-a890-0f92323bbfa4", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "781400e7-5d84-4316-a890-0f92323bbfa4", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "12bb8402-74e9-4f83-96db-18e874c28661": { - "columnOrder": [ - "99d34625-e9dc-41a0-9bec-3076d907137c", - "580be51c-ada9-456e-b4c6-af616ade4a31" - ], - "columns": { - "580be51c-ada9-456e-b4c6-af616ade4a31": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "bf67982d-968e-4dfc-9e1e-378fe14caa5a": { + "columnOrder": [ + "6bcb2e67-6f42-48ee-ae55-06508280e8b9", + "82538ec1-3110-4936-84f3-4894a3fbd634" + ], + "columns": { + "6bcb2e67-6f42-48ee-ae55-06508280e8b9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Treat As Threat", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "82538ec1-3110-4936-84f3-4894a3fbd634", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.rule.treat_as_threat" + }, + "82538ec1-3110-4936-84f3-4894a3fbd634": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "6bcb2e67-6f42-48ee-ae55-06508280e8b9" + ], + "layerId": "bf67982d-968e-4dfc-9e1e-378fe14caa5a", + "layerType": "data", + "legendDisplay": "default", + "metric": "82538ec1-3110-4936-84f3-4894a3fbd634", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "99d34625-e9dc-41a0-9bec-3076d907137c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Scope Level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "580be51c-ada9-456e-b4c6-af616ade4a31", - "type": "column" + "title": "Distribution of Alerts by Treat As Threat [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "781400e7-5d84-4316-a890-0f92323bbfa4", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "781400e7-5d84-4316-a890-0f92323bbfa4", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.rule.scope_level" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "99d34625-e9dc-41a0-9bec-3076d907137c" - ], - "layerId": "12bb8402-74e9-4f83-96db-18e874c28661", - "layerType": "data", - "legendDisplay": "default", - "metric": "580be51c-ada9-456e-b4c6-af616ade4a31", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "12bb8402-74e9-4f83-96db-18e874c28661": { + "columnOrder": [ + "99d34625-e9dc-41a0-9bec-3076d907137c", + "580be51c-ada9-456e-b4c6-af616ade4a31" + ], + "columns": { + "580be51c-ada9-456e-b4c6-af616ade4a31": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "99d34625-e9dc-41a0-9bec-3076d907137c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Scope Level", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "580be51c-ada9-456e-b4c6-af616ade4a31", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.rule.scope_level" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "99d34625-e9dc-41a0-9bec-3076d907137c" + ], + "layerId": "12bb8402-74e9-4f83-96db-18e874c28661", + "layerType": "data", + "legendDisplay": "default", + "metric": "580be51c-ada9-456e-b4c6-af616ade4a31", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Alerts by Scope Level [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Alerts by Scope Level [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6b6b61df-1417-49a3-81a1-7dda411c4e71": { - "columnOrder": [ - "27530883-162f-4958-bee8-ef06abc84059", - "ecb1b9f1-2129-4d39-887d-3c2869f94908" - ], - "columns": { - "27530883-162f-4958-bee8-ef06abc84059": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rule Names", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6b6b61df-1417-49a3-81a1-7dda411c4e71": { + "columnOrder": [ + "27530883-162f-4958-bee8-ef06abc84059", + "ecb1b9f1-2129-4d39-887d-3c2869f94908" + ], + "columns": { + "27530883-162f-4958-bee8-ef06abc84059": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rule Names", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.name" + }, + "ecb1b9f1-2129-4d39-887d-3c2869f94908": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "rule.name" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "columns": [ + { + "columnId": "27530883-162f-4958-bee8-ef06abc84059", + "isTransposed": false + }, + { + "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", + "isTransposed": false + } + ], + "layerId": "6b6b61df-1417-49a3-81a1-7dda411c4e71", + "layerType": "data" + } }, - "ecb1b9f1-2129-4d39-887d-3c2869f94908": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "columns": [ - { - "columnId": "27530883-162f-4958-bee8-ef06abc84059", - "isTransposed": false - }, - { - "columnId": "ecb1b9f1-2129-4d39-887d-3c2869f94908", - "isTransposed": false - } - ], - "layerId": "6b6b61df-1417-49a3-81a1-7dda411c4e71", - "layerType": "data" - } + "title": "Top 10 Rule Names [Logs SentinelOne]", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "24c1e7fd-242a-49b1-bff0-521218255ed7", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "24c1e7fd-242a-49b1-bff0-521218255ed7", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Rule Names [Logs SentinelOne]", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "24c1e7fd-242a-49b1-bff0-521218255ed7", - "w": 24, - "x": 0, - "y": 27 - }, - "panelIndex": "24c1e7fd-242a-49b1-bff0-521218255ed7", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6575381f-da1f-4e3e-aa6e-ee5d513b66e2": { - "columnOrder": [ - "0331dc07-e879-47b7-9279-687b413d436f", - "66f1847e-6cfe-4b2a-95a7-795f68736736" - ], - "columns": { - "0331dc07-e879-47b7-9279-687b413d436f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rule Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "66f1847e-6cfe-4b2a-95a7-795f68736736", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.rule.severity" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6575381f-da1f-4e3e-aa6e-ee5d513b66e2": { + "columnOrder": [ + "0331dc07-e879-47b7-9279-687b413d436f", + "66f1847e-6cfe-4b2a-95a7-795f68736736" + ], + "columns": { + "0331dc07-e879-47b7-9279-687b413d436f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rule Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "66f1847e-6cfe-4b2a-95a7-795f68736736", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.rule.severity" + }, + "66f1847e-6cfe-4b2a-95a7-795f68736736": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "66f1847e-6cfe-4b2a-95a7-795f68736736" + ], + "layerId": "6575381f-da1f-4e3e-aa6e-ee5d513b66e2", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "0331dc07-e879-47b7-9279-687b413d436f" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "66f1847e-6cfe-4b2a-95a7-795f68736736": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "66f1847e-6cfe-4b2a-95a7-795f68736736" - ], - "layerId": "6575381f-da1f-4e3e-aa6e-ee5d513b66e2", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "0331dc07-e879-47b7-9279-687b413d436f" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "title": "Distribution of Alerts by Rule Severity [Logs SentinelOne]", + "visualizationType": "lnsXY" + }, + "enhancements": {} }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "986ac399-7ca0-420e-a224-f55f9dc48f5c", + "w": 24, + "x": 24, + "y": 27 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "986ac399-7ca0-420e-a224-f55f9dc48f5c", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Alerts by Rule Severity [Logs SentinelOne]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "986ac399-7ca0-420e-a224-f55f9dc48f5c", - "w": 24, - "x": 24, - "y": 27 - }, - "panelIndex": "986ac399-7ca0-420e-a224-f55f9dc48f5c", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "92ea1b1a-7e5f-4d77-9af5-5c75151c6382": { - "columnOrder": [ - "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0", - "f2f2bd2b-27e3-4868-bae1-ff003f94d936" - ], - "columns": { - "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "92ea1b1a-7e5f-4d77-9af5-5c75151c6382": { + "columnOrder": [ + "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0", + "f2f2bd2b-27e3-4868-bae1-ff003f94d936" + ], + "columns": { + "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.type" + }, + "f2f2bd2b-27e3-4868-bae1-ff003f94d936": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.type" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0" + ], + "layerId": "92ea1b1a-7e5f-4d77-9af5-5c75151c6382", + "layerType": "data", + "legendDisplay": "default", + "metric": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "f2f2bd2b-27e3-4868-bae1-ff003f94d936": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ddcf4498-b8ec-4e73-8a42-6b9e04e549c0" - ], - "layerId": "92ea1b1a-7e5f-4d77-9af5-5c75151c6382", - "layerType": "data", - "legendDisplay": "default", - "metric": "f2f2bd2b-27e3-4868-bae1-ff003f94d936", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Alerts by Event Type [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "946d6cac-4418-40cf-b301-614d64130caa", + "w": 24, + "x": 0, + "y": 42 + }, + "panelIndex": "946d6cac-4418-40cf-b301-614d64130caa", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Alerts by Event Type [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "76215aa5-943c-4f3f-a5b5-dfa7095216e5": { + "columnOrder": [ + "58c3a718-0540-4a34-bdb7-d3ac85d94986", + "27c9c040-2ef7-4384-88fa-156d43d3ffe9" + ], + "columns": { + "27c9c040-2ef7-4384-88fa-156d43d3ffe9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "58c3a718-0540-4a34-bdb7-d3ac85d94986": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Incident Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "sentinel_one.alert.info.status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"sentinel_one.alert\"" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "58c3a718-0540-4a34-bdb7-d3ac85d94986" + ], + "layerId": "76215aa5-943c-4f3f-a5b5-dfa7095216e5", + "layerType": "data", + "legendDisplay": "default", + "metric": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Alerts by Incident Status [Logs SentinelOne]", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "d9f10ef5-e421-4193-8a29-de995a862192", + "w": 24, + "x": 24, + "y": 42 + }, + "panelIndex": "d9f10ef5-e421-4193-8a29-de995a862192", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs SentinelOne] Alerts", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "sentinel_one-bcf1f680-bba3-11ec-82b7-8fcb232e9538", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "sentinel_one-89773b00-c1fa-11ec-a23a-27e16fe32bb9", + "name": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de:panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", + "type": "search" }, - "gridData": { - "h": 15, - "i": "946d6cac-4418-40cf-b301-614d64130caa", - "w": 24, - "x": 0, - "y": 42 + { + "id": "logs-*", + "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "946d6cac-4418-40cf-b301-614d64130caa", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "76215aa5-943c-4f3f-a5b5-dfa7095216e5": { - "columnOrder": [ - "58c3a718-0540-4a34-bdb7-d3ac85d94986", - "27c9c040-2ef7-4384-88fa-156d43d3ffe9" - ], - "columns": { - "27c9c040-2ef7-4384-88fa-156d43d3ffe9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "58c3a718-0540-4a34-bdb7-d3ac85d94986": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Incident Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "sentinel_one.alert.info.status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"sentinel_one.alert\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "58c3a718-0540-4a34-bdb7-d3ac85d94986" - ], - "layerId": "76215aa5-943c-4f3f-a5b5-dfa7095216e5", - "layerType": "data", - "legendDisplay": "default", - "metric": "27c9c040-2ef7-4384-88fa-156d43d3ffe9", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Alerts by Incident Status [Logs SentinelOne]", - "visualizationType": "lnsPie" - }, - "enhancements": {} + { + "id": "logs-*", + "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "d9f10ef5-e421-4193-8a29-de995a862192", - "w": 24, - "x": 24, - "y": 42 + { + "id": "logs-*", + "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", + "type": "index-pattern" }, - "panelIndex": "d9f10ef5-e421-4193-8a29-de995a862192", - "type": "lens", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs SentinelOne] Alerts", - "version": 1 - }, - "references": [ - { - "id": "sentinel_one-89773b00-c1fa-11ec-a23a-27e16fe32bb9", - "name": "1a5f3a94-99e7-4ad0-adec-e58382e9b5de:panel_1a5f3a94-99e7-4ad0-adec-e58382e9b5de", - "type": "search" - }, - { - "id": "logs-*", - "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b1454cbc-86ff-4612-9129-bc0b2b710079:indexpattern-datasource-layer-a70c9f24-f23c-453b-8c96-f1e710d919fc", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "02d8b05a-a909-43e8-bab4-41c424e0e889:indexpattern-datasource-layer-b50e4935-fe9a-460a-ab6d-43dcb1da50cb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "869821d9-6b7b-4b0a-be75-476ec72548c9:indexpattern-datasource-layer-da42b88e-21d2-434f-9bbc-a8386239736f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "781400e7-5d84-4316-a890-0f92323bbfa4:indexpattern-datasource-layer-bf67982d-968e-4dfc-9e1e-378fe14caa5a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c328a3b4-108a-4a1f-a545-5e6a3acc40b0:indexpattern-datasource-layer-12bb8402-74e9-4f83-96db-18e874c28661", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "24c1e7fd-242a-49b1-bff0-521218255ed7:indexpattern-datasource-layer-6b6b61df-1417-49a3-81a1-7dda411c4e71", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "986ac399-7ca0-420e-a224-f55f9dc48f5c:indexpattern-datasource-layer-6575381f-da1f-4e3e-aa6e-ee5d513b66e2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "946d6cac-4418-40cf-b301-614d64130caa:indexpattern-datasource-layer-92ea1b1a-7e5f-4d77-9af5-5c75151c6382", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d9f10ef5-e421-4193-8a29-de995a862192:indexpattern-datasource-layer-76215aa5-943c-4f3f-a5b5-dfa7095216e5", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file From 76b0c62acb38e77dcd757a346a874ddb47167799 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:25:08 +0530 Subject: [PATCH 061/103] revert proofpoint_tap changelog --- packages/proofpoint_tap/changelog.yml | 5 ----- packages/proofpoint_tap/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index 329ba2a0f63..c1ac0f849f1 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.1.2" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "1.1.1" changes: - description: Remove unused visualizations diff --git a/packages/proofpoint_tap/manifest.yml b/packages/proofpoint_tap/manifest.yml index b430eb2b9b3..6391f230c28 100644 --- a/packages/proofpoint_tap/manifest.yml +++ b/packages/proofpoint_tap/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint_tap title: Proofpoint TAP -version: "1.1.2" +version: "1.1.1" license: basic description: Collect logs from Proofpoint TAP with Elastic Agent. type: integration From fdcc782b5aa2d57911273d30422bd91c34946e14 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:25:40 +0530 Subject: [PATCH 062/103] revert sentinel_one changelog --- packages/sentinel_one/changelog.yml | 5 ----- packages/sentinel_one/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index c0ecf7c512f..d493f571144 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.2.3" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.2" changes: - description: Ensure stability of related.hash array ordering. diff --git a/packages/sentinel_one/manifest.yml b/packages/sentinel_one/manifest.yml index 16e59333df7..31352dfc1a0 100644 --- a/packages/sentinel_one/manifest.yml +++ b/packages/sentinel_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sentinel_one title: SentinelOne -version: "1.2.3" +version: "1.2.2" license: basic description: Collect logs from SentinelOne with Elastic Agent. type: integration From 61fa239eebf99ec2d2d30c23c581e22b350ffd52 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:25:56 +0530 Subject: [PATCH 063/103] Revert "all inlined sonicwall_firewall" This reverts commit 1bb12c770a21d679cc6b5ce080a34aea72e4df87. --- ...-782e2cf0-d78f-11ec-bc4f-47419689dcde.json | 2783 ++++++++--------- 1 file changed, 1389 insertions(+), 1394 deletions(-) diff --git a/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json b/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json index b30b7f9691a..47df56dc7e1 100644 --- a/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json +++ b/packages/sonicwall_firewall/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json @@ -1,1452 +1,1447 @@ { - "id": "sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T06:51:02.440Z", - "version": "WzU3NCwxXQ==", - "attributes": { - "description": "Dashboard for SonicWall Firewall events", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "sonicwall_firewall.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "sonicwall_firewall.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], + "attributes": { + "description": "Dashboard for SonicWall Firewall events", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "sonicwall_firewall.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "sonicwall_firewall.log" + } + } + } + ], "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "controls": [ - { - "fieldName": "observer.name", - "id": "1652981377419", - "indexPatternRefName": "control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", - "label": "Firewall ID", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" + "language": "kuery", + "query": "" } - ], - "pinFilters": false, - "updateFiltersOnChange": true, - "useTimeFilter": true - }, - "title": "", - "type": "input_control_vis", - "uiState": {} - } + } }, - "gridData": { - "h": 4, - "i": "13a27ebe-963e-4539-9013-186e247e0b32", - "w": 13, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "13a27ebe-963e-4539-9013-186e247e0b32", - "title": "Filter by Firewall (Syslog ID)", - "type": "visualization", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d6a337e6-588b-47b6-9414-c621dcf265c9": { - "columnOrder": [ - "412981b2-ba5e-4e78-a96b-c51be9ae8870", - "4e72963e-8fc8-475c-88ad-bafcc38a726b", - "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" - ], - "columns": { - "412981b2-ba5e-4e78-a96b-c51be9ae8870": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of event.code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "abcd61b9-9bfc-45e6-8c71-3167174a8bcd", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.code" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "4e72963e-8fc8-475c-88ad-bafcc38a726b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + "description": "", + "id": "", + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1652981377419", + "indexPatternRefName": "control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", + "label": "Firewall ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": true }, - "abcd61b9-9bfc-45e6-8c71-3167174a8bcd": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} + "title": "", + "type": "input_control_vis", + "uiState": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 4, + "i": "13a27ebe-963e-4539-9013-186e247e0b32", + "w": 13, + "x": 0, + "y": 0 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" - ], - "layerId": "d6a337e6-588b-47b6-9414-c621dcf265c9", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "412981b2-ba5e-4e78-a96b-c51be9ae8870", - "xAccessor": "4e72963e-8fc8-475c-88ad-bafcc38a726b" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "panelIndex": "13a27ebe-963e-4539-9013-186e247e0b32", + "title": "Filter by Firewall (Syslog ID)", + "type": "visualization", + "version": "8.2.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", - "w": 35, - "x": 13, - "y": 0 - }, - "panelIndex": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", - "title": "Event code histogram", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2c3a0f47-236c-41cb-86e8-e8a27033d165": { - "columnOrder": [ - "ac755b72-5005-416d-8da8-7001a2ba5366", - "b988645c-c513-4755-b369-3f3787e6045d" - ], - "columns": { - "ac755b72-5005-416d-8da8-7001a2ba5366": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of observer.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b988645c-c513-4755-b369-3f3787e6045d", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d6a337e6-588b-47b6-9414-c621dcf265c9": { + "columnOrder": [ + "412981b2-ba5e-4e78-a96b-c51be9ae8870", + "4e72963e-8fc8-475c-88ad-bafcc38a726b", + "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" + ], + "columns": { + "412981b2-ba5e-4e78-a96b-c51be9ae8870": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of event.code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "abcd61b9-9bfc-45e6-8c71-3167174a8bcd", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.code" + }, + "4e72963e-8fc8-475c-88ad-bafcc38a726b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "abcd61b9-9bfc-45e6-8c71-3167174a8bcd": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.name" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "abcd61b9-9bfc-45e6-8c71-3167174a8bcd" + ], + "layerId": "d6a337e6-588b-47b6-9414-c621dcf265c9", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "412981b2-ba5e-4e78-a96b-c51be9ae8870", + "xAccessor": "4e72963e-8fc8-475c-88ad-bafcc38a726b" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "b988645c-c513-4755-b369-3f3787e6045d": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "sonicwall_firewall.log" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "sonicwall_firewall.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "ac755b72-5005-416d-8da8-7001a2ba5366" - }, - { - "columnId": "b988645c-c513-4755-b369-3f3787e6045d" - } - ], - "layerId": "2c3a0f47-236c-41cb-86e8-e8a27033d165", - "layerType": "data" - } + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5", + "title": "Event code histogram", + "type": "lens", + "version": "8.2.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 10, - "i": "17735289-cfc4-429a-a5c5-f3d19df013dc", - "w": 13, - "x": 0, - "y": 4 - }, - "panelIndex": "17735289-cfc4-429a-a5c5-f3d19df013dc", - "title": "Event count by firewall", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"93ebdd92-cae8-455c-affe-191e18edcb95\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"7dc5cffe-5449-4411-8838-f1a1076f3592\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"d4d78e49-4c8e-4980-9cb9-581d6dc6b826\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", - "mapStateJSON": "{\"zoom\":1.88,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 45, - "minLat": 0, - "minLon": -90 - }, - "mapCenter": { - "lat": 46.36347, - "lon": -7.06802, - "zoom": 2.88 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "a7718a64-7550-405a-8a75-4687c00dadde", - "w": 24, - "x": 0, - "y": 14 - }, - "panelIndex": "a7718a64-7550-405a-8a75-4687c00dadde", - "title": "Network sources heat map", - "type": "map", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6e0adcd6-6a1b-4fdf-9e81-66ea18ac7577\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"bdae40c0-6caf-4ba2-b179-7202f1e2be60\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"75e1e0df-43ff-4e14-9df2-4962c751d3bf\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", - "mapStateJSON": "{\"zoom\":1.39,\"center\":{\"lon\":-32.42476,\"lat\":25.69542},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapBuffer": { - "maxLat": 40.9799, - "maxLon": 135, - "minLat": 0, - "minLon": 45 - }, - "mapCenter": { - "lat": 23.23703, - "lon": 86.01728, - "zoom": 3.15 - }, - "openTOCDetails": [ - "75e1e0df-43ff-4e14-9df2-4962c751d3bf" - ] - }, - "gridData": { - "h": 15, - "i": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", - "w": 24, - "x": 24, - "y": 14 - }, - "panelIndex": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", - "title": "Network destinations heat map", - "type": "map", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3717b68f-f5ab-4598-9f39-4a723d91165c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { - "columnOrder": [ - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228", - "ba0383c2-1472-45fb-a465-9125f7120a32", - "ec6161de-fac2-420d-9b3f-e2d2df2caf68" - ], - "columns": { - "4aff95fe-c475-4dbc-a230-22c2005daead": { - "dataType": "string", - "isBucketed": true, - "label": "Top 3 values of network.transport", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "network.transport" - }, - "a04c7483-85de-470a-a875-3b6336f57228": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of network.protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" - }, - "ba0383c2-1472-45fb-a465-9125f7120a32": { - "dataType": "number", - "isBucketed": true, - "label": "Top 3 values of destination.port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" + { + "id": "logs-*", + "name": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2c3a0f47-236c-41cb-86e8-e8a27033d165": { + "columnOrder": [ + "ac755b72-5005-416d-8da8-7001a2ba5366", + "b988645c-c513-4755-b369-3f3787e6045d" + ], + "columns": { + "ac755b72-5005-416d-8da8-7001a2ba5366": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of observer.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b988645c-c513-4755-b369-3f3787e6045d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.name" + }, + "b988645c-c513-4755-b369-3f3787e6045d": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "sonicwall_firewall.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "sonicwall_firewall.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "destination.port" + "visualization": { + "columns": [ + { + "columnId": "ac755b72-5005-416d-8da8-7001a2ba5366" + }, + { + "columnId": "b988645c-c513-4755-b369-3f3787e6045d" + } + ], + "layerId": "2c3a0f47-236c-41cb-86e8-e8a27033d165", + "layerType": "data" + } }, - "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "3717b68f-f5ab-4598-9f39-4a723d91165c", - "key": "event.action", - "negate": false, - "params": { - "query": "connection-start" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "connection-start" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"sonicwall_firewall.log\" " - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ba0383c2-1472-45fb-a465-9125f7120a32", - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228" - ], - "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "layerType": "data", - "legendDisplay": "default", - "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "positive", - "type": "palette" + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "17735289-cfc4-429a-a5c5-f3d19df013dc", + "w": 13, + "x": 0, + "y": 4 }, - "shape": "pie" - } + "panelIndex": "17735289-cfc4-429a-a5c5-f3d19df013dc", + "title": "Event count by firewall", + "type": "lens", + "version": "8.2.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "db14ebf1-c490-427c-bdde-d48da4496d45", - "w": 19, - "x": 0, - "y": 29 - }, - "panelIndex": "db14ebf1-c490-427c-bdde-d48da4496d45", - "title": "Allowed connections by transport/protocol/destination.port", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "951e4235-9dec-43ae-b400-bfe367e43e0b": { - "columnOrder": [ - "7200128d-9260-4e3f-a280-5cf5f9c84d33", - "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" - ], - "columns": { - "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "7200128d-9260-4e3f-a280-5cf5f9c84d33": { - "dataType": "ip", - "isBucketed": true, - "label": "Top 5 values of source.ip", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "7200128d-9260-4e3f-a280-5cf5f9c84d33" - }, - { - "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" - } - ], - "layerId": "951e4235-9dec-43ae-b400-bfe367e43e0b", - "layerType": "data" - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"93ebdd92-cae8-455c-affe-191e18edcb95\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"7dc5cffe-5449-4411-8838-f1a1076f3592\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"d4d78e49-4c8e-4980-9cb9-581d6dc6b826\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", + "mapStateJSON": "{\"zoom\":1.88,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 45, + "minLat": 0, + "minLon": -90 + }, + "mapCenter": { + "lat": 46.36347, + "lon": -7.06802, + "zoom": 2.88 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "a7718a64-7550-405a-8a75-4687c00dadde", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "a7718a64-7550-405a-8a75-4687c00dadde", + "title": "Network sources heat map", + "type": "map", + "version": "8.2.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 15, - "i": "06b11f86-c986-4a30-b1da-1724529bf864", - "w": 15, - "x": 19, - "y": 29 - }, - "panelIndex": "06b11f86-c986-4a30-b1da-1724529bf864", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "287c2e25-3cb0-41d5-8bf8-ae1fb696173c": { - "columnOrder": [ - "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283", - "2c8c78cf-034a-4278-9335-66f22dd19e4b" - ], - "columns": { - "2c8c78cf-034a-4278-9335-66f22dd19e4b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283": { - "dataType": "ip", - "isBucketed": true, - "label": "Top 5 values of destination.ip", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6e0adcd6-6a1b-4fdf-9e81-66ea18ac7577\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"requestType\":\"heatmap\",\"resolution\":\"SUPER_FINE\",\"id\":\"bdae40c0-6caf-4ba2-b179-7202f1e2be60\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"75e1e0df-43ff-4e14-9df2-4962c751d3bf\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]", + "mapStateJSON": "{\"zoom\":1.39,\"center\":{\"lon\":-32.42476,\"lat\":25.69542},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset :\\\"sonicwall_firewall.log\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapBuffer": { + "maxLat": 40.9799, + "maxLon": 135, + "minLat": 0, + "minLon": 45 + }, + "mapCenter": { + "lat": 23.23703, + "lon": 86.01728, + "zoom": 3.15 + }, + "openTOCDetails": [ + "75e1e0df-43ff-4e14-9df2-4962c751d3bf" + ] + }, + "gridData": { + "h": 15, + "i": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5", + "title": "Network destinations heat map", + "type": "map", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"sonicwall_firewall.log\" " - }, - "visualization": { - "columns": [ - { - "columnId": "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283" - }, - { - "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b" - } - ], - "layerId": "287c2e25-3cb0-41d5-8bf8-ae1fb696173c", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 15, - "i": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", - "w": 14, - "x": 34, - "y": 29 - }, - "panelIndex": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "845be485-ea9d-4aac-a3bb-5d99702828cb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { - "columnOrder": [ - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228", - "ba0383c2-1472-45fb-a465-9125f7120a32", - "ec6161de-fac2-420d-9b3f-e2d2df2caf68" - ], - "columns": { - "4aff95fe-c475-4dbc-a230-22c2005daead": { - "dataType": "string", - "isBucketed": true, - "label": "Top 3 values of network.transport", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" + { + "id": "logs-*", + "name": "3717b68f-f5ab-4598-9f39-4a723d91165c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { + "columnOrder": [ + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228", + "ba0383c2-1472-45fb-a465-9125f7120a32", + "ec6161de-fac2-420d-9b3f-e2d2df2caf68" + ], + "columns": { + "4aff95fe-c475-4dbc-a230-22c2005daead": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of network.transport", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "a04c7483-85de-470a-a875-3b6336f57228": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "ba0383c2-1472-45fb-a465-9125f7120a32": { + "dataType": "number", + "isBucketed": true, + "label": "Top 3 values of destination.port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "destination.port" + }, + "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "3717b68f-f5ab-4598-9f39-4a723d91165c", + "key": "event.action", + "negate": false, + "params": { + "query": "connection-start" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "connection-start" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset :\"sonicwall_firewall.log\" " }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "network.transport" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ba0383c2-1472-45fb-a465-9125f7120a32", + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228" + ], + "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "layerType": "data", + "legendDisplay": "default", + "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "positive", + "type": "palette" + }, + "shape": "pie" + } }, - "a04c7483-85de-470a-a875-3b6336f57228": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of network.protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "db14ebf1-c490-427c-bdde-d48da4496d45", + "w": 19, + "x": 0, + "y": 29 + }, + "panelIndex": "db14ebf1-c490-427c-bdde-d48da4496d45", + "title": "Allowed connections by transport/protocol/destination.port", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "951e4235-9dec-43ae-b400-bfe367e43e0b": { + "columnOrder": [ + "7200128d-9260-4e3f-a280-5cf5f9c84d33", + "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" + ], + "columns": { + "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "7200128d-9260-4e3f-a280-5cf5f9c84d33": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 5 values of source.ip", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" + "visualization": { + "columns": [ + { + "columnId": "7200128d-9260-4e3f-a280-5cf5f9c84d33" + }, + { + "columnId": "155e5ba9-caa5-4b01-a9c4-e53ac5ec7ce4" + } + ], + "layerId": "951e4235-9dec-43ae-b400-bfe367e43e0b", + "layerType": "data" + } }, - "ba0383c2-1472-45fb-a465-9125f7120a32": { - "dataType": "number", - "isBucketed": true, - "label": "Top 3 values of destination.port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 15, + "i": "06b11f86-c986-4a30-b1da-1724529bf864", + "w": 15, + "x": 19, + "y": 29 + }, + "panelIndex": "06b11f86-c986-4a30-b1da-1724529bf864", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "287c2e25-3cb0-41d5-8bf8-ae1fb696173c": { + "columnOrder": [ + "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283", + "2c8c78cf-034a-4278-9335-66f22dd19e4b" + ], + "columns": { + "2c8c78cf-034a-4278-9335-66f22dd19e4b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283": { + "dataType": "ip", + "isBucketed": true, + "label": "Top 5 values of destination.ip", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + "filters": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset :\"sonicwall_firewall.log\" " }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "destination.port" + "visualization": { + "columns": [ + { + "columnId": "ae8e1a22-3aff-4ca8-9fcc-566bb87aa283" + }, + { + "columnId": "2c8c78cf-034a-4278-9335-66f22dd19e4b" + } + ], + "layerId": "287c2e25-3cb0-41d5-8bf8-ae1fb696173c", + "layerType": "data" + } }, - "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "845be485-ea9d-4aac-a3bb-5d99702828cb", - "key": "event.category", - "negate": false, - "params": [ - "network" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.category": "network" - } - } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", - "key": "event.action", - "negate": false, - "params": { - "query": "connection-denied" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "connection-denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"sonicwall_firewall.log\" " - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ba0383c2-1472-45fb-a465-9125f7120a32", - "4aff95fe-c475-4dbc-a230-22c2005daead", - "a04c7483-85de-470a-a875-3b6336f57228" - ], - "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "layerType": "data", - "legendDisplay": "default", - "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "palette": { - "name": "negative", - "type": "palette" + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 15, + "i": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", + "w": 14, + "x": 34, + "y": 29 }, - "shape": "pie" - } + "panelIndex": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0", + "type": "lens", + "version": "8.2.0" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "b60bc6be-7082-43aa-8e3b-07468984046f", - "w": 19, - "x": 0, - "y": 44 - }, - "panelIndex": "b60bc6be-7082-43aa-8e3b-07468984046f", - "title": "Denied connections by transport/protocol/destination.port", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a2c0360d-161b-4a36-b16d-0cf33a37314f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d1a641a9-f4d4-459f-9723-b6a25d02680d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c8843882-29d4-4afd-8c11-eeae1800d40c": { - "columnOrder": [ - "708e8def-b004-4b42-ad49-a88b44da0d8f", - "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", - "046b793c-8c99-4656-a163-bac293b4c56c" - ], - "columns": { - "046b793c-8c99-4656-a163-bac293b4c56c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "708e8def-b004-4b42-ad49-a88b44da0d8f": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of user.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "046b793c-8c99-4656-a163-bac293b4c56c", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "f8fbcadb-7787-4e9b-9120-bf9dbd742beb": { - "dataType": "string", - "isBucketed": true, - "label": "Top 2 values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": true, - "orderBy": { - "fallback": false, - "type": "alphabetical" + { + "id": "logs-*", + "name": "845be485-ea9d-4aac-a3bb-5d99702828cb", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" + { + "id": "logs-*", + "name": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "80a65bd8-af97-4b14-87dc-c8b2f7e847a8": { + "columnOrder": [ + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228", + "ba0383c2-1472-45fb-a465-9125f7120a32", + "ec6161de-fac2-420d-9b3f-e2d2df2caf68" + ], + "columns": { + "4aff95fe-c475-4dbc-a230-22c2005daead": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of network.transport", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.transport" + }, + "a04c7483-85de-470a-a875-3b6336f57228": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of network.protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "ba0383c2-1472-45fb-a465-9125f7120a32": { + "dataType": "number", + "isBucketed": true, + "label": "Top 3 values of destination.port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "destination.port" + }, + "ec6161de-fac2-420d-9b3f-e2d2df2caf68": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "size": 2 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a2c0360d-161b-4a36-b16d-0cf33a37314f", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "sonicwall_firewall.log" + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "845be485-ea9d-4aac-a3bb-5d99702828cb", + "key": "event.category", + "negate": false, + "params": [ + "network" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.category": "network" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c4ae20da-36fc-4e3b-90fb-1f7ff301b979", + "key": "event.action", + "negate": false, + "params": { + "query": "connection-denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "connection-denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset :\"sonicwall_firewall.log\" " + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ba0383c2-1472-45fb-a465-9125f7120a32", + "4aff95fe-c475-4dbc-a230-22c2005daead", + "a04c7483-85de-470a-a875-3b6336f57228" + ], + "layerId": "80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "layerType": "data", + "legendDisplay": "default", + "metric": "ec6161de-fac2-420d-9b3f-e2d2df2caf68", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "negative", + "type": "palette" + }, + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "sonicwall_firewall.log" - } - } + "enhancements": {}, + "hidePanelTitles": false }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", - "key": "event.category", - "negate": false, - "params": { - "query": "authentication" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "authentication" - } - } + "gridData": { + "h": 15, + "i": "b60bc6be-7082-43aa-8e3b-07468984046f", + "w": 19, + "x": 0, + "y": 44 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d1a641a9-f4d4-459f-9723-b6a25d02680d", - "key": "event.type", - "negate": false, - "params": { - "query": "start" + "panelIndex": "b60bc6be-7082-43aa-8e3b-07468984046f", + "title": "Denied connections by transport/protocol/destination.port", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a2c0360d-161b-4a36-b16d-0cf33a37314f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d1a641a9-f4d4-459f-9723-b6a25d02680d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c8843882-29d4-4afd-8c11-eeae1800d40c": { + "columnOrder": [ + "708e8def-b004-4b42-ad49-a88b44da0d8f", + "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", + "046b793c-8c99-4656-a163-bac293b4c56c" + ], + "columns": { + "046b793c-8c99-4656-a163-bac293b4c56c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "708e8def-b004-4b42-ad49-a88b44da0d8f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of user.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "046b793c-8c99-4656-a163-bac293b4c56c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "f8fbcadb-7787-4e9b-9120-bf9dbd742beb": { + "dataType": "string", + "isBucketed": true, + "label": "Top 2 values of event.outcome", + "operationType": "terms", + "params": { + "missingBucket": true, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 2 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a2c0360d-161b-4a36-b16d-0cf33a37314f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "sonicwall_firewall.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "sonicwall_firewall.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d1a641a9-f4d4-459f-9723-b6a25d02680d", + "key": "event.type", + "negate": false, + "params": { + "query": "start" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.type": "start" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "046b793c-8c99-4656-a163-bac293b4c56c" + ], + "layerId": "c8843882-29d4-4afd-8c11-eeae1800d40c", + "layerType": "data", + "palette": { + "name": "status", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", + "xAccessor": "708e8def-b004-4b42-ad49-a88b44da0d8f" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.type": "start" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "enhancements": {}, + "hidePanelTitles": false }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "gridData": { + "h": 15, + "i": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", + "w": 29, + "x": 19, + "y": 44 }, - "layers": [ - { - "accessors": [ - "046b793c-8c99-4656-a163-bac293b4c56c" + "panelIndex": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", + "title": "Top authentications", + "type": "lens", + "version": "8.2.0" + }, + { + "embeddableConfig": { + "columns": [ + "@timestamp", + "event.action", + "source.ip", + "message" ], - "layerId": "c8843882-29d4-4afd-8c11-eeae1800d40c", - "layerType": "data", - "palette": { - "name": "status", - "type": "palette" - }, - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "f8fbcadb-7787-4e9b-9120-bf9dbd742beb", - "xAccessor": "708e8def-b004-4b42-ad49-a88b44da0d8f" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "enhancements": {}, + "hidePanelTitles": false, + "rowHeight": 0 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 18, + "i": "ed04883d-ba56-4502-a905-046c874e4a72", + "w": 48, + "x": 0, + "y": 59 }, - "valueLabels": "hide" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "panelIndex": "ed04883d-ba56-4502-a905-046c874e4a72", + "panelRefName": "panel_ed04883d-ba56-4502-a905-046c874e4a72", + "title": "Attack events", + "type": "search", + "version": "8.2.0" + } + ], + "timeRestore": false, + "title": "[SonicWall Firewall] Dashboard", + "version": 1 + }, + "coreMigrationVersion": "8.2.0", + "id": "sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde", + "migrationVersion": { + "dashboard": "8.2.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13a27ebe-963e-4539-9013-186e247e0b32:control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", - "w": 29, - "x": 19, - "y": 44 + { + "id": "logs-*", + "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "c46fce93-0b52-4617-b88d-703bc0a2d5e6", - "title": "Top authentications", - "type": "lens", - "version": "8.2.0" - }, - { - "embeddableConfig": { - "columns": [ - "@timestamp", - "event.action", - "source.ip", - "message" - ], - "enhancements": {}, - "hidePanelTitles": false, - "rowHeight": 0 + { + "id": "logs-*", + "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", + "type": "index-pattern" }, - "gridData": { - "h": 18, - "i": "ed04883d-ba56-4502-a905-046c874e4a72", - "w": 48, - "x": 0, - "y": 59 + { + "id": "logs-*", + "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "ed04883d-ba56-4502-a905-046c874e4a72", - "panelRefName": "panel_ed04883d-ba56-4502-a905-046c874e4a72", - "title": "Attack events", - "type": "search", - "version": "8.2.0" - } + { + "id": "logs-*", + "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7718a64-7550-405a-8a75-4687c00dadde:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "db14ebf1-c490-427c-bdde-d48da4496d45:3717b68f-f5ab-4598-9f39-4a723d91165c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:845be485-ea9d-4aac-a3bb-5d99702828cb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b60bc6be-7082-43aa-8e3b-07468984046f:c4ae20da-36fc-4e3b-90fb-1f7ff301b979", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:a2c0360d-161b-4a36-b16d-0cf33a37314f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:d1a641a9-f4d4-459f-9723-b6a25d02680d", + "type": "index-pattern" + }, + { + "id": "sonicwall_firewall-93af7ae0-d796-11ec-bc4f-47419689dcde", + "name": "ed04883d-ba56-4502-a905-046c874e4a72:panel_ed04883d-ba56-4502-a905-046c874e4a72", + "type": "search" + } ], - "timeRestore": false, - "title": "[SonicWall Firewall] Dashboard", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "13a27ebe-963e-4539-9013-186e247e0b32:control_13a27ebe-963e-4539-9013-186e247e0b32_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0ebfbc0-3fbd-4b2e-a6f8-7aee80e043b5:indexpattern-datasource-layer-d6a337e6-588b-47b6-9414-c621dcf265c9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:indexpattern-datasource-layer-2c3a0f47-236c-41cb-86e8-e8a27033d165", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "17735289-cfc4-429a-a5c5-f3d19df013dc:2ab93ebb-d843-4bdb-99a2-c55dd1b5c096", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a7718a64-7550-405a-8a75-4687c00dadde:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8e619b8c-80b2-46a8-8c9b-4581d3d14da5:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "db14ebf1-c490-427c-bdde-d48da4496d45:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "db14ebf1-c490-427c-bdde-d48da4496d45:3717b68f-f5ab-4598-9f39-4a723d91165c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "06b11f86-c986-4a30-b1da-1724529bf864:indexpattern-datasource-layer-951e4235-9dec-43ae-b400-bfe367e43e0b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6292d23-c9c5-4798-b7bd-ab0630e0e2f0:indexpattern-datasource-layer-287c2e25-3cb0-41d5-8bf8-ae1fb696173c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:indexpattern-datasource-layer-80a65bd8-af97-4b14-87dc-c8b2f7e847a8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:845be485-ea9d-4aac-a3bb-5d99702828cb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b60bc6be-7082-43aa-8e3b-07468984046f:c4ae20da-36fc-4e3b-90fb-1f7ff301b979", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:indexpattern-datasource-layer-c8843882-29d4-4afd-8c11-eeae1800d40c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:a2c0360d-161b-4a36-b16d-0cf33a37314f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:8c9a9a40-b2ef-44e0-8afd-8ef613afb85e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c46fce93-0b52-4617-b88d-703bc0a2d5e6:d1a641a9-f4d4-459f-9723-b6a25d02680d", - "type": "index-pattern" - }, - { - "id": "sonicwall_firewall-93af7ae0-d796-11ec-bc4f-47419689dcde", - "name": "ed04883d-ba56-4502-a905-046c874e4a72:panel_ed04883d-ba56-4502-a905-046c874e4a72", - "type": "search" - } - ], - "migrationVersion": { - "dashboard": "8.2.0" - }, - "coreMigrationVersion": "8.2.0" + "type": "dashboard" } \ No newline at end of file From 6fa61f1821124bd9d5137f19643e146246fd55e6 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:26:44 +0530 Subject: [PATCH 064/103] revert soniwall_firewall changelog --- packages/sonicwall_firewall/changelog.yml | 5 ----- packages/sonicwall_firewall/manifest.yml | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index b671ff5f109..7dd59fce894 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.0.1" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index 816ea006a12..c4ad0353396 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sonicwall_firewall title: "SonicWall Firewall" -version: "1.0.1" +version: "1.0.0" license: basic release: ga description: "Integration for SonicWall firewall logs" From 770c10e8f25519eba603a78652cab21f96cb7a8a Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 21:47:07 +0530 Subject: [PATCH 065/103] fix CI --- packages/cyberarkpas/manifest.yml | 2 +- ...-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json | 73 +- ...-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json | 1584 ++++------- ...-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json | 2447 ++++------------- 4 files changed, 1077 insertions(+), 3029 deletions(-) diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index 38719ea66e6..c6fea8c7325 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security -version: "2.6.2" +version: 2.6.2 release: ga description: Collect logs from CyberArk Privileged Access Security with Elastic Agent. type: integration diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json index 7c57a0e7f57..3ae9f3653d5 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-27c573b0-b4d8-11ec-80e1-4bd67c5762eb.json @@ -52,16 +52,12 @@ "language": "kuery", "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, "panelsJSON": [ { @@ -663,64 +659,5 @@ "type": "index-pattern" } ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] DHCP", - "version": 1 - }, - "references": [ - { - "id": "infoblox_nios-71f7a570-b4dd-11ec-80e1-4bd67c5762eb", - "name": "panel_3", - "type": "search" - }, - { - "id": "infoblox_nios-7103abb0-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_5", - "type": "search" - }, - { - "id": "infoblox_nios-4559ff50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_7", - "type": "search" - }, - { - "id": "infoblox_nios-8d55bb50-b4e1-11ec-80e1-4bd67c5762eb", - "name": "panel_8", - "type": "search" - }, - { - "type": "index-pattern", - "name": "e82ae83d-3d73-4648-9ce6-3dc1fd98830e:metrics_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d0884783-30e6-47ed-bfca-99d4b0b423e9:metrics_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "eb62be57-7cb6-4431-96fd-6b1c7f8ecd8b:metrics_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "e143f9bd-b200-4a66-b58b-e0ecda3bb8b9:indexpattern-datasource-layer-310773ab-50b9-45eb-b84b-d5ac4dd962ff", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b3562120-30fb-4068-8f51-016a4d463d54:metrics_0_index_pattern", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json index f1c74a39df3..305afeee48d 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json @@ -1,1076 +1,574 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "AUDIT" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "AUDIT" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { - "columnOrder": [ - "fcb0dd34-08f1-4b12-a947-66514002a247", - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "columns": { - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fcb0dd34-08f1-4b12-a947-66514002a247": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a80ffa5e-4561-415e-9059-04eb43007744", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3b197aef-e049-44df-a30f-fc807fdb1718": { - "columnOrder": [ - "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "4eb788c2-ebce-473d-bfb0-ee0409862740" - ], - "columns": { - "4eb788c2-ebce-473d-bfb0-ee0409862740": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6786ed8f-346e-419e-b8a7-1eea3d76b317": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Failure", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - }, - "e9c4594f-2e2d-4750-9b04-eb1632f13753": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Via", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "infoblox_nios.log.audit.apparently_via" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login_denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login_denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "isTransposed": false - }, - { - "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "isTransposed": false - }, - { - "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "isTransposed": false - } - ], - "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", - "layerType": "data" - } - }, - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5afac073-fbf9-4826-b39b-dc95b0000227", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9688c841-6bb3-4369-8c27-894421c9ea56": { - "columnOrder": [ - "392073ca-09fb-4349-826e-fe44effa2a8e", - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" - ], - "columns": { - "392073ca-09fb-4349-826e-fe44effa2a8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "isTransposed": false - } - ], - "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", - "layerType": "data" - } - }, - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search" - }, - { - "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "type": "search" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { - "columnOrder": [ - "fcb0dd34-08f1-4b12-a947-66514002a247", - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "columns": { - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fcb0dd34-08f1-4b12-a947-66514002a247": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Action", - "operationType": "terms", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + "query": "infoblox_nios.log" }, - "scale": "ordinal", - "sourceField": "event.action" - } + "type": "phrase" }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, { - "accessors": [ - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "AUDIT" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "infoblox_nios.log.type": "AUDIT" + } } - ] } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" + ], + "query": { + "language": "kuery", + "query": "" } - ] } - }, - "gridData": { - "h": 15, - "i": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad", - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" }, - { - "embeddableConfig": { - "enhancements": {}, + "optionsJSON": { "hidePanelTitles": false, - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3b197aef-e049-44df-a30f-fc807fdb1718": { - "columnOrder": [ - "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "4eb788c2-ebce-473d-bfb0-ee0409862740" - ], - "columns": { - "4eb788c2-ebce-473d-bfb0-ee0409862740": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6786ed8f-346e-419e-b8a7-1eea3d76b317": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Failure", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efab2208-7c53-44d0-ab95-44e4f536b001", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", + "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "title": "Created and Deleted Objects [Logs Infoblox NIOS]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "scale": "ordinal", - "sourceField": "event.action" - }, - "e9c4594f-2e2d-4750-9b04-eb1632f13753": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { + "columnOrder": [ + "fcb0dd34-08f1-4b12-a947-66514002a247", + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "columns": { + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fcb0dd34-08f1-4b12-a947-66514002a247": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {} + } + } + } }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Via", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "scale": "ordinal", - "sourceField": "infoblox_nios.log.audit.apparently_via" - } + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", + "yConfig": [ + { + "color": "#d36086", + "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login_denied" - }, - "type": "phrase" + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsXY" }, - "query": { - "match_phrase": { - "event.action": "login_denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" - }, - "visualization": { - "columns": [ - { - "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "isTransposed": false - }, - { - "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "isTransposed": false - }, - { - "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "isTransposed": false - } - ], - "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", - "layerType": "data" - } - }, - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "a80ffa5e-4561-415e-9059-04eb43007744", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "253a71f1-a7c2-4b3e-bf37-89383b11fd76", - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9688c841-6bb3-4369-8c27-894421c9ea56": { - "columnOrder": [ - "392073ca-09fb-4349-826e-fe44effa2a8e", - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" + "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } ], - "columns": { - "392073ca-09fb-4349-826e-fe44effa2a8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3b197aef-e049-44df-a30f-fc807fdb1718": { + "columnOrder": [ + "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "4eb788c2-ebce-473d-bfb0-ee0409862740" + ], + "columns": { + "4eb788c2-ebce-473d-bfb0-ee0409862740": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "6786ed8f-346e-419e-b8a7-1eea3d76b317": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Failure", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "e9c4594f-2e2d-4750-9b04-eb1632f13753": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Via", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "infoblox_nios.log.audit.apparently_via" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.action", + "negate": false, + "params": { + "query": "login_denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "login_denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } + "visualization": { + "columns": [ + { + "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "isTransposed": false + }, + { + "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "isTransposed": false + }, + { + "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "isTransposed": false + } + ], + "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", + "layerType": "data" + } }, - "incompleteColumns": {} - } - } - } + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"AUDIT\"" + "gridData": { + "h": 15, + "i": "5afac073-fbf9-4826-b39b-dc95b0000227", + "w": 24, + "x": 0, + "y": 15 }, - "visualization": { - "columns": [ - { - "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", - "isTransposed": false + "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9688c841-6bb3-4369-8c27-894421c9ea56": { + "columnOrder": [ + "392073ca-09fb-4349-826e-fe44effa2a8e", + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" + ], + "columns": { + "392073ca-09fb-4349-826e-fe44effa2a8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "isTransposed": false + } + ], + "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", + "layerType": "data" + } + }, + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" }, - { - "alignment": "left", - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "isTransposed": false - } - ], - "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", - "layerType": "data" - } - }, - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ] + "gridData": { + "h": 15, + "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" } - }, - "gridData": { - "h": 15, - "i": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "cfd78a10-0dc4-4062-97e5-9ff83ead6947", - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" + ], + "timeRestore": false, + "title": "[Logs Infoblox NIOS] Audit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", + "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search" + }, + { + "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", + "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "type": "search" + }, + { + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_3", - "type": "search", - "version": "7.17.0" + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" }, { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_4", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", - "version": "7.17.0" + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] Audit", - "version": 1 - }, - "references": [ - { - "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "panel_3", - "type": "search" - }, - { - "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "panel_4", - "type": "search" - }, - { - "type": "index-pattern", - "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "8dbce535-f9f6-45ac-b34a-dcea6e26d7ad:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "253a71f1-a7c2-4b3e-bf37-89383b11fd76:filter-index-pattern-0", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cfd78a10-0dc4-4062-97e5-9ff83ead6947:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "id": "logs-*" - } ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json index 358459d7e33..305afeee48d 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json @@ -1,1961 +1,574 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "DNS" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "DNS" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "panelRefName": "panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "panelRefName": "panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.response_code" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Flag", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.header_flags" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "66c59159-c694-4f18-acdc-4a0ee8f24e44", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "66c59159-c694-4f18-acdc-4a0ee8f24e44", - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Class", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.question.class" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3dbd8734-c5a9-4b69-82ab-441be9c681df", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "3dbd8734-c5a9-4b69-82ab-441be9c681df", - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "client.port" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Answer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.answers.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae613e8d-a0c5-464d-90ad-ef352d122514", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "ae613e8d-a0c5-464d-90ad-ef352d122514", - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7b2fd611-413f-42a2-a4ae-6b14098521bd", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "7b2fd611-413f-42a2-a4ae-6b14098521bd", - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Query Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "eff09424-7521-473d-88ab-368aa2d33b69", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "eff09424-7521-473d-88ab-368aa2d33b69", - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] DNS", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", - "name": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca:panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "type": "search" - }, - { - "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", - "name": "33030bbb-3670-4b20-ab01-b0eb157ea4e5:panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "type": "search" - }, - { - "id": "logs-*", - "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Code", - "operationType": "terms", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 + "query": "infoblox_nios.log" }, - "scale": "ordinal", - "sourceField": "dns.response_code" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } + "type": "phrase" }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "layers": [ + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1", - "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Flag", - "operationType": "terms", + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 + "query": "AUDIT" }, - "scale": "ordinal", - "sourceField": "dns.header_flags" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } + "type": "phrase" }, - "incompleteColumns": {} - } + "query": { + "match_phrase": { + "infoblox_nios.log.type": "AUDIT" + } + } } - } - }, - "filters": [], + ], "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" + "language": "kuery", + "query": "" } - ] } - }, - "gridData": { - "h": 15, - "i": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5", - "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" }, - { - "embeddableConfig": { - "enhancements": {}, + "optionsJSON": { "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "362936ac-2262-4cd0-8e06-c28015a829c5": { - "columnOrder": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292", - "d759196e-f983-426d-bdd4-b6fea637f20d" - ], - "columns": { - "199ebb9a-2861-4db3-ac9d-d5801b764292": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Class", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.question.class" - }, - "d759196e-f983-426d-bdd4-b6fea637f20d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" + "gridData": { + "h": 15, + "i": "efab2208-7c53-44d0-ab95-44e4f536b001", + "w": 48, + "x": 0, + "y": 30 }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "199ebb9a-2861-4db3-ac9d-d5801b764292" - ], - "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", - "layerType": "data", - "legendDisplay": "show", - "legendMaxLines": 1, - "legendPosition": "right", - "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", - "nestedLegend": false, - "numberDisplay": "percent", - "truncateLegend": false - } - ], - "shape": "pie" - } - }, - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", + "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "7809e922-929c-4836-80d9-1fbd3a9fb8e8", - "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" + "gridData": { + "h": 15, + "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "title": "Created and Deleted Objects [Logs Infoblox NIOS]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + } ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { + "columnOrder": [ + "fcb0dd34-08f1-4b12-a947-66514002a247", + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "columns": { + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fcb0dd34-08f1-4b12-a947-66514002a247": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "scale": "ordinal", - "sourceField": "client.ip" - } + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", + "yConfig": [ + { + "color": "#d36086", + "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsXY" }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "179440ac-a8bb-4686-8ab1-8ad93b7717fb", - "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" + "gridData": { + "h": 15, + "i": "a80ffa5e-4561-415e-9059-04eb43007744", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Client Port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3b197aef-e049-44df-a30f-fc807fdb1718": { + "columnOrder": [ + "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "4eb788c2-ebce-473d-bfb0-ee0409862740" + ], + "columns": { + "4eb788c2-ebce-473d-bfb0-ee0409862740": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "6786ed8f-346e-419e-b8a7-1eea3d76b317": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Failure", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "e9c4594f-2e2d-4750-9b04-eb1632f13753": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Via", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "infoblox_nios.log.audit.apparently_via" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.action", + "negate": false, + "params": { + "query": "login_denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "login_denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "scale": "ordinal", - "sourceField": "client.port" - } + "visualization": { + "columns": [ + { + "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "isTransposed": false + }, + { + "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "isTransposed": false + }, + { + "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "isTransposed": false + } + ], + "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", + "layerType": "data" + } }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "d91a4b30-da3a-402b-a7b7-542680808c83", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "d91a4b30-da3a-402b-a7b7-542680808c83", - "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" + "gridData": { + "h": 15, + "i": "5afac073-fbf9-4826-b39b-dc95b0000227", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Answer Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9688c841-6bb3-4369-8c27-894421c9ea56": { + "columnOrder": [ + "392073ca-09fb-4349-826e-fe44effa2a8e", + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" + ], + "columns": { + "392073ca-09fb-4349-826e-fe44effa2a8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "scale": "ordinal", - "sourceField": "dns.answers.name" - } + "visualization": { + "columns": [ + { + "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "isTransposed": false + } + ], + "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", + "layerType": "data" + } }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] + "gridData": { + "h": 15, + "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" } - }, - "gridData": { - "h": 15, - "i": "820c618a-04ef-4d1d-95e4-76be0a783c03", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "820c618a-04ef-4d1d-95e4-76be0a783c03", - "title": "Top 10 Answer Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" + ], + "timeRestore": false, + "title": "[Logs Infoblox NIOS] Audit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Question Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "1129632e-0004-4421-bf56-406d8499a2bb", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "1129632e-0004-4421-bf56-406d8499a2bb", - "title": "Top 10 Question Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" }, { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", - "panelRefName": "panel_7", - "type": "search", - "version": "7.17.0" + "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", + "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search" }, { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", - "panelRefName": "panel_8", - "type": "search", - "version": "7.17.0" + "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", + "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "type": "search" }, { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { - "columnOrder": [ - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", - "0a304308-6952-4598-a14b-66b0ae5c6fd6" - ], - "columns": { - "0a304308-6952-4598-a14b-66b0ae5c6fd6": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Query Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"infoblox_nios.log\" and infoblox_nios.log.type : \"DNS\"" - }, - "visualization": { - "columns": [ - { - "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" - }, - { - "alignment": "left", - "colorMode": "none", - "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", - "hidden": false - } - ], - "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "layerType": "data" - } - }, - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "5a855a3a-e38e-432e-b09a-0960167960cd", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "5a855a3a-e38e-432e-b09a-0960167960cd", - "title": "Top 10 Query Type [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.16.0" + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] DNS", - "version": 1 - }, - "references": [ - { - "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", - "name": "panel_7", - "type": "search" - }, - { - "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", - "name": "panel_8", - "type": "search" - }, - { - "type": "index-pattern", - "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ab55c4cf-b8e2-47e1-b548-ed8db4a5dcc1:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "41ccc6e6-e2f7-4f0f-8e38-806add9d12a5:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "7809e922-929c-4836-80d9-1fbd3a9fb8e8:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "179440ac-a8bb-4686-8ab1-8ad93b7717fb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d91a4b30-da3a-402b-a7b7-542680808c83:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "820c618a-04ef-4d1d-95e4-76be0a783c03:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1129632e-0004-4421-bf56-406d8499a2bb:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5a855a3a-e38e-432e-b09a-0960167960cd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", - "id": "logs-*" - } ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file From 1ea9bda8bcd9dbab6c41d7bea2a3aaec2ed7f378 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 2 Nov 2022 22:06:25 +0530 Subject: [PATCH 066/103] format --- ...-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json | 1144 ++++++------ ...-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json | 1589 +++++++++++------ 2 files changed, 1589 insertions(+), 1144 deletions(-) diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json index 305afeee48d..330decb8a2d 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb.json @@ -1,574 +1,574 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "AUDIT" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "AUDIT" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { - "columnOrder": [ - "fcb0dd34-08f1-4b12-a947-66514002a247", - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "columns": { - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fcb0dd34-08f1-4b12-a947-66514002a247": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a80ffa5e-4561-415e-9059-04eb43007744", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3b197aef-e049-44df-a30f-fc807fdb1718": { - "columnOrder": [ - "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "4eb788c2-ebce-473d-bfb0-ee0409862740" - ], - "columns": { - "4eb788c2-ebce-473d-bfb0-ee0409862740": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6786ed8f-346e-419e-b8a7-1eea3d76b317": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Failure", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - }, - "e9c4594f-2e2d-4750-9b04-eb1632f13753": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Via", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "infoblox_nios.log.audit.apparently_via" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login_denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login_denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "isTransposed": false - }, - { - "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "isTransposed": false - }, - { - "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "isTransposed": false - } - ], - "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", - "layerType": "data" - } - }, - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5afac073-fbf9-4826-b39b-dc95b0000227", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9688c841-6bb3-4369-8c27-894421c9ea56": { - "columnOrder": [ - "392073ca-09fb-4349-826e-fe44effa2a8e", - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" - ], - "columns": { - "392073ca-09fb-4349-826e-fe44effa2a8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "isTransposed": false - } - ], - "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", - "layerType": "data" - } - }, - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search" - }, - { - "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "type": "search" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], - "type": "dashboard" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "AUDIT" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "infoblox_nios.log.type": "AUDIT" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "efab2208-7c53-44d0-ab95-44e4f536b001", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", + "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "title": "Created and Deleted Objects [Logs Infoblox NIOS]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { + "columnOrder": [ + "fcb0dd34-08f1-4b12-a947-66514002a247", + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "columns": { + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fcb0dd34-08f1-4b12-a947-66514002a247": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + ], + "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", + "yConfig": [ + { + "color": "#d36086", + "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a80ffa5e-4561-415e-9059-04eb43007744", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", + "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3b197aef-e049-44df-a30f-fc807fdb1718": { + "columnOrder": [ + "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "4eb788c2-ebce-473d-bfb0-ee0409862740" + ], + "columns": { + "4eb788c2-ebce-473d-bfb0-ee0409862740": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "6786ed8f-346e-419e-b8a7-1eea3d76b317": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Failure", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "e9c4594f-2e2d-4750-9b04-eb1632f13753": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login Via", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "infoblox_nios.log.audit.apparently_via" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "event.action", + "negate": false, + "params": { + "query": "login_denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "login_denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", + "isTransposed": false + }, + { + "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", + "isTransposed": false + }, + { + "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", + "isTransposed": false + } + ], + "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", + "layerType": "data" + } + }, + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "5afac073-fbf9-4826-b39b-dc95b0000227", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", + "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9688c841-6bb3-4369-8c27-894421c9ea56": { + "columnOrder": [ + "392073ca-09fb-4349-826e-fe44effa2a8e", + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" + ], + "columns": { + "392073ca-09fb-4349-826e-fe44effa2a8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Login User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", + "isTransposed": false + }, + { + "alignment": "left", + "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", + "isTransposed": false + } + ], + "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", + "layerType": "data" + } + }, + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", + "title": "Top 10 Login User Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Infoblox NIOS] Audit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", + "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", + "type": "search" + }, + { + "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", + "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", + "type": "search" + }, + { + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", + "type": "index-pattern" + } + ], + "type": "dashboard" } \ No newline at end of file diff --git a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json index 305afeee48d..fa11ae5bb24 100644 --- a/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json +++ b/packages/infoblox_nios/kibana/dashboard/infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb.json @@ -1,574 +1,1019 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "infoblox_nios.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "infoblox_nios.log" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "infoblox_nios.log.type", - "negate": false, - "params": { - "query": "AUDIT" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "infoblox_nios.log.type": "AUDIT" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "efab2208-7c53-44d0-ab95-44e4f536b001", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "efab2208-7c53-44d0-ab95-44e4f536b001", - "panelRefName": "panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "panelRefName": "panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "title": "Created and Deleted Objects [Logs Infoblox NIOS]", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b651497c-3650-4eb9-ab9c-e90f27c1fc75": { - "columnOrder": [ - "fcb0dd34-08f1-4b12-a947-66514002a247", - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "columns": { - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "fcb0dd34-08f1-4b12-a947-66514002a247": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Event Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - ], - "layerId": "b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "fcb0dd34-08f1-4b12-a947-66514002a247", - "yConfig": [ - { - "color": "#d36086", - "forAccessor": "3c8dadb3-4770-4830-9d0f-3a157d0a0f97" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "a80ffa5e-4561-415e-9059-04eb43007744", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "a80ffa5e-4561-415e-9059-04eb43007744", - "title": "Distribution of Audit Events by Event Action [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3b197aef-e049-44df-a30f-fc807fdb1718": { - "columnOrder": [ - "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "4eb788c2-ebce-473d-bfb0-ee0409862740" - ], - "columns": { - "4eb788c2-ebce-473d-bfb0-ee0409862740": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6786ed8f-346e-419e-b8a7-1eea3d76b317": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Failure", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - }, - "e9c4594f-2e2d-4750-9b04-eb1632f13753": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "fe7f037e-6294-43af-94f9-3d73fe39d2a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login Via", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "infoblox_nios.log.audit.apparently_via" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login_denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login_denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e9c4594f-2e2d-4750-9b04-eb1632f13753", - "isTransposed": false - }, - { - "columnId": "6786ed8f-346e-419e-b8a7-1eea3d76b317", - "isTransposed": false - }, - { - "columnId": "fe7f037e-6294-43af-94f9-3d73fe39d2a0", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "4eb788c2-ebce-473d-bfb0-ee0409862740", - "isTransposed": false - } - ], - "layerId": "3b197aef-e049-44df-a30f-fc807fdb1718", - "layerType": "data" - } - }, - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5afac073-fbf9-4826-b39b-dc95b0000227", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5afac073-fbf9-4826-b39b-dc95b0000227", - "title": "Top 10 User Login Failures [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": null, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9688c841-6bb3-4369-8c27-894421c9ea56": { - "columnOrder": [ - "392073ca-09fb-4349-826e-fe44effa2a8e", - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8" - ], - "columns": { - "392073ca-09fb-4349-826e-fe44effa2a8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Login User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "392073ca-09fb-4349-826e-fe44effa2a8e", - "isTransposed": false - }, - { - "alignment": "left", - "columnId": "7d1fb2f4-74e5-420a-bf2e-d5bae039d0b8", - "isTransposed": false - } - ], - "layerId": "9688c841-6bb3-4369-8c27-894421c9ea56", - "layerType": "data" - } - }, - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "ad53c5a5-b77c-4849-be52-76fe81addb10", - "title": "Top 10 Login User Name [Logs Infoblox NIOS]", - "type": "lens", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs Infoblox NIOS] Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "infoblox_nios-c3abc8b0-b4dd-11ec-80e1-4bd67c5762eb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "infoblox_nios-b3b496f0-b4e5-11ec-80e1-4bd67c5762eb", - "name": "efab2208-7c53-44d0-ab95-44e4f536b001:panel_efab2208-7c53-44d0-ab95-44e4f536b001", - "type": "search" - }, - { - "id": "infoblox_nios-854739b0-b735-11ec-8ec2-49017af276c3", - "name": "ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d:panel_ae1e8f76-fa42-4a6a-8a7e-08a96bd1e58d", - "type": "search" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a80ffa5e-4561-415e-9059-04eb43007744:indexpattern-datasource-layer-b651497c-3650-4eb9-ab9c-e90f27c1fc75", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:indexpattern-datasource-layer-3b197aef-e049-44df-a30f-fc807fdb1718", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5afac073-fbf9-4826-b39b-dc95b0000227:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ad53c5a5-b77c-4849-be52-76fe81addb10:indexpattern-datasource-layer-9688c841-6bb3-4369-8c27-894421c9ea56", - "type": "index-pattern" - } - ], - "type": "dashboard" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "infoblox_nios.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "infoblox_nios.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "infoblox_nios.log.type", + "negate": false, + "params": { + "query": "DNS" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "infoblox_nios.log.type": "DNS" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "panelRefName": "panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "panelRefName": "panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.response_code" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "59c77ae9-b3de-409f-af9c-79d24f27fe0e", + "title": "Distribution of DNS Events by Response Code [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Flag", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.header_flags" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "66c59159-c694-4f18-acdc-4a0ee8f24e44", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "66c59159-c694-4f18-acdc-4a0ee8f24e44", + "title": "Distribution of DNS Events by Response Flag [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "362936ac-2262-4cd0-8e06-c28015a829c5": { + "columnOrder": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292", + "d759196e-f983-426d-bdd4-b6fea637f20d" + ], + "columns": { + "199ebb9a-2861-4db3-ac9d-d5801b764292": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Question Class", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d759196e-f983-426d-bdd4-b6fea637f20d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.question.class" + }, + "d759196e-f983-426d-bdd4-b6fea637f20d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "199ebb9a-2861-4db3-ac9d-d5801b764292" + ], + "layerId": "362936ac-2262-4cd0-8e06-c28015a829c5", + "layerType": "data", + "legendDisplay": "show", + "legendMaxLines": 1, + "legendPosition": "right", + "metric": "d759196e-f983-426d-bdd4-b6fea637f20d", + "nestedLegend": false, + "numberDisplay": "percent", + "truncateLegend": false + } + ], + "shape": "pie" + } + }, + "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3dbd8734-c5a9-4b69-82ab-441be9c681df", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3dbd8734-c5a9-4b69-82ab-441be9c681df", + "title": "Distribution of DNS Events by Question Class [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "37ef1ff2-63b4-4622-881b-94adbf10aa0e", + "title": "Top 10 IP Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.port" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c", + "title": "Top 10 Port Used by Client [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Answer Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.answers.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Answer Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ae613e8d-a0c5-464d-90ad-ef352d122514", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "ae613e8d-a0c5-464d-90ad-ef352d122514", + "title": "Top 10 Answer Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Question Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Question Name [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "7b2fd611-413f-42a2-a4ae-6b14098521bd", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "7b2fd611-413f-42a2-a4ae-6b14098521bd", + "title": "Top 10 Question Name [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c7c1c1df-9311-48ff-8df3-6c0ac873f606": { + "columnOrder": [ + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639", + "0a304308-6952-4598-a14b-66b0ae5c6fd6" + ], + "columns": { + "0a304308-6952-4598-a14b-66b0ae5c6fd6": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "24e0ec78-4202-4d4d-9d1d-88df3ac6c639": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Query Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "24e0ec78-4202-4d4d-9d1d-88df3ac6c639" + }, + { + "alignment": "left", + "colorMode": "none", + "columnId": "0a304308-6952-4598-a14b-66b0ae5c6fd6", + "hidden": false + } + ], + "layerId": "c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "layerType": "data" + } + }, + "title": "Top 10 Query Type [Logs Infoblox NIOS]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "eff09424-7521-473d-88ab-368aa2d33b69", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "eff09424-7521-473d-88ab-368aa2d33b69", + "title": "Top 10 Query Type [Logs Infoblox NIOS]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Infoblox NIOS] DNS", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "infoblox_nios-f8d86480-b4c9-11ec-80e1-4bd67c5762eb", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "infoblox_nios-5cc295e0-b4d6-11ec-80e1-4bd67c5762eb", + "name": "8c9c23a3-c26e-497a-9b62-99dbcf30c2ca:panel_8c9c23a3-c26e-497a-9b62-99dbcf30c2ca", + "type": "search" + }, + { + "id": "infoblox_nios-f3899090-b4d7-11ec-80e1-4bd67c5762eb", + "name": "33030bbb-3670-4b20-ab01-b0eb157ea4e5:panel_33030bbb-3670-4b20-ab01-b0eb157ea4e5", + "type": "search" + }, + { + "id": "logs-*", + "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "59c77ae9-b3de-409f-af9c-79d24f27fe0e:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "66c59159-c694-4f18-acdc-4a0ee8f24e44:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dbd8734-c5a9-4b69-82ab-441be9c681df:indexpattern-datasource-layer-362936ac-2262-4cd0-8e06-c28015a829c5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "37ef1ff2-63b4-4622-881b-94adbf10aa0e:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "11a2277a-ad98-45b0-9ec8-dc304f8fc34c:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae613e8d-a0c5-464d-90ad-ef352d122514:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7b2fd611-413f-42a2-a4ae-6b14098521bd:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eff09424-7521-473d-88ab-368aa2d33b69:indexpattern-datasource-layer-c7c1c1df-9311-48ff-8df3-6c0ac873f606", + "type": "index-pattern" + } + ], + "type": "dashboard" } \ No newline at end of file From 388581f60dc69cdec7f5d267df2f6318283b9072 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Fri, 11 Nov 2022 21:16:56 +0530 Subject: [PATCH 067/103] revert microsoft as its deprecated --- packages/microsoft/changelog.yml | 5 - ...-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json | 175 +++ packages/microsoft/docs/README.md | 2 +- .../img/filebeat-defender-atp-overview.png | Bin 170105 -> 0 bytes packages/microsoft/img/logo.svg | 1 - packages/microsoft/img/siem-alerts-cs.jpg | Bin 399141 -> 0 bytes packages/microsoft/img/siem-events-cs.jpg | Bin 523409 -> 0 bytes ...-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json | 1286 ++--------------- ...-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json | 139 ++ ...-e415af10-ca67-11ea-9d4d-9737a63aaa55.json | 164 +++ ...-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json | 244 ++++ ...-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json | 132 ++ ...-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json | 128 ++ ...-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json | 128 ++ ...-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json | 128 ++ packages/microsoft/manifest.yml | 4 +- 16 files changed, 1397 insertions(+), 1139 deletions(-) create mode 100644 packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json delete mode 100644 packages/microsoft/img/filebeat-defender-atp-overview.png delete mode 100644 packages/microsoft/img/logo.svg delete mode 100644 packages/microsoft/img/siem-alerts-cs.jpg delete mode 100644 packages/microsoft/img/siem-events-cs.jpg create mode 100644 packages/microsoft/kibana/lens/microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json create mode 100644 packages/microsoft/kibana/lens/microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55.json create mode 100644 packages/microsoft/kibana/visualization/microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json create mode 100644 packages/microsoft/kibana/visualization/microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json create mode 100644 packages/microsoft/kibana/visualization/microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json create mode 100644 packages/microsoft/kibana/visualization/microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json create mode 100644 packages/microsoft/kibana/visualization/microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json diff --git a/packages/microsoft/changelog.yml b/packages/microsoft/changelog.yml index b95ae7d2a68..a3f35e968a2 100644 --- a/packages/microsoft/changelog.yml +++ b/packages/microsoft/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.2.2" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json new file mode 100644 index 00000000000..04262528bae --- /dev/null +++ b/packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json @@ -0,0 +1,175 @@ +{ + "attributes": { + "description": "Microsoft Defender ATP Alert Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:microsoft.defender_atp" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "w": 4, + "x": 0, + "y": 0 + }, + "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "panelRefName": "panel_0", + "version": "7.8.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 24, + "i": "74d36139-4d22-44d4-bfc8-020c575febb1", + "w": 25, + "x": 4, + "y": 0 + }, + "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", + "panelRefName": "panel_1", + "version": "7.8.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 24, + "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "panelRefName": "panel_2", + "title": "ATP Techniques [Logs Microsoft]", + "version": "7.8.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "w": 4, + "x": 0, + "y": 6 + }, + "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "panelRefName": "panel_3", + "version": "7.8.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "16e7059b-70a5-4ea4-b622-9015d7430419", + "w": 4, + "x": 0, + "y": 12 + }, + "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", + "panelRefName": "panel_4", + "version": "7.8.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "w": 4, + "x": 0, + "y": 18 + }, + "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "panelRefName": "panel_5", + "version": "7.8.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "cb8de6bb-1096-427d-834e-210963aad3e5", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", + "panelRefName": "panel_6", + "version": "7.8.1" + } + ], + "timeRestore": false, + "title": "[Logs Microsoft] ATP Overview", + "version": 1 + }, + "id": "microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55", + "name": "panel_1", + "type": "lens" + }, + { + "id": "microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55", + "name": "panel_2", + "type": "lens" + }, + { + "id": "microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/microsoft/docs/README.md b/packages/microsoft/docs/README.md index 7d31ee6345b..1f3dce647f2 100644 --- a/packages/microsoft/docs/README.md +++ b/packages/microsoft/docs/README.md @@ -253,7 +253,7 @@ The `dhcp` dataset collects Microsoft DHCP logs. | Field | Description | Type | |---|---|---| -| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| @timestamp | Event timestamp. | date | | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | diff --git a/packages/microsoft/img/filebeat-defender-atp-overview.png b/packages/microsoft/img/filebeat-defender-atp-overview.png deleted file mode 100644 index 7df250e2ae8858b2323a30d23d7d252fa431e87c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 170105 zcmc$_cT^PL(l&}&QNRHa0RbHZBn~+ZFe*dNISxpU1Cql4qarZm43Z^hkeoqsW=KO0 zlEaX5=HqTARtyi93>OCn2TwvAs)&R0 z=okm*9`(c9H0Q1P_|u0+xTb{to2d==L|MTR{*{_n8n-4(Oc$*|A7w=YsItv9VlQ^W|t2TU257FSfpZxxNgp$_)AuXMX3;raqJSh6^3;W{yUIp)vyE=kC*@?HVU8@TqDJSfC!WvV$=FP9uoTMi(~ z>+1|$T>7k(+lG;T17jVgrYF+_ci#V{sb7$|o1Qk8Jdbh1G2*QsS%*o}+CDy2NR`C= z07gn;vh)wwYzzpJI{L}_9n|XBm-5GLHEn1c*4Ty=S`rFPpUG{e2nwG7gq>8Jl;=aE z+{%kTq!(PZ2(prqiLO5++?-C-Q~C4LaCSbJoiJ`%4LX*cA($M>SYqkP$jG_Q4jhnb z?myj0daKvxy;PFiQxA*ILauW9M0d;Or%#LG82A|L(iIUoh%7~=8r$Q(lAH&BHLJsU zI2xWt$HPXx2otM?wkWC@aCfBB@nCf2)>C5IIGDE|8IeS2#HVzhcUMq5pZU@YWx_B#sO%D!H6`Nl2^=4sz`6 zJ@)PB86KPI8=0QQ^bDU=4G&RJ)+L@{C7cNBF@tWyMXBrNPnc!e624iVGUfM)9vpQQ z)z+fhj$9CTZ`8NitVlK3FhuM!8D`>$gzdzubebnQJ^G_VoNGtKQETnK&QHm7+<1<2 z@r@ad%%J-Zm~Z?{O8CR^7UZNh7i*RitEEC;Gv3oq$=hYjzC{aH!%VI3tfmGnIea>D z&CAu1=DSqiq*6GdXkG7i+F~FRTP1KTin3KO_ob(OJ>JvV_BV=NHUo)r0Ye+ zWIogX`;bb1YbPhkKl_Nt{&1xr7?~0Cx@6+AI%P4MnLI7E!EN&EsePGHfPm4Y_t5e- z@&I{RZK_PIW@@8OLD6|Kk7@NugSOZ|0#~=LcW5n87jIjzIv*9RdVL+D>U{!=CA%78 zx@tTPA5rYL1{j<>xt7HTE|9d1=L-_8pS+P<9Z;sy+9Gxg#n!KPxPo*h?-;RJ2L^X6 z2c4}euRdgeym#?Y5}b7|xhAc#*Y>lca>KTFK+i{*f@|`ngci^4^cWc0Vyo-m zS{H5Xlj(ol^PMabeSFH`c=}MrygK*1Yl6$5%1Ru!1X4c5xS`+8lJTo$1nIH!fn*xL zI=_#PjJOUYB*vt)bHD`4=+R+qEZ>jb)5tP)-xoNQ3;DxPSGS_RIw)bc}^eG=6B4WYU{Jl0eLSZzl6Qq#a zka_jfH+E7<&46=wHn;9&vkju~a)3m?ZCOlNTM05(nkG3e4pn0$4n0+Y+V@MXrfkZo z*d!#jm8)_H0UQ|?+|{HKf~bF4ebVD#zD_`)z7Jc!stQbXDSTSt!!qOT-S579+leCO zEGKThbQW!SzFrvPPup)1TRzDb8=baf~UzTYHL{-Y<)48a&>1- zBzD3Ckv92L?wK))B9eQZhyFu@YVOA|YCQMr@>UL){}{o}UpB@`!lR-zl$1)C-q`E> zjuTr5qN7cq1`;@p;vi=!LLnW7T+xHfBqeNaS`KBFhdCiPw^?E-0>Slc zZj(VBt6SnODqIy?#PJKPNuNB7qN*qAn(Q{_!e40Kq2xWtqPOM=>~&|-HCE#msfELP z>Jc3_dIl!+h2==hXLunpI`*JpuMoX-C14lPj^rmh9i{lLTI#`Fgz73WljFQ6@pfKj zefNpDXFKuEIUw{i!Fv{n5hlEXsHnFF!8BH5veT zv{8He;^dg82u28yfI2W69sjN0ik&*dEU}) z#&SDwNPxQ1M@!m}WhVje3JIGJ7Y-v*1xH3JeMwzeb~eLr3SxW;Ndch&^E~Y;>dt4U zewvzUM1X&(y&Z)@-4?~F246F=a2q76OtQ83<)L3WEGB-MklYSbh1OOz||q)0C?dcgXA_B4-Zkc}*j6mCC z+rz{o)iE0zn8gyjMyCEfG-9_kH(W@Du9}RkZycK-JP2vJtrJ`+>u1*;U)NU9?Q(MY zoUWaOHUHvvX0@qGJS1H8c!y)FnWKD=T0`U1{Wyazp<4Kh zIBl5IT)0}DXuhOXRm6d5NN{rm+yx3Pt~J2U#1Q^o-&z3MosP8ZRYxJPWTh*n>OTr= z&}ncrS??3x00OkR`~8~R6!9b*%&8A%1So26t+TkzPrGV8Lw>u*%Zr|gogF?qxY4=9 zBretd=^rb)T6IFA@RfUglxdk@(5Ld6b5tM}Qc_W|v|9-^w6;Fq9$AB{4oXzi+E^af&lXLKHLGFsY38@srO75CbmNTn!zAhY<5FS5nUr z*nql8_0{jl;)Zr39r|$9E^w9bwBNRLIh15Cu{nLaos%p@3we%?gDN{(wxeUDeVn51 zBa7x8y1^#(f#*sR(6Ex(&F2>94aDWfaXoun#PmEUhtyEtl) z-DVPY*vIIXxs+E&VZRAxDYM-L9krytgrOpktN% z1?uK?kG*(C2GbKjxQux(-THdaK@inGWy<$fDjm-HR=>z3E*2&JvV`d^L&8d#Gi)rjs*Oh)%Tj%Lu%jn|CY)R)5~6dRa|778pr+_+H+S5`Zzv!<&eIXXQT%pCH^2-^E6Y z5)%TJwl$tT3oTeH=Vh{QRra{L!fY3GXHj>L$3YUzKNu4Jd~J^Pp>)GmVMk6L`7%9+ zT2Ajg>>lz9?^_Hn%JfgJtD#nleVKIi{h9}xW<=aFZ@aBqRLQCJ(ZygAJ2=;E8* zfhM+?I71wSrPn&o;(TGS9xk_+kpj+ z+E1%5njbZ5i-K*tS>i1dK{Xd{^EcB*s=&cS1McPwPHYs5V^8tM6E=Xt-01;XO2c4r zI#fB@olWbt{qC=?_5aKO{Wa<7CihQH2?quY+B4BNu-UxkT5Lxxjn% zE75oy%+d)Ile^j_>rWKv`Cs6lW^r(Xc@cv8-L%te&HIe^-SICphN`Q^C0-3?C)lig zaBz3Ga!~2ObnC)aYK=JEzqZ=Kjb!y>b`GcMwnl`$lN&`zAgl(L8;VecBCW+fJR4SI zmiUb4 zE;caXPG3<*?-7ra;-VN%+KyDcDWbZH_jmijHtgIcbGA}BvO*E+2K+p~O6Nb+c>6&d zw|j3^^yaXghm-@RJfS)#uQgn_xEw455bmp-g20q@11vuAqfAjR=2Cq?)%bpT;R7mP z+4##Um0dh~yjZfQzxBlpYg(=JDP}{&ciXS(PNx*eN0@gO0ikhO`V*5y19U6i558;0 z?xEK2YiVd4(E*D&x#kJ|LB%DUh!aNn_@~GO>1Ef|P})&UA|k_RaM>rMGYx~uiAg^{{t|5PJh+|4D=$`^TC`@ZHPK4*ekK2sbgcdkC&VD7sZJrL zc2}!{>E|1uZBbf^S)4wI$-amNIJgfRI$$6IjJ78tw%puaYmh2w>~-c!=RPewH_27K z80aMb)z=(WwxzGxY99)utI_|7ks7>+2v~ol!!yXia8k}fOVD8S&w#-J6_Xn+$@rQn z4pNbiB1h`KWM|uGYSIGm28ZetMjZC`1DGG_ICE~DfVb~~V6`DAZf|SY%hDg%L)Ro< zSB-m0sm*#7P6mB5?1xk}{a>YqkCl)`MjO{G(sST)i_Er<9qF6KDeeam$0Dp~<@1U# z1V)lLxN~fN_&QOul{}iI0xqw~c+CVl&&7_`7dcEtI_A5#1o$beLi{c=2b^c4vt~4Xat_bbLNm!iZpoya!3<$)- z&s_QzhgA9Ws*6+j`S=LAt-nzUjxrgj`~*w1NVkOQno`uns9;HO>^Pzx11Z!XiM& zq5_|JI;_km|KqjS1`zjYe>l<2iYH{?nUrc-UTnZkIPhJOOT+L5Ig9t4s~t>94D<$< zymn~<@Oc7g*BDgmLa>=+WttkbY5s`YNBht;om(ukBud3*w0EjxHJ@H!t^s*G8#$55B}19Y>D?%y5mK_9DLR22M+BD9aZNAcx-pT^b8O$Io~2 zMe!?GZB{{*r<2}qfI$8AK#gYtc|Td{YF@3hY&F{~Z!;x)>|CoJDkmq1QL7rl3Z+f@ z*lW||VqD|bVtr8-`WDvhNN2Fu*UExi>f8B~_Gk>Yk{;l%4uvw+RLy!-mica~-=V(hM6BJJ(_bk54%$0cpyMy;mK#U+9 zRMI#&wU0}=opE?q>s#$VVW)qRE3ls;Ez`o<`X-ImyIH!v^SrqDfIyG~&CN&liDP5P zs4k5_00%5nFWl_Yy+GS+*9TJj#eruzd_gZMHm6=XnzC!~QylhZDHfejNI#hD9$6|| zZ}+=|OwXnx9iQ)VcjgyJhR;^*c>Kz_E_w9xMP7dAn-nivcydomB!K1KqH0#Yazhh_&^=tU}*xY=36jv6<6Ki6~o?*q{?h~2ARnbuC{sRX869*AKo{8DY492lj=e@%A z_N_oP?fF2^rjEbtEDqHB$g#;UVzq9~aLF>8{^ucQXksvbtVkP+Bk0#V+^jTAF;Eu;Fq74 z4kA;H{3Z~^sgMN9!y!Bgu}w1NmXC*K4GlcKV^a)Q#^b`1t9HCj+gGb*J>T^p+Pa85 z?Z&}5`|gkyS^5%sXHtMd!|O%vxaGPJf{07nLrgJl_I(9+jEqf}F9*HKvUP(|(;MIw z&il*Oh;HPgz^c8$eKv^-EMFVcetTk|7hy4Ne9swgFsstB>Ro{WN67dg4QIrBGXf;H zM`Dxa)v(oT%->Tw_jJfDjbr7!uIAAAEavfgH@YQ0^ojctg*(u!ebhaq9P=WVV|G)> zkkujLQ6~HTSPaCs6kM1rs>7pR(LBo|z?^u_iL7fyMElsToPSqz(N;FBZE~uqfe$I> z<*g4{2x};b5k#fGoC^J*`kpA?SB1wS&unlevb*YW8+eDI4=Ng;_37%sghW`7TBucL ztOlf^Cpm90@SqzN>+@yr-fadczpMA0HUUYSKY|_)PzW~KTBsY7B8PF0`-EK8sf}eg zWc)O1;&s_(zD6STC%2w7UYH5Ee)s3GHtmVAQij|rCL;0FGs-{qHlqOZ%TrNQ`N zm$0+Cn(J3ZFI8(QsPOxWw-@o=K{F`Jzh2S}YH%}dR6@1E;H!-3Dns_(^o4=Bf7}(P z&ez9haxg?5iJa~Dza^@hvV5jof}x3tFx1S9G!&dV1TyI|WLHvJs5>XH3Vw*3IXt>s zKG4nH$(3?s;L_PM3QuC^GMp?5L9B}|3q#y3e*R3QREAonMo(_v%!s3n<5;%!&1KTW zvKWF+3g3>fQ67GfH;TOrNt=@0>_`}6uPZ@d`y_?qy`WQ-EJiA>O>4wLTHKWT zweW>wn-uH!d(0{v+ua*nsdjxP&Z@{STtZP~kW7W&5Z~3)e2`cIK3OdH8MfMcgRw>R8PO*Mf<+5;uJSNqbGH$N7(Q<$nfjv{|WB zj#Yol`FQa4-AH4Z9wN8O6SnM=|J__18k_M&7d|pky1AOs?};1L-$iZcfFch@@d(*F zG*-g_xeF4eJVKw!F(#9-HAV3h>}<%(-3|x##DvWj+1m|QTen!IdMtxK7d-#Om2ibI z9?5_|sPLvx{`6oH{X|PJ*Yov7n%TKti>8jV;Z*g{I;Q&U{VC?gp{IlXJFB0^9fe(S`m2f!evON7^%M{Vq0x zzHVgIzv|#{?dXB>yfm?x(o;R>ASzKWEfJAze+VUM;qNt#phueZA9LVw?;ok$luR<--k1$Z|Z|-B@L@Kf3=4 z*c+|ASxGm4_;TYO6l%;;{&kv8-LW7g)3xajzXaXoP+BlkqU-xk`ZgT%{RP3{@&2jV zEZRRh9|%Ms;~qlHpEbDpcF8D9nSy}O<6T8Y?f5+-RoY;-sLkns$C*}8@E2AeU*flX%CnPD_dI@ThZo@KyeunI-+Xi_a6D4U6R^%pHU^l1@$(F!B-}G*K&+v3OEJS5(Ee5g~WZAH{byE!^<+!uC zVaZ)^o%di}LR@+VKnjz0zD#CzaPX4)O5*HV=^!S!w`jdyKvy!HWcV5;BAmJ`&l5C> z*d!2KSD&$>h&!(oB^bu?FO@AG*1?pRuF+&w`aga&ho&FXPY9ynJVP`a zt5E}JgRKo@QmF&cY+#)*l<9Z{_Ak`^-`hdNO<`}c1Y~?h{)Hn$rnsVni;Ywgdhg!o zO%3A)RCp8*Mw|^x2rBtz`b;j|ubBQK=oVJ{Ha|I8^^%P)18%CE{oQ@68C(ymvxUw0 zdfun1RdAb=6JZ__Q~;gA&0QK1h~HbUPUNmafyU5G$y;KE}{1bwL|$m>r|xq2HzdM z6kO|+(Toj_-Wy?1xlq_Uw&ou{rkVnSa1JBo82<6?@yD#HXJ9-|D(K z?#LM$n_qyQ*n?Ar#_E$+z&F^b5eI27drC#Jf=aIP;l7*L4K8c~Pc*!}O7f-rzFn{< z_WYWSyk(hlbI#noA?!usKLU}!7o$G(t)+(y!AiQ5geS)B!O-6 zPFLSsB^}CB=3bAdq$C&Vcs5g&s2iB7`RgBz6xBl0@*A}|hb;%>OLAO|d@mAd3a!zj zPc04OwQa&+O@r5k36R6P3|ga+L|Y&^QuIZrvV?Wy}}XKvo|O3@^Q%=0}o zkU_=MPZ^5G5E)fOjyOr{qcyj}_$$q*PLTDi5bhEVSX?>~OawjzG4$lsD!~e!^Xyd2 z141uuB|RzI8Ez~s|3hUsIM<(^GoRa%JYw0&i6+d@iqA^Cyw(E~9@8pntWOV8Dv9kt_HS^}6;&!+)s?s01*}%FP9Y zO18dh`>%WRLmydRFhu%&LH#!)rT-Q1KKp-BS#&;Zy8Qhd4o>i`|Ig?x{{z$bii&}^ zHy_GrtJ}{OjG6?VcFNW*2ua%M;1@o+Y|?wVKk~Jok@NhzoD{OppA@Ir8TfOo>5doI zQkotup$F@Xew0vn*4$2?lHMH{%RN)b_H8XLlwGS{`!&A?L!qH` zT>|XEdyPim^a@Ph*z&7zO6_K1eeqJmkIyw-!dV+wq@A{dLbmJ(e*fMPjd|rbd|m4%?*WW?{{iix|}_- znP&3HJl;IbV$dK{TjLz(YAaf!8L}x}wJtxL3QG+u+7#;&(v{8tGz9liS2*sySRPJT z`pcyc_=Ce$uLLKimU)u zS$$CXrYJ{2ZS4ATSC#681>v;jQ`bm=gEz=$Nm+w4!(41<96yJz*!^rxR0 zI#xFP%WUK)AepEuYhf!HW*;8DUyiBN$DMTNm{(zpT}y_|W)oW+F6EPkz?A#I8*Tw? zfRwSsoFPWjz};u_pkI#&K(9npSRh>+Ne?$97>-%8xWVtzSrcQF)(&AJfdY3$I1af&pGm%|IaE4ivJ!gN(BF&{cGPzdy*L)!Mij4T| zHNDFut_3_e@9>g4cH;_Sq1f3a=u*?NrwN~_-MwGdi_kJ|JIXrHbw7M_Q+LvOW4$xZ z$_Q=vQ;$1^=_8lXSx?Tnd6Z`7H!^4LZNE^|Z|j=64`h%-KSbph?>cpyb$I6*5Ri zGlQ7t-}f^gOS#2;ylsdjcl*u%yS~ghGLo?(W1H49%ZR$V~Rvelvf4RRY=!{?LtI+ZBOsVg*H5VJMJb@`a9B zRdH1s+pUojs7yCbH~xjrn$Y;=oyW8QU+sLJ=QKbYVZf0wpism|gXUSc)w7<5r@_sYvo zti>U%Fx$W+&geb=O9$Yf!?QrX#6eT54=_7Pu_02-Zj{6OxuPbtgUqO?y7S3t67lj@t zX2}9ms+)2>JqyY$&7>0-%7!%SxTR`^3rIL%i!Eq0XAppSPl3BU*K;G*`c^!A^f$*DX z*fKy#@)5%FnSmzkPJ=GNq({B!Tn85r2z;G1Wcyl%0w2>A_uza)@(s8+Et|)}?@h6? z*}_;<;+d@`QCD@XVpZkA;OEEr(Pp*X18#$a7zbYSNZTdhN#9nkva@R&^Zc)9s%CV} zD}}InG6&~b{;F#^O*%km#sE@QW^{Y9IJ;Sm4rpVBSH>)z1d&dK{TC4vI^0@aYbn&O z-Lbhod?r?VcgUa?(TLKbD|tg#yvOtMa<$A zY@q$OCYPbp4=zoEkTeVEMPDpTN}9sG)+Qh|F*vm!HS7G*MASvB*Ic5vZDEND#+Q#6 zBa;)7#Po>gvhR*?k@Y(UE=~-FQRw$}7Tig!)B>*W2tibk(m^pH=Pis+|3L9?7@iAx z-MPt~8ErMpk2Cye_9n#mW$0NVLqGj8w9ZX<3`-5L0A7a>Dou*2M{AB%6XvsX)SY}w zo6eRlz-wTUlLUGsWgs_lVkH%~?XNjTLMrJR4OarY8jd+f=*cBg{o@=#^mP+GqgE>? z$>I4Ac=6ICU3_{u;RjrPl1u!|hggOs5sC`8H`OEeg)r&4ETypV(Gq1S zxou>;lvjOWT9j65spq^t)q-n-sk87(uaW8$*Y!t%yFHVf1PqK+)72TIqD&7 z2SqnEW-e+M)}#g*TNO3dy%@vGb;jkhHr%dD(zh1J8mzZ4Jo^4}D8@oxni_m#1l)+SY)_-wUxF z^zd3hFU3dP4<`P8N7@eO+A@ZgC+R-2^IkqlP`Bo+@nSErp?m}ExBxSOSPhln+0)R1 zRCqkQlf*_V^Pp(Lmy2VQaWvNSxgkt!lD7*+>NN0PQ|_WZyd7*=YV26wFvphINBxmp ztF>2;#h1~UTERw5xLF$cZnft5{s9Ku5K@gctT|3C?85`)7@7wj68AE6ZGLJqCd3ca z$f|$CJql6K>0ESvQX#~zv%{J0r>!fL3wzmsm(IDx86}^&4?}wUt z$V%UIh+5yUeKEH`V)_S`I2v4YEtgmDc6M&)Vnjy94%;xp)vt#;QfncD*rS7Y9D8_)tVzl1pb?vy5N#(&G4Xa3&| z>;J(L^nWWm_@5BI|Ce4TW%pP4qAJEN`;P$fLvRjf6aRQ&(h}!$;=uUIClafve3;$* zS!kZEL|F=0@{ELVPyLo^lS+M?=UH*w5$m%q?{elh6*=|~gpQ;z;fBZNRqkWxntw_T zpOKX$bKPTmaVoI1+7oVaoF6p~yL?kIGxZMV#0eLygF;orO=aag4(zseojU)oq|EtNwsKCYM%W6h6*BHS zrFE0k{Fga@aU=t)>6W81T=Fy@HBi+~xkvwF3um^e$)YvO1J+TynW>D;t|>+s0qI-BFeyg4(g&pHLR9CgMeD$kB6t^h43>o{p zFGQhzW34vzfUCbRwrBzqc&Hs0D{73%97lgwTdQ^ADR>5}B*Zp>6_C4n<{ z?0vJ|tSs%s_Lt!=d>2&scA~u3eJ`cy_(}Eo{=NvS)%TqRHEBz{Qs1}9KjwWR!eAtl zzFD9ZK(ov^LCtb8NEUNET(Xx76eJpVMxDPOBCio zY(((vdrO~U7-fQE{5>q(r%GKc@+*#`B7kdkS)|R08i8^-iw6X=@k`aRZVQ25EKhqa z8YpHeB+lBpBvL3(gYW-G)jQS-i~ux>g{XeMbf|y;;EPVLp~xw=;Tk9XkxpI67q9-C zgk_p^gEifxWS9?8tiL?QMRRwvq1S4n=WTXuDM#Io0h%&@V>}xLW1p)4_&7>iI$3lZ zKrUEQCb(ApML~S?S+t5Ey=QcuE)(3H@;D+o8vjx8%7$EslS@>r zER}J7rJ;zq#4_^a;Uxt2O z8PCRR+5TwBG-*#FmRORx;e?b0I!{_nkeQN5)LgYSI5F^+Ugylk3%>Sng&GQ6KW2!1 zR@U(9RmZot=kmiU3#W)>{>P|}PneXcY>T6GX`Q9K(^`xB&NeDr{Avqqjf{pb!cpQ` zb>T`pyOo^b_jv`kyRJe#zMF;1%kOp;-pfbe>xOc+*17YMIW5U?{!+DNOz#>~>lk?B zLJ^u#-?(fetjjUC`W9Q@OJhNxGYK+#GuPjpyj%{2a+hhr88|>|qBFLM^EPg%#p##% z#8$WMjE&^gyVMl9O7v(gbh&n(u}iR^J8CKI)83Svf_yW4GM6S4?pWTF&IzMQTdZ|i zj7m$tTi*Zs+{IW4Z_HjUD#UFznQlKoNyq$=>w`Sr!&)UBJYcmNOltT-7T+H4oRt1=po_l6;{R!04RXwctEZM5Vte=0-T{<#fGQqKLT7oN!$ z;aV);<)l+TrZu)~ADX`sVN>3;e5i%~gEpVW5xo_>cKMBY{Sks4PaY z6XQ(dhjFy~%xDJL#kC~!Am_M)7>Xa)4$fGXTFTee`33AV(l!r z6AgyOTougn=3f}?=T42tuKW3QpFCG}Wu6r9pA#KaT3a$qVXTj*=Zg6~!+sLI!r2wX zP4_&c1as*yOx$jL$}q1S6mil#o47sY;6*I9BFArd*nGSn7#q82nOF%GSjp@y+{60G z=FR?OT+4wrl5Jdw_UFWK3*26fWXO$x_GS}Iw(P0LJ(UiNTOc`CONoHCosnm1opN4Y zD|X>i)sZD#YjRwq<*fp)yLd{&F-8Zmq8n zMXOi71CgYU)S~0V(z-A``7$3SnKm>N<0=+SHBz8DodaYmrbRXzIIysMU8JKCJs`n^ zc8}X*@#srP*80fV9T%{z1w%|M_sI1)?@WI=0U-25^62YWG1N>j4xPj^bGEPNzS`P< zkUhygPm==1wwK=go78E2k0Sm^zDEd%uhNCRVX2y)bOS9+)&k4U3t-e+!wSO3y`y=T zdwX+!VcEJfh8iw%Uqsu)M{w{JE{zl&;_(EN*B7o&Wql(90%=#KeN!SBU97Jr zepo>4H^0w8#L@L(7s?P0*PMt^mR3h9#k=Ak`XCf_D0w#Zu3BP zR>VP@*KAwu?^9^D>YSnfph)kc*YU3-4zsnLcVM9|-4#tP^JL{6Ek|Fxn{ILU6e~YE z{M2>+>*)->L)2aCm)1fnnM~%sFDLwDnKf+R9uJ>Sv-%Zon6CQxs9XC$J@gtG!GNPV z6KtS|=1O0Bv1c-sE~jSIZU|8WKbL-MJ9gnXkD_iPQ@D*v_7dJwUr4t;4IxwuN3V2s zb?0QeFways;C4k2FDU}2_fl*NLbqlWax>(ELEWIJP~r-i2gMOwQX?c)-j>?Nt>I}K z0jTPnVY~H|52FJhk&WxJPgjUGDD>VVU-r0D>QgA+Y#!?7XAj?t7H>Mi5|3SzI2jLI z2V=qW^ZWgE_RB8V4SxHpYe|v)mtI1&Q|HA=XI;!Ir6WBy)1oR`M~1z;Ka@@qzu?mo z5v2729+%f)*ITls1RWguMm08qE!~;EaX*j@W9ZO+S2nK|bEq80n18UmE)UbU3LO7= zMUdwXON`w@*6NMeXC|DPi$w27#ph(h&zMELoMn|Cok!|*22EI+jepGwpt+w28MhJs zP}`d#>$95>cE^598fdh1wn^%9$n1eT_c#*sK)>*0d!Qo`EG}m2E_(nkA(i!7j*T3( zrQ57Br?&k*SdxTJctl2n%m01#rP*GfWJ9zoEo!wNs*sKCa>_bRzU^%lk*@tFE>}!+=1BtV&wIx}+AJhib!fq>ZLI z1z;eO0hVmi&-#9LF|0;zr$tjhr3+zp+R-kUPIt|Mt39L5$GTK86par}46`_>__Pzh zlM@*t(N()>w^;6+lOKW-H`$2j`g#~`o0}J3>d?-jv)*fX{2Dm#3SOm+2Ze@-i$lro z&k!ZZl=`9~#yeMX@{Jp|EpMnP3G~**;e{n}DUNtSm@$cRAdqZTaO5?j`;aib248gl zKX}J4h=RdDRREu&$mTn)qgh=~Zsjg=hm+0v=SDe)OT$u&c+ho0%>|_wJkq16+4gg+ za`pA&&5^=ltxQjksDs;02BLuATnXsc&%4b|@Oo|OttjOqHByV6XLJU)g741crig`Q z&;p8L_Y_snJEL^>ju$|_W1pG~V}en*!Els#7+aj;6o1UuR*Uo7Hm3rL!}MF=y7``h zlBr$D-9T<2aC(=~Bwg;TGOrtVTDL4WF>lg3M;Us7K&N3^hOctc1 z8qc&8K#s1vE>@|LRf#@*^nso=(kHsEzLbH!_1+0 zNkT4nrqN}c*$>weiF&Vqz;z<_>BW{6Bt-!kXH8B9Dw_+ftyMv=HZiVKOndY=+<1J| zg6_F^jp@%0r300(Cji&=3hrSOI93&tK;>w1RS_XBe9lEw&YO9%edvN6I4%5s)99l8yYe<`WCTyzAEbVhAI7gx-=KOSourkDemMnIzYkC)yVT>tbeTa9Q~mt2fc)hox21@~2oT3BRsLPXQUt*)2B% z9wC4NF<|$sA}DfYXUx9jYJ1@PKPwTOYbL_%vvWJ05y3>EmCvj$Z8#J_paVsaX1ez2 zMgQO$LSY2S>cc$wG4jNEej)9=!Z_PQ=ksZ;e&wSj|+ z#n1f8K_SwbGIL<6)p`%>L-UPJlI-o2<{U01YxG)jCZYia*; z??8WcVId7r!iZ9dZgKmi^rS>uk%+c1=f?m(6L(dSe5E8J{S36Fu;V~0(fs|Sv$*V+ zR}ToDgeZ5hr@y3I80j?UN(kWH7>r_e!OT4lQ?`*wETt{U3f&y*uQx8L%qTuM>XyRQ zIvyUebIUOv$_y3BP7pA>jikfmiYD zR>J0q*SH*@&{+PLgn{Mu0%o|5@~bIaWT^K@Y(SCwYEuV=e3BU3HO zkn81L8Hs5{{Qr2*yX{P4?xv%CJ$}pj)lVmpG$U4EAF~^3!%b;-?xwW+QC3+?u{bq^ zZ$#;Bn6e>5*~}{DOIH>g*$ZDt03m7{-sAYxNrva2<1 zmiqYx1mQ&aTxDG7(}gj`(-%))%71~r6Oji<-;x?oEK+upO1A9|dtTPFlvx;CZyx)- zo<$>;II2qJqra(jN|Zi}=_8geW3H@%`A|{{^Bk#o9>$&mvCW%DK&(4$!6vl z*g~Q1W=Q`^4=cOL3$`Qeba4%VaIgC$9Vsy2^`~DfDJeRHs%#akM{FJ8>}!W z6zBHpvxubKMEkE7F6M(fc5ao1NqLv9|| zTa!vou0fw0bRE|}ubq>q6|P4{N1_y96&c{MQpTYc?MV?k-m=;Re=ig&RamZ5qXE4C zf$@QLXdeaKE?fyB$?|x^6tVD%HtGg(ZtfIOOR^x)tyHX$6tp=FK-6rDBI-9*p04V% zv~rPn!nB!s*zGtXWwbY9E62EO*g)u>LRO;C;*_D7NEUd!jz{&r+7Q1_6igdg?XC5N zyrsJGfXB700FG^$$v;l)E`VFWgSPpP^V@6>!e#TJX#!4S<`Q;vMiQ=DbIO+u`W#wP zyaYa6D{Oo!`RG4u03Lgpm_UP-z&NGEm@0KA^o7&+)?XVgn!scpqG zg&8nyxfb`(SR~mTvc`1~PUcrBUMprf*G~PMz-Y2-GHtj);s) zh^)0(Xd|dU;}V0$a+fg6L2Q`>!E`*AqZDx-)!I5kztkLOUpTQa@|-sn>K07yUB(dZ z$GZMMi?&~$zf$Egy~_C(c+z!mehCzodO%MgMoD&qgtBE5f1!vZ@!%D@`ntC%pJ`F@ zJ}NTZm_+5W#(wB7+DUD^MsC%5rtb8;po60#EqX0dAaiv3lA(rk1?^7)f?Y<3g9cL~ zJ=dzfZ_gteoZ0>lZ|@n_WY&cX>-egp2n-@1eFO#RD$?61K@@}t2uL49dXr8FAvy?z zKJ*UKd+!7iM0)QXLhlJR2}wwD;=J#icmAAneb>3ZbNG{x=h^$&W$m@^wbs4YBZnF2 zV!C0dtwmX7S+@uPLlzI`=8^))mL~6?of?$CR_h$EDBcYUtUm5zJFVnx(Koc{`pn`A znA9)0_jc9T2~gg8GEI2VkRdi)aKll{Q){-zr|f`?tQB3rg|1P=}G;s zQj(+rtsYi3h1dJjH2!#}cNKUpiMG%d7HH=@G$oPg;rkv=e=NCXPMFJ;L=UBK_t<3i zY7I?yVw8`~w-Q>+J+6E7H8oL8zvVk=9bl|Z<4Q|fUksH;=*3ZCuO#|e9y=aN_bYn% z12mj$bQ}u&Hf>cHVXrk=`jos%Mox0Wfh?xucetWPWObdE`zcv9c0@Q>FHQO};e&5s znv59lT8hbA1LSUMrD3|9&q&sIx3ddaHKxCusu^1A+-Bt;BID0}&BvXHr!zxBs+UTm zunJc;n>`v!hAw!cI9GB0f+61m#IvIIab15-Q#6>0?J&D_c7P-xxc+B{O22~25mVsz ziS5ZkSA|7l%LIE`lJe%`&HcQ^*sy#cXc2=TBEx;|{)Tqq;Z~a8fOEqU^G)S>i?bz0 zX~WdiqYu~fVac-e?4+_jL%59CLX3nB&V?}~NNJCjd4|HD+1z>z-QOY$HMnGC?X1QV zJ+!V^EJ2oPxC!0T5=jY4W zk#m?wG#b7JK~P_`O0!A=_*YbOJ5a*!YW#2mj+$B-5Q>yD;oV4S!r~S%2$>H7W7m?9 z4Mf`{Y5CO2{0RebBc;tCE_)1htl-N1$nKZz#+Hg5ST32I+md(eT# z(*zgk8@C|7=!Q;$BSX5lQ_UItdJmS`WB(BIEkBAUEx0}mOh{}M1URZnY56?8m=exa`x=4^h*-%g8 zyD7Hk*S${>zTa!J`7eK*nLGwJz1U<)&?@L$B)DDoaZjFwdwqqM!#V}F%fdCO2Oo)I zc)#E7h|xche$qMt{+}GjqPWe0I1=Kbk+(jfoKWqlwd5hnt2yJ_Sa-4Tyd~PcR>Djc zkDdSC01NDH|eFL>GVbB+^!<-D5T@zEx0`r0)F$-vZpaMUS<3&pD}Uw(_HLpS@FXlQi+Us}V>Iq!vUg zcdS5+V!sRf{P}ZrOiXBX45Cv+W@J{BFWu=s-EUWUwv>MrF?8({811du>PK9wh(b;H zM1THFD}`7rb$wh>%q*kzcW9cj`y+BpNvT-AH0Zhu?ybuH`^t~{7O(xUC-qbJ7vX>8 z6MHJ~e=JAuO-BNHCZxuYHfYUZ<;-j*CRcT9pbvb70k^E(4`%22duA_PT9N-T79=9+XE9jy-F*N&PhdE_G`ol#blChDg~|6I0g5 zg9}~57r|P^b6u8c(K62OZ%Y*nD1}#_1swSb{BACf#O<>wZw zvPC@xq1sZ={Fw!D85da|u+tzWU2?68tb(y!RyoU5-OdUrcDG{mj&KFJ$7-I!DgPk4 zuNb&giy!vS(%36COO+&)=^6_Yo5CsWE7j<2!xL$2Ccx0b`mwsZMxMXz#bzvAwnSik z$T`(J@FE~{a(M)>ir)X_z|zIrEIO>*(Tay6fEVZaM;L$4z%T*t+hRi-5WZm0j1r*p z(INi5UUZ=&#^LwI+;`k5PO`#PL36ujvo&zpGF!exVS>eIXPKm0C1w^8ctLJ}* z_*^7nf0h;U#N(}uI-7#W)R`IR!KM_hT3XUTVvlq2n=sw&|_~jhJd?_yj9{Cc{M!g;;D!#fFY&ZnC#P? z%ghCMy4R&+tE{Y_?3ioV{b9I}@F0F^#x z=(OQZ{wf`PUThZ2V`eVvjBqV#j_DmLWi!!En=f3N=iOc)qIvDCZ1{8&;pgA2Xy+tl zwClYdjznK-MSnaKvlr1G(<$*AYJ{%qIfOB7|JzW=#Q4_kFe-_EGET zC@nx|KCtjcAwG(YDJC|qn3tt-_Q_z^2+aXh<|pif3LB7Nbh2@}&v(-*H%-RO%NpS* z$xOR*Lg+AbANW1ply>85&S{(NjygN70Uf^gPEt~x4~}>i_x|2=X)E=a2WMmA@*~&U zfQqdapXNY$m#*o0xO#fo9j5Y^2N8!ouw<_@ZBCC(4+f21M26Df) zTBb1Pfg_*w)gF&Q@?x4Px@c#*e^FEwa9=9-4VM|Y#D&4T4*kJYH39FPU%R zzP@zpc09Dbj+`#eYEDi`LwVjp51*&EuJvc@A(1Dho$}8z_7}!q0P;>Mf;}B=Fz5gd z8w;_Q{G28+5lFfJvT`orYg1+OC8#)bC;{KAi<$%T)g$p8 z4o~>w=vANpWCOQIQ8Y^PFB!o_%&sK{4vDon*DJ(@cj`bDDsjC*YqzbKnAp_mYWb5G zljN@M*%~AM^vE$a#mN57#zy^w+y=3VyUpc zhctue^dqNrCSiU)es(Zt@-?=9B!K5`LZaV{xyXN;2b(n8#Cq!v2jmQCW@QyE7nx7u zgNxI?OY=gNM!UK&%c6><{&plN`MD#H2`A+KOhMavJ&U(mXP!|}h~+`dplQt3l7A!K zu=52Ers?P?jh#XBide;9zSDa=u9Q14TrWgC6y2hns}IGmAUWU`REFFLiKus!0d;mh z0cls{mcsbP``OspD9xzyBvwuf`|V@4>;KglpHkW56ZI#Ttn50+T4PV5v-UkbxMif^ z=lLVRcWLadH}>5}`2LZw)YM~NxDr+tp#_nU_WGzEvJ%CR!Bq~}0K5n|>l-W=l(b;< zO!;NUedPN;3c+3~mA3M^E1EGwo=8f|k!b50=Br?QwPoSQ^i&Es{I@-qCi4*g#A59# zpa0+Exc~pQ{Qu9;@&DQ**VEEGTDDJ7p`t!dam(9 zVL$b*hn66Z&CN5k4b643g&y`vh&E?my0v&ikC|VDPBK3~r8-8(S?6`TZtRDvU=mqsWP~L;2PJj2$W{o{M&i-N6~}3Vmt)-M0n?(yv8*+i9N$X`C9- zf7itIpPF`6rYuTN_B`dqmpV}ZA9Ts82tDJ`f`mlC05LhQHJD*tV16T6E9Q7Fm?75y ziU*0jnqwyP^)Q(**pQt=eyqh$;FZrBeVXHV07dmgw&q|z#+o)1i#IZMN^G21n|I~4 zS2A0UTUPxriFH*;rMb1GR-6vTp=wGjQ{9~y9>uhnd_aDT&@`Ak#Lz>9@gHC@hBX+tD>?+EE5o0+g;$* zxDQ$&l`6v`W)@p)FGN+y1UD#gy)MJ5twJHB;$BwXrn8A`0Pd{WB=!M${TD-Z{FsU3 zE9_aNpVJ^(&Dd;y8Mtgwze{Y@=9cT28k?&p!^EaiCuTx?W#!>5QM0jz10cAqt}+An zqxb!PG@ni%=o>P=%Z;A+aqC6~6!?%f8kas6a!5aj26bV(+f2CwSp}yh!(yE!TK1X0 z`@u{UUHa=@l``+i;Vje>A>iH`n)G0jKi@?iah)qno@ebtY%4)+EP?XvBamI0yqD|G9D@;-(dt+0n? zfq(d)!Baqf!sSYZqElx+JR9QkNOrn|dLE{OXYy3i`+yrVfxYhbIh z>hs+xF`v`cC1dlBkUh<>$Y#NmL1Wj@$ytjydSH8Vz9G6M&^xKVBvt+3Bkb~imFx)JO~-jII_(!DD&`!kzY zDZ96GeF|XumA|Xxr=vLH?&s_&1@whkYZ|=fDAI*>_{`?ezKfdN-pfC9*<-2sUFWdp~s+9pciWEv@9Rm)<6`Oh`>?vVZ?E8i(P@04vD|3bX<0zye?edAw2bLq0c; zpUw=o!r~9O_VvAPoMIWY&<6+dc9?=7e!n^&{1IpM`AULn;o%M5rJ0%UQ%mqe7y&#E zxUclYe?CGe9KRL1@xWgZ0krjDME+?699Lph%H9CL(bvD|IY z6uGTZS-GDq2Fg)x+DkxO=Bc2yD9{{4eM3)(8F%c}7MY~>gzp-hA?zjcF#uiN8~KVDqAug2 z-QsOfk|8rD;F=-Tn$%bd4?#^CrrurtKGwW2dt?;ouXJJ4nP3Xt^2xJT1DxER1_sQJ z3{266WE)0M7LOK9ur*Tb0$ewpIJr0V#X} zJTVqbZ*d3lp{pi=zwNc!+dx~Wp%i zQ5|16Q@9(aei#Z?+vwNo4m8Mr8JW`ba(p z(R-hfKZ|2R=N&lr609whR4VjA@GC@sSoR zejxXz*-zdqD)liGh#eGlT*!;5%^lYd6l|NdNVxMj;H<{?7>n0=>GwXzc>MO-6yJQ_ z`TfW|F3m|;oGTD-9F=+(YoFus`=5n;O5Q_xn{IsbokwF<28ViZdJgur;!u+3;5o2F zA69>zt?h{nvDFv1k50eM{rfzF${v~A=zxc z5Fav#@if{c&D)8VtJhHW7iZpK-waq8zA zU7~j-n;mir$J-ob93dpEu04Zuy1a{3*vo$6aqf4kNz6Uh2*x*D#%KLauscGbbc|`- z32UtKkm;8|t-(FR0$2S~zqViYtc2gQJhCx(*N$!cRm2nmc^#J{!z;=p6dD=U_r|xu z2fiDU;$t^`G$YMB?iU<&ccW~Xg-2TIMB`nOm2|fdnEoc+@#`DBN;X*K$nDWSe*dR# zSy7yFRJ+jo6`Atc53GG^tBr&fB?Q(0qJB_-7!tQRv=BSLcP*8Vgc_vy#B zy@K#+)H~svidWOY+l3&|RJE$T z`{ae(jrp?k*09OvDS-zNwA+fyVJ3qv4M5Ob88p>1$~*j%fjGshXFMJ+Jl_FD2H z#QVeBjzKr2wmYQT%&|3hLYV6fgslTEvhzeozIZ;SFM%uzT8|#ouYR_%uMlcuyDw1i zA=C*bU#U-Tim-g;D(PIceNlA35AMzG{`_otAm;#X_r0GoJs;>n`ckGp!!g3e#N@`& z@*eFZ@#>8LgHeLJsF9rX(_UwnNf7CirNq_dgigCUzMDZE%WbH^-t1FAb{W{lVTh1i zbV>|ypxR4-mKXUgRnI`>3v|3?8R!Sb7FyAN7FBwGpht`I@gdfgFYXV%iZ#2AwTQjT zoyPhRq-t6${Go5Y`LoUKhkaMR=OQ$2rAb@$tR5Q&Jx|LlTIOK_i^{!nR`Rv0npva2 zakFxT?K8H=zoxjHwK7TMr(qJL)P#?|Iv zb=%&Av$?0g4{xVE*XMJa=*gNXxh5X=Zgk=Gekq!%#%&?EX)fD1681d%jr`TtYH8n8 zScm!TM75bwk1iO3X}~AHlqTQ@wi3Fgj_tI`z4S4wWnYLue;ZkHFZ|Y@^ltfK?N=QQ z>Fbj$%{^v1MWhUGMwMg_>gd&A?Y*~A|dC9w}VH*G(v$fqmJvY zsJQ!K?Q^ByL*@s5(RW8RzpC%n^$<{gl{*#o@Qwy}gtCeX3JTA`gl&}9It^t}_%M^BoJ>T77dE$sk&z2Dr&#huKu6lUi z1u$6_lxgVlr+#6fWB${v`r)WbGjx1H=Jo;e%Kgye5TBQ^z6|sps2b4#6oXc*!Ro|9 z;dE(if<}G{1xnlo?TJP{T%1=(3x(wj^je(HQjh4*n(6hH=(<1a`7~x$c14n|&n(vR#QbpQx04Te z@-}AlN*#Oorf$~5`j`650i9x=nAkT=LURIqH}iAbU@+bM+szGIG2`Y!v>$YZ+#$k+ zV|IYI!^G_L^bDHNL>v#7{WLkkVIOn6U#?z>wC7m zeKNrHLP}c5MO~#@r*b~O>AX#a^$E=cVUc3>6OBZAnxv{^_lI}$-Scw|hUN9Rn6rTM zh3pS;owQs_7CZJd)p88HHlrjHUxQD7a4*Chrg57|k4Zvx zuN=9;Nx!H}pKn*l9<*j%uBF`)n>T$M=v1!WTms-ntQ%m`b0_mUoqx{aV3LCB_x=iT z!LbSH<20BytLjUG<-%chnsqn9z%icNF&FV0p1Yg(`-FClbsln~^=~G?{w1;ebXX4n zC>7HwT4ZeFY{Df!`JlDf5m3@}Lz%x3b&`D3`gglGwMCJR9cqi+x9Hy7S6jT3Sld=? zH^Dqn|Gu(!f%GkXCjw)|YKpI@GMFm`lqx5f@?mU<9*+4nh8v+1y+@TjrGSho=hck| zW8ur(Tqn;Xl@3?Rer!wakQJW%jj5uyQXgV!j2^_srpG>@<$k^+=QH$d>dzD_%DBiI zp@f-W4WM>KYPHe5oT&|aK)eyi(8Z`+j#*;N81HALcl1+`z~<<@QJi!@%Oi)EhsR!1 z&8}+pl}}lM7S8E4uZgGuOmbKp1rq?TAhidv857&iKu^DWdpmWQFz4^^*9xAcs(-EW zMc}(6wn)GQPDv=|=k%;Uy_NaV{x9YcAE7aM87BK}zq~0gyRsd`=+;6URJMC3p}(75 zAI^{Ob}>`(>Rj30!sv%T^uGeRGanJ}DT2Dh3r1xkVq;>(OD<98SvSi=M|x?X#E*0q z!@MMrAkVF|E6FC4|y%3SR%NM zvr-Cslfe_maeL3TWEpN_|Mnnr$EPQlfxTK(TjXXCOkn?=|Dd2pQkOxw#)tB^VIL0O zNlQIB-r5JTEUDjerzP&Er#~*<<+Hc`t@l^KzS&0sXPwQ=FJ7C|X!#XQ#|gxUTi*Ib zjUzYG>OXex?2aX|xCFi+YOd{#eQvuRVN!Q$cLItu02J${OwFElU(^o&2a9+d>YfNo z*~FNuz96PKSg|qksyGsp4GSulcq($TYEW3DciNZj0qCsty>u^pob40Yv!`(fv30&=K9U~uglp3)x=4jBiU%q zttbW_MN3s;!mYXhqXrnvATHC_ZlOnVhN~qt`@ibl?JxEI8WKn})7nn=yY6MsOHdlC z2Ufpzoo=&{xarn<(iyOG0yFwna@M=4$;V(1=_xnm-V)%OMkqm8_->9YE8ld(;k|A% ziJ(3$wAdN0N?9%Kxhd)ID#!pH2whmbYuoE`Pd`x2X&o#@uOh zvrR2IjDS4|bbU=^F{ibFdqyv%?g5|ht6gfx9(^r5S*QhQ!N#+e$lCThCMN@wsha4T zyp+F{DWmq*r=7OUFMWhI7YY&drL1Gtq#dSO*uQC~wwds)clva$0R;#bQ^!hzmBw6a zxvxW)yeFMzUs6TNr=Qib1=SgrFyp#4dz%6bOHyb^bNG9bdh0J=VJ6ZZxZwNxqi2js zA?tZu`BG=a&mGq8KI(3XFoQovl@WgZw?oa(u$0Xq^G|{`}@*p5eUoLl<}>7 z-R0BF}pJ`I5%T_>@puPf*1x26GPwBc#dUkFH*#4~eG*J)WBMcyhAsvm>_m zb%uTHU)CJJzld_ufOujBq{MaS<)x>|@sX88AE>pev1-p4%s!_Ff5zJ?kSUk{qmq@+ zG^a_=UoCYBbfZP#zus$VtMXR`mcwBEWbMLazdwb*S`<&KWD00V#W;q4k)F!&SE>YpdD z|Bqw$|JNL_|1ToT|64cnU75e5o_7Ajn-(rRzg)W1*fU)hnvv57^3qYg{?nzVZvCl^ zO7zRWhz@qXI=0aT4mHfR)Hf+6_0A4dz&?X^q86w8!>0lv!ymYTLli8YOF=|Z=6b2R zQW{+TA??y7JQ6?5hGG=w(VW#TykNuYB!Tfh5 zezZN{oLmR{;^qJJYmlRHz%cGq5Zc%J@pXoF0vq;hy-x-3;X|dg*^)l{T+rj5@n~`) zdH+!EKXLme3!T3x8yw?Z9jynk&rKx5zZzunty#}J5hATgq_F8y24kn`xw$w3HJiJj ztai?#ccQ(Vg!p*0rEMv_3OEy7*46o72Kx5Ewb`wmti`5Y<9vc4^(XwGbhZR0l8VM5(V7C5&iC+GXbvo_l( zxFvohM61;w*T~6X#sl#k4V!D}?_alY0$z9*3h+-1&X=fd<1VkiFjkOaV=~Lf%v2&& znyuB%iE5_>(~MWo&!f4QJEva&v;hH0RmUdI0hXm0GrtioM+Z0SdyR1>2oz~JM3uk8 z#J3SCBEi*87L&wI3Qkb;v6G{{v)#+Z85T$kFj`8A6fOc-UfIuQu2W0hwyA`RYJRdDCEuDAdR8%32`#3HS z%BKB3HHpB(?45Z6UZaq$bsM>_fb$I>LEh7XcwEFKJ4KpufQH<5E`}uwz2=ms$?{RO z)vwq1-hZ%rH#I)Es0)aQJTHs#d;IhlrpMAxiX5tIbz!jV&(ECUm)hGN{l5E}*`sz( zEVvuGkE($oa-XY^Dr@rF^7||B5!KSeVwnCac6I0yao&{1TFGxSvwxz&R z^(jv+Eg>F|4to+v^Umn$rn8K}HXyXft^%AR@ zwRPd><XOj0uQ%teFn*C5h#7Y9Sm_qBH$2bG; z>8$`$fVMML2f&kY{=6p}7|+V8b_P+FSRc=4F64%LMp#fIVTy#|r;R-=wgQ>q{uJty zxMAzUivUZi1m7CAGC-QKzRnr#zuK+?Nx-jw_r2to_?cgz%GnrJE@%4{p;gV7&Z3w6 z{ZdWlJIgYXQvCYA<(nr(yft`xmxDt?Y=*4?bM|rx?kG;x$?Iz_|8!WP5(~`BRJ3z& zVZx!Dr-gf(%9+5@Vsh-Hq4kjwS;ThfA1YH~i}F#)jbpu?o&#%ced_r1SrV3Bf0`p9lkrbIBSTn2rxF<&*Yv(_6g95A}43DPfWEv?g6d^uC4uO%5ir-7>)V;f*+E8fuNJ%w_Xgk@Y!sPSg`%R z5xqa6HzoM;uLkkGw@1AOycSEPy^w=#JKo`xPNcv8kL650zH%PWI{=sBQsnCh+E1Ev z;bHFXYMqlcp~{(yDC#dUgPk6)#^6^95g%L}A?hk(ml#{OT(|)M4?+&2Kh5)Z(l=M- zLBhIBP*4q|ojE!(*}=&{fN#KJXP*BIi;CivgOM|uOrfPEpO(0XE2r07EHD1PWhsB`Xa1%?>KtbR zw3?y09XBXi-p0dy=X~)#zZEl6v#0WLPh>b%)@QMOv??LVB5TZbepX@W$gezgKI8%% znUY^mv3W1ZXu%{TCN#b)Y}UrBFV|>4-VQ#nRIH{|XwyqVc8&Y$7hRr48RS!%jr{HCVLD0Dv)o5MK}|N$tao zAf0Ggn$pSHEG^~GwT~)~TD|__b>ekjE{JD4!(~lqoT-l9^T*rXaqu&@nmj-V(XS@_ zwDcL;WWgj9*4)ulXnWfCja#9y!EvYQ(qd*#&f1*EGG>m{7XVZw&k;vB<vS;T_^7MirZ z04678xIY63iwNfk4o-Y9IS=yz(s*#(Ud|aDV`6f$S?&LU0h7q$k zw2-fENP`Utn=JO~Q5K4B^X;RfQlmhml;wIOh&`z#>c*I%gR5JZh9nrZYDQOF3%+LE_28HjQT|Y*(V@cq$Wuno zIP|5FWi^bZP*djK(X16P$|%=iecWw_nNPPT^rufI{X?&rnFb1kndCfVZT8`Mi~c|L zT=*=syM+%^T1ikxn_W0Ndm0bvUjK4F83sywJtT@SQOf;QP{flMVyW5a1#$l{I1fT{ zqbwk^s;B@@cht0?h1tz>tNhx<0jqH1)P;`V2m3_8&S1!%4E>!xlh1c_3`UPZKl2<4XQtdPAjdE zL)r&2noRwnY@<1snPL>NylGpJPoGG$%TZ4)sYVvM$yCC{*rxS7r+H6Y2UreEfG$nBN&H}{ zjvhUq_pUZbhWfiBbMuGZ9kvHET#t;lFd=DV_}87rH-<0KMK?O`e7ppMaW%&iktl6S zVv^Zg^F8YszC33(33#H{S(c>4;&j6<9_8FOvw@Tk2n$i?M7l6ioyV4&>&cnO?9CXN z7o;eE4S?UsUAWL$z1~8AsK^-W2Xmf_Wm6`ClK3;o)`cGL;0y}6a7s1TQ1CzKOhREZ z<;2lP)dSnQA?gU%{XJ2>=pjFJQhm(TJ>$Z&r%$Dy)Q_ST9PH;iTZsi$oQ?86rxUl`LT>J%Ie}U znfNmaA=S6|!l-_L!jdK6bYTEkuHwX0m}-SVUxrhi*rStk17EVG{hWOD+8x@+07!A_GAwa&ru`N_rSCh=KS`*hTA z5?*`QI@oN3o!7Dd+Uiby1~20j<9LOMMN-s~T4%jSbOCOd);7O?odIXD%{if)pQ`ET zZ$$#~>hd0)xAN=PpZ04k9N-rB{G0db&^T+ z922yCs0242o0FgG4*=ND_0rah6N9z zDofSk1X#6F&%Ll(+LUrPeGs*tDE5~@U?5ge_SiMM2I9F!cYT>uMl;N2&J3}&H)*e9 z)6kHX*4xo+<;!tcAcp!-$ZXF`L@S%p)92Coj(8n8 z-+Gpq0o&pI(pKWDJnS6<)(3?80Djl;&c*p+&@+Pu;u(QvlQp^?+Bl4Dw1cw}SR8r5 z9<4Eb{LJZ((WiI4>TBT zcrzF9*gv*J%kgmg+7eFa%FznJZ+CwxtHm30+&SRNe)sO4u!uN0akg##&NoJo7jp(C z+M{QIfMt$h#c-EO*Q2NLD>IH7H>F&ZKM$jMUFNz;!MSy4;yG?g5@Du1#=mkSDeAI! zRE3Ostk?ALwE49?^5}Oc9?d|Oi zL7J8rYb{*Yy2=Zsjk&4ev2tS6Q2L@0FZ-XKD{$vSATyJm2b~(Th_eoYLRoK_l09F~ zwE?u9?xoIA=v)kaG0Y0Hf9Ci>J@f*k14Clta!y*Qir zhJV-q?nJb~JNk1P%AHBqDRrLZ+0`*75>SYyy`_$|T30I1$Xjf&Xyv2Y>f21t&vf)t zPPOA%l6Hi>Zf@2W-Ovn;kJ4XuyRy*(Bs^UW=|lS2j9_wDB~`B&An%((DhpkF6;c|c@B z;9)siOvnY~R%GO0d?J!p`9%WTZxBW46BHxJo0*Arh{O>rNFJ)^(={k5FDsHg$6gOX zkc<4N9j#8}E0W=kbe~lS{r=aJaG|6|Zh}ij$Kcwkpt_R$nUpGjZV3a;&)|?#7a2X* zif$`TNZ3SQ{6TD!g@=we5PRoyeqti5q1n1t`mY<42dQeQPLQt2&a)QB&@*IRy&A!$ zgd_3(3@h6Qinqh@kz@W&*hx*t;y`^yNMT{wotO!?$0*UXBQ!j&2hnJv;#?ovagpF- zMMGZ!i&Z<@)N-nK*T!SbhUKb58XQSg!k9w-<^sUIdu73c;{`@ETs%GE_X3dmZprUP zCdYMG+B&Fbd|yjFAL^feW)e?5-nbm_&9b{7>>wikhj&Fi1xVe|>_z)E(|h4Sw2wbc-TYHG}>0B+z0|;U9JTO^Sz(%G)=Q8DxG9E zRZ;o;`I{GTK-0z4{P>!{mJRJX?JSSJW~hJ#&16ZNlspIMd-$M1IY4QGnG~)#QiKptL^E~)kB)(0rI>?T=b{H7wMohuons| z$tb04&NVA}5)NGVB)4hSI&=Z=VWd+{=|&Zlb8*Yp!9O1DbTJoVH3`P^3!!ahHsj4S zL+z(Rgwyh5i>x8dxAeh|M$MO51DLIoN$5C!oWgU<232 zs$xra_baNoAz60`N6h@;r&L9D67^sS?0*N_Mm-)maPe;bFm?Z-(ddWpU+z2y-nxBb z^rPHj>n9ew%Sx#wUwNL3oqzAv)C(WW9ZP)kfQ!Z9YU%GRZ^aE>g?Hz?5f$R%v->Lj zP2;z@Uq3vnnVTb!AE!OQ9|RBFPnkLW78u)iFf4;s<{26Wqp}W74v{DOE^M8q5VW(` zNb^NWOp=Av_@M%J1bWBW@3>l}?P#EwE^$)n+t`p0UmTRUAI==R$AjF7)r)a_%Pv|jYE$MeN*jNNjd75K=`AlNy5nU z@zn!NWyLf;`c90iGBsx`e=osJOxiIz?@<2&wLBUVW|kHDa^y0(!?bydryer5=RDG8 z+eyW%HX!xKERwJw^8-p8P1Cy;myaw?~LhD!Z5oSy0>PjLEftHdp{!%spEw z3$E7X2xc9|ObUYb>iNdSa2=mYh^>P4zpYHVxz5ancU-Vv{`xBHy&LwGviC-5(=y~t zg$>&}=n#H$=r@L9Wh3ma#mx1$NSLQrciz%RlC_~ZFp-|o>r;6;!_ z)G3-1KeZ79s0-h(zh7g1K2q>b)K96gqH;imG!Q0u(_)Z}+lPj~oWqm{poExqy`LQ{ zmmeai{go)_raie2f9PugI52COJBT_gL6Gf+#-pc2%Zn+PjmINYiswO2mT9^A*urwa zGr(eC@EpAEEHsBTQ_*vn!hLv%I;PBKDROP@%%eMGndFST-U76FD(}Q#*t+YFE-t

Xg<7jWg zA#XN_M_rbQYI~S%h&<-UInURuB6{E!T;RQhb%#jQ>VY{vEDKS;d$dee@p}w(RTN}E z5+@pOHi|>$RwHm(C6r~x;4f6kpMHz0NTJ!n;QS0Dcn$JrSR7R1?k5F0)fcS?1(j4_N%L#!{U z(D-BDMmcRW6b+gQj6f`qv+!YJY4_0L@v;c#O`f}c>rQEH1Iy7e6fE{ZN;I|lnH!;h zb%yFpJ`@(|&!Wzq)6^{pNqzzF!;%C1vp%Z|qKsPFj!;?Xb9C9+Lv=$XlQxIN*J{=2 zispn>Mm{T84mf%yTv{A__ieh}3fz;bE zf%$NA=!pvxJ1H*2*w-CmNlD%7Na8_Wltkp+vr_A1UpS5J6u|{t6q-YjNcheWo!?oD zY&Mns!j`nW|^YWWUrM}UFzV$9WIPe~SZJ`!--__y&dx1jZvzME-&7jw2B z=8v+Lc*aJg?B?qkZ1EYDWeUcWga`f83Q~kUg@OmPb(JGXsPGP``Oa>JKkpR8Ph58gYn zUW@ShmCeg>J>85qmp76AlTxZSTBy_Mf=?VTn?WZDaa741mY;sJB3H7j5S9xY5!jB9 zO7iq_{z5)Yl@3%=Mw@c>b~uzIxAAJFCl+SDX(&U;>Vr1u(K?uFbvD_uz4+Ai*up@W zU_)uuTeeyfkJ$IYCXdNT{K7P|*_ULIP)!p?!CQBqkh3?bpoPFFm*F7^l}#n07oKiC zHaLRYYv7MWHg@JL*>yIFAIj6h$k$|Mhb|8KNY1KTk*WD;&Ad_ZqjQR0%1wk{AS?Jt5YzSorT% zQZTWd6vN02x2dMx$eEApZAi*#m>^=7Fmo8i+g3-_&vh~X1!emcmVUysU~%zmr;fQN zYR4k#d<+V=Y3iG8F zTzxuph);reJ#Ee!*wL@|nPO3pVL@2bIRowI?nUFjjIgnAb8>EL+>Mv_-)MTA8=GSS zy~!*xXSj;twyK>I4a;#YvIy*Ij-B^d!3o;3Lj?J;v zR9;%>8nf;=f2;z>Bhk2`T6kV9Dbe3zD#lh*MHw#guS@BADq0-VBXjH7Gn$d+KVSOQ zZn{X5WV$#Wf$x5fq~)rL{L^+MHJ_jbR zwrO$ZUw?Y-)XjcUD)FZ>j(JpY$FjP{2-_Ia z{J{-gJu#H~*hB0ail=PsFNM|JxRqdg-#(Qx^R7C_fUUT6M{mczJoHfgYzkl7kPH}U z`)jYNkr%`G;^Jx-X!XCHT#)5?^%KTBNq;0P$Y+t-U#5b4HR?xr*P7*m?;4kpdo1tq z5pU&24_})~iTfg|V66swB7%v096JXy$KbPse!0k#0~5H$RYtRi%AMu?5Tl_bflFzN zlBlP-)iW)XztxVv!rFq}X6@`j*EzZat@Ng*8lwWQOuwHv3=;yG5sfTX6X3ng!-Rpx z^BK#9FtpjH2=2_x>}M_-RXO-f4QGS;Mo3)!JUc=%lFahy=||UT(3bM^QUWZC_kN}+ z+?^FZG*laiA3@^@LKB|b>FAH8xL*~b+*(IsD@yDxCxsV#1JzuEFr&R?Sa`P_B$UCA zb!#Z5X!3c(5oS+nSWLy)*H?7~iqvmtS|!!!?%ppFVt@}f59Bit+Js{``-y)vA>F0=uVj>*jxEa{FqmE%wecC;V*^8`jK3HvqB*`cPC0k>Y zu9^b@DL9P5v(=ZKqxI8KW6~+n@BHL|HM#awT$T#{a(fY+`cnZmXT(TemkBK1Cx{?{ zX_mXzdb@4nS5%a9JQxvN$#^K#+NO`?q0k;__&g?=?I5#)gCpVOM2y7ssY4I*yQwH} zFLkAb%u(K$u_DEn+pBiI)py1`rVFH?(5xV_SemKfSm zlb<^|gX0xJ3M$*WKjz8T$3nBeH~J-grWnz0#@he>J<0}m481V~vz^m9xC_b(Bvsw? zxpYqs@{se~K4uFDa^T@NIu5zRwa4RD#${Po62D2<6COdykB1KmqeYEv%bKzt=H9VP zx-2gK!|qf{&nb_7k*F^%;}x8_`{{Py(uLuMt2YKK)zoke+ROO&F<^+=bNiUVA1NqN zsm&e@yw!#>Sj`{5u2f^I{h_fSD0X9{r$dX;#`!@3$I6SL<(mWpNC7P;&+-Z1Sq9!M zu>6n( zwF#En&aU85K})taBjZ}<){C^Tw7!SGdaT{ST8hZ}o#bC`*wYfPr{tdg^all5pA()Q zXpk7+o{D+~WCX3jO_ZzY6p2@WU#mw6cbG~`aNAs#PS6t<-d`9(6(X^J&9rK$ZDNF1 zsO9&Qdd%(#KKbs*(f5wy*o~?WyALSw!vvt~-VN$un(vz{I{ULT-khsrKi3jAL&WLn z8Dl?tVf7zz#?Tl&T7u%@`Do!>&DXEE+J!9!2gD`!d&e511;)$@j}{^cnfz&KrGlLZ zJPw0~S`L8_Kp-u&Xv?7c;81WtsknZvPsJ6>m*82Ai`4mqpmaM+9>V@1S`ZwcK8TFru0-WF#JLyKObn`nwGKYP(y2lPDe= z7@2)&abOjJZ?x`KG7sCPY>C>}wsKegDVs%m@KE-}KD1XI-hD|2dhkCkLp>354(&6d zM_(G`mM>6OXfMzcijMqbJs;v>*R`v83$*eiXascTKi@ZvXPjMWXnJ_D_-)@pY-yG) z5~-8xpa)RBt9ny-l7tP>B31B;FIYYg&N`|<*};i&fn!LBIlnA%JW9rsv(BJ1+*pE; z2*A(G%A!8(5u3Hp#g3f+s@1uVwQkxg7w$Zicdd3zPCjVDFx-c_v{AgxXH>#ogDFaG zwxD2<+7$3-o;b#mvH06omBhIdHFKO>o~ExX(A>URhZ-n3j1k2FL{Q zGz!IdGrKEW9ZeZ<JmDbRc7wj=@gmFmt~W1w7-F9+$i09hIo8ka9MfgA@8BrG_4{$xOeIN|K z*|2~8a&pca@&YzW#$%xU^tE(nUqqscn20hu<}kGS?r!?|UZ>Yts?3oyuLciih&{?v zkKlfyQ)<-ub)vHWtpfYJrsH<|RYH=u29+hvw~Hx$mHnz2O2n8zT4B+w`cI-=p=T*A)Z{_Hdg0$w%8lozBSLOiPH|EWuDvB^0$tV$l#|M zzNt`kSYgMuTd%=V&{+J&*?`6Q6&fk-O$`@YOe|cGMBI11s*=FsB+OcCy1@@Rv>)|2 zzyTcK*W&wCuSdKF77=%aZJ}IXbssNzjgCvl+dC58x5i`v82;26=tCebgu2&!rd$_qZ+>)^G zy2-9o=;7wRRj|l#z3nT%rNT;P*kBKj$9&%V=6{N_nYZ0EISraWwf~*N7W{TFA!$+mwux)`unFM zTX&?`em<`=Nwd;z`TK013W{QVMX#cA)P6*Tx}nL%`RIyNhf1+=rOVIX-?FwV9~&Qq zP0le7l(wM_gAmZoIn1H``Th%8d9xx~bFyuXa0U)@v!x??+Zhh#%|chxZA&;}R^Gb7 zPz9ssd|0>?NvWo05LS6GIzKBA{fmZb(K6OZaO1eXqO`=u&e9L*3|iX5^~tX7 zfst8j?N@-hvE0AG)d0j>Sn)nb6v{+#de2X4dxzDzk~EIEls!lXN>To(R5&6Y}1 zTA6;4W8p|&H(2hIC0>(Xo<3m@JKCJw{WiHEpYbmO4fWX;$RtlCYrChnX`}P&YkTG0 z<2rI3I(Wx6;hCt4$=W^wU7cg+jwGhyo@AR(2ET^Chwxuh&u)xE{-Ge@wH7y0?``hx z=cLB^{THzM#n-O|H_)##^|Ek@Td6Z|EXxYVJJ1@VH~D7*Z3YeM(9LdNLLyy zAvyPB=jEcfgr-*il&cvE^A8`@?yiS8xZW+V7ND^;Vg1KaHuj-H#)gxYa0AtH!G0r) z5N){`;k`B0z4!CkLW8D}ptP_#>V=3!u!BSerH^^daJ^(R$yjJ-oEPhQWOGw)r8;Nf z4MpI|c&^JTI&8ATZZLDu&T4Q27u(L7gv2MomF4(7erzc|HIFk+xep?Pcb~%grln@C zKiSbb^6zX94gbv!GtDR&zG`(CB1`Z^!<#BJHgxg<9Fb`4p)9FINHotYsJZn+t74=J z=H#rS5_!dup810=W0BSHt%VWwNL21C=n>wg?buT>y#DR-;*1A&<1acAw!3$&WbAg2 zt{E>kj$G{+y@2O-t1h_AfoRR!NJC>uC*RpN%GbACN_nvPM}~C81$x64LF`#`%YM+B z0?h~NwY0REb?rvtbqGaZ|L_YK>%j?u5!;RNKP2djMb;1~4Fy++M6b_|OZ`#ytLKqI z!*HA{E|>Fd^!yw*y^B>|+tiJFb1{6dz}3Pfm-Sw^7bsh)j?f?RG`LNDn2e)_={R__=G}V> zS3aEXk9z20H2KbOJwMW7xWZs@My>LXrZx$M^Vkd}?|x2=5dQ2ms=#JHcyc*LeP)!4 z(XpdWtS1{PxRM9Opi|KZE0#eIaq&0Dso&xF?rU{;wJr{1FlbnDCLKS$&~Bi+AXti6 z>fhlSxq}Z#Uz-Cd!P>UL$f?@zc=6zZv-}J1KKIbR1%I>Qm4CoX`{8zo?)c_zP1T1z zpDFReVmdS8`9XK=K!&{$n?P5-UUSS{jWV+d)c#6?W^Rx0WTdPuqgSW8RAc%ylb`&Z zs1%QTar}0ky3VPD@=vPmpGeIJMv8FdTC`Nbw?`5xOPx)6ZA(8>Fw_TE*pkh*+?yK- zPq0;V_{~t?45It)sJ2*6TbrW`8KXBY@ohIZz$aV8r1Re<#E2vUwj8d(d&^L|m96zv z^<}$>tP)Zv5Gnas%jZ^*d`#XuhfH0b6n~cFA=BW%NHFRfZM>i6mYH3Vqqn zxQj7}(EYGiukBa{G=bR3_#-4qh~&G@N6&2UH&yUQ4~Mwv*bqc4Wm#_r=MGqqN+{iy zXkNnzs4WwRvJ*(c&Otm=(QcU0F~UfZuRJ#MImre+V{Fupi(bJwk{s9WHDIdRg!h*I zF4<^YM<%Crn4hDeRerlq97L#9#&`Mla9`E8(Os2^Udy4j5s-%5X4|dEyx;c4-PKC{ z8srJ1d-UTU3HkM6h{z&$7RWg2EB8XDFqvb(+&^g^St3&ASby}Uu!ra>xJ%bxLi_*( z?^kx!OH!V`!?QWiH@AolU4|oF9%*6C)T=!)Em`$)zwL|Sz$7)EG zbcs!dfc}I$5jger6ggH0Z?o=Wk}bO-y3j;7KMIkQwcoPtJ0I37u>k`l?iS8Eyh25f z*BIf0n4jTEZWPFbSm}I<4*%PgF|yD2vJ6}i>vH^Y)o`ry(4XO21-4)NWne_H|DY-0 zK-8vkg2z%tVp>xqKN7H*+$`@-3Gv=G=1(?!}HNk!#|^DEJ%9fGAFR2`H!ISUg;=8(a;E%QjX6BxGrB$b1>7K7q zOsz~~K+#&(Igqb%3cwu;&`g}a2b6PqRP4&BXRFDJ$>zT;^P&lYs4`fl4dkC zwCevlttV)CAekJTO+BWTrLYG|<65W-J#{``T^q&`B{0nle2?jxF5t(zuTD)B!!uk_ zGWidzpB-My0z7LIibHOL!oQ?ABn_f6PKurCtDo&9Mnt*H>O^biau$+rHvC%D@y{@W zcR25v^J@h@Vs!F*QvlD43+L2&kf_ru{=S|+8U4>eVsV>BKm~}j_)}GOL_9|8JJ0r| zs+7y(_a|}g{x7)`|NO&lAwO}NEoI3uGPhWfqiTdpZFc(_=cb*Ki|6)#;9dUm8hn|(D ztTdE*MvL1!&az?lIeVhJ7RC7yOhk&4_tjs1UkP z#&QM!qx21v|FA~W6F$3)uVA4L$bpNB{aXG%D>4cejJ9wYN+VaOEpQfjJvg0HkEC61 z`xrO)Jl%mAxCZqM%ek?FW0}kA=JqFp!+ij^Mx2DF!v-9N9oO=8V;Z@0L2jog5ZP%@ z{8W^`ns_qs+TWhNl;X6bvn}xF)gI7J_JJjPH|PfczY7BPx@1=YRMYS1R-TrV$BBGs zTH{2R^Q&G~7aDk4v}u>c&#*3r6Ls_342g1Xlm*eCN>3NZKe&Z_b$J-aTGvVC;3Qce zx6pt;pI_7i0qx0bZu~na4G#SU?X1kZ!1DmC^ZJa$A5Tea2H?d_j)7>hP)ycYXR_1I z?#p(O8vWpr3O9ff&*U=yL@uwZBROD}jajgkrgo!`Z2jm$O)S!m{duBzN(b&}EchF$ zgv;#W9;H4#5llHkyG1z*BR!~i9d)~SjS>3r9`3o(Zydz&>s3%0kTYL7YyJEPT#^{L zpRc)`&xsyj=N?=X{<*+c9?#sgl&NH%0y>XzxAwQSg=CejTHg>gj3lAJn_yb z?uiX1PM%uOdQ8Zlw(@8h!y2}yGaks}tb_%pt~tOX_K0J+%TQM$^#I=bFFP%G^lEdN zkZ{HjU}W-NJ}8!}?63;)2R{MjbJLD#flwj*T!N8UUG2a;QLJqd21l0MH} zK@{icB1?$bNkS2oYpyO!PHh2GryVy$w>N5xK#=fp!wsH&w)#O`%!p*BDxq_+)c#B| zKJdagesHpVgh#CKvNu5i!1mj7=c=O??ErrfMPV&QB?8CQuSo3~olX6d#RndwWtv~t zCg4Y^^l&Tj1SB)v`_{~Q>&iu_&hB2nQZ+HhqU8pF3PsaMmN4F1Xf*(w{Yj4oSS@kP z3HJny>q5#?(tYg~^+je3*Og*f>&w&19Q-<2FW*bPi=0_@99fa|xqej9fe$*wMO7Z9 zX8y+E?h{}w&-ngE%n@}oLoyS{GuFP|FIo_gn0`OUu1l#@$4(H}kg*UwHL6mN8q=L# z%6$1CnJJoKS#Xw3D-iME$t(>h0PC_w|GzJlqnAv!|BgQK-mp#!}@S6 zGyWj2=SWON{I*2ykmU$v(bVYYc$i}PyWoc^WcS|pVAo@Wk_S1GdeIyeU9ei7NKEX^ z(c;lPrv_A9E60=E(x;J;Zg3(V?wkL?J978GVp#l>O=+V^4f7oqXMSq2adW$?sd38_ zOFZs`7DQBB07O#H;$~@_u@;vY_>t^bKV)A8)V1|d_eE7AKmHLk06gD(?Z=%B>N)VS z43*5JU#J!CIcd$r6T_C6c}~9TvHXT_q$q*qi~UKZ+qKC|q**;?g)d10YO59jEJ(wY zXiBTErZ8*E11y+(kYCG{NMWCbIt2Da8IVr%&i>u!pZrn+&o}nSEH~^_h2ITQfgW;5nFv>S2#&gFrY#>zENU8a;r))EE_Z%}fZ#f8qC zXXa~G{Ux3lc_m+G@J;b!;k#{HI=wLVuR6lcL-(f$tSExClCtyhSB>#*9%)oMDO z+1nZ0K4*B~0ucT-4MJb+rGu6x7 zQ^Q~mn4a{#fFLUHJ8*xxWV2EU^kO0RezAWH-Iq!mJ%mlz`l??BLiD$LHl9| zjcz$HFbq{exE9adI|_U>~RVl^t!JD{V_<|kJIECv`CGte&fDo`MoqRV)f z&g}gu{u_Fr1y}*_^f>_G{%ift#w{;rp?>OQd=V7|!#Znm=JQG?H0xAi)2CosX}|?L zS&@GSwSv*QEuj?dnR=&~2^{atO>@@b&Hs#T)19lY@<&o@0OuSt$C*ET;s9`l>6t&t z)g&JbeEz?4KJA>bRx{HcxmWD@CF2a$+&x{-PJATJs9%ZvH{c-T#ZmM=H_r8`LZ_XQ z;H(SA9Juz(n<`M?8+5TpL zENvD@#^L&&&8b@so9UR)KZ|C>Pn;&^ezfIJj80qZIFk5cks*?ZoXp@C7c^|dXjx=RUEe6FHU)@MpmpYRqGP3k!e1O z`=YGxV;^z`>Y3}SK>tBY(4E<|t2QT3u$R$Hw`UMmOj?Q06)KW#ZCsF zx{C`?9=LNS`n|kOdm3q+@|4^a7pz_L zd>yTb4e}mjruz8?ow~&gr|VmX$e`6%xr;^P0)FmnVim}VExfaW)2-g7MQ8dfndJBX zJU(&uIrrp@+=Oj)!MMI+O=08z{j^#1NF+$eT#*$Wi|jjNSlbh3zuvV}V}$hsgmVY} zO{LXg)1dw!=`vQBELep%;3IPQdL`X9mlDjx?ix=0cADttgIB%2s$gNY@f0^)NPDRb z2aQ|=RY->{XegTYZMHbX@zvL{s`8g6z#AgGE5Ar- z{-9MBizLfd;wCzyy{m;JN8*R{%paNC_RZnnv#8_>DGKgl=X1+Fd)}`Fcxw+bNnaFt z7Ajr7{t=igkir8`A&~qDZ>5)+EUX~$UsI+ljt%~wsDN3Kdh^^DJmVfdF!2Xeiie;2 zsHn-z+m%71cE6nqEm)75hycv}tdxY18TL|;Bx187IM|-=y4E$&kUx|Z2?G3}ckgD> zfdL0768I&knyIQlP5f2kp2O5_26i1QxtVMi#nGenoCSsb7NfrQJH9aUA2R)Q3oLy* z(QcuqZ-4Y4Ttg&10rFT18so1M(Z2nlY6CaLulV~I@865rX5pAYU9r?*{(0|>+r_L}nFJA}FleEx+C&BMCUr^H ztKBUnKGW9qB301Mj>(-3sJrjGel2$a0)?xZvRpW`C&c&BH$IpT+Irn@+*;;f8__OX z6*ZlAhw0Bu@ez*%4-&_&eUKa#G@0|=h}{iwcPdyB6Y??_{u;^S_Z7=H@}@Re|D-@6 zp}+YIq`Lu#PuaS2l(BZGB30m|T$K{LG&xUbk&dK5z>Jl0VV%$S`JgnQH-E|(25k1Y z>Za>ekRAcQfj~Y_5RVy0aGg|C^r(hYKQejX?wFJ~^vOP9ye4=%M-}eaR~5{j)|1?r#MatSu;Od4Ir8mg*$3)FtLweiSWK$%1_a~ptk*`05X9j}>5T^Pp> z83gF}(U!WkMfT<*KQe4-G9TDXrZdYM72^pr9T*?pA0Z~5YMYn@4ckL6J(d@LAa9uo zSYYCB7AOT_JJW(>!fPX$b1Bmw_oU4H_1JfQb?wNF&9bh4SvLPW7p{~cXM-I(vDtZW zi72<)G>J0wqtxoZMm_%@v}K&j@W<)PJ}jdiPU@|)+JvfoROwqwnh7!XZJp&e>bQ}0 z^7rNi331h1^<7o}iz~{i%BO5`o#?k;f}rf-a$ij;Z+7WyOSOH-E{ibB*JGupc5?bU z1v_BBk;2Yh5l)AlVNK@X^+Gu?FS`fMip8a_!NC5Vm9^PU5|2&zQVDV}=If~vkF8O$ zaUAEN8hrcQ2g2*~>g(gyaqIcPj13#ljggsz;SBScssRp`cm2axE1jt3?v;snYBzKs z>HtsWTN^qWyNZoI6C#m2({Iy>V|Yf#RWr> z2&i6A|F`6CQzI)MQwymd2J_o`qGr{ee(X zwze`PLQjWsuX9xBA)n>Kj~`JPx!Hn0o!8&nz_*6CkBq1JbVgQCQQP4PZu^d1&X0E_ z4-JRD8R$rxs=!)e!>CrD_%vlS?c0nl`2=*im%lw4U$<}AYFphNvRIxeyaDKZ-R*9^ zyr~sV$ACgjO2hl7ahTnp+AY!uXLALkOkHu;(F+2jI)x^qu5F!$wx5@cry7bmC}V7` zTQg_V3P>rW9u!z46k~n`S8dA9zy|EhN4YdF#2W9*$ma^^UbX5o?3kU>S{|IJ))P6Z zN!B}>JR&^aTkEQX7fI;$%?HG0Aq7}GP~~6#OEL81C`0{ZsUAMi zJvJUpw_y&Rcg)r-ciS?!KM0pDY|S$~*z7U_8@kC$&2vg%DT+0l%o))7IkBV$P z;v80U8Qt>@>O~%h(#uBLFAt*o*QP2p3#LoI2b_KvP=D{uOx?y57BgNy02cILlRvob zQ?Z}Q;JB?$iJ8+=Th>cR5Lzy~TFsTJ5c3(CSu-?kkSR0fra!vWV8D32;p<~d=+T~X zg70&i(V8Sei@&|MMYt{hv`gcgGd`dm*jo^DY^98Q_2E{eu>CmZp_&sR04 z)V8YNfQ|Zga{}oB?A1Vhe0vot0nvhV*-M!atG`}pwI!Bye=mvOQx_?-677bpSJ6~M zyU{W3Ge+^QvJV(+Bm?%>>Kv@VI$hv{jz#5D(<)uvt+Zy7SbB!wkk7rqx2HuM|0`# zQd_0gyb)U3w<(<4@v)9V(p(;;b`7?rDpUTEBQe^@L1#0TYmwO)d8aqK{(WR^3M_i| z9<5~`_P8vX%Z=AsOJed8G%Kd(e^h*z&8HrHdFOXq_sYPs((%!@#v<>5w0MPx$t(D7 z58l!|ZZQbnECKr?Ky7%w(U7W3=RZ=od z2Jq?EG+Ea@CP|6z#Kzweg3TnOwI3ziRe`Mzl@uWJh$kO)4igZCKFtx6=+Yo@W2sg) za49v2yQPNqcSLTw!3lq8?#08FzO@PQR58T#Z67JY;U$mwo#xFwndGkgJVyE< ziCZ(RdnVNfaUZB-M1-Zq!G8w|Oi5BMOT z_y3fsA8c!%*9!wV3}{JX2u z(|NJ2H5>hKeqHM0GksjWj-z9ws*JLsO+!ab;MEV$&Si30x|*rJmWXj@XxmE0tjybX zDx`JfJmjV0(9N?~+}ylRNvj{CsBqnCY|&a$fUcKB+r`K(P{kFR;Okq>{R$x>#gx~L6lgiQIU=nRR$&DPXF*y8X_;m7HtjW&3b(pV(+{8ZUFg#` z&AJG?tqjLR5THVLjb%0an7e$hJ7Zp?jM==^;u{$V1KYzuZV;Q`2I-*a@0Wo&?L5`^ zu7hfg6cPN4Fsn@68l-`#!c&RCrFmurBBF$}#zj`B>vDVTrb4k4@33Z(^YLC92LIZ& za|*I4VqD?2i)|!^a%(4;wCzrQ($NGRLZfCe!{1*ZuF&6CsP&F{2pu{*{mFCy)y>(P z%pzL!xi&WTWVaUmmsi%E6{QMVa`INVtlViG2fQb%Z{3@EOJ5S_fGnTC)45fqs4<%$ zl+)&x>O7Fw_hsaGP^Dt7sT0wLg0+%6PO(_~6dEm;5moy@;f5ZEO@74nIhx3oN~_)6 z+$>=IP2QatXL68S&KxAXc2<4}%v&R?jUV#|a3RO#mKfATk-aQWtE)S>Q{%s~9++^x zIC4ScU>#i=LRxFY=5B9fh7uFc94+78d!LG!{-1)P8nY1Do8S-}bBAyZ|BvsX3H8Js z6)2p4YKLj2JA9@*zqYeLmlF{$lTah+^Le?KzhHq3PVolQmBr;#`b|RI|E*7?cv+U! zMk4ciLewL@OoFA+B6sOggY6ytF>q_jMZVQOJrCQRMVR~kl5LlV-Df>D32}UrOUFpm zbXPexgh>=Kx733&@O=B<=ssb~S%8LlJ?Fa18is@#oL+tXZuBkPipr{}aRQhAOF*=0=OSizh9sYSAmh)qpW5mwobqommwjWs=lOiHN6e5U?6H*@=OoG4 zEd9P)XiY2aXdC|6OBEev+DSR`$Ly@OZyXip-4(^#I-uo+D{%rwEhM3RP>=OsP21J4 z+}o{4cddgE-49`S z{;F17p|wKm?;(a8Z~fAy%gMgLLSry^jJ3TDGRx9pcz-5I@HK|g7$h_z$}1<)Z1!8z zL5eaz1~vxsxLZ3u_@tJ`xpB<~4TQ(JA$VD`zppZ=8^Va_sHR{WxtCavzQ7NC4H95$w85oxBUhCa&nTI97@XJ~0aa%g&p zk2S-Id0N_#^)@D3{TE%(IfYGQO!Bc?ll}cO35eW^51*IK^_o1GtrilW@Riv2_yJ)T?aT{E(ab zP$b&+#OM&P=l$yL!$oj+<ve(noAFko_v0D>+PM#)1UYdvj)`2*N?b%f5rPq&j_uy6@xPC%ev5w>g@~CUrsSN z(Migm%!qF5h9BEw$6nfz2%+Nng2CL#2bwzh7W4k!@grB1E&Cr?%t=9wx>Rrc{GB0gT8^Ufovs8YlT|Z_DUq^_6;R^**E2s>4Z&p zQ!0ztG!7d^LLZfKz0bDPu^yVdZ&hNyS%~jY%5A_9&p-QRfLhRKjFi65_0>djT)>wc z9lIW7$CuUJQ5wy6+&7cm2K$#{cWP_<_yQ`6?Ito?J$|k2Kdw2q=+;Fs##?T)F{h-W z5H05cJm2g8xH-bvy27V@Qc!ad)H3CI&#*BDB=P+ntKX5gy!+QK`gWwYNn%Ud~K7PnXkI~*;>Gn#XJ5a~#7*t!3f z64Y>}+l{$fwIHDIwft3~DL0?ZgDs@2yK@%VMb@^`KypH%vi&}fqk*#H!+n)t!P%Nz zo3`_>OvwB78uUy?ZMtU0mJ+1TLH28n?<(+>IZQ{c4p45>Ks=M16a)^^mDKh(J_RQ% z5RS8R{Nx~YN0+6!?;}gnz%2Ul!0hM;Qqh;*k?nv9D%r6kYSFj=Oce78ll)Au*u8p< zIQVeTzOTEt8&v0kSU?lS`C@+;Da1n6($s0RQHB3ZnrHSTr28b8f=a(h9BiJBpmsDF z`C5Vp-o+G2wi9O2wXjUkk(P`+=dyk%8fJMKZ_(I1hb#S~@ML0#I=ez7p^cE5=f_lC zo7)zKTnd=%>kUL6@$%TRbL`y)<=HrLJZFLuht6=nfbE zX^$n$mJK`NHvoj`%RW9JJ;`mJ5HaDPM(SuMt%bU5oSMER-UaP_BSzR}UTTsG>&9_F zUyjzzd}8Ntp4ojz7jOy)HW<_kK{z>E1-6%n?n@3I|5DT&I@+64`X=mjG#20a*@diIVZbcXViFt@X--4b9kec5v#t!PTRb5U|WtzczL!#qEH9A zL3>4P6Ml*i$VfB>{Ifc|ewoiNNu~EqgfI=hLzIiGkLz zy$wm}*Ea>%k+TE>1y;i)_lqpxyFJ-M{n%;%f;aBu&+`H+w7wR-mc~5e;rV9VQHruS z$ zi6h)JnK@UKT|M=^`dxH%y+JIoGF~ATTER9ynql9QRm&-b!KlI|$a7>*LE=2+% zw?k2RURy)->8OcVE!l#|W~Y+s0NYzrWJM2A%7P=lGaB$Ta@7_-&>uLu`?TMkoujfB z$7-LR*a4Xgrt;_(ay%U8(1tp%2Ne@gZROlwtgjUUX;M+W#sv&GvWMf10hjam?o+0y z)Yo?m7;u&e386hmC9L3 z;e01KLr-y9bZvXl)*7Swh#O3I+Ou zf-Wr%zO!6aDRAstO(-yrV5Ejm_m>!hDfHvj2DL~g;DpZ6J-12rB(EfTD|ZB6EM_Vt zHSTTRRLb2ng|)-P@81h;7Q$y{NTq{R(rSc2d?$)P{S0JBJZ%hs!rhq~igx0#n~flz zbdx0KRDIPP#{`ZWIgYpH$E2Mx4aUL(tC`?;6x%OAn{xj$6m$M6JA%FeA1o_X0mtEK zk*4UaP@qkRZR$sE+?W#C3-$Q4u@>UClm2bN!%2#e5xeb*lBQ7ri$*!4|3{+yYFN*w z-$af&t)~!=X^U9>NVy+E$qVn)D_^UNIZ+i^&+OP?e7d8apzAo^t<#7qtTEUH^6C|3 z7pMEC+jbw7s=$_S^>H5h`#$x~KyE!xjS#3A7e&lrChxI8&x+HY(_s}R>rC7366#X1 z>vqvxNMT`NLZ!YH>OPj~{xO>yluXctR)Pf#EIt>+yZ zw7fgBIOO=FY;kmT_^tK{yZZ;VIQcY|e#Ehu==bENfNN_l6jo*X@zjpUwPW3*hL_%8 zgmW4;V2?XE))}amIO^wTx)WzG5(IbtrYqey);ns5j*iAL${e*W6eR{-(*gN@+?(l$ zn1Ss5eT}D>FzPf~YFsY_Opd6gzb^D!8$054=HW%XL<$k-Z=l`+*ZvlO8c8Or$=Xm; zt;i4{F+X49IS%hs%m+OT2Fj@2hY7iiXlerbwQ*g{=2R0&1HFYCeOR~M2(JvxbtZ%R zVG!^H+X;DirtbOk@T6Jbz)c7w%oqFq&Jf*O+gRJTpIDMRuw-ihG7lTAgksYF>KH(` z>u{taFSXr^Wk!+R4xHWX$Fqa45#*la7d+|i0}0z|Z}TYq%i4Fi$gOd>s8Lz5Z9IU} zd@rGMvUx$mNR)TR7P0F)D_4jmH$x1{dtj!%EzZo`Ir%=@^d!)&FwNdC29S z0E*)R%dUWdP`nWMc1d;JJ)-R=kee~-Nfd?l^yq6x$IJcevwaRBKUye-^PD%3c^%6| zuSuU(-rQl%M~t*SrxBS0Ds1cxPK7-u01Nnw2JSXwPGPm%F&F7T{Xp7TtkT&X^V-;T zX6j+cCCEeOWlTj`mi>TO40ND0Z7Scx@$I2cYT)NLG3x*P6;g&S(Jx@MQva!F0IUmv zd=iYE_?WaDswcSTb*Zl;$7QM*rnx=rQ7=T`Sz)1-XSN}WvBNnnX;!Kcl*3f7 z2+UmA^nghjx>1L9{7o^Z-@J%b#XR#ujL*x8=AEUpR^480mJ^1%Z$+i`)^L$}mLH%A zJ;GJpmip&i!C!nzyf;q?<_N~epzk_3l>@$XPS(#!*qP>vl_lTLd9mb z^-LLRH;WhcMw{V`N{Knlu>PiU&v)F`8iOuJW|Q)~(BtOS-jSn(tWkmaj|Rb}K{zrcy*UiqXY?ct1W(QquJ z;z!AJt|Kbw=liP(zr4Al6xkPIt4{eT*}K^AY@&25(r`bghhLvHkbgCfcE;!_3hg4Y zGBZQKLG&z-5Bx$#kAJn1j+HEJE(=J8P}%<;i*p1T=*Chc_rBQ?pI~OM*jX<%~x264qy!7E9tMILrcK?r3AE72P+$Lbl1Lxn(GZeSzsy`m5WCpIQ%d+=|zG!eLp3aL>4PPO!h;!`8?5V#u^!HbY z#^K(Y&(Y$jKwahjAAuE=3nYR1mnh#%Ipg#_u}-99NT3TT#8<_%k(GJsC1W>XP+(Km5+KmnZr9u z`G*7YYTSugRyoH|args7G!~U;YhcUVx4!PxI>QchcpV{K0}FgMB>`*|F$rsz;)-G|UclU)Yt=Rx_y#eU12$nAqb6*-S@ z6IINxZd z5|PgrydH8G-+v11Mmp2vy>?Lo=??cb@V~p>rkY<2wY*KEFL(%HV=n5ELj9I+A(j7c zuj3rp(0f_@QxRP$@C4|zi*4ce@6`8F^= zNp)+leYWXKoNvhQNQFr?;?oQqaDIAo$HgB0UFY{=32u>q&Wy0I;L%Z3&SW9(dyXU1 zt9Cm@xSDd|ut%IMoyrE)`@@atq2fwm=Z$pmFUV!}xtC!mN)Ut4X#nN;y^IRTfTecW za3?#$G~@85UZN`Sl+-X6iWX&M3_ERtaCLK#%RvLjx}Hhn@1v;8*M^E~gf4mJeKnN| zOR&XGP`_)c%*futVoL^FAUQWMsu7BI4vWpS_>XjAk-YrDeVqOMf$voFa^aQT@U+;2 zzQtpg53}&1k!rOYXB3Y4V&z zqAzyKW?w7)q+q%JfoYPvigOqy>ktZgU9cx`y*fCgK;-RcQE!om&~X)gQ}wizXv~Wbyhei1Ft_sXun8y^he4C?b<-R8_0x!I^Ui`GYuS7&*&z zv9|T1m403AxI5as4?Zi@KDomp$FAp;MPIzRS-c=g^=7E(^>yp+{l$9fyMNLy{1h3O zFQ7x0AFW)0kYp7HwJ1gM_R*sY`Bw<-{vOZ_hN_h1@~Qo$H_SRM@K1NG4KH@Oh)62l znl=MCc3^stEt6`p9Djs#+V%PDFT=jCxjQ6yJ*5#-Phxn4j>p^FE9@7|6Qb5Lu+UJz z@x=Rg&TkTYYI4W>L{DZiF}cHQzkPfC)k()$B>-9 z{LtH+&zP^g|01;O*z;yG_6o^zVzivBxv+2RO^Wsl2_8p(qZM^{_E%io53(5JUCp;w zD84*69L;9E{CD@<^+Y=!)&@}OOY_@#5o4sBT81qG?YQ895QC4nj(!sC;@ooHK2eeB zg0*AEH@=nR4Y2JzFsnQIES)y|o?6%90y1|OIkq3-SFh;w_Z^a6%`iVLVXFcg@`$>h zgIr*YXnFn!pN|9o|%by`~hVr;0G^rGT?ki z-3({1(kIG}2=!rNVNobRH401_L#VhP?HPzw?~EX0@NiR*Q;VQOit3-EDRmy{kIkb; zm$z>J21iMR2v!0XEKZYG{zn2^W(~qg@t?B7Jm;Z;Rf$*L{~9zGnGoo<-axK`sD}yd zwoqJ&T&)-3OMQLt%l#_k0=-JaDBA$lm>q;pLxdt`q%){Rz5ehWflH+lO{Dqf+bNfK z>MgLZg;>8@a8;tYF4l-5r<;I~!RdA3wZrdcb%*TAQ)0fjBMJ-ck5B^__UR$l!!5ee z_JCvPG!VMb`Y+SYu}uN)PVO`fMY7;z9Uf__vrsZArKxFGo?PyNTe&U@kh$;W?s9z&!_z85LI z*Jk;gM~A)!t!J~akPJCUC$O@IKJ)60O`);e-ox&M1$U!Ab-D^6nan}1?$6xdwLh?_ z^~l+qBolV*@S+a1p@XY3r{D3U2=fq@9Jn> zQ#tU*!78G()+WR(HQTWLw&>`EtcoYA$T3aSc))sQW?mCamk4-2&S<{Wl%n2V5Pf+% zZ4~A5Wg3;m>;3i5#oBr%ey|Z>9^;&yLw6P{-NBBrswkVQP0(`2i#q)AZu#nNlU|YF z-W&qJY@!Ikq403?7Hkk&^R1X2K{xbBP^8(#y^#lto-je5sT)V~{y~N{2NDlqtC0Zu zb+ZFq`)PY723Ed1qn!}Fsn{mCK1|JXXxbLvdxL^kXua7s|9H&MCggIW2Gs5^9U!qZ z+N%P9o1^H6aC-}BzT%goL9Hu6t!tO~ciwex2Au~{Rm1bN$-7|R3;4OtP=+GMvSg^lnkn$LFin=0e$wJ8TK?RLcX2{ zY)b(@3U>@rM0CR4SEMRMBnw^Tj0GaIAt}~LhN?I%h zCjfP*737u{G?`BeNoPDbgO0%ruC4W?N(@1V-1}eK&p(!3@cieOZyAaYgr8SW)-|JP z@nsk$ZWa>_OiwtO?#^qb2EYf=P@0B}#=8HRPx?(Zm#tXGR!zN9qo-g6nF2zkr7^Yu ze*E;}Fup0qwtOxG%kTaaG2086)KgXe{4y4@krg=#sXW?L;V9pz9I!~8s_XbBRr}h4-*hXEj`pST)zAxHA#GnjBRFqH< zky5$`EJOsPB?svkx@*7yR0L!wX+c6-x`qLyq>=6(hDL@OYUZ86pa1vX{lXXS+YZv?s>{v$(1&6+PAf|m!AFihAgb4pNtyA-;k%OanxT72Fk$o zAMx;XmKYBJVxE2nQq%Ptlgkc*e4r+8Xsl=KW{Zo37pWo+^7#@;EQv;}AW24i4&W$R zeuY>o$mcsMCX9_`<6A!phVQX^uo62SaX_DWj7Gbcm6XWeefb0y`rqih1EXWK7O(9P z3Nd6hDU6X)%_0S#ny1&r*0xP^d^jQmP;{g6r6~^JjUq@B;IvAK6kt$A6>cq zYv191C;3-cqD?B5l?~`w)2H9%hTI!U`86Qy2}Hz8T^O1--GVgorSj1XV z=2rq(2dQudpIx{CSLiu&TD7IgtfnK6xfWKDQAq4iGFo2 zWv9n^jgSo2sJpoWh3qMf0}5eXHwU3togbgAu>Bu@g~XX$W22YY4aawo&%h1_R&R3M+$k(+c&WPB2F02 z=$Ed`;L?ON(2lSFI*j0H0p*e`Vf#Zv+??V300SB2fEH=5piYcUKJKpbH&Wx*@!-e< zOJrRiRX|T{I7qKg>>rILO&%KA*zjE7v;V3vilh_+MuPl)9*|}_CZY$0vW<G#=o>AC#->P>TNGp3^0yeaGzCb`vH-7@b^h@

k@8Wyb=}gS6xt2S+Xn5K$+Er&zbyJQA_eDS8%)sedcdi zBDN0a8K4_o`kgaAB!ZcS;;XOOK-i^X(CzXx{!UWRwMwaxWfJqf(7E{#x%^(Wx* z|0UtF;Coru8|Z+raRxF$D>3_&a-0-KY7Lj&jGYDwfNPLzwRVxDe2>=`5!UsWQBD8& z|IVu2u;Sz=uagkFz(^$p)x-z}nVGFgObHLb7d|BV+8J{?nfV#JzCqO&oMxja{joh< zd0ve!J_)Hsn40$@`x0M4WE{6fF+8^LwFTTYkgxyTe0z_YrvArB70R_PI^tLz0<#F> zIT>W*sc8yH^Yd%i_$jkGY(ol@RE_i9Eto5f#Vonnl)~73@V4>MYLF;(V3|!lqQi z7$*?I!#N3%F2MLI=iec7b{=}@?iN3DToonB*Wh{!A{gl=7fs~q1s%xKctjN{CL*)P ziS&@{nWp(2Uc0;!MP&3$^xux6i|-h~og2SQve~prtc7xo{)C0G(*)02aj4QC(77D= z_a=0%A~I=d`{UooLzLcQ}07hzIKI*>2@tyBqaIT=QN#5WWj{K5~M6}3c zEZu+bAjqWOC(!{j1Y~?OhiG!uxj-2n}N@-K-pTyrPluKBZ9EVl190J^JM@l zX2g-?Pv2%u26rg^9kARGIWpv%JS^@q&O`o{IQ>88U{7kTGMY`JmbbC7`R^uPyAfgb z3jdH`QZI@>Ht?=kbXj+7xQVFiKjW(-6`{NjW{B+9*=ZnsOO{de;6h1T9IvZ~)ZnsY zorrh`!;6Col%`koU{@6~;`V=!qacgidvUT(6FmkNao3z@#-i`Q;=@2bV^=ADX z0YtC7Ll(d>99?W>I5rNFfjzybI#ITY=~v_$sBlmwgFK80b71oTFzjLz6)BQyMT?NK zC8|WW(R=-fSiY}2!5ue%gtyI>mc{ST`5*7Yz_~u!gR;b+_F%9wjx{lep#{|q1!T0b zv4EcmCsuFb6I~kWw-msRypli~(p`=Id`ui2%Us|sPF=;~*67@t2N*=8cWOV5`l203 zX;p2vdHM}`L`dTq2$KDohni11YVmv9vderOK(c`gMi%+FR!1p$B@N-GFw(~W&E^({ zXL8>civ8$y){V??>dImS8&nx^EZQlWwtd~Jio&J}tyPH&I3qp;OQf?$@EeYn7BFw5 zoBd9bY9CmHHJidN%~Sq0xA@?W#fZ!hpyx&d>{J(R5|hpb1>|)Y!#gCr2oMiD59DLAvi`3{ zMC{r)E-A$pnf%TPD91wllG~Ls*g4l5kImPy5~bZ76~T3>Owb7cK@XMaGAWEAy|?_Z z)qg_Y#dl5~ZP>nn8^2$Opz>@FKV&2#=40rdSPhapbOE!9)yF&~NxNs&2u)^X0+vF8DDG_C}dK2ob5$gK-{|m}s-9_2`99z%-!nk`L@Q5|K7(@v_M9u}Of=UdLBoVeQLF$RW&{78Z=K*l7!kO?VNNtv4$Y*Y#G5j73 zodLdU$H}9g>8#wwy{TyDV{dmi_0yOCEe(<%iu=ohSdg)3qka&10eF*d^=jO$v*+b| z27;nu@8^io-rJdAHIk_%RmYVPH=efn$vVRRW)SOWLf#x=u*pwR1j;(HUX$_{TF` z0UMY@8q(*#>d15QeFD(%in_{6-GQe02ZJC&*af|2+XG+7+0ubw`yV%P1x$_%oVs^Q zv7Ykh=NqXIWav$ z2Kmo!>@in4=3|Zrt#*nex;L~aXd_A6RFAQAb+m=0V?1nN?xyzDBhANchztv1is?TRET(7$aBc&l%*i1?M zdpLi8Nt-U9IOUO8Hv@Xjy6}k3zb*J+eH|Ok|1xdP)^*%v@Zwk;@NMjecQ7T?@~*5A z5t;u&o%Txk=_@?}Nj30}J%@9^?Z+PH)~=sP-&28lLR>F>p7C71;tocL8w7t}9#-g? zZ^0euSJP0hQ=bddZN5CV2Sa-jE7H)?na=JHQdgGyl%{s@PVrKc=7W>b_osVBuY`B=MXzJL*A#ozY8ER4DfKw1>3VIjx5yd$wNbN6cc$$*E z*3*hBH%j8Tmv0K$<*&=+|~X3Jd||vBcCyKF@1y4h&fMCumzS2 zsG%5*V$ICWRaC9xH%k0(62&LBXtrkGVh=kS84?-6^BY@D1dyr}j#Lo&Y5&(FYNKe= z>$0;E|1(!IOZ@R!0XwW=e6} z-wat(@Ysuf7Trik@lAMdT;)()#U~YYqTLBKP`r`T)lhH5Vp^}XD>mv#Tz~UnQlbN) zWZ4tnUZg0X9DCo~beFHjdV576{iu!Zz~wuRrU`lhf-)Y4Ya;axdBpuv--D-`!r`u} zQI#$p!Wb`sicP^Oa{@=)z|+}X4UQvBr{QJdfg zA+axJ3%#Ph5Yrwu-%4ayQ48=I+fTxk-9pqltUSUh{aDeTpLK8uyMUZ{>3%6_%#Ghe4fUz9W4_ zorIyEam=Gp(J4nQ%sMzZw?Xn~WvSUzU&8N@1#m`)^bhyC$Jlrwo2K?4Gm+e}AywR? zDumO)&rm&kLUE?KkNr+hiS9W1cCN%h*6^$dpKh_ELcZIg2i_&9GtskOS%-2tuVx`N z6APX<;S)7euM?K6M(bhmVykb`OMb8FCZYF&iaHY=2IK`g zYbG}FQ4tr7_59$kN?uGeQc~8gQ7-#xC>AZ>B6Ule# zjGJ_B%MHr=0_N{0MVpAiHNxw3<}qA>n>BuMFn7OBYA{Jk6=`5lVMx$oc3{MEAMT`x z2?W--Z?5c#*zunF-o+ccS)mJKa@#nxM*djZx z8w9*|S?>N!rcf-tAZ}f|#Jh9jnR23Qih(y=|I%_LW1`M_){p6eZIwG?sI@^xp~d2s zkU86z;#eGeoK;r>F_>KuR_WdzU`oXcD@M;=G2Zn*uygmu2NG>IY})3Ngj1ZO^sVFO zVFy3o<#X%0kDQT@LkrnWFGa~aUFIQ77gA&_ez3;!Om-W4hqx{lJN45?H%n2xC`jo& z>10C+ly4ZKstSe+Kmt4HR_zBQ#BRb9vWLjY`Dgq+O6~u$W(J}apB7Jt$6(l8DO|e@ z7cfdRZ^$fCib##t;yb7~AmmTr?0T))Eqgx9j@8t_8?!ph+imW6czdpR6fp=6Bsmx* zuz~6+LO{m62taCMpm}!7ig2$^1tRoq1 zeP()=yS|U_cXymC736)nQQ{P+&@;zL6T7|J_ACzVB_CRCGM!Vx3`1Yn3T@rtK7{r~%WC|bxKO8iR{&J9NV`}0^TCR7oS=u2 zac=Qua@_ieu*1YhI|I?%vG%z46uy(iTO8o0I9iZ)4AyAQxH={lu8vx%F|1yYr9GXtL&HCC!#fnH5Y14Ja-ABzjZ3`&bEli75X4NbxY&O|d zxcojR?3Q~JCE>l1-z{nkP8E&`MwaHl%A9`26m^Ne!tOVhJ{{Sb6L*{W#95+>7#9F` zixOydmW0oJ+GI?K9=xnj>$nt>z0S0O-dLI0gSngF$JiCIZil&n%3nlhf&&>ua=qcb z*&V8@csh>IRe~rGK3*F?YsC)Vg|J*mNiB`%%^!&t#!>>G50u~+tNIfxTAxi!-Mju0 z-oPbCyET0B81(T*-CFfF+34S0M72q~Kfffl=53R4&{R2Wewey^#Hgc_I?XOp41Za& zuv`YM_K1Gc7o5o`@}xSC%gIf+tb94@aJ7$J-`3SCHqF~9$f_yij-rGdbv~!@ruLCP zRUW=EhcQ-Da6-IjbHFi>@7l0v?yHurq_G?a#-w4#tzx=mjtV(GLQAEMqwf*CZ73$V zo?S>}UA1HAp#sPAbIdB)(XMMqD^CJd&5!+MzO?IZ`1yo9ae{si-8}DsmFHq>q@t6Z zg?z9mVn5AkUXQ;bFcV^EkLT1y0%}o)|56Gl92k(ziixP^z*bO9D#aa(EtGFwtYUEi zwh^E;=`YZBm{ImfxG<|6FDi=+N!)%dm!|`E>TL&WCsJJ^XW**q{LjZp;vJo>Y!Qd7%%iLHO&yXj!3S>~*h zgj>m$3$I;ZfdE6N2i{nr#&g*L>oTS}@h4#^JxQl*robic+CcS7-=)KcLh}u3%@c?C zeHxzSvXHo*mmKmXUdmr4ONz9GZh3~dvs>bem(ftUAgtbapWxm>P-i~ZM0{SH^zLMO zS7ep(=DwUQ%zG2%->I))KCrzn2>IcgW+U%^9Uy=Y-9T~6;kCOBcyljV#i-zpJAem{ zV&(kDnW{F{6jZ2rw&t{jI5EQtjEdMYZF@er@WhE^=ON(W97Gq-?X)$<(6};N>%17} z=?awwuGO((2kYd`-jLMJ?>p}@!>tTF9jt8*=mtV_Ej{)$v@AKLHd0UJ5?f{yx`>Bw zp_6*^bD*QAb>(dSM2Y+3X7W}>bi+_nX1xfs&}h3dwk5pzSyqx{rt2)Z2o#5V-_pDE z%{Q^7_qNs1QgfM$q*?PU)VJq`*T_cofPKP+W}&{|z1pAt3Y zu{_ARPw+2}E%7llYi*2W5qnw`en+(h>>f4%s9vn2+I?m0L?U?gLV@FcF*XE`K~fKf zN3@#!4;ogIb7CTCrQ8NQT!>Yk!w)6cEDzH*JMGtX{tQ3f&DSp@3^%V42M+g=tabL_ zgNW5%ALy3GIieWWH@{h9bMI8wzpuRCnU|r(?PIapWP`Noir>z3h|5c;{&V`A^wCOX z1~a;P5jU(TB3aJEm$|l5fu;3z{C&umud^BFq73yuc$1x^y0<#;kWcTPTZ*pZb^FPB zpcZHixewy{LnW)zD)4^BN(rh5f#w5Z;Yx9L=@OuMUdibjeP>sFV~Vf_l4i3h z6iGEc9d-j!M}M-?yM&~qX2!(Wo2hqGTzlvhqlHoS%l!%iA__f0=lFED_I&q#kGRAM z=jb|ZrbIGY-xgBhKFFtpkn<)W=Ro_3pNYjfE~=zJ3}``^YL-eU$PPhLiL|@|#xHtK z{hy-hK${bxwJ2Z2>lJ#?_Yt$KCtngwWveUb)G!}8*jY6LqJE-tI;<#X@$iB^bI-kH zMn&_%JYB^03YT=voC**k>EvsKxhjB-@xzyAYq%!UNT={DT{& zA|9b_XrhJ2`F$VgAgz@2e&Cyen$gY&DP0`~?we}H`4*MM$)B7&MuTH2><8wM<1Ie4 z(4C(Yn@YJJ`}67P>$%qF(n6C4MD>KiGZf*(3{e-yk^p6~ZG1?Ev(lHMttbz=SZ2LL ze-H4eJR6!KhVeo})xp)?>ccAG!&w(9C98`3#SuBz%(ax|D7}#%pyh0H9^p9A!y$AO ztIL4+8gEYKcT{h$3c#1PE{@Fbdk}KOXOy(lDmw}!WdR^vl6NfpM@d|-=fNX?-lP86 zy@}$whBp|icw zq;{+ow>A;UjXw%;ym6vOIs0diCilXiNAt@0N4-~Rf}2D3e|6b9aUX=#9L=#%e;^-z z*mX3iuYA~bFzGZTXZDHMA1OjT8kw(S|67Gr!l?%d2zY%IdFVfXL&S#AL5R5o`2q7z zpN{xuEr-}kbnLo&60%|!o#2XB`Ifb_$eIA{U(W#4!kzF0P;q6OJn3~phQeZUNN=EP z8lZZLB(UJ74ich2Yn)*-&H8UUz0abg{PBx6si=uWwY_0jt8bdmQG4$3tx4m2z=4}6 zHO22Hv$hB}pbo5!dV$g%aLG`R_V#ON2dQeyHc9I`^$^g%cd?xy>XGyjBxRomUDqZk zWj1|QNQF-Qr_#3^)7;v3>0C(rpRzqDcJY`L7WVr6@Z|_~rW7Wam$f-M6|NyX@gD;@ zMcQhkp*^$nSs^9KeIx_Ur*#=OlAanrdX-x4oE#ExF~d>6OEWZ7>*n45HtitaYXM+# zUm>Fx`8*n=q&MAPnO`V^T_u&(0Oev%4lpC%KxGlzV2BqB>1!b8Pm?Hx_MU!i`O;=u zRmg`Qc8qbWNK!uzwfqgnI39t)k=rc_8xnuF9FPZ%AYjZ)3pI{Q36aU56M!2uq_svw zaJhrxPIWK(EAsOcpsPX`@`caqZEV6X zk*1Jzkvb+IEC`CWd#QT5yriG63DV?^_5$Sr$OtD;z?FFveBudfQuL*CH3!mx3*a)6 zA@Tc3(fn+nyM)9athfPNF-=F6a&oRyAXWbgT=C9m=BI@`MSrz{F}hgC8u zsu$o?Kr+1Bd&5jo|GPfS1Pplf0E+GHKP~v;`oSqk1K$rtd0Q?}AgGS^Sprm4YK~rA z7d?=!-{S$}BN$xk!X9JEvGxJNHfW!*BtQcih$tW{Z{H@Y#M!36ysxaO%U7=S)q~ne z`RO6ER{otij~f2&>{l9g#PQMNx1z9AI7Toh++RiDqN>z55(*tDNC$FN0ewU^kENv* zeDC{?_s;$Aoi)bPAhqbLk)Y=N9sY(;EYXu(hW&U=@cm!K08}##>AAMXIpmb-MDCs# zB~_xX`zeV-v)<|k;3(uT18lIdK|qyw>~+l~o`AG!2rS#F$@PyPZBGL6_cM#H$hvz; zaW&yr6QC|>^==W(9(Zoa+N~D=0tQUlKXHNO%tLui4=gV0$YLU%ByEtWQN{mMh5v7! zVgD*o)yp3MQYq5sPJXI0Fpk|f3wI{JQ+{IG1QEsbnxl_==5ui{mZVFD`dHHw=nY|m zVo7q=3hbaVPg}JK2#@}t(dj1Qd;%!u%;O-{(2!cv!1bPt)Py=?{;#~0lEJii2klI% zKA-|>1Btok?iHj=Wa9uuMUainH-=l=MR{U2^QcVhmO~j7O=vA%hi&$T8VGIw`KDk8 zBdo;o5sfg*R8i~8#&%w7zX7HR6yS(Q9llNS4D|IsVq5nbl=kd$^WANGF>RcLZ#^6M zDcE*0!LEuhxC<@!7`NuBItR7DvvWL;^TKIM*&g6ANg{~VjRQjYZ2#My;d4p$t^ESL z3$A6%Ile0&18t+7mjk7JrXAGSj=C80g``~9!--XU#3HxJX_ZSljJ1<72{Am2{_g}m zIkpT^Z?Sy$dkG<<(tCWVK@8uU{1yq+)@90Mur0z~ASg^{lq}s;dj_%8!A){g~ zf3s1TGvT6CrhqI=%2!%OSAz9^v~rd~GW^JSOHt+m6{$HfqL zv*%rOoPm@Rsqp9hDi1R})pr{zz74GD-O-+-4PIaCCxji+H9bez?oJ1PONy~Eh#@Fc zA!(gGGku@RbPsgRw;=WYsO2kOgUF8qMd5EPz){D#TA-`%)Seg9UUnQg-nDKkEc^+_ z(T}B5TKmz?4~gCrbL$L*Sfnd&vU*O%t?l_cL0 zLb%+-fydAJhgF4+g>6roX%^fEk5;S5uiUq6AFNU4biNSSk0y??w_v*@4;n|~cGln1 z26?A-&6Ww5Hy-Bnu38=Ft>e<@5T1*(jIN=Xsm84ej~-2!7jQzTGnz;J&tDjSS;4tp zW6(-foBkA{$E436ILa75w6fm*p#%9iVoV&8{gy87!$SH6x=TB+G7$7XQy?o+Zc7uE z#-%h&6jM=!{n880z884$y*nBoRL*Yh*tOVWPHHQR!QV=mE7QgvHLewLP~I4%F|Pfz z(H6Q^`pnT;=2zWj#^g&vTgA$!vXM#Mg?5{a@crk+hHuvN_1~0D_3$RE-Wr1waJR+c zpw5*tt@bMJ{E>g~pLDAbG>!i_?kY2yKK z!NC}tG%d8GFVucal@i#sy)wGZ`UEu>m~!hP)2i4-zutuK2$bE%{$iU*hbN+zqrbJE zc)+-(ID)dpro0}9<*KFa`KnkXF1&vyI}YP7JK*PA!41}kp4E2AG%JyZy)$QN4mq_`T9kekL0Yb%K6z_3e1v`TU+l$ z6et4Aaz}HzEhl-u5cba{J-wW%=R7t&H><4dF2H>+)%YkXbJ21ab$?E8-(LrleOvv5 z{trt`5UeI+al|jg&HvP?X1S=&nm1Y28C^*w?{E5P)g0No^}J4k?K!XHe0bP|E}ibx zPJUenY3hu1-v3#_47|!Rf+tn8f`1!e8z@BK;;mfD0D_s6~-5T9G@n4D>h{;WSpcfPIyIPt! zm>=%r1R5PDNTet-9aGvpfmwSn*5 zKM*Clp2autgdeb(l)K*e`d+cToSK?fPc*Oj-TrVR<>w3`{F&46CAr*Zic~%koceo7 zb{;%dTDF=sI@v}QeRZ=EWy~*ceVmDVTSJ^1uBaY?QX1~3oYhKiClh&r03wT!#GLzgCI!h%7Fm)okDq| zKw3plvY|pdc8H={P0W!}WTA`hV9jjni3MnHxm7|;Hp3;!Lf5XS>sm^faz~=ieb68? zQscw74G4>*j-$GpA8S70;oHqM)XN($_Il1rgzvyS=F5k}A>Ps}xu(pAk|~ofAhYJa z=L{E1g|Iz*j{+ZedK@kD1yoCw>%t%cnnz?)nTh9ek4&Brnt@S)qtRSM>hDF_!g^E8 z-d56EZ^4JfnlXA+=2U*E5#h5~1o7$M1iew~rLNsKwn{4)_M11?!*ett_L&pB@7^yo zsRpMg!CkHAbKB#;97d%x&NrCJUos6nRm)Tx5&iyIJfH!#p9k5tTxCFvpzq4Lh$w%@ zE!v!mqCC@?REauVSlcDU)36+l2Toe~Cb8+@IE2CJVD2s(5vFo(FlV#I({j}C?zOOh z8+rR0h_Qk!$4Ae@@z2Jy`iLIbrGsTXtFyR;5ym#(m{Mz-O0En|^_aoY@o~{S;89{M z`FLVcbH8|lSc>mz%_i*ZHlFk+6OBud_TK1w9O!0Jksy?E@kwz-w#M+%yo&*Br>(u3 zvC}k7PV~)M&Va?ExT;G*TUyOj8bgxFt-pk;jo$oBjE5FXZS=fO4)>y=DWQls`{86a z8=BvbJ5)i0TID=tV#Pil0hvc(bbgz*zI((}AA^}!^cE#VS5a9T!*aoxV1!KB7!4b1+Ovk$NM z&1pNUJE8?*+eWRsH9kL%YIUL|IBplhcZJWDc8a5YDJ zZA{dau?gRG58DqNpQteoeI>-p zr^RY&TfR&i_=Tu%ebP*JMRfo1Vt@+y1e)1`wna2 zE5p7oV^j;u#|mw%$C;EjuhCr7$fTJXt~xE{wfmK8-B7i)r5D?Ew{Q$?O9e@|R>}mR z$^2UhC%w*3E6*V+$rq4~Cs=OZq?Ga0G)v}+7j@g8y*e3i@}yM%X7bj`^Ri~Txicrv zubeqyzcb?jspmkb-(@>&Svz-mF;E8mwi@;5(VP$RAsJ)`gp&MCJukleo4Szlp*95w zu1Sc>&*XwhC>aaO*FOq6j~*FtXmigF5CK*x1p$GJ=~@L3yJcV2Fop7!k<_+ZG!hLI zfz0l>*}$a|PJCwbJfd1`?^oG4^U>z?V3O^G4Iaq}089l=!6HD~1$(XNXbatN**b*z z=`)FF;&Ak3r9_lZ|LE#^+~98G$7z-7^iR^R8}V7oZpt?jB3yS45+5Q^%O7Sfv1>8H zO@7H&_s7+q*ok^9EK4x!6S{u|6kyh4#Lc>Z2bDIE@LlQ@N^Pnf4H@~PlMRnG-hbe(!v4AqS#|}w9+qKQqZ)I>kpUf84yLJ!_9iSp zg^Z8VULRW~LOywz?Wp-ki^fGA?njfe2OaKD$>-A?^0&oo%xe)hzw<&atAMqC5b}0; z;`-qcLq7Le$}>msefv$S;G~@q|1AL!(+=u>Eb7PZ?wJjY0x(5(&vN3xNlU4+s($KR zz|qKR6k)RKz2oC@>}7%cQ$zf|z5=dGugvMyQ$u&7#@nYu*YVD+ zZNXNhUf7KmKB(x#s)G-HR=^kbP+DUX1$N})P^E>A+HD;uE7|E4jc2GCOca}oL0WEN z$_o(&_gsIC+xdtXZS!nb`rMxl-dr@N^ntPmQP<8oV2*@#Y3_4+bd>M4=Z$^K*gblS3*Ar%{oO=Dxv57H>$nUsaI@u97S6}hGJ zVe?_GUcEbeQYE~hRqI~$Cssl@^FJjV%nvGN4fx>e8I+Qsx_@r+&@tK$m5m>6#!BfL z-AWl;9XBIv|5}_i@98Yb>UVFe(^vk)IGp)vd2(WZrdE{qCYqhLmXkN7{_znNEE_lyWrVCM5IiH77B!BdX7=uezAzF7c z$y9W!-ryRTi1#j@GG8q;3O7+Xe{FKYe z>uE9=lM}Q%06+Crqrz%~bz03emz2Fidi2GhaM+&a!GWi`9krn|mMq40aGJ_|C*$_I zxRX&wtw`3BrW03sO=|_iv~ctNdq*3rGmT|Kv|YKDs4ow0;bWeyEK z`oU6f#m$g*)cRGG^JItp8`k}6RfA=TN`-B$vx?%?eTDYqdI4MfFvda0bTmxOtFm-O>puFnU(W^8)@DsE`pa>v?Rv$w`w6+s@ZKpU z$o()=+N3cl^Tvjq;5B}030F_zQ9UEWU3>y7RO5aAFk3-=zs2!*u*_A8bP^t^ za5Ji5!m;y@{TnIYoS7=U>@yjMZ)j}aWPLrYm76>jS+;htIX8UEPEx$!*>ELfZBf*u z4Gr~$2~@~#4?rZds^sDVjTIuvyOSOA!6$`9p!g(3v!>`<8#PaVb|f@>6HeRT7jVJ9BbzUsVrMkJt~fE6u^Ddm zhRSeeY_|h?UA$oVWosRFKR8pTbZxDk(e1{BJ+A!~M5ApWL2%tC+i1N9)%9Kep&OHq zo!WJ`Qp6AIHUx3!m26{k)|~{#lEeznS6xvFWI00x2K{}mE^#%`RfWxyEjM}G%~hYu z{1{$2c%Cl{I~4Y)C#;r<*d+Oe>0V^47T&lu-u+k>0BMEL%L(WsV;vBc3x7LU@7e~R zq0LoEN9u0pFbPPZ)j#d|_MUUA*nPd5Bo&QdmI?3Eqf8ac7yL(N{nj!Gy$?f%_ zUX;i9N1=h0;rIwgTp3LpTTq&3%(J5jpDdTv+Z$o`6JSg~h;w0p4sl~fpgn?5HE!KX zi94%iKuR!&ZJo$d0)JCn*ef54*wryOQ~K=k7cUPADo8&#o1n&w7Zdr2Rf3DrPi{U( z?B?C%i{I#Q#Op>bdZ?NH!y064xR`fK1P#ZzG^}YnramQKay4T$+m=(eT3zP-9x>N# z&_Wzw00GRn%Y3=6+H!M*K$kjqPXkjZnY(ZQ^{SjN7x?@D@J267U#Z<4)q0i!fP0pQ z-lcbDXElW5B~N};z<7ps9n2@k&{b+#4`t~Ew_dnEFXroVsKfs5QDS?!y)c*0ex8fs zEZ3ywUg5n1RcoaQzJo&pSadqN(*0Sc-xSf>YgZ$moAN>9p9KN!MULJs-x`<4oA2&w z+%!5Rf_B*mOK?*{FxT2dEn07*ml?P8v% z_D$&YPPs`-*7AN>xR+;fbp*Qad-tzr}hGsR=AmU$3MA~J$e@rLK`~i z3y+JzMTOikeu9FWSdoPkI`-ri=Bfm{3Pd3y6T%JhM|c2vk{|Jcsy6XfoO(w%h|q*a zYfX!ClluIt!HTI{`zYqGS0>F_wGv^!41ub^t^BS zyK<3Mm&Fex6y%jslX)tkkC%P-5EG}Ji1B?TrcnLC?5JF>GY>M%s+TovDnRCAhecI6 z?Do`ixVhQ7;EtZX7954&_8IUI!fB()#f5*6>W-p8Ty?I-=Ie61Vya*b%`4G1!u+7EZ^yCrGMCE=4dr@rvci10FV{_#b ze`<59PuNt9dVr1j=E#{PM`tn(-msvYC#Pbv2~W}XJAn*x(8J$Ubs@Dr9H3a$C z-V6iz^9w%5o^tVS%~9VLpWN9>b>*bRq=r-eJS)U!dp|7XFI64>>5RK{e-ch4TxGY`Z7I!TH`WqfHgx&b+Ji%r~y|RO-<{+Co;$S``TG_dZ4R8M|Z^ z+h;2&4w`Wv@z+%KMMQ<^EZhd%(yff03Fu)@&kK#sFF}T6cM7*#`N*ci5^sS}t6SkR zfzp5uU6PBw?BiA9+qYuwvm7V4xyd@-O_pk&D57Qnc9Uq=qslVKL%e)3SE(N~`;9Aa zyy6ESEF<|{Al$?F<-W(WghAs+y*f8m2mEfF9z^eL-GZ*`T)rgk zHjebtb<_Rf(1@*{;KdIganM5dH@J?(xA1GjDrpaH3hMI>=9>Z!@=i|U6K4@(vUK5x zYG8P%P>!k>z|70Lw$*@^ckwEf9^RCNghzK03`ZE&X}mM7!%Jm%{30bpwh&$x1bW;p z14xXRwnXS!{=KQ5Ig`+=#42}mHv>(v1f)2tzg)hg62esVZ4#`uog~p5D=UH^?vTqI zTMbj}btzlAAL_d|+QsE&YoSs!9ib&nanHBDQ1%L%g533wMu12RAvgDtwjaRmVb8^H?|l)fk($JXJjANSva8!(*OI^3Xdo1) z1ePK;W>$=;OkeYn?DtCs*J_7ce6K&3s$QwP08w?~ZwrWeU?7+n8@|D}ekM$L#L2lA za68*srNynnL60kQJtj+oJugYJ3jX+mwh83sOV5Yl%UQ@dCnjgoSk3_OF<_(9Of8&uc<_(K*uFLYie$cwrZjFlsLrg*g zWMExKHCwf}l*Xy~C&Tkh5b>hteJCeN;O1cO-@QyHvz^C96+4sR>}d*{(m*CVHwD*m zj1s87snagjwdbr~^Vvc8mPD?e!F=q&ZLNNr#7wKKyycWTly3~z_9>=R^cna&En~0I zX%9#m6+8t{xcM;POIbpZ<4h*tp1h1G{kC$bRHiq6DNG6!_T(+1UpN%JpIKEL?b5Ge z0|+te4v&>EH-7lBuBNW3N5heFY#nwu$bVAjl~v4;#Vlbp?ZMA%c6Dmklfq!_;2T0g zUh1{7k_nJ0*_RpzkG6&@OLn}-VchQb{(LM`1*?yWrKWo5 zE@wH)d{7~gy^+}l@UutBG3HaK^?Gu4_lf)i!h8FPHtXhATH4&&&}%Ae0cxs zV1@QHq@@Ee#@_KUzYWy*@++bTSAVmuVc2DazHBl~in z$Ipd>mPua131bPhf%RvqCY&muUy9_7CjKt+oQ?4kDOXnpR0_9_CiA3SVh-bzGUmy+ zLMO%QFOIRv`4SGblIZoZOxMY3(w|cW82v0ckxwK*7^tW^^X4by(A6;LYR(87W+#h= zDQD2ktF@p;jKH@l>2w&`sAll;kFn~A7z79&4q3L4u#m5tVlm7)i3fE{6~jyne!>_l z$d@8JI=|oy+N9@D=I=wX4H{OLbTEmgTBAW!vWDZ}2q?~v|Jn~`1-3M51vfY!!m%d%H zIVqcSUTYRup4|c7e?W*yVF{pkOz2=}bu}YYxFm`} z#qO{a>$V~K+xnrNR(1fu6{e<|>;I}z|9neOl;t^ko{!*z{)3y*FiF1zVn}twny0adw@C8BF z$8y|adNd$_C^j+ChkQ3E`l2Ik&qnB(EdC` z`^e2{?EQONoyQ9pp^mb_us3|AN}e8gHvhgKXRheBrRVW4b79u zwl#8oqpx`zu7@{jlWsQHd-q8HtH_)D>V9)xeS*^q$i@4=kSr|(kH3qICk|@ ze}ER_Vcq!Y24^#l7`8c+(jxmY7Xja^qmc;F-)&B&;tWQ+bM{<_M|xb4Ir@Tgc@{0< zOxPObGDEbEcKxdbfGohUmjmHGDe_pr!uk|gZp_@0P)>(I?&S>IXv!mUJM<}Px>upW zIxg_Z?sR=mO*@nnW@zjvZZJ{w1tvV>dZ8n)1bOY-?U73>hD>OatcRs&X9ZhhSo6n{ znz3U1a)(0njd6C$2Z5CS3{DsK?qx`LflLH4mbE;zcvO>57|s=kA^r#mXjFgeCucsw zujF7RL9$neX^E*=$*z_w17vP#%!~Qu?zu$h!1Jq6A3UIGBG^Y`S8J4Y4~KQ%`hNd2 zX!)Jx46Mu3tGUhvXfP#QApnJ5mqZttj_0{r%N#VhDe4PK|GJ>b$-1%PuQu6nL*uUC zda57faig1bljXE5ky8OLGQJkyA z?rBJBdPX&Ll?viBGBN#QByijN&*E7-T7rpt#X>oVpxh~VlhD&-TQ-wNgBmr&3a8nG zTc;YIJmQ-uyjDA&YumQYIN^49-tS|y2rgESY1f)gj#PQzRIdqn78sqSQi_W&30l_7 z5wmGTmH%3>I!hn)=k3?H8-Gb0*-JtyKNbR#mw%QNmtVLruIH#`Fde&t(}9SNXT{Js z85Jc7Fh3}Kyk#Ph>t~CBF1%kba{&kuy86;(z4*Se;NtbD|3lVWheg$O|HA`_Ac%+( zDiRLe-DM0Q-CfcR(j9`50@4gEAPqw!Foe=20@5ikbjZNa@gBhYzMtRw-G6X-dCl2p z@715R*IAqIjO#l&f73=QRia!cQx&!Nhf zLDW-C?w_PAey|aCu{a(SIrh_w9n*hmQa!M}H!bA%L)+D4Y+~~x((p^YYU!cPp4|cw z6-5!GO}6f|J6a}hOTdfsJHh_*#!>~IhOM3E^6Ko~zKzrG4NT^?LTPa&^;Qz?Vv4o> z7%1(PjI#CdCIeSk%G=YHOn756TMe9xW^VyFsJ>H)s zv6`gf-NCk3t<=l-p`g!rbQbE?vFX% zOk;=hjOo>mkJ}LZuy)%ZK0RLji_J_^S_X5{_hqlIr%cg?(biaH?O`i9r(y`{ zEH>n$DQB{rs`qsmsE3Q!joz}>%r3Px?f7Dj;>)K6gR`u&7{UIjn>O|&FCoqtM5acS z;Ad`ZY+fFBlJ9|H=<_G+KyR*sp{o(yY;;v&M-#vp3QC<|y?F%sxWt(yd#$7byJc;# z&wZ>fwA&tv4+^JWW#t16b|`T`Zia8zRdy^MyRgnZ27n(+!^i`q{wp?^4FO9Q&;{aeiJJW zTFy6fZ1K9)cWxA-ayVslJ8!Nx8wkcwtelxG4GdYm-Lrvc3<~WB6<1*T z7ba`GVS^bAJA=wX*mdp7u1@r>MpqQa)na45F`_BzvD%Nl0LTh`Y^y}aOA7pcu6L%F zDJ(z+lX40uAG_J#F+(m;2%rkaHe-Xu0z^8lnAX?-J?ZIT8-x9P1aw0f9($w8{B;mv z@XY@uOIbIFn~sk6VKiHB%D8TvzJ6tB?8B7v)WXLg>Tm!qX#e*rrkhtKrC{PE-jql_ zFI0*P?O)c{kLn5Sza=+}rU@BbP(stRmGua{+0hx{l{;f3VCKd2-@b~Bk1OE%v(~BO z%;6yJe$c!j8_aLm8N*+kkU9#jh4`vk>3Vc2TvOt~i;4*lwp}g>WU05$qjzk&x9Bw} z)vg~L0^%-RMj02T3zcgjS3x$eDgTG~0VcKR>|X)WdTZOU!QR?7!qvOcTfSJC3HN>O zzv$B)VAg_Yji8NVV8HeM3JZY;*3EJW8;JZ@l^XT12?p_Uo-DU5TLYv=f9v6#3pdGy zS5Uqdy!%{<&|c$4Qh>ryhhtpXpu|E-zgEd71bQ#Zr$8aB@;0*-%^` zwW}oqrCBra7%e4#L>m4+eNoi1fqr*(wYja6lt543VH_=lk@QzcS0X~*h8X5zR5{UG zBoz<>4|;=CsJ8?8=c517yv3&R>hI&TP7Da5TWH?#{uiX^x86nZg6lu_+hI_8Jp%Gs zY)nQ#T?pFS0zoeiDIk3uFop5l^k1E%U^=Sze})~v94epKX^r>eSKtD~prx5pV$QC`elnXaA{sQ8+>1mhE z(~tokNMEa(GO3J6+=4??Kh4--QFJts^(QFR&!fVhU;ZT9kFI-;`KEn<|TZTj82Fz+7 z`xjpc$~Bo|04t*2Px}T?OLKtA?!utEAFj$|uEzz_r3>0C(5)AWgx!YmLtK?A!xh|V zY}G2|*zL6P;qh4TNrfaTBy?Zy4O80>eoD)^tOhl}sKtI7@EZS@BQTCx$v*S*uY ze=EEl+#55(*c*dsw!{ArfPSfrchvDKxGDfs6AkOxLJ*Y#{KjtC8VnFWK%NKzDiu7IoeSbyn#@_5xavieQZc2L^@fjv(6|;%DJ8`}9nKTndO>(=(5PG! z5>6Qgrci)56D5Pel1|GeS5`fXw0#p1Us|20ah>GEz4aE*z}~d+%>&T=;;_V`Xa86* z2H{1S`?qj!DOI$9p9G;{n+dTg5j?(s3yuBO3--%4a((a#Q=ti(aB1<4Y0OS)O@Mi@ z!I;s1I=6yfzvnz#ze)A0dOPL?w7%(*f%u7Q zKtQaCz1MZu^mPwYU>u0*kSw*DufoasTA=*fbiAi9xV}CgD7=3iVRd67Lb|+g^5FD8 zt-8}?818@TMgVBINj%6s^{S{c12M=0LRRO&d9~0fR{$JLm#GKMv?m4RC+W# z{f7?8-x*+!H=h8pz(;q?R(5`q#IPUil76H?(U)}WD>PX}l|3MCAnyjIP+M~72ib%{ zkzrRPRh7e{^mGP=UDtoz2=+!#+?XN{i^woE8sY54j~f{l0oDlsD(T+wb{iQAu@UIS zXLf;9^QNw;d%unWrWlvTpgw^PGV8Jaqg8*&Ng+-gh4Z}pifY#bpp3K!9tKeLTA1w3 zDnj3)PD|To7T>7(`1ny?uM@{G)ce3l)})MDDxf7lF$Cw~77j=x_{#gxI%Skn6Vo7o zY$0hOP?>hZCx-y?_>*Qe|211WxX=PM1{%VR4t z>)H6@D)3j2mw4)69Cu!BcbU~nE@qn5I{+qVYp@TC^wd2x|9-a}Ca89O>m^_lLZ%zx z;_Ha&9xzDHxMyQbRZfEk!+&WIH2$BuNEK{+#$@3E^kxu|(#R;%> zE-nR$Bff^HUOqsg`&$7QX=iXIB5}|O@j#o?|3)F5I87bYt2Vfqm+wnAo{q^vG?dXd zLCoZUGhRw5H8-jRaP!`Vm)o^uufys6Z!Ow#Gzjj_HjaNbu~nLYohh;?E!cguXl1*vxq!QjaF<~FOUw z+xN(Md;o7D;%PvIz+UJ3FvPyB-3GP){Pu6KuyYeOeJ7X)Wx9`NOF){sWzEC+%e9En z+*JWC^8j!;%NpeT;VO*08qo&V-+R!6bb_({xjNUb7#cQ*lC@E%#s#VIz*_b7ftLt^ zw8lV>fMD`pPseu?l|bS#K>`8-SGCvqN6@uR)IPFs6M?cXbOl^7;s1EXe}B&cN`-3O z{2sA|V3B5nsa1gfSlqswe_KUg%v9cn7f5CQCpSFTp;myq2|?<(EJT#i-pENQ{oNEH zE-0!H_r3@avckAqL6nwHK!9!gC)6Unj$K|jOWm6P0oX1u@@i977(9h$=VQu8jR3DdWrz6V1147m_m%Q z@vC_FdK~{<-)hCJmb68r>oWj63;+}#?Zs_j)B#}w!RqCZGnt2%2g`p#VSg1A=HDW) z!2!iz*@`S6QvFQd2nUSYt>-^)jR58?@9N{4LiA5$y#IHBugXD+Y1h=C2dF`i@ovh5 z0CX1@@C+<+e4y86lCb{uEysVvDCIhKzXR4L0woV`U9&gC$^x{s0cazjXqTLR`xS*~ zicekt?~A@MV*Jzv*4l-IKq2*ko2V_&y*$p(Q%&_y)7SOYa|Ns9Cq(Terk=>OB2ReEI!hL{btiS|0 zD{%oZreHd>KN+oM`K|kZ-h%c<9A00UFx4v{qIz}(VKmra*c_M2OZMDkT~oc*_}8H0 zO7)k<{%&7@@EU;~gGauWUI*%T9w39nVw;tC$o#X`Ku0kN7 z+5oZ?j`Z{ZlxSiT@qrekC{Q)QR#5+Jtsa!0MM;R-LjT8Jk{%5Ku}M5-#mw#J`|N;q zpfKT`mwpLwD8xeU5{N$estF7bGolV+IAu z&o-Wb^jH_XF#man`3>}IvpYc6L-p@R<0F$Eri3RWmr+PZKn9du^ai;>j9&j@6>FWpX1no)|=JwX#Yxxh>&iyqclwryAn$E5B?8;!I zfEh+9wXOl1Js>lH^`TPZ0-l~>^Z?-d%|LQqGql2;8tu86XVA6mn2iB(C6AW}-Zlbd zP#@ipIQHp3dmwc4`}{C$N;;uyM^3~A>_7StISB+FpE-a>3eD&N)cv2jd0nfUi4qNg zKi3rES_8DU+m^F(uMPJ`z#DA9ie#wDCF0@vTd2VGaQ_j5$Jb(@r8HF0h|(Do2nXhHIdb~w*#xB!K|9!R$v;t>FRqXWo+WT=zzfMrLM_{$}Lt~6VE z#My}rwovBve^`pm``CYZ>B{;t6go7@ctnr&GCc}_KE9%x-Y7Rn{fd*$MVx~E-0dog^$rs-KKAtT_yRluoGHcR zu7%}dlwn>8{r|IzXd7NoKuYWD(5^fHsC`FmA=Chi9$@t+F-J_<<<%$;h_|8t|4-r= z@d_QZM^|A;(-%!zUL6`-P&812BsJo!HcTXk@dp3y|Ab7Ye`Re`9h4=Bx@M#lPnaPP zU92eB0GWxo!MoV(%t3~ru&n>FYJZi0-jx(I*bWK|@s{Q|K)xgy@7)MSl6uVGToOqB zCDrxx@0Fgqg0gz9ei#Pr?HL>EwN_yU-AV)eT6FGOMJWb=ivN?z+0Gl8OaZLY0ecH2 zIKybUqJ5~BsU_>lQ}=l{)qZv_54C^6C&9JQTiU!s15x8++`Z!X!;}vjKzNtz<-v0; zBc;9dx1T4{{NGnJ%-nm9d~_}L{2pP(0Nze{R&HU|v82I0qX-059e@_yjGGi#M86#u zNbAaOh>G(79&ZdVd^Mo^z`hf&SB3WwF2U(jMX)x#!pzKkq{h#{D?KWIo-aoui_GtV0 zsTP=C$2U{lL{@`x7r&u3l>#W#E-LHRt@b!pojQri(KI_-HLB6|Eu7F0JI5O!c@=eg zOI{^a^p176_4Th=PzXpL8UP_{t^b9P#ywsvocDe_7PFg%+ZJs1-fNiADv%0Rj=g8A z&uy;zradxB1m!&NBwD{PI;0CLKL+#9*9u2CkabZiSBfxNMN}i?Y!31P*^V?@+C~r+ zSNzZ9i*3t(y)OHQiKqA;J`%q}YRmdw;Yy15UY4y1ab9G94+-&(Dh&bYvL@b80tiN6 zML7BoCtTy8&CUu~sWic%8~CPaNB^NVeNXRF4DS-ux@Dm+^Z}vyU3j&eTLd z-wJAPdylDa%b~u!>~MLwS5B(;m>}A|LK-A2e>LNdBFZRf{O=HHXTyS>#~AMQzTZ=Elc&D!>0qJuc2N}(dIeQgLS%oHCHq2}bT#hrh6 zy$OOsR<#)(fOxJ!S>#npu>J}RcPk4D7k0#r?c^svBV`0lnC-c;{9W;q&nDtrayxDB zLbmBl5mL0${FsZLZ2|MXW~o*Nev@amP9I{$wA7&NV5j!z0T9(|nu4AjUXeoya3J0@ zjc`C=fbjg%qW-gmAgKLYZS>z@@rtUho}CxCi4;;_cgla1YotH=<=)jIn22xxW3n0g z3J73Jp;r)0L&Z3hJ;9%<10O98*JlV8sYIQDh`;ry#brvvhIMC(g4Ttf@|9lKdE11sITH7}L7?O7qGG%_-?VOtA%0fxwafW%hbq zBb+z5^*^h72qc$w9k$Z>O$QLcSr0c7cjbZXHy_u3fHN$@%7Q*Uv>y!mR_5+p@~9^( zB^db9Q(s@`%6453qaGdaA24!M$G`_ckKURM=xQ2}EU~ky=-)(`0`{gU`>Ur1Q8)VY zpP2CsunZ+0y-^pC>s6ZJX5_-#shv7=eh>7^)SbQ2?CkW^K*@^$%iyDFx!1A)d|d*t zhYisWYXjt;~F`k&5%JJ-Jq=fnM7DdQB%IyX*GAvX z7KDVX(wbLm1KE_@k09XrSfKUFO<#Z|p}tWasju6i{fV9)$1+3B`SK*7sJ8gNzp{A? z6jO`)b;8u{$>FccIf@?mS-$dd>0xl~$9;JzV09wa{vuePRPRy!rE-5GoShjkc=lDP zPeJ6+%K)ms`vY9}*vftdU(nq~@PfGPRBgxI0#lSUFh^4h`F$W?F?7`o!a*)g?`ey| z%a@Ptcoq3$2VjRSfFPKJk~2EiX=(;VqlML0)fPHJRj+KBMn^+OwQ5J|=_14EISIAU z8NKK}ZXQMzaZ_UxJl6J`i}Gt*nqCn-T#9@jyHW?bWKsT-x^CQIw%i2IdD9)oFV&`Oh3F2A)MAY|NM7FpfkSAo>L^U zwK=I83F9u99Ij^#Y%<`R!_Rg{1FZ)_f}Ihn`ue3X*xWB4G*CWPpRKb%u|_G9lZ%&W zA|Ki0lEe8j{`yibV8--T9}j~_e$@DP%U&KC_*o5=@2vj=Hqi6NXa|>&e0UZ7dQD#rUANvP7k?UP?N#(~|-xFSkzW&j^3hu=L?c0zt-thl8f?5(?r zV9E{B0hFSDoG3@+=-}}6VOxml1&&BH$5+V*vSJIl$9TMU`oeNy~b~E6_ ziii>Q*@$Wi7SVJ{CBNBe^HGH&$$DgRmI4TLsprU=64E372x!uBNieX}t0QLYA@!s5 zQ;&Y5#-H1UG6+b{k`eDsTR=dnU&d<)#r%56v{DLBDA+}B-uj9N59|}i^mu~d&2*=) zUlIK_$X&}(j|?26nhA940p=`%qnr)&vmEaf!tF_FRHY#{KHjze@BpmpQ6237Hd*co zIa}9%(7ttSF`oV;(T>AXay)euZ-@ifGCL+93^5g9S9^MX?#^q>wJ~CDV^-<>nt`sI z@DSnCu-df*Xo#?|ilYag$YI#wUH-P=G^EB4Zx+>O?ZKfzBjfXUrrXssYcJ zYYN(cvv5>B<~VhssUhQ@N5J<@H{lceC(#Q8<@P?z-OV(C_ zADkZirYD5t1U^prhjAf_2uzUw*h85p8OV^Ml#1IefIaNPJWd84lx%?oNTZJBT0BWc zIxuVDO%EiXUk&6d8=xWZbj^BQuyTkJ0@MEz9jg2S#i7R)Xej}H6@R$(U9BtRwT1!g zN`9_JCJWiUaNA;gp)3{P74yw^)Mh6=e#|}OXf6;!lUtf@w@z%eUt2BfjCiuNzVPeU z44Qj*8S3kMV4?HPFLU1%!ckmN_cVg#a_-9zqK2Np8NNDV671f+T0JoQ`EG}|$H)vP z*OP!?LcG9t(gFEMbhx6r>-LP715?5e7FOb*i>AFw@yZF*ekYK_o@g&Q6)0B-(F}@S zTX{dFjlXWWquW2g%xX6SlO3p*X6mlyQsw14g!1>b{Cv)}`5o4vseokRl7^OL;&)hg z#KkAf+!ZR0P3~nQCgI^T;^V?k71ZWp7Ga?IePlXA_aO*uiD!tv(=J+f|MMYzR7uVd zG3{B6yeNjJWsrDko$k~4H%DKARF6*5Bd_Z1>AXC%@&1P^;)gMELpVK0^)bu2ECGTI zHHZ1Uq+xl-vmwO#e%`pv)C;TODlZ)c1 zoe10-&*{m+%E-48pue*85Kj1el9y3QCM3`}HMr+csa|NGfZqUTo@Q`dHEn-E@y8I( zd%C@^e-!inZ3qk_g{ppjRXnusA~!?eKbH6+T);(NozCPKXE{3N^=C!GJ50rWMaQvN z&waWX?n57~RZiFthqoJ*C(#)U%Y z4G2eoE^SF_w`<|a#Rkvlz@@U?1H`7C)G?J2<t2UX5xp@pB1f+s`wee z$y+8R@rUp_>uu;@F>5y*&Ov8b$wFL@;^l*gUIC2IVDE^3!^{q?IU}0>CjkA4TBY%)A zwMe4=c1fDHI4Fn1@U|&u>qpPmla*ygyG(RjsZv3&n{|IgKWxr~lgA`zbi~r{Q-_W5 zS+e02$qeZ~QV-4!s{5UktFTY)rCc5&3HO`4! zc%@6t!K_J{F_tJXAN3%yP>r`y*ges%6LLYt>j~0 zRe@O|l@00RlSvYlZLF#^H>Yb%`whi8);_q>^43(FWdD$AaN99NCI{Zr^6(B_8i{pX zAHbCehUt*tpiDSzV>-O;co~ZFuY^#$a1OQ<_A+`&UKzvrAt>|3s%OJ$63)W+%9MI4 zkUaq(1ru-l>u~!kXP|GOyU1!&Iw8ZNd|W_o?184AUsm=NwI}vVTQiA>keJWX4Kzy} z6m1DH;rk48Fs}{Et2@r4qG#mTaxGr}S(`KNzHus``|w?VLt}(c1CeB#`Ie}8I#Zvt zY_N;v|ruCE{qkOLlb)E`O)x~A% z^=q~3OeU84_5Chb#nLMNf@Jz*bpm~HkSpKzrUay&U{^r0bbVSSBRQ9P;hku-wx(1Y zMxo$+#hnboej5{UIwdy05%$2YU)r$=iLur`VtL7BAxVPNEKD3D!nL|0o4%2rc0~%> z$=XB6>{uIW>1y^yKV=JLy_gOY9Tw(OvrX${?tZe0`kcpBiQMN?>q1LK)N)+1mj_JL za(nc4t2r}D3fhxfn!{iR9~!w{cH0;U$cM!2U*Dy(9*CDmsRr-OVn%Gsarzz2T8Kljd6CLWw zspUh1cjcOZG0S`9j6NwB=6a;As}Pc|DKHz=IfzDqVF5+jdPyYr@F zcuipPQN6(ZXf4Ig>BX@x;@^wgQ!1@+xtJex$Q`Q}JTQ}kK!QqHk|sZXw#Ef>GR1Vr zA17GhR?0J~;u#a{hH_ULlBN|9n`!E4R!bE**^R`Q{lTdlkxgcaR;Kz0(*yoP0%FFT zpd3Ekq$R~=v6@3*8CzxL*2PC}ITB=C`phqCSWMS?VWaFbsDJaVgH6( z@!NgdZnLhTI_OT#8Ce5jr-wapz2X_mgD`a)jegr|L-dH8>S9*Q1XF~SR1t5nsp~uK zp<5%Stvqr?DjB_7w?@jw=q!`Hv{6z_u%EP+#F$w)9HN@&aBh)wI~BL9C}zGSS9Peg z^{{p;+#^n3SDUuHf_-yl=JznZ4`9^m_(qwm*7l}~rN~5&Gke3)Y5PQ!mK%;wKa9#<~{eqFLjcqXKbp}Zl-|%x;s+8F}Ukduj}gN zR)p9)hfiu-2E}8yKbs4t5KGa0mf%sZRjRu**S;|UON~{=O)RbV+>;M_`T6ep@*khq z{?#AQ2p9-^GHPe3~SRD93CV5?lYq0FkFG-S=cqW+)|x9E0fm*UooYO8xHg~j47Thd$KxwTcS z9(LsOSYG{GL)CUDZt?@iubAB9$68u|ByiZ<4{=xInv`?57H(aVrd1{4437{0s_YO} zQIHyD{J48N?Ii9=!;?LTar((4d*vZ+bj^{V-_}pBWgh;nN!RN<`_taH8M4bG)0R2E zkJ|i|d)<2s7_?76^$?<(N@0ontHZD@M&V+cGh@*PG9g~kqzT85vk0CuwCV_cRMSa$yKZ_>j6*=uYFC;-b zi&@035_QL>*1l0kK$Sd%aF6mZHa;;30(gTi_qG8>n&9{6)vo71r*cV5N-C( zs=u?+G-a|!3F8N+Kekgl`NKhgNLfEPa(Gc-g?4d{Hwbaa(n9nqbyqGD{STbCaUTs3Dr3W;f#oV=^MY;z@s zO1^FzYxeHaw;=q8PTp^kqu(Y6wM))ls!(Ex;KFj-KG`7)!N2tFLrA197byHWR+Yp` zNp5}bDLiLTlsX*AJhhbiIXyxbBd`VKWQ`|NQTgb^Wdyi=LW0Zk4$D>$8;mpJv|r1b zCu#vQSJP^C_hNvKrE?lPgXJ3V%tt&tFyH)Do-VWOYVnn{=x?fc~ z=h7%tCD)Jk&i4S-Afe`1=Qvk>B%mUgUKdlp(uH9=N<@^H?K3C)(Osp}Q&fkYH*fik zTyv0kC=JprAl0>mf6=dRNc{Y~Cfjll}x6uc7m2iHx}F1=trM_{91@8KuVN8 z<=BJ#-n(=-HanR8wz%Af$x!x5sMBr2O3} zQdiAKdE)aI?WA%IYtK)4#Acf#+AOj|BhVk6MP}IndB*DnzCf4A`4$+9<+A#+l5I)x zqN8dn5_q*ots34irzJ0IWH+x8u~xg<_et%74{90QY^Z^P-1Hwr4q8@*F{SG%1*SuB zWZFZ=?jvP5>5(3ZHCBc&nIZ1)g>u?jD5+jm+@hc3&o)x4tXdfb`LWmIs@9_xZp$Yx z|F+ygB>1v4HO1tbYPv`*7MKQx$ev9hp4JsU$sOy9DOguqpRV58ZT-zsiK|)}ZP`|9 zKUFbWCOHapm{Xsy*KxJed%F{@%^RbwiKkYe-bBxw9nYfHzWX-wF3N`Rs|8WVuA(0< zr}jjB#}{=0ltbNZ@^#5?Ds-gPW#|}z328-eOjJshx~MJZ;?O#irRVGqqPlie{LTGg z{$m-krHUyH<9XRLTg@4GW=9?yY4(0~P!Biay}6IfN-6#J5_{pFOGh@HJ_r? z%N5~X=Pl~K&1}#uExVgDZvLw7?P#J-rrbK!Ma(#f7~XaiM+Faf|;S3ok}L>z&A}e zLlzP%QB%#$N14^C6QtJUymg=g_N40y&2C*@t;9IrbR%o>TU%aCIG{B}D1)B}WbzOk zyIF2;S|rD5yCaqtQ{kLo&If;hb%Z3Q0`0=02epLoJA4kc{7o_XCeL|)-qC6b@W`Q7 zrY98tj>EJ!R*p>aFugPY&mox1@9m5=_=)+kHGEIOay=uMGkWv3H+k;(EQCrjgFoug zwx#kO&V!ed_i$NopDwG(=vIei-=k2l5PjoJ!c|SO#6Z%@Dt$(G;8da~~ zgK{b@d3{b1r$WieF=Spj!Au;E@+NN{b3Jr&bzCKyCmC<;9C~@)kLiDVsN&Vs*ML4C zud2gJ^u!@t8!9BXX}`0XL%h5+#!*UHDND;iD7{yL_ug()l%mnx(6oSjG+U)FR<-=4 znc@j^@!0pn5u=ZCa>d?LB7MG$#NjR`J!fVC6$kx+W(tbDsj~2%pC%?pJU4CeI7DOBZVELLL!5CQcc-_Si+QiY zuRTYEf#H+X7v>L~bKjC?R^nr6S-;>EB;~0r*%)$NxX4c8w(5f|i3eh6HHhJq#rLFQ z-vW>r$}L}~nxi*l)nl7Y*FWADms$cX(@;oGFw~~)|Jk3e$xIwf1whi`{##_aHk~M= z?bgDcYPY;14hGJ;7`6nH$GaK4m8&%tsoB|{dWu{&tJ0{PiE(YhNobA<;V0Q{b$U*@ zh{{x(Ahwizx$%$>i@&~Wd)3sd>Fd)!aH8f6y+_wN^mTm9c6I+5Ptcl)W-_6hlLnbe z@7u#Yc=CRZuDs_1%h09^6;hS+-xu$Ee5~;*$thMxUNi>iM@d!I@bc|BG{^3%K2v(D zFJSq@Ry!B^M7W#Ck%se*%nDKLZBXWylXK}(dP1pfYM$qOXrL$WOKZa;3n*EI8-V2B zA7Y2SawC<{sw3LHIjqoQK#tWyO#5vy&1l#8dX87@%mCkpYYu#S%S0&kvUZM)=jX`8 z;C^ErU6@Q;bICTBxwIrMSKtQ&{q;@LsiE1UuC*L%0)>9reODL-w{gH&H!eeptGEKi zTzYovg{6~;Iop(7TFMs@hBXnhW?1bEelNzkAkXRcn2wgfmv16Z@h{T=C*6r>OBLM{ z*tx~VTsVHDHy1T~n9xHg(^R)GGTQUyi>12!+QE5wtfbet_AXT4cKY$iWH)oyoMFE` zfuUc=`H5|YcxAowZiQaMnyXSdf6L*-K($6`gPnPQ25+ez6IN_SEkux;&uVOW!XQ>u z%VTYzncTOwcqLe+QDrEsN!QKz*YmN%pauhY`fQ0z6W`%_6?EQzo#p28K=A5Ia zpI3McZ+k@zg*W5hd85{t7h}y-d5?UQ*z5!nmts)kj8ZFyh&se!sZhf9&tU`rL4YtO zy)pUVl;UuEX28LL)6_2aba=Vzqs`#>XWOK$`a{Y??KTx_+}0+v$j?(d4+bx1tp^C5 zYj?uCS?CX)D}OCIe76^Y3XTr{(zI`lq!&s5acVpjk>T|H`}F(@n-^d!zEmVPd~C$~ z+Mzc-omli-&9~6cxC5wM+tu+nadj{uKRr2}43qexg~u*2@zCG!jl2ID;)3;wl{W7GK0&^YTB^7^B#{hDpf`*&umkIODt z&(Tw@O15Ugd!ZtAR9r=sv5isX*oXKv=Q_JVp*c)(A7GB< zqS24yuJRANgSM?qbQmnG1eZR~Ok4SULPG5Gg}z4ZrBmT|;5*S}J^1Xt^6sm>*cQiG z+9+gyxJN&W)6!8}DKkSPxOLgVrBAMiuvrp5?Aa3#`*;E@WGzZSCX%+gZ8Td0^zd!- zrhRS@m7UjVSQ(=A_IpT;n0=^jV=*09;nC_^PWh|J{D=&78pimK8G9O`iqn(b&YSm9 zuyPMfQwSl_#~s1q1;Fq+S7&${kAWuRGqBHWC75b26GC58y`ZD>$Ydq{{OELxjl@;R zWsP81?epuWOFPdYSPIm)4&Qnwsj~aNKLr#|$zg)dEmHU5)luoILj(?DeqLRy6nkiK z?bjy{Mbzzq=hnXmC!#BcI5W=qb~?7d>_p*i4)VPn-~V9EmJ?Q_N563r8L!guadkA? ze!gr%#%;QX3Y_)pr&JmpxooWPJu=c?b)5@b0|`X!PqojRIRfiZkGS2xpV=!=7ficr z$9M`jZ@(v)@jkg7sRcim|Hfn+%75NB*-kaLHZ_rF-^>v{Hg{CZ<6w4lB0hYI+Me1< za{zjtI-ehR45f{ndos^Dc?^FCrak_s>8S;Qc(^6qz2&kYV%O87f?qUnEmMF0JU8Zg z@TcZtTnuQ)k2iPQZD;aqp?bfZ;wc6D?sH3M)iNg5fgNhmzBZwx$@93w7zkMk8Y4#b z?)d8IKsDrpraRhGLmns>#@PVXWK~YJCem;Sw`<7MfWd(>UPxH)=%AsC-Q`ZBJA7)Q zt!-s=`iq-qb^Xb}V)vc`xk#F(D%ftzWPQ`32kt!I_KH;_&)z>%n2W*9e=gcSv=ar=Qk<;V<$i$rjw@g==B1QUCo+YG*mp$;h|!!($BoM8 zVu}-q*+x=>KfIKJ#J_saw6V`j>~r!NpTKtF;Y{BtaK(VAsd+0MnCza=&jH`*pS%X= z&e+hMRyH59KWr!0ZT9pnu{OuctlrWhf4br9 zQhzpKD?+&M4_ljbP6yr0{DPc48gs>N|0iPpwMo?38j)fE(@PDAFc*|;A)5qp@!t-<=NWG8$=DWl_AP2yN5e#n@CxjujZ71K6lv)q%FATUv5Tq3$hhfe!e4$x}G@?4GPI>-K;A=KYG5KHoUDk2euF_P&St23i zu@&4wEd#N4CJlLzn2@{I{54aNu~~EV@;GWNguZL;U9VxvlMOw1`o*`lN%KbZjubTn z3lT1jksdgdT8u^522~&%9F3v#Q0e3wULH+j^Yl@Cvwuie@6-!UEA8>w_n87EY9wQ} zA~pwy7}FTSzzT&^*W{1rH0%%&WH!&r9I6l->oFxI=ao9nhz#v!Sc}(gF2(Kf`vfkV zL&>>Ob8tGx79)H8p;^2!i;u^zLWRGshhht)!*AfZmlCxS>Jqx!H$=n zB~CeQhJbGtSf*(eYVTs9w0 zu8<_`2q5S8C}3JiYXhnC;*bwCmp`l-8RPFqf0mv}3^@v_2lSiAx$kug6G5n&J&um1 z?zd@`gfAS4&f@LOjq5-fP(h&+i8C?5Q~*FbZu|CQG2h2YpOhaxPOElMqZp}QtMMuK zifm&`o%mp%F9YE@l zi0+Nw`5{UU;J5yX&92ekHR?elL3LH!a<3VR-7h5mIA4-&PW22@FX)fPel&NQ&lO`a zT!3EQ+uRcV8igAR_h9<*FuEaJU@s;OZ!U6GUiRPzhJ&o0aC2EIfae^?Avv(lZZ_sI zT9y{~Y%?4A={^0oVwdUXXMtGw(1V%BI47PcY7KBtRDHDBy3llUMSk}l_C8NpH6bUr{agkoS~fAU@kl# zFM#=a1_o1t_VJBwI=IY({y}fgY+~G+$$-#PHG`QT z%xSN;gat38OS7fuey@om=AQEY`E*axdFSF6PD}!5%K89wXs}kLvPUD9oQPP2ZC|2u zg+Pha+-XG3dA}?yte3%0KW)Z~`y%ZQR??l|$7I6AOOA-G)#4uWi@KC<*}}e$nkB_l zrYrHLhy>0kg;WJY>68=C)Nekid6BkmJHD(0TY`k<#+LkMWja{+8$Eup64i3jEN~yT z-r$(E-uD&fGCW!h&Icoa{-8|ftYW#00MS& z;-$-aE`|jbba)KWqEV}$#RARkQk z!^_WSN4??cb_qb3{UG{F9ole+ZYeW!X?|)rY1OVo1j1$Y)TN732izmv#Jm)+Rkr5y z)Fm_oS-D5^!OaZwT#W}_{TibBWeDnKJe;@@IrExngs0Ngxr#53B(j+Z2bVeqtJm{3 zOA)fFKoX6hS@E^mvf7Ua-a5YVb3yRCzR$ZRfhwaQTYZmJA%?jcpO*J)xIqoLujAO_ za<@_kJMb}acec8e%0LGEYi*am+ftnL`}X>3S#IN0WQd@rCKF*#8rA}B1TsW{b-d3&zux(L7wcgoU=0qpS0EDR5x)96+&rTxjr*HJb)t??$F*9G&6LN-?o$P&Zata< zb8a&!HGh6d4#NQvO!V_}c~e%oe%9C6AXMYPn{j#kp*jN#3SHgezwajY%zh+KBqYBs ztpzw+8HmQx6CA%Iz94R(SHbS39yop9wHE%e2Kn%Exh9|!`u!E%!!yB&ZbT2jWvs)3 zAyER4+RAc!v#QgsKprOaIkM#@yS=StS9CX$y^>R-tOduH%{4UOhgAB2=&zpE_1hd5 z_O9{&9u=JBk6BTezNO`>?su&wzXq=Yhjm@-RkLbzwLm6X?IsHnbUAy~c#T?dYkWYG zk!4UPUhjz?a?u#XUV9<8a?$mM=Rb{b=@xFn>X+5*HCf4%~=VA1L)r zIz+n_8W1V8jE!u;-|X4!6b6Il67pMADH*y367yBHa5?vin%UT*U_~-nXWm(im2}~d zmkbl4VsQ5ZpJmuKSH^qjA=N-o$%)-ANq~sht-XFs-QaX4zemO@)#8)pZA**@krayw!J=KV{%))Iy0#-YLClVHTVrof9&-Gt~(+k+*oz;Tt&d`=*d5!8n( z`wPX1?4!X1%hCRJxB`AB2UnEoNPWIlPUp2krq(>Ng8Wa_4jgmUzKZx6#CU!{zazo)*1P=OYPZ7xEiETu~^bTUoJP>PFYQ(uR9; z6sYEGibengxN3l(5Kgam&Vgr1w=c2|v#N9@AVfwU5;gfqsZ(!MT_(z1u(MUd8_4EP z6cuElOOdcm5mC4qdlvPM2*6EO>6qB`j#us^_L7VBolhxvvCH(Qj7ou(&K&5s9fE#N z3_Aaaiv;o}sx^RL-fd5|ekf73HGQGAYyD1M?V%I!Xwls;Sp!JA=ZIjo+GrJIe z$+^L0`)B7NezBOa-IS(R1qxX+84p7<9q@And%6oq4^8GyqL$jz1yjt#y#0lu%$LU<{-lPEU1&q&D5*83 zQ~oKhyb{mk(xb zi{4#bzGS30b+K}F-La_lPZPt>_qH+bpKCfuvzpqO0s4X+-if~~d1`58Y4-^=Ky6Fz)}D>SCSRZaf9(BdSW{W|IDk4j>L>z(2uL45 zdJ}0+t4%)KYI6v<~{Tbz%Z_>(MLzHb%Bm$G${#rK?e zZkUT-bIaM)o9^PR;?(hPO#au`ULJlJF_>AN*cSd{|vl`Xv>LJ&jL+EDxoRj|3lNpV-5gqo?OM_WurU z{F@9l-(+B;GRCj<;7UAeOENmk!iHxewzQ|3Ye5STxx+T+^aO zrKdls*9?~L zw_AfCSJy*TRnR9B}_Rq@txxfxioPvl69(r+8;~o)LSxj z0f*<`*{Ka?JQ!Z5^KkPsisfX0v$tu>)VYK_H4CviV}EWYe6lsyK{7E3IFqWUx9T$` z)HgnjWVj+p8K4YR3Ye}pe@*ynsJ1jRHu9FZqxFuYx?pA9uJ~UuFQjG~qv%lJDt6m& zdsHhwFP@W(jFUoXMUNUs_eO!vGg+^A|kWJce}=S&G=-O&?q37?!LXU$|>zs#)RQonbHy6`7#ao};yS z{iUoHwwmH1$h^52Ppgz$X?{_Q|KKB{CPTCELO|p`55boH@Usq=!_ulG^zx4y`EeQ@ zu6Ra%eAm>AXL6LQc~w>_*6Wfwwy@}R_ZP5DXHBedowLv&Re~WudEs$Jy15P21_%(b3AWwK5))v){ryakz_Nk2m0$Ym7Z(904X**xeak+7S6=q_uq9H(6sq!9#6snn(|XKf7UK0$JY;n5rvx zwH_%JaQU0;4PSd~F8DR27u9R_8uN^~^08>VQm&lanrUhq*eWV2sv$X4mZ&LiyxU&H z=Q4?@u@T7Yvx8V_>6*rT#!Y1gr6nWogtTw$Or8(6Jgu=5rey;B66>oaP2Zj)qnpRK zd(i6_{w6KQ$HzxUUW|jO9Sa4~x(H8{y^WuREK_1zLDow-&s{X>_JXXOX}ZHGqZP-4 zyNV&Jv2*l;mQ{V+9pd&PiG2>kI*+Sor{3dz3=H7pF=-_=1=Tv48j}9->B06$7=RCR zp<3!MY9hx|KTQj=oq1sO+ZQ9VWhFcv`AL~=E$w(8#A~_l#))*t*`^@#iV6xkI$rE$ zL8?!kQiPYJWZSs{D;U`Fl2TIODaqp(x_Vo}FN0S3lxos!XG zj#m7pcGWi5s>S{^J$aqE>5&fShr@loAJ@_{LsKlEhYOIc2=v7dpq#sqX3MW-1u0V-AZTm=hYNoJoUy=a?J646fOTib<*W>@@fW-G+nZ6T^kI!vrXy7D6N5ITh#kqNSYK25C zOl!&?b93+jd&vBXFEus=tYd8EU}LJGZ~q3;)uC^gL_tYeBwRH82O0g-gVRs%zrnSM zS_{~r=RsNsHzYg~T#92Al+XjKm$lZJrimCC@=q8187^%{% zGH+-VA}lPxM;4aUJ>yAlj5{Z7xzV(-DWVXs*B9yT>B`28(D4vlEX{AS3)OgQX5Z0~ zl#={_DzO0Q{zb_h1au!aZOHqyrrJv3ds>@si@6VJ;ZEAi70L~W^qP%;;Vx4$ zMC@_d#l^-ct!Z{0g%m9!KgkE8R$KK3!brx{Ek|&(+0htqsAO3b0nAt}ikHUB+-~C8 z8u36HJAd1=zve@(T3tIQw@OW;3;N#@hd++i9?MwY+NW_Kx#mFfF;PmtpfPPNmk+Lm zI4Wx!BBdSAmll0R6BLDemdL_T>?0ghQv>f1n_mYhFRI}!H>npw6zysIuGSu zjrwZW8>^`kN|ix`H$4ZtbcR#Oc08kh(qLb_VF0&KF3jX+ug1$%eakXi80#-CYa=zO zv0PeWPd;uz^N;^S9|~JmMWVVczssOZ*x=LCv(f4g!jzQzdRcZlU~;*~wKadQd?bmW z$c^Udbj!EkdN;qT5bd9G+~?j;y}gPQ6pOqPCv6hmkAbRMxu10uO)5EIR_Pca1gevxB<|ENAXGl zSHi^&CGJa?X%(xyNHztBF`=q&D^8Xw3`^_7&CN2GeO-@@Xp0WQ?jnCLbPqlDy&2mb z{ZJqW1K7k3h3aZ*Dhe^g0b~yMW#pPp8IQM6BOM(D1qE`hIy;U=r*Gd{l8=1)?He43 zdzUet4e4^mTjuEVYz)tt9Om|V7Ot9a9-S9WIx5`P^obUEF6AdYhRimi0(P2i!s;YM z;i}^FM+9O?hkRzyA|lJts)MQ?E?E*tqpw_ZYe!>Zzp!uhM3T zJcoQ_34*Xq(fy{Qy%B$W8W_{30}$~P7^(&gY`6u5TJtI-rY%c^CAhw%JDpJ(Pk>ft=G zF7pEijQc!3G&|WD^iM!@#^J#MQ8EUoYZq1`akWi99LdR&45#U4ebwn7DmKdkeB zoOf12;~i{8Tn;DDIdMlop>qS~7+qMW!u4zgiigTVmna^+TJzP~3%kE&4(_&hSuZRAd7&hq^E8v(%!h^BMsv)B4M z#@{Wg00H4QOnF-VO!jzpr1lDujY-aJbC!ZHab~QIn~a)zpXhFQ(i+j-u!zV=*m{6= z_p93Eq}0L*fU;;FXGsf1bu5qXrNl4}!22)t4%3)n_j7e$Y9WO(>E$pA*@ z>gIOo+gyf@u>Z{E*pe!0D;3kb;zDJmC}G6Syos9TX5y>~_iTbwF=fp*f5^%*OVo`b zPQOWk0`Mf#*~6va{7EKsL!Cor#kP|R~OOm#c+<{ImMyw!Sz0R>yt7X#sw1k1K(5YulNA!=8S zy-(9i`3@siC305;ULjC!*tvl16ZAvoFrQD>4i=iOWnp2;>2KfGI4o&lQjB6J*(q$B ztV{CYx3nfd7IYWX8iah*(SgYZU^v=%CO99iNKAQ7>V2x$el(tlVIplV#4k4EeIii>`2+k!FSX-Ybj-BJJF zI8)!qNJUkJnu;207EEGfKuGI3jbm7DgMrefIYK8-hl`OdPaiI-pjkB%^&nRZy3wn; zI#&%BqHU(2ZaMu5mebMDH`dV55i|FYwJVQa=TH1o*tW<{DDosIsJd0<#iP;VHte6u zk1Q-!L>=X!&|1V0@!yUKYh#{J9W^Vm?flXBeu8bi$=?&j-T(d2s#^xaGcoc>4&ogo_64q%NSr=#}9I`o}+p zQVW{Bvoe~z*bluRNeA+EenU6ix_xd}TRib%`GgcX@`D__lu8SjaRY?W$l)Ri)~|Q%xl!LfMp(=Qtm;S zHWf2-wgHcB#$N@umHzbR=Z%`w&sDXSb0Gp@9$85HSEcPh*LhX`fmdTlbVfyO<=z&mB2yHMwEG-p>#4cAf7JCS z;(xIK;cCLfIgmReV@rt60%4;Nzong)3q|$RR~!!jNwGWP;a8m~QhF)u;Mf+x zPZ4PCjZE)VJ3BX52R*6|usD>h9%b5w$0a0`7__-hvsaDZ-6U2@xsge7JA9QyL9WJB zNci+4c|M<^k&)Zx{PbV6WtoG&h>`Fv19H`vC!v@a-T3xf|1DJ+R)?tT1HYKv`AvBV z55``8j>_7~BoPC@ZI>Fy-gvvZL2zTK4p&QyWbnOvkdO94sF?dcAf^LIf6hLO={R}K zEsDFH?^yysDk?F36y#kb4oLl2J<(ysBk@N$2lWLD@R?y6ERk|a;vHmF$8k!G72ijI zKQY}11YSvFIR>^nzKAzY_{=$br2Ff6E+yhpCz^|2NaSB56a06;0<|Y18&CCRAIRd?DAN0xc>Q0e?EizA z>Yo(pzXdqpzgO(f9QXgWJ+|lnmIV0w`n>7~An*LY?Q6>K|1Wm4=HDLO-)O~$R8_jb zfsDuhwc(?`M`!({j+q%`(Cj<^sRG@2>Sr~)uAb;eMo+JIZtHT8jS&rzM~5?I!Dc-D z^$+_>(HC3JSc{dFHb;_+i}7i1`>N+sF!l9q@}px>kkG#g^?>#LVLn3QXJ>l}sB-7N zT5OYjamjUWH$h>+fu5cg-xX9)xE^JHilF7uV`e2aXtj-NQfXPeZfNzk)s@wN$F8<@4ERgmriZk& z;Cio4G}?XPQVdgU7<<4`)6|CPeS&$Q)e4v8O!qMs}7N%$hLgph5&tu}Mtr6?7h!oV+nL(#~z9rlNFy)t$j8>1F)} z!azs&)U_*)0$eQaj+@QH_#fErQq$9)UPX}loNk_DC%I{MRe$C2|6D3-o}>!uUqH2= zxl%0BFQF*;02%0f0GTB zt2`SU3J+Ia?N6WUA6%V5+Lg>zaLKr%d(u+x(oxMir;EwA+kJxf`W@On8%EAWhe-cz69gdCEd9^!u|Ge*NxDdW>u9%%@HHkUXSqzz-(!7MExpdGMn8tY-^<6G6QjO{%ttrJoAX~#P6Zj@;?^UrPD7)LIji9r|nOou(YSx zX;hQvyZn3!GS>VY9L{ZZ--}EoUUZQpv2TBORh!ZAU*FqTyW4=S3P4GyHlm-0*~P_0 z(&gx*on4~zx94)>W#FtNdC?}{Fx1q|any#0VStnq8g z6BFte{8~S4; z^X6d=-~li{y}EHbIzBNmB{}&?3vz7ia09i`6=}rE`aLPBo-eHh5TYDEDUTFh3C#6c!Me*nXqy;ZYNrl9cr4NVXy( zfpRrkYb=RePEt1yF?U2nJIPjTdqg6S~*m zKT}j>7hk>V!qlo|h=g{U5h;HpBUtV3w8I+@6m|(3FYRgf_%s!H?q*x(E2;A`&~uQ$ z6z?epG5lU+?MG{|4U4{^#*Ktmh&WJ4P~>+%PNSU(tCcUBe`UJ5&}sBF`+Er~!d1>Y z^r`3<^8&bAT($Wk(GcTrzuyaU>|8%}g+ez52T|NUWi6+MTXmBt0!H*UNkUV7y&Hb* za<83qpD;uVx-cLRT)z}Mf{zdVS;ULKm>gaOFyhT1rtibU`_4W&Gcc%QQrj~KzUA#5 z-60V(7mTcS?zA$pUGdu>Yp^w=_$AsC6TbsGlkX~>hz|@n)*4Ee^7M^IW-CU20^fAU zvjaf?*#?77fBL#E$J3!*uJg}^E-zaa-~<6zg`)t5(y0bPyOFZBd(?}u$?@b59_(!v z>&d;XCJ@Dt5e`4}80+iI9(N#ZqoYMwPq9T;M^!`7^b)PFueOr~^NxWFuLB2LqAxNC z2O9`&LXGvpEDW)5H)w0CFHw5LsDb;?j_jrPlBZs&DSoMofd3wF*p%H6R=BF8qA=*Sc(Q+WdyFY zrGsW#_kswkROI-B{X%ja5YV2KWn(gpMh_4=36?d6iY$$)?O`n<8RygZ-r1M?|Yb z{#a3>Z5D0$4rzDSQ_JnBDf`+l^LuOl0=_d7(STj%^&8)neMjZ+!*t)p&O?FB~s_$!$qLYRN9Ep4d$O$vwZ&_Ip_v0$qV-aGi4m4&u9XGx^aM z2IlPxEWrT;ud!!CzoFA4^4*R%k(jm$TuL@U522$5KLRyM00NUFm8aEj*BT4E z$GFI-L3S@Zt$z2~mK3wL0WNz92_#T~guDLsi4OBxfBs2n2X_=oTAN(|6_2i6tG^-l zA4lrf%{Y$N{T}!>A`5(Wm6WjmK4`Q>MRnc)ok`THCp)kf@U6InL zx&U9kP78-thaYHVcB>;c5(s}w9Hf8z@3)%JgU0%Ln6l{V&1iBeXJ;Ed6o>z>=Pw`p zGr>W5V`F2~;MDB$;^HEzsM}&I9@0n7;GS5bXY6zAvos#_X;+hhqs3H`r z?%W8IoHlYEacMBB3Q?S9?OS2@ZbC7VLHsnlS zceg{>#DLHFZAdBd)b_lfN4}%8Q$BP3IHz)wwJ$m^;K~W>Jyvr6#*W+&17B&2w;c#fj9=6MIX-5tvED#V^ILgbTRTB_Woz1tef7QOoyl+d*~hS zAgl8Io|Y-wanvDR!r|~z(-zxiryeX~&QGVshufq{xbE)({`|jJUxg|)wZGI`ik|q* zw$8N0yP>{b2td=ad58M~__5I{#pnzKx>2I&|DJhgxz?WmP(DP4ZUgMd+F*V3kqaK@ z-bXqiT{wqM{-tRBefKjTpi5qmVHvn>Zk%St!C%i&I~Ln3%x3$4(WLJ}!n8*EJXYXR zg)_kX(tZj3|8%zJR2kytQ*E#ay#IKo=RfM|yhkaxjc?I~rFUk0eEIi4=umt>O-uQz zi>K8RyYoo7kI{2v=gy!)zW=7V^M=6WMdJ`J6XFogy!1+<4Yf zc-l=0wH*FrB}8j0C#U8xaSv*#5dvyEb9i5)0J3<|_nC<$fTH4ZEX;$f?>i=n?x6pS zxO?}}P&Ww5;*6{$RW89&C9<7ioVA$ONd1o228`~i1Lyaad%ft!JXxlWY>y)fkZ}3& z=Rk&?__7naES>sDMyAK1&h%_1W?+MW+iD9qw!PrR4H9q%$z^k<6;Dj{oOV2HXmklK z!=J#dCUd!rSPj)dOMFJ#6Jy)De*d$}M2fo5C5B0L-=70l;N#vo(wF>eBFue^nbHPh zda-k|G*L?}-IAM|baRu-|8w!bbH9e}k@t2#BVg%=`awXU$yY(=!rTeC#^{KMbZM;) z!&jg2SZEnojr8b#Ok#7K77#Q=ai3oNhxed{VfhwXkH0a||Na<(;fbWn!fj5|#7o(@ z(@zRThr#O7`kt1XKjdR?)$kqO^NNDIV$ z{_^1e0(sonsbWrcSFoR#ri1c39DJAg(JQ-PDxJ_HqDaE)u`W^(RyAz?gIq%KF)e7S zdOuK40i~xGk$Sa*b7%C!9V@yvFKgLAk^}F+hH_LH5Bh&}+RP*dofFJpgpQA8Y9^Fq z6%)QK-X~{N!Dm;CiSW*pzCq=~vk_5|#Bf+DpFTbLSvV65`;~|CtCam5tFXxd(nCV$ zrxZ^V8nGjm$#3%q=B(yi?L8J<4sM^zvV?T7Ds0+ z`(K8C+%V5Lq(4X{bb!mar991D2^^+W7kx2p4|9{-8u0r1WDQ=xT|dB5YZu{~OXiag zQX8NU^V~`Pwf~l%*fy z<@bsj7hTh^cVog=Z1%PN#awm`Wu^Ko)&-3}7+C55@E2HwSpJPk2~ZR{6phpxRzE|01-P4%#N} zG^LE_ifQLJ*SQE1x5UEjSw8j8zD;BqiAr_bl~EJFdzs)aN?#RK4fS+ZBC8Vp4J_&R zdyB{d2dPSoj=J<5J`}m&#yZaU`vy;mBJO?KjwXVGk+xE;kgMFq$XWY(}D`mtkdzLQ*2glezq;yYR&Ku=XCi%gw2dkT6EPNC>eEx@93D`7LOXo1Z zj-X88Nm)49WL8AMn~&W&%40IwpP&6oycvv4I6J2$u1lSr^0u7BiQZ3Wiz&a16m2VX zX;xdaNgui@{^AK^`+`Xx9ZD#k^&8wTt&eN7-JiLcsLajNzYTarT_wjAhZqgk9Ymd_H zN!M(JFPSox@uY5AfZ)CFkQl+^!6)EWF*AZ^IzU6^K;!*A_|W#dnk552`)!& zkCvQw{iG&N3bX90#M?X^`E(U82#NL2C(O2{^gPp^q&6;JK?kX!mNC-iC2hvz_Y4y8 zq&9-OC&n*hzHzb4&En)QHN;M5w-c)Y0*0|4x@vM?{{RZeqUY2lD7V2|xdjQv@3N2L z%dE3*i2CcA(c=!Xl1A#TkS#ZKR|!_luMpMgV*b*e${Qo_!o!0~7_45g7<2X9+ObHX ztF^J{Xv?wKxkQZTta7T!eRnqORXQrP-A4-m{y+=_$-M z2QLZbhr>8zb$v^tH&`%7)Ql~;LUr3&ddYz%WP+#dgu?-vBCTSp*7FO!rl@przfE5P zxGjqscT(DRN}5WMPmNkAxR)laY;e4DVzLrGtM0&G169qSu=T3j)Cw{7({(YuoV;8a zlb2mN;=i3s8G8I#s<>?2x7-MXh&Jwx9ui|2;xRl;e0AmG+>!e(S00STS;i1pi-6GL z?Oh2Qq@IAC{KnjxR?nJfnL&-)O7Szi73*3^Fh880%jLXj@X5V@H7jh zqYsyXbH|ugHilo~x3&v&S?D`hjMBL92RaB2bOyDU-|>tcWM9kl^lFDW%gxi1sv^u- z+;5OgsVoMlf$VoZph;RoF2{X+FIRc3Bx~>Z_&(VN$nBHgRrcRRTr4 z)!+-z?F~$fAS-9z9LD`n*i5VZP56^hTAs6WxR2*xIxsEYJ$JFNa1puo zU1BTy9sF!#HSH}`Z`RkcW+#b8aryTqn8NdJ*V94F2f`nDt~#z9lT> z2JO~DexO@2w609GU6q7bmS++0LuONEfB|_@IcFS)`cM2tMz&>9R7v=wr|oc{PWvQZ z6ePAOjbA!AWk2QypDd=%PN)OeR?@%|=xwB)A#P3~dMYjIZv!gxR}y2aXET5GMN5v) zsAN(4h#{ZKBXu=5o7v^+2oZi@#wg}`838-mB1B}H2vqOk#TvR>D7Ops_dh?eI$5W% zFqz7;RD)e)&AKD9eD@>uF5^Xa`~6MvaRjkB<4oor?oTxqTf5k-ZVKVaYJXm9Ca2q z!Pg^zEJko9?{*mv|0PZ&Rs=(T`gMcMbUJxvX$?GnBoUuxSAHv`6}q%^wUm!*B3K#p zE>2s?%to(ONAUYOp)rY7MZy#n&4m4#wRgo)B9His# z6Ei(?Ht5rzo7>shVeaajFe3fA#w@Y8sT5qcMrBTa{P+Bl1M%DJ6I55F=0`rF~E^~+48h$^Z9b|(3xl3 zlw=>+ARZ50*zkYDUFW;!GP99>dq8daDR(*MymDL1Zh4nEWvR4xgu5<}54!KtlfR|q zF?p2I2}AxFxl4!rUe~+X1b{QtesW@)cby4R^sO#caWlvG0rF&SFxql(TPf; z2OX&Rd&Ik2@AXFR2GYewBKGz=JIUT=!QaPe_u<&m-z@ z_lIu3RdFD|;&>Z3SUSqL`aUb0j$sIWsD1jtX}{|jyxC##vvbP}_MkOfP|0kiJEH6e zdX83~ySEjv8D2Meg;1d`2e?#jYt-cS`ow=Zo(&(M!^#1=+J?9G7_vyujYxjTa}atZwT<-0^m`?h0i`~N+2ZJx}9eRri3f3&ED z?*^*ebD$Mx$NIb(UGYLFbzlBa7)QvQWR2jz_wTL0`LA!$>3aXv|55*IYM~te@%%j{ z&-zbn{JaY6KZ@@=L8kvY5(hv2{~!E69sd6TI8f`X=Dch%gWI+x=rrPMYP~2Y4(_J! zQ|Rey@0w)g|L__v;QG0kUrlU^`-gZ6ZMJvpuhmcAfF0=OeY~ym2a>)uo1cCr;d1a6 zdez0KDHn}T;;KIyrF`c?T{91K*S-t#Q!T(|bpy9Dq>X$;3$0$FeV;iyf1d{NQ zn)9vut3kKbAClA2$9~e%wS&@i`&2?X;X6=2`rTQ?gxVYJlf`!vb}zOv&iZE(IKqhM ztLZS#J4Lhp8iRs#XagM=-d-_U6LO5UbL&t2eAXiCxUqZou2B+dq}zE=A9XC_0b*<5pBHf-8x;a#X}o!bum<`*S*??!fe4O~hB*`~?7aerNV& zovmoCvE1^$jiq>aQ&??v<12M9bJZx*rq>E?8halFzQOmXLyL|sAipc2;@g8~dd6JfXe=!QV_VX^ z33`sgC?AirG~da9IXDGB$8|-iPZ2e_4<-G>EWf~NPMk*ecabcC*Zp*u1AQSTBpf2| z4mY=>#-OZAe6t0AxFcxBw!>C32*^EtqgZ2UyM*@)_;fGpRcq)|bWdwbM(L%7Cr)cg zIOcHGd;j63V<}z!Z6z$|P2m8unY6B3j+#H^LlGt3th;;G+OG;YXOd$e_l`3pAoJKU zJNX+wm3z-MlBQQpMJvqALV}E9X~!Rp?5Z&Om5Bb!@x6KH3hi4670jzidfu5U$i@}R zZZ2D-o+n4hjXbu}KeKmpnzq#1+MCfJV7c_YJ|%8+`SpEZk9hf_?`0Gb>BL6`Rtq80 z?rJ1uE>Aic*@NOc8QEyt$KgLh9XPi{SqV+g<@!U8LSx8_6eohL-N$4Olbkhr;EqT z;ej_c%fIU6H5W@+lOxp97~?(#EOFNL23lBZ{?6_fQ+TnIR~=0*BYWBLcH8Ty1UX$q zsc`$IiZxmZTU$SQ&`Na<>CU=CJ1oleNoiA^j`S zS|1i&cC)h6htzN=hK^hObzJ`SK(NM-jn7%|)!fKe$wf=d?7+zA$QtCpW)CW&i;V8m z(n!AP@0hyTcxhM!WAeiWt8RJfOoL3C9*c84H9OhdF1Z5-obJ>L7cbJLY9v~XMOc_Q zo_arbIsAh`agwrPVzn%doc;lwfKgqUVQF<=?o5Hc!zhiz=mBS-e20(HBJh<4TRZ|G zX2saAIWHBfQXY=bq z;Z^<2#H^g50>FBI8>!OUm7d@ja8DAc>r4pKxS%z_CRW{G`<=I^^)F_#!I#4kcarKF zYQ?}M4vu6oTY9ZPond3fnpz~KFe7YF>}5({|4FVWx>rKyKAkR$e24Fgj0b|6f^1Kj zUEa7@)~MzjlYFjy+S_W0te}7Sv&+~ekp0~3KuEp39ZXMdxpAerA)Ty+G)Z0m^5?W1 zwyon~w&Rk&=DXW|t4@ca*EQjitwpUv_p<5T6zL4tFN^g3dCksSzXpawjdOzVwIYT5WbZw@q=6u@paWbL(SPZAK8=>+hA4;V>axt1^>^ zv^2$cBEyVomaMa@kLqjPM)LwA|9ihhUe z3GEv`_Wn#PW^%-C6_BZkIcuUwhgNbxn>Dz1q!OF;}NAY z)Q=(ctb*ua5rqqrg~32BLWO_fF8AppN4^?27YD>kWz;91(O-9Q3XToO_s^)U$Ieap zcZf(zdW4mg0DMW#PhJ`Gxbv11Bx?8RsD47FN}_fN4Q&(0?3n(Zn#@6F7g_9w0Jhp} zi+B+-SNU^J&4{E2S>l=M-sV>EXNq0&=OR1mCV2ynkOWLUZ|z((3iHFaD~Oof=r~5H z2v$>Ad=TapO>|gMW+R+zuPOyG*7t5O77QT3K+nwt-xecT%YOcCJW&$?&tWP0lsXG+ z1lhdcQ910a4khkh+@3n}+xn4lRR%yhFCzsZX(haiOO3KvT}fi1d4KorsSfeIhq<+B zd`fD*MK6TKUzdNs#73!7vv1d33klIL1wX+%8KCI$(#`Psoigo}5>orVI@N6AP3k#2rl?f^nJGF%x(?Qmg~ zpqps1J?!E<LM*J{!;3wcnT!!5THa)rO>TIVrsTQkZG2J!%ByeczIx zhAQ9F00rqJG6H9UvPbI}%F#bup8P!4U7oy=LnmxPf0XDkK|ZISo^Eie^Fm8&{w4aT zV8wBL&d+?LdBZial$Y^vHH*rAC0U-n@6Byb)UzF#Il5G$I&=b>R9=FlkX<3z%ZTfA zea@EHatzjPzVvNqs+fe(o_A)It3+1grfA|B@pNyk9G zi7}5KH29{LW2F0yto+}hc?<&Hx8&7nw^pC3V>yrv5a!5)1n2g<$f1C_mwUScmOxT5 z^NkiMNI!WN!{xTan%3UE07vCT>s;6re_7z7*3qG#T;Z6=obR*zdlU_buLX;F!T09s zPpeTNW|6l}DRJg=GjEMDJ{!OrGdW&8U>H(WRWW1`Im~5>ol#9DtgA#qr>5wNA$IJR1i8imlKx1WQ)hwJ5 znh(BZzE96CzACj?8Hg1z;t?U!EYP`uU&Gs|r^2$zl1gg1voz`vx6THTSi?tI8ZVU} znc9ZCs)t2HTv*HYKSO8^ovC`8Y>5~v@+y_2Mr_ex8P{Vw4w zT2$^N-g{T<@R;2(<)V-tnlDe$C@JRLJi6)_jyIWWHI}_xe-@-+f6Z#`ENV%!7Fe%z zqt@rNTbz;Ut4`SW#V#|9?OonG{RoaSvbNw#CC#&-;DVwfXnv;zu7!AiC=3fV+P3p? zQBpnGSTTZxGxJ8q{zeaZ`~J7UqnV=Ks6H<-vvSyJ+^|*3qz=j64ro3fLyPXUyflK$ zVNm>4ansxhhUi^wA(D5h6xR&r*?$Y&r&R#+=5f4!BYI#h|rJtP_t zzNK=kP~;U3tG~rJT5?DG0i1ab1$qtFmB8dHIA4lNL=Y<=xZIs!?b%4?(RROQ0Xx@7 zsr51*4;&gjAx`-AMzB4j&H1D!XtZA|-0lk>R5eK{?{a%PPF3Eg(0^A{>Eo@RYTeFU zN#iTzq4Z#Qd06j+em2h#pRkC|Bnix6hO1c3b(~u|ulz_t^Ja+(Qq`sE6^9vk=CDOb z&)VYbKK8=(c3*V{b+%StB}ppr$)7eeFYVHo^F?(S1oT-#XrpLW5D0R`nz!4|_Lky^ z_ayMr+LQ}r^z5xV>>WpUdxB=2^sbL5-0N_~wiDZ)-}tgK!| z%(NenEI~3g5IW3k*#gK> z3C6miO86!>@y!hcwSi$tiYIQ=v z>1NDAz|<$}0K#HCBcF(I^MrrieJau8HYkTlV}g*ld-3`^O*w~iqsA+vSXEY+#+(An z4JXWqD|!B_{NT=Nfr&-q8~JngX^qlj@7RZyLps)YBvO?a&O#Y!zi5|;|p-01C1N=dd)x1If2>Ch(D3s#NIIsW6`35D#dWhxtM&7zi z+zPM{0@u(Yj(LNFL4$S3%J0tr`RU#bNeV58^SMW(de$8a0taJ>Ht~j7u2BsWEApB} zndwAa^VpSZtRVxdW&;A^i?S|ulr}=%7-#Mc<-QV{)RXJ5tO^Z@t`0@d3fuWj47Q6v zz1^NE*V(8~vcqYHuBKLlC$t5g;p;s+Iq_YRWgL9my+2X~m{E#Mqo1-Pee#XJYdrxn zuHu*@DZ^jMO`oN$oP@f2JS*~W69ZXQ-4AHVo#U6rMr+@SCJEPmcoL7bDJZFWIkV#; zi^EA_xbm70kHefdT}-^RDgr+~xJ#DOX-}qU^4I{r3)W3Z37BQ{WJAzw_0{G#$0k-e zD|RUFw=yplI#FyzM>_0~N_m5(>!>Okee_<{6C}t4s9i>lEMJt)fPIwES^Hx@z& zp5X3IfZ!Tjf(F;%I{4t0kl^l4aCaEof_rdxcXzv!@9&;E=lo8+SMSxmQ&anoJxlgp zJ>9*!`_sL`$So~Oin)RcrijCBx7ck{k{doy)lS~(JVG|_I)}A)hGtxH%jWvYurZ>D zWyH~n_awDbxXXVZNq2APm3wM9?bh2}T%)rhQs;C%Fm!pV6~E#deJl1aPs0KBQqjfR z`%4GeK<9&GIzOu~hCVG9dEu%70_p?zBD`rg%l{8dp zA>Gf=5?n6SO1A|zckw;ic8kK0+0eTFg&?9jJ{;aFQ4q-Q7A>;zOD!kH)Won!x&$FH z!4mowN@((GLmR0TIE%?x7^GyM8+xW-{iL!+!l_pK^7SG=H-L#8is>s0B5v^5cnfsBEhr#T_jf}P{p)tsyMzkf?(G*_kPG2^iv~rN_A?Rp~$zszCE5n z9Zelg0gW{|g#||7JzVU&Qu%$h$=g`+nFkb@5pQ2?$HD`d`PAr`xb;>SS<%vWMVcp5$Fst%2xGinA_mDJUy znx!vVYeSS7ri`|S@hGT60*mK+v+pQoXb|0kQX5>)iUOq~mKEI54m<5qAKC?Vt9^dY z6h?W8i{Z0jkIcJ13M*YTx2H*$Z_Pbs8RokuGjU?n2INmaNO1M$K1rzhSaz`)~RvQ|7EfwNdpG3W%D@HxE2yw6XwPqQgE;xO&XSpPrZ0B(g#cWT=jxVWL#swak z-|sKkNVAqYx}v-ddi{Ax5yCz^!P!&VNa|?Y*-mAle_J5-F9!p$({iaLM_}Nvil(aR z@KE1_{3cx#YN-g6bv8s`(?^!Hn+26rc}g;kM_sOuE>VI|rM>E$LaxCRv~;88P}fm@ z7y+#+(ZvQ2r?EznAj^We2R)^=b&4CVg{fe(wSQ=B<2Ko6Z}#=S#>{mBu{WF~V&Le5Adl)Ax`j6grf zOe^{?F?vEgztvjH<#nEZ_i&8z%TS<3gb@opQ7^$_35{Dm#$EmNK*gOhTIZq^uW`#O zu+>=iaMU}knR*w`c{_}9W2488noYi=^jYs(ODFf<|U)|VUonGSJ8l%ZSbG{oLk-JkNz}Tg$rD-dT zgLzg$%CHGO!@vOFp8p`V{n?OJA|b%eSt0wB>Ea*^XOy5oSoDFof1tSWPval6>5OQc zpD15aIS3g!5|<=ib=!`2yF-NTDR!75+~qYJJiKHo$*px{HKWbUdK3umYWgc!X8x>V zW4AdBD8}XHl_=+p5Y6ad3K%UuRt9?I1-rd{)#Cl$1 za+Te_Us8HwzWIko*ZAg-3Ik=`Sbft8F~r42mL&tF%P?8_*93WN@g&@N!Rb3Iam%jV z)o1-ALwMOm%XQfW67SK^^kg0{K=};$v%pAk3}3kR*YRGhu(~^8iTz{Di`ByU&D`s6 zkmpP?VsdhCgKNp*ccV1aJ|8+~w9-ozhRZMB>b8=dQPqubxqRW+zKg81Y%q+;7yZr4 zzcRhi-%2c~&~$C*Rao= z>}4a)@5iRZp9_TR=?YhP`*%6Nf1;ms8nsW}YWOI~Zaohjt$d`0HoObg-hJ_}v3J zIrVbA(x=`V?@sGT+~@*K1p0)Krpx zoFx2j8F4~6xfIZH`{s!3S!|2Y#;pv3`~>;p`;l_b0-3fGdhx&ST4son@Rj~<^)qJ#RAj-au?PKt0^ z7GKGsz+5^8#>UHNrj+2#y)~FhTk0Nxg(Wvw-zLLCW2-CC@b@SfRV@F z*K>0=x1yud6B_l>&k3>dNk~?HS<4h;)EPox=DK}@#e zN&4nr{N&b(t}m~U6=%hEJ%Lo@e`Q-iO#tY}7t1`YGHLJXKe3np2iX71#v4j{1^g2M zjDHRO_v%`5i*nK2#IhVfd!lPg@Si`}<^L;t@PFU=zm`?-|CWw${xz$)$BTqH2nA*O z$Eeg}Ma|kbYgnP$POHDsjSv6CI6E*{WtC+@Z&Hm5Ii0!%4|Kg7OfN#~OKWdZ5&6j( zsfvxv4y=eTP3fbJaLkgLTD?Jg2|uSeF&gAhi?3K6TT5DQ9+!UZv*3tXAQO<>I^&~Q zgk+O{r?x~U=+JBVNGP=%`R`r)o& z%bD)O(!uF`{}~?0swj>w3L1KK()K@cEuv0h-d2)Qy}3BAg1?{_c~awkc!;`}m9V8b&txgM;hlBe zr?4AdrUm$FTTPVWLs!7pRCUj9RwhOEMqz5fFJqQW_wqZD%TlgsA(KqHKxJ*F!HDK~ zp2o-@l7mAJrpoj`c+lvG7K8V;=zUjWQ1Y*!%E3#n`6Zlz@%Z7u*KfiDtqBCpO9nJp z{{|=U-?tqTH^HA!ve!MUK_gTILPGUkSju80h-wHcvqG7Tox>r;)icbYs8IThNLk0g zJeZ*bT%Khr(G7cyYsF-Tv=y4Qt7*qpannPCNzmwv%vy`2hA$%4R_R=`h(1wdO>x1h z<5A+iF;ix}ZLS_Uq3A`7jJLr{7x>daOkUrbTEWG zB&Wcz-4v!4(edcz7%ERE5Bx49XZ_+zQJgnW2Zy4zoV5*lOnHfK@EJM31PM~m5@pphu2uT?o2%O_wY zztZ060+m5%Ec>OQ-~?*&agBzDE1t1TEQ;SdyAGB|Udj-og>|2_$I{WyN4}K8oA^=&PUHA1JOpE>YMuL7X6u0 zMylKU^`}rq>$fkiveX*!KcQD%?@Yn6M#m_WPa%p^9(ye0p&`4!%5rXDG?TpwF%yGF zknEz|O(6+qnDQ@^T4*F^cBpzvfG~dkV=I@4Bgjhb(0v?S#gZ@_gpxtnq~TMqB*qx< z;`K#d*Xp~{Fw(q>h`7Vy`ex0HnOFexW7YH;c5Wsm537TN*zP8QS#B+-&ymQ36RNZ} z3O0sz|Nd^>^^0Ny)$ejXnXdruw*ds!|GzWgTaoETInXU-6mmd3T>W zdm2<3auvW(<%FD-)k)L4bkON5ywjXd*-~eGD4a_x&?|SPJ~=HQ;TKPgNmN!)iZlMF z;I`In7-u{@!QJS(ifS(oJU2)^`cN@$u+^nxlC46J99iWiZN0mhlS+YF-idmQN>mpA zE-@gXlOWeG`YW>zM$1>pmO!bEZ>mc6DaA+cBQ`@p(yU5jYf7Nw)o_^&IhUH`QskJb z&=s3>td_6ZUMcU%fA5&HC)>K|7VOR!L8!a@Us?Uep{|=WBc!G>dXU3?e}u=T9^<@RA&~h*!)34;>xH4o)0a(`x{Snn_6@az+7C z8vn@^=vqXz4J^Od2%>}jI|7z<#-ZFhe^VM*`xys+k^i`%l9rC2tgSM4eD>@+BRTkC zdL#(-&9oSGj;a%FQyur7%{&bk+juSS8pyJt&PtzqR_HHFG?qd&KtbT2ey&%^8pYM> z!_ZFQftr;~WfunLpalw4=c-Q3h5H!WnOO{05*g{x)B>br!Zv0W&{=4#(Gj9@22`QN zC{yVc(DSw4fcZZYm1z-a^8&seW~I}k;WC2888k+co}0m5X|+y-mlU;WO}Sbm)u)5i zM9fP>?jDWfUhw(r1^CcY^wM3$YzG!wpf#Mi3|~;p{rMFeYqgm7A|XkxI=@$d9>-@64Cq=${aEq{P$iQ%Ie<9YhT ze6abYyy)M{m|-}$G+_{)wctFytZGVs#i}$f^2KbWDwQK>ej@wn)esMZq1i#PnAqq1 zFk(MmG4JkejQC&L#GJE#=N1cWT+`4UlpL@>dEwY#Is3%KH#=THe3NpEbe;aqq9b@e z28G-ZOmIPMhXJ;=p5r64oHUC#yDs>nXsJ!c7&0^e)XZ5Q_A zA>QOM#Tin6be&8r8o9S}dEvP5^G&`gcJ#NJsD4StX4p%)NfsZM z@L8VE81x)G#sV#_HgqGZQun!0kez1&q@;DWoI1KgFLPm8LOw0?G@pfW0+J3UHZAVE zcQ^?5dJo11Cmv@fZHLhz;`7lhFcEI`#)AlS$>&5?QbJxfc)vVFuktz*H+d%0!JY6kZ;Rb&=9WRwMm60w{fy7X@e$cfTC!IM#l4<2 zH2JO(oE6OZL$rpa^Qo~mX-TPVZL1eK9l6C|9_sE}7xokvam%5;4@YG=IFlWX>ur|3 z3=76kRc55@zVT7_`uY1P7QaL7z3B7^GZAE8CTJl#s?9Ndf%vGWaW~@H_}JY=tUE7M zekUI0IHd%g)7d=L#JR~@md7X=3cW1>|g=)q9I^f{h;Oa4g0PmVBN0@3B;%3TJf!iA^J z-u2MvHY%k2>))3bx|pCMZkUf14bv^!O_m9fbG+()a1=~8m6ny^GkxDH9W+ZHfuEnd zc{2KF9_)6J_lQgmHK#9Q{M2nm>6TMC71*XvEb8UtIy+F7TJy5!)y)_dir%2GG}q;? zu8xSEI4tqGnFiEWEu^cl`2TQM$5xrmcw~P^;Q5g(9km>8TO_Saim1)Xr(=fTJN-2w z_{03=HX{leQ8}-U;R;$9*HOTTWhU1o&JjtCgSP2&daOlW4Hsm}sjs;cKep37A^U0d zs|!zkaxDWD7pfvi$vwz@Io}PTn-6Qsjc#vv^wYFDuHW)Pl4dje$Wf0728L4j>oY6b z;u*CLSmliE+=xdc zoH{9lQgN8?y?qcCuf?9zc*LaAgRDz2-=5(2i-YDo7xtJrX#c(Y2e!k9UjNnmb&sWyBzmh$4>E_<4Mg?oJTFo z7{TY(yvBQo_%S4{#w7`FlywZtuUR$Ct2lGSym%QChj`JnFRZ{n;B(@>kg!;ZM0LN; z>2zq|uT`j0b>SNQdA$9g99W(b7IEzWn?z(#A2fD3*ACS4jhO@DoiHRXWs=@lr49+4TQ`?0KY_f!+(r&M<3c1eHUWss+jXlMkq z4OEjPb7?VU5fVn>9;wAnKvenM2WES+;A+VY`E|^R`TF(k$;*Ya*0TeO#rP#yl6UlV zt<7Vx+z?B?tY<;*sf@A&qcnqc(BvgKEG+{A0@v>V{htbozw!g$o)U1jD_dcoC0>?2 zKhgQcsa5x1*QAton4f4UhNW?uRGd%ub5oGY)H~}t3fs@Mi<>iWv8~` zbu+s~OK%t2%BALYO!2s>oG+ne)iPQh!Ynoh2)bWd#-B~~N_M*ErK}ulzgiGU4jQQ# ztNg(F0k^(_1sBm?@;yavv8G;gt)SaFWFc=kQ2v5azR4c)Td6Lu=^KPq32qm*43MM@ zHxDeRC|J+^Z9ug!)vZUj;l*0bVtTyX)P}?P_3PVBH0c;mp@ERErX#6%;iI0TJdPtn z73(G*Kh3>gW7gYI_Ix+a7`~H-zz&Rrm-4qs(9X<;+@_zK1*Okbjbsw_isHb-Yo-cMoh!pi1gF9ViA7=U#0l@V)gHwMzG_v>CB zQe-{BodP8QUh)ZZBWRx=lT^~GayP!mnY){l8zT~z4~6~>sifJ1YzWjv_GW)BMXA%ic5R^-}I4e{ee7T z^bq`bC;dV3J(v@Lh7=!~Gmr@~SIgf&9lo-IG<9l$8eox!A||&9a$ThrYn;@m+*8Xg zxGs1XCZ662ze`G1p#=J580E%&ZS|Tz1}~0Hn~_5wFNwGKLW?F}j2N0ovNpAgu{WD$wUXtMKVu*a$2Tg29Wm?lA$=cL&aoB5$j=l_r3$8F-Oz79O%4XnkZHebl*p2$k{TeGA8=i{>b^?C3H#Nx zUS>UGU^EPA;MC4Ys}+i@n!BU%&}8mkGV+b4BtKKh)+w{1?}q_2HN&X!f=nTkRNd~X zyVtO2l?{=Ti)!etE$|f|v7$--fD*SVj+2W}^5CHKZg%$z4x;A#VU(rMJI2j%och?jWXc1!w;R~8#(uTpU>eGWs2i3Ge%VS? zuS>cCt*|mJ+E3^ubr)${rHS1$JzTLoP1CT}C2Uz&GKlb9#OO*@w>xyWKMUNqxyMYV z^B#;v-|Et}BCKi(KNdO8f|T2{79J%o5z=6R=)wL?4fW2=ea>JB>|YgWocc~}K3$!C zZ;BR5Xf7AoXol5GRE*y=h}_2am;B9atCE;;yRk<24wT?&>dzs1Ct& zQaXYestu&vnB$Ag-Xf*ghENJy9&cxjf?ItA<)z}@^s~LzJ|w3e71K@%IbOM@c@0i# z=$!r){xi!VP3`x}^|GRNIWZG#!Ixf~MF4QK)O1LaW;2A!84Yh^uq~fA_llLRlW*1J ztc5MzJEkn1?_{~bar#lQAHCiL>z6oB_nqfj$HD<7Za;?v?Gew(pQ%7!q)pvF^KTpg z4z=Hr^Qec>#qLui9^d`&$?<9POE@T1i0q3hrL2xl-^Gw_xpG>3DqM2%kHe|cS{Bq2 zp^j-b^f{K{ZMajWPKKZLCMIaIk^E(>?29l~BpM%8Tw6_XhVtFKF7D}OxbVx+Z*;k~ zwY;{PqI4(kbR(VbYo<*oC`)@82vxjDidBV0`sz&9Z{*K$E591~$z7dBn{UDq>{9`Z zAB6N$Y+~1`zI|^g?ODuo91IX#s+-m)jVpcB&x<_&6pq6XX6RA_o;8j}Y4FkA(tOI9 zB|W74lWTk)7qQjwhIt4W45CC3GYz5y)Z*{J?$jr5VnxbU5fovq@hmFVxtz{+84h|# zhxIi#LRI>xK1X8&4RjH_t2nlzno=$1f7Wb`Jw?3OU&vj*0uqer?kr<-6{S8I-~Zlb z>{#As8@KnuIL~^flB+d(svX7rX-Y|}eN-L&B+}zO3Pdi5D;nCXe?H{3Zq@19p0{4o zr`$m6@-IubNAc$l5+MtqRNQOEVjw_g_-TZq+9=falJenVko29C+6(_IM;q=pbS0H? zV75X>&wnb0N<8}A%Xm<4Wuf&6H#Ph$^T1M(SJc*hq}Vp|cfdM&BlkRRnJefsBnD?a2lD@r6KTq7OL)MctC6SAxBpy0nwV3%oqi3yAL_3dt9MvH?kN z6;K%6?*J=BX=Si`n8b`$(J);cY;aHrs<`zyxiI>?0-4HQIx>XDrFCbI?oC5DL zWL9fjQI8(Y4i411o#tfabVS~l516xu6E%1v4qWF7{+XAsS(rV&#S1tJEjb}NQX{i4 z?z2C49@`6vOUiB-$WFHncZl-c$qCE5-@^|r`O`V~Q%O${&p?Gn@S+u(4C|s}+U@hT zcbeVAwwU!L(&dBlU6pb&LmbzHSKERe+%FZ0ra^N=PN%zJ)S1MdbOvev4Om(vz}J;r zzT_$j1`z(_RcLp;&4{<^1c3!2`*Zf4cl5Pp!rn3s!p3 zpkgul9m|5F_BM^W*`1Ubj3BGqi1T@tWtSdhG+$7vVOvObXnzqx+J`X zees4uX*+wh0MX^#V@E`eGF!UFt3Ct(Jw997auhp8Xj<{W89rVblWosg6;UJtA)_8^ z^Bu1$DnQ5Zfrx(pAWi?3>hZNl))HBia&*;1XE@5}kWJA()4-6v?OS;rd??RuB>w4f zcO7gJeS@7yqd=b-9mU-)LxWGCP!Ww&y(BEwDGz86;)a^*{VH>_B?9Lly3cj7Ar~Sg zf9C(BtgK8P7~7L{kaA+4)Rv!vDP#4pFQRK2k1e`@*vJ_3HPaUskYenmV#8DXA*GCt z&NIx{Qbxe`kgyX>>$?SWz~BP&wOGopF@wN8K8(lL_+$DpXl(;Y{#rJvPrcUQq5QqD zyxY&J8~0UC)&za4IG750+*_G$34?YSvqh=pnHB2S(u*%OMdLtNs^X&Mi*JMs@iG{5xm}#c{2O(26+d(TV z8uHB~7VmqJPOGgYT{o8`ch5GGaswmlxUQOU+Rj&(p8{YASTAA>3iaw@R52TP5=tdM z_?&<0A5hFK`XGe;772wH7P$T667{H0H!-K%IJp*#yBkrgz8(g>u`wfhC|gLQNzp;2 z*~*&z)^PzmE+}RSnP;#c%urOv$(?4SG}tKMCP+{B%YrNX*%}yUhMbhE9qN>!^#+J- z9ML%z;K70eO?Q-gz}ycrjE{s&Ptk17_Idtbq*Xx&FmsnxR&3LdK7}!B!@fT1vuRG? z;@qroc`#&rePg<~V_Wojif?~iQUOIXO*4b=)-xWlVVM-=Qm?fW5Ox>=@h!Ijk*SAl zZ9MNbU|u7^z@wAS5S*L3KWyUyf}H!r#>E7jPWp!&u@#-nEb7YH(oY)HZ<{1L34JRF z?TAirg8=An-$vPSw}E=T7C-iS)Y}U`QYqjY4p85n*^yK#f>Wp*)x4Hs_Nkt0gGh#H zt7kNw$GGX;Ht_m8o5u>?D8#B1>lilDV@?EPXP z{7F5iEi?Zl$hzVza1aiH?S4-TNK5ri@>p42Eq;v<>VaECzIHP`Prf2}7)BEL-J3vO zh=)5=G9y5|22)dezxg$S1==RXo``QfX``;37u}r^(`e_=ECBoXteqX%uk+$Z-q*o6 z%&{_!Vx__=)1&V@>xXP;?aXdXC1$4Fl|{t9RWh8NW#VK>WJx;f^yoMHSnp4yMs(0E$Yy zq2}68O%t#ts&OG=LA3jk@=Eud2jJ=1Jc@(m!E%zv2t8w~NOsMCf?&SdpkX^rEc5r! zj+cuD;M~8!CyqzY`8F_E0;=H?X2IwUI^?yQ*znRh56{Ox@0&Y_AZh1LS_UOP(z->k zeGJo-hyg}Fa|s?w#Y7e#D&+_t5)FS7>63s;nR#Y66i$H~)B9J>A4us%YP!m{Oco5| zU4Cid@3u7e!JbxjJQq&l=vGP+pD8d^wfE+~vY~c9=USd?VS%1Iqa|CC>xV9~n~CJu zk}lP7BpMLZxQ-uY7G@`QA9a4=Ac|##0W+K1@og>+_>jG?ch=Vw@n?euUck0_C&>t2 zP>|zVJxGfw0PzhRXD$IjPFnicXha+PKK55s93DX89JJ$=?)Tq@Z7qB%9`j0c8wi5B z&B|*@X5rG^Q`K)oi#pyD)bc%AF6`y;ul~G*sAyI@?@b_24Dwg34eoe}d42gLaS!z? z3!0m%H4%2-tbc#He1JoS^7{951+$#{bAG^JZ0Br*5(db^GP4*Bs|P%-$2oABN@?K% z=jo-j`gfmC0c%&!RqFidK6ca^R05|q`)}+#Am0A{Pv6k4Tb8$4F?N7@sdhf>(TR0+ zOo1BR#6el?G`r-HKM>yJ?CaP>iwBrg_p1`JYa-Tx`DP;!RgY;e-H6+@l)hLb?MHB0 zI4tm|4$t-vq!F30PX*EX8XqrmID8`YVkm09o>WymMaXjH7Q(MMLrnV0Hg+02&!@(7 z_E_-XLs}SIoW3zcI~MrG>0=BAyWox@kFRIv-9L`?dQ9*3XVUX6vlFH*>LP*d?1Fb--sN{Mlf34oz*>smKg`u=MqLe8H%dwH?YCDob; zA!uOMGWu$PAOPtK!<__)R1H!$5HWAgl-rbIi5E#*)ANN00rVC*{pS(=<0d|4faIcaT$S(=fSZy^)z zu)hi>ECgj24t6OEX)T}H$9~Pa(pF6xUyt=Bw|bb(YGS=O|G|l=ou)GpPh-B&oY&j= z{5`Ah@f*dJ`fT35@GdK92(NDZ#m=t2{%w=+qs|x59d5{aOr&NuaRnc4{=s`cKZL@( zc?TI9m|2}ExIX$}|AP|}HiWe0IxeVR0SlRvb50R$$Hv}8ssr|dqT;6Dg5vkmMn!5E zvY7WLxs;0^WDl=%rDl^-o!owkmc7D*0byS$)zKXCkikX9O)hGf;H=5>=z{Z#luE(*~{nbZ1hEKeg|-Pat!PuYBmA4tlNWWCV}~Cxdh|nj`^d@78IA}qk-Hb^*?^c3~3T8gF{MT#>t%3NePOXSqNpX zF%d!uR*sPuJ+vDi(euIpQ)Nz|1HYJ=NWD_MC-9vN$&R09dBdql6h7B)9Eip{@rIe1 zTTwC5$_!Jts8~ZDAziZ8^QicI18Ths_V=ZEg8qHQw#6zd?*Y=@uLAZd&!ru*7W8tt zMSOhyf##yxI;N#m2&~4)asCfObTFGuszk-?|q^?%E@k5;!jw1}elurytJ5 zWqAlmMavRxB|}32o)7Z#hy!m+oOv9wJPH|Wwiu5Jn))z;zq@( zf=t-&BvGKyAOuw{K1zDvA?&eCYUX!iy?_04za3+T&mHN98fp!*NEk}vt4@3F1uYkB z00=z4Y2#6kpE$e?bWHP^x>dt8_K?vMvirFDWo5RGk${?>S!yCoyK8~_-^KE@bEv~|Lf)QUHkhKjK6LFd7%G& z*)9B$-TZI&pv&^HLrL$ywfoz|J$aRu<=+Q*Eg)wXi}T+Hg*Hy77IM3#6mi)=%Xs}i zyQqKkc!vhrpupYoS~a5h9}_j|*Z*Cee;f4wX(H}{kpKEd|8!HpBHR-H_W?5Vk;2c( z|9!SU6Y!F5|8rd|zW@JNm%{;C+nkkiLkp98{e~%ml`y|wz1EN>%PZUYKjX)ZXQw{X zzS&t;!9MM23GS$x%;LnnXuG{Xo5rS2*NfE?>K2$W>-q7piH|DpPGh+urJj7|%xtYm z<~RvnXYL^I`4kQ+tLrtr{JIN#BH5B7#xyF@e+bP9w%hnLq7L zh>$G}NpQVlQ_^U#8d+a(T5P30W3Z`dO>K6`Vbfs~gW5I2W~^t%YcYmT@Gn`sYuK7p z!vgqpVxmg3duMk&;v3KBA8bqx+s}Q$r7Nv94lknq3fkTMyJJn_1Q95d#7?%%>n_A) zT1QF>;gIsUA2?_YC&mj3%~#3ITaa3nspE3CmSa6Dmz9*WX72(6A2(5>?NgYh)gw0b z*cr8tnxpW<+%M2-$?PXbAJm$;TFxD&R*ZgW92E%%H&-w<;5lQe)1PvGU^|W1n5bNFz*bWJaMEq88rck0z zo^;lI`cm!0g(<1<_N;ispiUa5oo2_Kh-MGts=H^ACXMd$vw>Of@wP=^P`}jR;6N#7 z=xvKpV-G&Z*=scBMWUmWsKiSLppS_IOuwnoj3EL*4YwSNw%^ZYK0%B;UXV_E!4(gg z8`=Ys8Z0#B3-$|9_2*1$=Ki@_9T>nj=e8h@^!(T?VK(=MUkOgYL8%*2z_w*4^>I;? zVxja=z$f0FS7(g+9@z}0n@O&b&{ikXXNwk^veW-KfJG#Jw=P`}O2p|sTCGK6?dE)E z5+6=}^`xWuw(c)?T&8LrshMCo3c9#7rM(PI{pzc-_jIRCyn&25u4anNmKgh2Z-hrn z#!Rc(v)wC6qdIFeE0Ss>AH^tbCrrbPPJ30%X_eo2UOs%9+G8j)Og!1kTDfr(lYa1^Aqdma>j|sFJQ@d} zJpXN(-B9?sA=4Z|H(-wn+-iK~*UeCqQuwq{;ZYtL6&6~J&DWb&+k1DHj*N^ce(%2Z zv8j#Y^&ZTk`3l2z4yRBH8G&8erS!_PrxQsOE_i2@}^Q!_sc7{MaecB z7lsGWPoJekpC80QONoPnOzfmzR?$zYLt?S(rneu9^N$Um6+AW3-NKJn7@q4;xes#Qb{w3hFMS@N{$mc%_%*oYhPSDsbD<;jY+f!Xo3 zhVC41IQXJqA6w(h-X}$E$c;2yqCwqeN7;-+JaS81 zFFYF`r@&z=aDcPHser7mDyaJt)U71T2nZjJW5~L+U1-EquK(Kl{M9=e0wJ{Sb9JD1 z8wA<%%ql9G@INm1k)xGlJl9_EZRcgLlY03fzD99IV>|`2#9g35;kfbfxHu2`D)D8- zA!xj0L}ZsWeO$8&bqSl%!t?|CwPKXP>?|a8B^*96wF`BzMgDVtrnn+-8H&^_A8z{& zj=VB=`wkF?eO|-B6TT-pmi=d4ddi9&*%S1I42$^8d5_cO#NQ2i&zy<&1Q+@DsHeq5 zUD{8KNx6y226#~6!vxCb68C`)PlqZ2V9mfqKT>wdYveM2Tr))Vw$JsZI4}6zzmWpf zHV_V2T0|6dDHd51WK|2B3+Us zR+a??Y&NKr+o^dQ$5F@Xa$$&JRtPMs1-o`vH7WF{^OAU#a2@kEhA)5Vuy^uPLoBU+ zt%ifxx`4Z0ONPs*%5v*45lYBQs=CtL!p!y60l3>m&lUf{s$*e-@~Lc;x_G$bjezkW zGe)+{8=i#PvLZ-U|8+o|CM*F%Kq!UjM+3uzaE->L%QZg~rn01d=8gH1r^w>7NHdHs zD`G+Z^J9#S=kvcLQwl};tCnh@P{+l6Zr!xY%TYLADGkg9&qFDFTArmP$s@C{!Q)ds^Q4mJ~E-;Ujeeq-zgzus)Mv;+cG!#_ABW_G_Pq&+uIn#x8ei)TKz`{ zA#-&M5D$g87ZtOc@QmU?m}CE#YvpYgPpplMq(X*p_HQcsW{0R>9?niz14TJD>_%cI z)Z2(3jle@oe1mYOnP;s{ZYQ3C?oY|RZrZW`o5cdkY=t7rJ08^oQ5 z*>PdMnzg_M!G*UT%)Am}r5w>uHH0B`xMSKGhnasEmOCjFKtAE?J;{wmdj2J}^VD;~ z+IgGwj3Qgmy}kaRppVz=-7Rvb<7EJNKR35T*n-1X2p=7roQBpKyI~^{s6958Cy9rw zNz3R*5HI@_#ix>g65sEaNhVpc)ym$8n`G;C zI&a@Fl^cK#v`;FzZQRS`o9^zKS-q$5d z$dXH6xFm%v?hOv9nP;H($m`5B(l^Djfq&{S#wx__#`WEYlOKB`%2CqCO~SM}A$-Ra z+jC+ywrV9oHL8n=RQy=qk&T-?HV-<4;(NxA7;8c}aY7FhDJi=Ac|X73ss)$xN>-PW zGcUXAHe#t-aO}C2}@i>AcCJM03V! z%2P6zy0%rP@}+voM1n?7i?5c<1N}vN5!x|3x)a**cp_hl-aJTPYXYXr2Rp%ossQQ4 z`+@tZ<#fB1xdntY5W?oRk%Ywkvz9SuN$GZ+Hb@{-cG&gZF+4V< zhsry^k&AllT?wNO<&1ft)H}Y&F`KzCCB6S1IVZY3pEUb%`gE5!fFsMGKUvp|rwHcN zav;ONmDw$c7r_H^*=pk|pXW>fSl=)fCU)3D>&FvECK)Msf5S#j$I7?9Lsk`dbT8(# z6l;c}NCz3=fUu`Co2GI$6}A`FA7hRpDqwt_vzpUWpzn8(C{xwo>`4NY!Zu(_WE<6BwX{O)Qe4;UnL_XNVr71XRzPMpLQ7ewf8D(vhwE7y-~%Z0@iemjWn%s?FeBR}lh$ z2k&g1h1vd^wx1yN z*ri73?b!5-WmWTDda!YZK?9v70^lovLR|_E(1y)5n|U8z&;QYlSBB;=bttuUxn}W3 z!1s-5F*fE_mMAn~QrfLag(CC|rd*`SeJafwP@#YW3~gfyx!G7d0RVm8-?WzU;M?q6 zWgOzBwD?w`_l(sYDZUaMdixW4xT7$3v*(CXHu{rT=zj%^n7uVOMOv!XF9s7+F3Ql9 z{U`27g(N){mw2!stNTYWWC?7sZ~ZnrYp0$01Y)#6Dt$}8ES*1 z(v_aDKYj~gH|H{MiVu`uvYoJtmp2=TJT%?(Pv}L3WEfZ?HJnmb0$YE5fyT9Xk_Znh z6Lpp(#`<92K_<3Cj&CAdaWy}IQ?7obYj5Y=F%-}GiIkzYny@jL%a!WcEd@5KI6m-d zTQa?>f3F}>ronKpUZ?opvHe58&e8xJM-D&EgJ=fR;B(Nbe%lM!!ggQsr}dgk^7kW` z4a~Px>Lu@9$&k?`LeV`H&j=1yE+$ZmE9uDoKLHY^vI2BkP9^|+RFdFw4u(5%?EeQS zhhbLfkob-51J;kmp+y6$*~eEarFyB!^=l4pHa)I|I&>TGWD$s8*YUm~qVq7EuxPa) zM8a3@VGEZm+Ksmv#Yl5*K7-@Tz#)cy7142Mo71i-_N}einNy!c1x*{9bXLhAE&3vHe4hhG|o(pi`!1_vw}Jt6#U>`|j3N zo^%9Tz#C3g)OEQ;Fc@A_xg3nLD9?G=ASkNhnFAjfGRglhw8kJ+RR1ZR%3tm{dVArb zcJ4?oJ8J1)Vn68bj3~T}YD6q^+0vYHZz`T5MIN=ej}+u@7Kt&AA%w6-g67%rXT+Kr zcTTAY&fjTN;!Me^Wt7zo=MBdkL~q5N3JI2*Q#Bp%-GYylQqx90{10db^}~OKW}y7i zprxO&pn3$IpwwRNkCFTGf;~G>fXMuKs)VGt?7;1TPlzAGU%-`=>Va~+M7DZ;594|@ z)7EqQgw>GVga94ApLe6YL48!A5gw*0@u*SM{3Pei-pmG0JU2>EQ&RjC4@EkDt)K*j z{0H&$-`%Lq9oGJS)}#|6rXBpIW_8_EqE8Q0Wl${m^LwR%7X79dRz#8RGXoNxHms>1Ez82{FeR~rWCGgbySU9glM#CPe$N+(bt z0q+4IL&FrH`63`{2-EhJDA8RL2>=c!Q$X2{o}XBO(@5`u;GNmwxF9k4%9Ut+qT{N3hvkq+JCBtl?x=omRGHgHRL#ea>LQwP|ia+ze(pP z>;TcVkTW^C?duPQvO88CWXt#%6eJX!+{cTJugz-mst+LhgbpZL2En()Q>y3H+*R9H zk4|to$8S0)X%cv}+n{t|f{%Uacj?Y+%;Qr^ghg>RgH z`vjJo5Wh53+@m6)mN4I@n8eD9g7f$HFuf0AnPJpWBv*Ct}k_+DeLW67)y-c=b?n&z8*%8 zwe`GCMhWy!*4BqLqC9K4M1tz9cY!HcND?Y0`O7vA-=CoZUv6fZ&ZfQZXuo&%!X7L8nHXLjGLa3|Ek5wbkh8Qh6PPDNOL(r zCkeAN)Qj?kCoXp$PXkQ6M&4g7_j_^IB+{xc>P|l! zy8QwX`s^1H5BE8BsAQC_5Xa7Nlwyn)3okY%Ut&?fLk%B>56Iro!D=T;I;Pi-t^X2G z6tg!yo(ZqJbNRJ3!`()okz?>=`yCR1Ch##fdh$3>p~MIXh@umk=Vom7oDzcLhW&4H z0ltP8t$p;7;)jvcdc@4|x)Ck_w0%;Wney8wi`#w>oWy`YgBC+OR{(%8qU7(y?fxOY zM54d5T7k|1(x)PM_hZXa5>G2@%5$3)F9Dg271|Hz%P^j+?mTE)5ch-kpsMLOBmge_ z<@Qwe#8jl<2hM%PLLdJf&2Q)FJx>X6%To%b!u@q`5Y2!-0@q&N`awv-tdC78Xh3f+ z7`cT+x;?`a{96A3qSH{+Zed|*Rw|jCKWy$I@cseYgmZi~y3KsFvl%0~Xn!AK9{Cp$ zJUkko1)jX&v!}ly%Kt@QQ*D8j5m9VERu9rok4V2cjz}#DI=`n8wqw?Q zzG4bnTs(i~Ch&<`YhoDNeiMi23=(z=!d|r4Bli;S&YjrG5Q7|)%98SMcRyTNQP@}~ z;MIJcG283?GsJ++FP@B)S8{WYClJX8&L>)8oSu59T~$auao`?dciu|Z?~iuT+%{C} zMl-%61TtjZy)6BYaE>!0Gd(yHzqkF1uxgrfc}4HyFU!te!t#jUX5e_zYk?58?0~XRH4vcr22)4@%~GKHCwGCi40B=$z7k$b&fvAv)(7&tCZlS;V()av=WvdU z-MXJ`kAzup;PMZ29`l;%f?Iu zt_lhoZ}hfLMkJ?Z2mK`Vr-ep#>0$^z>RguZKYm`ZDls9-M|3%<$!u5S@;0BD(|&9T z_w@fI7pVRrlnN|+@IH@axOvDNHk7kx+CaDiqZ*QT8OLveqG zE%+2|7-E=wofsYR>Rr9SpOxsDe}`F+BS zv<8`_j|Sj7{kjVw+LpA?Sew^d$>R7=B(!4{Ml7_o?fCnHn~7q51*51l>l}UW z1ejT$f$cNw1l3sY#HL(^UjZ76Iq+P7qv#rM#sU?n>8<#Gg*w#FY z6Cq4(<6a!<@PK=tz2lP(#PeHkl%j^0K*#Je!-79gXL7t}?kADL+zQJN?4h}bnjtjf z*)-0Z$he9;BDoLhQng<0TVHc{_|H~KEu-%)*>SfVUJCDEvAqhZnKKKI?10ZXp*3mz zp7szVZr~Iq^zY7lo!8d{l`AXK(Hm3-m=;oQP>A}PSLMP^)GHJo-Gf3$42#EQeMK_$ zp+jnmsd_qH4`$-`3MRL+un6cet!^vp#LvY`*?BJ-fy z{ooa&o4?-ub5c~Bn=8B5&EmJmdGYM#eTFudN%qFtA^f5P8*ilUq$p-~(k1ExuI|gY z;pvtrBM|Dca2>vz`ikI`j7YjiI7|EKR_zN5<2TNZ{xl>k!lpH!G--6g%76Hze}vGWjv40 z-1m4B$EVp~f(V$MoQ|zBgVK_JSk&qEp5cR@Lacqe*QR*9sc+s^NasGcO~r{ozK?+s_;@o1QZp1Z8Pf%bxHE$xmL|Aw+aUJlju2vz24q?MpOjs2zexE;D7^K%PvRf?>L}_@9V3paTcx~OK zXA8@46fKn(HTY$5o8R%5nbSyNgJZ0g4Lsn=IB(;go2)prQC{ozxZ>qivU&!_l;*Q~z5zY%t+GO?ykX zO+9Ss2dAMyU+*&uz$_9Blh<-cumK{cgOCEyhHLrIciTxj(yzQ?>gp&g23!OQU_nMB zo&^|_5_nk~#K6wWye&WA+t0|^Mz?oC1;Bt{v0Z?vT+Ti4-DrBVQ_LwQ&6hQ;&3ze1{g$vZY75p9V4a?*N;+EUotu{AOn5d-6#I^!PNL{g+?V_#yuzUT(@IG(x}OL?tW- zOK7~-xU<|2(@~=wI?PIoODjxjUq0arRbl5Ww+KW^;9_hi(blI$qEcThZ5qUUrEovq zE<`1?FtHu0Dj;-f#Ji-11Uhp^e!hvC3Dt1t})H3>q*of@YKd=A2=G1)h%1M+&UDxu&lS=-OTzLEJ zC;3K>tz2O7F3J#Ifm4I~q%aKJA%x4h{W85$6xxzt%V{bDEs&?NP6S zyj-FLWP#NI6P$hz;!)J6)q}?N&1bEp!~5+p@F~xCheBlp!W$OO>&stXOY1f9ow67P zRh)kWVSE(W(n8=?gTfN%gETNgjp?^0&)(U(y8 zMvgYuFljrp^W%JKYu}ue_v8TfWtcW&J8x%XwjvJj@KZLX{w%3o0@pxgcurU(CKb)!QY!YBBO(?&x)Kkmjs%xi5uP2DZ+#MK0%Xb z*JfR(&Z8-|;3ilj8L8dI&1ExXhm(x4Ln)j?*ckfhwyiKrzL55Sxhfqofy}Knwr1WeEKuish{@ad|SsS zL^>{}Zfx&{e0v|m_#LXYiKU(l=c}xwpR4Sj_Ja0mSpWJn`lG^I+e?U;xDvGF5;HzN znSZ+))=4n=p3q>(mB=iK+-HEFd8EyWORRT-em%N8OSA?VXArO`8~jHbc&cPP@95vB zUM1n2OIbn6O_w~|n*GBIykI$QaaIVGBx2(}vy{Ikd<1g6)s9+{1Q$LFrMAm_w7&u(WYkR zr3eN~<8seGh|N3=+mul{1M|e{l@oX%3#Q5Sew!pJs0)?c9w=b~;JT&r$3Vz60w829 zboi>deF2sExQc;*lNIs74#TGzH_ik>IW^cWA}B<##`?qG13TdeT%v4ot@1iW2U7f| z=7GZF_6WC;WnJn~^Yc>3b0iHysVI*G2g5ffVBCx%9zvEyi5|H{n2g;0%Clt<1_?J|OEr_X?f_6-r{8#`WllHp z$yYHx!(;^UQNFHr8!QmP1PWZgi4|WL$OC#+!a~Gx)If>rfecQ0AA@g%J+x47-MV-k zmL|XEnye^9wCf|K(lhOPD7qWZIek@L6t7;%P(wSF8y6UVW)Dxx#R@={lylmOGQ1N- zu1An$Y8Vxeu7CMr4$*AN%denbMdUL&W0F5S%|HTAL`A7goF@j9ZaZhOOMQf&AXSy; z?|thB{^7(B1HPe(O1fi1b^r)i*5Swof3}RZIN3z+#Sg_!Q$Y*`7#ucZ8WL6X`6b9_ zbXY$A#dmN{Rqbl;C54rZS`ow_TNVufB}-K(-tNJ{=O-jWrgD`|9gnAtx;{2GpE`b; z^pKE&Egi(clZ?7%EbiM%|6OcI0@{CJ!z@WVJr0TUgz{SUKWUXvWPV}=ywp*Pn)BGa zHGYcPj{9-WC@$K|{-+UONl-CZKbCPq*Os{H@LL*Y-5zPsf=~^Sd=P^yJV;EvS2|ce zkW0b$l^28Y8_MFthn!PpO*>LzJ`WaXp+4~oA2S63A^{scVcp~M#5jPRL!yl3ro_en zv;RI!Xs4{Cas6=|I$!CJ@pe>X+{9RnmGBIF#M03d5_TXz_p-i_3-a%Fq=jZQ(Vn(pWlwxG$nD3U&&w3VoFoOZ#14QXe}bK zscCE#%@hqVq5t~r13VGxE9+2hI)yeOTTz0wVn$mh;oew|b)iofdn&(+J5o>ke@29U z8lYo97gNE)~yeZ$OOR_cBr4@RiHG14Px@3Rrt&5BF!?!hQ`$>*gk8y&Facf}0 zBdhVkudH40N&P7|ckUVk93w3(-0=hgVW4ZIH`Bf%XL5dW-alI|Hs zFlZm8la=fD(Q?yUv1BQi#m!3Ci>{++gHoVFwD$@h$|?`(v`Naks`Wc1l+V2x7mtS; zZ$o=Tc_sw8iG4C{3$NM5WbAXQ@`xBSXgJK?uw+<+G~uFg{~AH9MDD7x}(3 zsd&XiN~Cy6@kv`4K*zpnt-mb=7RcUfNzbeSagoFgvk`2k+!EkWw_pH%q8q$_MmKiv z0A2%6%FT!{l4&Lri*TKN28XBdC9}+YFGN@b3Zm!Ki;>I^+4!{O3b($7-)R~B_Ie7m zNyZ%Ap#^sEBUkKr0KOC=m(O4<@l4eQq^RGb6C#m3Yx?#^vP(LAi+1I0xwTyWmO`*! z;30Y(X5z3%o%5GiBDwrHNTu(Tw_`z{bF+(ewmxW69A!~mQ2lzVvDAhn0aqM`vfW(M zfq7M~DYgN>wcoF8LEB2|2VQwntSQ@%_evc{9us=;Xd{NXO1~g{LI>DYm)uYxNyH)z zFK05Z^!Rh%k@yk)W>fttsrSI$CtY$RpFPft^IhZJnwrw#k+_~GYtsCp`p;=apc`VY zA&76>4YR*jRhn7~nK+zys1o@%jF4JBUDG#@1gyOrt|1HDC8 zPpH2`eE~sCR^_IN2oaB2HC5$|2QmZG3miNb<3!I~mr1^6QQF|-R<>yaA>64uaVm){opHZ6D?Rp@dExVn&mg zWB^1Pn=oECM!;AGVubzLk1#G`WReg&rwSz)%zM8RvGzWS!VKZv2)<}1dUVlPS6v$*2l{7+5ad>Cf%E2_9XOUE zm99q_vwsi*I=@}^57&&|4hs?&BopQ#5ql~5h4#N63I|C8O=~Bqv5W0b`O%QyPwHE} zSZ9JZ*TQJ|_dj%vgUU5q4@RQG8)+N_qB2A!Lx(4j7PXhTiUo$t)*tc@@pXD$B3bd* z{j5hXxzAz|n>hXHUJDi|$RPMLNnrsWV(xRmD`K~f`0kkqU7R{sasG_Xq;ZYAT9z9| zJ^`V>Ke*VXT{XtT)yo5O^TB#mAC2NWKj0J9Z{h>?=y75O=l*jgtr0@21mp0rHJJLv zy}sm#NH^=(Yd;||0Le#On|}e~)TDVebK5AsIa>jOl8|VWBaJ9i&DaC3343euF@j&E zv612gZDeZR6;Q@GYZH`xY+SK{ws#*D>% z61JZ>?-WkZq6`rfSf`CFqOv{x^OAZz#=CkcF=>}r#es8=%QqxXZQe#ny2!xZ!|C*s ziLPZM_ao*iBGy{8?VAE*pfGGh0)ZzWuEw*P&UltY~VKupsK%fU?5h_Z$?_MpS73GC!(WN(j5CeQp zM8U|^75tkyV>LR_NsU%3pZM=K<+y56H1};iWqoE|Me|eg$CpIg z-~KInMx8tQ;pPdUV07f;PTmW7UIwucdfWB2^P497J-6p4Y@fEZHP-Mt*i6#jDY^~S zikWU=SfwQ4J&0VQcH7l#cp*^Lja5ivMLZ5+#L5EbK~ULYxDubWHPh9%e8R^a97V(( z`#>U<(7-t!ATr_lGL)rA42O=RiDK=BGFz8uZXx+!jRB z;P(l^&wX7m$Oq0(7{0+PkDLRe%bs|R;#HB4vnKr?Fw}}sV_nnF`<*)b zfdXOMBi;L*a|t*oCkIxUT3!L-a6sp9v@usdMEO`tTTXWihFm{u^_X+yXtaHT7M&9$$87`cR_pf64;4L$s6W>RItfn3SCu2V&a!uy@ zh{z+J^aOu8)U9-f@%u1yRAAEHv&}wDz1^>3L6GS*rRd#Q3VTW=7cN+*ZcrCRRc`#z z&SxubMSdrubf=1TwA`*UfHv#yog?x=lr^Rt^h9-Z!Ki=dC_W1C+4lf$thSSSqp+Y^ z-7A>{KP4|-Cuk zIgHX{k7AI5|Ds})F(pFhX!FWR61E;5@b2S5h7p!H1z)5Z8FJIw6%*=c>={3yf_w=y zk&>HZ>sc%KA0fO2d0t#{U{&r2p>E6lxZF*_HyUcvRL}8VYR<1_j}5bwf>)3Y=ZsL5RFj^P zCq8oXJ3r_BD82mEkGq+Ra8d3Z>CazR!FI@$h+pFpDj-y1C2trm<~37j32H&e?O_4= zUOY<|O%dENj72)nf#`lxvKi56+O}!rJXk&zOQv|(z^dvo$q7_3FZNHvxH;3cz~vMX zaNE6ZPE2LBXje@omeubZmcDywdOm_*l)qY-%3N?vt%Z4t@71Bif>5@9(rgFyHTOTnQB9FTY>FU`M4QfBkCbAkbCMvz(c%yiW zVmW!CZXrSBOc%}_D6E(?sSq&8lcVY4zj@y#TS&|&m+EG;fEXMfeQRfIx+BsQ0H9H} z9TuK6Vx=b0^&asw;1@EqQ}~cuP`?~KA*a?F?TLq;@H*;cmvX4}^;A68nq564a2e`B za;h%=W{7!Vu?*bZL9A(sqB$sAERjD-NgZ?@_*H6?PW_&A&HR{{MoGeTDd#f+kWZNa zw{1v?z{i%2VFG7C6wa9rvtOgAw7-FO@0iE2r2Azydl54k-U__lAWMuAvWV&`2z^?W zE~#HJ&pl0|V(Q?2$t%@GRe<`t7LtI})>43{XB*dyB|-!KR-s_%{ojiYT!YADJOA8w zPE3gmJIJ*gvA-CB$M|gEU)}Q2L*1Gfj z`mRi`>jsosTKlmqcs||Mqz>5swSQhu!ZE{+kcEzm@Z*}M7XY@aJj}*E)O{E>8`b== ztDw%Fa4?&^)7dFVH0uAHAY=J}C~dD4TDZ;vJvJ`*g~~QzykURjBc49S70yW@aejM3 z+k7d)OIlmNkSRs?snNC0E9~2U9CrAPB$3vibS`FU$7 zZ}joO8JWIfRmyZhk2a@?mgUL-#x5Q1y?Q0=K zx5T9lUFk-r2I{6p1@g%od#`gC$e!Twkoccad1^lVmk)jlxP|ceC-u1}68{WSKK;|0 zTd#jsUHdcZpVb$ikWFyk)A~8*p|-#K)9(M&8n;4n)WK7_-vaM<+Rnfwm;d=)ez-NN zf7(*A|Dl%tUw@((+g2hWw z5)|=ECt2&83v*FhNAPBTZ~vG1vB7T$kef zQRaH!uHBQ(#+AAks*_gay&Y@41`6-}#ai&>&cerI{it>=BWy0RkJpBCxAZVglL2&S z?%S%LuhE3ac&r(fl}#wqEH&%yWZ|=e$t#4{7>!Jey{%5B@FoZZJqDPAGZk+leKI&I zcpaV(4+S=C-I`n8R`#d&#u`4s5N%sgiuEm$CkQ1eJN zgnN*{`o-Xv35=XzQo94F3GsS;8@FqB_4U>s_S?w;ok@cHxng%=x?An$n_n~2rxRu! zBLm_jGUU$CqpRm@cqE)0*j|h7(sU}QJ1nW@_qV&f6}=s%Nf3x*ukX@cjK~LhG8O*} zt>r4^O60L38mHfW0{T=krzVq(GMD$-0Gwhb1$giBY^8Ck# zt7kG@jdE-@22(dKruf%ED#GB*J_U9<;lmaHTn~yw3MH($doJIZ3LR%&E-P4{v_;gK?M?X0g^`5*uuGOD%CU3XUCF^O-!P>^V`ZVbWRrH#R zafBCK3G31v=RSGxku=V$x3p?keVzNgSmvi=vpf9zU0i;0T3|~1*miApd_#(PrJJ=H}7Ne4=cgaT?;dq^9ou0Yhw3RJQ%^+LkVKok1|G>wjSr*_HIIVu>He<1&W@eVH@QN{0!7Q|C6}a%4GPeau=mv)7i#|Pwab$ZkB9guyBYoC z2j1fx5z8}Q%z=_G&^n2aJYUVrm<>fn&u-|7+L67poK=4g;rD|JfihKaHAlg z7)GLqS2f0};xNzOy57~F%HJBF-je_mNjktU!l$ivZEnt}oJ$Y4h2%Rb;wpZ_Y~r8J z`#|;C-u)smk@Sz7rZ#7Ge@f&KUiH(MxdfLb91QBSXNW`_(#-@W+Yjg`lyM{uHSC5(#u-O(IH*<(Kl^~-h>w-w;{nGk}!_KOq?U8%r#)^Xw za9=ty{`!!Sv$aY<#ual#ILBqG0BvgcyV{8?uUx zXpJ4>v0!WS>U9e1!Fn4g^Aa&8I_t3(CaYpY5#c_&69#nJSD4expI(hBS68(KoA`%0Oo@p$U2CnEOBPCDus%hN8x$Ja7qaBwI1IdjV&eR%i7 z1t{X@UWIjb-U{nwgsR=x3=T{ezL$&6!I!;3wa=!}tWI}QUN2!9^hjTUg_&`xcA3&;Yxo-(FD#(ZM{nzp;70`q5qGVWPVM2JKVI z-d``g-DuIqsD?djVXvu|HS%f|q(yiQU*~x_HmB{^A}fjD6mM!D>1b2qn{TwAe|d^f zpr!lhRD)FuUt*mmwo#>DKKZ(_^{joWXn+PnqS)I!>V%@g8M2b^XI-AFD`mCv(AUyi z>t0#f-p8-Bf-vb30MkS0@R z9qs9Lm6V_XWMy$^IK-$~jXz!um#mn~DUQ7cHNq$3p!sQZzLdJF%`%*u?|!95H_yeG zIz8sWWGRKpGfrhReq#sOkZm@jn*}b)y@O09$Mn0{gkkddxar@^oHPe5a07$}bN>w`<@$ z&|Ev-mY2xgU$#LvUf^!%^w6kRj!AQrYEx zLWs==^iy2b_O{p}dD37?v7PYCgsdJQyV(2AL^pROO0@|~o~t9N)#;>SOwt8fJa=|h zc~1h^2cgF>@NzcSD3%a+Q_%xHWBTP&32==`itgVAOnIg^tjfzLO`#o%8Jc>a-1pQ(+X~* zz}548{a(_iK?IR~`J-ZI^nR5RfanxVQZdbpUwAu+BW3S}e2JM>Rsg&Bj!vl~&)&Z}-w(~4f7Ix~Uu>xqf#V2^hVkzX&JKy_v?~;T0|L>V zLEY#uf^@1GXGWCSqpLRHLNJQ5$LfI_VXI3GNs%jZK>T7@%+bSz12WpaNto$K8xq*v zH4rVJkUG+7+ala?z|P}`CgO0JmG6l}2?hYTf2M5OnwL}#>Tk~ywt@CnSZ zjrnaLg#sU4z>p@96nxjz>!iy>#Ne=hN$yiFf27?qCS*`p>L0zJh))bb{2Qu9K$zUPnITB=i93{Mx*pX zy5jc^4T%Ntkv+i03gz%{=T1L3t(H@V1Q?HA!&n@cHe372f-^rDQ66Cev85bKtLJX3 z6qFXTVq$=J0mbJpQ&RqJ{H)Ht?r}CjilM?-ndt=(I;O{k#llIjh1L(4RrG z9!$=*9y2~vF(mKE!bin7&g8+>6p7EDbaRX6sINer8Coq%rAgm{{>%vsUYzpHR+wj! z`31;*ssIs1l~R8X)pMbMW~0I)%%$+2_sVdcm{SCdI3}V9Yi44ilA9=YD;6Z&nuhYv zkA_`+U(Xw%Mi3n7Q|NQ9ZR|f&FR}mGjhvyi_CfyX!isz(SK=t)XO}fb#o10YqWqw~ z22^lBe;toraw9|~;7bm49^RXX7N`{IQOiFJduvx?in)*uV_>4MF~!DLd3|C5bwbv$ zjhJtcM@+!DhK&D}Q!R?Zht+XaKU0ipE1CXDNbtHU6e|i>ZliJv(XA9b^cxZGl1FB% zS`TnimWS&AA6-?uE&3i}id+|`q!i%5^9$Yt)VGR8Y;tr6>a=xEa1Qy|pt+%f$Nlcl zXkQz_T4aJ0qBxRa*;N3*H9D~oE~&90?^9ugmUNT%4^`E+?(6@WaP>xV$=qO`BS3!; zPJ75-V`Mnx%!_P(C*yAP_H6_IxJ})4cX)qL=nJ#X8QuUHOJ4A==7B_orj6Ivv2I43 zvRbDN?3d5z;MlP#f}v@PrLFB!uLKF$EW5ZrH+@-rWT|z7$<7|rZP|YG*_b` zn>(hY8c!%Vv`JCy-^iUgGAs}t0~K~x&90{#h*JvzthpEGSQ3U4kJzq4)RPWeAf`E8 zaq+sEKbwi}+eifrq8g{G$PLGKV|wwB9fm2&b53IPSbc}@`{Ado?s@^atFu;fRGVdvD^m_TUocG-pu*F?o>K ziOg3Kc}wE+bSV-bVnSTj_%K5M}o$x`sXu^|wN&}ArM z%W{_K_@P(9lX=*L_KS}O^K`i0uDsPR<+}PzoC_u3bKteF45aX~UDTC2O4Jsy)3+!2 zyZW(L4u2bV4Z=q+@#l~0Ch@M;3E%1cH|P%qL<_oYcUqg}Ag-q&g|jdXJ<2#7E7rRx_9H-%6OaJ8v}Q2 z>3;m_`J{>LC@F*pV7S#i#%zFi*XlMuhhrebkb=3%S8yhztRcv@*MklhCJ}|j=ym7u z^Q#A|h$WVxbd%RqKpMea$5n=3<2|@DU=`ISKC3}``%4lEa^ytmEcg*OsargOjq&+q zaC4h#x;?G9^w?nZp=`l*DjEk8uc4Voc5eNrm+_L6TQ1So;>!PDs2)H|vuoy>L6@dZ zkocZCvBdDiEpY9pNiI{i=I{DIKXIdP!S>5_<1pI|uO9Q8&GBO*-T*^@$v~&Q{RW&E zS|8?_3-(&1|-V|e8WszDci;bl;&(L zioHBy%1V~i-&puRa2Lw0*ZXYEV%ZJ|g`Zc$E~}srFmJOwJ$5T~B!$=YO$&=WLLGsR z*BxeD)PTYL+BH(Ntl1;3-at+ec1c7A0J$~fpAs!7;U64Ho|_NY89Ecyt|0h6qf;%X zd$YHg8tg|3wtkF+*oFXXYLq@=MqP7F(ZO=tt>c%yEE`8dbZYFOpGB%$Klcy0ozYNK zx$VW3I{P5sajrYKAhxsjRtNAyBaOw@8i=SL@{C>aMd#ZrWo}%!)JlwHC8YX>M|kRa zzUi%JSIGX_7nBcspdaSTW!O$;lL-NP=f6hm@=1d&eyME5Nx^RZDsy2L`gM#`3Elm% zQn~@eFGoO4Lb2#)2p1ob2g~(O9l}?t7;?MF^6Y+1`^7IEQIH}Nj`f`5JGY*s*l|;f zlzc1z(9wcXgko^|PDa2|91aPejCgac6eWNF*J<7GWK&ApOXEk}TqajcGDbqyhw6@> z%_Ki7N?Au{-ddU2Y$*c$kQbjt%PeosBb|c-eoZb8YcJ_5ozCLYsXRX){MC zj_G8xKFGLl1DlQ{hbmMETxobsjfVzUo%-DsBGK67imJGr4v$7m;wf!KL-~9cECELp zlk0mC;hE>s;o=D+Jl^@YCMXHI*6R9EEIHP&+{vF%eWMR_L$299Cl5a;hC|%f%mmd) zd5gxc;C#J<0kJhVp?JL>eHe-3hzoy8Fx09*zHvhCYpU2Dau~wO?w+ zYBLf1>8&){zvLok3bVfnEI#fgd__u~hzF>K?yQ|bg~SbKJQVqWvO7)H##(%se8Lc@ z3N>ydEX+gv!^mm-y2Lj(Bl6J-7iM|hVJ6N;lT&3aoSJoU{{tE+PLGu)-{C_^foqZ zj4}yU-T?XAG>gv-JR^QkofJ6xIWBlI7Dm{s*4jD|(&i;0d*`;PG7$ggWPUv5f1Aud zeRa>9q{ICd4R8%WRXaaE895_p_S&g>40j9y9V|yjGF*W{X`Cw-ZJ2rxe|y(s`GkCS z2@0e(B!D(LwE@uJB}GgU|1x@Dp&7$MOgzDlBHMPY?_&lZT@nBXM+66Ci|R3B>P{bV zmp0WHJd}kqn&a6_g^ugbS7Fd|bMCd(_5$FUKoi1NQ%J8STT$~1g2yIu2~#N96Ma`# zB?A;%2;@!H$SG^Xq#ftw;Opx=pWjzPDV2-~l)TX*-EYZzn03^U) z;(7UZo|i!2)OY^OHsp>TaRR9>u;6l5qEwbf6;ErC#s;&s8F4jjdSs3?UtHnmCMPRR zX$ANIC)tBJxs3J zh5d#xL|as!z0i0vOeKDq2j%~>Ru(0jdO!{yD?_CZp)+><12K#}Myvr{>Q{1HSA0Z*Xon?kW;SBv3)5+nP4Kl!I4`6c} zKhj=L75}H&1AquF_Kj=+$|j~JGt~0aArwr(K8~;UdFzX>aprFGJ~*uW9LSFV)Iv?4 z-}mCfH0=wXIatu;d~W>ZdGynrau~Auw~sYjYMwlC_riY`0z81Tfg0LptGn&ry4qs| zH!_SfVX|>REqewnmllA}VDuPIWp$?MAVj2$RT@QAJ~&6^%)!}(UVP)FC|{s5@HGDP z1@Bz9V+DtS8@Y<2@4cSEf^|9Tz2i8@}*S0fvx*p+~D9*G^>mbv(53exIqJqR8t$2Uj1+ zZG3!=15XXq$2KX0UTF>dSC@g`*9H=Mi>f8&d?)q!qS8C=?XQbY7tCX0Mnk=x*W$^D zDul7{8+U9TZD#+38tug z*f>fd#xM4u(MdG$AYMzG9-i9;I}}t)_swjI*Hb^#_Lvg8Su7(&%yS5`e4L9tX@=}9 z+}Pn()NRLvq21>8X6(pg&WfLNW~wGw=uQ2#4y}ipV;%f8C;H%b^t>vvM`Lq2|C`Z7 zRs3*;E^Y~>0;HTQ*qtxGR@xfD}$b0D`FPGSw4w1j^<4M+BFZTd)usD*n(||co!x2gJesQ@z zSJk}9&xRwrvM&#!`IE)Q91RqnLG3Ze!cX3%iJWQ7hGXMc2`7?ym_U=y-s)IKFwE=y zTS@(nnWby!fjpbNmKf-6-iVY7vVQ7+vG>+dZGG#$cPOQ_rG?_f+u&ZHxV0rf@!}4p zxCD18r7aNL-CEp(yA^keJHb5(65QVOxA#70?{m+&_uPBmf8H_PH8L{BT3IqPley+x z&-e3uXGHQj5T#SZg0ed$V93jX+<$?iBoqdMs_SOnEp};@ba*CyT~q~k1>B?c!6`4X z8`u@E+JLzx7P36?J&+SljlV|#09CtsQNexm^G0h<-iEB{yX2mdzdKv@J-FMtyVr&` zN=M$EA${-m4DTM_A$^(fZ1$q1(O3))&z|>5=J~ko@moqh&_Ao=0D#tBZ3|VkxB0Bt z)-rzklFoO8%z>@it@zzq{Z_gcx|^4J_|uU5pP2$j2RzbN!qDX`t$$Y9M~Z(d70cfI zu{QUz#z%X1$D>KN!PO4Gq9xX>W21O%fJ&_Hr_0|OaW~m`IR7l)r*qBdhWs`tfo^pD zCwAj=*at!Xqm6kL=gNO#LJt4GSM){BmK)Kih1j{`e}oL)Z6{@lyl8Cwj%O5m)^hyE z(dS=xafbeVfp#n~K4T5)a%f`0VhKkiSZ|g8QredB9qezk!;GuX?t=YugS}?t)MFZIw=|323F_N> z5slqbSEotzFiTZa|J;gSj;>p|ADmZ@`HcUp&Q9@CC^b|3Gfpta@IT-LVA>A@61W4n zH+*{T*_B-%G=7fO2n4hjwD?buS*Da^;7}@g=d;68=JyqG?cl$qiH=^!W&6$+DWZD( zVGE*e-%oe(LytJ>48SJ~50sDS`Hv00O;XU);fXV%-2ViF{skoXlk&}HW_xZM9!*7s zgRC%eU*PvXdl_+b5FLuV;sbkEleVGn9F^H#e^KXMtd)oT3*$j;g+J@ zKhn5o`cwY(4}(v7*6t1k>GDh8Wq&5}=rn63d(5!ewV{z_!(W&$9fdPj`z~FT)VNv^ z*;$1gPwu_IBN(umVa{ug;P&Mg6WT6*A`DN;qmbh8S=KIaeWDog*=``kO`yjD@P)T^ zEz7^j4H|0D`bm{dK>Vl&1F#(xK^el*cy@_CS@4YLMl}iL^>x+8q?xhmxAKCnxmg~< zrKQw)?t57FSDA|gWCS;S(HK2bpDAn$1~yH@8yIo}TSWT3Y!LI505-QY*FaetSOi)Z z5+@=MNI(AzCD={zLZbv_ax_ux-Y1*A@*hnYUUBn$E>%9Y_E%xM-bB>XR%xQWAT&*z zg_dtWFe{Y3>o^@VgUG5Fv+tyiTc_ zyzGB4F#G0{fs$h-8V|4@jF9Pov5%-}UIX`}(VZ`yq&?arbtYi{>@7%HFbrniM{3d_ncH%5Z(x z#(XZg@()ts!UAj}fQdf!%;%oEej2ZM=a@-u_El4<`Z-IHYPFB^K?$Foz3D*-ZSKgo zufKvml;M|Y)-*QEg~mzSNYsiz`RY{8ew=@3T$vDHeSR@09LAWMu8P*a*9zhq|Dn4} zWf6+<4LU-G?QD8SfPS&-JK*8F2^l}#{RIMhq0KsQmzlN53$^zIMr{QoSv7O+?V|iJ zq*uPIoH zPELB#`U<=-yi6Of&_PSx5~#S3%jeT0U3Mur{@NoqM}WaO@cRRpHCL?qc8a2*KK{en znhd*jm5>V?CE!`r>Agz#ovMP0cUfSEC&<@y9QGJk9A4de(bIYRkc;M9lji%^hJoU* zELmU24V|`3j6eL_z3*l3GqT4u&iC6xQPKh57ZiFpq3uUGYc;pqBl_$C)1JV#VILPG z3oHOZxpZYq@jKWALXo53$qcKK7e^Z3G~-o2^>G0@98KLmK@={83g|HV0Fik{Ra`I_ zc1!sHV3zCq5*c=SWJACtsTvqgLp^iK^uxq6UhO%1mkDp$aOw`KIlX_Zb zngchF(dPea0bj_fw|$Pl)my0C49HFKQO^3P?_fh*4>BR-GY$1v5-mHAGB$Y%c(-(> ze<+lPyyP8`Nu=yB#ZgN67j-wrqY;>b>&8+>E) zVwC53y@GYi^KFW%t)aQJO5*S$any~bLg%7r4~G3OeB@#(nk+yI^jv<(g*Tyv<-T@a z$|@^~*S|g|F7&cWjBb4Uu_6~zsJ_kDM5g>1oZRf|NBI73a zmAV4X>-#VAH2`#(>Z4XXXHz{V)*I_h!u;gwP8!0U7w|xKpx2FKH=TTK& z48Hcec$QWmC*!vObiP}+#6>kd5FJ7Pg7?4!ZJV(^4eiAMtQsqF!fZy@WS1DfvJ@+G zxCoXmq37)e{BSf-+4x}cc~Pp3EahpLWWzg0-SU?;otW+Z-|?`1Ex;-2KV_nOF3l%~ zPf$L04!74>u+5A-e5U;D_66mNZECFto|$`(jcPPZ9YVIi28etolLq7nc-5$J?*V2T zdwQ)$l2p$!YP%MW-gFhP99uEu@9pItGZTy}Ki0DlGcIAsS3#Y!<$77l?Ts@9_NJoy z3KIr+axvBV@V|O}?l9am?)44x#`lDaE`K$v2i>+u|2) z3+v@K>*G~26!2)7=V)ILOu-AUXGHftHs|vPsHq-aa{*Ydch&x2TuUFTSwHe9;Dz9{ z!KaJQo+w`*6+ZE@#GNES63357czv0wVqnDUn^|$8!)p8%2WNi*^XBJZ=P>y*pPwOa z`p>looQKN)Hsi(e?f48u2Uny6Z?vA2$l0+HyhQ@-!0 z9xr-a<-(u7Vo3B{0_GbBn!@C(x&z~>{+Ft_l~1}}oHP{leE>7bu4%Qzd_Ua44X%Ox?9&w(3f_;8*JCNYX zxT&cn6SfwTb$DEwL?u_SonsuYqkRNqV><}OQ~^XX@m5b>5CAT1LD_>!qSeZUY6L5B z&(U7|mYirQJt6+_w!o0|Wvyb;qAm@7?K(VYvP#1gevtbC@o*6vJq3_g_x~G;`73ab zBszb{o8bvyw7%Tkp(GgnlRUxHOJnK)EYMEZ&@whrcP(+?I0~-6dKp@r9US29ZHUnhCTwUKDks$Fvy>sTR8S z_rCsmfKE;D$pYe=tW%ca4_zhzzSIknsaVP~ub`XghwUel1>G$F(3@?(FiIA>HNezw zN?=A8;BObPUcf;Nz|Uf4lY34@fM;n*!K72okrpaQH5+asf_Db0E|K>m*GV^m<959t zfAL(A6eJAEO8)NMA+K0@oG0GPprw1X-y-#hrq0}lR4hRBk&dZIQ#)h$!h}XD z)|>vqC5zsdH3-WD943%JLTAH$6^#?4h`q3dPVGGf7OpS(Z!`-aw=VP@ygg>Pf8=VE zE>eTNKuFDq!uZV#ZlcgS?(bw?&OPG&J8V+^58pT+0Hec}>G!)EN7QrWLPlfP;EWRH8ine9k~YxFqIkg{4O623^sQoJJ|w?H6~bdO{)O@Ql-T^ z;|TEEDt3l4w?SKs1J&S@*~YD|k<;P6h@{6K3yK!Gx`XLEBMj4OT!t!Ug^WiRM`uM9 zq?YX(sl0;s-IT}3o&AVD&Ied^Z&L?&BFWNm8qR?WR}Nl zydR$bFO#hgL7X?aLwuJ~9sq!6>A((IJ=kvqja-}z%f$&X{RXSw-6n7yt-Z=Z#h^Q7U*WaGU# zM$g)ttH&|o{GCv4gCKs(DO&Vp(gRH%gZuG>a;iKqNrJwbD5aHSeR1lq@4s8vq{@U4 zn{snKtpEPl3}5)OUzKzPy5a|=D`^X zp=1)XFKRE1NuyN{RFoh8$r^W{Vf_9%s>Z)yzBj_7l*YINW8_K$dvYy5=iyi5>DqOH z_?IAIsjNe;z!D|1n+mQ!3B3K$5i4V zjXNnSTBX#i_kXiw%Gm|_E*ncZ@rpYY7l zcUi>je@v=AXvtb=!unriRa6*_XgeDYlq+ZHJA+dM z^Jvyf0@chT9?a7OJ~z9_qe3^a0#EE2`_?suz}jVsN|Bop-EV{mDoisoLf5p=LgLwO zGxJPV|1kRdU+mX;GH!tauWODpPqpHNPr3()#eId~0^YE#5Cn0vK-CK&y%=eX$mpgy z4IjgSh?l?3qR^wgL#SB-WJhbKe7#~3-omZ^9)@VS<{=_udb@zT&(D9YxOT6(T?8^?|=*+jcxfQ>{6m51)GevpJQGSp)GoOS!D0D znST*B1&;s3uC?pMT1fjvdN;Ng8v}T$6k~kmV_x?#vnu3SUY4$s2XrO%eJVApR2G@9 zmcD&pqrs^fM+#6SJm~nlJm?_jGRoEC>^-=IgB0*939XkIYwp&l0DOv0ew3^ zes=X(nltbs^;?iSlOFf$MeD@mfJdAGeb@KMFkVC#g}I2v&%T&o$w-i9{5HrM6cn)H zZz@yz(h0^WjI3}y%;gm4P<*PsNxUva^0lcY769NlHx@Ya@HnbV;H++J7wRG9E%?pv zw$-E+Ku-kxXb~Svzg4diy-t|u{-Sr0L7*6mGOrXO%%StRChg1q8(a!49sf>=6yskn zIPK!@k>ZVeFt(mH;{X7)`V6x;DcIIKUFDHl`pK2dTcRj@uC*nHpu>?u1w#GWmU?T% zLpT{arE5|6|6H>DdouOOU8UQZvaTB^#||YGCjnh zEQLJf)aT|3W>C=&XT?Yn*!0hJjozgzm|=6+Fted$cv{Dj_;`J#%YRkkUKch;!FQ(U zIKNHq^NA!+p7Cy;&5aAp50P(2Ee5k;BS&~!8~c?bD}%GGmA>XkRYZ{XbFORdUyZF* z4b!x%R5l#is_tzZ+`_bPt-x{3)c7Oi`f(+p8P^QuwG-~ZHB=U7b(Bm)X|f`8`yFab zeSDwbkaAvkk?T@=x={UFGp4O1h$4nc_@ICIbUc_TJf5oY!7BGBj*LL{Ac!Wuaw^<3 zOQ}Y);B|1;h?wnZ!~jhL;P%mzNfEmxok=Gh{H|Hm`c^q&{NXi?R!`&M>qoQ7qBUvo zZ^4j8sCSm7T#zOA=jip+a9!7#cTBtUR(b%!aDsV_;BmXQhHrMiVOEG`{ zvl5a+s*6xkP4E1Yo$Z5GQ9&N_l3PsXCFtCTtjUU!8e|nPxDx7VZfZBP@CqMa9i$U# z>?@=0JJ`Omlk7vqXT0WDKt&gG;PE54);M7(T?_TDT)D9}d+sGcT+%udY)a$@gz2<_ zk*4OgfMn(qnbLl$YRur?ovCQ`0WekY{h`NI{CsKlA*&XJ0^F|&2=xVeeFFJ`tMFp) zoN@Y9w0d3G^a#gXKYxwb<_B`#o#YGS)9ZR3W?ov>&toT|jdqy!)l(y0f)* zS0_eYj1BU8at~YhF6;d4XC08kMBF5l4qh&z?k-FZ}(USZUm%fNzY*IVbEg= zvE569*(L6LNaI-;xVo@Qdj$v_KJ5=a9baR0{1oBgRJ&5YN|d&$E)`z6(xR#xsM?oPr%ujg_cTICWMvlcH0L?J7d7EUU1GJu|#t-cjAQi0VV9HI$v*jh-!BCFqG7 zaSH!5Ze5pGL$&jK)CXgowwatx;SZMOb3*#T=x;k~MQ66cmXsY~v3)>2zY=xDc-eo7 z>MBvB5$F53n$j|jtA|z5RQI^>V!+9HXoDB`(J;qnhTX-Ifv1NBSh|VC!`p;uDJ! zuqIta8|7LV`5I|bzuIx8^ww^ORyx#Gx8XwkLX5#2cW!*oHg}D6|Wmy=J0sYHV~xRh=wXlUAyjcV7MF zRiDE!UTS$CZAATv%S>npcCKrre0z^yAu1khjRPwa(xa*}k%;fn7<1O4s{duB2ItCS zBp(YYoSf~ZTRgC2G}Jd$RC;}Fa`k)FT;X_cq~Gy>3SAL->2 zzz-ydHG8;ZEUP%Er~8wojA)R|>$c(RQ`AZ0u_Tpd*~`qE(I*n#@zu0!D&iNQA>;VN zdcse9T23Yr%=BDN@Y}}97!JfyqKy~hLoF@6)J>)vnaq_Q3RqZwGRpN$#-COwWC?U!-!gRg??WwXySEWCH$Z|9oR{DwhFdJ=vru+BZ3LjR(o zru9QHRt7Zmj#x&!SmTu;hVo9c)Wb=nDV44Xtnk@Y`LriAA43*vOf3VPkLNFe1HB?4 z%_lXq5^M2pQ{efFmbGSmyqp|Hx<9Yt0>_~D_O6E`S(kjAyq%oYr_xCo1Gq%^IkPp@ za5dzu!d+BsdSq<+vy|3(v5N+&`vF6g7Vy*eTDJk&SxOsZP6_jL9r;DPoZ3dm9J~f1 zGGhXmarAM`;aR%JQoAIr<&vP(#S>m^uT*Z&E@kD|=*0S(cX4*Sl0}jeQF|p)>XOQy zHk;ps14(p(Ni0kkRNl&^a|O~=uIJHhiWpGT{jy5VO3#kyU7T)eEto|R zXZke}!ctA(ZR+Qw$odh`dI)FB`E>}V*bPec%J+`_lg4jTQcQF@BcPRA?bbeOQSBBq z5mx%}&lYd}v{Dw&38UnLy4k&fMJxRpo@IZ1tjhXI>cp>z7~C5-WYb2x?(+fk$N;dM zqIj5&V1pjgu`zW0*#L;y^BEzGL#c~1Xi%8X5se<5H$(>@MuU2Yr-Kj}8)G3Dcc{M~ zOMyt7tg8`x(KvHiDU(Z%o(d5FSomPzb=*?Xd_v_Kp$VEuPAb0`NmTvH*+_XXvUROx zP|@^fufHwJ*ooz2|5yP4t_ida{(bF$(ZmBi@z>v%wv5OPtbeQk0KV_yN&kKAx{uwk z1%ikP=QRAQ2LATRwQ5izv9k+~!8bOfI+Wtycel^^*ULWoKfUaKD$JzVCO3|So^m4#CO+Qd1(AbaT6rEvPPwl_3Xs3*PTCG0! z*2n9Z;%T!1e!cutFFB`#R-?P4lg7u*cE$ZHw)Tc+Cw0PL>k95Q)ewq>OcY-ndPej! z^?TE}eqnc4!O1}d4$Z3SZu{Jf1|#LctEM4O(09ZlHW$|lU(MdVlVPqnD)*t+J+`_e z!sNfguX)f-Kk1X8@!a8~*i!ZomH1ecp8J+8aGp!S2;yMwu~_+NHLVPo1D(^UqMLk0 z>BT?8SkOnjeR-m?7O$AGp|=NnZ)b_v7K>0C^3ATgLGiL)Ry=U!u*ZD4j~Qot%mFC=Xyvf%fQh>sdUb_RgxZQ&i|{7SKS> zm%pZ;9s3+7$s&P_O^&XVl|qK39TDe`X@a?O7|B;jH^enYc|0NYOU&&33cQ_pU{EiL1-k1W#E8Xx8^YHko0^hAS}Rv^k+yh6%c6PRpK%Ul<@v!hDeko z@><;75IhVDKyAeDTHB8X`btf|9GKUxK+`CR7NtIYb>(Vj;2D^6RmqNp@hl+>Id3KS z%00{ae&`qo`YMV0U8!^V_#*b_=Fuvf0xtf6#KtCz<8+cM-mow5unk_uX2aZo>BYg= z6aQ`|xQpRPc_HRf@mTJ+cz>P4^kNQchMj8Bf3N_Qb%>(-rNsAA?7l)LW!&>ms&^4` zn`Dba^h%Qt5)FzzH`dVUGJDxfPt%FR15sG5cGg03Q>a${;mI6Z(YYyfA#Za+3vN?; zs@6zVh4zG<&n)M6p|*7gM9J@v!Xu>f3jw63(==c9UtTy;IxJ=iwWu_L0MAKH#kkCcdeD~_-M_gA-#TtOKAP?7b54~ zJK|c4Tnrb5&YJuvL$J2&K#aDeDQ=uCDy+cJk9uBPFL(XAw7g}f7OUYV9$aF8FQ{*Q zVQRij=(Pu1vc}!33J2W|HyG+PWCjl`iK*PaTm4;=clIY016>4-t zd~jD)DB&9#$Audg^>ShLataYzXU%Jg_WG_4hGDhFSG`zji`Kb6HiJlCBK zdITh$p22~@(s0qu1<8PQ$!^}M+^8mKrH{1HXHP3L$9PM*gM?NSWi#8AmX#WX9nrE2BV)(Hmx4vx(;e7x=)H?q4RsadRGiXn zPEiO>_B~W6P4h|t$DntGI;eB88Ckv|*jJEbj0irWo;UXFy=)PKo^Ld7T%9H$=PhNU zcYCI^r6c$adrp~XPVk}4Qxz<%Jc7K8Zfh-s!OmJ?DG}GrlUDLDEjJyLssJD&y+03U zO!etu$m8_lU5Xpt)Lka7oCqQTI^dYKZoK*!*HJ-H!>g_GZU;fXUz=mRay)B_*{BN=fkSPe2yw%Y zQ}6vcgnxEe=^0mx*1TrCSmECnn`V*-ERmEWF=gOvI4DxvcS)h)V?dAO5|Z8AJV8x? z8N(jCy|6~Nq|Z&ZFt4!q3@w-oHM63DiJ*v>Jz3?)Lqyab0Zm>wZjpmRA4LQ^f9{{! zuW?h;)-c`3=43gK<_Fx10hV0|)nN>EN_wXv9#F_lu?@*64(T10RsTXXt`f3L)m|An z#jV{?4LE7Q$)1;vK#OFj(fb&h=<&`i)HP$^OmB=#7l0_Dlc;tCXQgMHz+p84Njn1} z1JXLFA$Ogm)oW`W!nmj3OE`vcb_)-=UQbCsOHN=o9SycJ zhfXuENu%cu+!VX+{sHaBi%?;Q84nNj%Zv!o*wx`8t9XUF5q>yeMCTiN59MDm>K#2x z>UZ`a(8OCV@gW@XsfC<#7Von5STXMVM)}u99oq-nEmU&HzKdQLX_gt!zC6A2TS)6r zRv2cn9_YKu}c&Q&ip5Xd~Z8bH<>)n#0yVqSA ztxrGpYyP0F0N3-d9)n23$owC}Daf zbsu73W=__A2}7bsdUERK+e$cuUneu44lG8ll+41MMuisAa_~x6DMEXFjWlOl{xl3N zdF8zR$04qI&QMgB53eZi5V`Sa^sJ8Z-lwS)siIN+KucMvT9lk??jt> zKbDv}Ic@VmCu!!awU^68)wx~(sTyT<%#-iz%Nj~MmrKDFAy1}s(yefPR;w>-txINy zD|%c{^|q5gNOOdqyrw3j9(whAZa+v4M{^$L?tRtv&iY~=8>}?Adzq7isDhy4Mb%ez zY}kFTet?@PtnTK=V_sR0s0#*P~vUeITrY8Wt+L#$@Q4fLKYm3I3;&er@n+^dKy}*CCk;G z4trVpp8UM&a=4i+36Jvn9V=qJ7FD^_(MZY(!j!OJf`%nA?K5PW)2_er2UB%I6VF<`qEy<)mI_4CtFQbtw(qx0d6*& zXMtOs_v&;E!8{K5G-giacTs7-pm^Re8eS#ZlBWdvIxfGrb`J#V^eV2G=3$L(Jb=>YSkJ##RljI-!Qkzp zN7ngV2Qgaq1j<=JcW@0UDe7LZW@pvxWn!8|KU;klBV?&6p!i-dI=4PMyTPfA9Z2v> zn1kCrn)6CPOtN!!;ssVK%uu_w=uLC2`~1xCJwq^pX~d`~M=#~h6YR5ScU`^d%5csu9?~IBQCZFRdBK@A!6R!!7soI{*U^C{eNq^UBO@ zu!J(_mvl}ER_LqGeVw-6+mq#v(~qZGOeo&xeIi%7xiC3d!hiSK_r%X!La5jj$pn@iS(tK9Dl!yll# zc~6?+{_`bJbIRvCw7d-+m0G+?kwO~U6nb!qc)k8r;5;3d_QYeg8vR!VU#PUW+(mw; z=loqoLmlqENGL?in1~(+o83MhZ~w7!hv)3-*RxqAhx4S7Ek z&3FV1gnnE|llJOB;1EXL;yw7bDHR%D8u8fW6facxdVyV+P1KT}UVPx8Lk)bs*&MbK zBaxoeolty8r7=(6Q|~F+J*blnnLhNB0Daxu$nGAQ(6gHSrcNLC7K@@A0R+ES(U6Tc z;GLaPh)B%aE43^0k|YyqYSqsKe)FE(LH(-eeqoF@qcmC8@?Dl!nx#c|->Oa;qA(5~ z%t_#I3}!OqU>QBfyA&vY|K`c3U&OQnAh_~118A+_LR zxFU$cN-u5M)`o^iIjD}x=bIu_r*&O(WNX(nzuxMFt;^>sMG#fAc5D{7n0g*ckcPiz zYf~Nq$!h*ZT=`1YC9}q$LSE2_JnGB#fX&RUKzCJmq461gp4 zV1C#312{fD$eG+exr*+F&=5=pt*G#0_NVE9wB1EbzGSy5&#ye8ql|mHi!BjwWwE_1 zm5{t?v1O8>Yv3MX4Al?BY4RvV&%|5ik$vWioxvz@-w4iRutf*8R>pdvAomM`iWdsw zI`gzZM2$qVazGsy{#4MMCw+&>6Lj&-wvxs~PI#Mvz`}r1QRFkpFg;gO$iEONJUg}iC>jWKL4q_z)`D{<>L75e+4FA2gtn9q;m$F-kx_kg} zo~nJYVe=kGEkr(owKpWWYL!spZ3ZcNj?d*H*A`t~bRZ$K{uev2aC;K#ZFNpciRo~T zWYXJJ;ZI4$G?rGS`Bx7O&6BeSw{LgN0wKL0jeYFY%*M96{DoHi?iOr=r#u#MBV>yl zQFuY$bGr(4D5QmnX`|P2UFo?uSU(`kRpjbR+lcZAy7q|UPQ5R5!em9#%M;$CL-r$Q z?0U6yTA&5$2puOevLX%ZDua=kWfUr^ACd2!wR9DpW3h)nx|2O?_1Q!-LMJ0dys~Js zSx${vgnd}uz;XHee35{T>%NtPS936A`%`ExYIe6z6J9)jnatA4^i~+*$zcC0_$$_1 z?wu)rb}q>i@UUD)0;)|l?dP86c@z0A^E^*vm5^xz1TwI*&s=n{35I%mwYroy?jOSS zgCX;9^*s*MOKTVM+L-dDx=*zW+mG9P^AYo9trO4b7-f%X;29L?R$Tfvp~%eGtm6WC zpWPv3P}{r@rhPfE!I#G&0K()aoKYd7yLi13S0K`&AIQuSQfKSN)6F zdmg4GIkr_f$ml0W1e<=N`FrB{NJFhyGQQu7G|x$Ml;`^K0+UWlAVe~FPN>*m$oKC% zdfyZi#;40g`!#)>cT$4yD!>UIGUeOGPJD?@TjwGmQ3*wtH@`0g%xL^Q9#gwQTxT+h73e5i zd>rIa%3M3Jf#A52DTH4OkCGX<%yo(%nuwHy!JDO*(rew$H)`Yfkk{GALy^b>Ee@-u zTu_dZ=WrAU8v;PowwL zT}*4`=7pX`5tYXK4It%V7>S$j^j=*nj6{x)w+PZY9rre(3!9Tp=*`{{T_osM(9N-W z5Sz zuX+C(9`LBkyMEf4>h?<|9xH>znS?8!X@+~R+rW&fc~enV-|l@Qf^JKK%<|~-L-5if zBX7G~AXTdcAYawid)1o6;*%s73&XKHz)X#T&NbHvsYKfd&DY6XZc(Odk0BR;CBC_(T@=uiz)K5ljuj zEc$A-Xoi^7omT{l54fU> zJvgw3o^Zd}HB!+$pKeA~-yL%EWTXO1SoFL*74RS}OI1$rcJ=pzP(A%QJQ0HhY9nT@-TLmv?kWs&u-Yh1OqJ|w zqJ|rv5nkF4HAdKD4)t;855`g9tI!6J(t<9fm&9v|*2{*kueNBbf!~O80~LcI@3kCL z`{!nSV9R|6{#~kx1WxFvLS71c1pMht+4yUr7JBF5LBC;JJF`?-P%Od?&VwAs^UXxT zIoQh0wG3n_!X(X?^4utQUBzFCcn>Vi=A|U@oVvR1tK zWFyDP8JL-r1`hQqshYfPv$>f$IZ@vyf6uKuJkm|cr)o-bRj)%2d|UZWWJvTIw}|EO z2e(?y*5o=W%}}xwhYjbQ3z^d3={e#@^8F7jmQK34@*s6WvLRFZJNOQ~HiN#!R&U6} z9u0vma+R9qflbKf8@~R2poDtRy^Iy2+VDLmbGDPJPMk zn6Bu7&?6P=qJ6Z;9}X|HF+Kh2OU)9e(^=#$DZ*IDqRTl6CH{fuNL31V3^{YQ_Lw{v zT$a6x&yj5O5(T1n%!#%Ov8ZB!&eM+5zRRiK_znbO4oN>qrH-h(3KzsQe{e2R!>OHN zFki7jPi2c=ElXRt;zz4fZB^#hCh8hb0G4;Pfw2nfDzat@B=bR;JWT}{j;j*jaEFk( zM%c_KWto7(IT?$ejAioX)_`Z$lMYqphDN;o{9W`YVwgMM8ocobNeK!bBM&n=OlaIQ z`a><~3h6DEk7Z)Bv*-DEudMRoY7lMc=qQHdtCOD`@JW+Ji^K_&V-rPU4zxJuIXN3ItxC=369q}sA;S1(Nc)VuxDkf*bf>JlTy(`0i_ zZ}ks@nJ}MvC3`F7?lpd5sqUYg-y;W8HkCl*sGLITuKL}0EqS8NLm-tKGEVhoX{I-9 zahcB!^{kbXWWtZYLzuykPf)KTBe`$m(-|}7!W@nb^-I+FzAcmL(p`Zr)3pZA5uSa| zK26l++7sNUPvyDR%%mA8>-7}&lc)Z~e+%T1_}aKH-frmj(i7twj3?QwXjwr?fQ zo;kBu13#fN{T?xkNjSeS8d1eHTaF3cw-GOatXj;LTfg9-mGY_G>PKnZx)D6Ax`QD z3rZD`Vr{(o`DgMBJ2B2;G+HwKS(YhcO7VrA|t{mK#659VH`l2?+8-w?xN(zRZpQ<(x`nq-0# z0c$4zQ($D0!9@C`xuV(h1HK!QV%|zUq_Vvy9y%60zZUnS-Y8sR2p9h_-2&n0E@JC& za$1Dq;f&jWFPVNe@f!F649+s$8*bU&e_j&04peQD z2t1p?6=s-k0Nk)CY~5lqE&x{rm30>jzXxFHZ`YtBl*Za&9E{?--u@EN-1k!C&>6?* z-znA(>fFO14av{qj?s&ox56emoU@i2(0>$?RX0MR8Op|4`qk?8h*IClBTV9JWk^Pl zr`w*RgtyhN_?VRovK1hPOp%k?Rmd3O(;dmcuOY!CyL1AL=k?hw>}d9cY?B3i8?whB zuTJy73zcBpm0F+*Rh<`(UzIi&YfyKMM%UZsHOW8%(yd+kS2mk(tZSv)kND}Rd{{;j8y6VJr1VQX`W~ma6*#oaZI%1((0;PcJc+M;H?Zh(65Rkny8!$8P1Uf^`4%Gg5A zfXY+3VAvEXF~tcj3|CQhO0apfAgV*0%-qdq=ofV!WShqQ7p3EjO{mgqF&8@L@k+ey zje*fWn1pk7+gUq*(l}>&!PqqUH=f6i3pLnitwTHBSXq)HS}ikt;p32|X5u*EQ#_rk z=ydks)B_6%mtrnM-DZ}7g=G>4%93Kyi9LK}XtR%_JLKV|idKyCB7gTkx)Ln~vLr1vz?l=BWvFpB)gZbs-HU{03PkHd4Xf8(M&`4kL^8!8gYj0kozKIe2 z-NdI;l(WXNGJ|@JcZmILW`$Vp_P=%b!C^iecEu}EIuT>KH6`rc9lQ1}zoVaOQ|ro% zTf*=|pr7dsxmLd8JjJiaU6ihix<_K>-?+FUXt{VqFQcFcfe%IyKAKh=zGg{)Y^GF8$Vm_qM1^sCsTgpBu3FNB@I#*ePBc|BFkTIM2 zIoCqByWG3?vP$R|WC#XMSXuKZpRZvXinRT#YiOcfKvVm*3>k=WJ!RT`KHdGgcwkILg_~cFb+#%E z@P)$ct@C}#UFer7V)T@sYgVyXY;q9K!N$R{ge_z)Lu7i-|j zyqq!5&fjnkU@u{@nF8kIMY7IoS9Kr`gCRORJbZUakjUi$4zzsL(!EI(N5#@G8kbo3 zY;9O}Eet({5ZZdoF4AwY2&bQJBWR1T)U)BoMOV$mbcL)cajM4k?qEZOD1A{4o(B=W z@=iN}eEjd_A_YxMnET+&UuFGMUI5_p7qXPU!!`6WgkJyvQp!KR0O(KJIHUe2pv`}S zc=>aB^zt7Fo&W#9|L@f5f@2oz^2qJsT}_LvoiO9&3%~^vCqN?$1YtjA8>9D1$?xl^i*GJvRMdvfB>7vj7c2Pj?Zc$>n_6~=> z*`Zivo<;cFywMOWxBObH(R!#Gj|B8ooto^Z@E$1%2{Z!d8Gg=Lo0*)pb*rW@>(3u` zOsY_Vo)%tzWZ)3Fg-uM?{E&)@-r4~l8!sQ}tU)N)*G4jFNu@^Y(~%3zb3RL4ZuWBo z#M{ibmJxY!=Xp_jUfsaiEVDICEq>Ccy#*TyhV;%ViGXPqoqNE^UM{r;Z(r69ox@r$ z4RDmSS z1L!4Gnt|%yzUsNuB}+xqF68>8^0Dg#?v1(Hc=&MQQ?GYjlN)e5%ORGVo7-pQH118k zI?V&g1v_(QrD~+{Q}kE@6eZR}d^gnNl=#rBp32fH#4G?m3Z}E5y@Br)(DOKuW3Yb$ zOQD>Ee{X9k=4@&noM%#ku$ljvt`K-TcT#?T=_JiiM1Y_3;Fw=7rRHu~I?xxz9(6Zs zW$EFeQ7o#&=vbOrWqF1dz5DsK7|rEq-<7YZ{U_99fw)`GjkekKGA!cm_4z=UtLU`L z_RL&BEA<@+b$0)5_1D3b3;%%lt>YaJ%?@F9>BgF+c<9dKyAO9$CH@%Z2A}U}%x&+6 zPn$k^bsR3zF#olZA+@ms8on7p1S3j(PoMM+oh_X;CnUfKFC6Y}I8P~W*NlwvH;BkZ&l7O`+_54 zh0O-fC99CT)OHt8ENrpcjM0P>?73aM1rx1gwKLkWf5#!)P8`Qwn2xtO$5l4FatA{c zf(&&$-+@4tZ6<0+_SvRpF$?{-r~{LM= zQKpR!VaLzT-g2^C`sRE$hj(ejWV-_OS24@MLjgRTgPhmv->L&eGE*)#30H7zQ_8P2 z3+!&Ub;mdVpZ2aiD#t0ggf+%3k z9Enj&&3cSI^mOs_buq#|mXnh1D7L%Zx>*K(u8bgEURxQ+1)&dfL$Y+o zDtJ%j`c8)YEE8Lc!XF2Bg%`VEz5MncFh$LfUq04!O&!oV3p_bA#Q4b6rif!XF#BOd zs`wQKic@{?_f{GhOh+%8C3fQniUDJG*Qh&wk|Sz3%yFW&967r?P{-y^mWw%#jOxZ@ zbzju6heBds?3{VONY((IfeI%Q;r?MWxpcDhUA5$|5e_l}85h-kJ+XTNsP>deAbHQs zcHR}uu2)Y7OGHpvT^f^UGDTN9F{6GqLBu=>B#OqZITaQg#DO1L%uM{?l^?TT0B;lJ z?3=Y|NpT$sQKKBthz&n2EU6YX_i;(J=&kSc zKK6*=DXL`p(JEm14;u$H1ZUN%OS^Wa4aEBV(wf$JpZcW#Q#%+P|9&2x(Ay@#{G=1* zW5D(W0s$6HJPR4$DY%f^mqKT%#y_hg*_3DU~=$5xpca#L%`veqJnt2yUT6%DUxh3l z6Ox-s5(R^1Eup3r60AN0f4f!Zh^7>quah-~IfRiq6ovy=QsnT}if-NS5hR~70}+B- zGR?B8Zl4aq`fFVVgHwvTR_|J~)@iE40!*RJy0Guq3zK(~T@$9V=RjnlvUwpROn?4!N|eeE~A%F-O&UY{fCIUDPq;HDd> zg)V>xPZ!mib?Lh!HxwxcYqsOUvyj(5O_}MO^HGBTxSeoOk2T5DwPj+RNk6!Pt_9-MLKto z59UY~ShryFhPsk7De@xz2U$)vV=-&qTW2CdV%Kf6ud2sevOpqY9urcY|&qY(slz!?R8YnX-t0Hc`KNC7$Lz&h&@`GuYZyY(mB8`jJ$=D2UBC22rp!+ z9$M$Y&{FQGnuaGj+I`aM)fi)3Baxjudx6q$=G5X6?#6A5RGOu3xF`MMh1y#xT3_Fq1%%biuXRz_A6$|ePyka)3Ww}3x~IO3ZCh3SH*LkYiQj_rEpxt<$Ny1vNaSOr ze5Og3!JZ1CSA4cnpvH*2{CW1a#^1m>1tGz<>Gw4?vFR3S)}gjWfInNv-RwR`AzACB z0xoR#=PKk=n(1Aes;`ZY?1HyWC>+bTAV=%cmIUkJvn^0^@=yTcx8=UY?!P)w_>KIm z%nb_MrY&LZBVi{AZxq?SWCIF-uxcV2rZ#@-vuQHVh8iR)NbsyCm^)Y19a5z5Bj%(r z-m?J^eCAx2F9hEZ!9l!7S(SiF6z$YY4dp69Dm9u^lF*JavX6ueNdj#!;*~3Slni0I zn7`Lcfx(QZ4hJo$RJ%oj3u|K8mf<}W1Dw`4W*23ZD$9h!Ndo0aiCsTfTrjQ2BY$g zFqB#X21(9}^Vu@2`MlvlzSZhI0& z5x1*4P1IIV6N+?9;gE*@kHF7EF$0G6g(+@(a$-$skJtVTtpfo^|LJnFa{ \ No newline at end of file diff --git a/packages/microsoft/img/siem-alerts-cs.jpg b/packages/microsoft/img/siem-alerts-cs.jpg deleted file mode 100644 index b74edfe2293f9339b63095c38f58f7692d52fdef..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 399141 zcmeFZcT^PJ(l^?}kfY=z89|AXku)NbL?j9V!jNIeImo~$3J3@YC@IZDn^ za?S!GAOi{vFfh0A3Fmz0TlcQ_{qDQg{o_6xclWP%*REYvy?eTLRk!#F`~q<9hK9BV z0D%C&Q}7SKF9P?~gAk4YpsNcA0RTV>5JBhwD2O279{^zkh<;-LxB+4R8yi9{{z*ds z08t2l@J||ZaDP@n&S$;<+!MSe_=|#y`!)10OpG}r#V?ZaIQ#i|DTs@E_=?%sd)hjP z*?GE)2ibUuONd<-2b5qzUN&~F4u0IW4o(OUW!~-D23~H2y)v(DHByLtF31S#|WX08C@vu1H#?%yPSuFAZ3 zboIH_JbfIvWyGY#F7txDee4|-46kea*%v%g=KWL1z`#JUKq)a#A185%D_5?FUzQY? zloSOiM16xj{A_|mJ$(88;&9!;*Uksw<%jU};6CGMW9#Yfr_9SM4vrxH=MZP`Z&_8i z|0(}i;2#V8V}XAx@Q(%lvB3ZTEbuRH$H4=1aRNbK2EcCt^7_u6exAP0o?hHiVwVB= zYudVmXHFMbe&Y+j;kglxCzA<43E}#EvKO1!Yhm~$nvdFQYH)o+Jq_)f>c9OynpZYn zUTy^E0KnbD&&N>n8uuMDb8eEapu=`gYA5QeqLwzE{GX?KmkGQ zb%ve(z>m(b?H~BXZyIAmHIU{b=)qFj*!VaB0Cg4E&K+Rq1oEMt0P$rHdxQr7(2#;y z#m?Er9>iK87IAm?Ji{OzaMAYP_&EI=wz0AOo2QM9)8F_HUBI5;z}FGJUT!wQzYqQ= zH|}o!puK(<0dPy{?4xA}?ioP4O}KjMoMB23Z+h6?(gQIah_MJzqdzbKxwF64Z4iU> z1n2F1)y|xBCJKqZ5uPi+4=4ka|DLnjS^IAqAAiF$`T4k$K_5FKw9op2azfMnoQ=<}@fn|wb~eA|X901QgNN#$Hi23>_})2_?YCa`4%gK| z4C)U3;^1-nPko^aUVhik#yab}>*e(d$sOD@&)RuGeBL*}=+C}{Dt^v`Sv%1LPJVsqnc-h=WG1_3t#HQ+kH4fuoA7VrdI07U<0nEpQF0d9?ed%zap0n+&X-S67(vkpK2*naYN>mPkZ0mt8G1Ag~#1y;ck z+yNcH4LtS-u>;uWuhC3^uV4$}@8iElw*zH$1MAtj|GiBW)aoWU>KT>)UwpY~{-PvS zC%#UsMXW)5iI9y@g;0_3Cb+!{R!Ks6!YhAC`!9N;RiZ(nC8ANH1)@nfBHZUMiof^) zy1)WB&L6gN0PXm1IuiDj^IUTLx@Z`%{}U?fYT z2*4hcQ|C`v|E7dKhL%D*piR&&XdSc?;D$CptDwEm&u940@il&5MW??a`xj^1%LS+xV1g(#6-9y zFH2qqfV1bw84UpZWcvMlfG~Cct1Y|(0F?FcczoTz+HM8`Ksk8tk?;PiO)wPzs2l*G z6J_V`6YvK=!m}L_Kn~D=cN8nY3Ge|IL470vSwIoE3aA4&06oAMFaxZ>S?3JSXCELC zKmredNFWvrLOci30W|Oy$O8(15}*>O1Db$#pa=K@i~`f(>{$Ue01U7X977-w5(pK9 z9>NOYf?R+ILnI;c5EY0zI6*uh{tzVOAtV-(1WAWvLEb}(A=Qv3NEc)f zG6`9PtV4DoM+8s;N&*G~4gvuJaRPY)RRSFXV**P8CjxJRdjyXN;t5_5ydn5VP(jc{ z&_ggvut2auum=U86i_B84^$K?4^@NeLCv9#P#Rv_iB`Oiau~EJ!Q|-i>C&F2o_kPlz*!i-;SE2Z@)7_ee-cSV@FQ zlu7hRY)Je_B1zInK9V$$43VsmU`Z)Rxkx2RHAu}#JxIezQ%FCM){_pAu8|&-og=$I zra-1gW=|GOmOz$GRzo&GwnBDHPD?IGu1s!B?n3^6`~`U-c^ml*`A-T83SNpU6b2Ls ziu)8VC_YhiQY=y&QqoZhQL0hirSzwar_7~nq@1MuNkv5^Ky{VMoXU?Xp6WeS3)LJI zmYSYgj9Q!8o*G5{lDdL=i24T&8O;S6RT?Xrdo(FDr8EOHo9D>R37k_qXLBy>+{<&- z=f=|g7K-)$8jgEv)fKHvxp6(IdTe=pyWqK$*AH5pA9sNW4Z2C6( z6$WAkK?ZFG7lv4d0)~DD3?m(*G@}V)5aUb6&x{L9P$mH;Z6-IS1f~+EF{UGC4rWzm z2j*zzLgpdn0~U6ct1J#IF)T$aqbx_P+^p)XuB?fym8`RDgls}=25fU=dhZQdLqr(!$aX(wWi|GW0UKGEp+kGAFWfvOcnfvg>mEa@KOMPp>}Lj_p{KZO#7ZADQZ1Bl^~bf#*L<#(Upr7!PzzOSybistc|GQOzdD`zZS{2Z zISpP7Cyjg!jHZlch-RY}k(Q2DqSm-Jhqj&edu_}Oxf`K3T6HLOjC9gYy;*%heQ*6*17ZVxgO>)Yh7yKI!ww^QBe>BAqkZFR z#tFvLw=drIzujy?V{+Hzy~%;;b<-r%g*)PRLhtmLv6&&vs?15uP0Vx5_bk*co?EQk zmAM;vcg#}IGRU&aip|Q+>NA`MZUZm1CbBlQ{$P!>(X)ADvuCSq`^pw$r)HOGw_$(P z{+a!{gR(=C!bd5+;@wQ$irh)v zt=+3V=sa9KT0J>EgFFYlguNoY7Q7X_pL=6`bbNArA-d`kS(G{{4sZ z9}@Bj^8NGIKi>WLrQmu&RiS8MRuNNC>?h!p|EKT8*2QBbIwj4e@}-4k7s_6h)0f9o zKq`VOFqO`g3sq)SgVi^xn`;zn%4@}HbL)8OUVdi$oKR0*|EM0{aIayn(W`N@$*F0% z8QwhIa;Iga)u6S%O{cB1U8B9FL$#x!Q@OLQOQEZ}TfV!pN4BS;SEjeTPo}TDU$(zu zKyIMw%at!RgGz(-L$INy;p@ZgBibW9qqjx}$8L{JjNct!n6RJtHt9CGGZip(JbizL zXeMU%+-%C+`MEdqm*$HWWEVa!USI58GFqBmwp-r#>iZS9@@SQ6HD!%!?fo~&Z*}V$ z>tDWGd|%n{+Bn{f+@jrj_2c4?vhAzey_h?gl^vfQ{O*&VtUq&qN&jlz)8Cuhci%rg zh{3XA^A6VrCi3E@1Ay08&(J7~{r$83zZZNXKub!Dq2h)@cmV=h2$U9rZw0tO*@-~M1T23MLkOUR zM8qVdWaJbeLHRj=00M;)5JHKF&VmAvQ1CoJNJ~V=BcV!6Z(u{h>&+nfATf)S?^_Bgh=Kz2 zaQ-ZKkO>6j0d^(^|51^Vko|S)zrM%Mf_b(f{1iY51p_;@P+9;6oZ#L(^?Uc4Am-vf z^&cDjGY9@p=fKln@3N&K_%A2N9G9Hm+$V3|5s&uMBl(u9!neaQFe$yEo9Q=a(No#$ z9~X9K^wr7)HDn{X&0{I!+T0c)*SRJ(CMzqY5>YzZsF4|zv-V2_%nc>o zn%*d~#siVhv4VI&jq6lv4iD_az_AE;IO>-K9{3u!h6h-Rx{idu9KBL(*!YT4#RIKu zU8uD!IF6hP_u!}r4^Umg7@bCf)b~x%INJm)LN6TsOCkYBP=^PW84qDr>lnF(m9;kI zpuT&YR8T!HPbVwNxDi#>(_@-CR7CLit5PDO^7$40lmpFk96gxQcH8_B{g~Q=tOIf1 zz!J^%@kcnD#qIM5_;eUcRY)y8pGK)P{nf&*gNnn>i2F(os;r&;s?eMd<^dUY*>^0~ z@7a^NBV5_qC?(?Z9zO(wl|oxyig2|9$DBKV(JuMLH;MNR)ENK+ zb)?R*2J+T8-wqT@alJaJdu-_9+~J~ak}iKYhyJIp+}EffhtXI1i9DmSgoeLHFRdM} zQ05Zv_>bn!1tr%l%U--Jd^hZ z^SWz8=6u?bwtATRgo}CRbM91~&()>gotJNP;T{)xU_8O`Zao*NvsRgP)`FL}XF0{r zKC@Oxux78nv!h|LL`_~ds&t)0aqshZ-(;BT3ojwSGsX$;Vsjxhk3VO`^-0^Ce)xGkAc$cqPI2 z?pjL%0oHY~FpBxnFAa@qV~f~omb}cx=@rSEH6CpuV?V%}&POk6Jj1H=Wyu7tG9Eh? zyec?37?4Hsqj38WjdmCeu3#`w_eB$cTfkR^8V@A;44+Qnfp6`F>D6cwRA)5;54fX# z*_rB^-^R|rzl_y4T}|j1I27UJ!2^}zC;X8OI{7~}m)CG9H0SWZbn0o6n&qMC4m$Uc z>t)b;Jiz-HHQt5?vO9O#b_dQQ-LMvz`P)%yI}MMyhl+A5Evgn%u2`m%1YSLiW3euC zQ&@}HQ^4{qg(YThG*pVWoQU5osT^_3!IaH8l+S1@i5L5uSavQxTfEQ57Y-?M`K*0S zI5l7h#@gv~#8NXHf1&5|X)DG2<~(T-T5rTtOQa%SFx9KO zE~!|HaRM?9EPuWiij+Av#8G0zk}<14m*5Yi^Wl`(gytc&Jd2ri2~qTmH^$T)w&W3! zf%#iAtlqEaXhu<#N_yVQdQmE@I}QsJzWE4~RNn{|1L@*R$I zKAS?#EgTP?RkM4$nA9X`|0qM`PI8QfC4~*ZcQt>}93#P*S-tVoqd^G( zTEDy3@e)OL4-cg6b28w8&atAC5Y&;eo-_EATN{{2v_d@B#l{$xII3*JHC1*!4wrFX1lY1GNCi27Qn#MzsA6{M` z$QCm1j}I`xE8tBVFDJHs44VyaIeHblFq646K zTiQggI{Pn&%RUX(FqXe)7r=9$FMaNEf>5&Q3FS=2W(dubFkY-vlNE6lHahR-_&w3O zfSuGZ^ro6vaEhmg73U+IwixRa*#L1h^7&2B~vn=!nuDY2Ggb} zcbZ*2B!S5h*SRitg!`eR;3Z+z3$xS~X&*@`BVnWWIR=N*?$aXZ}|+TwHSuxV*M)(CS<{xZT<-ku-2 zY#Gvm2Z*FEk%}{RJeCQtN}M)V=hI+`SNVQp+9E$V>`iLP$(p#{mn$dJ=({+Tow?{8 z;pPADj z5zNefY3L8LCsDf9wf&R^#qfjTj*XaDwaO4nfiYHXC)!K49fH0-!76EOj@Xwc7u?FS z2Btmq>r!D z`9Z65;{n{jv>jDigiED~o8M=t!~=ul&(_;T<-{Hc{LiXp@wL$AGBwetEpo1B8Oj}3QVSu@$enikS?FOfxI1nfAXN}eA zETirh2aPw&?SH~vJMHe@Ff6Nja#CWaJX$%~eA$HD_US3cgSDyM+1UTa(PiI3wA zOSY)n$KG#}ec`l`y`{v4k{V>Y2{b`H`_{7IDkk4FoPrd|17=3n3&i8I+{GsaBN);+&voJf z)bmC$$lV_;QHspk9M?|5mf}w4&~gVC^$%%JiXivg z6lJk#gV^4xx_ANM&(qy6D4!ZXzbHolaC`7&|2X0{{BnFR=5SzPzCF&UV@mL`UjoB~ zSn{$s87t4IC<85-O@n=6cyB<`qsudm=g$R{j7K5Gu~EkcI0Pnm1S#yFwN5+H$4~E) zx)Zj$>lOGYhCk-|^*GksFLL=`Nn9cS{H(m;>YCk4&U!$~Vj1W)1EI@3zojxC&AT`}0^CXR^a^MAKa0(qcTiB{Fw(r(n~u zB2hGPNHBD$iKQ{vKnr|Q-gK-F#T0FE?2s&uZ^;!QsZU-PeN0s!5zTJE6jpHS$j{AP z-pxykq+gA;WQ~`QR@6{?sNKAMof)R;8b5f-6U5%i$v=YQ$l90+J*|Fg|D7%LbF;Ru zYdFJU@p}=p1oY{ZqG%N;&K;CU6Z>!p7K`Ijj!#_Bl@*>JSb#8tL#fTnjBm5)l9RnUgf7 zt^j7^L*wUNJ=9AL^7cCiI0oOlnE2eCdmM5tr_4is-+p+KL>6sMDPPlZ)dhWie@W@- zimb+9Tc_`_;pHPi4a+Z2zcgU<23WDDyZxdtLkqd#J>if5QF6=anX7j?s#3^!7359$ z^W5LPWRKl<6ARtOtaVJ$v~dxxtH3ZF=#$ifs~)2DL*Z8fi0u!bF##)jzLo{ZhGS+_ zS0Pdf4}7vfeLHm3+)u-1>{u-3hHp7xuPoFyuwY}2YM6>27pzoQ6yK7PUMHiTQl-QHxH(XM5%^M=EuCOXD5e5G3=M(xohH&sGCs=lSx)dV~G_oAqv<vXNW*Zt$n{o_{kPH9J-7i1M z2@^xIVFwoUh>)@+6=OC#jG4>t>TV3p&FLyO5xR=csf(A&w`&A*XgVz_OYQ%x!9>O8 z?wAxUDvHxtioH5zzpug8Kay5@ue8it@%&ZU9OO)`lNab=y5VLVvoC64mZ z?Far_FnDFj%gqD2^#d}mM4h;4mMm^rYVUQ+xG(`!liV*nkU+1OHyZ>q9JIzLsc;)C z>A1Gpp`^nh$!;c0`lM4={MTfD3C7?7XZV!j(tJk)Bl6tIE7&6Emn@7+XKGDOg-(z3 zry6x(A(oY?HzpUeY{Hm*oTV zU|$$|jjERJ>PQoLb!cEuNwvMZWs30|Y_Q+*Y&tS+g-xj~TfJRA?hAkfSfdTADkCrZ zuBuZf+oWv`n%$6Gpz65~SxVM~lWf3CJlh+l)Rs7(Q-2O#KG8HxhXz1sTRgq@sRS-& zcbB}Y`|57*;0BNg32zily6&4}m>cII2*aLt7FO8${VDbg)7#Y%_Ei?q%-)f7$8~v2 zv!4j38$4FKl>8738U<)U+2musZ>Mx4r#z?qDAql$s7eK@hN-$(-CL`xtP-aM0z>}v zYcu&$grxE_SGhBVXHa%}(_-WM;pM4KnNl$vitST=0`OU?l%sbwq3c;jXfdr_rHPVz zQEHVwxuM5KVLd8P?DB%LNsx5DD~x$^TF3X@_mn}>HN-M|s}#fZYKNHYxx?v zaW3Md&ghbaCh;lQ;%YMW!;l3IP2F@~#O}wZmUlxRn#4HqmtJUHSb0?nv^uT2NIz3E z9vBCsDb+pT=KhucH7Is>;9EZ!x6D_1M%N2q z$Bi(ljoT4XZR>Wc+Jxg_0>y()brta%Pi9m-eOV>dt8d*) zpbBF@L>3aqB$W2YiX-Di`&FDAM5I1REPa+*65N6;>9JrxpdNCS@|zs3MK8DB8;IsV z`4PL=InP~|MEUXHDzt>Llk)O(Obrd?$-8IwoNxZS2L=qOY-p62Y=h=TJaM=Yrk8==vn@>YBd4(xO z(Y|&HHP+uElsl?_4mBsJ^Z;&Qx;pm`C6NDq?t9X!&nvy9NvQR=^zh7}hiSJW$yx4s z%njBaiHYwUcxg}_iP}k6)@xnEzO%uwFNmRY?*_fmfqwX2 zlTuu}Y3`rKE!Z99?Q`SnmYb(OV=Nu|>B6Vm61SBz6omz*J-RN`x}CsTpX5g74j3Ml zCEeJnEYUh9h{0|wqS_l`%=OwMk)U!AAZ zxV@R&&Q)%rY^O@-g;}0)X-y4cR{AJMgi|t8fZFfJ$IaovoEoXQdg7pNOGOhEn$JG& z;+5J6aH@UC&@j_{Q$>ge>WHrh)K?VseU?4d6*ejv<&_Une346t8kQw)&=%gCrzyQO z-lRukFh5!Dsab+!J=Eh|!DKy&=Ov$6pC9$d=^JuBD~qhhVb$>Fh|IIp3%5ROm)md5 z_JG!>dR||sHXgRQspp)7~pF;-c|%IbYr(hXMfX4^_f@51b9#(a{UBQ||Hydj zoY7M|Xk0FLeDwzW^*s6Mg*!N{FDesR)*}T09ieWyk9-G*l@2|_HM2Uq+VxgB0vo81 zuKo++Op_bMQlV(C$XzfmEh_pdZkeO|WCe7F$bU(^kROSvDYrl+9&(X+yCZAak=Lhl z<+kCL@TtA+S!BTxT3wTJ@U9w1D>Z-oZR+@3p68LOBwu2Z>g`VxZykZpnTxEwSjAKI z9=&65>H3zf#^paBQ3%uJuP}J#6!>=T^6S1N`t_1Y%9VIZ1>H$B} zrV3nvw}+v>hPf~0;$pxQ0i5|XnXl9JCwh54{ufsyszNSY$$jaeBqALZF>~{a=4!o@ z!Ykp3&Vl|7v}#}269cPRms<$_t%89zAGdxMq2UZI-*$s%=AX-wO2-CvVOQ!e;ygwh z5bmTnek|8wpUD!3V~~;2nCI(r<`&bMyj=$mygu9r?`^XHKIBVLhHfluQ<-Dsn$6`N zeSFnL9B1Qh8{b0IR_DsO{9~f)KxW85UE!9bZ*r};L?2=-i&B6MU7E`@Thu#~@qD`E z+sBVjP1glC_wWEe>MEG<7&sBmY>?gfmAnrI=aXQsQPXRu&j;>asl=of9ikD7dbl_j zJTMN18sA;tkGc4!9(jWOPh0*!KJMwUZ+9xSv3g5fRO?}U!>gx#JCp+yE?Lb@&Yj&f z>7;^yyseLlzE(d~@OXzO&1wJ9_yd1W`k+VOiszKGhs|7M>8@3l&bSGPi)Qf@lDQ!Z zs=c)3S^2(gGX|-(sK^h#!{C8fzi%>%WLkEV8yO!VkikgS^8{YqYLu_oc68htIOdomTbPwW2)gCnq+Z0_)>8K?COO@dIhVebF34x{MR$bxV_wMKE zZfPfO*^S!V(H@W|CCEL7cz4JI?t>xLWHpT7i4QpH=~J1|rX@5n*0nv8tqOyR7D?IA zthtk9aXawAjm8arYiW`AEHj4t*?t|jgy~!19)pids^H25}z zGnJUEaJHJmJ69bR{w_PEyXUFpO`iLpqTl{vq-omFDdL<)-adIP6EtaIRnai)7xC2Q z?Wf8|YZG5Zv=ea#4F#bui-N>kR0J_)_2lDjCfn-iEU!aM0`=`4y?^3qLQVe6kkr~o zDqY%>2y54J%8<}_Boj0BEzzROr6T6X)fo5b_I*1Z5wmF9=@Q>pgIlJeHK*ZU$JQR7 zcEWc(Pr;B=VS3bQ$^cx)RA!Ne1nb*q#Ra}O`)Et0<=tc&<>lZc-Lmd2KHP3;bx*NU zal4m%VM^(%>g*{oq3({$4eRy7cB9f8)+$N51E&uym3_n5_vTJs(QAhwoK$R(&RDkS#X4b&Y@8oST?^p0z+H#3+N%1T0_XTFucJ@n3#itcj z2{)B*PbM!!MVIH#pWDb}KfaZf*MA@<6mK~hg02r;;&E%0uHKQoTg z^jI6`fhkxEFRW+7lAq4EhVk!c^eG63N~-$t#+y_2`^-N<0vzxl~lHXd2Ie;@1X zyU+m6M-n5W%pcP?G1==*1#m>`;eLXjd&XMyGmdvwmy{~_w%s|jipr4m7^g*4OFrlw zZc|U)u{>vdH{<7w(5EH}=|27#((h0pWIQwF0o9iNir(_x(6xu z=!Xxo1{0~o2P%v^fz5az;-26`#~s1PDiT2-wy)Pjc}(oR_|dkc6R|sVLE~p2ag#o2 zyN)%1Yc}@X8)pU0O`E`XSlRDC4F`t?^fJ4bb|q8kEPC>qWgRI63ym2vE)UH7klgjSoM!I$<9k=fzxdaab(wf z$k@B>Cp5Mu?>g4O7S>wOghAtr?Jo;8cT8K4Zl+hE!znn{nL8@8Ml84`Rhn9P+v&S}%tLth=}KA=*4EQ8a=IN*V%IHobnTm8*z zE&FJ@5$ozSo{)e?&*v5=Z0uRAXRq+(afhr$;4Uo=5IKLrhBVh86+F)I8ErQ+o{UBBJ7O;_odkH&Zdh>`h5GZPtQ7nZtkBMgH_PBnWcKAWyHAwBpR7Id zq%iw@flJ&x6laW?Z#yBe`i${2O)_8K?XwmWe5}dQ`bKH>yp)9H$J|wNuNK}qi+!PS z>EJM0wXAoWTvL}_l&##rALbDBreuAVel$94|ITV|Gr^Z2H`Nj#hQjT%~Sr}FbBKF zoAy82f4Bs{b&PWI8%PRc|8_4SI*c6`^5xf~U{8Sh^^o@Hl_t|H%) zG!-7KrXg11t=UQaST|_I_5p*+%-a!Lb9AVn#m;60+;NS4;;V3yiXgp46*`PkdUici z@iD!tX#xs~TzB~CVc+F+vQa;?_GSz2@)OP&*4sdYbSTtY5_N6a*xz_hSxMvWtz6Rk zbtP@+5~G~N$_wDmuC~%>ceaCH>zlDW@CowJ)Ehg$bkH^*Jw+#n<2zt#xm8g$Wulm7 z7pLkcSVZfo+?c2h^$$cB2SFDc;uXI$&mT$F$9<_2TpXYb3KJ*ChBXUQ39(G^S40VA z!4*qPkuC}SAYFZ|TqY8S&SVO5&_XNTmt-LKVz4dHO;7f> zOS#Q7nBlPWI*gdO?$!y>3OpYMFI=VGAMhb>?#n^H!rc3Q-i# z$$65YLcczi9`#sB)IB)#{r9Be>lKn3@$TvRq{jO18@L}zKSp1oLf40Jgn`Mv((z^# z<8;vcBKX4&D=E*HPLcO$DD$U?i&bFx%4ylwTb$9^>Ql|}$+Z+4h~Zn*YtHb!yCe5N z8urO$jz76?RNSGq=5yxCLEWR&nsnRRj2_v(tau71D3z|DpRgqt=-@Xgp9*}-JWWoj-l*R~rcwQ&Wki?SPtU-)Ql~_rq^p!~>hu=$V(Y{gJf}OB9V(yf zxr&nQ=}EZtzf~~*_+z+*_l@+&5B;4@&sBTGvz3NGKy21YY}?UC zPsS}AbD&l#*~P1iTaV@)73<1vksnjp2L}3lx#$}lQ1|Cql+?Ill|mPti~JuMtA%*_ z`r1k7bCF(fHM9Lmejjk`xd{Fj2n6v#vxgBG3B3bT6pcrgsasot{yTzg3LW?Bl$Ui? z#&qRc%`H17DzvGdF|}V3yThP`n_z_>*Di}jTq)p+X&{CX)@lANKC|ZG^ZS;|0@TX|A zCE)h4?CZQI-hly4Wn1Ow@lgv}vjX`W~Qy6`WsMYxw;^Jb0pHm1_S);b- zw2CXp*b~*Pm%*E-q{;^^fHUCQDQ$>&{WF0|4(=>-?|=(?5spg_jKu>R^@(^Om)+%v z*%&L188*kF-{BlbexVfG6-0|mi%055ed=!#IU3eq>lU3}$y7~wf__;9Wk;Vo0CvUz3w)!z7Le(r>5HJF+r8r9rP zSik@Pmb@pSFtZxB@v~>&9DE4?6~Tqkn}2+&f^pLkD9s5F*_$~zFb9v^aAa?%LeXl&zp%e*L*SB{lL!Xe3kkge2o8NI&CIc;+hVWnE&G)khmLE=sOsL3PQWadOC_th@B=bTFu^HOzj zU4kO5V_dBRkLIaQC4x|=w5YS0IrplB?5(y=2ft*zT$}XGr1pu0XEsl@t`NrbY5Q6} z8%u%FqTIwIz?aWeIB_aN9(rvjflKf>8H#UpRpK(v+XZjScV}~|C7@F6WD|Mjwie!v z)+`AjCxxhy(=PPh)cB$E-o8oNG5KlFJ*%kD#a|e6J@>piJ#YT;@d7Voay6q9{m0_h zO3yX)Td5is?8cCm82UxIcrXV|$0_`!enyG1dy3@9as*~~>FX9AxGfo6b*zNi2t1kh z%~1aECDUkkVE-+~hsL6dl;K|In+w^@` zFPwhw{y1TjDA!K&u%To>LM(O>&4u&dX^6=l^)Q}7?5966|EbBtZfF{LG3Qck?>TEqcK)>NhHHM$%h<6>k3PB?ZC<|keg^qXgiuT;GPi5K>|KfZ z>GXW*)|*m=7REZ8?3MVQG(dDXQ!;d8PqMC|jf+?X%!hT{BWZ1*`vykdcLXCZOXts* z&9vMn|t==Hvb0ktjO9E3+~b85_AxzJUO7x z?dt+%`W{=qkM1lL_nR0Y;++R{+=j}soJTgAj-yKkwsaO?@hZ@v z*XY|7r8}V+WhPTOslFHE12QGb`bb0T-F%jVE@f0tP4HIHOiS&{l%KqI=iSK-Uy0S* zsmLIWrOQY;DyZ@K)H`$N(~-QQ6Mp3)9uOPTgD4bjroF{#YGFfqdRsrubP(>kzSZWHxp}m`pL6oQjs&CFc(43(eSvH6GJB7i z`>z6_IRpN6rPpuzBy*5?OZ~fWkF8o${+(U14@jQ;)2?|iwC}hbRa2(0x1CU~ta7C- zx3{>-)5o96+$^!)K?gDM!<4-BlKi38d-&axeIXs2h+{VM(}9W->_EFu3mADfc+_(IwtilxGR&Oi z&T?5YSa37ADRq&{`MwjP2?<%`rnF+#>1>>4y92LJTPMiKIX^Ee|ffg zMrM*=OBX{DNRX;S)}z1j!@0Usg?6;6r}+&p(J;g&LEl2dHLs~2+NqzUsE8vK;x|;W zf;%PK%_q!af$2hQ*=Te$>GiE!k&s4&{qSletZ|uv}Lz-boO@lf5(VmQs+i9nAG_^w89dim}bol ze*GZJ3ubk`qT|D;Qg4k$JrQ~OQfI4pc8lwKu0e#|w?cqx8=9$AG@zu~;{+$7RF^?H z&Yo~?V>IV5Og7{!T{f#*{m(y}>a}H3z@Nd&##_*kAiMo!&**vfUmR*C*ubR%Sqi86 z;v_HWty{Ca5jVq$P08&Z+uW1g?Ph%%b7GZK!~fVWQB9bV(dMaURZ;iulc6B;{*RuH zuPie%&`yK1Voy#KWqSDH-n{P~*Ol@2_n-AQal^HryevzY9JazPQfFa=8`)|ng2JW{ z4U1yc4Rtzq3I$@c%xT@P@bqNAH1#E3d1+0~a+)#XtU zy1R2Kw8ih;(%VM8(dqnHB!1_{t<3a_lZm{d>ac!OU@mYH;Y|rHXY~Qt`dbJ* z`}wY3;{b6_-uI4n<~;Rx@!z)OX!c4!wOrmaCQLYZ+`&CQHhNSUHR<-vI`?s2!4_NP zo5@oVTtk8{scE|=4N2Jb?e9lnq~NtX{<%nlAO7oOm3+%dv-#Ffa8<@$R}rHRHy(`W zKtC4CQ<74he_R;#p(OnBRT;+^0Nb%N|EOLXr#aT(o2A62{F2tm%~KSj{GW_dPyXpx!DJY0)f@c&Pq-VkwxU-L!#!A=r*Ny&e21mKF@(JB z;a<+p(pSopc%j$3nD*RYsrb?7w}nAPs&8U`I*B2!1j5vsZBjTNT~x1llTo{3k$xim)3K1wH1}Rey;Daa}MekEV$!IxxX3)58gYCY_NAO(mS@q1A^dk z3&4$^^00y7j3OME0k43u*M0kpQq#;}F8b!WuMq<)pWh9GVW9s;QwifkDlhhhv{mk` zhn+7;-w(bcW^k)@U`G-CoFS0^0X#2^08@e$ZaRWTjHwFWX{pd=jzCz(c4`DS1;`J$ zY+hATBlqy*~~n z>t*~#-@)UKl4&A{7!1sQC&d3J9jd@rmV`y@Tk0?m)@S+FX|y>U=a1M?{3ubkw! zE^XWV=*6K~O*Ks!TtwS2?5`}O#`NC7*Ks*qFgp400X+MeY2&IDmvw&MNK4;vgN`Ng z`S@z+7`&sZ`<#BO`mI?{r=Rn?FxgG%S-sm&|1b95JFcmAT@#K9g3_dk)Tn?+myS{* zB3(dwFVcIJY9NXSx^xJ=C>;_?2&6FU-Fx=g@1Aq^ne)w@`OeJm z=O0TUtgP~^XWh?rx9d{Mn>L@nyGVZ1k$8WyHc$#U-Iw09<~xulRU}f=oYtd#+x?=n z+U0^XmxIbmzT^s`aHJ1hKHv1nt2gcYReA=x(=UC@Y)O4B@QYQ+F3~Jh$&8<0^WF$Q z>$PNxz$;wdAKD5No?ot3Vmuy>iK&>vnyA$VeEUm<2he0W_P6>DpeE{%x~M;I|1nDr ztbqN0lpcWov|acg4BP)ul`vA)MNo@s3yZm3-23Mf{{HzNAHeVN_pwcx|l5F7@nCN zKk02?>&D+`21+8}fI|ke18xL}_=QWg!wxopKIlJw-^$NPbd}$}Yh>HK-6+i7OLiG1 zW`tOx(%yylPuhR@g5#UO44dBD*Y;uHoZ3GFVHNdo`3K^#HWv6Cb<} z_R2r`>+REyhN#L!TOgtM*P{*tm+k_4N_1#abjo$g-J;v&7?evC2Chp2QV$bT!QUt# zjGm+)QRT$vBo=FYdnS#MMG&uy5jXGyz+mSeYyWZ`lZ=s!kuMio`hD8JJc8eY{Ci6M zet~|Qi{Hla-&mi18^_2NC{t9OpMq{*9A= z;C5y&jmz(GwvD5&xuR&x>f5P-liEmvT40k_w2=WF z{Fr=q-Gg>{YLkn)eM+P6Iu0IQlHsm@jd&LvcZbY1$w~$4mCXu!DKC>8bX7v0b^Ni| z*TV^77D$p{52=4Jp*nx6^x39N-cX*;cb7Exm!1x z$&^SDX`8e*M+{78OH3iNTouX+9gC!cl5aYn?X@N*aL{2VbLY+1%jcYf2jlNlO^OSu zi(SmkoAZ&a%at>Tsp)3BL*mujTMxgmd%X@TwrEtF#BG3@Phq~@`aE#Q#!y$q&su?9 z;hMxj?G9_c5-Mt0CF~63jG+Ef?OlKjwC&;tYFm-FKDBYBTa#09fBH!2SkN2h|A9e9 za+!he?nu1K_^psyB?d#~C7=@KBK6BN5J!>O_{$GxpzgwnBmG*sDPR^SMKI{xXDf+y zIj$-2#q4Ap?4R8B4pXs|<6D?Mf}N5Bg@7cVonZSEFNtJlppPsQC9B&=F=fYp`D5<( zDS|)(+dprZ#ZdRWA17aS22udypT7-(8v!+QiNyQrqd5uIV)8>pKvR#(8R$AU*l`@F zMdUmKy{4;L&wWQZRJjSzfY1W0#+Ow7<+vsHZvVO<_P2xUU_z{jVUUw^{8}-0|8$lV z5;!txfRgMn_h-SxSsqqp?Oc>9{SScI{}jl4@ud10zfm2|pYZMk`j)xpLYaK^xRFdL?7I*QOGXUm&nd|6 zNx4#L*jfE-MjzO3-~`xDx|OqxBL&zGsKop(M1utr!<`}r!lMZP0^|+m9B%^QJaagf{OgyW;}l-yIC@1$=lhY^RnO#;==U{m;O;#{ZV*@t^Xr{-^%U z@3Z`W^$35D*zXbhKOJ@We`t>V2bY6Ch^502e4+Bh8KO`%+Wt5q^hytDL}Z%Sj7Fix zd2>x)al4{-sgH*R6kc3bFL(3!PR4lpW$m&i?9O)owndMFZL&7k8><}bvo}w?s|&|F z6*Q73v<*s*TuZy#&|R*t+H~`@X@o3Y=SmK1t==E*;U%qhfYN)#D59SD9#JWm$SRBh zIs!hnpMiMO0iKzgll=@vTM&Q>h;RWY#s?*yfYV{_4v<4y2>!CwuMmI-i7E{Tup$2d zNSEFY$N=^EPJqg19|7piUiUf!^*R8=$=|CFNEu+(_OL@L8vJ?4DtN{ukwBt-20EX1 z0tfzUwy15bw@`9a}fxE-3NLOS~!Ucgld2q z%Z_>4q+ckZ<(F^@vnSWdKJw4?TGN{*ahi$JvXM)97A7I7Yi1!lAupfU$oi6-c3m9l5l$RicuU-Y8hb@uS^=@WUqNy8lT%1;p`~29qE8*gR_MzMR zAiRvxS9}20z5s84vTu&cwJ>dcmcQwrUVLYhe8kvNqQLX;S@nIB4_?#O=T@ot+vT~O zEX4?Lc|I2ixS8GQSpFs|>Q!z$)Ng4=PN5;p)w@Q{bWn&Sfg$N0wON{Nq%hMkgqkRc z=f#%f18mYX9jE^JzY5>DRTf%4FpIC4xoeW^hK|(9o-Q$SKImv`A~*cJJ~q7`XcPvq zm(x%kHjzjKW8sQT4fWp|Gqh2WpO7B$ZliTDAtc$WDZVvOrk%C5ZMGh!`3HSFtdbkv z<|JXEXFi4p$Pif-M}_@d6RS6U=geI+{Ke$y1zxeR>+~vES^Hm0D zw){Z(*Su&EnF65FVNkMJ;KBVBU{&G#qtEc}91T&y3)TX}^f^t(-~8R9a5b%gcl7_z zF_yoLR(`qIbn&2r$kV7nCDcli#zc3~UdiFI^y7Xt2N38I*K^W9CcGqM8?f$*0Yp6s zFj1+rQPM27LurUcU00*Z44>2!-M!?bk=mr%c~XTC+ov@A|!W6U)+Z8Tb3#2FZBNR~Nlm*-#iOdf>wE zzdVB5cGQq))lZJNH|&0>t4VbH&TQ;rr`U zgB`bfuKNV1m#SItduWSR1_hliBowSD}+$mGlgKj63T)mvwvqG|X| z`1qP5VRB?nFtlDSyJkAu3iHdNe`#mMkMMJC0<%%8)sPEVk5w>9C~|?cQSpQELSUJm z6_qQ~Ed}{^Xp6a$=4oahr4XRM=^Lb^|Ah*`B^2n53`cXSoOrj)5PMQTrAz@G*g_eDP%MsEVhjC##0|$XC^s_;U^p4%hj< zFmq*|yH7u?U$vv5H6f5Qb{P9bxOn&Cda2+i6PqO8xT22$#U>j|!@s@6|Ffn4KkIYG zJ{OL=D6OQ>bi<-$D!yKfVzqmz@RJw^&aWz79Yn^FkQ^G$9ZQ=a8QCE*ujxwWxrWao zgTXeX`uPl*Z;Ym*$Ko>7wl$P=MyutdjH@&i0V9o>cod$ER7$;tRF!_ptwnzQptWdR zP<*>rQ{pMWiE-nPEc##ZjGiCZgwW;Bp7+%Uhmyz^LLROg|_zP#C2aLo25U|U!y3BV2NaWko_7RIG4`{4LI}n=# zuscVm3lTFmu$>`7BYvpE>Ldz~BS2t&0F&zI&B0%V@2jffS&b%-$e+ev?p@Jo{^tI5 z#`NK+=8Z%B`^LocOgn?=k_DN}y0zR6kh-GLct*&^1!GxKGn$>Vs($=zcfXGKJ z13tZBPlv1~x9NRAXU6hmIf8Kv%h|?Kme^?VDNyVo1!m4>SH}4LL51AfuOv*EzjB>J z3y+iZ#pWvPG!F1uu?kCa>K%cbTe|3@aQ}Ys^3_7sQQ4rm%ek_Oy}s9}BzL|^-(^1V zHmL#AL`Pl?@XhYIb=Xw8Q-LrHzUEfZ6fD-E+)F!GlUmc1avZACp|7J9tdjj#MivXE za9MexAll*8lJT#rL&ckt>B0SdjSoHYj9;dF|86ner5xhoC_!G=XQzMtC-=48LI0Se zy+4rS8dh*+8c*Y0aI4s+ChVt&Ek3x8{TDJYXGX5pvj1f2waHO7lV^$|LP)eJg+%-O@wz+FIJ9k%`}GxT>F7qY*rxc{+kH zReeP#ed3dbn;5bFL7xGx)I^H!Yq)-mXOjpWP05-IYiFPfp}h;0L+v3C*v;BFNJnk#y2b(4W$M-5=G zKRp31mF!Q^a#z!er;roUR^T+i${6ozIEsCrE^kKwaN_E$EWjk?HAIj`j+Y^Kdk-EH zvKp;CZ7I{}qPOjNSyJ6!FPQakTKk4833PuY8Mm4N6E)jA7mg_bMz;8p5GhLxm;p6q zE_8!`e>|i18Q&u`{}QqMRmWqG*|Fv3V;!(4tlgG42tJeoA{oGduA1(9hQmk}u@N{C zEO;;o4_R(vv$9-I?{KlLt4!9|dS%0tD=u1K$p52&@@{Ks56qRB(zY|dWglUzG}KR?XPX2zVEOMgSr$&}t0h)8$S5KIbow^ZDF+Wa_$tJJo!qmCRO--%Q#K z4@HKH9I!}NxJkS}@l$q;USUNU6sFZ~*G9^}Pzgi%N-dzdt5KkZynUmN0uBoI> z1PLPVOH=&1R=dL{v`tO=j1<~~V}td43sfO4!%n^H%RX;?ALM4SDQ8WH!BP3lY61ZKOEsq4QdS znS_3Fve$~1$P$>bwD&3>JC2f{lKij|5RI3Fb2nFed`eB`)(LMgPbO#fO+IJSC;SA6 zF7cvjiHuQrLGaE6jO+<`8V_>{X#k_wR@dbHVT&@M(Cw2Vmua&vxkeX)+O#HcI%)e2 zp)?K+GI=Qi-ATRKqQl8X2<3(%BER2;13{)MTMh+lZ{qeFVsUxB;jb-f_9;2iA=!kc zH#(Ym_E<)L@w^s@%kO9(-tHMWe;a)qBM7*g?zOa=BJuNVs1^H?Lk<7y#mT%E{ARq= zIB$EYQZm|{R@9YG1&g!fUGmk0YC@&98)k~8o2rbSEpCk$XQ_3k3NKl>&tVWs^;@OU zf3Ax%%(I^Z5R!T~aR#=2^IL8mazGuJ)#nk?&F2D*TENVJjDo8b^D1!?jljJ93NXws zm^UiVBkw@QAC$(mvNhTV(MDWwSra@J_V%XAYpgY*s<^H5$zOKIfSD&D@O-n=MCcVf z3E`vQCv^(|M0 z-oko+5rQw`wj4E$9;Q3z2}*X;Hp;xDmlts!85Jtl8LZo z1pS=K8kMky#U4Z8chMB;USnwM0}-T@LMR#3>qjX4CdaLBXqCuDZFhmx z9;n8g34@8Gb*jw=@n?ZIC3QP)KQX6yLBGN{)U6$J45J3bL#gvQ3V+N>HmwD<4Gq1! ze|^8ppW)#`wsb<(YC~hz;VlB~5x8AD5vh`ZSCM*gG{E#21%I^^Jt#h>DfvG40#`@J z4I8q7uo!iG-)m|_i^F5Z|M4 zsh_C(G$&Y6lK1=|`{449z&rh0;)yOV+eK!{uTiSJcJhL%RuIadx8d}D?4rkp@P~ER zoiF!!GS;R9>fV}x^>@0lRT>1u?y9k*xN2X8~$S0 zP^7!M>a|yPl@YPBs(17&oBKUU_2WC(KY$-$>6f#t7GVkYg!jao8ui2T8j0karIOu# zo??|JB!|@fW=?Wka~!H7Ylktf<7K%-jE$fV@>qp`Ce$YH3HMmQNiV5?z7+_4P)(+5 z1RD?(WI{qRepKTW%(qyMW1);VLA(r{NQ)D6nVQ{9o-RvUb-qGo5Fxop!cY0$Jig=R zo9bw}Tq3~h4q|QZRL_F(x%Ff@YlYcBCuF(G zlnCbB0T%9Na-0~C`5%!MAiYFGAU9Gn->n0pP{6hbKD|;J^9p+VON4Jd7$3HH26_R^ zLFIbBwLb$^TCB0^L|Hn-jn^&;tNtCDNB+zXQ8GfGs%!T+m6tcg{cr z#m2pp%iDl+0dG13J!&eN4!1DBS9BEUgY>DzDI$B#)VlUG8m3KrC30ln_vn>w;DUTD zMG(7Jk6m+uUGqx!cJm9m13mSyh$UgN&P8@IOh^KlrkxEf7}tEKyzW7o(7t-HqY3*< z**H}PIWOs!(n*Y5y2%;HQJ7q|*dlC`{1S1~YPK-31w^WXyNlf-(pzCwVatFY()Jw( zo@_>8D<*e=f>Vj_iNj@%JtT3$NI1)4QYpG&%O z8!(9(D5HbnNaHsh!v&XWnJ#^T-+HA^q3uwDZ3uD!JOy49Vnqv%zMwx2Xm}Bz2{QHfeA=!~T_L1D6*Zp_Af^R!m z0gpE_0}aDS;jhC{QS-32*@MtlLeeT?N_G(Lc|cs77C8t3!eKLzAj?ivz~VNH#je+qdiT<&Chnf1X4 z*(`-tezOR_xYaB&nF81Raky3TV24&wrrn)hb+b^FvcK>?$-WlgJR4s-Cf+p@@bl=^1kFrs*JtJ&jnxTk6V~NA95Qd!71<)JU5_^42gqN zO)f`8>~g(Si+faC5SVkfIIrgMfyy1--peQV0 zJdd11hnJ<@@frS+7jLTNC>zelR;A9aKc>m#kzPbtH<8L}qF%1hyo8zrrx_yQuc}?C zlz)wfdwmz$;f!2%3VmEyDyqK&qV(?Kqq&S##B>tgL0OQ(&ml|9*b>y9CjG3bnaCX% z3VTl3ifGjLd~XN$hTY)TFLPpks#S4LBb>lUl1+FeV|OBvZX><4As<_$(rhp;Ub}Di zqb1^{w$FDBRmCLqA;k9BOx+ z_jXH)u6m*cA?Z7$Ql&l9_Y6eG58G1PU^RAZ*h+G#T(1vjp+wKP_?Y&m>h(9|#{7I8 zoi$0uR~DvBt>S`@pO9yQYN5b8Q7E$x2$QS_)ODGL)?#7zY0cG|n#U%c;V~q-47{S1 z?B!izgO|7yw`!BdY2pt4lr-OzDMS}eti6-}UG=RE_$ zGB&Jte^(~G-Uyin4JOCRf_Ku#uGz^ z@AxTSa9tS^a6d9Kc(Ti@bnA$@+!+^y)q6O(@BrJr2&aciiubCfTq7SpS8c0MnLK+x?gWnuE?19fCImoeGPu00W@S)Wb#dY-|& zrcQ1s+mi_SY^z=t8ILJ~;&O;HUdGrrD#P+3P-(PqyDRw0Bf-NRD`TJ}q<4j{vVlvP z?HD&BO0i@9btP1y+ZixDr01}L_RA?o!#2ahJfjm{lspDH!F|WysM!U3ZGRn{e`Zt? zI&YZGUQbBH+YxU7O-I8MgJxH~DDu|pU)hMPz3%qbOYj%-2jWq$j%cT$A%r|AH%@jI ztBP$N3@Vn@c_vXbf8VD@r-f5k?1Nzth|Z2LF4HK+oH&0~o@4xJ0r4hO1PyzM=P&7h zJ-u~W{WU@MyJ(4kaa-xayNIM22V>szjgaL-Cew*{+%<*ecl`%*3+oS#gf5ys*!b*8 zS46D=yT(~?vpEY`mtV{%K(@11?m8$1)V@(ozNxH!cdX=b(z<^G%}4Pu!&fhU0^s5C zLd?843f`^?$i6w(&y`f;Of12S8);OeC6z(_q?H=9RLusDm03xE2Du3$S0H>@d%GH~ z{TK}itA>#dI4-d}kS~pY7quuD<+c^Irb**rmfQLcbH8Mlfw?;DkP_SYI?(xjqHdRT z56`CSmQ}(-@O19-IkuOJ?!fA;IWnC0dMFa+Sca@v0pdEKM*b!E1>kXMCt9@!duzHJ zt5@4sRHfu48-}av^e2CEEAB0NehoV3eLU2%5KpAS5*Cf2ev6gjUMEAY0nR>*9)d!- zmj@VLXz-qxm>APB8*@xtX7jA?MT$11=o00Gz`ue-7aPpZ=M@6Xt}t z5}473AeA*K3zYkmXi#0L$50L{j+9CjPdDKF7;`m%4C}vE{mj6Jcn5710cHQFU5p*v zr=Ysc80lQ9;DiX-kFdVrHQmigmgi?}-}fq?o7z?UlIwCIg?C z(0mbko{%LALp5lQ|Eh}WK-T0svmrZICzGpJjYe-fCx!dGq~J^jb*X}qr)NWWme$(f zSD`mhkOaKgm#thQRG-RVb@q|(j0H>Pjz@b<%DTK!D(kbYUo(PmKo_8NKDIj1*wdk!fiFPJ zt7XBl>Y(&j675gqbV}}xw!+M?yMy;}ii>MqR+La@)b{CG)bh8=>@Htd*c1Qrvu2Mj zdbO&N8i!1pU!?d}pM0l#Y+K3d1LK+%xzaow z&4Wo!e4xkPrp<=w0fRS$(sr5e6K}mNM(Tx#niFss6>|D@>+D&$%Ljnt}~74tJbuVYf!og z?cg>eDY@(l`_={`{ISz(JRj=qz4P6KEJCc!lc|f$ri@&f-gWPi34Qe0zE+&Xo?v)n zqwr^_-GsZOaMWRz|L&$R*ZHuvX$QY4u`t=Zl}wwaGK|S$`P;8m=B8d|wJ=x-Civ-S zpJFedvz;JJp+{?=Cc#r-cpPlzw^jCjb_i$QUA!3psP0hUFD!#uHtOvX8N2drY0Yeg z_vdvk-P$GRV|BfAmm-dS14-5$&)k%9Ex;HrR*9dg$N@GFlnGJCTM=(2rQDHK_}WH)aP9(u((>KC~&Fg z8uuBf{Qg)Dgx=lH^;?<8GWt=@@-y$6OZg`q$z2~nj8k@A(%lT`X-n!sIuE1@jd57hH_#wyQ1p@0@|^QHXm_jq5lI`9rA zp=xI`IwnOnyDf2Qjg+_Ebusm@DP>{FzR9Od#sni+(G$cr zW$th*fs96r&VBIoQ-&JE5}p99sS*P<>B*Ojcw$UQl)>3v7_s2k%`u zPRf?LJzLjXu*zl~=7kTyshVH|y3zohMfxQR$1Wr>JNg*4k(5N5|Ly``53gY>Qh~?g zht}Lo1z83b2E@0s^j6j)<$3TAzoFjxIMt+Gt)+DundR=7@Kq7zb@~~XHp7)k*FqUQ z4yT3Q!Xg&;V&u87DJUBA;oYHV4qk~Y3d2F!Ly}VFyQ``8eI3fnqDnz$pvS!vytv`Y zh>>5=!hlLGHOq-{_j=7Ngn7Rucqu@)5?YjzI$0k(ay*Pjs??k~a}%ihUfgg$9N=f^@d7GZ3GrZg0RTgt}y zW4X1rHv%r{8@vhRPWbU1B(P%3Yjn5eG_)Be)y{XVKtVCZX#^oUZn<%!ou9Px^If8Q zl%CJ8;3DLVd{M3iv_H$2r~tSoEs(<-7L302YxpoA;P4!_{-B=kz#f%53}kN^-#_#L z>SQGF?URRS;nPa1e!0-vCI2Zn4)~%cL=4SD1kzzUdxR=Okba3N z#mh15i_}f}Yd@1~W_&0AJ@e7ecce=dV%g(6i0aP9`m~M)?dXYi|D+XnrbpxACq@Lz zvFeyhH^FmGNXYwprAyh>`{RKo669m8e0$gw#?`~7`7M1SQ;w#IneFsIk@~e-CFm9Z zn28B9IY@^8UO>puk3{OgnI&+z{EZFxHM|Ns8@GJ1Y^h0pd7`%!FZawSS<%$!3>6q%9Fvt;qGEbH?kBywLWgX=9=I4k{>{;u z^{MOYj?XIUC%xGwk@<@BhM9J&BVq3QpVAt~bmMHQ8a%bDBHk_Y8McoW-2U=;b;Nvt z@OH+>Cm1<%_{0){14`L@ynsk>97_N(QGNgN(HUs^3`Eq30%FD6)}x5SV53k+;+hd& z6#u?E?F`hU2l$%!Aq_$m?E>aCTJ&bBL*gUQxn#BS+6^leJjJN29$@JymS3Q^^^Bd4 zC0Sk!FOAXW$o#6}W081$p3Vd*!f}x@Bf5txJ8|WBCl(D}67D1zwbToxX@^pnd~gTZ%qIh65h+6_jG~Wv3F{*>NGWF5But1+Z5U6Bp z6`wh0qx-1+WC^#}y{8gG_>IyWb`x2DTfc`LArYd*WlNNqCa zxqo~oo=!Mh?b5k45Ab*+|6=0Q%*xK(!V7t}DHkFYn&<8Q#xav_@A7&_v6+pApHDL1 zi@F~tx{N(~?X>GKsz$w~M4Hf!dqUM^SQ}wx=X8s?kW`sJFQsCS7+Dg=UA{EpZL`xj*#pU@7Hf<@hpFGi`Z&m9?}po{49bRMZ+2421Sf zSkW}npwqR_2Lg4jjqqjC)N)_vyalt~&~6v^r4$Eh5_A+bV@>(1eR5eHoUJR+x{!~C zys8QjYp?%gMa$V#jWaCcDt5~$_Yh>y7htp67)t!`t^4 zHuc2o-6x>9AkMFWvubbSA{}%)7_SY=4ZR7Sfb4q_fja84Z;-=umZLjUY6e43Op8B# z+Ta!cv=eF{xW3c(vobh41p3H%bu>?1#M{7J&)cY0DA6-^=$TUp9L=;iw4I3ZRsDf? zTxk+LT0xW>mmHeO6usweu4|L6jGrWL@1s0N*!HHHy7B(4(M!BMRsvPKGTE_58yMU6 z)glnG6cD*1xGOZ!KlM#$_^O|%HW#3DpvFG)tng++Myur{=9Fg}PN^KoVzJacW;$t) zyS9ncL~I|RuU@LEMpI5m1sDYc-&^bna^-&e#Ac?tf_p#D;F?S{C*!J4S?tGTfgZ!m zLe2dx{xA757Cd>|Rh~t1d{tiKm9Q`O9>+_Ux^p@p_hOS{`#k@!oBK-bh(m4q^1iL7!2Wwm zeg=FI(u#jymYTr z?3`N)&QH#))0Agh0hQaCy9A4sl_>>^F_Xer2`2g9Xxm0|YEEQ}-ibwc4g9>XOw)U5 zxe;Q50>5YmhmJO19%*L7#>{jCvk%tg%qa>s^&7dn4Ftzv_IoZN2lE0hJom3yd#!fN zu8oPsGNCC9LTE4vSR15e14*p?GnhyC07d71ZFljCupxP<%C?)lsrQt}ptCCty*>iuD z{V16-6RU}wnKskzc5}aHU{u}Kl@ad9Zj))xFqfRX6;d{P%7aOX#Wu2?zk z4&+3+vzy@4lDqRF&dwk^`nzVa*3g~{H0g?&Ao@t#gS4GyM?%VF0Y4%)UpU$PW5*pZNR(|%DbKOd@W}yG!Zu^ico z20>|4-KWp0FMP2BbSX#|2{gyManPKL%{SE?d>k7ax+jp@E5rZP;T^K7+_>0-u={E9zh^~)Q3W}5Q~|RE&1y}hJy)MmWz%qBZOi9>Z9zyEuxAa zVrPMHlV{hQ9cZJ9fnbh_Z`)#SmnF%+`)3gfUK({%#rxp1k^eP9w0}q>xf*Ik0hy<7 zkVV)jZHWsKMlYt)53hj$iH%sqF7qFW4bxMPuZ@~ZS!7+NRBMs4+KwC_^EPQu0iAy% z;#^mslieUcXPb{PDZ#XHZ*v)oGu?YvPnC@jQmNf{5EW0uM3y*L;veE=SQ0Ub_?rv% zvCIe1B^u1Uk0gqj~w16+#(kGbjhq7+u-l*;(n)*VW)KPPH*k?pNbV zR^yu33A&qlOFGWN{Gq|yJf7p4A?y5lG))^;<#7cGg;1$r3 zh@cf3hWd9)h(LKGq7kN6DAljD(gqnfp}%fSBH*l zvS&`{=phfApS%(Iz{4$Nw)6hwLgSi|sT)rnr&41lleC`Z)1|1+Ec*1SWb*%BdV-pM{4kgeqC{cgPUd&0niETo`9%5^AXH4g2HS#u*b~!5=Ls^+~n0a=6)|gH9?g z{d6~mQH|S4q(E0t z!8M>@@{gj)-`jt|82q{K1ZYc|K&-M#;mQ7}CfAv}AOV>E*RlrkG}~B!YmEg_eSlCV zekbeC|1iXzwCr z>Cs78jZaR~=a{_&$C!9izZDtvOShZEHSE_8nocu)`cV7%_e2vLBxg)F7k=)~d|crW zz)IxdHL$MEi^4HdQD%+RK)h&MGfW_&js=?@65k+FL9yY6f-m1xZKP2 z{?*U;#U7oA!HeEMjAq^%G+*z;1y?WGZMt&ze#&ah8`vTkrz9_h#NQKbcsxD#x!JpX z2}Tjhj8{i#RR(+soLp8~h}+?*xzp+BZCz7D*)ZPtqbu@)kvoH;8+Q$e+oBShTsJfv1*7V=`&D_HZdY`I~I0wypLEp0|mf|h~qiP z6t4PLa%eZa@@?seR5(b$$A9x)SV9P>4iw5Tgtbisy8R-+_<~I!?rK@=y2wf6P^doP ziWQ%!JXmYO$xUi-xP4hMKbezwmX9~d%TMDjnR7dxJ=DJ76e^2S$}al?)j{J!`D*r; zQ z2zU44)=lhvx_nOm+%I=l##obSR;(Uw1Y2h1I8PvzliV4zQZhBDni~1&q;nM_40KvR zhQ`|-Ec!g^vF^P(p0jauKXui61xtdeXFSCoanLooD(C4Z$JwPd@z(Y)ANisOaU9IIUu@&F?Xko(J)f{MHJHuB4usMfF$oP)FFn+pUGV&vaXJ4sk0+t=|0`v zr0BNijiewD{~*NCb9x2HET0oDJ$z5(w7|k!U%7HOzxg(~B|mU%~QFS1c_MzmDnzQ$sZfb%Z1U_5q3TJFfHE)AFO3gSq7r-fcvWP`QI}EE2rf8Hy z&EQmUX1I&fCB&K4kc`3p1YBd8s0IAlwfVVwlk6xJ;Cb^l`7U3qB-9cBzu?kjbg9G{ zNO&9WfCFdmL*6tDrVY&evJIt|#^uU}Tu@@N20CGYPQU*j)k=Rt-4_QgEYn0(gUJH3 zX{wy-GcEOdsV8;G?Vidm4Y$}!OIu4zjO!R_eJU8xq8@O8zZVO4WV%$8Uk9|C<3#aK zP~-1V-Qn_LF8&;>k3L=9H-6(gsPaz2EM)Z0F`Z1Ipx|hhD>4Ee_bW-xKUV zHcgDa`PL=4b74PrL9+RrMTt@#Ij~=Tv z-+}hkDRt4caEp0q z3`{V8a!|repCVojQ~1?bi=YPQ!sb+5!aHjxCA~P?JV=z$=hTyRAUQ;)LwMh)y|h5L zS-;mx!(krCF=YN`uxTVB+0s;?yQr;nQ6*cIRn2_K`1WNv$l_2d73UIrP3|*p{OK9! zl|)b6X=!cXx9p!igX5%`IUd~Qb+2rbwLlyTN>6RX8tq+#;?>r7Lg+kZEb;<8CHtLz zN}C$Ul}K-vxm%Bsu++=qAbgnB&JGBTX|9aJlSb$|UOQcZNPll8Sy z8CH_rW7W#z`&v*U;k1)8so8is%V#gG)|PiyQLUjb#Okn~ww=Kc&2{CA>dNEj!aI!m z)*v}h@c`_>NTYU+RbYU5tyu{~w>BC1>*_kX_wv{8t85(Ps~jp4WlBLwnYrAzo3tP3 zX!=xtL<^+>i0eM;=O^M76r!`lObcbcyMhxp<)7^)`Sku~!b<;nQCx;VbS@7!&D|sI zmx#)VSExh{v}e>3;@;<^;@F+lkS#x(kQ%Ft-eZP$>mtGyfZV zZypbI-}a49QA&#v$~t9@E5AMaxe!fWw1^GiZR z@nTY5e`ZO91Aq)3N#Ek-%z7D?jVM`6h&FN%n*Ko4j-^N<)d^Ka)vN?~W0j6N;Zeag zBOMNPp)ZF%H71xJ~`L6i+_&4|a!k8Q+6Zx<$L2{sh%O^g&IuntD3;xJqtduE{ zbi+WvmK7FPd#w$BJv=`79L6UpT1=&B;*>_HiKK}sDa2r?AD{BZ#|zC8X(^%~YU=DB zHq<&qV|8rxgi3kHkUaY7yh!yjqMC1|y{qlG!&SP&RZ9KM;k_p!Ou}FJy}I`Pf;e-c z)C1;s(M|TFFk1W%UcIIjss`C$q7A*1>`ywwm-5*x_>CF$k-ep4Fg8tn|6T}wBpRmE ztx0j=#(P)9R5==@xSFTr+9Q{mY3S!9pH?+ZoO|+$d!>&dKyCJcsbW$oJQ?UC0{nK> zflwt=%d@0)_rrTm6a~IY-jlqaETk!NJnKn^U+c+yq$)+09M{~;)f`rR&|_())`c8) z`E0f==}JXu++D#~Hkpi@Ch_?OFYYRuTx|4qQH9|b-HTn{E)7i=>N*z;J{*p2OY@~S z)p^OOt6f?4su)??z<6QxYO4<-_m_~(y>mR?7!5cn=}p8V-+htu>igQogL0EayF}?e zeOvM9#%Tz{s9jPe)lf3;WOA;_sLooqU6Hz*nj`lCO%|=2DLFAe=Kn4rHWO19_8Nd8 zCa=_f4}+m}SpN|iTktvR5D3V`Fw*KO>@ey(ls*cW$d>@B*00kJz_oWQ@2mNc7KCpW z;0`|nBI;VA1>r?}p15tHD_XBRE%Kzg1Sj3lNLb>?p_HlB7R6^Z(1KnVDUm8+Zs4G@ zPBI~^0aUMfUF9?PBBjEX+XXJ!ZK1!C+I8x4rijbEFAjGpLmGxo*@oE6xy#bXAok2A zw{DAd&Ej4o&D16Dy+oFYb^q^#M5<`lb1tP(C?WWIB(B3_;bdlx4hOTk$6S=bCFu_* zM7YDlAR9|TVugF3rw0TG!3;-ptMOI1A0OHR8}%_Nj}rnVSj{75eap8X0dz5N0v~PW zVhN$Qk#LJzm%uYGj@m}ec*oZ-;)+R2O)^E3p9fB;IvBpacd<9FI~x`or4aG_%VhbN zA3CA1Bd~ENs#>4QaTLgV0L7E-B?@SfT@;-dl7~P5%{GPuKP>Ov9Wt3vJP&2Y+Uo%( zE7x)zjKkxBM|S-tHts|yCiKmaL|wSZrQ2_WclW1;xWVGv6@?O0I`vu3B zuJ#)}eu%gAnj4+5QR+IPb68y8X8F^)n<>sK+YEkrw(AM52o@Y9$YgeF6e&p7OS4m$o{~6Xk?${rc4o5Y zASAc(O*7pk*B&H0B!B!H(XiOCcVdt;$gKa`ATM{v^@SUV4hZY*gUE+ZOGeht52K%taEdnsJ08 zl@kjV%4cDNi9@S`SnE}Q%!par^C@+NFLk!h*ezJNt3KAP`5fvR7~-H}VYUTvTQ4rb zwTwqg7iG{aZmv6ZtQKRuNvkSB1PPtk_NO|fG( z#@8%WlHOBtAGv!~{21^?38;TJj=kgaafZ?%H*Dh=ci$)QBE_1@--FQ!E@F8$-{ktT>1yC{KdS~8zxSiFcg{+n0b{cn7}5Y4~6M!?yZmY z;kxzZeQsP|>!3;yet1ghr;WmA8VREPLT=?1La5k96t9m2s&1Z09X$`2I!&t%w@WBe zLn?jf%B-^ZJ{MdssIPV(iVU8&H}{<|9Uw1)yH8HN;t8iRK*E7 zS&YQ1x&jWGrFW<(Pc{DRTZ7RsMc0bb_)a)pT&FnG?9FK0JyQuiTw3CBkn!Jr4(vwn zSb8yJVV2FV7qInRV1t^cUBa~C{`$^Lf&x%W8*!qzZ$YjFQev1;ElFrv)fOZbXa7@Og`3c+VrG0gfX%KHnD=y;0*@R5~NCT}Tqv_938>gV;0S$$leH69nb$(CX_Fwk4x`^BgxJ8kw(-%tcLZ=!K2hb*r*H`NO^6{`vQ%MgC9s z&#$?9hN-sqT2|~=nvaRM-+(Am>)yIw=-?7bdimEO=T!KWYBTdE(Hwovan&ng@jw=E z>L?SH1t7F?K=0%IKZSSEb#+&Z*>o?S_&3R#yMKjy3iHA{-`gB#%!<9J5^DjAvg`e+ z67#RE`D^R`Z}|H^?LjaP+LO+s`r_!83!5G>ujHsh1DsZk`65bP0PlHu$QXB5o|=Fkoj+80ww%_OV(8VR^mXyd za0=W&>dXzVD7np3@Xl`zhH^4lE6>Wiy}Q-vBD8_$nV&ed*oADfDN{q#oxs?9rSiWm zK=nrm_sg##T+ve}!%nQewSBjAPpU`*H$Q#{Hgv*nXCJ!}o)xp%V$4Fib}#yT@+)M( zxp~DPNc2x(4efyRjK2^qV(+3WL!Pe*|ZV z0&JW+7`K{N7o?n1;TI0ToI3fV*cmmdfU_6f^{cL0am<4P0Q-`!POMXBfuZRrh3c$e z79kZZai{?o_4iMO5<(l7HwG+K`TEW4S|)*?|MNqW|M3-zBFRH-A5C~rzkTQ<)NkKl z?#Je3;=WG+{g2N?|Mm?F`AKMm}$n5MCG2 zqciHP%Ju4AvF@+w>--m!69Y`WZAEmDIqqTK-?@GL)y%!X}W1yVN!%Ns-%>Mm3`5l%e=uSIV{pwxo^E|^?H z)w5HN0jc91AX{w#M~A`h-PV1ow%Hg9px)n$X1qpO+Td0vpk%;*5tzV|?_i%n*B~%5 zFHjn71`vY382Jn+x4{57egjylPxY6Ylg2$`wD|5X;SMc`+#s#;vw*WMjKEde)E?n zR{L|0{2-<6I>v^|F-iQRWJv&t!+Z;(asp)VVOCT?bnY)tjQ(?%Ea0y*pBCAI7#G4e z_axGHNdX?Dcm*AK8L*w;Q%Iw~J}~sp9WpTVn(ekO{li_Gr>xyGHlV~;dw6UJtj+zwwKZR5r$X!8VlMmAS^SiK;qsZ-Yfn66cr?2W9T+sMBOM2-&mjdA(nC#P`NiM z8ey$`sjA2i4r%nh(erRT_lV17vV((s$AQq?hy|nW6SKk*cMlzfu5~edVNiDlSJ8Ka ztCXECks}c-9de<45woQ|@9+$D*LSpRK@#2`tQkn9MRKorJw}e?0VSzC3ms})GZX1e zsr-jTDKDu{RNRI{SC$Ayf^0@a)F-k(s>lwNJikWM(~MahDnTRt#YR*n!wdA!jhDpd zoI5Arzd!j)b_XUP^HOrEfvM(u+|?q{TK%-8*C4Go5XdwC%EY%BLBvUf(yF7pGE9d@ zN5Gz0RaD5YCGQk|%-^Yo%Q^V5ps--^-BdQ+YnH0EsQdQNA=KAIhZ1`C3U#@_Gn0fC z1Cc%{Mbb?58B^JBrr*@l^L0%I9ydi=x+5&Ty&N1|knJV;ZK8sa1(W=8cQ{*GIzKzd zb-!;+b=#Ys#4Hv=bPBB$8dE-vP?7G-mG$DEkc(c@J?4HqK7&Q_E93aZbL?m!&U=}oAK)Y*ogPbKcH;;QzMj*LiWZ#%($Obh z*|eS#TrckHx{y?uXw+l%WwP74s?_|daeMcWY=$J?iI?V9ohxNbFVEEGay2&QcIfHc z{?FFKU)RU>-~ZnV%x#aye|?7gniist&PUEeXBrzL`V;SznQM=jj(cV%Q^5-s7y-M@0!p<0GrEEbeBhE49ecxm*HTf;3_K#41{v#;)hv{fm^n@7*lHUBS zhyo_4n!CDUlJ}%$+cox84 z-G_<6T61#rj?H^$SOo+6HbS8~+$ViGx6Zuv6mGf10E3W9ET|pGWq0>b1&py(`QrFD zLE0U5cyAqHZWjBXWDV_4Jt)#jf!SP=LpDwyM(0S!11XU!@>>u|yy6xl6xgf#^hgmv z+6V9@V%*{ZVPYYNSo(x6yHL%ac$47NC`G<1o5^v8;|+*){YZE}Ee$k1ke$4x`4Yb8 zI+@r!glkY-kE9M?%=BoRh@lE@>LZTFfCQQ6kGphMOGlXObysk@OL2 zgFi1aIxr2CRMhUbw7i3U_F{^iVpOrH+@;00aYjz6h*{UM_lrb> zOw|!nDf+0pj)R=KymhhrJe%R&WKh(lG=}z`<;}F?;Hvbbo6P#PHFn@m>~Rl(&GdrY z*jA9}VD$2pLpBvQmXPiAzE}5F7xly_4=~bosKLN!XE&ESC9<~5=e;WXG?YD;E`7_M z#4t9}8SL=*q|0O1_a{Q?OQ#QS*v+^tl{K@c@u7<|GFL@#+1<$Yg+9^)mubflj_;TN zpOYSlMm{;B@RLVfMW}loMvH*!w<@sj=;qBB9f?xjZwEb&VJ=}l0nQxg+m4Q3$usn2jI#rsrgn?B!{^Qh@CA_}DgdG3{;fy*72(Xv#23 zF9Msua3O7Z4JV(-LG z>S?m>1ngMy^YY>%yPU#KC&@iQ2NnIo>krdDBgWy+4^iC-sM<0lgFV4x!PM!+c-hCw zsy7C{qnZt0l84KZ?-v~2-B|CkGBrj}PGCzHS3Wg4ATfO7R!@kYkv8gxCPIqhvGOq@ z1@Xmy?`Z3J75$NfEGV;+7dCuTZCr|VjxJ58j-2QaDm9rWJ+P=xcyD`wqLVE7K<&;R zOdL{+Vr*PHLAzXwJ5b4;=Rume`m!UoO-qy^pi)j}^a`VT9#NT-CRI@fZJ(w+-|MK^vm_|1V( z@3Xlcu1AkabJm(a?b4&fKertiEz6odhur@`P7G+zys~0N|cTYO$`Xrww!zVCh*!+2tYIrjt_@0%dp{jR*Q`B`dFd12LydKY_l#xc$P zS&yZm+RX#Uy|4|-L-4Bv`QU-^0l!M+ERTUkF|H2h^tn?X%>*E7abt?RPekP(`YGWP zo+t|B3MXh)#h68mxCWhr1$l(Woc-DIj_wc(6WFcwY*;~osTR?8(seY20kJS)!tZjN zHZi!du3~)2$4NX2U(1}}TeaVZd#@C!{MGPtk=}dqbXyy@;sR{c+PMb?#52`gM>K#I z`n1!uk(-(M@O0+)YB6$^6;X3?rnbUU)?2MUZZseprS z=a|A?*TPc!2rNJ@!rcZ!8(34tRao_{ z+Kw`%E<5>{d%>Lq`dSTC;jCG0v8xhp*fMA{Hg>~>a@nIzpJ;?<8tXXP0Aq1A*VFzi z>3R-d6l-t`5tKrw?-IRy<;u0G)5kMvF^|Xru7oUJrk{z^*aJh2#k_8c4#MhJIbdJc z<@HXv2tM$%Yw0Q;Rjx4p!L}R>UvY;s!4`Uf{%|*IH^mIq(oArnH+w;8oa|mj3zu^8 z&v~def;6pDQX3mH{R2)uZ|po)Q$-P+7B{~miKb0b8%pK(qetA2G~iaeeE>W7!$~-e z*W2P!B5$?eMauPg`PMPak#9}1EXO^}?>a053N+3J(=7U%ImA-Tbnl-FSX?uD-gr%Y(5aTqo7`7&AFOdAZvpN++7^PRcDtvD*7^lcUCRy=olt zu6?jCeVlW}v_s$}JMW-?NW)7O#!~`r-5nmldvGQG7{GgvwV`&QtmAL89IPDDSg3aT zio~z`IPX-sUc1|f_iW~(=z1g8A6{(Rh~5h*AVQO#l{*f+in-Cjmfz~h)~djIw9WHy z&0WUKnpVcJA05wIS7y7DK1hlUN#6Z7c zjVxijB}&kGvrZw2Me_dD%!u;c;S-wsvR@Z}#Rwf4whX!2XS7FPep&3aD&)!DsizV0 zKCB?wkEsERw|7lsTu@>0Z5V!|*4Lek_>$P(Y9R9Fy4UWpecnI5S9_DYtOUVXFI=Ok zIMW~i!n!%&X z6G{%|oh*^Y$l~|NmfbIJRJNdC=YTZpu``tbR#=;zwD7Evk zNSb#7*mF%}4%1uq-E7|P%<|GoS;ytV0bl-D&x6)J>EIK8C)gfSV4*(Fbuv8o3^+8| zW_>rmX#&q)^eQ0YLfBVOp=)S1BsHcw-|m$t z9E?nD<{$c6)pqOFOY`{XbAu@#qe?%FISMHI$v1-1RJCxP(bi0lm^uaIx(jR1w+nnd z_9nm_sJPOJ!=DizMem_^!FC}Jc=4r#_i-f{+av45C z6`nFCy;szOtcDej=&ITq7R{^N3tMVM42nsW*{LerNGrRYQ;hP#EZh1coyn3oZt+LF z2iHv%?xNG~InT?Jf*oew{0MP4?6hjN;@|Hak7;8-$0RymG5*32$$AHY)Ic6V^fGcq z@630;5>cmosEWy>V`a`+X4d6ot9tbm1cU1<7 zgVE#N`r>s?vWx<4A(NjRL%TYir^{m&ODB|>nz+(~RG2;Jt2Ly}wKVU`+GeViC9B2} zrb70I^>?-#Xhg)GFqUKk1y|f}cAY62`Leu}F__Y;Y2B-(_{ia`^Osgaq@nZtbh3Tg zx_!E9_7BIJkG_c7Fo+H`u^@Fz z$n};C^Bz;$wO=&iJ-7MD{K)7){}!Y_J(yfN&O#M}9Yt~z^(bbGSVEwx`_Zo|9p6Dd z%C)&f#SXZX<07r8Q&E@b1g?}&R;wKfAeEAAsr;tjxH`KEy_4}Onqr44eB@9F zPt@RJ0U+s@cz5KxqbIIomD*j(=XQ3(cIn4V*yRb_;(CV1LQ_AKm3m-e0lV8Hp|ky~ zx~tQkk6{zT;+G1XLj1Wq)y4PhTk(B2(934f-9dbmbu~pO$Ldp&*29HlEtA~G--62S za-|6ERZ~~7&Bm3xmk+-mhq3$Yw#TtoDks-x%oom8i+sNF(4Nj;pdz7H zNJS76BhR6lki-*_BqL&asH^fhsslOFbAonMGuAd(Bdp_oQrwj>P7~|?iw%g0~x zSPu-nGW>Xdo%>Q;x`vwusYfDv`O{FPj~3@ZYkpKZUi2z{XtP4m!PN^E-^EVE)=m=x z8n6t=%Ub%z7~i4U;KL5z_q~6Z^=_|H!%7LBJ~=Z~l@%oBTOyike2Ja+i$P381?r7g zd{O?|+$TNXe(mM{Rv&d>#oYQ{yKS&+8*KlR=fJhcH+#4sf2u+M*OaK!zvF~Czn4MJ zO8poOR)zlmmYx5{k+}WyzYbY%_tpR0zWQ@5*MFp){7gOh&(cr+x(>Jh{y(S`@_$m5 zWc$0G{I}-z<(}x5pPBxmz=v+L2BQES41f z;vH};3bZPa9k@p`$0pBXw}36>N8{EFadXM$0vQ_cws3d|P48 zwtBgT5gjMzGz6t{!AWO{GhqN#2Pt3AT^6}I(!xpb5?Tc+(mAc`yJv!GwG1h=!tJd? zr)Ld$cuX?eJ(+4x&>D$+6`}R;Q{M}~sxW$(TbWD@y9y2UiK<5mKW~31e)VKhvE3&_ zcl@!UxS;{3)UKypmC9IdW(1;-4c~xe)?w6dmjx{sbA#Te; z<6%&yx;t^f41VWlelm8&5Jt>R)q=Z{V>9PI0D)}u*Ge_O48u^P&{R9hQP7fEpzIUz z0eF*Acd@ZPuqhRkKweTA^n(Y;jfQWCLCM`DDFEMoMu5a+E0DOX97neygPMIV8@#UU zEwo^e`pgAVpN&Bz5BYePmF)t$K3WYw|&g1?FiG)NZxi( zZaa?oAA#KeN8^}pqkT^7mtWuxa3&cyp-e40+xa@nw*Xtqs0-T0tBI*TepHi^xPgg);5+deG6t%OL$jpR;OiqnKgNm z;}+!AW9oH~^Ylq-CTSoZ$q54FwPSD!=OZ*tEU4<}e|81-&KS$ap$Tjw4Ae6vCW1uQ zmSq+?P>Gp)2zw_gl7!s@yYrJJabALjuI%U7&jE-Ee08M=d&j$gik=Bc3KH3VZTG?U z9Qd0#kjiU+N=+9O|NT`tTE(4=p(uDDCLA-6mk%tKtK{;FYAHDfCcQq+oOZ44ggDzS z#&cu)pFM>i_86e=^#qlz0s=8gAeDU|sBMKipyDhNH)%Nh@@T=g`YxRB;ZJZMC0d0QTBK<2BU(6cPGFL zLYtVwDMl2T)|Iog;B}NOMQ<4hHo>aCV{mgTtDR&S5(l_St%>VsFl=0&0w+nP+Gfxa zDZ*{5K5f#Pg{YxnNBqZ;qRI2MbMSYvMujoNvo^lXKgB;bU=L*=?;6qoaFX+9ar3i@wNGC_J>w^C(pow+N_vs_+`1Ew4L= zqlRAqmDD_*(9*DXCoVwQsfW~OVdDb5*bV+FhKppsF(~_euz6TDl&gIB?%kCSuXU+V zNzf~?%jflG`=x}(fBL%-%cM>q_Mi%PBSOAGifwk3Q*+?d{h=x<2mjq$j(cYm9EZaz zc$rKgOCnjM7`HgT9Qpnu%`OhkTy6V5e~dUU;2dRbBPgAJo{{IU;kMbbZMyyU=0KiT zV}eMJ68m_rW@8*RO#-G-;uSl1_508>MSbUJD?i1 z*>I!1w&Sic-$QkD~^wQP0BgfDe4xovtUlOjpIk zie%Gk+hDU?P%%Z%bnU8w>={T1owuTM*dHZ<>r3~+~!(}&t&GgQFkK81>1!~LbBlIh$~5_${rzG4eP=qmj;HO@_^f4LfT;{h}UAfBIrI^3%cMNlOQ@m)jYm%fLU6taM} z!>G*g@7_R)=&zT9Zuf7dB?B%r@clmB1)@YP#j8SWsN2(tYX?}UJ7H7MVUqyR{@>&% zRo?vT15G?;;*XHg3`VQy{%l7DRkN)=B-(LIMJO3|7nIQkUH{{W}b>nXjcuH)0%8dH=gA5e<4_WZ~P z;tpxIXUT^Yclr!RZZgx(VrtJNN~QX?&yQzNPh}%}+%|5}k^_jvXFR=?RN;Z6Tac3j zvp`kEL%86lw#dJICFcr>%!@E={UNg`+V&`%_no8iJhT)AtP(WpN7hrpw+U-erJ@3_ zKU3T(Q1bc~#1#F!q9$>) zdvRhZukZr)coW%oFCQxEetPyA2a=gsJO9p$+9)M8Y(XN;$l!p!(+RAZqz;q{_Cw;L z6BK`cRLY2GPbj7GCu<3CIgtW}P(>!+G; zLEP(6U3$4k)-U9v#zJ3?O-@YOmLSir1NADmM=V|IOa|1lv8 zdA(2S+}Q$|(p)Gi&z1U?>Eq)dnf3iP^ul$2UqP<|A9EZpO{p_9P7|Gq^i81 z;fbbAh1?^iiMRWI3u z99(Zi+DwbdxKub~VX9GhQC6qL+EvIHY6U+^AJ~GF0JXUIEDzi3WrUD~lPUtG6>k;p z@i(_n#IAlkKHPSiEYSkdZ_2J7sQp+-W6+d${Q1$61fj8{X6%Z8dLuYsH_Z zyU4Tv`neNU#Ddo&c##mjC(6jdnJq(6iw;6zXiMmj+`d%ped3<_p)$>}Vo9uf7{i0w zS&}m_^`Qv*K5jQBX0rSEqdR@@fU5q$=qp>0hl&?IM9!7f{E%CMF=5Am91auJDeK~U z>h;eUrM=EB{EfWJLq~7+>VJT6rWub#A5x#UwAPL2gmf5*G5jzM%C+&b%`~aauV5Q%)6Mpip_j}$e7-|f1}^p9 z(D4?u#+yLJKh$#GzF=?eZdtNh^aAy3A8hPHd89dd5$=~SR8R`L*FQMr3Oo^$jLTaP zZv&AMrX?Hp4I2WS&Ws_rG;gL>KP8H(l@kt(^xh96nfYORo*nUH{U-jPjbrhL9kO`F z<%tYD^N`N2FNa4=TOuz@i-)&z?^e6YX=upFc(_Ht_mph^n8ysBeG>0JZVO-(F63px zr<$R>r>RCcXfw~Of= zrCzRL41!A1YcVad2+d~iu5u`{0Y?bGHFQfnFe4Z$u$ajo1?FW1n3q#l z?8x#Rv`a>l%~Uo;k_>r|J`>N%6ASL?YW!awCqj(k`2OeMD z_?%m(&mXJByX0?uA&31i(|_PLguHHQ6vMh z(FEKV1yMRdXlq<=&A7KIS2Qti9G?=%^?kzZ>HhmQ9M?E>4=L?D`eZj`ll5a)0H2i3 z3pfi>YH}8@6-17?+WW(=SlTmf2g-?OLYiXasYP*j;B0!JV5H~mZIe29>z-*;gJE>^ z2c_OF#TOGnBDJ>eZYK=%cd83RTr+Q*CSgyhNTF(t>4(TN`jJ=3mhUV)maZL3DQ%jh zNa+aj_{@!Rro}M2u7qE!H9Y>kQs*id(x#E%n(7l|bIxMh>BZtCp-|XJ#OIt4*ysiC ztTJQh$2BAHkcG>56M{P_sy97xd^DYZ-c2{BbV!bR2X~{yaMJmLiQsjDh43TBC)Wg- zH!p#iPbK~I44pz@BzJO08j`<)aBFCWlkA*mG#nP+KbbuF0Cy5!1#Q zo%i!*hU3Z5$C~apZ%)Y3`9Hdj6^I;MI$~S|k*NN^_j+1p_8z%_Rdi%Wl0h<-^a6L26 zH?#$h6R}2w_-yy_bt(r#ooPbuE}+W;8JRVdK2&f|!JPaBS)eU1S6J&<%XHIF?f#>i z9$C}3ecE(ymHJi!an%>q9KDr@v3Lz$vnze?j|`dDsH-0$Tx8sBbd$OK^!^a$e8$7( zTECYdX7B9E8nL*g9OfS^aMf7?thB6tq3Mk z4LAZ&3(E(zgMwyI<3~QjX22=L55}lb_s>lTzKs2`?w_uz>H>tLW}&MK0G0sij1w7u zX@cr|+$N=7FDa=EM^=?R@o6|pB}uJ|?swgRkKVQ(r@HvoW$Ig^w9F!l0aau=c+hXK zr`veQEk`mHA(qimJY^+ugvTE`dik4Sho+WY6R_`o*3$j&W#Mn%_kVA{Z3L5AfR*e_ zbQ%CYX0Knaw<7$E&meTgQAJ{N4!ilF7y~~J=3oLh^}!aTC;a;id_@XF-;0_Pr~WLU zzG+SOW){h-sK>HUT_-4t0OVr!@Y3&hSRAoR&{F9{q=vp`W$@JaI%fOT`<|%2-?>$- zLC+ZGhi|5RD^|{Pi7gyBTFb{w)*~dqc#+lwWcg_6goHuPngiF${IW&_x1ub}t_&p< zPPga0v0INS_@F7qjG*T0BZd@?Y=-ZqLeB>0dAJ*xY1v*aEU)OZj_V{c4KC?*+C%s8 z7aYn`_@E>rH?;+E=$RqIh2^DS6>Z+wI1;wP%XB7{7OodFaf|eQdLRzxTGBsIg^tX~ zt7x!*5WAjBNMI^W#_@WprImLzJ>~YDces-Cg!O2LK^G&}6rw-&P*)h|%qhxfE4&XU5X1X= zoZuWnl%Cc~DILL=QqOchs~KoiuV>*ddgJqAgFgt=zSx1>-$z&S$Xlo{Ia;q#l3$3Z z$ewx98BYBa-drSYGj(^211kDq=2)(?N0#wDX^e$oi0l2X1OC}Bvbkgprbudj-4+2v zcnvF6g6x+=W=8aVfnSS0*U{5t$?6#{_-;{r_yP3Tx5q{a2A^}8zf2mwskDx?K)np_R%X%||RzvkY? z!5?sYbq{@WMJ$FpB=vc+xT?Ed?wXUkL)2jR^SZuo=q_RM;Yl&r9-Zv80>`zM;u8;|zkd~pwoe+&Z#{YK^vwC?-k_NT z$yZ{RS%jB0@RC0*C|Rfda_T)%b{My_6+f!50`+!DL9?fs#k!G-gf|mRK~&xx4*-St z(EHxaDmJ}$C%q6@K^C#fFHMEpAO#p!#2&k16ml{L(&a_!)IZKHlDreG)VnhoQ_mG8 zWNXnBLBIc_^VvtgQcn|`QVClSU2>{T+D5{$9!JB@6-w7rWZ6j4jcUDXC+`;#L$VI9 zx{gielNkuf>g3kR5<*xZrg?nUunAEd+h;!G5qq>XMDg9|<(PRNeMiMGg+YJ5s8ju~ zs=gu(`}=2mDzM>wn!7AguiXrBO&I8*KOWYRX~@V6Xe<{h^{+I@@o?*;OBf!Iq<`-e zo88S{c1_Tl_1!N20fqP}cmpWV;5ETSt3{DE zvD#uAt6``qcQg73*uw7k;Od|&B0r5Y)ZBH@#tnhFKezIi*zO;(+&@HK5BdPn&u6DG z(a6gbP1Nm$%>+Qg+B1_#i}zGce?!72*oF(7#A9vm+d4W&qV+5WCs2VtdkGHI$F_lT z&=23*_QW4)iM!R*{^_7qXn=tLXBRucD5zS(ry0pMEz}dZ5XW<$0srNxk55-gwP%o}fk8U6u_f z1`z95AOi-=u`6{KMWBYA1=ks#;vM4D&g>etC2MouD%BoE+Vq8C#o*JDSwmn&@ z9SUF=%R2rx5dLoDd@kp>@}`s!yYQC@E3LSLpMk;_Oh(Ijh<`P zs(gf*Q^39f#p5S{$HTr`3~};cp~r9?hhk)5JzqTI+pzhTn$0_T5Y!c)b3~s|0;RTm zCam((cV(Fiy-TiQB{%kMoc&M~!p17yAj#$~$V_*tK1SX*Aw^{iAie5G>P%1;LKQC* z^DpQnoLs#cl@@JjpFSAC&4~7A)|lj1k2NXC-2~C8UGhYsE-<~Us~-3C-}Ni5QoG)3 zoLOr(7bQ8zRmpS zA)IG7GJ#vg=5!hqcPQ~`2Z74n#2EU%MeK$On(Sq}2;!I*oH$Wq)osA$m@~bA^a5km zN5)M6>lVl5$})&*Zqh^?FkK=Ii77^N7j-;tfW6^*d2Ofjk*o82cdK6dC{*gROb)2^ zIY@MWi8Oj|A2%@Q?gGkD7_1kJ!NL?(ZvJe10|BDJqM z)i^H%>0-%5dQcK#vT^+bYl1dT%D(jzz7cgP8ot+u-G1QZJucKUB^bgLA*#hlm~;Ek z#`fW5%k07-8=KpEj{ELu!PGb%2Ju0|JAfKW(FXBGOU&$i;L~XoceUs&c>ZcOa^ytx z#{}1sr+00yF)+#>WtDDp+GF*(O(w~fiL>(n3WhBJ;Zzn*`e-7j(nX@q1S$Q|C|^;< zQLc_})&b=oUo8b|7mHu>mqq7&+tA&0V~4Bd<_<7{oQXpHu>_|21m5Dee462<>5I!01?1iyA6~>JEKqPjwGU6qbx!{}R8_eye?&g| zQ|twuriG1K$P1Mj|?B;7x5+$dfU78`AEFdc<< z3;&w%z4{C-4^$gL9Z(VV(7Oo`JS~pidcN}oL7K1mdy~x&5(Y0hC`z9tzur_=5d6fp z4678clE#kX6ANLq9hEk~H>XI^b&~0PgA^IiaokOCvJ~iwsZGO|P#ExhMNxL%p04ql zBs=2s&i>D4-|ksJk8+wgr1~`vEk1E{d)XnKx4SN4W*GvzxdpL@hq}QEXKK-hkvipm zj(LyBhP(=WVY?b>ZF_P*uNnrM^^7gsuJ?bKp!6b44?tl(eL$_iO|s0 z=+1p9#_6GQk%HPe;gv7S?7vzXho<8~*BA-O~O+2t~yblk#Y(JmI} zDZ9yMn`_|(0rd--vco4c(|PZXx74ejO~E@y(&rW4Z9!~Qy}k5=GoTT$QurbZVbzrE zor^RhpHDXPaA`<@md4z~_O6ks*%BI^Bl|j8N6!?9J-=YS{~qIW_S+`UBv{CT>&@PX zM*2Y_Q?1SsbGa`Gtkz4-oxt~dd#c;2RWgGp71cJ$6d|ACH`_4~MK{-xovl9_X@&3f=a9Kjg3 z0koR|K%nfj1-WW6uvF~B_7jRhO~DAI^vWMt8mH|Qd4?Z_Bybc(x{?8Oc*iIJyN284 za}8Ci2eYHO8xqYii)~|>>6&J$CFR7O!!n*RrS75yrh`%1Cah;oG!Q6X}>HC-SL~a{rItS4Lr+3*{|RtCq5nE^-lQlJ2;l8bx4L zpsI!@M2kR;CBXMrvwIk66Jd>29Bqv%=PLspC6C+)x%G9<|H7Wqppn&mtx)3i`3|fi zGX`EzX+=??9wL&0r2?oXV-CAXoyOGn!N=am0fuUt%#}=WaYfntIf`5)E>XuC`d!pL zsVAdnXwRz8&O#5Xu-$Xlopmpj@_J`+#!9FtUph8N^7U;EKjZyp89#quWW~TgJJn!= zxpbPL&quk)>B(wSmoX-RHl-t#!`~V@*c%ipHe3WU&T&F`_7Ait5^g5$8YGvJG>OV< z-2vr*NbNYJd3OxogepND)dxCpr{i*8N2k^Q-%RtmI9Y=xsrGE#aMA_<6+v)buI{k3$+R0~>$$wss?=L&@w?|I4oHR0`PO6NFM<>cZJlxmnY4ky1h5gz5nQt zD1Bv)?Y>YGhk-+bK5pHEB(y zpsr}aeAQtt>*oeMMv3$u?1z9l9rWmaY+=Ba-ZdD98be7`p7C&MW%oBp6IPVCR3by^ zr}^>xV+HI;F0$Demdf6yMsF|brYn-~;H8ob!nABJ42tW8H^&OS&E3|<~ zW3K6T{M4MGLy1?9e*SzoOEvD+12LbnVci*WG|6ygF<+IH;+c3p%YS|GZ{Zyls}dea`QspYv$Bg*FyCjTnuZ;003&+?QZi9Y7uFzNx9nOa`Lfs2|2DQ>gIqa%Jq zVnKiJ<2g6F0HcbfUZo39Z->w}S=p8B>^k$#Rz=FLdeA8A&)l(8me+{A!hd&_Y!wAP z^TYCoDkxvv4SaT))uON~)|=)Uy%+jBknXCGMrtO<_f|3&a?SeM?=G8z9<$F7JM^49 z$_Y|5#a9d{?|=UDd0Sn5o@@s&7SK4`X-bzxU|KW=;F*+n@5Z5(hQ^AweFlCTb$MSO z>$rtnbnBpNoeJ@2cz7tuY0wAT(W(gE-h8x5ESxGoW(9!oNWts>p-SO@q+a;XpZ~|I zj{lF13-b{x23R6|t1GBd0DLZ>HaYihvAnDRuPp?co{Ynf(NOc2XFv~i1!)5MFIhhK z&@gfh0wFR0P>?afLYc|%xQ}?wj34PjF#1-a;T`bMG{bgHlLHNG#(v^uHXkDIU7yoj za=E}?G7Zzv=%UXzuNd%e$;i%!5Yk#22$7Zmc1`!3@a(tdWj@09r@exqd-RfXOQJIu zCRk)9u*Inr^yFK7Ovl$3AUdfpHV`_N`sU63=CsNtBnG8~U(B5u;8|5^N?boRY^v2d z7rh8LZt45c9gl`H6D`L^I$fhP738GDglzzhd9pe=jpSh0^Zn24`~wu{MZVA3nmC{^ z4uRbxi0zLm7%rz@>ZHGFsE-{z5i-+K{;o}~ZXoTO8d#AZOg-Y30-d{yB!}Jb%|#zX z?-!%GGNq8?oSp%u;rn^xBA$KhRuTt{684AXGfYo-{rcK^QcqGaL1AJ@uxLe^#y}p4@@!6<8^Qj?WN?^6+wb+8rmPdqK?DUFx63)t?VS*@R zl~4Oz#LB2HVZCb6mYWn_CK0lbde}Q!!1Lh=k`|{QNZP#4n)8y0`=wu_soh>F8Lh;L*^sDP^D6vkFjRb2kqis@O^d%2vN6EagT*6lN@MK z#9A-StW8>R1WtLjMGy~ZZ0@!HDMn{SgvE5;SxO$G-oAJsYE5ryTAVz!W0N$p_>$5C z^b9~m6@~EZgcl+OA(D->dOZyhA-weyRlD5@l1F4V1J8V*bobZw$-mYube^CAmIn-C zLOPr2wQ9RNb5DA4c%^xfRlK16;-UWbp0tw+b*6Z1_4YkQ9DJ_?OWEnuLNN+si(}q7 z*NK%Mh%tDBl_-wfq?4&T`)JYV^ss(dXe`4)E0m5}ZNeR|lOiIOo1f5>H&?M2dqek4 zNo4258y$R%ho-ETOTU!=S*G-bb|5X*r{fab0ih?cE(}S3X)?W$aKp~lyVfVhHV&%9 zBOvVjwUj#hMSbj3&)qreNPi%Lg%j(ot zcJ=aE?Z+J?bKD*A+BQ=t{%p}G7%h>EP=wVmA(UVlrjDL9V;hDf@fm&+r6w{=8iM^5 z18&t#Kbo|eLfF<#f9&B7W~b3vZ3z19G*oPhI3am%;Psz+O&0m;(8E2hP`^8r2XkCz zx=-ka4;jQBll#N>at2{niT=7;qv-7$oWWAkXQbzquM393Jdtdnqix)_#PlkN?;yKfU%S)FJ z&?r1%eoXkK`>BanfIm-hYFb5zJb2K80P*l zPUdL%mJlW01X-m$r?F}tdsp?B8Ol-5^a&>et%}Xp^ABU)Zh%k#0lqNg{1hrio#Eat z7Ww1bTDrH(DXhjdd;T*0bJqYhfB#uN&jQyh@z95}3%awpBTo(LA#?M~(jBPJ<}}#1nYU{_;NC~3C{)!L za{jfB%FCb9@vG653^UOWH#wigMM-Mk+D(%}x}lxb`|Z7;rpcAb;|>llcjl$8-4WLK z@Z<+BdIPC~gqq210u;i{mYds30?}3HuMMWoqXTLa@KZH?a{HS;f*p#xlfT1$2lp(m zYBS3It~Zl~q>Z}l4h%TQNoDw2VvT;k&1S1J8B&>QO3rKv*!M^VQ;@C%Qev+suE6Jj zjRM+fLVRv7AuqraQ!;%e@>--3wL-whq_uB+tJTlCH@a}OZLXidi~vZ6Vg=j5Ya9}N z9oRJuU$i7;B(nu4sJP0h8NX9bWllDXnWPGCx*Mc;p+|g8a99S@Z+ZBhqDyL{Ehjt= zr%dujSX#N`qgoqR;SHRi`^yp6e34;D`vXeEC!!(1TcehP7Hg7%Z1HJbQ^{9q-ab)h z#fUPOQ~fI46jr&SRK4=PJhjCC@!;Yn=RpoVu#FPu1r>K77vJKV2-2#;rI zV-2vrcK-;%Z#V(2^yx%Jf^S$)E103d)Qi4x9duNs4LLVqgHcX*CWpqji$&RcJNId% zp78pMU6KOJMad<?-m2t2| zRwQ!Hoas-A7u^*{dQ*j(wBaKE(WjU@7<^RUic4dpjEeQ}l-_v6Ws(v#fqaFpd=(?w z!&1Jh@sCNtOsR;=&sdOnV82aFjxVvx`D5wwGtQzJ;se&b{0rS3)_W{v*qEMAO~xX5 zi5(&d#kcph-gV!1<w>p4j3y#KuctQ}CKyI10`0Cx5FKcNscwtShkD;Q5}KG3t4ynM zregd-Qlvo;nde`!=(O&lVnWNwG3qA4kvARa82fUp@w!d4`l_{kVe}!A_wAK#>;Oi} z-);|#1Dn7@GjEN1#nJ4X?mK&ycpLKvIFv>?hYMyTOHbXY?YpyUERPtZ~P*1`3(;=`f>QjcXI&)4sJ+ zDN==Z@8cP`^8syUVmX$}6R+T2BpPsn>3(D3+n$`E9|FE zUO3d58rGT`_j9om<^-1rzZPgy9*agvx3P*mN@yk~cbOgljA3PM_d!StKQ5&;idLh; z1oh>8Kw~=ftaZvrjFsQ>iay2OdybteQfk-lz-+n&!LxQG&5qTS%iw(g^YwtdAkq+0 z06iPn zpScG}z%)-KJM`$oeP3&_BPFwSlfLEU^ZKyb@djL;J9+D6KeH?&L@Lz&5H#zODX^X# z3xG9dWlo+*@3mp6wFv{oI}JTi2#6*&D|E%U`c8Z@U($lOu%+QOZsoUjNoRup+>#E3 zBtwrA@s^)fA(!8jgnc0$XXz%kE%3^A=^-AyneOs`p7n{H>E^8d9u~sLWZf~O3wFEDv2Pw@ub6 zwD99*E?0TqrtRpyEcwXtDp&Z{pWbySHJ()2Frg$%@Ne(t%iP%PNPg47KvUVrd$Lpb zYhUd?6=A+r&b*|Au-S30^@(jq+CL-DAYZPyL=fZpz97M$Ow1SYCvGltXKDc7MKJRV z+~sVd_k|go4KwRV27DS++av44Bd(XyFN-@WRNKfu&#lT5*BU6rd(RKNm@9}d8mvG_ z%CsMSYSK@t-mb~|9bZJ`z5EWgQzX|YBWwaha#Wz%@77vzV~6oqpBB{w1FK>K-gD6= z(Fup-2@V!s*Y^cQgD8}kcHuWuR!3TI?puwP*uIi9|~pViAc zXlwrI;xPgvjx$9=KEk+4GjQZ+v)YLLec|_MDE&HLWY8^RZ(5w}J=0JMJ5;mZy`qcf zTkK(NVCJoss|4wQTwf2PPa9LKIu#%QY2AM{Nm0?{eIfnRN=Eo*>mBBGo0%VDZrL$$ zRqo#sorjf%ex9gHk84&nkEnuPJo-{(!Q1;yuR@n^zfy5p_X1^6K|cheh3sg3xTCZUN0LPgkSOSqLHpiv-sW z#;1uR_(R*Y;T!bIoq2aQgiW3^vku;`EcK3FT|(N~*j>iKL@6kKpnlLjv!dt6GDiVW z=}|*@)Jj3Ph%K3!_CNK(aUiaDt=2j_T5m6zrjF0B^n>M|y!;R4g=(e><*H7hjoaBt zTCbhT*i1$vqmvdBv{jBZow8ic)6dtDd(6w=+kp78dGa{O%BZ0tWiMrJ!G~4s1yjFw z<135$FHc@%EGakAM3ZSVA8lf|u`G0-TON)f(JW1ghS<%BWodSW^#tSZr9(K|#}wZg zRC;&*5vwETVaE@7tO5r(C#x}XOmZYx>hX@0q1gOlkMLJlwH5b@>w}yx$kQr;R`4Ro zh!fNoZ#h)QJmA-JxCfe+xF}LPxji~xlNRT4=RPfsqm|L*O~F@h$htgjjs`yvB0biB zt&DGM{;^)?>!vR?VPq9j6OCMd3eKBKVBq^lzy zb_GVgUw8Z^7h;6JCdXTWgVqvct;7Uu9&L?&-FXU@Rr;~*S%#tD zjlP~YP{hM*gBtcwJ3Urj*{V6$1t0j;m@%_NlZEvmA>DlQ8i+Q{56d)7Q9o0RtjR&+ zw$%w^dnV6idfsIcQM+iySI;P_^^IehYSFf)c=|vTO04rHH@t@7w)}J7R2h{szmC8n ztUPehzXp3k8ukAf_j8L?$Cvkb)}>ftpfNQ!lRx6ViYSjE-GjkU74jjAPl}J_z*kgx zkY%7wn<^U@DVLC&D23sfG-7J{65uKOP z1dQ#Y3nFA`X^!*c2{mI>t4@)YLPfOcsiB_`JZu2^L$w3>@x@A3PjdizDoJR2jwR~X z4z14zWK#k)hiM`M7i+J>yCh|iAMR_9b?KVT;T_~#nS$V3rN^2E8?X2-C`eqaKG%or zAn|#2rd7R$!)79bers2MOb1;&Tu>J6Lc})k7H{7w@$+-z&4gi%N)PB4ZlTSMDo>ct zpgskV8AnD3)|#=lAXjly4OcGaBtDggqZRaD(ZLi}vMbGkk4wIS^ z_|0VvW$HY$TqI~j!z(wjt)k_gah9}~vzOE8vmYdiTg3-LK7$yl%-E?TBt>a`L*E7| zt>{wxd?Lv6r&rHjl+8y*N zhpEK*+W7sPAVfXAem=S2ync&iJ*aArVGDk%<*F~l{CV0*p0|UX>_E4335F}f=xF5o zTRVj$a9BFL?fFeGyQkYWI$irxs0krY8PR1c-ZoZbq9&=A+I4sY+#`;O(;2n$L) zuvr%B<+F?z*zm&4t>;Zh<{1%6(nLlA_;(;%CE*Oqk71E}>)u66%J2|QaAMF{V~j{M zX7JsxF@QYDwU+<7dW}SfKq{~d!k4pJ6e$u|J0D-k?7)~HhETrJ^Mm@M*<*pD(Go2x1+1n*ZU(@sN3MO<`~#`3}SKmqK}0tYvrl@h6b z(&1r1NaU_&GUSoI=CpgASc)!Np36UXt@3@4>5sN-i6PID>`s}Y2c2)7Se!-gEb&U|%7ukze3db33P!q0eNKF}v1 zB3FoWDc*)hSoK!XhRUmRF?#dd6%7BIQRH%#`Q7RXG}JGDf?->yo1?$Jxh|QnC%3!5 zVxJG70Xf$}A0&%MGmeeG{twOH%pXo|VV(-+SjV?=ot zUIK~+A6kK^0VUfLI#T2WbPE-Wq9?KYYNJsdNCw}6*4w`G$`ek^o);0`H;MxXe0g48 zTm3+Tiw?0nRU;;-tfJ#QSm~{Rj9YS;0IF$=2&nqq*(ZsY*H{ zuTc2e?e$@W+CjIEfp5MdqVU_bf30nHZ{b8^va&5Z%-h-}S%5t&1e;Ya>N zosGsyxJ}C@t@a+O7`>}0Af%C=ET%J#4y-W^%4@vWoVSH41N;p|W~LpPcOy^H8wF6O z@j1u2u3c4%5UtT*H$Md}^4lij>%9Y~H`;{Ga9)(Nr8YH33=n}?h2C^e*Q!4)jcavyng z&M{AiG^rI5Y|oNPJ)?HhZ>B13C(NltgyVU&gr?E`yK|Er{rXHvSt6?5O%tX2S*2kq zSvs)c4Bzfsk9O0j`p#swZKKs6=CqWZ<^JEVFjXdl|E~>rWzPY5E6oVN+c}J!ft95Jp0(3lC=u;Qf73()2L zveI3=d3ghz%`q*ZTeC_I`t;B$n5Xh(fBgxU6gb2`G#G2Aic@Vr2=!Mg2?EbHNuuXD zAPa@L@8CJ}d}{JFbc^m}{F%9TFM7g=vN^t{nsKlGh;Ua{$7O`e+A11i8vFPIn#xa^VqMqKFo5UBLW}dynuDUT?nNdYh$YO@ z6CeaV((Wb$BFcY*5~*MO*UY7=TJdK<|Kg8;!2HUQD<%S9k7{wMq^=C$edRRbA3z-> z1ur2qk`6+Fj*A75e84cuPfSB~fi76Q=q_2HhXJIU;y70H=|^h<@a9ca#IftGpyog@ z9)fXxzSJ{vsFl0n2MhRlnLh2kfLRcq&_{fsL&*ts^ZsiJv-|$0Pr8flI#+Cd)3X8q zyv*J0Z3?;wAoWA&iZfSsd%We=TUG2!BxvXIDw0UIvDbrd?pY_XF8v&&%LBOLgN`hk zK>Cuvr#R>SIR`oBAGIlBjD1Eu{o&w9HI5sRvUcw&`H-2SGuqE^l$e_r&OsMAj>t^@G~MJfQ8H@A(g9rV)7Uow5%!RO)=1cQUz$xzZ_=h1?2C`;s>_wrV$Z~3Ne*mM#~ zPQYbIdLnIJpeB|s9CmMamgOGTxQplZ;!{!f1(i3iQda}5!yqbGkv~u$k<3lb{}vsW zxn6(C$cd`unL$)LFUzLy2m56%N!eCSlt^2_CcSMaVtV((Ze7upH@^i*dWogTUU6#t~jIi)y2t&?49Q(ymrhN~i z+^E!Mg`XyndC6`={(wT1l!#2Ynix9-!LEm$b}|1n8QAeV+i$EN@jlR%j#M>f(Cu+e z?&najlGJ?)gTdR(s%{>%T=O;TyxloQE80chCG@a2R=!aqxW1XG$-e&NzE5!+@ON8W zrohBVL+0!_pU6OZt0LcEK4isYsdeU>{JUpfd_!$~`V_6BQeazYQgS0E(^*I-j6SMLnPPw@ep#)Ik;j53&ihX(pil)>fUtn7lK+y?SstkEM8RiV zafJ7XSw>Ps4d4t6X3ZkTLtYTXS5!YLacw`@ZMlYHNktg-2X{`f>I^f{|B%r&X7e$) z@(ue`av5A@h)Kk{;{CCU>%;lQCQv0_dPWQM1@)KYeLvF&G;P#DnRlbB60AOYQ#uJ4 zzIPzl;U8V55II&jrMqD4*lQuNC3)|<{A}D4-&MYFqrM)~>X)i!KoB$7N4A4=d{0fl0FzdCwwnQt@p zopMiz(52p59iB-1o>8WrTTafEIr2sp*mt_7l*9lWiF0YTuek~%?7;Z@VszkVqbaje z>RSWQUYX=c7hD=%)`PKdyWl5Gn-X5&l9!IOvEA7)1FRZHYL%j{=%Sj?bEZbs`})S8 zK6O}DeE!67&J2ihKvxMPDsi3W47ls5#SRHQ8zqYw3wp|x6BXsupW7%Y?$Jr)Rg)ur z3dh&CiCC%`ZGq%TKmH{Pf{V zv0IU=fqc6C8;$|^asr&98cs(5!1%k8y9PDd^uqos5gP)A3B!wnDdLa(yLj3q^cLC| z%k0<3_UM}7&Z1|M+Q3Lg(&gk;2&GK9RJvV@cr%d zNMe3>+Q?~YXK*l%CZU{~L%mYq`3z(+{%hAWD4P771JRyE5OyVokyrqpDYF(hSA=)* zJuh(upPMw@M6yCp7RB{5Z;UxumN$j2kICMo+AD9oUHptJ^Og*v^WeY#>Q?A7tOhoe zb?Abm2Jfk3Pf6*^h&JTx(VHkVU}b1<7Bad%yrj+M8}{N#_abWU`VNPJT~$I8ul9!y z=8L`yDR^H4Q5ZNRggQ{?uAh+iz{|f-WC|~qQQio_a&&Ta$(rsYy4pltk8b$;28=m5m(al|i5 zjKDMj-G*t735q8{`2JzxUy_!iQuKybvLy^kPA9g_0#&UETHsp6ji-PgjE8?5G`u`EuUD{!e2ppv0ab;oq zO7j^Y-~r}?s7T1p=~w}UwLBO<*}XaK-e)7%`*xMr`t?CfH_Y10zc?BsQcMwLU|GOdmW-;ViwRUK zMZrc|6p&d4HPz!LKq}v*w{>e3S8ftC%;+ zf){7-2c?l^k^>IYeUnbpp7@vLI+H8lAXwd+UMPN_&vjJ4_(0?UGqy8ZtFp>H5deBF zIP}8cj|C(ciG4G|<^ZOHyP!fza?{1AH{+hPpl1`M81A=rnbgi&cvWSF+h59b$tK7Y(^_Q$R`bhsYLfA8}HbKZoY|}V=H|`Lo)o9sOEf;7fBmU zvK|Wzj<|LmgL(>YGr8X|rrLTDa}(&tLrwF^f!ZYbaOZh>Ut9 zEy!xmWuPXY?h@DqPTWu7J0=KVvd*QWr}wIXdQfyv%d zWO}@LwVg(}nN+vXQy=C#-lU^UBNAVU14ze90x%^8|Hr1=|0@}-|M}T#|DkdD|Hb1H z*mYqI@2ex!?*0UJ;P$DO48(V&Q{0&}h~?4~btz*qjra=h9ib)3z_(u=c_7YMr-8i@ zd7KPm(@|!=6oV^;1Zn05Y7pdC!C~k8p)grv-{2GQjnK+5SE7RRmuYqn;()8Wi`HV< z<96mdR4Px7T+VDGSG(V5hwE%O%QXJXNZUrHjb<3Vd$%RspQvg4vo!1YL@Ab#g*`wM zvu+*3qu@8-)z`xmkI$8g915G<7mUrjDdHJM$r|~hH~-wFSudjt1<@&ida%33gj$@Z zW7x}35-mu*YHUfSRMge_p7mhKLqP+!(4dvUMUY?43OnBnC0#crgesbL71o%P{3Q$5EKfseLQ*l9nDXw~8T6sp+q*}# zAR!%Pe_sV=1-TR<=f1_7eUv6KIs6D`R6h+(YeGk%2pZusXEbnjnR#87Q3WKR)k z*CY*}Lqdo578JWtm1hb;m-R>5uUD%BamwcWl&bW7n4~k41e8jRzyCR7SeJhG&|XG; zV$^X!?k?Rd3STg(bk%;Y`{UgG={+x@@crfRrJ%2-?zHJh*WMp|Z#{!}gr>d64=Bx9IH9;Pe$@`#bJ01FuZ?LHT|*%!3ty>=}-c?2`t` z=S8M1SwfJY;jlEz9|C$FW9d!aqf0>YX~u{>4&I$%XGWL=cQ;?1u%C-EpGTR_r^3d{ zC7axOs{g2$gwD9|QrXd3)tuN_{ zNb;nKxv(DB>-HqJNd+)Vs?X1*%Nl6iqv-fSl4(!%1N-0@SYUMTW~|!oyMpeKILcMl zFd}ny2HnMdf>O6BSQ-O&xG+rRY;c`l>snvkJL`rVc&%n-Zk0Tqy+=v6cNrt^F11=T zI-oj@$XvY9X~))2Bu)8jswuJ*%9UnK>!Dywf$o69)M6P7^5wr^ywD&q#>f^cP2!Q< zdjbE{g~3zS`ZfS)Y%!+q)GgCp&NUcPm6vss2>wl=>m=Q+!nuAqacCKRl;x@a+T*dZ z_dRR(yzl|`M2<(&WNj%Mi-+sXM$svhW^eT^VBYDI`$>r=TVrOznl$sQ%5CEr^^6+I zm6Ija$c&LuT5#bhu`f2;=M4M1>uNlA&iZcSndm`tA~(8kwPrJIj^zz6G7^=Yi6BPXLGeg z(UrK{1X1%!95@8AG47>7d33-23;NqC5a|WvdKC#>EzS$2U=T{U3l8njE5v?ycNBx* z7vLueH5$Wp}!V$V@U22EQOQY%{{>Ba@yDi)L3$sAgafPQ1w-DGw?Wh%D@K*US zPD8j`ul3M^J~e}*aIfzDK=cy|b~{W@P>E=VYlxg(^gHQ@yz1mtJ#sr%HCLxvN_yhQ zJ3oS}oMmK|4b!?VU_`grHm9ZOr^)(He{L6V9DNTy4L1#m;z!U2V;};AgB8js5-;JC zDWrBW*xvoa_4^4uW8V^AhLOU5Mmdy3mLhU(bPD@MkXA%P2 zWsX-Y?oldG;8mwD5{&h(UdhQx)HV&&)_8Xwhn~jx+)7`L(gx5$)+TPd)eJ^$`W`#p zHf=e!oNHDFYF6<)PZ0glRFBPXN(8E3mX@5vk(&of5H!%#U(%C~Fr z1~R#^GJ}y)y*&Y9xcI3S!JOv5WG8kacoJ%M7X~#uL?K1aTn`l>C!axkL2*jS)q4n+ zg(>6;^D(3qJSX&y0FugoKj#Fv8N;fRu3l)=!9|SQla^u)p630YTh0|Ky>j=el4nly zYg?+=M^V|~F)QcyTv%BRY4r`Vh15VWBqnYde4``C3mbqoPeBjalE~>NjM`faR&MGr zJ!CT%h$*n8L}%?OE|Znef;oBmK?F7>sp-AxgvaKq=$$J7te1 zxU&HfL83B#^v|4Grk5%7)6c0DmW9#wUb8#v-qB~~#&lo(sEk0l#Xtcaz9fND!`gMA zLX*w!;WA4EXHkw<`O*%__F2@dUr@aMB)l*3#Os|+NZJ> zxX#A#LgD3FkFXO}LzY{T!f%SJO8+1)TS&6z#*!t?HJ`171g>r@4I3nB|6+WnaZj~@ z9%HWJm1x*$xoD3@>qsQHXobGlw3<;ak-MQ(AlYkOjaf< zS^hFIGC49bHZrO{gq=X2fQ5jL-c-KKA<8Thp;>!azi#W-{950nso}Z%Moor<$vH?_ z19#kaq3{CBctL$nf3}`9d1333o?JhVhx5lZ*DATT$Q%A7N?#Tqn@P8t_;i4yNK}=$ z%=kPDVg8hUu{I`01IZ_v9Jz8rOvcQ)?|9rGCwSZ>$z89R>diG_jS0N>|8$8J2}fJauJfvk^2)<66F zyZ5dR0$cC+olWk|20?r5hMD@0-_J7>9GY#4Vt+54q7HV<-d%9&y8RZ|Wf~i`&x`?( zVA?-Ivn@A>E;#L06ti@Apwe$2sP`w@7uu`-Z0z!K6FHirVgvxUXMpDqfq`c0~g^rE_{GU!x? zvq2)iqI3N#tg$CO`;K`}=4Rh&&%*^Vg?Zyp`G4nt7Nui<&-Ifjwk~aIzP6_I}rBSd; z(&|2nhBV8rRfLApQ3ZNnm9t{6r(K=jVPuHzy^3|J^ z&-dxi^5U2Ur(}D{dTu;*cIDnk~B#qSU278)MJzV5l} z#+BFW-Ed_@q>-Py&AzlY5q*!#H-*mMacpw7q}o(bA=W0%QlHJ@ta+xfgn1m`Wcat7 zP&MFoIQ{DuZrn&at+*~u*#6^UqO0KG78ym;6oxA}?i=XwuPx{XI2L(NK@W%OG&rxR zr}1WC_gC=u&Y))1@cQ;?Z}_PwH^yuzgyP{96`_t_rGa#}mLDhSJ3c;5j>I(b&tc}* zT%$+a>e5`2jJHm_)y&Rjg|a*dV0_p3eiMh)GCYPvQ-vEUO=EUO*gdI2TbYGhtL1w6 zJx^$Htat)xu8(@MOcIApNFx~nd7)TTI}j6qb^YS}U3_~g8nOA!gX^m9!}#0ak#fV7 zvnXk{Gu_Cyb$}Ms%<_Tu+x?`)#Qod={=;L=*T9^P$`;s~%#8eZ^r0I;&#;X6Z}otm ze}{BystN485=R4dv8gZ1=(JYfDu3lZ+MmGPooz1tTI%{8zd;hiWsZX4vS@4?q6oHR-S*}j zeI}|k=^P5Zy-tiFvR6`|WU5n`3!6Z`#tFmjw3K#QC0ADNyqwd)TArbMQUjaSzXkL|f17MqVP3ACR87%4}Dk|ODr7dbHorTx8M~2CZ&9l zUXF`wp#{_qL6sy1XoMYU^a7HEhl|N@_r$N&5dCCFzBdQepW*NPtVxrP@?#gUe807& zUQzMm(~Y&;eiU!t>Slk+Rng0knH^d@D5^&C{t>d=nT+PvSyVRm6B+qq4|WmZF#qFu z0f~grdLjWEjR|b!&?jub!S}jyEYzVX^nIaG?rozFOz-LB36&RSyI|H9wt;0@pQn*a z`({tgIiGVN7K_z{n%3M2)c+R%=^$M2IDZyYolnV(xg|D1?t0(c8%?cNqZ^D zD0fAF##m9ncW^B>3=biw955VQXkcJ=b5bJh zm_vmmU=Iax26kUG%dXZFUR)TO`GVTQ&{>@z+BqPpr_jyS+54@UOGxeB<(hk5c@eR< zIQ#2yQ1;U^s>tmkU=Hi}`gJV2yDy?r8yDpl!73iW9R6BZqyjrsmlq9jur0A|)@}^c zyRdeU^Z9}xg0SE=7TAqAJ>3*m?DvE~F^ugibPQRF>s13EK{>JystLqvm$@hKPc`QS zVFwcFa0Xv1lfI_0{dX$V6@D)LT|Bz?6okXK`j@YCi@}_7DhoPN10NrC1ju)rG}g>R z?Ys{PG(9CU17efxr#Gu|b1Kw$P7SK7ce76?0P^TNllC- zevf$n>UI~^flhQ`>ecIQ51+OXl+MqO^qT7?s&8hl?Ccw6`sK+3?Sd?a2LqBV)s(6Y zBDV()qaRVHqF0M+oog0rCTmD4Yl5_4=z+^2e;m;t-Hp-#)lVoGgCRC zhy0|w01l%MEK!jx(zzk#glQc59(+56bYrUitVNVTu}ShX0A9W@k3d5RJap~p)O8!U zxLCx~1LzUoYA+NyDny*esf zl3HG)%R1bfX zue;6#;FSqB7dl&0Wdy|V*a_yz9SMv}uRvYM-L)>R+5rjP`k784=bF!RwT7wvQg>u>r@w=_=-}lqyA7f3OZ>7?Bt?RSvT>iDph}3&hU!b)sOqE z_O|2+to&q|voeTeq&>ir94#MUBwcAoVnp}=en2K#s$t`MAM=jtkMQ+{;>1plucdjV zrdAIuwI?Os7Q6>jcpVV9N8h~3^XPT`teLdm6`7cIs=FUz-Lh+9sJ<6)m2$fac@6_ zTTM&+`J~3ILhq7eQGwR`r_Y$|>_u=F%zh^etBQbbrgx`)os_NF&|&N!I>@ zAAm*15gD{qsB2HxEBYCXRfAk5SQ*q#!=4b5wOKARIzPWE4=#3k7yHTYb&Nt0%F)mK zOZ->(J5P+f_L#(lGrxLGSh`LG!;a`CjR$e z3AiO{M!Oqafr>kUa6ru^Dkd=}ntYmKnsUR#FAZ$d1az&06KL3o6=XB+cMs*yL72D; zW_X8*<2@Fj^7=ABq6ZF&?B*y}JOm#%r!@1Y#slBzoUTy%-D$H%_M$XWHe;Xi4tBL| z7ki4{3?W`kQ8^2g%-KGdX?Sv`;%4D`_nw93NF{7&-bYG2I9p;k7D4AN~T_#(a%tWTE*!SYUO>T!t{ z<1f<(iWH1RJ!1Ed6Ng=3r;a!?5b4GVjse=-a-R^AGdu4BYO1WLYxs)rs8FdTyKn)U z04z*VM(`ngZ~lTK5OkS(Kl!wszbwFP0DShyWNk`i?_V;g z_x{Z0zRAPaw?OE)&tUYsKqm!ej>DYvyaIw71A1Q@ivnVk`u@vk)-0^L z?F2^QV=ljum|){+k|l9*B?UDTRe)n~N&;_$aQ=L#=OL6A&)63;5q;RGHWVbJEEG)O zUlAp6PsiQQ)F!+nJ=kU~J5Yk)W4_^C7!_O&)7BU$e_p|tRj!EC6OyLv_Z%1AsvSWh^f|c%WKXG7JOtqtbVCQEO z=$dSNHzh%}b>Im<*_DrE_d2r-2vd7+sRYPy(oF5@Ukqh zAwLfvE0@t?4gV|(>2Ht|JUhTWFfAVj2ErJ~fSxA3Nc>9{kxOD2A}7I+hj+7xnx1cU ze7#96%M(Bbv@nnX4G07t^Z|;QQ9wgx3+TYWkh5FbB)$g0hfVTu$OlIt13K9rbaVo= z{{R@H6=00NR6Ye_s1d|4fYD_%V`ehvL?Y@WWl;nT3A(d$AWp;`j+21@Zy%sEGE(#w zYI=eF#{rQyjgoi?Uy}tB(!l?_2bfk?W({-Q-KW*^Au%-Hz}8-i`zHp_JN+}xVT5eH z1O&YN3Vzev1JMD&lSry<``k1kYZhCnjJzmg6a3B#55M~z>K#{9Pv3YmS1L1$)D{7B z1k*==#v=RA*Z;r9KxjjBo|~lE(}gsX{!6CCQhki^^}%p2UmEtnDTsRL7zU}d^OZS) z$>!5iJbGrfu#xrmZ8t7Fx_fFgG7p)A6qzi zRjzNIyv9cFKgryW?bL&wdy)cx4AK9`v$w&T;Quae_Gq4T^J00(N*S9Kp#b^y9BV@O zv@#|nvU<ZISZMf;X5K)%6v`iQaMp^b!TVQuzO96$z-CsOwC;q5L~`dBG`QpYu_0z%e1C6$7;30e1Y_zhpq=d9wRF zveZ`S4p27!mj=UtZew>855faXIEvJ4ucInX%?;iIWB!t@A}{@wI!GvzJRl4yp?bJs zVQqIAc8MhV0NjS2vSU1F=e}a$B$LPEGN4M}{?9(-|8q?%|66eJfA;DAKk3u`KQl%@ z8^Ux8n&l$N&UU+zmD=qfPRFrbe?YK{*=Wg#8c-0^bUZBI8NvH;FZI+rrLBU|F-qis zCaMCCwSWUkUO<${yfZd@MCJCTz}(?cq&9Ix>8D=sj~|;V{|kHX9oF==tqY@|sDOy{ z8kOFqtCWa}fCz{R2nbP7dJ&Kwh=71}0Rbrz0ciq8y3|N-0s_)|m!42UAR*rAI=i^m zUgw;B_r3Rf?zb<0 z86e6PK@wR&AiD-^$<)G@(?Iq zGl1gHqX9Q6SYAV*zr4Smzzkl5JOv(RMp6Yn+#j$16FV><@>r4k6xskO9lsld69WxX zItv6vn*Vtt2>c+sCk5R*h9psnZ_=*ZN0Z=Je~=xD+=Xz1)6yTU23(s!X*}%@vMazJ zstx#QNuGfL1|8BzbHo-Mlz0+04;d^+5b;4Ia>#~~>YrQ=oG5B541^Q_+%A6*v>>UY zJ_w}mKLAPi@8=MB4)hmj0m$O+V!@djIt!2dhs)DREWMM^eJU_)N11<+5o2KYbyW9i z6TlR?2CQ}w@fu+|_k(P68iJ=rwCqCuc)98yMz-ctTI9CB6!4;g!R!F9K7TM14rao^ zOgLB*4%USK_jU*Ut%)J3Nxe62oTENW!Q+z04Awq;;D+9tOXv;*^L3#dj!mgLbk`4OvydJ7O#V!0l|esx#IvYJ z4IB|J|EK(yKb1O{FGGIx?ho2&H=KQ;$^2xSaMx__4x&T>?4_5riAj+};S5ee>)nA3 zR5P)4&b!lsaHj#WMFAY6PavcbxvEVEHbT%mz8S#jv6!9JiH`Mw&U2v3!3JyX9!YwJ z1TaOs&VJ4`bnh_WEW&WJ8 z$+nE8N|EflHF#n7mG=y(PP30AoU}rOU4?Oq15@HZ8#j}MLlK2Kya)~i`jy{8idQR( zH+%->J)qcaYWXq`@g3(d=ddsWCtMRth4a8Sdt+6bOa$=yGm6l9Pq~Kg(xC`?O_9^3 zDD#S&d_!7^-{Bv7>Kd4wGSu5%UgoC7`Cuu7eOQTBpjP*BhZ1SI+2_<(k=wW~1Lun6 zdeh4{tP-EU<8hijG`s8JLP3*CF2Wr$c7%ZR1UdcJb-<4QrKr?@7E3+&{{O8^#ld+0 z`FQ^=r_le)&JUG^ns-sa@9w9=`7!G=sHVsl8_UB!Njal7hKQiFZd==HY=Lhaoh=w5 zJ#4c##9QYXHoiIgCqLR}$I22Km89{N@8B%mL}iaDO?$ znz07I)y#>_;>#~eQ?yzSdza5>pCAh3Ti=5cf3Pl{b4S*#trUH~lz267(fqz};KmRD zmem^2L&6=NW*`C9$T_idL9==y*l>oX@PwF@nSyWBLX1Ow9_ScmIos-)JV z7I*fN^2%_j3maU+(~qg<<9IGbAEH`u-|fOhV^kZphnfNC)aMeB1s^3FkhNr(QB#ub z?rF@_gxAcrmSgI7YKf0OvCamcs`IeD&d^k41>K0UD5B1EyuMAi*B$ke zH@fLSvi90nLw#CkD z0Uyf)d!{8UAC7EDzdi0oO;>S#ZLtj$=Tg(Kz52fKZG3HbygdzVg!l}-{XH#YLEi6R zh5YlGf3PAP*yW#@1HY}1{m-C3{;CT4(|4mig`dKR*H5r*Y233HTa$*+eec=NRmO6q z+<+~*U4;O}tg!CVqxc=N&xcQZ)Po4(b8)U%{?AAbq7XJ~Wo(judJ!(?fU2K%jnOUc z6?ZZJb|&xwPgP~bgU1ds8LyA1>IxTA9C6%}Q@NdFcszYGz7Ac~9PD!mKQoOE`&kzO zawc`${K0laC~csDjFIAPf|{Mu@$?i8;Yw3Orp-7(HGz=1(wCF6KDmG;4K($Lv_`hw z+M3Kd-Lm9W?8{2Q2d$Q!Q*Wa+B+Qj2R8HD`KmHRL2~>^+$fLi4 zRPmtR>cjsCu9U{jTLP=S{M`Xjc!3rqSO7&3pyu7^>7hNfpRS8Nn&Y2kY50WJ<4Im4 z#dG=>GovR06^ahi-SeaD$N^AaiarH-HydZH&E!C+0`uFkn+0O|PBE8g76Juj^0OaM z@^BYDfTu<>-Z*VN<-8Rbf<VZ~obR1-u~JR%DnA(~bYv7=qmdw(9w6LsgwgAZ*5 zf#Uov2D&VEqY{P_N8yO~fMeJq6~AftRSYiSm3x&ZdeQAs!dZzntbd%^;5*-IFK*-r z)kn-33{QG`Gw7)O9NGW)U?(D>%qu=e;F8~Jc$Y3ctte)*EiI7AlN8Yc#!om)A$648 z3Z5dbkC7d1!4;)ijiQ;l+%_k-IMq22X_y+MyL{f10)$ zgG)8{kszMI>Ob4k7>Z-rHu^LlEm4UN(X_I?cc_)FsFdhuSzcT30*Mx(n9P6)A&1}rWdriiN$!Hwk@zB>( z+c~9P5F$IoUHaHA??f`!G45=XGoF{A{ksZEkiR)t@i;=?TMqLRkG_xI~k z^uE@Av0^&gy4$kayJ8rZIC?l_Hw*WAKNBuRkjA^I^}AFn*_o~zR(aVNv3uNRrFP`o zH5Zu-kBSa?A{EaFPCK+!#*~r7<5LryMn=`iN@siWw$)b0{HruPPJE$zP4;tmPg)k0 zd|v+ko-Kc4(ev?q=J!WNYP`vBFNkp89_+H6M$0{g-~}>vLh>NGnC4m(lQmAKrCYHh za5-B~`kSkSl+mtNpIJAmB3>z zgK+}9v7{B#$7ThC7>f74!DOe^7m9@7#*^%S<<(fRG5(% z%zcxr;0D{xi!mp=KYWAA@kV7=4$@|VMdO!Xllp0CR}w-pJ%bh>%5ucK{+cnT0P_a4jVTKo*`JI{{)i^G{klI-Cq227l-4e z$(S_0T=uh{P6zQcm($D3ZVqIl%s)_Tv1M}QrW+V)bU@p$meIb*GD*x;AA`ovGw9ss zMK_=+#_+i1seqdF%7%Wuv<)xFxrc>EkJVQ7vOLG0!*HZ{KCu?;&bdvDvTs`(V|JUp zzf{MxU}ZeyQ8S+9roy22_;)N3jL2NrhuDm9>xe*=qO!P2Fy+qO9;7UFG;zSdrc2_R z94J(0jA)dMWd+5|OE>tU9zA$?hQ9nV%f+qynSfj&$q(@riJH5WBOB(D4R^wIRnQ)p zJsUdtZj)EA(b2YH-HfLbs0y7#S2aLqn+&?>w8?iKy>LMcpQj0-seMNrD`vsB3;A- zW!WN=rj5@HIf#o?1;@AfKIf53?0#VsJTrA4nUqDzIc9Y`{Dz%Sl=Y&Fiyc>2_ZHxd z)mo#Gm$w?Tuf7GEnDFq=iVY6F`^N%|1DpKsvB__RENQ?K{QApT`FD;Gz$g9_QF8JP zH(XesSPeO8n2TfoEzvo3%!cb&Mepf4`N6Xw=Vmc_?A`O{V*v&_NndU?FspheJib6s zy@^K?E|7Xsn9&%%H`C$bhNaje?@D79o!W6mI}y6If({oVo_tpmT0#qxeO@?P!GQ0> zBsD@ATpWhhaIj+c=>EZWx6BEHg0d8P4re>PsGGOv1$A+ou@pF&O~fiAfsxeZ8T5>( zGGoVnGwAbPO?cM*rSnT{M(j3sz3vU`o*p5eea`y?UaY#Mc*N%Esv}p*P-|t(}{HR%B-Fdow+LAvm4&6^Pqe#sXrg^Oz;scxVN@DJid3>n6P(?OEl#n{Kc`=v zZ+o@tsWj=y@8^QX3%E7GXqBdKC;Yx-~UV!oH}_*1Vv&{M-}jyl|<`w!Ag6 z2a>LSJ`;HPX>nTj+$sI%+Y=|+IVy~sA|K-rBD2>|^IoOfvK+c0nWF1^6s-V88A)fU z1i)i{q44|tRWc&ZgV3P02L`4WBh>BerL*}SE3!y;ms4L*R6a8wI=)BtlJpf(q8(0B zfZxQkV#-Y(*N{cG>>#IL{`R-xEO1&X(30j= z# z{+O$^118*9$`@;-Hu2$pjc};u?JI$=Q+4%S9b(@-JRM*Te|BisVVW`o?SL4XsP~_q zh*Z#=Lb2jK+iVQyDco3N^{La%L329<7xN^3MDG>TxT|U_ZO&BHX0MN7!8+ z=Za^seG0t9iar!lA04I^_tie(dgIe*i4waxH(s6#WJg*T<`Kh5lh7t4HIW)i8LlJ_ zfAUR1g|WQo_}fNHJ6o}}$K}DgEFw#VwyjaBF&nSOMgoqM)FM@UhD}6!iCzRcWBi1= zzJ{U?4f$OALUq_X%5r@6;pwe`O11H=aT2!{;KZ)cty2qE1J^J1AWJ2ahTjN8y zJA=Z3uTUKYr}<6OkG!CY?VOr|0zB>{7|@(8|DavK0Jr@G~E3{f}8 zwiCGhG-O;JhY5cZ=0>k>-^TI&b$*;WFWDxCKF>!8x6}j3SBJnF{(iW{q#}JI*SW82 zRWk3bWrIcMW85?NijlET&-#_h9lraKB8TFcJF1hGj>xnB5%G9}(gdGAg=#zoHv*bO z!x|p4QF$YCGrg;~Dn)Drla4dkyeZJ8`@E})85jekHxrF5q>IFJUwwE(C9<@0-gS=- z=Q7{>Ae!OMbE4s}PJ*2Hle|N-YzeDRk8Lk6e|ky~4kd)W$WQY?a=JEUM1B|Ev>+WX zvy%(n5)X#4Zrhfkrq>x-8S5oPeGgNm7pF9?-{Wu@R=luJht*9UjttliR~n@k?F;xO zz?@@s?lH?wE6Nu!`Pwr~A5qkwW&TVgPD!9T9NSkmVyMRQgKXj+i1qcrsL0!WoXLD=&A_%U9Y4AYy%tQZ_9T-h6xrRCu`T8y`huTk^+)v3^au;_ zVL);h^b8zu>8(7sGb^nznwbeT9f*>^s~J^O{QBX~9zQ_}li7Io&dAk4xrk~5HDsd~ zssU%E{f0H0N$R7f@q7C1B8Ot(IoF4DO2g)yK0i3E1n9caX5!D(G0P2r*H$L0dD7dt ze$S;d*TExGtsj?ZbIr;ue6?0W!1a)F!0pQoW*1IaFAgbw-iC!iXozx{7@QootbY9% zRX~q4iq;xoZj=+Yk^Lsc{74H$_=YUy!$uEC-TLlz@Ads)B|ZS>ShtY^sMS+dIzR~h zc=NP4oqLmqgN#}+jcJ`mYq{6E;;5O3>(GXg!|4)p2^w7L`OtugjWEIl;q*^7w$$<7 z8|@}D!afavUztSZE{wCn#0SESXYA-z`)nufY_6<}a|gN;$F9s@8x8v$-qKe8jSl93 z7oOe$Zw+R4ljS;$)rv)p8UV!?QKdzG_jI#jDGE@hCj~p=(*!MoeMY^276k<;7|m!O zUEC`zfDga?REhku$+O|GW_ok=iPBvaon~d26QKKpfVi>B+;}Qxxn9tS@ZrT%&M-o;C#wgj#zG&?hQ^Xcm>ktr?%I#gFCLllt# z2)@N<*Of8Fr_lS2yWfAz6LRlqtjohu$!Hq)_4jY5(q%mx+ zRpLG|I=bienv6WOFjorRyd(eU%m$Y#ss}YxPtx3+LhgrL;wMF2y@8;4$=#!11ei-d z6#XE3KtSy?^kE!`^z0UIUr{#I2G!HojN@%cs6w)HMgFm(w_k$KQ<|9|E(usC>e}$Mg^fwaO z7shJ5a#qB++Rm0&bU3v_`0=x|+cH@MTjG7pLcKWPdhB&rn_+7XdAj_DS+nr8z^7N^ zseuMp7Tn^g?Z0${kq5Mh2+u+QtmveI`eY=YPb>DVi87Dd$C5ZycHOOaQH_Xf_5k%$ z#J29^(peF}1u+O#kSq zp^-+;iHfb4#mZe@va>%Al=*ZbilG}BqJ&|wpVCGzrlwNeq=ulTvS%)a|YwEO6y{kW?~8C8f{L#D&)=6IGtTKhVzX% zs*u@2!FUF&$g2CvHHVGy^fMD7K4+KF%(e=MX`66~t$gby7PAl>KdrTySAa&s4VHe2 z%WN_V+skpQ=9EpOV;I!x9q1}@W|jF0HpSlo%QaDtY0a}aJ$&?Id7)sYU4%eQTkZX$ zWvm! z*`neX>GtX{8obF88goZGRH)%FiLUGft@G^nAaV@F00531InuN3K?2Gg6=nThfe%vF zjEs!!(l@z#9gg%BFjG?r?8eLJip#T#j(>&@El|KI3KT@$crhz zuv6YhoLc`=O=p}P-orUnEs~}t$ma3+t2_3q%&njFIFmZB^Dn17XWQoFpLVF<_iDNn zU%$_6Qdo^;iev?mF)csM&5?7jZa*Rqs8@R%HcKB-o)a^6kG5IcpNnxn7lp8*4H z6x|nxH)M)$?`QIs_nMwHye0~1cN7=6yPRNuedE(Iyd{yULG}-L8RXeiXfo53o zBT$C9f_U%q6+)Fs>a4l+)cG^twKsWdaZBj%R7s%2NS+KK8HRBNa5nuEf$(VQUBeu*}{C1a)-t5rE>aSG3!w*cuUet*Av?G|}>qxwbixJf}nfG~D6RKV( zaGDbo-ZsxGJ#wEjP=>#xylnZJD+xmj{xwQYzQIcA<2A5AoWa<%r~j+*B1y7mm0Fgb z-hWPQnd4UU=a*z^W30y>KYsjh23ATA34)bCKO;gbT))rPRNI}{j|m$V!E%!?84523 zO-c<{K>Q$_J__zvXNa&O{#9l^WWKdwY*>8a^|Gw@O^@%T#W^Iaa;UXn>(3lX5AW-x zbe+6TOJoqzE_1J+gaxb)xQu5^$6J<$eHxK@bq}&GUB9GSa@^~)PZEehy{P+J#sK7m zK)l-?wR=_)F=zskxYqiqc)6L0S{v^G{A3!e5y^!-Q6+5H5C)cg!9cqZEVZ#R^X&o4T0XiyHU5r>$xZ z7g^;!74{G{n{akwpoo3`UHPY_^A+*1m9d9htq% zT9z`e=O8UH=kNE#i82K59gA>qpg($s3G+?ad30CSBJwla_LJ9Wv(TpAtm_iDGJCWH z(JmP%uQdYtn#W+WTuJ>yA+6k)SG{(!H9X^Q@(WitE%M)kd5?S+ty4|2I^>S zKl-Ncoswbt-qglSs5?kLT!x{Xmt_s*=9)w-mPef=Is^E25aANuf4VI2o7G-veEJef zgy*>4!0m!ktIOiNI6y5SH=9^N(oZ>ar13?pZMEg zqq`LboM<=5P?oORjOC2Hj`Cx(@(5k8E^?x5uM!)n1HvG(1!Eq>H?`mCDaq}t?CqnF zXn8uXdjDOopjk0}OLK-Nbj6ZvKba_Ud1)_72~gGSFv_IRQU*5Y*Y$?=ynl5ckZCck zT3BQb@2wg0hBWG@s?y!ou}^ZEbFI9s;o`E8mDwCme2DMEMovvMMIM98V+LYSt?%7k zX=NK~8Eo8gwFX?5FUDB9PaBv;sNQNzWemJ~T2+3gi<6hsN;(DBRwhHgXFks_~29ht9M2srpH3ogv^8U{bEhBsE=MMyVK=Yf2XcDc}d7IG&%ZJZ<4hl!)=6I z`nL(@7b$#>VH~67^wu;g!rM-E@VKlr;#qvNToc-NZ{Wo?`?bP8+Xpqh+sD#cUUYGO zLP(x(D9p|EFOI%D`)GzgaX%0`>km#XgL;JBd=KrFdj(ma(Jut4cBAsQzw2|`&oN0% z&Llr_Md|(SN~`24!H3yqmO6SNIaK1W5>j-7b6(^>&(|H-N?zY-ARM+*c%5=PkHAp+ zjs5kc1(_TFN7VC`Diy*5BCM~(XyUkNR=x4*y1CWWw0;qEFaJo(Xp!=hdz0Z`-bZZ) zh$ze8B11~>3W8JKW{u1`#UH=pnB_LEqdj_t`CesDZd{psVlxE|YQ`n+r%PX*DaMYK z`6(!RDRd7RTJ?uYk34j}esP!Q^MkugNj!e8zG1rtG`wswj#9UD^zQf3M{AA^sqniF z#06y}_s!>O(^AUuyR{#UvC+Jrq^B`(=bI8a$eah~z^`B_YawCh4a}TqrrP@Gm%6nQE$!KC| z=|q)(dsFFYk))xNFp~%E+U7@^W=rGh+#VlBP)D)?zYW4&*C1_8)hi}!;jGif6w$HA z+JQv#EBhYLcROWQo9a!4`T{xi>^}87_Kgh*+V`)ziQ<=M z^;2a*Q0r{ewx;T|MaWYtJCt;#Z`R;YEvu|&*y|0A!r@G_7Z%W}csKN&1qf$U(CSr; zG4HwSdNIystPjsDaF);4ETi5un+i@95~T%uf~2QMVnQ6ItsF{6)_1tpPKGVd*mP#7 z8=h9@8HSx8?8`!Vs|2UkhuL7mkxiHMqNd+)(Q?$MU)xK`;{7P=JpAh8a8xtSiSe1G z$Hu_VBP5Qt85K4zhKEi;PgoinSC{6_z!)xBVLHT4ciWrYi?%8yK3j{^J@zgwd`Lm8 zcfo}0F>IuF`hw{p2b#}Ey^!MS3Ou{?(HX#VVZL zpWtWJ(xQA5V9#2rqK_Usqo4EI^!wfBDJIE8oKGjsu;SEQZiu(MWu*L(zZ-YN6l z-Pzc=VG~b5nSt`D;l72{63qDcNE6$e@t7H}tB!2O-!DB*S&ZU&fUcAFuM16W{J%%gBZ6ltoViQOaEqgVcnx!jU28noh+Uq#4RiwTEe{2of^p^7nWb; z2vCk{W|d{%%%E0u?dKYv7p=cK{Dpz>%||s}H4g8YNfiAsexQy`JalEo@?pQN=z28Y zMau?k(4f}Q8!>*K9Qsj6o$3?rFNEwxOFA^2CM>M3w{>{hecRfwF3rCr<$SvkUgWm^ zK6b2kdzVuYsGW&;pE@XE`F#n?fj$1u+2gnJpnRZO_*V+QzXPTI3YhvQVfee`xS;(= zqA0fAxB$BroFOSE5g{&W|CGo z)_*3m1m*6;tQVslBB-2v_K1c@8SSZ;Tvw}{UfOK+hm^?rH9rSV3K>z{5px>U;8XhF zcXv}Q@0rjnd#!?tp?y6vZgB;hU_2V{WUL`YpV(G_2?9YIUqq3qJNI;EmP3xacKx3G zJ?pY~y$%L_*^PqR3eP=~r4kMcqHlRCdc$syS>CzMG6M_0P-1 zv8KIbeEO3l%(s@}LC?JRWg;5GzhZ?!Hl=VP=!u;8#_3R6vSpziIkv~)8}HAxD7j}| zyd2K5YhV$ad?<*=4-kiPy1Uh~xvi#RMTk5q@wJAKz!=ri^58GsRdt#dS*yk)%;SdL z#!o`xOoYcvwDElFD+Ad}>p3IJ`HLUb8WZb!Z-FCo?U~j66{j!Eiexc+`h7?$Kq)AX z7oVEItB^RpW3BY;Nsrd3)Eyo9p$feht#}?L(=?yBaEp>LJtb0y%Nc{jc|xd2qQvX? zcQQaxRUEIq7QL_nG22jTELGYvB@NmGo^JK0+>NmETI!In7 zs%!;eL(uC9YU_GK8~+CBwXob%6O~pp@Aj!H4yXbr0fM+3a^aH2`ru~jP~?Xfvb)&I3YUkE#qjHj+GXII9fIK^kLsEwh1J#>jN9|xm*{z z79T${are6XO-5eR`Ujb2QTaFN{fS4FiN|JBCfvq1-aQseST7Fy`sTy4T{)cZeuRP? zHmOk$eVQmSO|?$$J`YHX`k&5;@Sei5-w45=6GJyda)i#`KRU{I8LI)jXYJ{M23EVR ziEt=~42sU(b6mx>H#J0Mv(&o>J~Ynzl6q=b@EEH1hG0%{9+QGm1A?OJq8CQ$7M^a3 z4@PUnd`TfuF)x&^oFJ)oOj45hs&E`{a{Q4&K*cZ9;SR(3fE0lP&LRotLK-J%ze%(9 zgyNb9ab|>To$!ewj}8*5lThQ(QI_2WQPsKg-Sv010;I~SPww(@MttbwR9!U7hGq^`0};m5`|Rl7BNS`T*|>XA9d zuXZzf#8rBR00UrGOuPK9(hN$ z6Xaf%hN4%MoIMf)ICkx2AjQ=p_5s!|Tdw-4=I78U7+eX{<*PIR=$!DXPeVC{S506s3;PiiL0>j@ zlsX7fWzJ?7T9=J87(T2%klOa5UDXuYxj8ZCT{wPEZpL*&=EMRkYm;+W2(c5BMWo-H zM)^L?`dYbjSeL_+H?o?q$&d-$huq^qt!_4}j31Gl3jW zRS%%9*!6~Wx+QShbQ!s>=ewQR@xG8FS3#?%D&Ssp>YQLqTTF*{*)$EMDpo59F@-)g ztm>U$e1lkY^EvP1EVGozLI zJcHP845~K-oNYyX9I{pfXCe>TTnhE+0~g5vpA7cjuTrjw=I${XqNz% z(hK1jp@N(sKG+Z27H5Uusl+#9vZk4`FzXGTd4fl?`*o_KMgy)z3Yn&i#W*zue2dq6 zOcP+QodGx7PyV1Jj<1~34_$|A;;4{;6)(SKC_h}F(Ik!tCOG4s6O?AG!lv&#e0Sa4 zKEmMqv0xMIFjRz#cy3$>rn)9*+AXpER_`OLt!l$wh*eP(wu)?2!O70}yJIqd&{M!s zE`*bCL+m@I6lQ!mw%rg5d2YuOj?{`6n~9qJdJZ5|ge&jSCe^U`bRjSw zl%(Lw_{x3sPsQKkqfuxaVvrbFVCyuvS+%Gzx&T?~sSG|1K>lV^{%s3CWs_vU>nhfGIZ>j>OJ2lD#Fy$+fc^=nvSnuGXZ+5j!%AcpQ4HI--iYLM z&%FgQB)JWi@%rEHHk5X^RC1`W#+i@anH{|!5ILu!oQ(gF4!AraBh#Hmr|m&D*`!X& zLvkwhQoU3~Q+`Y^#h27T=v-fOwNIR$Qq0r@?f0W|#iEj3T5^R6YnmBVPgpY)O*BK~ z%DcvG6XENwOtJuY`#at}1&0|_oi^Usgu($ZMu45i%)ZiZc@=6-(BFGAAs#>9IN)YH z>Z#v_nJxeRhO)`Bi6!oe&$KFODcf>Bbx7BhSb;r=aobBXEiGJpi5!V_* z8Ges@K|2URhM3YPY6C=(0zZl!LF*nW?l@I%LHINem8^0O4jhYsS?}IEHYa~rf+Rue zKw;^dWMOnf>9}#M2)VPf z+U_N)n{Sbk@@B0iPUrbk6VCdv>Q%S&@nvHrJq52u2<6kr7ceT@8V3CE;~YcPchs{SqAnyS9XHOo8v$ewtx5p-KCz3r z+vk|OSsj|PMEf}xW7JB%jPa$tHlv}tno?cfR9AK+$!^J0`xi5^+)5{-wuQ6d9RPhu zo5>bolb!*Lt@;uTeOW>-{4Rpd z(2Le6?>#hkX3Eiki%sviEg0LX;v)J-(iHd`U`LKtV`u7N?1)mh|J16?7D&Q%6|QgY zkUTb1YbeWUE==+2$fM=q0*(VcsCp23xn60%aifM23}Wz}_kv_!|%!SzG2Pu#`a z*-w``Za5AZUGEP~FY5C|ULvyM4>8x#Qs5(NpDbJ4jx;I%^v0YZ9))vBWPHxoD_w~T z=yVhFrZikqIzj}Xp8(Ox3q-p8-2H;NF>PlYs%Sr6$&u0_eqN)O)6IF&q*29r+Syj` z>|Na~AJ^n!!{WS@ac`RJ$DgdlPQJ2hNi?jc@7vxGHW?bRmUUj-DG0V(OLI35uTXG0 zoR>8S{B)=tfd|mE)af&Oy46jD?4g1b2_AbB%h;J# zw1~10Eg5Ccik>zPpZnw$DLq@6Di1FR+i399_LzeCp)p}ZTda1|*}VNM(rKd$tI(pF z_M#O61-Tn?zLdDjsZc@~b6*$}$QNF4AMSaz)VZcJ=P7FDHDbT)-ID%lO7QymEGmKa z1nZp=6gp)DB0|*LPY_kGncl+3Ols4Oy9+laUFq_Alrd9&;;`R$6#G%3!_n;2WTRR6 zPAMGw(c6kwn`F79@!d0_>l~WzS_+2@G}u*aqXntu?Bi}`PUh(_lGAP4vr?|I30uQe zUf)T}ZpsWckQaMYDQJ`+o)CL8^2ntRd8xT>)@vO*j@3!KT&yz_eiN7^;%$sY1CVVh zK-8VMbC*kr}EB74|Q%smh|DFYq7w!39+vZ6`S!R zrsG#Ovxo)&j8Tj{wXA;%A7B6Sx+q-PfosTc@|;Mag35-TewcdM7wWvDkPkkgX_cud zW@anp762_aWGpsNGQ8oY%2NpEsm_?f5^t<^bq*BzSbxF0!iMCUYebnmVU3X?!>AWq zR2TKGX1)`p`!wh-d84<+sB~WcVN4)pB0)pFr+Ag>Mp3u)3#R_2x?`*PZ?!8q&SziK zNqO>~EdPYCh^t+2lR#5du@TQJy~;|SSYpR{4|~Xo(d>Ma)za}4yHY@nvikUBJ)Z|B2dw1D@Fb%{;Mb2haPrm{Wgc(CPh^LFX6r&CihZ zf6WB*!HqjSbuC`=Ekk zq@|Tl;ID1b?gCc-mS_a_E~1Vf$OWKC*J6HDIZwPCVyHNd#E3S#>D> zJ@of2uyiBUV7`6N{;xWaT`d2D4CZeA^sYYm;nx;N{_g#TfDjy2C38tg_{|?$topkq zi2h~|wl|E7oxr*KrOoNT8j&dovAj-mV6?xC+kw%3nd$#FGi|O$azDf81RRRxU3d;R zo`!z3?&s1U7A4ht$#z|miB)oc`}Csfoq7%n%H)uF=oA29SN!+@kO_GL-UePhG!{@w z^aAKxro|63R?7X00KQRAVu$>8S>+Eh!9;M`xo#kN842nSzJi*cR~_K)D1a9Zys)1P z{SFq%wiFQgYQ2l7=kV!-YzcsRCvEWU?0e`8sC~);Ox!o2GiSh0(A^7&dNUHZMh-D2 z_45+Le=r#Y(+mL}Isx6i13DxGNYj5ciz?9!3J(0BSwX}{kgbIuWc;*$?6NHMXP2+K zk?zPqNGku>W$<2V$De%xjgD0WeTfER6=p#~f_9$=KlziALCe4+{-npvKYMHsdTb7E zZYlo99#2I;!31DHY-IhM0J@OBSr>wRiReWVlmDc{e;mR;^!SfMD1qDq1&^=lNs_dC z0DKn{MEqlq|77(3vB&=~dQDP4$h1MDUn8270eT#<0VYb|KXmwy!}o{&{&Do05Q~7I z{SGa@1-jTp()wSXuVC<4y7r-91Rfqt*MsT$|M7IK?yaqn#7s2M(hT7%>*SCQJr2Z) zqEV0ASJACeX^3cDRhFj@+rnnJ!`LwB->+OIWmAy>H53^8AiF6v%_7pQH;>rG2PxJT zn~)j4zWXjJd2TR8ec883*k1yakl8G8^(KOffw=yG(z0qaec7S?+*QbcH&V2wOJ;p@ zvHUy3f9dS$P7nX)?QL%#xO+dH`~x5P;9zlZ8ap_`9voqRjZ_?*`+o`V90W`L(-7Ig z?s>3#9_*e6yXV2~d9ZsPq#AzB5FO-aeoYV^B()AQfd}c+gY@a&bKd_pnZWVIHP)&cCvfBpQF3tSQ)KhXXGo&7 zvU1|h&l53|s&KGy9I#F~uV~$j%b9Fhz?2OvLCpA5IIkE^gU2JZ)b0K}>` z07P?#Xi2IcKz#p?>!b~#9lJlsUT&}0&FVzmLk@bb?;k~P=t7$!R}|ey{;*vk zaRRw}v^u;hL{gZZKx+&Xa|cK_vhdx%du%ZxY4Zo!nSp|`sOu`Gh=XG0TRN-4JNW)BgKQRB>DY!J~{K#%g2Jx=9XQM1PZ}f2!>^ zgCi~J=L&v#2juVF2vyxhLpNx=*gY5?>GA*aj`Uyq0RTdB3nXQfnZvoTkcMCF^Sf?{ zLgtA8N+WY%tOH{;9n7rXFChp2h6iib!2qYeBrJYrkPcjjzqk(ER$S+TH5%W)`*MjVZYjh&__kWce?(!f3=~wVJX-V&HECLw zHfMjq(JXC&zvt=cKU|U{V_|;&H>LKUYS@4B`5V#pz`w$BB6K{-I_6HF5pvrO->Y`Q z2Vl^mT)*xpSwVNOxtSj+}kihWzfihW2=B}jnmvrBhG?3dafWZX*mTctn9x?Ort##Zflinp{YJbmYwnfl`f$Xbt7SDlUz=T;kajO;yJ z%^}7Vnl7Tnr>QJmtZ!HC`8`@ge=)T_xS>zi?8@^yG5Q0K&~k2t+uv|dyfN}9`nxx# znRHSFutKjwFqKL)h_8gHNFoOi%EJy<0|rjjN%a0PC1#)0<*W$rw66Moa)qf%@DRXgQ#hU_eZ{!U4!2b*CPJzfkmpY^E4dw}J;-;Z;C{jB&L1 zLDp=&LllJg{UF;qgNFg_?S2H&Iud^y3fObMD`U{4RXpq|e+`|r>_e}P0LhGjo0s&j{dJw!Gy91fQ)r)o5u;E*u6?i|53$Hm;x!pb zj6wj)p+QtS_+3}^zxn%8J4porNcu^`9$4Un1?_`HwTug?!k{1K>8rwU>(DPB%70B& zMJT^(uQXRzZ(-j^_lzK3o}|*QO#nc&bhZlXc{t$xI5(HIUjp{AaAO%wSomHnZNL!* z9fMa4dOoOJtBRAcULThAC5Ei_T&l|4+@#K{rTS5b^F%a1%YLt}_zZ;v97WK_$UPyS zpSwmFY)0#|H@^ye2rwcA6Tn8(eFv=Z)TUrFsmvtxBZ`zz*~5#MU=3X~VXRj zULimZFzv6v?y7-iC<}>^DD_QxRd|{kOV!cbCz7)`Qd57KL*6za>V}TE7%TYHD z{NIB!!2d7jz{zv8yKFKJ1lPZKu)leaaQ7Wj zW4PH5GPSwf2@1q)D4vqk=*NN4D@okNKVZFenAzS;#VjH?=YU*4@ryG-UE_`MoPbSTfx{(_W2ztOTuZg83B`u&j zp?GdIF&f5&7;L5`MFV{z%gW22s-&1F!NCcR9(%$ zBX9VdFjuIoR__T89N2hwp+0OgCAd<#}sB_a3RspHs% zS~R`Q9v^zLKxVZuB0T&4FpY-Rg)gv?D~mmI%xcRz7!LtXNH?8}s!*$ZTnvvWO@-m5A;mWW!wZfdR3<%c{e zN@90EP11m|yLTJh_A;P$yW|>|Wm|Tvb(5#){Dvtv<-VC94NETi7*HlcMHKlo@1dS6 zsAJh14BZ+gI7Cy@hBH%h#z#9+^X@cCyE@7x^SpSi6Ycc;^oHb{wh)22o)vwCGMqnt z8;bzWG3Hie5afgcblR&Da@;!F-P=Jr`?)D=Hh2?&Tt6OoyWaW!m^s(^!wZPX z&fdSa?sczwt<}T$WLag#(_cn_LZ833^P{Ey)iNmr6&zT?PNVbI*a(~qM#P&f*a+A9 zW-W);Kw@?H)lls4-B;Gpwl{U_76&mK7jKWq{C=_g-PmlA;hak|B#^X}TbE0aF-vqn zj$Z7bE5cmrHmXTa?pNtQMm$=!S{%Bzsh!*<#z35Ldgc+a02HCaSz~V#n@GyrU42lt zHZeCfmWHX$C5^8(wl*yoFAf{5-{{raT!)R~pT)|_77V)D`ac@+m6}lS!eJcTOA;rP z8(o7q1noW|+{3+r`m9GbHD{d<+H0ukjXwXn*}3&pEcWLE4L&`VN_-T$dDSo?L=s1S zA1Fy*np^8~zW<})?fb5Ri;r{)$#Sah-Kg=BemMDM|`l z>e^xG3X2-8Yak>pSZ~2AKHs9PO#DRoebIDJ#6(%uVnmvmYw>;MxOWF)FJI^u1S=Ao z;a)C@J>u5Ap6IUj^Hh#k1`@QT*{@QD8?^O<9wjOvp%sn3&H^=V{7)~gPn^=`HrAN` zuEvOVLF&!-sNa0W9f5gl0!lk?`qoLDW++9bZtAA+HCHx09m~9!Q>C4#nfBx@q<*D( ztM?848c@p?Oiy?;Ho3R^z1{3!D#f6DkD~7d-9uW6^N?6O)~xw(8Rnda4@T=6|wDqo|96r@?@o#et|Dc`%FBqwu}0!vW2wN;`?`Pp1B03 zVk~@S&wjSW6tj5%y0*7`Ln+}~&_*SR$#0?{?9PBi|LB7R{q;#RHn3OeCKMq_GO%9F zAjX=noKuE84dx;igI&Gn&DTh&c;%3(^LJUKsP6`z?o@fc3JV)y%CkrNhn|O@#HtY- zYL=`XRb+EC{l;*hWTOZCOwKz7f)$5Ae=)zD|I!xq6NJ`oB0);+aVBSz|@aK1dP^O&t;kY)%Q@KGLOUE5Vxrhwll!(N_y-B}4AudXk6 zuw~Ruj$C7X!7ZaN%VyAb-Y5nCLiwY3cLgUjyB}UonpkF;0eYBG+d()3%m>_K-!s@H z8dra+DkMEZJu>kX6)B+}WFdcH>ZN2uIhqVcmV=JWLg=8gqHv;U9c=NO0MzyjtAP$! z;uQaoJpocTjw=@6UUI}BZFF5!NkB%o!V3%6K+~GpjEu+fbIAI)v;+LS9VU#fLn!rn zxnHpMB?n*$?fc?`2%1v_4!pt>8ytUomP1MUk#gjZTdZpv!*AZuWOk=MO{)t{uIDR_ za25SF1Ai)sutpJMac~r@H@4N;7ND1Of|#dZdxZ^-9CIo9qFplF7wSCUcU@1kZ&U`( zh*ZrGb5a)wcwY=j2$z3|g#x`W$bR4=zEZE%G^H@ON_@cv#SgdkG?-c(piCwFL`w7P z2g@=6tKVU+;c2#>rZTba z{{!;vya+gvJ~K2E>)_rlb`Wx0%vL*`j-cx4{*`vXTSA=me06~@WkBo))#vj~Ew1%P z%MV@~C;cIlA-+Xl!io^Tw6XrmWjuy52U|9_dNT#Q^aOQP&F^rA_t^!#WUoC=8hkvM z#cI)Q$W*=Ws%R^{_-H9&#G8>As+1}#-G zKJ18&wR(Zs-886JZmsto5fg<{=t(5U>92yjt#dhc)%X%Xd;5=8H;?=)&6d}o40vW2#D&6Cin@mx zjy947xZZX=NqAu@Tq>>s`dVYY5k+7o$9Cbu(Z$_L^zD$h$+&TC@xN@OKg zI!`YKq*>5ij<(U(6!3YJSA?L=t)DVS(Ra}=uwm1Pv2DuRP;$7NxD}KUr)`zOzJFrf z9NBVB)AwdiTU~4B{lhEXN5fZ&g}>~Z@_7@Ni-hO=X@p@>V9!GYtsyZzn9bcgzk{xL z&6`22v~d2X&(#`Z^l1i7p;SD3#QnicF1~9l?{y*fFDmNS>7Y2wn0`uSc-dq8^{~tNAU($c&!DE5W`vNM7(G zbe_weZ}!VWigz5IUi|i{9XIbRF~o@d@n zXVyROnM@}?2z7qiy0i((4(;Vr##jM}Okw{UrT_)$6(DB9Jp_}M418E~9m;L@th247 z145rX$Q7I}?+{^J6a4V0x+=x^$j{CPTNQJ*f~}oC@g&E(;8M$7%kDu|D;E3YY!2 z%?Be04SV$wD#LPvnugJFE5PFHo3BE;y>UTL!1R4FzR9RpSxZzg^}pj4+yh*_F3aZ; zQZqje3=;p4WtZRSMTU%xL(<@A(@}05qCJ;Jg#(I&UUO^XZEVEQcF8W7?#(>XWv@-E zQ&#_F`SL=?ol&{pkax9UgfsSFa$ma(&hR8y73cW{VeJZCkX|-$S1a~)r4g7I5^vkh zZY+dmX1r|AeN~ynIDB_!wGlt82~`8LK%FHKxmfLS$SOQsO=u@XaQsyi-mC!2b9cLK zl=J9W)8s)W>N6S8*ztV0VAF|)mVOF0my69cT!=zR5(KPjZd>At?>FG7n%zChew-D0 zMFxbk-cVfIqR6SJXbGi$C~vOeGYBB)uMoC20ib`BAnNd1u+*%V3b--`63KGm>)^(7#5k}K#p5c}Zc0=V$Ud``YStkpCTrr;=39RswZBiA>4I=g5aqo7-yZNEMz~^JvtUkQ5b{4848It0 z-VQ$i;{U^<`ulvB))>2BY5#K|(Eq;;MAq^uSBY5w*DKFY+zg+%U#Xn1$T}~(b>~cyuUHI#rjIUdH#+oe2U;d&X|NK)eeg4__N5Jep#~-qrrx-A) zd*vE*yDgCP8tMRv0N2rXgD&p^M{%`(JU_ZO)%}}*QXGBBkkjT8ds-T{?@Hc}cUMwG z&pC+&;Pqva5D*N?UZp20j6yy^(b~{6fi@Mur%nJ71@tB)#_fYXfeA8(1QswUW)X~2 zYxt|t1$K0P76}C=6$#KIpyxwi-6@zegK^$Ij zQ0qI9k9p|u4b$0KbO$hs;`;_pXpz0!WE2*g{_>(c_5+6=qY7Ilct@-!fTbz}eu9p@WY|%s>k!Z`wa(+fQoo1&|1MEkhrHMH2N8 zx>X)0FE#WX|epj~jV!|3_V8KA8Tu#E;x zA8kymmwqP4Ylh6jE5W_sFg0nMFF0Yfxna5{JMD+o_{oEcJVp+29{qXBNA)yO0*NoF z+%tiR)WB8XO>jc1qtr_y6FqqW@AN(5N7GmcmwU{|A0#U~Oh+F=j0W&zA$?N(`jTC- z6!$5r<@V8JbcLzD?Xc%KL$nY|p&g-mw+m$$^%PCuEUO$2NE(uD^XaC^yXh*x@8S@8 znR~+1sy{F{0faUL(Qh|p?2lr+ty`m=8phW!`a|Zs01qrh zcaf-jfW9iZ7&xiX9dsU$0QcE8S!C@)0yE;S9or455$c4}k8JQy9sk-}iZZp1zc(cC zhTQyMKR*6*rjz&A?J;dncUMLY3MpZo)fhRN_uuc(d?zD&P8kA(COZs(-LS1j1D#bi zBr3)bM~WpQE-s$Iu^nT3D);c>gvXUr4wm*&olQAMkw)zXcH}m9+j(~d^fY!Z_rsE) z$YiVd>8-uliun;lK_w>s*ogk1VBTU-n~2?ma^fM_LV)6O!Bzetvp0MXJ`M}Sxs#~L zfnC45nv3W00@l(>@dSjH{MfpC8=cX<5Kb_`q~LDfDO_|k!UfA1m!~cxjx(QSP##tBUHIY8 zd(YUcnPs#r*c4#1wTLM#V2UbN&fd~hU5CeY;tKkoZ|o_N&E`*Q83wPmT>`HD1eXqG z4w-{6oZxAF?3~JR{+3f~)k_U`tKG2DTA6)nR{iFxyC*}P@JjezEwX?)3)Ce^&lXOl z=)JF1bR+E-;_$(612jnS6gKFM6Ot$@+y&Ps_6$2{NbyMH^)TYY$x#<2s|_kFTCC+U z^>*xi?BC6*fAFvoSPDpbqaCB?8~%UDiu|Tepn$3AVGh-4UHU!d?dwWp_QGXie=Us0fKX~1h$INRSg#E;@~rFUY1CccKnD>k=Dw69ki zst2$#PwuOI&BEU}cn#Zg!kdNkLdf9GD_3!%#+Vv2UcS%rQ?(dk@;8UcAxrVpXc!mM&D+>SaF$42UY|}t>jj25t-a230L62`SCsT<%)4> zZW6R6suvcXb+})P{=Jsie)Wy_jD9PpftQQNfyW=RiT#6?Oa8nt>WYeT zSVICUh@^A+7QW|{`d7>oR#66hIyz6)N#bgjjPj%QbrtaG4Ve$@;jk9&F&JPU#3X6- z1jhnvA_}Miq>A*$b2tK*R&@QEZN@Z5yh6-U0e{6ou&;5R`L0r8@@Sm3&P!&>6|tGh zA+dM#t10Hr-ewNAE4JonNs>-t*9xBH6@+*rvh`8569_PE=*RFgB~TdrWDxM-9@@iS zi2~vZ8ow8KqhMAc(rduvZ~rtuh%jkm7Hq@;qe;ny?n@xihfIcCB9_+hi0uT5XJ8$4 z_A1btC9aRtuRXag8&ic#N|evA&Lg~SjmEG{0S@$B!)!hLjNZE2nj}hPrfCN+Od7L$&K5;h6I1} z>;#DH(FKB50G;Nf@0~UPgmhRPBD&Qr=K@NN(k~Y$hZR7*=1Q%92!(O(l{tUrQtcJV zo8rJvKT+t0MX534YLPY&)NK5|!De)MJ6}_@MFGmjQA>-vwBUPH{WG#z9}8O{3^;?u5Mx# zTlMZkUmH_sTTSjcv8IGw}tyC-{c}*&RSke9sA^c8JodbYG1Xb*C0^E#vObe{)kuj+*}$ z-AO!4-I@SHLVimwiCT57RiPVF?Kv9mkgS!5QuR8xg<7PI4I(`0l332OSuo+)ad4Zo zHIpdbCWa_LJ0K)>S93T$fgcmLKw)F9KMnrj^~^Xbeemd(bDZMA^>kLmuV>y?#AMij zBu;cTp=Mta35y_ssLk>EwwQ}6@2eEvBt8r?=65I|?qSFRd0p?VUaAD}^0gLMD29zh z-TDo;VwR*|;trx?+{9{(AH;u;MzqQBImBU}DEw>tV_FfQY=VXpm?U;PXZ?n+5;MA( zC1C7#1Q1F92QZh12jbNLYb+Bp=s*?}A)zBxzK7-Cx(i ziNBJ<*sw$fkeDHV01{a3maBir9K>?ZwZ%iiLWY((Ckgy`MS|SetGTrp;TFjv1EKUh zmIDdTl-KL+hXNDIpVupevIxLx3F`tdCNEln7+3X|7VX^d9}kgKoRRpb*0d}_+}WUc zLQXh6NcopQT|;!cQ_8Im1*POk_ipipL!wsD+5=v)hpfRi=$(GsCH@Kat+>{f`pQUh z6-UKU)HbB?1mhoktfn!bPj=fw=bny)i>{~-fhgRzA=cP?O~9bK*m!lrE&AHcyBDrme|b$`!w0MpW!wHrXDfZ?Rly>bPE$>TR_D|!>&j(cnF!|VKGk8`)L3IRvr2*8+tAP zAh`&D_}lPw*#@C4O5d29RZRf&{$mx0M?=gCK$~mSomH^iA&qeK`ozT$Vfi_0b7G?- zP@M4LzJ^eH;=8qu5avdgV28E$Uu$a8rSHvc?_6B6p#u5cW!I$czy1**oy;^f0TYKL zX24Negj>8S7}MgkH858f%W!9ZLrR|k9y`;ZQt(5~ql@f7Bu<81?p#?@!c#1)Zv#wV zKEyiZ_K_}yudTfO;)^kVi&`pqle>|%s}mm=sjjW&l*%NMq;d2!M@Pe!h`$^%>5A74 z=8jym{-_WaEWW!@S zMG>8Cf;P#bDlhMO#d#uk;f4Fw0%G7r?X}JXidd$nGQq{<;xlmL-J6pdV`UNs`w2O& z-p|{^WsPp=+J1E?5K^muw@8>M_CU!~U zZZ*{tiF5sblC91*Ag$uIvFAxp_Du&jC2u$wS^w~E4UsklcaQa|F)%N&)r|QPa zrtFb~8T|-t*4gyYh(|-eLv_r|_}&PWLOY%k7}P%Sp}o6uyzt#@T=w;~&5e=D4l+sK z6}qL4AFNkR57?x z$IAJgniJEycoY9_>}>did`bj z6DcGo;Uh5z>b=528dwHFLZP5w`tJ`ubGhEAa_p%na-~(YqevQIx%pnofjeLG>^ap& z2WZUmse2nU8XjY>qhe4n=Z5LaiH5qf3|0gp^~$K+KGamRB=(H*hAcza{*bwwWFVn? z1;{u02D!F|Rc=Zfi*Ji-sy|5&>b_(5NPtP#Zv+jVE7sjf5{ywD|e zN;l)tq7+&XkVj?~;f=EfQ6Vl-DYw&m#Fhg7x)L!57mhTf3x0@xSc}H@%m5a6M9YP&9dk_8!1;bxt9i`O<^P7pvh?%5 znA?POLIcA$)xTDfoS3m8*F9;m!tr_tIeAXIQ5Z0{3k*Y`K+TIBNG3De1gndHa3%}rWCo6?6uuBp5z4lrDk>?-BTc?7*I*i%>R?ZlD3BkKGri>pwR zGV{9ci<@J5kyqpM`eArgXvgC`Tk722Wpl*&Q;I4@IJ38jwsl+Guoc#S(W`xV^%x#+DBR+Wk@QIhi~_gKr-8un#8p zZe8%=ORBz?k{4c;n)8t;ouA_8e-C^`jSU!ff*pFu0C2@>;BRZKbFcmCuRB_~OPQW0 zG2XYZcVKqAYK_C!>FVrLm0T&@Jl=xfO>7g4MH;q4DV8k)0*_YNrqrQo?rHJiy|eWf z%xLvp)@^WN{?f3Khm7zqfQ7N;p6!hH*Q=Tedk%N62P}-|&RnV0v(zG&y8J$^s`?-G zkCU&~=wEqyzOPORkzTrPfrib)ki3a#a%4gxIwLsnL$an=Q)>rgY1ww!se*0>v~zYe z#*iy+uCfW|C0!>7;7$NIv5T9AV#1LLIr6P&#ADYhXc2uM&#STWznx3oouO`nPS`B_ z9#o18IG%ZV6JCic1lLiRQ)QoD>bL2){v&c44c2uGQe!J{_D^izZjoh`!TW9&2cMsJF zP1ErsIsTkEMdb$tE`>%xPV6zH7qao%*f;7Xg>&Jpqt)RGI_8a6;I9TKJo{{uR-`AOK%N zE|Z#+=q*Zz9~2C6pqeH0o842T80NApa?~hJ*swj3i4aWuTp?>nsqQUzNbhELev+1g zRNb0i&El{F03An+zawPTmv(A)v%VdIyVcf=2BBth(Eh95p%S&Cht&6F5w9n9@oF1S z-=X*#>(i-3&|k0J=KDb|LT3RKDNjrF|MJWH^ad9Hu%@xWh%DWOVV#USl;gwa%foVl zz#-G<5ajvI0}Grrd`2G+>n5s44gu)`eB_Njx|M|?M}Y1J2roNmuY&hQ z4fith6I>2kj`5;B5-RnU{vIOu$O$?+Ev4yQ{UL+93(5%UwZ{6)d)l%R0`XJFB7-{o zi=2eF#KJaC_gosNog=!wW0YwD2SZh6de^GnCFyK5xhps06~!4lkj6|x3qvwnIc4fw zF{j|UttYq>l=u7xTvYeDR_>~*$WRwnCIF;2u4|yRZwiEUCUxXRWnS~$9vN>zA}>A> z3yCp?B(*6J3xHnq-jN~Hka&_R`tV&1^eVCPI+Wf9_LT$`9R0v>fd^l6BtdGIN8oXcoPwmk-q+ zQ9rLdJ$YS`hzUp4!7=ovIOBrdq$jxQ`=LvaZMT%@r|({?S3c9=0JS9^RDy4x_I0W8 z;(p^DgT-)}C_~ziF%sRRoHt!Sol`w&61~Vccz0*I+@+gQ?+C zF^^He3}2;^WFqLy*o_@G9;6H^XQpVIH6-(DKDeJSFUrOHajiUf5-$iqp)YNUn%{yS z;Ub)h1N_@(kMvX&ih2Ne>)r4kKBSV`{F_mDf&E5iuGqydT!d^A4GaiQZvbdw4rTX; ztkC@UiTJm3LuY@_5-Sa;Ghh1hrfk-&OWFzQ92U+~+|yZvpc$}hF5(_4u?v98&!<{I zs2ZHJTw4yem5-lY0aA)}Y1ReD0z9f1U8;CO| ze)bB!&v^JG{a|rXR{o`4_eb;&%W8f7=SOreX^vS=bEJSgV|AVlX5%N%-fFU(ficik z-dM~KHWI_u34IS{G)L8U*rI82JS z(~o6|{+{izN+`!fVfTPIRhaA$;ypnTU7)AbTb9(n&AbplGH@e)FsVG!{n^4iN`SZF z>C zlYPI(Pj=aJ5lFd-{4D&JFrM%V-PX8f1Jyx$#jZ+;Pe-N(%>1?)70Y;m=-ay1BffS& zsYTr``d+BXwKL_n=WDi-o|xvYQ!tNL+l8Wd# zJ4B8ouY%_h*rsgkn<~uBVpxD=cN?dt|HHcJX9|q-`dm$f@}m-PL)yb>qru0|1vOxt zQP`(w`2xJB+aEI8tr-=aCVQMd-o@tT*C8l2DogOz*4}7p)SU-`K0P$FC7>!Nq?g*AjFUedXBOtcUUv;)IXf(?*<$Xk_15s1CNnJ zm|!#$qRZ!Z&4Gj}eO!g<(h$mFk>~pJjxM{HDi#ruMz-f*D;HQO*!7SVciIO)9s(C$ zm;j!UP?2GK?}4z!uvR|X=UH&AlLDsw(m%7DMR=NY9 zRr+Q4Eu`gim&EgFaNFICo`0esK%fa6z4S0&)-=O={ z{mqdNnREvWYXyAD-Rx}1P!Pkx-bR2>ROdo-pO}a7c>2s;4vVK@^mlLFdHa(z4dV2L zg+iz$LazT}Wo=4ZWSdFPr|n$5QGdlGbtBCq?#1w%tFBUwwUNj;4hM5Szr_o%{=|55 ze_%e*2K1L~AqIloM}Np1Yf=U`mJp+<>CXgGPhj4}A8NOE1I1@U)u;lX-RJYbK#|tlSq`vfg{r*MHj;>K?{Cd>DnD(y-7F-dAwGU<94x-b<=wm%`yYjHr zc-GBj>tW7Q+xjVonJ+0Oy2j4p^kI5*u5#iw#Kgu zZpOl%?ShM<(s4-V3r%ZTnOX~R+b;PrN&f<9Q7Yybh4v7tSrss9l+FFNYhYANar&%I z0#d1bYV4g@nEF>)?`1xtz2?lY3f&%m-z^YJ2y=kYnq>F^fn}|frMaqsD?jadJ!@*H zpP~0n>I9QLZ3-s~=@eSCol6Dd5ITYwu5?W@Y+1UR_!*dnpp}~JvOeS?$52}RO!-u3 zUH!xE_lFJ?l0RQ=k)`zTK3>i3fp7%7V$!zuPVp+X#E%QBV0PSySZ!OZS9fG>tuLQ$ z5Fcg8;}42}TpMG~-vD}ydklC01fPn4@UG7cGf$`G=xIh-DquVfe%6*>=}fOg-1k~( ze%`@RSC!^*`>$t!(2!VgGRT#1F#g+^f5!6!kD!gdUOjc4PB5$E?)$5~nAAJ#Qj`t7mf2!&?#Ap` z47PQkvRk~N+8YbRpzXP>0ILwhE_KjM{rBI8UOBY~K!VE4oWE+4T>A4*HL3e&wYdM8 z81uI_oc{q6Vg65>UzQFx=n-4fAF?{=Iavj^LEMmZ_Y{I1{X?eC(n=qltQzydSo2jT zuPFZR4xIIsIGF9#A?_wLA^3X5wnBl~w4_#T(Kh4V&LbWr zu2PPr2X~e^NTVu)@4T+R?Hi6k;2?N)cQqMec#Af2}ztTcQ% zAd5BN%6MjN@zpEl*Nf1HGI;U_I%{#2nx+!|Qsf+J#Z%)?8wowTlOZDuhkGYJ-&~b| z+{MS3&<;=e>QXoQ7lL1tD1X|!TBdayFomycZeFsVxcI#N!ijk|^isgkJ=}G?6lo%a zb;4;@tc`olV$of`l5r$SQ-$sJzz_2GbA{0Y;RjCCYsvUz=4*GKbaD1=%AYQL@p4#P z`*!-x<;OvYs|%#Q7ltWb^?yeo$KS!p@0!-MX31lC^U4u5u3s0Lzn-z}{Z8XG2^x}( zk9za{ZS>ZFmjAvG-jCpj=GiQe&+u_A(Esi_*;mtt{be_adiRi~^7iJ-ClXu< z^sqzj+ZtX);%hn|Qo3(MP<$>XZv?)%BE*%{0SC!#rvr?eHLe}zum-yjRa3>LqPm>x ze)L-X*uU*%OyTQ`HQsn`G4OE=3I0Ghzayj=wbDnwFaeH+R2OCJ z^%Vxl*w*2aOEd~yts*~S`3Ix+Bq@sa+n@Pc{?xJWcDRhM?o2WMUEoF02YZ(oSa zA}eh!=U-5aAH&w?9k(n;ENSuO#h0oob#>Jlq>K|wtncx3CvP28_0Xh%w^2=>-LW(+ z+SmXbe;#Qxm!<|5c`ml%o`Uf0%?mWQYiY}+a;;n6e;iuUC}?cLs3U;)z5G{InQnhz zAHB$;4ABkNLyv|+oevkxdp;}S_K~sP%mhVTjD2&}jML=fN2LBKhrVp?lAQymNQNZCG_B&G33|~z!R@m2Yj?WJlb4qx+Y$= z=b(7CZ=zt5O)raz@t%MHqMC!bM3~E=It>w8)-?tA+>*3AFM`3qXL?tzXg5P}mgNh( zM#(wD&yITQ889OgyG(H7N-lnuQ^D5S+QPfE7Afp~_v7!D5U3~(4707js9ht52P=F7 ziVy(40#Az}>#)!2=Vsqh`Iis;ZV%niU>{Y!A20QgOzJ~>JIhgTd|@yrF(c$A0P;XJ zTW`gDRWI30f1L@IT>Wt{&q`Ty4f;c~_@ShLR{UzcX1MsK z=m$QXvTHK(7fclZcndze173iTdb1^o93`{An2oisxHAh^=EsSYkX_ijr1yr-`t8}- z>fxC#C=9yy84w~AoN%H@Qn;foAm_SvpL9D|y%NsLfT0inLsoTT%2RwHV69pA-bX}o zI)VTdsc^`!SxrN>NenD({eT5&;v zPy&_+(*QF5qKKJ^#0RG<=L!bj;K+P(FntIQAkfid(gyhJpg|&eepdRjdWb)1@*EnY zMo)N+_TG0cboJS_<(YW3Ii_Oh{!HPC^?d&%!%McNl24yfm}OnqOFX+q+SEuBO7#2Y zD0Zkbe132N-_2PcTj8ly6eL$RMj(@7dtwFtZ(jPJQoXS0d6yzwF9mcOI-g zxJLUz`uj0N{HvM6QGqnmQ9A!ypxB3pHzmOp2ZG_akmU)bWlJmbMI*H@#Iq4yg+SC$ zpsM9y%hg|m->B%r!5vS8DcstvwY9uFzsjnMTV&7jof|W&s%|@n&`gBf^cBJ|ZX8L^ z6s!(V7_V`3h)zErH_piTFE|Ht*1BJgSvuu=;{tP`j2n!1@!A5ndJQjS;J)Es1O%-~ zw&yYiD4^hxC#AVeJGP)^(n5?5i`a3jY(&<%tMlSLk=}~R=d|g@U3P}MELzE$TryfQ zMI#oW7aVrp7|^(XXTY6d!b!%-NZ3~(mRYb4b0k)VaNG2((no=67|=Dg3S+?_>MD%< zJGA)Z(APyWiUIO(mMW3-;&xi0st z7sOtCe}Ch;5&LRy&voXfbeA;pDAUqv62)s40*TUZ^j72vQ*K9s<&LPl0pB>5b->>T>kBF z%Kxm9@INIi`_GE3|3(#b073kl)zSa+_5b~GF{k_nu zK2`+C%bjriUwLl-FTewiv%ikC|J{H8_aBMDaJ&scZno`aFeq!N6Qep(n!ln^W^Jt{ zBd|%4qHv#QWhgDvJf-Juf)1=iGz|lbS5ZKpb}6(;V4N1_UDIheEp^0n?OBXXHN^J1 zDal?M_&a^fnv#08Yd5`_RkeIrKkATpJ5R5Uvq)rQ+;s{2`wWx;Wr4e{Tn^SxL`BRL zU!6%T3vlS3sc#|{j#XN)E=>*x%xj2A7w)ycnDmAf?k=lSD542K$Sc3-0FiS=A~H?a$;HSdt*T9*H&(1BlJicmJg9_m&%B<%zI zV07j2l5I2+v;gnQ2%L#U=Fp?Q*5@JI%&{|4A8He5t$loM^leJ#mt1bHn&Y7iiM5Jw zV|GwcqcQ%(T>iSJ1Shen%@EK9OYu8%4c=5 zR9oj_(zsPc=IT{tO+oipF<0s$Ck}J8tU4O3RC`I`J6-5c|9k6emBnaZQ zgO!!I+3KaVy-Ob4m^$`r-g02Qo^nI6<0`-8M-AKt;pk}W8 z6{qaGN^@<$wZC-m$M?#()EbS+pY)@m@x?wasAu>S5SnI_u%hs_k*&Q*nvr4bR zxaw;42L@tpJ%8Y|KF1NI{8EW22SmNi3F|mq0O{j`irkyNmZIRyzfKjPPSX-shpcU^ z5ADY*$vGI-_+GL{jxfKSG&2jFb9;c7j==?WwlM=}KNz8vx8s$${d}joyp?tCAXK28|?@lOd8^w;*#%95HoYL}&(b$QUXzbbk zQphZ~q44$0AK!QZWvMvLmJ7S>P*K+>{6q`^jVr*=_kb8l*9h`s!E8ZF?#ui&O;cX$ zb!qv@2~qBRjdzX0D5@h7sYAjnQvtDkO&L9Jgpj!ruY$Jo8!-%EI$Kn~Y_R_jxDSDEMMjZgYjUjov+% zv5ndyVA2ND7tKGtJhOeAR^R5bU)DA%@QuR}BpbI^lyge8a5qdo{NC4kFT^FOb9&9- zTSC2tJWC-%B!=ldi9Uj0i0IVgt``smx)j;pokIOU9&+RzE$b4$Ma7Ic5VU{c@TC*X^t1F`rN$4zI@JBiVfpPd=r^JUE*L z9AaMI%PKY{I3W}~97b?2ad``_b*#@67caLtx*y^Z(^1$C7A6sCZ1~l)%h*2RuL7*(O+9gAwY6u_JiEW|)oh9c{xySC_YKBXO50 z)aI%Ae%E{L$*Yf-94+1OI&|0;5p4(7CODciqYD%YlyC6yb%vSPjYmf$zJ=+GtAZO@8Cl#=~#V-nN&MMCW8tZz|EjdHKukfBM zm;)19)z@WnV+DfokIpcfwp!~ViA}#k1Xy9>YsSm$!P2WL_Le$HDO(MfxXn{FF)}Dv zk2v%RMyO}y{ldswZvP2{OQ2dJwj{58jq)l z8u{@5!rpfWG?nH12Wg@dk={X2P^xqhiHLL&K>?{z5orP%=(=pEXni>e`h)rsHSuDkH+1cc$lA6bh#ye(`dajSKaHwkcF#{vmSL%xv6ubKZ6BQ|lA_!Jxb~=F7|+a;DH6sAV)kXrUqcgiqxaLw1O) z6iv;V3&-8F@Sn^>i)Hmd^+e-hoz?aE{qR}rHe~{rHyb7Wh1=H}_-PjV~>7@r_6-sO$Reey{UTUsGI^ z?LKb)Z3;@0!>JUVRyKYQg4QHAd zH_BWVP_&yp$I+~jygMmNV$QI{fMp6TTSn63;&&Xe!UToEy!hHwtA^c@F{6vq)V_|g zMdYoiCxOOdM2Oj$kM#n$d0h{{47 z^JFxphB7x(Gn@??kVIa5&2A_fHoVM7yp9`cisqBGU7l59EathHGAF}nztLN&b`hui zWQjwIh~8+rrLxBRt;^3oX}3OUG@*9>Tx7SP`l+gWw=Ird z_sQxj+kG*BDBdm%XriHBQji-Ua2U(C-tMzIRabSBh4yInScUC82_Ai_#s-haR5VZ> za~KV1mJ?j6{uH3uUr;7H%d~bT+Q7=BRp`Yy_Q<0XJLobA)LPA5a4W~nMnLSoRvAS@ z2~`$a?Fk5v>r=9Hm>Ng%fO^ul#VPtq?0zK(bSd~vbV;$bAE1!`ZR-EEDfi>& z#~l1(4VYXnw0=_k?8{jS=IT?vCaNEQD0~KQl($};2dhng774{!9_{~E5jx(5(jquecd9PU3YFAXE9+M())V%KX--R|G#EKplqvArHFD806(`*T(L z=MoP4)n6*lCHN9l!i)(M$SqUn#w=&;oOFC>WGUb!1^5^W5O>u}0onwt*!6=D)>cAP zr$PNu;CChr%|Y;<3?Zudme+s%x>*5o7Jz0s0Gir4sa(6v@Uhf=$HgrjWoYYb1^}P7 zS~uhA)HFq^WL12r!&bg4DuQ-2;=rd_dUDqkK z2KSySaT!^`VcyX?Sa|6h-01D>RH6GteaOz?IroIR(-4ZA)QPp}dt-a5meZo_F!3Q6 zf3^vZ>t?@!Dr0Y9>4{EuxMipai58<`SWKEO5s8y&=99S~$q;%Yzxl#!Db!)~>*bK3TWeq;#8Y_2l zuei~HIOcAXmg?j!9d7&zVL%)E8IkxX|7QMB>fA1pjnj^@m20iRd2wqL9{m|F;<*S| z4Yj9g&h}4anybyLddcTcQypt<2 zDf~EX#B(3lRfjX!ln`vs&eH&GjAamv!(kduSvYGTmkj9M8+;KDq#5_S_o?&c%afJ- zT(ThleWTz$DdCUtY$@c9(+E27>RDU#R>_B_OwX>z4SPL=nI7cMZs6+(4&&TwBNgRN z&8jFk2{cvbAPvuk&c7%sq15M`v~SyqkUqVUm2moKy`dxT{WqU)Jxx(Vyb{P-#0H|u`;EbJnHK>v&2I5KbG9+4b)XAZ`*8*6GBT5#sm({1bG>+~@_spz^ zp2EdqeIYU0%>lvA`GR(59OSsR67Cj@Rj*D}%d5BCKSp!Iu^ZU4NaT4@fG9G3FN_x@ z2#`RB00ym=!<_1w;W+DL72HVV=i8jj+lYthF|S99HKY{;`syic-+FcKX+N#ibE5I9 zRem+unP+5TqD`l02d!|DCsQ}Kyj&E$+EIM&Hv38G6jgNd`YKHxo_DAK?|C}!Ql`HJp26Hlus&b2K) zE(*P1aI=kf;V}injF?x48AbG558)*E1R(tU8#{PHdSXM|svRzuoNJ_&8v= z=YsGhkYf=I2qviSds@S?;l}+0Hl2^_UcD@~6c*g=4|*kbo5j`jj~NJ7zO1p^1N4J4 zDnu`THmKTYZJ46M-@w@drI~up)JCig047kV@hr@)Vwlw!O0`nC%QjZL$sTtbEekrL zd89E%Dii94T7S1{VDb^qG2Q9Fj)UAnCh7JkJKQag3bW`G&a8(Ni2Ui6W1}>j8`pMlXHzRpS@Zh8Lx7i)3cN9&HLG!M`R|^ zjw?^#0ozao>M^Lkv1fIr7fXb;l}uW5$4FqX169d7w#IdGw^eG<`BqiMt6gn69M25b z37pb&cE}7Dt&wMperZ`vuq|Btf^==kwI!LBu7GpzFs+5KP5yVOffcDG{QmMMMm?)> z5slSNiKU5J1HJMxHYMY4o@T0Ag>Sv!G!eb0xcDWOK_mbAA?W<$jA?jaHCO9;@Tf@8 zt5Mj6QcQM4hD~{V^q5GNEni8galG^0YdV=aXYX}9?$TKOK;`i{-ltZJW>pZ5J)$XZ zMTb*&Zd=2D`e5HYpzH2sb_kM$1z$%cd05ID)axkat={*2J`F4-jW4ZmYP{kMmGrdH zgbiRDL|LTqDsm&OjpW%q>2jir>eIumJ!xJaWw?&c;V!1(CHuD+O(kznEam4Kt<j(~ zv5=mv``FD~qvQRrC4zs(C;WH}2K|_Wf2}$Am(fI0O2)dzq}fg~4sJQnlM-6%iYtBg zonE{vcRr<5d&1y&OeLq>a4UAys|AiJv{RrP$K`8QeH0eG{wnuOfxcz+#ef$ZDs9@- zDr8K|=-~Z(dmY0!i!1vbGER<}Hes|__{hVR&viKZw(&VaE}43Df=fKZN-HYrY2Q>- zJY`k4h(pcrhS6IjBxDoaqE?qDGF#ILOVglcSh^LSTcl}Uy);x;03As=S*Cur_ZerH zg2(EZa)r};1Wupp4b1^rDH6{)4#zGn;5jhMJKV)UF5oe9$@qG_NyUKO>3&+N+|RCc z>bKr8P-b2bCvAvSl)qOwRY7<+%z5@LCOjrhHP38nN-3vlCu*_`nJnpZTEVs>xV7KSx5cAVwDz+x&uRh^;vSZb#*+>*j+Yj^#k`RTSe=^G`@d=|6k+uEe7bfU>9 znCI&AnSyh#C+VHL7mJ!KAG57<9W>b;7vZE!eB{qDl9l7RQaYtYQ?LMZYp3_$d`$s{n|DFPw`W{L=8VS0N>2L;OmwGQ*1oKu(WF z90#G3|in74@&YDA;f;=$-IqZ`2{1NrfNNvbJZ=l(b1Gq+`POOT9qIV47ku! z#83~E_Omh|i^`@`NX}J#s}=At>TP5@pPg@6?>h@wUfxI*#jUq6Q+W}&xKnwx=6qAz zvyUFUuttfw2;6jiti?Oi6Aq@SC7mY0@#f%Yu9uaSDv0zux||eEcFsyarEWp&49ItQ z@EwSWkwvU3r(30P;3hCJE%mHwtMYoeIG^LT2;R@pI};Wafh?Do%WgN&q>b;JK2|576O%BIxp8%NiacL;!Yc+S;3#u^H|<%)@T$+-26R@)(YB=t<*(cAK zZ)7lQZSO%5x%qRVqhE{w82}7eACR8w*S5RPHgd1DxI!J4K)SzXb>C1-#;}kCY?a}!7J5$&hok@kztDoB6j)H#wGBMz)(>^S|wJsnTxh3Pc3*@ zn54-3B<&`txY~zzoW$&O!^BxGW{d|ByqMOYt%#E}fo6Plgmz?k{l4VJ+*v~Rx%SVM z6JNOOhjygqQjR6<><2XLIa}Lhb)I-CpFP-(9D@~5rPvSOtg)AD4%vg6f_TaGs&At#~3ZV^qQ^GPH5EW zOy!F^nf?TDAK-%SYXIQw9vZ-LD%~6Wea&S4Q$vs+=l!2e-2GPyLEE{?3(Lb?F#2lS zw?(sF+PL=QD5M_i;giXWe(t7!zsZ6)Lp-_B_3|abMQvu=3I%3NN-^r9u!5;RTC=#a zCb)(AbQP4>l2(M6y^49}_TCXF_@W`9*X(T4bV@STfWWYm-J(H)b$!GA9=A6nY)Vh7KsDZ$JU1SxlXlQH zt&n#BaCjBotiq*U;uw*#gM4mH+N;CjLU+dl_)f)jn!hQa!9CRGg7?w^PF6r0arWFK2C-^@ zhSTCw)i4Lc4K%ciZ*1Ilh8|D$%)9I7%IC9P+bz|3E7qJOL`JSNRG&omyfNytKy)ESHkA*G z))g47-MA>WS2)8w`j)vx#$=A0rp}w{T{0gV_|MHrE7z_(6c3HxMo2K!N7G|MJ# zkD)d2e$uL36Xw$Jj!Pz+n_A?lVt4j(Iv;U>weflHaWH7tcv`vyb4vK$x)z2jP()r8 zRj6^MYQRPKieQF^b8%E5?16qZ-|{NB#Pky3p}P@;@CDputh$xEVvm%~dgUOZ5M z7rp90XfS~9N#!Fb=*OzTm$1ZafsK9Xm~D3ZiIvgSPumcjH3HyVZ;8Wa{Q#U7Z|@<9 zN(yjQ^w-8m0+rR-CzvOKH6u!I!QzDRF66=~IF26K^(EpT|CPYbjTPU0Cvm_+B?zz> z(me!8OoC^!>tz5hlXgHXoDqVLP{m6Q12D5a7VyTEPN0mt{C*(=I2O%nS0}-TAMiQR z#PGWJ*d=Bud@p&?AS9EJKb{Yt6t9F`(+_+v9^*So2thu8(+)Q_LB!6P$SwSM&b#Y zZvFtA4?xJO6$x&q)Z%aHCP#w}r{zsyDv%4qNip*_tL3X!Uw|CGD&i{v{-3l2Lc{{h zM4Hhf=$X1EGe%6Qj#gp!i4^N>HdI;AW+`dg1n-@c>-2Xbothh{ueZ%~m7HT{rJ)UU z4aP(6d+I2A-NBjfAaJQ!OU2{RV5n675%h-&=&1_NWPF7m9o52Zv2BJu&6x?f7WR68 zIZBvQ>2ylk5$)r&{-fv&>aHB0izjUIbe_w|s8&Zqr^T$r*BhpI*eJW zBe9}EFotP(K#DNdzHY|u!M+Bvtgle_HY&UY!oMnhjX95Rjs40qCUZ9X<1Mz)SE_cl z88%XzB1RD^7|SsDj1g3|L4h0lC3v+kdi`cU{?d_gkpwnxJ^L(5J-$1N$B5WNBMlXk z8mGzvd|)>LA;77VlF9t~nunkxs)9J*MwzJ7MaB2-kfwG8jaiunuQ0zn5lYQrcxBeL z(qu0&c(<_?Svvd_Pm1BXhC6U`aBp2$c*@tTF&{|iRV8UJR9qePi726{0UyGE=B&xFqa!Gw~zS+M#h% zj7YoHBOZbr=8c<+DP;9;21|wSF_u@otq)(E9piHs7)y`h;7}hAm1FlFlpbuDU$kSu z&WC_)4@9-FmVxqTr)h|wC9SJ7XA{Rv>pm7V#l^)_MDY^0?S^2fmlaEK*82h#jkCyp=i@yb&|4#86XPr*%9-=faJQQQ zvi6sEJwRlno}LK8M^4USTuly)4pX1tfr>cU!!;_U+}{O%&}(;nT+>tH4ehM-Rdc7P zaPbA^N1jLK>vbUf(Dj`+eez&*ozhH?w>%pP99Z4r|9W&7&s)AMRsOOk`c$0mr%g=G zEb(i>g)sB4K9TuTB=Fe~966!c6WAfuPi2THglk=CnH%KTEHi?R5XsJiUM6ljcta?+xt>8NC3}dL zDk32!pE{jaFIC=UqnLMBA@+t+`L3IFDm%9_>D>M7uRUQWvlOGbX?d~nrb`?T!u?GB z^=^V1fRmY%`+DX_erhLuKV1twVbvRN`y}_14RjOiR)tXR^RXWoWzo7_O?x1U{4z9{ z9nfyR*~)orzyYRdd%COoOfuZbq8w$VcY4Fk|9;ru{YI5c2TC$(xtHEgApUseOkBwo zK$X_-d}aUk(Pu*&&#gLn&=*a}IOJ$=E6CwurV;)_Vh~)Xt|m#f6Gt_Pdv?Mw3kAEz zhfi(oEo3TcZACYCo&fhn!5Nx;vK+#*!P!&}QK=X85-_;0uoqfAca`rP{vD#bki>|Jk_V?sz z?Jf|+Ye0RbCuI$F){wW%o!*@C=zEm6q@bV%V3ggnw;#W!v$K!f#l{o%=({;Wviiki z&&*x9wM~MKXz-T)frI+j!a@DJT@OL*@fPrgj4gcUWX&O{w-8cMhVw&n?Xs02_bE() z7;&g*oO1;az#C_7Y{xG+J=aloOO5gSMiGQ_b03IM+wCz^2T1rLL$g=O@NDY}5R0C! zX@u_p316lG!(NY>s|4CCV1>W|Z!3qR;d|Gv06u?8>%hN%+PD9-gZ-Z8NHI8|L``W^ zZP2ufS9WAeqOv*4Ir$Klw2D$QlRpGOA5yAj5JPeX!w@((CG7R2GZ833W~t*BjtWyQ zaJW&2Ui9Y(e9u`{$oew6Y8uO_d644^brFU3>b zMXO|laHGm(?)=4Pyu~K8W?4qVMcD-rY<{x3*#^2U%iR~G?4--qhbH1LBc6GQ*|1vr z!|fo?yiQ>=i;WlDo-h_>TN}u53!ShPk9pZPb*{FzTE*Ar_S4DwwIVu{Orz)#m=R{6 z{sb;4<9)%RZguBumm$mP8&}%dqu#c&d8<)|Qd6+JKUIZV*;W{NIUIy{!aV6m#rwf% zP}0TK*zOHe?X=4e!zMo0TC-SZ8tU`!pL)x)n}DXKfBKRgwz{Bzq)ohgf06wRN&#i3IHG(p zU($Q`_|B~X=Q=jDc54p>5T&PM{aQnF29I=*IGI@W9~n})^o}W<&-@*~)g$dml75^6 zS3o_t*9e4p4R&D`0= z#iS873ORFXtxw|}S+qKzWwa_cQProHAPH|!jucYoHa-%kXzqqyXN3~)$YXEOcvxcM zn>o)6xHKoL8?KaYs3dTsDI=u%vn3iBRxV2`P*Xu#rs%ww2_1V4o$?S;c`cOi&D++` zQC5<}r9|9Hl=xsuB#| zwyo(@7E&?hPqfdYzWJHvS#@~AE3Ywt{=DVD(9JG475ET#$>mk;6i;P;;i~JkNXGp! zlNJ`mPRWOk8_{A0W|)>Lz<`FYBBZfI(a|v*dd!$ZZWU>tBF5WPU!EBoP zHYH@wV<(~sqv@Jg`Aqgx&!h<^K%ECL^bPTy3Fbk9(6l`jEET5){CWutgGjBvaUc*fYsO8-0* zvJ!UBIm^$h!*1&0$LtH^>O$IGx8wLKB*%wBg%+xj+#>=IMg+wm*Ca^fBK@(VkFKwtQ)RnV-ZLU$1qas|upw~l8jH1^C; z8CW^fFS1(Osx96J?Gjh5W4UkITg(>gOa02XTU)%B=Mz2+S7?D)f|RJPWaU70cO|>+ zmm!!^IlGmhxzmNSabtH9p8Hc4x9J7GZ)1LsFgu7`o567bvMrDjc+;5G9qfk;59um% zl*JUT8B@UuoFiJC?YeCaf)FulxTk8Q|;tU8J0jmbQ zD+Y3pnoHK`$dfvWGh37$P-I2WFF?B3hzJ_>_sho(t1(pv_}lxf#keyxHz#*z?%sT! zIC?wt{khECdzr8KPLi>`PJC0~W#{!lfets52Uz_f0$?my`_}hH%>m(39?9mam6+A+ z3>S%O%jNrBDaw)WrNv${u&I;JweQ{B(ZG1d`JqLFQ+OajbQS2xTGuC# zB}nIN_EX*(05x{X=cilbzgC*_>sk)@`${@7M4*KE_u-9uDSmUiT%*!%j4AdL1V}2| znbj)OF*i#VmTiV&WsrMC0F3-K6f)z2Y@FaXvT}I1HUG9^Fm9YIT$fp>;pD7^`iDL| zy6{oTS)2sQRClw{Oyr}y@tIUKm}apvyE|XqDn|Krvu~}IeV3lwMF~pAvC3^8L$7D) z-tv|+Jq@eIjS8m*VJ>JbC=Q^Rl+un$b&M5eGVVliG%%-MQ8^AWj4+{=sH`aY3DnFG zn+5NjKk)245Y&HLir9r6f)G{kEWix$2Ttuj5vTUu&e;IP6bhfU9|E)tPP+k0u0}`) z+h3&trj?gQc2k4E4Qb1wALoIjXC2J{?brO${Eh{XX-~``_q_m(Ucul4%ik;luUNL! z(Tw2bfXXyrjr5fd{Q}4xOadmq%^?2Bw($RYOZ3PT86FC1S6~?e5ff@Z=cf{n7*8X; zH6m5G(%l)sPDB8?Mo9bH zx;O&*hI<^;JY1|}D4#V}+}xe?12O4z=fW8QzhNXxV0tEORR?TuF>jj!krgSHtollY3(aPH>hNq z&Dby^IVfv9f10VHW9~BGO0x*VT)m=1LMCM`!IwZ)rasoA%)Q6oP%#K&!LTVO0@b(r zm>Yeiu2EY}Pvf>{10~!A=|Gd_&c{?9+jh%)I^-!~iQj=aXEF5|o;i(KbwxQjsx}V> zO8e#Hqtx!S+4Yuoy}e^0<`H!nsN{h}o%g$MHi0og&{1@=88d{ptz?idd0R_*)`!Em z=c>b*YaF%af~`D3d-nCFI8%!}C<3h-L=bLHpIngRn2dGEGA_y>Dyu>!8_C%E(!t*A zm>*@vbf{dQBp!% zOaS%pPa1%%jY^r<r{Z8^cO;uiNW$E_fI`xPq<2Ofb762K!+CSk1n47+WDiY`}Q{SM?RMg1kYLxB3FT= zR(bfEoPoqI6t)*qwUu{Sc&yTcyY2$LW>Suu*Gq>aJL^sz$afkq@RcXX*@x>1G-64H z+b2(8xd0Kwk@f3bG%)2ED$5oEYd?h+ogrrBtee};sV-f%B$Jk_QAfz8AE^?{c6-8= z-Db|`JwL6INk6@^vQ}m+Ih4DEPrc=cdK8|C)_?i(L232Mp5zzEU{4YtJ=jkO(gw!I z^Mm)(fv)h@At?PO7JLYz=pig1GOY^h%K$C>S8#lCf+vLK5CpukaSJv9G?^7rw=}$f z9`DSBL(l|0yiq&n;AAS$DaKuge^K`2Rpv4Rgb+W13D+B!a6P++AmE0bF}MD!BV-U* zJ;4jl@!Ejf5Fo!%O&%x;ei(N;vwj24hl}7OFig? zsP(E2y#a609D-ur?A1#U;6PjD^={3t20zz~SQUxCS-^$K_d4BN1D3Dn9Q7rZPc3!q z-$bNas~TxD{P|oH!tP>IH}`=eqU!f%9GX;w)Y{I#iLJ$#IRysnR=C5@^64esQa`id zuW_|NF{%f2ZZ`Vz`ehC+hEAMlv#WwE29SxJkUo2-Y>=C-nSJJJaAuVMF+-=;d$wuS z)#Y!?<2E*K`5dLqiZf(BcZ&OTLeMmbO#KomNL$$*0U$<$<;a_pxo!;CO3^P`nCEKc zkXPRDH$SP$pO{C%!*ZXQ%76Pv-MK$^%l`tCiOn}OGQiivhsTk9-crCa{=u03F$aIx z8u-7~CHOs^gx`42KUr4!&4f)iy!3g-Ye0~x@4Fcc7{udEF$jN{^0eoJb+f*LZI-PG z!5eWOj9;I$tZ*Vaoo-2zcA9?HJeJd^?n;SEvdEN4?|P|bxwG$$^28ziQ16*DS3++^ zUcN)aLSk74a(7tS2Kb`}4O}}^+6NT*Kr6=z%x2h*(&C!&sva)qWUCEw5q`2UH0nM% zH)8tC_52Ik5!mn*3x{}$P`c=xiLI%CYW*0@su$}gGl)`7>z%zPrhIu7xokc%1;J0R z`noDoczYOVzp}zY;Yx2lrd3u}M`)J^k62bao^HxN=|{usot9i2C(Cl_HSuSM5r-B| z#@bqJkAJC-kd`AV8KPhE%&3!6J*TQ7{Csq9)SGGds{uNAZiC_N7O2d-QElKBQb8Rf z)rG`F+R8ln+%w9;X3;%2vCP?YO+}h2twLX<7-%MeZB)gU=S~-1fgHs}!N646sc_-F5UHxTweyVALA-J=s2QGGkk;Q( zIkrKx61aFO;0lX2w{Ik1vqxWYf}S!O3Oa`E8CfQ%A)bL(SX1}t^tgiIlykTc)Fo29 zmfJBLmum3R^37t~ggdtR(UpFgpBP}Ty@g{=MMaC1LBI=r_kd!@W3DIPmOTE*=l>MX z@;6~J&s{RJIFtcPtAXzqaY~^tDXi;bylS$nvAY!piFTiBX=g=tE&K+Vgsy}Z6Z3gr z9M)6@LFXImc$+7W;`p-`i8T%Js#(@TxjB+pzvx9``oJ#c7Gid)u{RP!wE<}A04%)K zO@Y?Ofvhv%iq`P-8Zv!sS$gPv_v?B`JHGBS^WkJSMsDbpyl-pUCkqB)*Zqwu!bY`M zsBCAt%#QZ1tOk{NcwX;Y&r3pnF{qn~P%jF!L-UOGbb&yuV0U$WHa3L~ zd6rr%MYmjbTaqa4uLZt{w>EHqPYAe3>L+CQ->NpSTM@ZWS{#}p?l>k%RQw}m`Vlkz zk!#>bJhl%&1$$lksbha7z4l+nW8aU8p`&cRoWk=FCUMUNOuHnVX!`0-z2|H@iARL; z`0SDEvK(5VhdPFdDrFfspJpj7vb{0glE}z-#uz^AdG-?=6gPc`6MfCF`~i4j^Mf3e zsYbtM={Vho+63;<;#mPpZbsQ@YAw+1K1oxq#+|cS3)0e~cF&cAjg78EUdd{Iz{7hi zgD?8g1%9cl+to~gcrYr2HW%lhTRJFwoPKjMU3jYr?0D~KoIzfL0YFAfsmvlUPW!W42V7=<)k{?G!m{dkbth}dQ9!8;s+ z)B}M=dYk9McZz`jS;@2C?8EB}ML%}|8X4c!pOazZOVC#L#a3|XhuE2jlb7T73eCQMaS_urteWUBUQ}wMW(ZM{^^WeMTbxls zlpW$BM`&;jnl!dgsnVHbI>vAG9eYkA8=Lk~m>2HpboUXy(q8+A&Z~w(X>4~Ysw{5B zbSiG-B-A*9sJ)$Ukc;lCnv9OZv~e!ZqiWb^AAvRq@yuPeYn!b?caFzui>P5)Oj0HG zy`Oq_)yGax1;9^8>S5!gZ)HKIc z%(OONkXM~?2=-#B0o201Vl$~k^-F6u4YX?v#@Fsx=$xYEtupaz8%y!KO&oTR#9xw% z0yh~)tVB)khs5`HKySBvtSddQqF59zto+;|2>Bo(qcTb)lZB}0KCe8dqw!xcs{+LOztKVa%^Tv6_x*Dmryuk6 z=lS}Zoq6BmZ$i=4_iH^}cy$5;jiFb-1;7%=eOLCIO_pdK{A*;A*EO#$X{kFhgcGT|Icg!3W>7{Ti=!w|H$Y6q`3NT-dhEh)ivY*H|3At ztq7>23_HNGH4$V6>v^pXK}YdKxo3OLHoO=7-r)cQ|W?4^J(ytEHv-*%^JIUR-C!D?ymShRQ*$@%%I$o%zNe`@FH>jT0PqN&?o zM7Ii!{(`UhAw%;EKf*sUz5Gud`)~HLA8n4G6wQA#iuhBT!|FR55HM^YBFgeb{SHB; z)UjB$X0}!Qg+kn8ts|NT5q$a;QRALjSCfbtPM-6weeA{=+~ldJ(@AMSD=CrQ&K4>z zOIbj3kA}=!;TncKsI<dMskp3J>>u z$VIWHwM@Byn~odSw|OVk0mGS*SxR-Oi$=Jt_H97o$QsY+l#u@&(B06`)S8~Lyu4sq zke-e=If&?!t~$FDukyJ76=sXOk%}vd%a^%$@Jw37`nV}H4Lx4G!Wd4f5N~TO6!$U7 zLoiv#kjD^h!TH9aNjTD{ShSs zfbr#Q4#9NKOH8x({eVvRdB49`Mf*8Q{Epy61~fb{g$n0%mpTK@p)Pc)Dze$WhSTst zB;{(jY;1CIR5Tf&-O}w^wy8C%V}mRU3#(60Lig4(oL&t^@`#+N+c3LIp27Sn_tGN) z;!$}PG?D^#r7yf<`atE9N-v*S&AD0!_7EREbd+B28^uO}whQbAMrxqwN8~pl5>Qsj zex!9oV4U3Jz*U5Ep~%kSiMw6{^a2lQP!cZElmOtY+Ml-iK3=0~egPZO;Yj$_yT>bXbEmdsApGVPQz^(}66<#qT& z^;pUoiJ#02_?zVRkkzp6a_#63*0R{qgyH#TI`>s>}g!REK%B+*H1dPE_4W_*YvbEd~*+^asPFFbi@2_`J)$Eun46cI5l$C7>q?8oZ$ho zd7dw6-zhyHr~L&#XzmVxK*|8LUn?9Am`ueMP3aaFki2}t^g4#2f3Fk(U=THQhQ7B! z0RtLBThF*;CV-`mK_keP0~%BKd(-1aFJ{kn$ znhkIY7YC|Ev$M5HO>ZY~tRxrpAA576e)ss%6UR%(5OL z2>J9h$t5ReO7}0xxH_`fvr088Fe`L-$Bi<3s~5EdgEkQU$YWcG02xl6>T+9;gtBg% zFSo+gR!>f>+O2iaS{1N_sIpuOwYz!nK6u;cC*hxOKsPo+e@(?-Q2`ol|D;0XkN5v( z9skEX{`NZh^(MBu`m5eh1$hlv0?UuPb;)9n{WHCe>HO@>H@gveE#cRN#NG3MqlJ|m ziW^Sb2M0hlgi~=-gqRaRd=|O?RRj7rq0Ilw|4$tF3v+iTv0wO#1#N9XqM{jt1qxdJ z?u|a9@U*}Z;QRL-!G+y$T6?KO5IfAYPvOL3;^2;NmQs2rVriJwWXiHOS$@5w`A7$m zKpMsvv_`dZbWgY592ZzU+_)Y(3TYm*W8F9E6_vaoNu}f5M%CS&W*FAw^ddkg^s?>~ z0doG+N+465I-ms8I7M3v!GxF$u1k$+of6d2RIeMjzll)jew@)2ZU_~B`1nY)#Bedu z6Rx01X6%EtfvP!qu#k4LZ$oQZh&YP!FrTIXc<1_H6p6 z1qHFUm^nmFQ3e8NMOyc1=DvE)5qIX=xu)q{IuWHip+2(QtW#tz9LB1+IuxMkI|>g( z)auP7i*!uRUCiGlj7Wtoi)R=mV2Ii#UAIhMyt}iz*HB9{U0ytM5t@mCKa(d#fyqaW z8|;nj%r&JQO=K;uv5cy-8V26+x_5n0e)?YBhWD|%aZ<9DH#{lm_i{v1E#&yckR7EB2Eh_ubJ<$|-c4q|iQJ){RVR6LB5)mNGIsv?ON$OMSZzPb7T zW-;f->)$Uy{&$?~A4&f|oAd+jF5ewINv~sOij_ba;fN%Y!PoodhRY5?CrsJ2L^XYs z{c`RTWxB?`zl{#1tqPPKr$F<8o`f-=Q)%kYPT`W85>ubb-+k3SlS*eDhn-B4cohF= z+_3FRP+9_m5~xX#5|;TiT8VT=?oW9CZ^Tsf3%|{qL4*IxH`MQO)BbUc?-LyTugvq` zGE;tNYW!JK<2M_K8ghNQ;a^Ssz9%@69%KOcO3`K;(~Jtv*sW!vE?%(PPBM0Td_;Ks z4e3}6UYATyXCUS&_fJwQ za(hDyLK7oaZE4>Cb%GJI%6^ROW@L!D{qqh1Dxc1TF>Mk05|m@!H_U;X@Etp%KuW zA@HYeEgym+04s{0{(Ml(M7bY=t|M^=Tv$Lr zHwS|ED*Hbw~f2nyQ@`G+8GK(1sW{}KFk#K9op z7E$V7W@h0pv$CE4)u`sDnF0SiD>l8CSs*{pOvF#qZB%-L%;4uK&-i(|hYA7k)c?1E zgWb!LpuqWO-8kupl-D2B82~g`xEu*HuZ|Vhmz@#{*)b6#v4lT?|NOc0hmhD+ru`7S zpZ5QeQ~bvlMY3=C#??*mh(>yx?9@wYt6(h~t7yG_0qQh=w|SBW2pcXe+VK!%lDf<4 z5|4L(4?K<8Jq7}pu0MTI{%w}S{kOI{DjO9ekAiQby&jR--peAn4gsDvlGZdMk6y)u9ppx86^vhr zc~y1{&3kdvC?1Sm72OZR=hY_w+r&Qn3n@tP-)}km;?LK0iGciRu?P2v57 z;Hwn`9|3^U_3wN~K5Oq1m>o>U*qklI#D+?K@?i9a6g2(g;3b9FlhdlGtS#81=OuyBMbjMxB0s655+cl8^`alG*CJ$ z4b~VMA@^Rumuul4ylMW=CTI`_z-gtpnNXN-wiM8Oqsc+!bftihVfk*6G0SF)<4a41 zFM14*as^=g2?_Uc^6yn-E1d*Z^Nsf;VaEZB79CH(aL^fo6Lt8Sot{_zazND!pRNP) zOwVm)>+Qtk9{vN3cI12yK}(dNhCiq}2(>RXKdFxT)F#CAx&Oms_$sOZ-bfFDf1F?< z93KPH+2Qf(R{RshflI{hP$8FL?l^d$Ac+9zrqA{PKM_yiGr^+B1^W=dnPL@4nSoH= zUjT4*NvjscGXeB2E=2w7jAf~d0ei7A@SaqBA_O0W5&gwSM~lhOIt3K%Tt) zWsu(ULC&K?knUTDT_8t~(F8;^6%=r``=T~r>RQ_zXbYHD(Q6c*8sb`F<-7Z_on~s& zn0YECK(^V_@GqMlkbQq}dY(M%Vd!e$|L&&qqo~gzZWDFRrp7D3m2lp0OZfkkaprw7 zkZaC7V@+Co1Y1at8Q4uNzeRuIg_XuZ`83%YFbKOJKTp&hp}A zmc5&=e_v7@im%KMA4&avQg1|5O=hr@O3C&2 zVtY*P--|nne_Oa!s~dRL*G#9ASgj2J-q|tSvkK z(p;873J`Dkrsw|mo)e$e7MF>T9nZ8})){@jV+)<0sJZtP7yvl2|49S#*juCBct=zF z*5}N2t)`Q^`L}*2ZB{RCxVzeC-c=q@J{FN%XI@S@um3x*46xjfl^E>~pU|%1R5TB@ zyyy=;R`&ZY2uRO31fpPddZMEJ-lrC)sECHb-}!j~z$k;guvagiXpKYkJ~niI48dUY zJInBS75YePvE(sWg8ub{4;NkXZ~d-o_Vrql8s|ewcOlYK=k(&UohmAH^k4r@6i>dJ z?M~*^iHiHdyDd%?Wk$dA&j2vYxk;mgA|A%o7cLLcVCT8Q-}$9u(BBzejbxU2*nab+ zWm?ZabHv{Z%lW4ytAF#W@R#!X_oRXSRn+Di=G{M*N;HFDJ2ysrx~bdnK!x;`p%q;6$T#b*>I zL*Z_D=eA7pMKA3A=PmC@Wl0|0;*?uPu;Q=bGUZt;F>8h}i5%N%#ldYmhZV4$<^wM7 zlAzBz6fs>?FC+IKHG)pOvy+Nmy4pzu6Twop^kXjGpItHI%#JYv!HOY|Kwok%}k_)VTwf%?pFCY{f-%FZ% z1ggEC2%AiJ_?mp!S$o_WIv{y%__y3CS4^f2=50oX9}sm2*hU8BK4PULw$z& zT13G&DljFtmHC9TjXRWtDonKImk*OuH!e zz?SH$%E08((P2&XyC=!T+BdH)6jll_x6NOoDa6YTif;D=q%aMY8D9HR?H`geVbXE= zCSSjC%i5pG@6;f zgE3atkudG<%QBpqDx;g&7<(lDMfv#jZQ-jJj-%4jHj*C;R3 zJMnz4&X=b;q@%vGrF8!N-kJVUyJ`An7flzce^j}a&*v6PIBTzMbMLPf6m)!Hi-ZCb+@6wO!E7X z?L?)v7hi^XiMLJbqr=!~>(uOqo`*+e)&7m;891b9vFzR{(z9oOiVlhEl*oF;-pMdp zmJ-cMP}n5J{pPvl%Zdt+1!Drd za2Y%_9nOdCcb4NAssQ}^4BWznGN(4#f--!b+P$!Fdh<9F!udS?+RQxM9^XrxfQt)) zrXz3S`H)SuPM_RV5$NA@m{=`SEzGq)N{Hio*&LRMn=M=Kp|42~xo_l{@>;gd%3B#o ze-0-n6}_^?yCKq$8ZZRsLbCw7i8Sp%IBHYfoGPBcp2^93AgjTYZwwZcuuxXPFZLk|Z6d>`TKOA@J8{Ck?(L zc}DSj4%;<+)yrky=~gw}YH3XU_TxB3Vvz0=VSIi@x!=8swL}Dee*-Psj`_7TH^wdV zV=S@u0?y?4)7D?K#tmk1m@i#NGR2EF{95NnvDjuiMiiVe0DhB)Pe%qR#RqX%M2Nhf zZEM3F#>)jOWp@>b5xTGsyI0@R4C)v}2A4y;7Q^|=JP~V6S9Nra3hPe7l=%?}dZI6d zV_3DeVnC!ilB5p*)(J_)0%aHhM!rAnknxb?@uiHDh(ES*v`A~a! zK!JO^6SFJW#tbs@YzfTkk1TH}uRUXP39Xbu8&IKP9iE z1bNbz7Y)9Ra2KGd0T{5t38a+chzmKI?qZGRe9Y3-+%0-rEw{B#Ca8?pUXx4GlLk$| z2L)_rpknrL3!oUUJLF6XCXL^{NJ`o6O|xHE{J6H_Xd~Ks z2!Z5vO~4jg#t0~(ie_QsD0AExD#fRHtj#7=A@WW3Ss0l;w2YJXyT<=43dE05dP&Sp z1TozCJz&2Xmbzp)*GyMJ?DrFM%~K^S=Z;Hk6xas;o)=Z#(N((@^<+qX!*fJAl(A;i ztVe@Yv-92ikGgpvQv>*8cg#QrQXBWY6JI>MF4{S(T&&h#X8aXmo`{x{KA^dNTIahi zo%8w|s1B4#9fztSuI1fGZw9k?mg?X*5~dnt8>-DB{3Vt#i83@OP4mDdcSU42@BxzY}20`0hx3KmD0jx1IK5{2~?|2#+#nU5ff4sh0$d!+b=?H)T0d$~9lz}TO+O88%A6L777L%-^Wh^I5wiVx%;p!Zf z;qdF<@tmXks9A&q4iy_589EXk)YH-6{oJhNjeOs+^wBMeBg~)gRvp_kQ(wdQytj3k zy`el;%n%r4oM=*jI}2sm&Nnuy$WZ;-m5Jr4c{03ij60awtlxA+zh=rSXK39;}d;W=nbTK&naU+eM=rQwDT_&Ue zps&s4^S2POUzC0k(*Cxl*lES{)?l`BjUDGg4bNTaB(j{C9a<2$yAr7*zyy!LC82r> z;^D!~i1c6cxP^^m!LoxEdndiK(#I!n46-}SrR$$g*%xpQQHcNVM%|#mGfT^V1zt6- zWaeYV{6zz8+#g%iS(F$shZiv*-jo@*4&=}=n9Lseip;bH){O*o;_Yaa%(Mu5Pu&E` zFYD@>K#?g1@Kd$14bHs{s-S2AfM>YQp?5)Aya-LcYJ>Y`N_q2O-IMO7bm}+jt%R-g z)IB5_EY|@aIt-;J9wD?9Keg;nv?&dEmoPCcOxn(7_1KCYRLXj|3-4JbcYVIPZIwIejz^(Tjem7bZmYjxui z^J;xC3&|2~!z4*MHR$3f71%ci`thWg;H((95?U%5uF(h--|t>fi8MOc50LR`+=>Wz z9P9Y@^v5k*e=U99QsZCHM6e7#uP&?aHm(@893Q@LmgnR9_UFYrNKM0<{dB@(QAs8jKMv!Xw2b8{?l`=OHuuOIAf@@#TV>aSzRAghElpcC|Dr!Bk^;|24+!Q`w z56D4t$DA3y63nG_pGHFOwEG9sg&4GbtLm%ql+>hX|l#-(R^ctV-4ZW8X}OL|~7VKbYn) z^itc2s+s#X_wt=N21$8Gjpb01vU`jS5tT^sIBaxQ9|!t4Ih-Q7*{9DG0o*+sF`rZ6 z#2B+5Ia&0KilyqlRMs+aqY#aa-(uH+6MK*81n^B<5<$XQJZa3qC{2a(S47uXyv@_$ zi!BDRa#)NU*CYLntXC}QZ|W%)tZXOL((pUu0Wid92UyJa+RtT~!?lj=$AL9>3|85_ zvxAj8Z*m&Q@9MenzNCZ}Q``l<;3+UhNmqQk{2WCax9}8c*nu+3`M!iMQ&S&>t(2`) zD#e;Q*NH^+hbQN&An@l(WCY-kDdYL6%N$%5?+l*LbuL{oOLLf0aqBQO5pQ$1b2WLA zwMCo5dxQ54v$-IB0T!AWj39;G{Z3F|4cPBFs`IS$j0#l{TR{6XW4o+v1jDg{>0c=j zGf=r@?+q3tC&2(Wkk}WBF(yE&fPq8RPkzsYTZ+an$mlEXXln=LQ(_rif5>>FfXyy6b z1NjY;$SBsfUcyEy;9P*YR{8fc@L8ea*BZXkQjn05rz$$Xq zXDVf%OMLgg?2lEkeMEF1lkjr?E{p#Fq&=8F3YIEMJp=2`VO~^5Xz6H9tb8o|e%JT} zVmt-5e#9EX6B1!T(LeK_ET1zI{(5vO@f2cK(D5}G_X(8FQ}_D^FNdsT@SyB`=j$h? z#zmG}Ddrm@TEitHF}K6WqPYp7xKmRguN>$&VPN%&qG2b!KVS7iW^A;mlv%k*J@f06 zr)2eil5M#}N%aK0EurG;`_Y_NEPGc>3&d~1JDT~Yv)KIMugJTf?QVPjEenQKkDr~4 zk{Tyl$N7>9MIG%->^j}XFQJO2Q``BJMzc0`ByJ;%P$r#SvsJl=!{6MRw{o^fw@k|N z3Idp>6p3hf-pY0?Ty1#&C}L z=W8*MECyi|;{&|=&ew5yt-uq>A4|b&_vh}+5{{mjHVm&gq5R%8>ir(q=R)YVE=5Ve z6@d)2FD-C9nhkUs>re28bO#>@g4pXvpx9Fir?qZDAgw(d_p*JRUbRZcij+=e~HxY<$i>8b$S~ksg zp(8AHo>pYPVDZaFWmJ>q9{2u88tPdZGf#`6Ha|FKH9#{k0)aODGwt1v=LF}4d%N1d zsR`e=GL#=I>9;Edfj|uP9*7)mwlI8ZbhHa9XQGdQF z=DSIk-)I8@6cF{^8{A-4BCR2VIpzcM>7wr~{^oJgvYWeJMu#{HbdF1k^%y^A%#Q2j z=~w)2!O*;mDD?HYQiolRIg4xRCcELplPXrzWE9+HAB4>Ft9&kyJ_oT-xg^|p^?2o` zsUNohN+21jj5CUDAZCfDUvs{x?l>{x_~=LSXwC1s$y&m}l?v?i z0T8(vrlND5wQDh$rXf=9o(Xto`Dn#Ui5{&dlezT>Uj+L7PU=Vd68Hvj>D6@nuW3G@ zNRDmyO13Lf)9{ka#@r>!inFhkVZYX8GCvk$-cm zojff`RGM;fS{+RTD(3G|I4UBfuggo4?)ON2xncxn&oLY$J{04cc|9vmd#VTS86;HO z1|oMpm*?E-Hk+VQC!;NG-{v0g#!Fx%h&Klr0g=H{p{(I>+jyUYu^)Ti4Wf0{4)?e$ zuYEab^r)iC45;Q!H3ID6ik9O%aYF!(6h$oU`L#5hFsPv!~bngHoDnRB*Yj67{XZCl# zC!%b@88I?%S{#{TDJhn$Y)6-zWr5==xLODBI}$?!DZXKVtWZlxh&Q2}d+us&U|Ml` zEN{4XnRWlN1Kls-)CVB&EaNA;NUDV$Ty(-gTd(&}Ly5w3h(%YQrEs;GI@7BRg@MUu z4Q>z(;{WSqC6ccdz~aT1Mz|4iKT4+`;^X<{l7=;-nuYBSYrJE>b>)aoJWn?qicOc@ zTBYX+t@d;{A4MeTvTAE>X7K^3y6m1&^05aF&MN6PO3TjQC0_4$2;^1y4bpCH#mKWB zfiApKF^j2Waa$C#j{Tb25TZYwVv&IDU zb}nl>$`9akY+R30HCE!5uIthRlj8`S?+93GuFVq;Y2Ns`81UtJ0i#_Zzg?$x;}Myc zS}=9@&I>*MB?B18!9LcU9d^oAoXJMURp#xct_rusVkjq`-mi8arByrXs~$y z*?%HCHlVH^ZrZa1SJ@m$@)dv8GqPs#c7J>FFxwLc5p;7@mp^`!^Nus_r9%1^D8l;x z7vfB6`^$ZX3}-ODGr6&iFWi?D7JbV@=GPy{UDL$*?HfHNovS3Tvym1qT6Qj7qJNr` z@N*c66gWBhkj6Y`R+q~=O1KM$Td+~dnKy7{HbFd)eg-$(lfOP3%1A+@C-8g*ss^(i zjb_wl!#m8Old^(G@jA8rwUd!Gdxle5H?XDOa;52C64HA~9-&I(miW`~NvHsV3J}-` zLoTv)^|ocIA3pKzS>j-pR@kCtemBJxBbY~ajSdv<#&+U!)QQhRgAr&x2(gLk#LMPk zobGQJ%{Pw4s}6iWw@tn0>np9NoSa~%ic{n`I)XPR%-`*N{&8Y58p0v!?#i4R5T zQo(iRz?%D|!tL`x`*H3O(dg)w3o-c=?rCH5y`*GGNYM-bwLgu zekN{e>Brg-iFly}YqloNTTENXllf;p_1}gw`Z;Og?Ymb3#L57p!8B*#_EF&{FoZeY zI&XeC_|J#b@ra0CHbpZQQC%rRmo1ju9MB+zpupW3=LkFmC4g(X;`feHW=u;_-enzO z;gvE|YE-y>-1#|pEz|#vZJZbP`FK`>E-nq$i;5D9gU+e+8!p{nR354u@&5Z}sT{po zq|iSq`sir<_+E$Azslt{WF! zko@GBdk*k5>*g@y7Wg&!4GmR#{E#31DX{bT`ZuCD^-G2Alw!mi!R`$fY1_cJn&KTC zvQ*EFTIYg(ggtyt$vhrek zqf)siVU9gwEAj5?%{j8wFWLxtv>4(Rv zJgJ6;AT7C8e-_3(y^4tBoV>>$+>y|9YB1%!bI5#mRMgA-(bNPLFD6DSTnbzAzg1EX zej9^TVCUmkA|Jj6|LmhH_b?;xD3kIu@w<34re>mg8KcCkHbLv|O&j`2P{3ryS>RF^ zuD65~hEe?%VELoy75=;;ux8Z>0ut)=_Nl)2BFa(TkACCTOJfi(jV_P2H+Fy=ctD(0 z8v^tDSkDfhg#9KBq*eIYKpWAwooZh6q)M8}NXsvLGbTcZ4Rgg4%?mr;oKBK!LooAk zK#BQ)=WY8#H#)TR$0ms*0oQ2V4ux;F8D1N>{$FLuMHDg0(clWndfAVZ)fOuY?Ob!VOJpHeYs}|nd8c5@TMUM#3%^dowtYF#J-#`086j!RH z`nMkGCu_NqG5f8)n4&z1&=r84qRmH%rjzTiQz*Z}EGqGcaGURAd+OBD(!moW*Wl!r z){Cm3j({;gLrOsbCrc=c6Ra1D%)qU$U>DAlWu8B)VZVr9XJ=;;6*241wq}z}I_?|d zX*kl+I$BBmRT6TF85lL^nXCjPY|DnOI6llCBCa#=sJii0!_>-A-B7VU8{2A>gR^?=|3NxLt!9d`tB)H*i zlMjFUC?1*KXpd%SE@Nd{w%=gn_*4=d?wZ__u120E7E2fu@R)(B@B71_;y1F||MH9! zt*%qzj^g+lLkf~iP4gFIC9)!VR0gdThDTh&eB#CfOI48|*y(7L7A~_AZY#>6SsK^q zdReLQlU-7Z+2<1#$FzW*fouON?p0($v|KaUsvOUt42X`$RJqi%+D` zis3QRvtzp${!b()4D>b-^xHnn1j!}hwZrqf-x_(U)}7t{ms}h>yQ;Z4PPr*pcv5QQ z$Vjr^X8Vb~R0Vi}Yrv%QQ{$IXIL0mvYbu@hCjESbT6;gJ-jGIgKT%ic8MR{H8zt%V zT$}17j$LFWqOcohf9pRGkMShq5Z{F5qn{RrB&bF2cm9b6ADd6afWKEFpDhMQr|L4p z?cJ&Yng?aW&YYTj$OiGYWv|ut)$`Y`ohh~awx76YSN~)AQGaPqJ&`x%uXsn7i*@zt9tRg#9gN2rCZ|Gpqs`iH!Nvtmh_D~aqa0# z6VS!ee-mIO{~wJO{=Yi5I`fxM`7)^HzkMV0rniZ8@iC-5p@KLJ{k~~=8B$nYnR-+2 zX4CXVM}xJ^&R>YN;0-|Q%3#v`()%A!6?c!G?S)X@lPLFjd}9uwLmJ!UQFqUUL%o$KDX2p zAb}}iG81sqo6Rk_=+VlEXs+FnhqFy>Lu3epi9PVaj*1u6WTfOLjJPg;Hf?(5{HVHp z^IC(Dh5hYd&~MQB+j`PX86#7`0COC>u7J}Woc!Lt1{?EjfKDpgieLS0YGyVJ6D^V? zpafOt^)tQ<|47l{$chpNys_(ro5$AxW)oi(GjrSb0}FzTJteBMOLBg5N|F|q$)se7 zD6$`+k)0MOUott-Y{TS}l3B%i@{d?)qlZ}zAl#wR=5}YqJFkmkU(>B< z&YQ9O`Z+W@nMN&-ynN|l4=%@bN&A>;JTK0w(BEwhX13MB9b+}V+k7EO&tdo&>U#OY z`Op9a_s6@S!Uu+QXhxzL%JI*(&z-t@A`mRzOzpqNGTykEJZAM8HxfHTz0_OQAHOXF zO)8ZIOwfl?qbzX#`C5EumfQPci>_kJRNT6kuKS2)p=b(-m(Wr%$yc>4qH>nOO7dqC zuQm>)0*iPo@=N1xI?9dhpTECk4TtrZcKHf>)|B-B zSSVSw7!n)$Ce)fd*rFHTv4-NiubL>_N+88+jSvyg6*1+Y&C?tpzAU>B_f!{E!FL)j zl6#&;xW~U^lad0HNF)pqRns39{r!D8H6!C0(qWW8^xf!|DC(!-78E;Yb=VB(Ch7%P zfWXzg=z`1maaAI7*4pst`FWt{*Hu&LSjmbE$3pu_RBvV8W>%kEiQ49II+z()8WbRJ z*C2Ml-ut2pzRj|gJwCVoHXaEV$Vtx_aup)24N#x|jGMBYkFk>A5Sd7ESSU8>g|-R~ zHG~jb9B6j-+^_$h>}oSt(Jpl4{A7Zave19%Pm+kr@lrJ9?_vbA^Zp0e&M1Q?>|Ew= z>70t1eqhMm?n#HFy=`T7RL;AtuM9Duda?SW&T_cFRwV=@Y8oOi!S!lozP0gx%ic zufqjGOq1b(Zoc)qOuLi5BIY_{`xEcAAyy4S_Hpjon^>)a(7t^nZ!fOkpgS7ffMY+t zkBk56D5(|uxufngD3g-mB}4cHioq;qIA7B60E4zJd1rca=`s(U@cQEIcMi}L zs|oH+)VAs%FUQkAgQS@oRe4T6G7my}j9u*CJg%lDeb1NXA|7+oXSP@{#ridEwQ&` zcWzQjb8vBe{L_n0N{^y+gbkSC<4g`1T{fqJfI#&5m;gPT26vnW<_Et2XkAi{d~k&|>yZEW<*j}|C`4QOo&G6LrtzR) zDe$8f-`tNgLWhoQBs|>nhuJ<@Ebr}K2!^DE_7s@57r7VSf>gG6mPJh&O%Sv5dRh6j zFIkR}a(2}xc6g^7d9F5J^@*a+O)n6jd;dM4f;mp&SH=kp%RIr3M#(Px`lLcL+57D% zRIGM_d5=DViD<+J6v z)72klLy_i{=PD)tZ08NHd%)3O(t5ML>%rX$6@^xnAFX_;!(+lXFDxkH*MX4ZVQ8yt z#s3-TPOBW$^qZ|RX@6pvhDc6Gj!ie^=$(LuO^Wz72;Y-S{URrU`;Q~))HBi7gcYb! z+N$!A4ePt*3@@W3VIvNI%LrUGK!5=2nwKUbMMZ;2r9X(LbMDYugypVC2IoiNi9EBW z$=tZv5}cMZK*y2lAV3e)V#lI1mPGsm-|n%W-`Yk$F;|#Xk~Za402NZw`;{}V*a|ok zi?k9<_e$y?&@#=K^UWS%2m`4;dtA*8F6-Vd@?$anoEz7LjjSGN+0H5dhg%^mY1}+n z0v$cl1R0kfE>N>+;0<{{VQf?yYBv``DP|jT28y*dCgb;>BYuq7C|+P?v*bKgd76W` z+wpU$G`{bc*CrMs_3=RYPp!}$o0oq}TpSfpuh)z>5;RnLHw99V902pW2F`qxO1x!W zrhW1dVwOH4676ZfPA>o2-uhK5>(D0<%cnmO-xU?weB539q_oE|lMIhytVMSETOE4h zP~PdH95;}*nKUd%3gg~B6QJGaznOn=X))hi9+5xW#P5Vo=#f&o_ft5gCd!7kn)Fo8 z4889gi(sN;tRBfw4{FN8l5bxk7YsmA z(LgRHF$GVtX_Jc!9P!p(SDmk%3o>cTk2U_$UNmlu{Cdi6@s>N;WC}(h!2|J~eMt~n zc#P+Dm<6z-0*^E1GX(Efq9(1WemolwVblypJcYoR-MfsxnhH{%kdwTY(=&fS;Z+m^ zzJ_xjU#JU=YXDpR7(Tf{Ls|h^ca1o4gFnb z&VHQl!R9*m{L*A!E3W@rcb4FvKoeil9C3ZYgQrq2{rtxwsvv`NVv~l6R^&Ff%0DFT zk?fHiKeV8j+Mo`iL9kp+m2!VQXoq}Z_Ab%f@VP2Q%RV{zu^yuEvrBgF>XQnJa1VdK z^HK+PeZ?$p^gMj32_s{tf4u>b8xRE0dWpRf_4*=wyN&UM`R6|)F5Z!WMA+emiyIZV zW;^i{?2!Q$@WQDf%311a#wJ*ur85mFz2 z9m;xAj)r_qR()*58EO9&jy9QU~a*8c$Dr+ms;$V{~ITD76);SEo6WR1o}L1sCb(oiBAzXV%r3 zH8m$p_N7i)T-H)UqKaF*QSqj}WM6o`a2wC4?oLXI@zmPtFm(M37xz;WpF;^8B28Na zcRp$hzKK6iX-lh+t*XBrBzw#+dP?@hq|z9h{y~zOK~If+S;2g?j8)k@S@&97SzIZP z{WiX%hP}Abth$ZaNTzX7(cmoU^@jxG`CIn`2Q}1}SEBW9vUR=?kBHA8`v5`+T5!ew zBKs{EQqI5+jbHAIy4jAWC4SRnsv#d%)MrHs4bsGVDqp9%Xo;?zG6X_3VHB9qq$@gt zGM-_$jJ>U6UE*uqyiemZc#8dRrl8Mf)5K=M#s+@PoF?vT>g7a5L`0aFX;KEa-3ik~ z>;z9UgJmgD&cFb8qs?v)>9+nYNNo4`Y}>Icvs%C;(9c^SY`?6u^h(hOjOpHZvCKD} zOoYz^47>T^CF>a~3yl@Njdo(6wVrQ1u}l_xPU?9kj(kmo2p&r+x{OiNJ>q3=y&Ov4 zV(GYvDv1o#Vt%cz>|T5JtrSK>s*{mx_w~18G#)!!5+6&zmYD#w(ah5pVa4w8+qtv^PrK0>`~lD;qs2Q_Ez(ovz(i^0y|VF6(crD z^aL~r#K6qi!TDYxRsI3}6-z|Es!aVK8}Ui#~4@Cu{|&p^0&cpJ@2hvNxp^4*kU{8=hIkItld z5eS}Ea5nP98fH)YNa4L%u?ZrNJS9H6p%^({m@iRsmP;y98|h74kZIE~gB!eCZG2$F z_r|82Gv~H2Vp=4p*U(sfnoqm*63a2NkrsYb86^W7cM=%Rw?)t;B_0U&jQz5BFXbQR zPj=59TAyL(BO>C-TsV!ze4W5v{&gn!e7sN6lC+rG75^8DE|V*eaVHp1I7Q6G$9X>vu&!gGTJ(I z-Zqa$lxI=Op-O$^gX%Ws(m5J*L%%Ms*;N&(rn=fQ4be7|JRshMA$w3MYTPnj!K6q1 zP9DSu;;Sdc>ZXE8m!kMRz})z}srDw=Far%xI%hlJz0Iv0F$-N|1NR2w5!gfyn`d54a>GDRN}vT!SZ(z^=*Nc9S4!f z^WnZzDAUd=`AI{9v|Go6^fbv7K;R}ZHOoYS7?oB;qu%Ub%0TI`;vAVumXVxsw3W(o zR!I2=d3HVGx&mU+cAcyMwNwVAP@b^3*W-}ZOWI}|jUE`l*uEH5dCE>j^e zagTM6S;Lf0LwkM6HO21T$T6@nHjn#;m8SfN6m6`|P&q>ik^!~Zf}i?vMNWl^BYN5k zgJ;V;E=i#&=D9!q{B;ARyZoSp_>wmqP9&}`ug?mRH=59T&xlyO1IPG3{C6)Slp7ul zeC&zNI=o{4gvkPKD<^z_^h51psh-Qdp13~=@n_aZD3l*}bajtaJ&gW9#3e6OR(unB zHinA-YHji$Th-#*&9tENET6hKZ0|J>l^T^QD|Q=%2nB#1T+1Xm=(ESujOg<9S>jGd zbm{AIA96=^dt=NV=+kC5<+aD?ijK{LjvUKDWySnex~}sIkRg&lGEafmV;fHrR#9)& z_ab*mPbZy#kxk!J@QuZw<5Xvb0)1RmVYFCHXiHN?+@M~n=lm+}x(0$h1zgT8;Qz3nYsCdw_j?OvL2gK6H>YDx9!c+^sDk7zw{ zqpb9J0$$bjPpcy5mY>zmaiw8$S$LwS4RYF3aq79 z@rIK5>Ax#u1M>lCgGk0%xYfmWCzjYl5dyeh-P4CM1Tu?1I7sB-rdtQPY~@{YA?pKW{-HKah@=x zrzS;wcxe?tp^okV{??66CvLDKs+Yj(L`r~9SgO`XcbGl@{K+>Xo~R?!?-dDs=Q@5o zr1gT#algWOU^1_2`aGFi*@ajorB`!NfvfZLB%4cD*UeL?YGDIIQJPCZI?NF~{_dXD z1K*ptS*I46G^K9b)Elyl0gZ)4C%~i8h!^WxKpN38libNrQ`^+|1*4;guE@F57yFC2 z7N@eqL6yXR?E}SasO!Aq%F2|*G`F$KBjRYC&*QJ@zrdInFxl58f-V}G)I*U1mWSOn zT@x5By)m#5YdULJqM&-{Q znNerK{`WB}_V-VpGv3m>WB5uH^^xp7^o$-n9c02P)pI z;*J4z)$Vn2klBA2o+wZo0$_!X6s(UfIu(`;7pPmc``c@?h>e95x0`Tf%QWSS2J)tJ z_`l40B`+8&zsleG7*{vCK~6k$S{BpEykAtCr&8JucTL<{ckX+5ZCdIJ>r>mCyb1d0 z={IA;F3*UtrFDFR2wU)br-RN6K!kKp!qC#Q_AeG;_v6eze4uq>A(CW&A{%1$AIC(w zO*3Jp)A{Lv46Iqi$N+Pni(DdsuWG}@g+8lJKVXjNk92>6kohvIV3O>V#1us*vCs4G7s&jNxUb{ogPrw>*w*`Xr=9jxC)B3Y;MP>Ehlk#7?=f%5Diw_Qk zV?zu_6;Kp>g(jCwc}{nUm%!xpxybm(i&+))xks)^`;@0I^R-_*nlJ+S~vE)i~94OfjD zr9w;j7=GRG3g7I^*~8F;xZg=#S6`U;B$V-C%T1q*G5oJT5toqH|BR;WbHYK!!4v>j zglaE>v+1|@pQou?8yoHI!^YF1xdsBSx2`WID|B}`wn$Xsk4HD?;1P4$e4Ef~CNkS^ z-|n4pTvT7uFGawKQ?ANCkpgSvU$lK1@g zi7Yp;gQZA-hhe7~VOki9bTJ$v?w3~Qd(DtC@{!ej=38UpN{$As#e%CfA+*mQ?vdIW z5UpWwotfq<4uTyJUg{e|5DR((L#~ z%l{Gn6z_Sd^NBBp=g8Dn!%q`u7r*eJ*G9bZm-%av!VAxBZir+~Nm`a>;s+522%v(TneONk>RA&gE>E+p;Py860e#ibGRhK;J(*=^~a zyKSmxXXu1JPsR}0Ay!$t-x7Q#zlp8N&QCaBE&Rbu8^1FoabBI>9e z2=B0`<2;A_Qx6P~Rl^!Q;K#&)NH-C!gl8}cy|3C2@yE9o2@)6`m+_8u?v~!J1(lNf zF4|OLqfdDtb_@mFZ=Jr}peY&6ee;&|nB6*9a#QjB5XDRVdY>krXP6Top-jq?`yc0p zw|=XGs6nOwAzv{R>v{~Nb(YZ`w8^mC9f&jP!}E={fE)a2R-4PbuTQH!rk3Io{fjvu zV+_M~olH~84GA#q5*-Re2aAb6CYm4CU@(yAV{V!H^LcaGrzaeri$pWkoetJ_A%T;YkUNtHd0EovTV+`(@2UJTMWD!;W`n5VRJv~^IV%w-w}CfjOZEb zqtS9~^bmKWo+am*$c!niX1GhFG02vV!R-2*Wi+sY&3E9c3W5$^r?jR?tiKNvEo=eb zPdc69wjHMJ6fz37#`X>14U_OASh-m9k;}JozYtXV^?Tfw-mpUxuq?pi8x$utY~eD;^`rMnr0PBnK;?SU&wJ+vOm0;y4V(Jyy9F8oMq%PtYj$cxdjS+XA12s@mAC z?boPY&bEH6SKYVU&BQ zemg+uACPGDP}vz-3sE;Tb*>?%%7sg!d+%cz271X89Q~JC^MZIV{NLr2{AiD|bT#Me z^U4h5o<*blyt&TIlaWoPq-z~z?))HPrECck^O>mQc%^ap^^zs4L@_dI0`~r)_5+@+p~F}=fkR?MYrD7Q~vl6IB5k|1WGF45Wt`kE`%%0 zk7oDIsQr0f6rC-s^Wp<+t2>7%R2cCXENKi)sjFWuSD3;?@^*}8+zNPBC23c}U4N?| z7J&c>i~!NkOGg|oyVw~y=7J4FDFH40f&(RpC(c}K8=>g-)TmUl`lP~;ocbRS=N^4P z&$`GWlJDmklnyBYmosmJNeveDZV|toP@F?ulk_LeNB4h?GRpG_>rEx{XPz1Rk;$bPIcyrr$rf<+sPoyXggBU7f z_aw#}LH|sbWgjWum(qA#-a22+f;|YN$epm}l6H~yQ-pYc+}X}p8TEabM|`*qxc|=o z3*u3*$$;SYSl{F;4&Zm#rW^%9C*SGT=6;96cD;6;e%*Kb>xwCbuO#8fg(1QBgSv`4 z$$0m11`4<#zP2B|kwR=MMxy9vj;mXejONO_J=>#OTWs^UF`U(-vLneuWN}~F=r_u< zAwx9Axbf_^CgiPmBq2ZZQ4f!ZCHv3%%J4cjP=R)0K1Zvis}S|r2(wIYQ`j%Fvux9r z7_C`XTj?5eQP-UN_X8b>0-AKqToef`_kPhfGHpQ%F|^Jr_alN??!O2VqhB8l%pDZ(Q{@>*)I^LA zQ0|qrVohZcq0!P;V)>sPn~FVi(A$@K#gtr`cN0LqP z*@+48Z||7IGhmQ$?|}UWfHlUKbCSp&QNThZrJK#-Stg?!J~L9eoK~hng(asyjsV?L zn;R1A4Zhdzol|jBxso{Rl`E0&Qtjy-64{Yqq}V)?7Xr8sMl*t$41KjFaQ}ct#bwNV ze0FSOd0u~=R+66hU~IuAjS|i0{f)AhOAac_6yPQ(gl$T7KM#tg_}Nq4+0)3>=gBwK zK#|Sr-&_q#BzY(LhL!8bnW~#F=3i=JTKXdJY9mnoU&KW*9D_NgVeh=c z`xCC-f)eI`cI00mAn(1KMBSM#)Cz!Lp~<>*O-Qn3hmNMYy|3#V zPM$Uy9{D}mcBiwO$ym-{b?Vhj+cj&tr_J8KsjQXY1NcvuamKV;^*1>XQxjYD_e5R*JTIwDN41ns)>|G>@P_$ z6;L*elqMR!HkcfVCfRlIS=soW%nG`%y?wCU&rB)eDI%GQAIl|mK&udsG2*b4#SB=G zKs_5p5A$&^9$)@H*n97|rnYTuIBY?>NS7Lw-W6#o5R|i@`t||nX=XzYtAvp9M2ff z^UA~}TrTdrCU<3-aX0%o@1rlQe7e+^`#^KEj?RamkA~Ca$?HrqOkF?K1zxwI{mwiT zIQ~?L1t1@=)J*G40x;)3_U@TJ8auYik=-h}3tE!tpYHVM+UXf*CUr%zta(JnQSAji z1X@AT=-Hc6nQ*SnVdF=jRseL>arFJv=}f*N+SK}F>%u$6xyN#Goo7!BiM|a$18yb| zfr(<64efxEr-kn7L6&uuiX-!R!H|BHN5IG)b$BAweqfdQD@hfnsk;(hchCI z0rh}*k`$6?;NhDiG`8v~aK~r;_27JleodJ-7f*8 zgNzLqeOx;rrz`EO@RVabxg0K;x^R7q2LH|F3 z-sSC5d9dnjedP9DjTCkFa|s^Tzkf*mj(D_}*x;03QY+qQry4uv?K0_6{h2@ByfJ$F z^R`alw9tU0YoY9AXT^)TZM#WMoW5ViZ*O&}8(v!(0Rlo%f*Ai}A}1C$P<&I1raSrd z48`eO{sS_LfCGhgsqj^zDlSIP9N8c}^h0j76(B-jyI|UOO)lYq+ir2zrr46h-v$wY z3qJ9q4{*C{3$6YVv^NKeX8Jc2)!oE(K256Zisg(qmwkJ!649Xv@u?*v=k-}vENh_! z9?Fj)qKKdaGWRmIV2NnfRoQE%r0$b(8? zEWVz7s@>`@Bvs!M0H3jwGxM&Nng|Ag#JJS41q7nndiIN7`H@qAdFQ%D+kAyYqeb2 z5BX0rUEe8tcrOsxF@ZButj6uLkkdY?m|e|8F-Q7aZv0v@?&?=qK@8IuUp(51dHbVo zq65lYF7*OIRj%_~iCMZ2^UbY%N@+`HlV819PKP^5`p$iouvxpB1%=C*#JxT;Qj|WZP7-JU#(-Hv zbn4_R%k5|PEbEt#)L10jh6=CDtFhf56=j0Ez7jdX2gzhLneOc!M2ww{24Ad#BnHaM z=QeT3+WeiP9R%o2s=TqCssrLr-qZ$My^EutF!_+~!KK3!Rre6Kk|x6XHHvqqWsNU2 zG<{zZ$e4LF#lh%t6h&b$3A7HY4kiZd)2Y!|l4LOSzV`kPX;Y>78$ZMG!W{nr$Dg6Z zG(>qGC~ z#@kIB70P>d0A0#0ybwYXLx^kvct$%NGdMHFb^ZJ5xe-}M1;Nz)9|j>8BnrOjc0KrN z1xb$FTC2$XFNS`uK$(cAaF=}a+u3jgWE=0fH+KhI&sGjra10lWdvnb;fgY^ieZS37 z^xV!DsS3N> zbOd5?-~|tqo3<|KWKkDuSFL39M6QB z_~wxd^h^bB6s4Ej^N%tq#J6e zzqy_M8`Vi0hCNPM*8?x$py)YxDxqH~^~I*NO1~=W>z2REPyFnN6 zjBf7xNp*G8s16qA`K$4T9d4xMtxvmScL{fORaujj{|>nNPl-~G$NVj>eQb~a z;r3u<8NA`jb^9tn+aU0IhN0~{CD$*4_5*)fxMEqiq;|A!7(_DCw`O!`bj*i)t?zR# zhu&Jut&esaaWG+b?(Bv_cve@Ux?H7D``rM zcl}8=^S_3eeSY{@M}91oG<$Kf`{te)YUut=Q))=a=-9x)yM^r4Cs&c9Fj+?h8cqt-DjEo!m{l5-y z9H@+ti?~)^8!Ec$TSPq1huX>f<>$z3XBKA`e|zs!2BTZhUmj8Ymme418W$cH{zngb z{5;3+$DedO-}aB!&o3VF*dHAGgJXXH?6=4M;MgDh9N`_uZ$QL)93LF}gI`Zf$ML~& zd~oa!j^l$rWl)a&!T)N1;Lyg)6s904&*1L(y)xp0$d!S0NrTZGTZhE{u}Gf3X!y6}@&D8*c>MX#byObP>3^S{MAS`g=?>kcJQ_JX z;1RL=&ovA$OE8eG1-p!}g#t`lEme;8E;i31gmZt*&PNVd-TkRwGgeI%B*Bu*a{T4k z2FLT@crE;4{K4N5!u-7|knoD;tt;Otf17->2z9%J@+D_IyAw2*E6g42)soJejJI@L zy7~d{&Eu6jdtxLX@o=S+WC`69O`FyC0f_P@ZcOfF9f43lDZ(cYxA+LEc3CfX#HioK z;mO8L14u{A>NRgt&@bc7ty${J8?zd_3UB`75&rfFO~gxgzIakA60rzika4*r8Q`Lg z+nhi#*1aPT=ZY`@Uhdx}2E}rx;dyJ1K*~kL1RY%F0RteG^BzgMl|w+@2jEEP0CbK! zYz`>i+ClBpBj!FKqQHN-ubM9a%1DYk0-c>x7di|r1jM`nR8v5oX!lnamL1Urz|ifa zJ<9W!A%A%g^}o7oVJU!b{`^pv8M}`_e|?{jzg*Yz6>#!66d);gMeF?4ZTA25bsh5o zbX96eYV*{wb$)q?$JY5}&K}R5v%^$j(3iu!Q)u@I95K6 zm5w0CBKfG|KLd-Oj- zG43Be#oz11AAkQ{7+Q|){rjxaKiTnrBIAv2THf-wOHj7OO3meb>~+Q;?a| zw35!|zHyzVX;GY1Tl+A7%|L~nlXGIns;OGZ8S>|`^CjZ2+CY^dXTwykN{JBYEMmg#c?M4fEqBHF3*_-WE;cdm=FZ21dO z7pSn6i*D?su3h9IEue_`tKvyfSK~OtED|7kr3K`aRg}14!T`Tz`1&eL;FBhLr*0sF zG0c|TTQ7g2TV=uTDIl5d1}%IwUi=SBs7vZ@V0ai>`~)__VYdTLCTH6hSF}&f_k^LJ z@z1{-#j<$ImO(F(#t@qhD3-=mlLjECCG!4SS`+GY9Ru#tO@MD89*zHOiQy5yga5Ii zlWhB3>kP%q(l~kH2O7JqqsSlXL?%a)mdgsMqu}-t=%xvBsh-Ku3#beg`I(D`>_@|8 zLMOHeotmCw4?PVt$oBEuGU^+BI3%e@Sv~$Gw1-Y@^%5xHo1X#v45HZtGM7)}J^~dQ zA@+@&p`UlO?h69kDfgcKnFRS@Z(15D5Yk!6rRb)bY-+=Nz~`9$ZiyF}`vO z5D0X<3`O@vTEAJ7V{4)s;Yc<)(B^0nQ=4#+AQM$Em{a@l*3&G*b_|8pLyX65&E&Mc zK!i+_H^w15rezH8rH3x@-J0Z~`4eJ*Fs`xsr`3PkE<%XK*Mhj#tZ#ExQLdruk zFab2#Z0~ULowT+eD|0_OcvoGrb7aA3@x0Yqpgu3iV)Ztiye=}wJtJa|84n@&V;~a{ zd=l~qvXGJ1`-rqZz`L&QGpbNRLh8ole@>YFLjLfr?T^`dnD>D$ z;)@=M@-3@+(PgU`CYz6ZNxOe1p!n zeH}f-ZzS`o(-o`l-cLv_Wp^Z6qFqN@@hgOl90neu1)=04!Ejce*7Ibtr?1ymd$qOq z*o30oNI*EA}=HRN-TdC6ErtGk|yA6B3O91RKiV zBowRl@7yU&XX23HxjjaqS49)bALD+~5r}!7DH940?g9MrebiIE1MTTP&u=?L^(C+p zsoIVD@5ElU91h>Ob!&Nz9!zEjt;kv9m`RI7FcW!ZuIZcM)We8c`A|D0p31tKG`$yE z9tfcg31>m?nBIGLW20(Wn2cG?bCwv7K;-*}pB3*rG+e+zIs__lvaP;=EM4_T#br7= zVuJkXOmU}rxwibEjJJ=<5HqPt;6YERi8Rb~l|NIDTV^MQvP_(8GrM}&GCWIvtS)1T zv{C`z(SMb{&13|j1D5^!G$vR8mJ5^9>@0N~7ZYx()n9&_eK@!w$Bm_?y12$5(e!2M zr*ATgp>8kVwMT1<$hd|=s=U{}F%q)#e7-fD@d4{uN`_}QdwRIU-LIlra&^#MFk{$3 zO6JccM%{D*0U_D50y~_~3;c6}4tj4g%P;jE&zs`qJhzX&Rx$4#4yQ^=$_4@Hj;SkD zYX#2dHO__zP;=|5rR%b)lNnqGodTuT@^=oAd`JR5j`-!nK&f&Rulj6W5v$M5-pcmr z&4s%Iux{y_>|XMBIGNAtS8CuEOY>fe;ScaILSH%&0W2**!Q6y1;GL&2&D40DW<~we z*X!rHn;*o9jE{1~J6fj9AAy{BPPMi{N>S}sdDLVRg<)d3C}C?l@{!ZBL*iuXr8l#9 z-$zF5QIe=xKTcV|zxl1bU8}hYK7&#Pk(RF|L}npSE}ginov5Zw=r|JJPZ*q)iqeDk zAWHqdq-57mEP3z0i_1irp*k4G&puP%lSr>K`nzB|!6D>>nVXsN&oNMSHTfMF*S}QiqI=&<{JzQ?FvK5UK$AZNy197a<6P zcwwG&8+({(_9Zt)+E$z|>Z;-f*7;MZUjdFIy??k` z^ou(c-$&V*)boU@16g>l7hmg@&M-x(86Qh~Nh9@2JBe)is~o(_)-H;D)0f!9`S!y5 z^lzG1s@TpWA{rl}CLCu*V&!9$ScngY6g59CJ)PG2(Cq8)tcWJFWo(rxQ+_gu$cyLN z2bt2q>wy;;03W@AT9ZJVTec!jC$i#lf?PpOc(?8IY=u_w z9$585a)YfQj^mcEzDm!TaEw<#fsj}SeCRMm5%Pfm#rqPRGwd&l%V7zo8tyC-rP-zTb&*{H*%Wl1) z-(Hb%UQ*C5CP_T}?Bpq$Igg0FcoL2G5lH9;)`;}k1c;8l8m$N4%i6mukh}Nr2t)xo zECwV1L~y5quK%F%uJ;mbm7lWXr77Dvao$+!}P zLe~(O11h2}j$t-xJqg3nnTFR5_~<}STZOG}N)<3X@$9^jZoek?h!l~UipeolxcJm8M=FCfrjePtPEV}n2|4}#ppF6&Xej{o+ zUSMFFw&Q&7Y0k{X9=il&t%wxqu#}gK^(MYZOv3{wNHy6f!?JMs<$FpjKt9?=cNSW1 zOMHU@Hk1QqnDPsjH@OjNmE8L6+4IhM@E_2kM7SvUWv zPE*kW0kSiCdA66y zhsym>piv#W_Xe@guX6+nK6?b3ceYysV~z6yj0{T$jzDOAMW|DC1PVdqSFYSEWLF^d za&&k^Mp*PJKY=5WTYCrkgazPst76t}XTraw(MVlHOVOM6uppN|m|D7>0xYigQsgeq z6rl9yAe*=f-E9SX0x4T{gafq_IZTL`7MtC3V;0P$FZ1WzZ}t@VzI_C=fmMF(7R|Wkn+@GUU3tl65?@=u73zukSRJ zEe;Q;;Dh!DnlSE=S<~0@kuZt5rJ8*#UGKd;_NS*nH8&qkf&?@{T-UoLj4nuaHXVT~ z7(0oqQfO_&LRIh)XuHtlaGhw(`x}(AI z1$9YWx^%)b8YOZkTL-+O}4HBUbtd1hhKkEr1Ea@~a-0 zjqsY(HwV{Y3~Ibru*)}H#n&c!J~u>vd!9Hro=Q2s7N%f97seto8Bu^nF+gVWQw6XF z&j?rXAy^7xgTO$eo3F2xVGBmx%(AbzI{G4Ab#p)=OZ>|)g%9h)7>Srh{==sb%h$2l zN$B=x=YP7Nf+v6|^)zc{jH+Qm1ZM1;8Ryh=K)SZI*auE;X#As2!#V|e8AEY5UM7yQ z{9+UNDM#F;S);WyTorz@Dt^Xj6*m*0)~PYfDKl&#cc3-@l_HSVP5M)_wSzGnTlQ|| zLA72Nsu)_D)+})w4=0FZz^)=aeLV|Icy>*Kd-}w`3$%@Xm7BKzV%qZQ<5LPc<$zCS z5y^sy`F6xQAntNQbT1HHfxNs)Cn=S$XmXzjBsQM8i%G4e2SN=(P6CR=$*lDiDJ&|BGX9U4B07!HoE zTn|X-BZHbWAcxv)Tz46ZYMMSzaGZ$=-RF%(&)VlWBq8Pew6f$J=cjteAJ=9HKTUM> zy>8jvyjwKNFd;?KGQ}hvzA!@VQy?y(Ealxjath>wIX09;O>=`WPH+Q5UW$4 ze1e+2wH_8a%8%6Wyj!(pGI^8EAJ@ad!+*N{tlCW8>DHHGKxXcMM2(z*M4%YT8>7MC z3Lc#{`Dt;Zp$CJOwQ*;N;bv=z%V@-ab&47Lm#(KLn%p?3(BxZS4xtZsB= zoS5JplV!t~Wr?RX>Ck$1L2MVl@I#Y8E@q5wjZ!tYCl5WbMXRm{588QD@EST< zTj~mq6ank$*#nIy(Ot_@(E&d|gd}9@}pEU3OkiIUY@F8Av z^2$3Dku{TatFO6le;zm+WP1&77ZF*LT6R-5R-5e$?zfr4E@J|e_LoAjrhTmKsX8So zm~%U_TTmivx+#gRv$?XlIU0Ln;{5Uiq_@!)ewM)8n#NqmTmVzTc{Yxh2l(}xid8p{ zPw;a~%VTTgIJgMLC&m+2<2m-S56;5Bq?Lj@(#DX@saJ;T7#`-XFpUMo7^SUwe_GHj zv!wfR(=?cB{hsF2_pFbvkE;d%yVfb&h0Nm0tEhR@%e*aaP{TCr)SY#lH!Kmj(`?S?pT~3%s`~=_{VMKr_zQjlsNK^unDRN`2+&{`>oIrcS!|kAY z&eSW^Z?B9MD)sfMcff3O zaQkNL3X~lNAji*~Nr1^t^ZI{OyeJ=Ba=0!O>6bdyjp0}e-F@3=;# za^j3yQOte$K9+4ZnsL+mbMz|H9U2Y8*8Vi>Q4#swrPiQl2QS4$SP#MWyCeJA!Ie37 z6Ypz7E@NEp#oiDhDidiBt08mDNRP}j3;f%5~e@3>C#cTcu z;x&JyXZT%(czzRspJ+kfe&z2_qRSd@|9;VsT@c@?U0zlFKsiO2k^kK1%hsSxzb%uY zyJW_GRUwM9MK3+41UvOaFDN0Mxe2^Meibgd*I8uN#BL8rw10@VrFeBB%Md570htj7 zfr3d*Md@5kzStX?xyu~d%9P)c7qbW_no=mxLo!mQ>^VILc{==W zpE>&~O>Z%OW-iyNc8hcplC5i!M^YbDb4TO zT0c#!ny{rgewbKL(#jGc2VgW$5NqzQ&V!7*L{-t5uB#LXr^G;Cn($|_svceqR9N%i z1$=OHVD`k6=N6_cSYRcs;UibkHOG&CMfcXNMX3_8d!T*oO1~8CrNi_G%91}0I^ptG zv+=2pCJ`X9xH>Flpe$GO$7Npb0m;JVu2jb}{I8fv6X#qvKS2+Ir-)b!$+vC55Jru(JR$lDV-(=Vp({xn#IL_H+M11}K?nC%3 z9Ev~pA^gi3H9%#I<&U)096!tP`}}9-!0#H8Ab$&|@NW)Dj1pmbgpv%RWJ$5SSCU_4 zUcR<-dA(?}V$Yk;MlLh;PtAMcyXQdEvOoL~YpkD^QqK;SLnGki!-^ayiykK?nnadK z%qOQpckIQ(IjP3#m7MFfS=iWeyYn*4;=b?0Bepo;{H^Tmi*V*QC#Aoo^Eg3$Gwpuz z3jMN)Uw}w@yWl(hwwDuACi8;-Ot`!?McED)86tWV5ghff?H%v3?CoidR~RnX6@7im zM)O8ZZf@JAL&-TS&>~nXkD?_)IO|t%47P$n#9VpKD>(#X#-f^$B-tUE>uKYqre6~i zM+*1OL*!H+3_Jk8B8#IUe>u9L#75NXZxC7BHNvx1U9l!5Kf#+MzVUk_>9nr@NnxGA za)9gBPQsiv@&S^tx9a@)p(I^LzVwW48W{>|2 ze;71fd&^li^H0^rzzp(@YHa)Hq9kPw6J(<+ov^!MDnD&E{>4@URwU)3yth^B?POUm z^JY}?=c@p;)0;;iF5;b_X1EmA_4$0Ue-18Ss{NC8>2tPemGsGbxu|!uPt`73q-%Xh zXnzb8HPZLp{Mf4v13)sh0Wna;JIT z9~X=|21@@p@Amfu7Jq9y=D!>U>27Uw^o77L;I#A5X<*ou`id%`EmE}c?! z|5U2h=AISYwDhu#O+SPiC?Dk#h}hM^Cav*cR~H{!Ot$khq+fWU-#@t1bYGv=7Lpc_wAzDYVa zve=5DR2af7ScizV2S)aO6d`5)>B{m!tVM-SmdNFu9g^bXS@dRJ_jDIuI^{L@MCghV z^MEWg2vx3>gx$S`^wctHg^TpByO4T5nQKWmXFfV9&DU{#?jrqL5#DsSnIdM$ znuz1oNfh+Wm#_Zq81}AbhxVA2T~1m;}Fq?G8qnHB$l8#jj9 z3Z)jRJP*v=6yJx~v}F1A5zEEiy|*kW{oWuAJB5=Emmr=%`@rncu8hmf4)}hFRYT^b zU2jEAF5hJFx58)0o$tEm8-tYzd_dN}eP00Rlxa8*Q@@ZCPPBHTt73c1>XYwWU=Vla zMDDpTHL@`NhemPkw_n8}bCmgE^Eh=3I6_H)c#h!wo*;>Tf~-@w_xw23?JTCs$8%~# z+5LGsIkhc)l~Cecv5z?R7*DB)eVt|q&EoE$ss|={c4#MA!p6>O^U23AQ|VS`*Swi6 z4?ng$!Kew0m>3Yz7{^;%q+Hgz?_^}CbcS9=FSoMpvwinHHQUIHsDe5XfnI4!$|gjh zk}wwBj$m{ooeS#uzFl4T1n6vWNfA*ltF4KfNw{a@^F`$B294&+*|Toica5rakozj- zH7RnO4f${hqF04{)k!WMc5Q!SB6946+*{*v$G7Jsy2YY>i{uFASbsA@0`^vGN6JRD zq9$)4zDg&npngl;*&6RFpwV-7FU!_ie4|=!fQ7M~6W;>~ZMg6PW7I(p*MhL|iVWlz zlqc6M0$@u>Tgyrnd=V$a@lyDja;Gekcp4iM20MqL;-|sf^_iMQaXt<_^QN)V+-<^%(ZuOQ`DlUz)XF`atK7d`>E!3m1tY; zgU1@Y`6ZYLx(-44&#w7Z*_L@!elpWh#r8KRgbVgdA675g;J2Dv$= z^ap7AJC5#iwzj}!aN5b(#Nis22@VocC^Rn zgj-y!yaF$n?b#WMPMaR+KN0Zm%xS8CQYPgEm#I;wz}bdNSX5`@Y2qW-Gb?Ef@onR$ z0u}oS{@TtqUq*(#8kp8^`f{Xd{uJ6Ons8P5;Jwih;#8d$PQHx^CDjH#DHO~^5jI}x z@Yn%tXCqPf2>iL2Vg;%Aq=3JGXLsw|)v{NIStNc3C>@;L-0=#3w{tFPvh~BbnMU>q zwWK^-k{zXZY-TAI{@@hD4V+*t2I#R%rTwnoo<^@ENeD8;)yLnEiAB9YmJLm~hiArJ zeqcbOY;$*0?&34eR))p~IhcGBChe&tQP$eM(l64z-9N`nLppY9f~UJSm!?%%gZ!h@ z%q(TQ3rzJu*D;Z8nxh1JG8sK}uTIkw!%^hy;xv3OYE#|mL@`68rSxfr6N)dg2Ewx5 zwPHeQ3kmL0l%zo=u9W%hqLQ(quqVL@DI8DMl<(%}ay)2o(mKo0p*gC}YAUb9WVes( z5W+#)i&&?Z+5Dgp=c)(F>6K_hpN}m?+);bX8d1;|tj)!t|2f2bbD|T<0@FvQ zop50LAw_0SvPdsP<@ew86bn=Db}Hr%F;G#{zOGyS(mlKe2~ z>h9Epd_wYqaW;7$CR&h@&L5&I8TXPHXPLg-e4cczNdZ%rA{CxS4;OLVUkF!{B&v-( zp_*+-oVd}yji^wiuYYT%{`ea=GhdIOyAI{q1yKY2rJ~>lEJIWhbuG zHL4#RlM`ucU(kkMq}4DJe}m()s`?fb^ww&>DiF?Qwv@(@K`1En$*~wFs=A@=3qdJ6 z!Eb;1@wGJT@l%HNS5K*3j9r@)IzHr}rJ^h(2pqHYLLG*9Da{ma3<@!^ShF@>$`#7f|q9!VLdoO={ zHC(d*5NWHqJDouW8$5Rn;QbUs+pL*2K|;Zt;!De2S2dti*UlwJ|P( z$pL$VsbDPqFg}c!PN~C4VwIbg>koB7WTO2$HNx1-d1Kx)J4LBh1ZEuD7TyZm`HV}a z3d%_EHjX!p*Q`kq3RyGsPdqIXw#GOef1)RNRpT00ob!kM;QR*lm&>U#1b^%n6gyIa zMPQ`D>QwU(PNt?Sa>#)`f$XWb!F2;9r;8oNZ$+O%LF;F%r=SK)jhjCEMTcRI0G#|C zIL@km2U;)<`=4l?97KQ136=@qGAOT09P<>rFYqp7vNn_EQPlbH+id!YkBnR%JEFwv zSTS}8d($IO7}NdP>uD{wKd5{E=GMU7thFZ$x@Zg~Bvh5YjNk1 zySP5mi(u`%zdI} z5aoWVp~mO*Fl&uFJe+Rz5aK_gA z;pgy2pSx1n%vI9+eR?cvaXR4$TQC!9cFiQ$zZ)MZ_2ybdW&>zZo;hL$=8KbRwoo8c zV4P_&G0~nyZ?H72dWyb(`dDr9VbuXeUkiXPcO8Mq zzSt-8(go_99TLHdkrD-&o%?;$u>Ru15mM@N8*|H+G-fy}Q3J;i*#P!&nCM7hc#(Rw zcItBBqtcqPhRD;saktJ$YgU)E#A!CuR(a^Tk?K`#+z@1N{&sH+0~b;LJ5kpggJKx9 zcm8CTl7M|>p~}lD5IlZQ-8trbu)>MRLb4{Eu{?CZMpPXm8W9e^h_h)7kj$YbynbNo@`tqBY=K0T$jIF7(pVgP4SHT>fA7NT~FxBFceu*6_6CS=Bl^1$st4EdX zT`bX6Zy&HJ#yx&YW|CG`^&EC%Mkgp0j4g^NP-^{Td|1^N^flT%)pKq$r;qsxcV;d+ z`chD@>YW9vwK+Xgv%Rzy6qSrfqXU>_vFOvvBOWR3(xKUx(CQRT^K=jHQcI6E>ZThL z(L;SNYSx|uM)cHSAUfdK!xS%~S<0%Ec(0gh(!Xnq;^eR}ijWuY5piP5u|FfuLO)%L zfzZLUvEH3|G2yB7SR!0-0H*q3!oI4XwyQv}%+BJ16|X%P@{twU+c;&hr&@iS4q%>b z9kvxVoR3;3Mkr`UHf+@7%?neZ(g)Q~Uf&7*M%T7^gAU{^@?}_LDrbJu@cTN6%6`B; zmF`0G?77(hiNYVwQg1&jRjs`^)2G))ub_6p88n* zVzRhJh&KpOkzngk7N~s3*kwFasINFnbt~AQd6}|*r%!LPx4rWL&`wSRv^@W}NUk5> z$MJjkf13lp6Zle2_WwVtjQg|<78eHJtbh2>t$SibdKm^Yl5fZGo{e8 zu@=mftJyQjl0fY#nh!@APE`M3-&^FEwLG4bW_d<;vna77cl;`-$ucPR?IA?f%vK=d zk(-Vihz4{5KvT0bA_9Tr?J@jlr&mfn7v@yRc z5BMPiQ`+m0FA{uj=H-;ojS-_|*Jyt^Lnu79+h^PhR1-*tEW_m^H9U7Uq*5M0r_ zAsdQN%t2qVy&SL6xTIpP;Mju3%baee+PAeI(b|{dJG9(^mYvUVE<{Tu(5PE~SORcP zBps3~^>`eCAP}n~kp4VS;=DrA*?}K{yi*o)o)_tfJ`S>PxHsVCzP2*|`8n?1Lm}#K zf=QRO3fK`k*J5-s8Xf{DQ_tZW#3InL_{Apk2-H0K zE+TYV&;K{>}FpPAYv}dzEY4v1W}#0Vop!ZHj2o0eJZ2i3W|^ zVgN7S1fs7m0ifeKfW_>98<$9((}kHGen#Q4jr7y@si%<$H0SV#&4#{D0dYX%aM@}s z&>P)9e-7+-Qd_5|_VFCeJdk!|CBy@q0}~|17=kte1K2J-^Wgjh2@XRMuv2r0kB6O5 zJZZ;I0b#kC+1CyC^xvAEhSj)xS2a%D2x+Xq$Ibt!5}SxaZZ_0S6|H*@Z7~o`(#n$# zPos#nyCy<&9!2Q7xY?S>a-$uJ(2>N_!sjd>qg=3EW;{^t&Tar`SiV?NcSW#Z>;XAtDrKN@6k>1k0~+LWz8phG07s z*C#~Q&G|vg1UTilD*Ks~of5DvUT+RBUslmjf=H4}S_`9 ziTaAQ-1Q+{Rao=(IjA6f1gHVY#!9uMs3p(TQViF5%!;8_`xwTglUaIR86~_t4RzEA z3uE}kR|voBxN?O!beK68g2FEnD3vN%mZIp}ybeek6Zhxu@hMu}`fl0awq~RyxWhcU zhwSj;<;A8Jry$n!4>WxW6rB|!9H+o71&>E+Zfm3u^KUYu$xqUUVIpVdM9x^2p1B+i z)e*>!fqn@&@-oV`olU)U|6Uw<5O;4aO>BNnPxi@5Mv8VR?iJt7+lRvneP31i`(*Qpjy{TbKw@iZ&YLl7bI}a6u7qfMSaN2F(brA%6sW& zx7P(ayRcSja#%TCI6H$?W@WrRRgBVK+K6nd1e*PyB2I5NhD=KhdaBFU2oDe7hxq&R z5lhtESMRsQ$iz68_`7)aki{wXDFY3wu`u>VEf-YV6{)atdLvB(#{kJ6{k&UuZDTDp z9^8z7@yuK^TIIc@#v`)MB;w=J^2VS450U#BULZvld-%55%!>MK(!E5v{mf6r+h^}h zUmDEk2Zm%5`0MMey5HBg&Z~cuF>!g%*q0})+N>Cr`CadBRK?okTBW4Jv__{Q5G(*^ zlQVNwLdXES5cXuz>hl5Hr?3xpj~>UAXEO1t^fbtUp1RY5Mi&~+lctnFSnn8FaA*S) z78$1K|8dcmgp6+;S#hICz7ft+{OEp$qUPpv!@b+nKt@ap|WVS7rcfjcbMJ447*E!ek7WFuMn!}FW0b5Gm5~;nJ=|W(M1bI zToSr^a(>iI0j+uY#1AmRSE#i%T1@u1Hr=yf6e0kwJrHsf=9a# zvI$H{@YZUd_wxPaY5uj&lC6{O}-AxXW#pStGIH9lWwJT z&K0g<2#^wOJErJ4guPA-M~i-Dj*+5YF}zsNQ&)9aR9sRwN3S$q>{AcN3F+WY8Bw=d zWv>9f17Ffmswg%ogeYK-1=y(vAB|wjkPmU!UOli!8p^v(elp1~%-QX9xT6nx-dvQE zk8p&ZT!NgKBlO|8)JKRy_O8B%$-M7!O`V2{T%J2DOJD?U?7c71yMK@Tkp?J*P=;T{ zdB9W-qm@_*i}p9v%xw(@*S|$tGMXlrA5>Cqi?)h%7U{bC(VoQtDTuxKNSw-iIPZ#u zaKGZUSq3V?o94=Cfmpr)&ufNbs@a{dzkF;DvQoSMR5GyNo%Zx+zWxR|_!#&U=>+W7 zAc@Feyd3M}w=ZFjJ9)%hle4AzXFF_cC!n7G*k`U3X zpXix)+l?QeA{XrFN?-Zr1l6u~nQ2&0-i3RS-2jxHpeP&Qiktp2a0DXJ=wqMJjwae6 zRVrSKMF#RSJCt^y?s*#WKBs~AUfmD9bWQ4CTzwx%eW*&Kr%FnMGJPyhV*Dq9N86Pr z(q@M*3~uVnTvSjW*9~VnXN}?lUB686)Ctxx9stYjVj&&J^_`Mj1L0^mRNq|5?_? zNKb!yE`uSdz~VQ$)zRaZB?{JEzJ1}3V>NFozti*frSwVGD9^?c&$XBcgi~5nsx(%F z9!>ka?k9}~JKNMBhrArIp-@@xBN>mQD^>0sy5>9TFxs*2e*;RHohrm`M;YBV zw%G3wiCuS2oM8*k4&zzm*G&*Vi5{qQoJU22$z`WpP0I=2ur})w3>cSSwyrEhVxL)= zg{e-X+0(9>N0(30aJyf~f6bpd{}$O%w0AXTtdX=(bSTpfHCkyn_gzscN2vtkd}~m% zI0_(N=xm*3=Qm`sOp~YWnkEXI^;eChL4TiM{7v6-Z>p6peedn|OC1A`_XG;8X+i>=v|G z>#iS`00rERmhKhB!pk9i2?p1O;w9svBj!E?d{bpHRQ*>7!0Ej;`mZDRoQu9?{QaUIn;s_oANJles_D0D7eo;0T{;q^h)R<##Y9D# zh*9YvMUW<7L|TAAklw3+fPezhA<{dM-b8u}HK8d*63`GJ)D9Xk=Jx<@^hp1PH$7M}b*M8lTCY6Vfm;6x;Fo zuRD_~#d6g7&EP@prnuwb!XrmMUw6CYVW=k|jhKXobfLmek$ub0)czXEnFWeZeXhHH zt@X^?$z>Sk_?+J4BhaCVk-t`>I*2@hsb?{EEJroWiNL7nI)hOo^cvzSTOaMK)m}L zI3o1dy+7=DnwAax=3Y3RASe>s@oe2mG$fBR_xjN7Lw!Yge#lPz z;I@#m$Gx?=8T6~9C_f|z#DztyAFML*+he1qW(omm)USHFV%8X#d)uEQH&&}rFzk_&jNu=wNJ#35sDL$B{15ZKwRl(h!2FWs6@!20dH${7UZWC6 zhCS)F7*(EBImz(M4NkMp7D~3jL70AK4-m(~_OefRd$yEPPq#!^Sx_0@B}Q1n5tUW( zA^iF$W5h>Od&TF?!QfYKyHP%FUdYP|92pOCo_r4pczrl0i2_+d7q(_s9|J{462hsr zCc!S$P=JVCzZaos;8U#kTlY9?!&h=9L6x4!>E3;wfOdmMugH-qa7hd#%t&viSlyg5 zTy)Cu7F`qmkJaym)cthb^k(;`ss8b&X1h7Jv}FUXOCF+z07dK7=szr=b>0C8%MK>J zDx;!|6v|d(@%&NBb8ErCT!T^e{$8cXJG;%-#a}w1_5MI((X8zjxP-uO!9sI;f7#gK zKIX4{*;^E??DjkssIFAr@0|3l!OUwK&)5*7J?BYIY@{1w-EnAE{mOYbv^Uf24ODc@ zf%!>GQ$zfN;3=g7!x+K(2(B{eDBp=tKV?9U^@eI!;1xRPELpJ-9@cB<>E7grU$hcO zF5H|{va#MsxccCIZR%$ODdsC{x5j{z)TOFarGi}8#eJMw)D~M=d2YGH^8_)^1*LUB z{C(mW%m$MGTTJO`eVy-h#)hy`M#Ct&E;Gow|?TLKQ8I`Ioq4U{umzN``<8 zx|>9s9`!+itEBGsh?MuTvmUtvt;91 zJbS39q|iU_!%B#x6Z(oVr`Be}C>qSRE8_i##xucJyOd6O(%lP9np_qhd8*ZBT}^rX z_{b@OIwkpO^N!RMWUUy&70d~r!ybnMyATX+7^k+X>Z0TE#vCv1xwPV;*CSWGI6Oiv zG;=?HwQ{gSl(2r}bP)va&!T}(pB2u8GwVTzS|(-&`IN&)4C}L3h+?1xEGI1KIOl_! zT69`SK`a&BhSlx;hl-jkGgDu&yLcdMt?laS_1b}bvA&68F-(@oeAo4Y#=SMO zF5CL!XzwxV;8`SEZa<62ke7B$`Eb)QG%ewq@Y|avN_$|3sZQosmhpht zKQzt~(PVU|GFUhz^-@awLoHX$a7h=fP@LweXIJ{@N{7$Cl<^jQ#8 zXgBu*RMUX!wSv*Y^Pzxb&?pFNj0vug+G$m(`C>lu)>m5~=yOp=@4E}8@g;f-tas%` zZf4W3>pdek|&REoInS9aE_8@t%JgvL}W~O!ax#2F&XYNyw zxuN)8tkr+$u>R)`XzX=hz4L$mRoqtOGO5>Pa!V$b!I!CSK6n_2n&t>v&xdH z?1pCBNjB%c*n}x+NU{GWwC&G#{P_am_}{$DClScAmt-}(U)M6*dSZ+N5{G2j^{cS6 zf*#JgX+-JCI`4W?hRh(V<~3i+@{WHop45aP3-ihCgMf+egRe*CXFiSP+s^6xp4Wv2xdd zwuNiCELr!I=N1bUb&LXUuHCQP&I@gU#N;<@hXh{+G>P*h2r4;coh|E9R&G^_Jv=c& znBv8BQ{h(!jPDFCYNpz5KIs(-HX!}W_qxs5nZ-OQ?eTeQJ4fjNuFaPE%a5pwmU7Xk zN?dErS9l)|u$}N1&-xIb|5xXwSE4}D%d|RHhu@GeP$MWLSQg$7jl@KzRFb6nezE2A zq~PdzFb3(2*5P!%TR!*ND{jg^s*PmqeFMG@Tydd@TlkXrcC$5&Rkq#ZfVs#9-pRFw znn};=xP==V-EAfg5NM z%vS5Ri(>mQX|VetH{jDPV_$5D#eR)k8Q)xW)BVP_&S5A+2yU6J>*Tg2kd?VYc zN&A7zPcy(5`pB+7ruVJ~G z6!4pofuFy4{c>)yb$%5$UM>c?_8HCaCy9Rt%!B{^4kyQL;qq4DRcn8en-J0W7k|%i z)c0j^y?eBS+P5W`n7RH6kRRjC5`5Tr5bAi<=)LN8>(3bIm6?x^A2p_>%a^%_uw~w0 zJk!UlO4$)?v(b1%bPR~86GT=f{D@f3wSA1=YVoLS*xcEv8*r7H|I+SR9{#>UHSOj@ z{<{(eA-dlcKZ;f^YPqkRhqMP3uaHKF5rpc(iaK}z%l$dy#NRu*>^=5QGfoQF6KxKv zUORR=vDiOuDAEnx9`C>e2SdDW914K*Z)Kba%%+}IrEl+tMJ8Wg{#f2tn5<*W6?+0D z$`ObWz~V_4pyP(_m7#fLt))M?_O)%Q{$xsighszC&Smqtr!fD6ytwRsf^#fI2BCAF z?vn%pswHFuLI!K7_fV#t<6az2y<>ap_qjkNL5A$3vY=CWlkYD#thQ6K7`59Dr z=0KU6>%2muEg+Swk+XpTSNJU7fzkn|>o{%|8p*JqmGLXri|a?N(!!iJt zvu6u#ASx%qai75*2d${C)5p2zB~`ER+=ez5g&600jN+~AyVMaNMZHfxsMNnm6WqjI3{eoxzL>|Z~Kt^_Pn@L5OE3LpM-;OG^~_TL_J!S6VnAoJrPtoa>82==nEc5 z#J&7|L5nMv9DQDZ3ckLZUx$p+d`jTLp`&2l=QajRRiJODveF{;D|XVUH_ z(-j3R3~dtnr@HIN$W9J;&)UJ>iR(HfniBybG@zrDV%k+phn&4UJ;V$=UV?sPD|7VJ zn#6>oZuMmUp#&K|=JuylPMw%x0j`st)aU}{Op<7q#OZ3_>- zdXCepI-(uClikt1{VOvZ?KT#LW(QvemTI_4rDxt5Y%N%>F~WAz<5J{@u_ zDWJa(5BIXi-*$8ai3NWHBzjeQVZyt-!WT(VbkT^X;3}k))$Trh+T$tv(21=>=X8_% z`~sTSfB)!gn5Fb}a^v?)2H2ukq^H0)7Z6&rFb~Wff2DH)5A`MMjzPy3uIoH+qi%>? z5{g8~`KJu~H&j>jl~2xaY^3W+zbj<`X{%fZ&_RQX}g zpD|H?$~ZI5sFgOS`FJ2E{Fl^mCYdCZ6b3XOn+9@euq!zZ{(iD`pLPP2BYGz?v`w>h zT7}(*lpdDf;&XiDkS^L#a(T)$x<(ZAa?FuyDccuyuO|^ZT z+}ARG)r$&74%(~mzba?8I+53dDv1NJl-WSi{%h%LD znv{EdK-zb*}axwMGhJVNSEf=j_^Z4rZwq{h8%D*0&!HpTsuWkU- znwya#ICNLiBHK3zucm`!kB64tEP@;NCu%HCk8qL6Lt;2WwwtESOa0S|NjhJ#g%+(n zSm?ZR520TYylg{1?Le?by?eH;6)MBqYc}g?Z9cDQPheDd3>avA*MXiEDyR*xSUrI& z|Ak=+vCFHyPz;S8At|9gFvnlo-Fua7Kh@3HFMU66`?2r?$7DTEMMv&92e-E!AN^lz zwB>7)3Mq^X_@3@O1%hqJ0Rn(OL?d)1-EB+)wyt5^mCd_TKj^S<33y_qQgUF?4!CvQS zN@q9FuR%%KAHP;CTQ05kF^4;*T$@%D5zc9E7}_0}O(Xg@G);5(sVkS z;o~nJO)k5pYNVWR`Cp0o>tNV@Cp_mC+5v`{!l}klZjuVSgH>t?a?yK#M{Vfq7am>M zC*R>YYkb+}_;mBN;N_Qj4&e0DU0dK8;Gt-ap8}A6xx`?>nFc8<88aioMUZ`MbCzgx ztIDx@X7<&DXjkUIxi?Sr21kRVQN0JWq`9XA+a44(JaKrp55rwaSi(Hm7;#oJ5~zD~ z;c!y~Jn7ps4B&8+{|$$q_zmRapCBW_+yvhWER2cdXGi=@x_~q?tF1?tZpN zZ@R>6{2LX4Ui+BO0f=^kNzipDEBwfGs$CUjzMHoE>dDUJfUDv{RlB^%qP(f+<(QlG zcAW7`@y&Dv1kgSQ-k{62_BaMCLis_VX^eW@O1Lbby5M82Yy?evlFA|W7%!bDq)Sir z67|Cb`o;JY>g79diC;0YOD|YR-@n8fp4k;FjX#cT@Ndt#6HJ_7DLfjy?Bzz`qT}7~$x8vd9`(WMt~Dx=`wezYNNYFQ2{$yf`Fc_40kirId$JBEBMXL-`Gt z(Of=qAr#KJU~z;6p4b8_Te7frp)ljm(~F*9bUgBpLk&Cy_Zkz(wTudpZ$7s=ub^S) z+e8PF{M)nG$f@I&q0Rbne{c!iVa1c!RQt9%Fd>Xsgm=otTOt!WA(IU-I#>LXflIbc z6;+&3p7(7%Y)Jab;oAERs!w(7<$8x8!0!T(TNZT76Pfq}<0m=v=F!&^xFRNff?h3% zPE~W)G+=-k(9If0!D&smWQ%lv6d)oS`hLeWPlaTJKkMtfJhSg3$57oNy1Z(h-q~m& z5yw9G$T209HvM7Vm&U)i_JQ@eD43?%nl^n8zIN~JGn=gV&(}RAPOTle%pj#7NN`q@*m7U>0ni8w+M^T8jR*37+jR}NxbeTtrPGRUzPG)dGG<zv4n0g7XzCo=tn@!`q@(-0T(rqrNxo z#rIO9KYx7J98$#Pw??<`fInJ4Cw{?>$^v@9JuBBHF9ddQnQ6!Fj?lU3^UP|@@I}12 zU(2cRi5=Px=A3KSzym%-ChLm;Iym-ib)8j8&F1-B${o6j7+>JKZ*Yx6zbV$7<~LPs zy~CEfajQ<((Zd-l`0C zA{+^5qgz+otbJE#Ka|SW@S{F_di~jeO7Dsu|4%71;`-M#EMQa@j&6|s7;$yd=XSld z=QyY3bY_YUZ&{#U>-~W9t}*H;zN5EA8g0){hoKm=?g3w#w*^58%@zb2<`^uC<* z!a`D=^0-AX>=tL9`9)dPhlR79NvQ8~^HTaPq%;B@4z;gask2BntQh_B>yk;2u9FZ{ zG|9yHOzCdY$ySeK_W7O4tyEvFdw|g_^Z!ojiv3SZ-h%(@_Z!u}1e8*5nLII&zfHwj zlyrDRHDs7A!yiC?ptZ*=^mQo^`Q_XPy|#(}7Yc|8nJG)=8Q51&dFi zU!yL*k|$NqeJk_&+{F`zliIyqUFj|?50BuN6xP4yBqn+OG)rhbvT#9sujj*A(%Qg& z)EX!*Pd*LX__@dp%t#2(+U_fYhtf8tZr;y)abdY7_X+IgaJ-T9=g=AX=LO<2n{`Yise;a8#}c-fd^KLAR$3 z9i3l)DPd|6SOEkTY4b1c<0AQ&FB%4WSrBm6i@%`cG-VjP$cSAd~E~A z|GR?&Gos3Q6<7?8#-U<0CD+~LI7x|P&u7-+4BvkfUhSEHwK*9ynh2X>YjpIt6n|Nv z>qe_O0U{2qFlp4$L7?kmw(@>Ye;A`v#_pq(rKAJJ!98e&z!-3Q1d)>NPEh0#Uig)& zGRuWmt@+U+XWZ$%L)?86O)b;y6U^>fdJZdXp`kiDuFZXtFL|AJwSxoP^6^h?qf|~4 z0sav^G7MpY8)dqeTwGZFtI>_fmmV<4pA&xjw!(=;zb>ET?mh%J2kgRgx^;@cAbI_|0H-ea|sZ&djJ5 zf6BYunn1_EWpK0bhPZ!8*taU%Sao2i5lvxo<;mwny8^9kYmzX@A}F+fvB!6El>Z&l zyMiS&r}?{x2jW8AdxZ0)8Rcm+=byhj&K{G@dXS)cP>5x9deD{a7!QZGsfLgV)ut~+Z)a}jUsYNG>F`T_pvZ;Vr^`smp4$=BJ>tQ|YtxU*6!-Y9 z(KdeyFpc)nYY=Mq=>ZlM(XNJqA6renZ!FCdZnBErYh)MKvFppijU7-~mkzkyvis({ z!UY^`Uij|XTr@?2WVN5EvU0g0Z{1{4!W=hUmCfx;PdIofY+rUAJFG(gW77^I3vrf_ z!v!VvvBhG9lL&zZBwL)z-z+PWIFl(ES@G#`qa~gU)%HzO6(=W?J6Fs%?B+bzV2mUO zD9Pu{0G@x3lH$N#*I$RZG=aIwQVw--BHRaqhB-^R@UOkt$YsN_m`4!D5? zP?u?`@REH%(y;AXVFtvKP^gAqlY(;`-B%~uhl&y&{RRwiJWocOlB7eJZr{{wTWjit zhC^6okuJ6Z2pRl9yz&(*{aG2EI+sK3K#ATt)h6Gc?hetH4hxb;q_PZdYaKT$|3>1W z8iE?o1xU9l&v?PXXoI60#$)F&7aGZHR1dAzs1=P!3xtwEuHO+v%L>zpL}V^)@w9W;Wo9n z!ul<6um#t-aGnQo1;wrblNrkU-{37iilB>3NpT@vBEH>`{R zJPR(O2#_dIk|PerU{Hp+)+8DIvOVdsYs%}QCKcb^t)d49FTcApP`wMwKH0^g;$V=M zkT|4pJ4;DXGH~)a|9~2Q+B^{vKMnt)C3{=@-D^1$Xyrroln0+aX5W82c>eet$W^X# zY{3)6ysI;sQiZS7gL6Ku=)P>qTroEo5>fP*v%tcA*~UKAjEpQj@|K#T}B5}!8<(r~Wbtct~wNcrXdME^=cS~Q0+ z&j0zvm99oAzBhi{!`nnD9E6-Ub{RR(`vfq6@RwR+BVF^2Dq0F2wYjRwQ!{j4fn&MP zG};69zCXD@ty&)8#P{n6WMp-JDRHA?3`OA&o&Yg--ay>QS!YcvMLPdfq4q4x)pCF4 zdT4ds-{GT_LZq?di~7b*N3m+DO#lke0tOqzv{F=pZH zgv@FpDfS^W@UMHUXCP~Nw)`IT5P1xUePQ{zE}uj~<)vLTE`sGWe`cN%9&}BT`{^}Zx z8@{WHXNzl>#M#oUz*8pg2&_ME;ILY*FOt416e;Y+UfN~B#LmPVOB&S_#E+SshjsFi z0@u;8zco2Leac>`t_XCh`-~o5PsP0z%e|^2Y+PfoRpy+udDA$#lC?dbkD^LuBh}%L zx5z-uF1*OOfITGuZx7N@dOP-p@hnFPwW~zBtCPGk}A&Z z5jyzQ{RoGmU)g4{Xe{ppc&5afWW)5vY1Xk(H6^GPqsf!XPp{AMZqwl!+N%9d#TDe; zDW54f&X?YL>tNPQS4q?*~ zZ);C^@lJDd=IZ@PHO9|Hb}f?p%BQM0wm39%yA%qJ>=70rNJM0m;Tp9ks#cyi{7R01 zN>`h)e&=Qo(O|!v)@P_)P%8xeNVx$xR5MdJ5Km^ofM(IdnT?J~_q7)N%JoE8qv6{W zP1AAR4)fs^7m&)#+R>CM;HHT|vQqBAyU(zHtJBNjKmeo|X!=@~>lAxO)QEo85jWuL zg3r^$CtJBWZ0&l0hXK6uIY?$nO3K1T-}AzYT%eiZsLl7{H}^bSb-*ONV0LAI!dQZ3 za9=mKeKNk4@$*wx)|?*t?&!|_-mssAllkHvFsax*;#f4K2^E64vF>5@EsqV~6y5F< zh$VW@luXEkXUtYHNL^n}9o@Wjb-uhD-JXqzu53-$8;!{)#{RRFxr zC;74~w`^u!$MoyxHej<9{Ff6I=RK!l({OoNB>=7PVhesP7NdOV{>SPAzHl=ya8p6= z4nKKdDIj-XHc`)a*RBmvr6bjy=^Nu>7q&VB5~vJJ6X z>P{;JO-M%1 zw)sc95N$sQzvh)vQb}*#rKwI?%9H>Px-{XwMiOgZ3EWpBCj7Ad-kZ}W&IwL-?;eFq zaik9!g_reXq7)&nKMP{FrT-Ot_kaE!sa!%Z04qpPtJ%uNoCL_@w$>>4@JVv-kG4o1 zox6jh-X{GBUBEuhAD47Sy#qRhN+>sj(mL7CQAiKA=vDf^Nikq1{AyIm6ymBxZ|h2l zG+a@dKCS+iRn|0)p7jJO-PJ!y-?iL+{uS*8yF$K}xo*~DOXm^*i$JJd^xQR5wP?=X zIb>&9${4R79B~!?yUx5jb|C0R+j0h!ltb?jzzyNmXM6f8HW$xEd78TpJ-YXhzJ|*_cu4dh;d4KhwUs3macOYXWHgT_xDYl3$dM3K{*>HEF9qQxl1y%C%hgH~V%`hxfI`f_&^{v3WD+)zx~~ zzVmt#3t10u+jS87)WyMw5Si;yeyssV=d$Mz`e#_gUB!=S#Qylpti< zb8r$<=c%@Ac0=5iv9_v@%WBMwUr^lOkOd@KIR3BieII^z+R6|??*O(Pmcp(l621_5ghVL@QIc>PsdAxiHsW*4 z^BMkJ@|cj(jrsw%!A*`gR9$wD!N;V1w{^CKDdKqJd9iL}1BjiZYW>wJ=&_*!sNUf9 zkW{vQm>G%VOu@BP-2iKD@plwv!)#~q zzP#RZ-=5p#qvZ8NjmYlus}6_gXz)#2vg3JcCp&4gU9ODepr34salKJ_zwx*!V|?`O z=o>+x2>5$%G%_-CS#hmUi z=_B@)&qc`moDE-xKFEwqFpszXvg$B82>|u}Fb|D8TP}VZ_lHmkTv* z&VrE_#8{{?dR2T5U)#8|$Y09^X+u!c!~F#hEiX3$GEe{Gt*igSui^qrUtdRVdz0T= z@mqHj#8dU|7l<;~$!k(k4M~1N{W!OxFlymf1gq{J^awK(Y@^$ii$*tA+=#x>jjn?y zk;i^`VEQ!Uk~d7v1vlrHFBU$eV<*9Pt!2#-~i0s!w)Cxth{uZUZcSZ z$Zmgv7jABEdmS3Bj_O6xBf$7@{439930b)m&nLj56nW%T(~Og<;SVPF>$f>=24fk&EG#I`>uqhHM)3+gNI;`Fz4)_ zk&3ijaiVfoe)SRN=EFVKLe@TeMpnlAecKmY zN5v+LCT5{9R!hH5T^O!?_LS&8Fc&k#@^^34EOFcw|B8|!`Jed#j(@Ot@BEAKo*u9$ z{>nkL{CSEe%1WBYFL00}BJ+)%qxeM)My_{gahj8}vj_8l$!8(N(b~xXTkPUX-LL8t``3iS-0c)8fLUvfEvGGkgC#@{CiBP{=AVQh6$c&B_I6+ z-$LVyd_(y(d09%`cKvx)mJPeYUawVRztBN^?*`88od+9WfNmN-iOdb~t)gNZ1g(W9 z544&>1>=6DuJESRw_Pb0zF(0s|IKTNPl#Y!bPVF|ykbed*GMw*#4+6_Tlv49d*UiF zh7p!9eS5cmd6E00tRFXR$hT|h+6|d^V+aR(`+j&w$Sbx4!?iP+fU(}>rN@~4A7y^b z*{)LFE3OUNJq7ij&<6${HoUJkj9`$pLR)&XJ~PbYxKHpj%Wh-FX zHU`BqAdKu^&1DZnfJLpXtw-S{w&A^pgJa*>o~rLSLa+~Vl}Ehh4tqxq+y#A8{Exoq$lS)3FJmO^Mwf<jp8*9bu+Nk06X{^A7g@F!g!h$PJfE*;=+ zwNl?69!TGLk~XCLt08RZE8r6H|EPS!|GPFdfH01iup-_$k|IKSebg;1S9cbihTIG) zSRGBhLU|OUfFLN`?kULQbLP{0X(k8k?z&-{$WkzpF=YN9DuO<89I|f)IXWVu|E|FD zDd_Egs4Vu6;V5W9>kZuQRBZUQNobb%^82>alix2iW%!4FyfJJTUNkUSoEmWe)&m`& z3r&;=Hgeexgq#lS5<{Gjp|))8`py7Xk{<50C(sa;Lkvu6vKg)Wk$^>}S}e0Zoqt=x zKe&CV0~5Pjmg}S}iq(982~gUUQa=9pb@3vt8^U`2i5U?WZ#IFZ>SQKCajNkR zwlQeVf2f?>Kv8~;*Lr^zxD_`iI^FFWG2gl_2KRknGFravxh*pHGl;vebpNGc5*U!} zufQJnv#|pGLcIyQ**{~-&U#;*6L4Ago{B%~9TJB%L@&iNTny_HZ67`&J|tZzC2LG} zUfvPrb4z0S*;Kp3V`^Bs8pb`nc#O_&lDe_n(fMps2Tt9YSWx%O&B-K5YBrdGEDz{m zRDp05RAEqIABMJe;TI+eQ*AW(4uRtx(l@31hsst`P7suXqG4?($>4wdLxsyt>aXY! z{0>m4+-Ead^D))BnKZi6+K6}8n_#KV{4PV=YJ(R8(l2}6s@aUgn_;sNM#uz%LWh2s z2T^C5GUN3fY#s$m**ecZH>UyH1a522F%cj{1JVUx83%A9(!^K#1@zo3YRWiP<$3$4 zlp2*o^mpK7|3vkjiHeGjhWn4l<>~BMtiulkH$Dkl(u1ZOS_54o`Hnmum*siTT+6Wa zWiZ`Wt=ZL}eRG`FDdj^tpQMmkgcYS5RQsi|<-9YG_FXaONjHNW%w`kw1U+r7Cv+8mONm7g&^>Y&fW}>T9yOsj#-q%IQ`$xP17E5`;&}}|^l1W*0 zf3z>Z&%TnBD)SH33)=E0tDOWX*0od~ylWwp^#VKX@_l zS`+XwW=2!4xq|q7as~H=<;Fewit|g)%QrPY7=OQia^ohz@Y~(kTz5F~S#y~FSu!e% ztJQ2gT5Iaj04M~$5P|AHFvb1=k2*`s9ptMP;pZ$uHQa|63zj?eKROmle%uye{}&%s z*@Qt>JUR9}6Y0ppJ79+72ByDB6zYyd43b0JuMk?=XP? z-*nVyL$Dy?CLlN-)&sDX;>fBKGJgz}ixf4VWcp=1`|LL&9e=2IX3X-VckO~rn6~lO zhIr-Wr`mVN1POk7CwSX|JjEJP1dsw4Tu)1)l@8>F+OuqBHa-q)>r{&7JL6BvNmLiU zQFo-q-e~-fD8CE5_+J(|<31cnK-;4iN^ra})d*W0j85k?_fMo-iwsP5FBPYw<_zE8 zN>Hs4ucKuiNYzJ`{VXn;?Q+P)mxQ+~u31x0b+52Z$w0K~vD6WZxghaj&Bw{! zKz_(xUp&>&zvLYd{E*Ops94Be@ z{d2bWFWyQmx)kiODFgERVOVs(2ZN?6K}svkvL+I$&LO7xtmm41>y3h!849{|Zp?|S zZgC`|GdVId=|-7B6s+*9qgT3VQe>2es+ z6a!9G{yR-K94I=Ed!n-k$HuLpU$GKYzGYiqH|XfFX&}`n{CxY^r8D<-;a$=V!1El$ z>60Ia5l$ci2{UxL%IAvizL|nQzU@IDA~XHdqYq+gdeh_%f3?5r*SB6cd@DK6q+Bv2 zfI;zY*yw$-746(&#NUR|(bk4Jwe+=ElXuIt2Aom;lD<1TnlgA@Kn9@Q2M0Lf@Qq)s zAxOshv6!BSr)MMOdsAOr!Q3VfQTb~&SnpkMPs#pkd3`IWdmxppOyb4YVF5cXIR>)E z1fF*YNMacAm3{elJ1lbV7sXD=*M4YJ69Wd@^Uc5gjxG&u$sLxH^Yzf+tU=^jh{ zV!Uy5r(I2&j#Wn{d%N&*qdyF0rz^<+AD<}JlrW+S!JV0c{eH2UN}kH%3_ zG`ePcZQ8+NzrT*lTgw- zGTqui-mPe7R3gfet$w_%3JqGCknhHfui$nuXAmrT&3Ubl{Zq?vy=*~YPxA7uo| zE*pU)LxOOvtoG(wOY8gFZSSGC^c=IWao(|PzbD>+pGFK;C*h*H*&+cEka}_aYHt-Q z%d38V&7TkA2?op``hOP3q?!*2U8z*Kt%iD7kmwv30i2zGIrIU?n=aeP;EM!Qbg(Gg zOy`U(TGM#{8p@wokrg~Sb~QaIT^e=S-z$H);M5z}@i>&d-kP4?mBVSRp&LBFFmHMP@+v52w2*nxPG z95IljivL3@g&Xv!5Iy0G2?2B&fjNOQ-&e0j;`BumA%9{n4bJeg#M@D6wn5J$kd7WI zxKkV(b@%p@SaWd;6wJ|lJ@;XAxN_HF&PD7LE4tgXv#B7_-;YUbR0$Tg%HquyS%F7B z9{&U&F*UpF#j~5(&DQ8XPbotYIgKGPCtatDEjK;ul3K-Y`h)dtx$gL%XIl<6hcZ!nVrMs9Pknx8 zg5DKmT+y=2Dn@tuhZe?gJG@`=PhlBWta<+x8zW>^1xK%exE`Y?O-MU>N_UGM8YqR> zDb+n3lMZLSM7%A;%!pIUUkF^Y2_xJImj4;dn*=3T8s7QV-q_j_E2qAr8tZ(fFf4QU zODytyg~8slE&F)qhL`;O|9|)Yf9~!_{9ExK@Z~?C#Sx@eZvL3)L;8Y?K{&5N=(W8n zmcF{>#06GVK0vyNoYR4)^QUV24egjER-MqmgLk!;h_1fbqbysnlcv{O9qO@a`JUz{JR?Mo^K|L@imEFJmdjsP)HQ1jkcc@@n@0LG zSUrQo^S{Q9EbrQGquvmrfCaM16);{2#M1uab5|M3clNeuQ(gMTB@Xwz=Y~SVxR>70 z_v+0EPKJ%`$x0V?mf;15r}1SY8bc14M$l!&y*c#0>g zJ?UXq`MT7sIhRd>5U-tQX|munklZeS>(tr(A5WF*Y^;}8`Yy(5NfnuK=?ia)a63IS zjt^xCGSL<~Xf`KV5eH$>x@Q+;!0f;Bc@XUJldm#5ji=mHrgBGeY{fI96}Ux>6SaDz zXleCNKwbItnhu1_by!b=Z8wNc7R*Ls!cq!(suW*6ZRh2!9q?r7;o;J~TstJ0oFd2R z@x;9IRv|Gmwsg9-_EM4{so@NQ5G8H06xnhi?yy!#guHNjE0KZO;tsYjbrDv*uJ@z+ z;r2(TDug6Zu~n=^=6V&A<;Sm1OrE4ye_<0p=A~6^`kw8as$;U`TfJYA7NX!bTUxs1 z`*qLXxd$1F2G|JCcQfrKB0XaaSy1mbJH94}cw>G>hon%;;_mLT4bmk50 z9`Jy#E<(?4BOoN}3b%1Lu}7`o>*h{pEbT*T>4j#uqS;Fyuu1)(GV{5~%5Z+8pj@G@ zjmw%%l*EFso?1h7Ls`hmjVY38di8xvgixNqp{y^>$+tE)~Q6e(H{x%vCO%;c0G(HMX!xpu@ze7NqU znQ9osgoQG|oxioxmPE9JimhA)3`5^H)z`=Ca#9<}f7|)qo8ge!o2oCK{j;=qVWN%vdb69oL;iR01e^{UlJq#35utz|=*@M;5u*x&a{4+&n%t~)pPrd~&qK&g z$lFS6x^P{i|M5&2B4_j1-vYqi|4_Y4LqMa}1xWT9NS-bqA~wjw%jK)5ZR?vxkS1D;9hkHK7daF>n1fOzz$BvNeBdXjolPtHxwY z1-~}Zg~nI!D{1hxD-um>)SrFJf2s1D-dld%l_k|mGgV*n3AnP8#Uy6d(ZE<1dJo)Y<2A zh1Vo}aT!ymX|Fd#ccJj5k4T7?)TN8m^vYuhIg&2^U=1DRh%f26b4AHo)~%!?l{?!l z^qBLen1;TmcrB-?vQQ%x6|-64#KYgS{6}Mb&;_G4)&3w4O#=d5H(_OGM4)%>>+|Op zqoR_G5-NxN;+WgCT_SJjh0F{-kpa|#MMec=cIUH^USWEA1imZWE4AnmACbTew+W5B z5kJ#vdD`Tk_C|@++>RGHX|-bx$h}ib`=LLgjQ+t1d)OYo#9gaL;FH%?F z$K0!z%b(8O)M73Z6A9HYW5N$$0Xk1uus|Ac$FTfC?Inm>WyuMz?(_1h<(WM2UG6_*MSfu1%7*Mn}jYDq{6wCm(`u{GeSKzxcpf(r~((WoD-B`I3!vZLRdnG#}~j z7qn?yt_HOzua^+H&(m{yA^21f_2LNymP_>X@s)1ch7fkQ{WT!J^2X#Em&|7W7;ObE znclX&f>6Zs_Kq<@LfgFxEO#(c?u)KB-^&8Wsk6s^eyXZtuc2D(Eg26IqMS`wAsw~`PxbZpG=yacZbX059m2>S zl%Ua5^Xll==ZsmbQ{F62$ssk*qdi6As^*@(vGCn7rPlw(-g`zh8Fl-F&4^b!H-0@6VOQIHNsKtMnV9h4>|^j;Mdr1z2_QUeJ{h!Em=-u>a8anFAD zx$ho(-!twVLm&NMMj#o_v(}n(t^b_=U)kOw2-nF1Ap}JzQyDC8@a|M-Ze&mM1Wv-#3YaU^ zpwY7PL;F(<@kfIJ?{Z}Su>y4w%A9f42YN^99;J)OlIk*iMe0WHxDhQx;EwdDbN1|2 z`N$`m0?a#sW?y@UMivhCoX-?P(+2|xN7h*5%G0VTOwd!Rfv>^!CPM*+q95;kl5u1KOu}T=Yx3wRT*E1^NofI zGpKgdE_(-s1Oz;r!JKbp{dF~b@848XVkP?`{OYlLiFu%7tOXZkc(jgRu|aKr0ka<4!$)LlWa7W>QOf%I zihNKTOc4p2+t6|uv*Rx;5x6eVCxF#DFw!N{XEoE}9-xzQZiE83!FI}{r_cnNOM zPf&L*Cf*{@;zZlk0?PV+jOFjZh22l6e_njRJ*282-#AgHGbbP~fBjnoOjmJl{}KoR zxde7GO=_(f#3-yEV8qt>z(9Q-jrw~rlW|A61s%C-xAwpH9O}5Z(Os^;N%ihU>^WHu zjgPRLonBqRPBjGufnUN#eAswjq*BS;?6v^i$LnOAWOPBS50n4bDzyL1|6|cBEBh<9 zw&fGQ{J8gdYn`F8EQ;oa09F@T+>)bftg(|iZ46)P?vEaS!wJKpNgZ=^N%_<{}jglo5 zo!kttJ0h@hu}(Pb_9rSm+6!IRiH0Z`D^V9~yx9kiMbs^yM5&vhRT`qLW_<*jV<)JZ zniGTBC+vHZ818>z$-Hon?Z)}$B}iL?`C!S*anuS6K@9boL_r8yL-ZR-nqIcrK9zoj zfUzdtmH+0=y&pO@yqiGoKF1cc7In!V!t{sC88Y98%1RKxg}fw!Sf5oD{myLS2(h&6 za(n8}t=N*IWBK3&;&Z&`wY?(|1|$MsBI$?<2=qHJcgc8D=;+Gag8ql|k3YO$4t~!# zqy$bF+Wh66$8L^3b)Wu644RD;^MG(E+4GFyViUaaMtnvXOYt9l33{u7F6@~8L;vyG z->q1=oxp$W)7KDeFjvqE1ov@x1PrYogPuB;w0cP!!Z+~k-8Z_l+Xgce{g3Y%4iYoI zEGEwytMtgm%z~~|lH^VE`$=-O$TME?&0K!!>(0rPxj_w!e@kM< zXozeCw>494LL6EwCeZg2A$q`M!t(^-*^-5kI^?qYeSa9IpLO$mLAK09auf-lJHS7g zZTDQgtOTK$H?A~%>a(Hg-D~sh>9_VT(uKp)#Zvv5%UlemUoS<->1w(yS*SOm;(B~z zVHc~AYNoNRDtL9(fzRz7W&r^KKS#;Q>;0rkLNz$t@iq4g6OC8@Q@QZJ%b5$Bo0{61 zGG}%ab7)fm1~99<>Ww~0@wF&M8g=Fe0L@8sp411f8_28*snlLG3eLn`O({y-$6?kv z=!Sn@vkBmJV+dv=8+_`#a7);92y{uNlLcr~RA)L<4V5&QVUd%AFnZk|3-buMG=6o% zbU|!cQh6_aGbJ5N;WEz7rq9L1N1bVx&|E8D@5Vk_6g3Q zxKC`X^1C79J^SHT0N|Zhu_5gM8lEfCO+1KrGvECc3J<0HMX1+8n z0JLy54XyR_?wGKvAtw=-ih*nk^Z3PHaC1+u<~#5Q}b z13m=ixSQ$xBnj4SH@WxBh3zK{TivxI_=oH@>`WDmvWHD+{~;3qB2{3xDr}5Et$4krx97LbGo{UI}BB1Zoqn;+lX25<#yynnyf-~07>+0V)^fx~KFWJlA zeBy8Z^*3Mrn@9iMcl_O_{oOzQ``!KD`1m(I{*8}+_%}ZOjgNoh;wBs0!_;biOH`U%yeDQzJN)A9##=`6(u`lXyvD8Bp8>XNo(r$yJiyuE#lJyMlAPg^m}?H;x6i9u^dj&3 zt+Lfcrp1uF~0w=zsC02(?K0untEP)UJ$VXdlZp%rhg*el#2fv1`c98{|yQV zRzv3`h0``Psh$E4=pSnHzmw_z%dh=VlI0J5U_hE9eeXQ%`lLB>UUZgi`}xdO9nl&W zNrbnw@!{+vRM?x?z5{k4vH$*d|LZM%|NLj|VoTP?=sZA+paqTFtN|7v83uYX zlzwvWU^Vqb#ko_wyy;V}Q9upQ#r-dt0sm*pa{leT)!O%Qn=y)T3>-s$AbCcy*R=p{ z$!Lc+I)6DU4>|aJmRq~ZHaqF(OPaj!}nc$g)wgrBX{`D4mE%7g$yXMtFu&FWutS zQy*y`Nnl0#p92jIlrN+fS^Obu@;&FUzrJnv_5Z$57Di}r{CFHwm?$atAAav^yM}jE z6UqKe{GTiE&}AjFOn`b4>^~B9Rm^JTTXX&qR!7C6t?JJ$9u?!H zCAsymuBma{p3~0wu7!ypH^(LAt@gl?9zeGWakPx_24!5084=!=aoFi!4Fc2PZLqVNyd zho03gHC4Yhjf$FT?V+43ync)<5`g6GF-d;;LzV!akDUMElfiLr0<5$1lPU8UbEX73 z+lwh5BFY9Lg(d-`63s=t?596u{cU@lmUvh$v+wa7(AkMNIeq_j0NQj0K=}w=`A}nm z5q1_O)8T>oO$^dRQcX{9B!_%19aOUxQnO>Z&Nnoy=dUo)Sv-!EZ6MV2+raQci;)9( z5FslfYnU{4!{rbE*g?FD(2ya2q4Q{iiM`$(q-;Y#I}&zWTzPFTUVw zZ(?5~Zly)PaZ*+BJg(s-J|$>jC(WV_a0f}hQW!}noz#WpWg*jz+U@{;BMBBpuICS; z$1b*ypoaQP7rgpb2)AHR zQp!@$Ss4gVk7Gxo!ShLdEM5U4p{LNM)1Z!}N~buYRs^1G(0`4o~8OXQB}_ls$?tr&^3Dopma zuT2mQw2QehdP_rcpjydvvCD`M{)dcy;-sIS`~9O&r1=)C#P*AORv&+lCIu^i7btIv zs`tuY=Ymt$VwqmFE8!&ZG}x0DMEegth1)qbF;zm|dK;-u$n3|KO&Q6_6^EncPpy2^ zFVM1W+N_i2x3O+!gb;KRjLsv6Ei+n?8xBWLssABU&`-R0s)u4vPx zxS!l2)#o~6?Vaq<+Y_3SM78glLR)vn=XYn!mZePmu`R(;tNJx7*{O zP)>rRXidzMhI7FnW4D3UjD*gIX~BzZRmC!tvezipd_*20+L{)MZ6n74B7 zhPpoyrhKO|oFaR6Cx4@_-g17L{=;S?j2W;tSr8k{1DfJuxX_n`do*dW!DUwy7|X&Q zwPp;~m)jg^vfr{$i?sZCk5lpjJVFTj;Gj)gg@e z87{>H9tlrKqZ@|)qen9TASY4IO+i*-*3bHhUtVr%QL5FmX+vrAM#=yi#-=lGq7l~a zAN|tCzFOFz_KKj8l2D01WOt78Y^|(c0^L;t)t)kEl$`kKh)G>Tyuic zCoG=>+>v&d!8a#NrST$t6GeXEmw81>?t?@C9ux;-;#glzIEFBJ;+0?Pe)Qs}Nit>s z=26D0UMShq3Q@f_3h{F>E`}>``gTEi&>dn!4lLvC9{DZlCbLrB$Mmk?@Zn}Hp;*4R z6tR5qLd}Sjh0auOtiq7Zz+P?VJE-i(&yc6$BK|gp4dMq~0y3&;a(1SBFt0G6ffjl* z@l4a%{q=AQr{=?w;w0?hyx)$5OQnxuAec8&H59g%nNl_q`9+J%QALdZ^}1F^1T+&%uKPg$W-sk z>;KVGGh@Vav=xDwjVSm0l-sukkG=1yDqS!bIUW#r-=mP4kj>j`+RV1rd5J)Q0;PcJ zBmR(KL~-=?)4rO5JEuOiRn;AgMH;OhHJ(0{!PwicgbaiZp9e0c#?n1}L}zB`DT#0= ziW1I05Q+vZ5j33=p`H+`P}1Q1LE7hGnI}qWY!L{LPc39&Nr?8BJ`T?^o^~0ru(Ftt z{YZzr!QYHVmF>M)Hvos%$j1M|Tr=s<&KY_T`>>trw^Q3g7AAh=X-rK|P*DDk#f-jp z|4jN2?XT3-D8$#q>;bX-ajbr9qyT9O)KD@OukMSr?6(n%f-;qODr_%Y?)+r?8#(EI zr+rebg46MJYBc9kR|vzy`tUNq2w~EKPzKB$+csQY2A+wNaFukRhhxuvTqUm3s4ZIc z-N)%_4^4j4C|y+dg-{qlY+xf}Xs-yxW9y{8OMC1U-axvxN&4QL?iE5=96zTKUkRFz zyH^Ly-|;g8!aI9i_SihJhL@vzEHs;+VuRX)U!!hOru4sKc>HgZh(#gL3%*!^){m3X z6tnSM5bOK?^QX5$kIkzz*Y~LSy1}ejg^%AD;7tPgWKo*O%Tzu`kZ3r7%*y3t%moVj06!Q&ofq0kOXx}et3y{ zQ#!%RVnW)-MNWD@S25(OmD`GoTFK*F(YXUDTE{OYqbiJLt;8Tg%sNmTuh}@Q$rKtv zv`1g^Kb$q4q?G&O=jJ2RcfF&3Zu9HSHfxE`nJx;hoJBBOfM>v;Ni!Q)I+j3ttT$DmQ^!N(BM2rE@xIPuWW&A8fAHs9y?Vi#CbcF}RHJ zuwYqn7EouWAj9PlfXv|9d5NYp^dSxst$D>W7{UaVT^nj@hzKy702rMzL0isXcCEXzXpBtHuSMHc)q5W(5?D!FDw(!V>aIDp zEc6F+q5-4=JQz&%i^qsh=o|8Yhw#d@Hq`6ZbB>(D?N0^EmOrh8ML2vEdZTDRzdgub z%^o3*t#T2aYaF1r2;sQ&GgZJxSFZJil7^AVQl@3FrJtcXhahL<-fzF!Aj}Y*zvKW^ za2>V)Jb~}WfaN+J@*7i6C%ac}F?J>iR#vsN(4bs7?%Ue@)P`Inv72>}MwsW8>j9Jt zE8E|72{`2(OK9r6+C`cnq_1OyEvJq#TAGgd?aH5*ZEsUsRV8KIeQKoqox}6h5ngsm z5o3gRAcQNw9UdPj$qiF}hYr1(c2n!*h^^jY!O~sd@Jt2jp1z*dcLVz1gH?4#_4Y{? zw`N;efv9(oq&(%vwideK5dq4yg2uG|$A^dp#2^3+W7+KmU(&o{W4%H+8#o6BA< zF=W8HXcFe*8+Fo}OWD}@9jfK>7(luAFeG>L=VtRgWV%o7XOt0eeap3`AGW}=M%@pi zc8BpHmx08C2{%m`FPy2|v%K3pacuoNO2uGsC}wP!cGKNWs_puD*AOTPapfnW0(CII zyJk3vftr4tGpzDF9WCN&jy9NBcjj)6;|zQ3_nb!nnqLii7656g93NR@BHwy_oisH? z64;XS7`_R+!4>JkXY&1N#2h0Ue#w|00pJg)aS@HhJ#N#QAghrwpY_1&OZ{~pPl-F< z{*aMt#^%)9_585LG7T`L0Oq4A9*_&2U{6)w1ZkqJv&L*J)Y#cmia$J8bXlWnpp{8V zbL=hKAme!E>dUx60BEj4v?ffVLD4X>AbXYGR^KRT%ve0sINZJUCBg?t7i|`M1mreu zJsNniVVlt#=Z29}41qO->}?iVUsui9U8vfh-k2HX6jESOll+(mo7ap@$KTD6j+7yN zKNa1L{;0nm+YzJ=p4;zF@$@_Y{_&QghmRL^>MWFk(1GJWLdzz0l0$uMY1N%kxuHlS zX;TyJOPw{vqdhuk;a>G8pKFpC8ka7-Y??L4HXN1~0e6G7iQD<2s%7sHe^Jx>s;h3#bju?*qkkvuYyY>(b=Vh8C zhlq;ViqBA>k-8Sv>-dL^Ee`JsTyDfZAVJ?lfPK%zFkp|dt}KM-Oj;YM?G(Jbe>I%H z!vTzjEl{t;MGIdSpGTxrc&oA#(a zlbo;&=hoI%s)EF;qkP45ch<|fDw$}Y&IHT#-$-|LHguJwjVepUj;xD++JMh1&NvU& zy}4kOubeg1d6H{23pHy8G3snsl{Fw4u2Md_Hw9JK6x}-YM;>=){;+kZ!V~&yD?`m$ z^B>G^XYmK7^*vyee zRacr&U?z`Fj%g^HH)BbmXRAxAjl-hd;++^dKkfvp;Uzg&krt-+Yu7i3meuy53hR(= z&;rPw!ZdCuk`LaSch!SNi}xgRB*dK;p5@mPkbXW_yB+g6r?H?D%(F`8&b_UARbF8g1lSkSRDJBN ziTU#aBi&8%6Z&!yw`!)6NL?t;w68iJ&aGz^Sr)(lxN$;LewQRUQM0hNXKO2Nr<}ph zYoK{hTT@_p$`b@ALr*gex_U^eJHn63=aN0cJe-9k=N_pGdk=6kOo_JcQE12 zaWWajga9KXKR@={Oo?NKwl6nCX(Q!B=FNqThj$JX1Xx^N9XoZ}OT-o5 z>cB3t&?duKU+>Fbl#uU-4dn-E?w=_%=ZjoeWBbB;DB0c4apnqGT3HSrun^_5Y{mu0 z_qys(-<5RQmKKm3hhn)GC=N4USsZphcz0YQNeD+D#8R)rqZPXnAs6>MnV~vXGF3#4 zAXjt6ildE}ndBPqbhg1M6pK#km0*<%BW)olvFLW8uEx#5ilFbm#@Tbr2u|T5?5W<3 z8C635xJ%6`BbNrUDD$3;f6nOLoZ-Jp*ucVinpBZliS3TX9+s+C7WK=uf&x=Vd_{k_ zx--9iKd_NtJ^qkgf_9MV=`+iuATSFtctWOK4JT~ShK(&liB3xsC0Us}FcTw^5}xA9 zs|sJl=om5WZ1ZV0oq<@UK2wU&P5d?iRY@4qtDhZa_)-p5lGnowH5MN=(Ri- zSv-{!?L8B@bo+$5dVu+wf2xNl>tU;^s_B(uxO_Y6Mq#4HeO(=$du-+p$$&rC#r;dl zUfcbG%?F?nNt#!;V3(0hJoW=>p&>)9D>1IyEVpVs@Zvt>l27P3Yu?TW|2R>%M1}^S zL;A)z+*MX2u(R13Od!VhU`ASBDJGv`k*r3BI0Fp)#ghsVd1WA*J^xXrbpeho*W z#u|d#ePOipMebf^ll!D<*^2w5z~`ctyDuD&kknPSc6uCQkXsq(nxk9CyG3_v3S&D< zJjy+|N3*LvXz;+4i1>CzM2JGfpYh|^^Hmk~=+l*$Y_{y+G;)cso?qztclYN!UI8-R z#ec5x{Kpzm7*jk^A1_O|3r2q;eFHAwsQ9fL;yis5&>@?p!OIxiAI1f|jyPi}Zz zTz?11#G3pnZVndbt z)}5O2j*MX=w$>X?e8msy9p_fBJGJwNR{AnTe($1a_dv5@%VN|63U+cDl1JF8kb6Ey z@=*qH@9x~9B*rvT{sJIePXLb_uWkf&J9y2M+`}S|b)4vd#?bfKEDypdgLORov$J2O zutbey41Ig8ef{Q=w(WTZi5v>TcI~ZK?M7a~;&V|EmOU2VcWka!l-ib*V36M$${%nr zmuDnb^|3n{z5cyIL9Pc5-H#~pUWd>+gw`E(XSO0MI|U~(Y4}}ZYx0)Fh1&%#k9RI- zn&rJqj5EQVL>W8@5Uo~kcQW7{T7uTb zQeb2-_lUqtnjk(xFqkehyI7DiV8vE?Ip1H?esE*d^u%eXRGofpr6O$YAW4()yh>d^ zK(sLxmj%H&WJJzVJ1xxLK{b?P!@0ao6sFny@~%Dn)m$Cfy6vEXebrL4%g;8Ur|zZyZ5@$ z&-PlR{E(X6#{~PIk1yP?#{cE&j%~byS>WKu4BOp;q(Ugw_xQ@SI7l22NPgH#GX)HuCm6)}N zoffrdNIlG_mZvz9|F9UP)x!g3g4$!diGEnuES%BW@@%hcd=k}kS6p@FaA`&)^ix{5 zSnZ)x^TInJgES$Z!8Pj;M*4d#J9+fy^?*HS#d=6WB$rW@`|B+{Wd7+EccJ~hx6R@2 zE8kv_|2EQ>40|L#`fRqHkh`7*q(T>$c4izTaIvW+c3Y<2`~_6g6Z+EaS*h9idbdM3 zGDY2V?^%_Lak3r4dQGWAbz$CPDHgj0+lA69rr3VGfwa(~x1^2E2Aao@CzB^hhF1N! z5>7@`#Hzf4`5<0#k0l3sX?WT*PWCwssu3*EG$f^22U-yck!l_s4t#{vVta!218mw(CW$SPW(B|Pl98drn(LeWBRz&Xc!h57i?lVO zZgT+44mJKx67=L(Zc7Zt9>9Y-=)O&eyl|S_yT4p$F~=$gk*mXe*$=I`p=|Ligvbgq znEXW$LL!j_J;5lNdw`pU{zrrI_{0kzKRyTI+C{3!&_%-PAbW760wJPGrUrgARYQ6zFSwIcKP|ut1ZAihlUa4a7qQdviS(J46fND_m)~O46Zs4PhM7D74nVASv zqZ;**RhoTBnyJ{gPDucV2~Jk@rY5ls?Tt}Chw7su?o8gBPS>W$0>`w7S;W?IwU^p?cE8&rTTkSc6e+ee$R%{Z?9h#js|F zBbUBE?aQp!&Eyxa>ELhD49*R2TayPZ7*KxLq{Oc$5>E++Yh%ATU&IS z=axD9X@efj$CI66y;2FQIP+iN`PBgs8;N5FZ&~9}((yC9d{NOdv$|(G1Q5QSGHUUz zCG+b-;eg%rfdioiM|ZYX(`{6f#J%X5=0OsiRT^mvZRiQ75m#id-+{T)CB3gq{V0B~ zKtE$62Uin^SO^Byu3{un?{5!kh`5ukPNR%vXk+@h!+%nxEpSmY@!rjSn0&Fv=lD*} zc;e;`B9<6lI!_e&t|=ILW?nxjfY6ydIHo^qVVPNWX^B#HGGfzRI*6fYA$vfi#-*bm z1GF*%KrUG&>5w-aGDej#Y^dn*zHLG3fX0-(HhLFA1Ayv25mMGy=c7@e+xrz!5P`Z$tvmZJdwlKtGm!{YA{b4~Um@6+56 z>b!EE-A)UvYe|vngb|z?IvDPT23_u3e{b5CiQT=d|4b31Vq$LPm~hq7>ab2;&g_VC zsQe~~sUaK`yUGc6AA8x!@PPWIGZxd?b`fy}RJWZq+j!SCQDmF*t>)TCGMe}f)(1aq zsm7|6m=&nll};vB4p z(|c5o$D}bT{w8N{wp>ZpKqJP}4HcD?1!OfE)=v z*fiy}z53`e{IiZ3f3I@J()IrIUDzkRl8BFyUq}~oNUnJX56l|%1JZ<=revHGA``ej zmha`$JxH|tbTuMIm({}gpSkq@U#}g4mtow;KUvV?QhYkU3a_PNgdjXYqjqVQjtK`HLVB^R6cEpMBct{t(eZ$=p+Y(yw_HyZN%ggQ$&8F_|=+z+?r^ zX4Q*a7SNF2zkT$b;YS`-q$2^mw%TV@LlAR0h)05$<{Wk(gg!8zwSCy!^vVbqK{qBM zPaoC!=rBskodQ;2UncPG7fBW;*4u`dA6aA1!rAsc>*~K0Za&$N1ZN_^Ow#ny?{zfP zy)+aZ4ohOKmH1q!eJvmkEHm-5A{C-#cNX0Z?Qk&6u7bbV2(~T4-m6bk`Z9zt&X^L#xN=JRJ7RU<&}m(>st({ z_YbHNhCF{$Si?B1B7uqt3aBCAByU2voyA>(&*qq`sq_(>!u*I*bjgtvN!I%`xbg6Y zh_A2!xx*rMq*oON?^KPP$)lNutxr0@`xXMrxFniXBYuR(weBx5-2=GPB3;#}0L-~B znkfpZf?~trJF4cb2!80M_dz#H&5`caiSbt8+afY;2D_RCZy4%_`_?a*iDfX`iM;@LV=R3usCSDTu#@-32h2NGxB`hJ8B5lv4O1<}o1o?=M$ zHCyG<$a?w{Y|-wGGeV8^d8@8k;0^$}>f+2nQgCOpfsNBegA~pKfATMMjB3+0lz;(~ zSpR!b4EJ%ek5if#?Sv!ibGOGYOw2xMEp+o<_Ddvmt;e=t8xQa=n6I~l_;sA0NOI3Z{~yOrcOFhxb4;DNf)`ZQbSAbwX{~oK zT0^z3B^kX^YY3CcF7@)OeVDo6s+TNBZWKlSxytunEh6cZ2LLuffXW1PoYPV3;V`pt zzs|-k?{H^q^zEovjE@Cev0iF;O7l3?x{&#|j+D;i!P7Rxdy!&^U6;5{+H^!0cqy_p6Wvq$j4 zX52y5v9u~)P8zvfT%mqNZ<$Nvw)vaWC@+&vq4Ojn6HXR&UIPz=aT4@kRH4sK?6}Kf ze}y4=A`HC++n6?cSYN9-3O~M0Zhp4(cwY>&FnVXSPfPc|;Q#gCyGYj9g&3q3r$z}~ z`1antPx3ISn}ifW){mCEFYf`o@JkD@&?;^a%%w3rZSe+!c2>M5f{U zTz?CWM(SI$u8UB-W|WXk?xZKAY?9~Nb1=|zR#+nm+w>5O%6_zeGWH>DK zn#~4UKdIe%Xqg?^r`lixdrs8H#vbWL>(55=?KY`8e8Q)H3Ak7gASmOjlYZsucDAjA z2^oD#{!6p@{s_~i^1{T=|E+bF|Jo5kjpb{=))M9fl&$rVB$@VBfotq{EHJm`H6vH? zrVEji2$-zqbd_kxdB`u=?9yGlM&P>(5fwkcQLqMh+(G9RcLxzdAG%7W&vsh0oyXN3 zlV^ZxP7`rt3B1R_^Xa12rqc0x#N@A<=U^v942%&8kHVlY`RYs_=bqc(cX-OWnqF-U zu}aqpmR^ev=_u&t)e3{D`Kz1G6i0dV6~u##dvY8 zoHV}Tp7%M0&Y$GH|KM>t@RGYUJ?IkV{gjs!2m7H^tr3qu7oVZUgSqI$qc;Q;Hqsax zY6Irn`u344a#VWYN0@?}Zzhi#{r>OZ&ES2xJW14BWEBL})nf{eWW_$26*k6p#b0`r zDs-oRzNg%j*OFQ9_fqFASCLmCa!&xgUe6O;zuGfLx-gc1HK9z(&)wL+wYe$TA)-K< z*c0rd{5yB#($G7$-+oOS)j8QRR~Q%jM@{6jq@HAuIEOJ{acK_Q-GVVw<^EZV0@fV3 zV)b&9U)}G4-R*)I(s$TpbtCMV3D$lrwpzH!+ig(Q0Ur7|LG+SaU_IAEUuq9E>aREX zDjLT-<%kkErg)~91~9va%0lB$U1aQzN{Gwo2ArC)k6O@B9dw5vhITnVfdfvpOwqpR z#e_6_(*bUmjOnSG?BqLHGiawxk$Sy?6W;W9d0tCERSM!|7o+-3teV+u`^};`0_*`c zXTg4(JLaXNZvf@EDR=%A0T$)+x!-R$KEv9{`FyYSUNh^p^nUnelYT(b-cV%KqGmks z=8Q*ze?>xJdQ`HD>+&9Y(Wt)3a_UUE-3uRu%j^K^4b~14)E!X?X_rimW2u|c3}(zN z!sCl>>QR{v4^=tsb_x@Y{fa{a?i0fDw?f8Ox0PpAxF72ET|MTUXjOkGch?vguLSZDqrLz)G-u)jm+ zwEChAm-$~gzJ=9WJe*3umu~V+Huel*r1DA;#1txNjI&HZdTB_|Vx)^Rf9^kwQqHuR zj<@f>(4QW|drAk3?i3+VqghNyw6l9kh`RMLBkPPG@hZ2sPu}qIvRr@aH__=pDEmNE zb|ZKcdaW>Z;ZBk`jEp*jbsC+#+l%Nb)0Xvx!+7M|+4VMV_P&Aw{gz_=!C+*~OJAfZ zxi$2rx0m)*)sIhg?M+*E(l=27J`el@ehOk!g zY!yYiRwCLn($7Y1vcKI4S~s>H#3j|GM;;@6mMScf`(yP;STc-Wk)}p;2Ku06K1CB# zDWlUwSH-u$(4ZEH3*yZnOI>N)Bf{3+YxhnNR{HE}TfRTiPqWt(AIGd)kw}~OZ)cDM z!uWRAYo4z%LD|r-6fhT58?B)_Y0>csCoDH;>kK z?!PSFq#5+V*PCW;2N?&r>(digwkzhlq?PQ|-k)>>1QOXk2>Xwz zhPI>*%}J|h^A2QfZIu7vvelwQojsM0!Bg8ZUd!UpvUR53Rmz>D!qEBwRfnwd%az{M zGHfooeiR01!9eSCK66cul2=C+dbZgvO(L&C|Y0lA-$>!%JT-C*1uwa9PT8Q9l52*XylI zGhNW`bVJ6C8-v5M?djniX@(~u3f=3t`Xase=p94D<&_y@ncOzyAu+OT3Tlf=5$j7q zpKCvCh|{r33n=G$vlw>&HFN*-42gkQnj1Gct8c?nU^JMZIigYk`kY_d#6ri`tu0yk zw;YmIj1H3;BO*6;haiIkX`kn5suMM8bF6=X=?E#6ztV-XDX(iRQB}QZ0=GJ*?|d~4 zfaqHjX$ZPOXKH<=#zh|c^`U`~#_I2SzM50`6~DGKJ%-#9zWGsQV)NpF@!c${IJmNq ze+WXN&eng>u3LquyFYPn-QsFgSwj50BSwchVyY{~W85(! zh?Q#KlszE#KP)!?XGQT>SH5cI^HKH&pKDUl^xw$@pJqUkb12dk5n_#abp~cX?mR zLC_RzNL{i>N1_dm8k37Hvd8krh2hk+r+9`U1)H!$d0iAin7z(UzC5Fc`dP}-i)aXh zC_he8BwX`S?HYoB+)qgvY;|84UVGrS&E{#E6eqsP+hZkdr%w_KOx(a^u!)NV`hQI}IHC)`f1-)ZA>A3ueF zMuqoYTUvzC+87*sQB!c233Wh8nADpIQe;?tjBL}(p4L3l%f6_~H~g4x4yQkWh;^Wy zDjO$4&=InF9gUNN6;dj*X5C+$Cd26ER`fqlGIQtc2PfwczZ0s~Ajzcb;|(B!C8%DV zpBx8@IhHimHkb+g7GR(c6s+&NXA55D5`G8_W57VSPqzL-zg{aiBFqi9y0%QpE!t%#$xUeX z)s+0o@$S!(WDOB7755sn0M5f(qaKTq>t9XRA{+zNYNrkrRqhTqzWeMcDzSK4(!yw7 zO~@~rZ%FkyDLk!?v{1j`wGPbn5L8zb@?e1;?~A2cN%a85xpd&vzLaXw^?B~HS~Tf0 z7_iY93XyPraST26>F+>^2ucz=Ad~nK#U`cOZ;R5?o*;5_r7}gdcHAHwQ6B;NBPh?&;!XEXv`o>cwQMK6e#AKkP-Ll35`urA1V5LU*e;j-Yze-*ah~5v-Gg?A@~OOPV4bPv6E;$axSakqoyQrh z%&zwt5d93-EW^=boCMSE9K}u{TxqRK!S?IAisjYOOl+KQYr(tc)@|2*;MuVHgRtja zv<s4)XzH|y;+Kx~FOTF~uFT0qRIP!M zA@q^rJZ}hL==Tbcw67PNV~0@=?r+{*3_au(SHCFip-utObcZ!U`XWr%tJ|=x2R7r6 z#-Dh5U(EfO)Q;RQQLFT~xds*wbkZXq)rIz3J$F z)zBVsXJuj7nlg+2acUu}Bd2|z-@-)$Ew~5vANuZU6Qn=M_4}{MOEobKUgg5dsZSDv z-M?g9T#`)x;uvN644MjgYIjCI)WxRB3zcbT>Hy4cjn(>a_Vv&(1eQY5N#=p6dHSva(dOlG{zs zY@rsjxhN*0bauPcscUMf?aEH0MdPVx#qCjUweaac*ESdVit=G7k@&MsHb#@5@CAE> z78`&hu&>esS!xUtLTwKjD(d+#53yB=SKPQnKfqUiEqOTh?hDR)^CE|2COMz%&fM$> z0PW7G&q0EpW|rt%Fz40j)I0NFWw1_Pc-_-*R5&0t#=rQ-v&5sW`3Got5=jEke!1bm zF1WJW^pA-@;_~(y<^EM{K4#6H`%c1YcH4 zau;*r9N|^Q8&n&tW!__S_e(VCj=+4}S#XFcv-9F!-snU)0>vWeogMR78fS;f!<%#; zH4HDbkMtlw0Df6}Cbut-7FU{5>G@nix&%3)I3dAMn?if>R{rBROJqN0-;(CI$9nD6 zP~O$=ap8v3P+gabU1f_LpM=6M@(!LhsZ!s2DevodXx_KB%lORm@XJObL3>>?v~;8& zOanCsb$lso|Re z`19Z>P2R@#wpple;k>?M`H}|*zxM*Q(V2Z`1Ry8L>$ZeEXIx5NSK2fGoqi??1x^gm ztBDAHpi;Dhzt4WEiX`A=6Ugj&T|bDgs?BahxWR9@^5bOY!nfp%WU^bMuHuS|JZ@XT zG3zjD0-{fQ(1Ca6NstD^kjUx+dpZCG6dHSL^g-ZB&k~b_7WKtuFH@j`DT7o|xMjhw zG+qrH1wJ8-AY->hGB>}9-uw7Lgjyg*I%TNTYu)$4R;zEHZwjJ8zqgBW2oIrcidmb@ zGI@!fG@g>FV#?+%Vrv1$+7_HXQ81IF@f~DyH1Mf`1LxxvwWwa=y~u69D${M`v(8ncg@Yuki?128 z`!W;8EbGPw#br!!Ez5O*d|I zthDW;^Ym5_YH73WO-5US<-{Z&?k(1D)Vu`-m#sHYknVmE3!%fP^Mv4RwXrqPT}bZ+ zW9wMc_Xh^Z=lcvkF<*L8IpN$JmvWABK!2`(cFNEZn8*fDgn$`z25^9lWKND!R3>?shiIz=3bLy9zug~O+ev=4B9;qK*al4x_?jN*KL*W`W?U0xvjip5<9 zl?!ay@sNEPjsbw7BMdM&cX8C{$Rcc7-?~aH^a=KE6Wz>_XRF=iezU5y8I*{;IH!HB zAY**)JLXSd*BU^KPMIf^^{K++9t_~Qkr{(=qAhLqchuq+zAl!FjBH*!#FNoVzhmH? zr2>=;ID`tALRBa@Rp_MdOprN4@5IFZP0`eQF3HZ|cDkFQDr7fnQXXMdUUa#G=hpjS zKzqNdVk>sZf2Z1Y9GUH^-#8_`FVxyx``X}$hM8ocoBZ1`UgUy9%kmZA&4FNUAoo83 za=RD)Q0dtxN=9D3jJv18V)zF;6q2m6A&M6sWYw2_Z#iVIk6NzR^sA$QYR}>700$Z(8U{? z)VB~^RS8ev-p^$lIBy8i;|UL77_Ox?fBCrmt5r38D-qI zvIWEV044kEXB2d*KURm+yPsl&9n;A};6THo6=4fZ_huqNhS<%XNKtIZ&w|peqWcY9 zjmRmX+DtXLi0$>ctJHqvY`4tKddoTXCfLSmNp#Q$sqnqU{W_-7_IxM9*J^p%feA5$jR zMHLB)r9vn!IivV$_9C!G+JpksvgM$qO?JI1b(~_>Yol^Vw`~IRV}q5;Ag?&4K4L|B zY9HZSyR8ducMX!TugT!iMdQdXo@CgVH+nkgRdsveU?c^dNq=qqaNuKmYp=hDnSO8B{vYhUXHb)UxAqNUqf75ZrAhA~#YE+ziGZLqDG>nyDUsen zf*`#_K|nwOr8kk@2_2Oty|;uSJrRk4g!rD<-us#7em=bOUi+E*-JcwXVFnlzPR{>2 z*ILIqe#=tWf@?fqQu5OR=Z$`u9-q2f*U$bO0ye<{QU1;^3LWixt0k9AUz{yjt*JFz z+~cZm+Ik&rXU0Sc;}rp$^|qZsgp3`rtY^7Cso)Wq8x)sjM~55A0%r853f!EWp8hHj zP9tmiSF)E|9^X(X;Ak%8P-CkL-#rxoY=eN(Z!qpSNdXZfjHmamc=1#_a>62o;>B!@6IXs6R`1 z(m(>6-LLnZ7GU--CqVf$-EcK4eQgCqK5b%f{iW@PZR_FN0S)O5_zW|l z@OwgfVY;Tl_G%th>Sp9*=WsLwT2Eh+xw3y`%5cl!JoTPpCkyz$9Y?`an)ZRz-ezxHh z#UL2X-BK30JRc^nw!H#3x|7T$9%2OP9%3vVd>N1KgtE9~)8YWvz(|qH?UPQ}#AHPZ#7(hjx(XAuc=1TyPLRARckqHNGe?Z?$aOA8~EmL*I#Hl)`rB z;No$NRrtF+=_m&3N7UCrIOF&MNz|-vmr8w4&=lMD)Gt@E$;jz@FVU%eT78yJAuM(` za6A1EA%B;z)0oipPm}N)MNdby3CjKHetxcJaSK|F;qt;sG5r^)HZL^0YLvOtHz9TK zu)X(K<473kFP9~8TwjL0bYfqf!^-CP*-`zX-ezrmSS%ZDrqXq~+sQhZj4L6?_~qKl zxV+PZJ&21jm4r)kUmjD2M8A@o?@P^J`saEc-Ff48A<$exL9UzQ5cUG%R5@qd16;s(PTvdf`LXIHabWqI|I%zRg;ETV`Y?}cq(Y`V5OKG)7aNG&#{T8q|Y$c1> z7gv_BC1j9$IyHu+fQU==N`_iw7RV$peI1;Qb|{ z-I(bEA)QaSDV*Dx*+uWQ10N-6mDz4_7P>WkNPX^?D4Zs8JKF8qu)Z+!w@MCTcUSh= z(IZ{t^GH!9d zeZub|?O}C_y-Ru_fsAKw+S^gt$AHZ9|? z&$l)lt9 zaSdS=(iiB_(=p31seTuDfxhJ_(K(FlKzd9L!13qslNm86ra)`G){t3W2>noz^!KLl zF^d<{i#yMSy%l@9#lsMII;OLr8s>O=B1azFmFR;%(<`H?k6Yis>$H^38%uW+!}(gw zo2{c&83t==_1>pn@x~_3fBAuogw&+((c@`W+I~~Tv{K`lWTPko_-dQ&hZf=GSF<<1 z(p$HtqV|#p$LC_B2QeJ>hitXZk6MK1>2sU{`7mNVBXe4Wzh~TlDJXxti+Irz$jhz#Q*+&$-@Wfte$`j2eAli)Od<3Tc~<$1FWJFOMwKgc%_b^*--+qf z;&#QoLW6vX7hi;*pJbR7;-L=yRGEi-Ji_fNC_!W_*lMGwLsKKD20;|B~UiAl=Np+Rb9_PC1q_0;t zYcEl8>L#0o=HjUCJvhIR3d~${VWYc|Nhe$#=)~Z@EUYAqd#fQJQ?$+AQEBIOjqr{50U!MkAsqQOjX&8haQ#P@ioeCrHOk<0o%8t_k@ zf`Q9YFRtw>rgR9y+knZQC&YgI;{yz1df#7B)Azo~)*dxf#VuY|aSdUw;m&d%?0s?2oyz2=p=1MlUpZBz2B>J1S90_h-KVDn@qVLSEnec%`sJQn- zjdMpga(aW&dnR~UOms}^72MYlSkw|L?sGUho~fch`DnPtM~7(mF=DZBYwSS;nv1gw+Y4p>=>8(JFfCEw<9pW5@fE%0>>jK3*BkEdynmDucRK>skq~&s=u$8oM?3xK%y3^xXrWW}mLwFuZ zNUIz!N$ke+tr+)Q#7x2+l=Go)&x*zHkDMz7P%f1f<6mO5tgNVm(ZAy>t8NYncr=Uio5rF=H z7)JBMweW1KfRmj$#{bfMU`hvXUqS9pgdw9y+fZLx>49|fk7p~`C;AHta@^ES_<*jQ zOJF%7(l~1+x>t{U_Ix@5Zv&_OO z_tcgB%UOzS+%tsd7NsPRwbPA0@1rtn=+aBve1xR6)(jbAlM)1Kr2XT;ILeevixO*KrS=-{kz z1@WPPntN|s+d?dhwe`dx>S}AL!ZA%T!+E}~gIIOdep%j+@#SO=eEqvsLv=TKKeCDl2T%E!J zL!{b^Uy>Ks&z9!VUF4xQ-Xg@}CA-zryIPpz16YyHE?nyD56LJnb$xA!*Ry$ip9vF_ zM$)x+wJt2Uwu1!VX?`AX129o8Jq1HX$yQ=9V!UZJuC5=tUEF^fSW#!|3wLuUUcK{* z1@-Rcu-?cVLWQ`4^I7ey;Ecdl^0=Ic7D$xE8?@x>PlEPa3JtC{Jb6UD>$ZWO`Av0u zlI&9)h$ei*r73ExsnL_o3%Z;{rQ*TO_?&#@b^|-*mJdPq?xgP! z%&1}Vr(2`!t|!*YW8Wj+>V2BZnu0oOdA{%ES9T^vh*8LyIv5-3{8qN+HyOXQ^v?#C z2OpjURqLiDwm7uwsFX-&%V&}oCZ*by$c(3n6uFu0Y{531;kzj`A2Imzwj30kQQ*dP zuV0f^xh0uJi~Gmzs0pkU&62`aMKJ%e& zs;6{(H0XfxP}t!n*_i3ogSekuBNa1Nk-Z;7e5pPa{PrFWh<(F6M^Y zS*eVKxPZ>>fNu~}q~va(qNIurDU&5u)_n~=PzeKqmBTPS7wfZ;=j+FXt*Ox7=77CW zoQ2&)JDV$z;sNp3sII7-lWQu#^l2J?j>@pdU!PZZEtdWAGi$NR&vL0s-)v630kYNA z@c#nMG5<4j=_nwB3ov&DOK--I4MLc*3TAYkG`BQ*ywc*n%=zTT1?5d3F$K+_SLJ?F z#dVWZfq#k=`)nk^IH%z>g^*LbxjZmZ7yRxhGO5H>CZ}XxJHSnSFO7E8F?M?N)pOGu zG5>qwNvP?#f}{p_z+dQxCIHM&GabMn31nPW6=6uw1zJ*%)X^{blFC zqhtp-hv}Kq^pBKLGt1Xv%}mW!n%`3d#+dTG7*N1sc%yxQ-$EvFcVi`PKX2j;B&iYaeD zhZssMA?ljdO#nH>i-w+G1pjnxFL9C$%x}~7>t**had+ubSE7dQ$9W5k%v>*s3ru#g zbxhJ`NXl2J{`C2B(nX>7Mblq@Q&q_n1eH<-K+K+%`3j#i;ZtAxYt0+(-(vku)#0FR z^0Ts3lCyl*^xw;H9RHtYI0DlXyzSSv(ab+j75~CTrHD3Qep9g`5fUz}{;M9nK1MzX#jh88Yd0B6t@|8?o#T|vg{tLT=W14{m6yT3o4AY~MC~7v*<}Nq0 z(YAP4(}J8#cWjmk@3t@bR#;+cZgA4Fzij@Wy1Tca<^;N0Q#`a7>5hC9WM@piix?n` z2>BMHx1R+Z3=hBc9C^C)y@<=%>qe56&P4k-2F(JTw|S5UiE9Rlu_ZtyNsytKhLc@j zhwBLG)M)T=D;A^MX-u?)av*r&hLl;-1+rvIq7kwxG<}#9KuEaPk5U~n7903c^DfzQ z_WeGh-dp`FpOHDt{?yx9QMjaM`C0dHN(vYx!iQ1fud z%^!Y`@`Qg=UAo5}`d(W^v|a%9ntX#Kr~97Ff=}-%tK{5P@2kQVS7w>xIX^@Ns0MsC zDM*?gqI*>$(pn{|FDCoB|J6fEADWX4S@{m;ASz-J1qFe;*4ho|aX!6p*8#mSyU@(_ zg2UXX^?}A1H5QnVg17N^LykN7k&a%#YI5q;oXB>%F-__f60CZQS4mL2nXPFiO;$K* zxmP$@Q6pPn(CFMl{B#s@RT-xn1LyTb^q;mB*lp#w&Tbq-+#^>HRXhzzs+*qc!}71D znoA{M6VB0rJ}c1ZT?F+koEmS|IjvOeYoBLpBZYKw{l+Bn*Rt5_?PmjrDpP>+HB^tR zLiSkIN+P2KMTz6(+eiiv1{1O9yz%$-&1qjb`J{!>Rt!-hX7ph#UZZSh&^Nyq7Je&- z`;e@j0{W$F7hu(9UKLqe5}5pZ%7?itQ*mo8Z~pcgxmf2;-z%-!?B~JLGcheJ_eJW% z6#9j+6DQ-s;j|gNE~A5nZS>bftS6k`|KgAq{rPDmnxcsK(hdeBn(TfoQ!L()tf3Oi z;N_CW<|4QKX{-Datz-O1lVw7(eunCshLSlNcs$COXp5`C_P>CeHluqW3CTpP9_Nof z-$LA8;Twj^#N=b#*MlFA$c>#Nb)iDq78-St4p_ijG9V~h0}M}N55j&^u^xc=hA^{d zPmbcYK5f?rsQy(?dV|gQrY-3yrT0ZjpP{KY7}|vj<3)C&qnf89T16_BATgRZr_&oK zVr?c~K`IpiJkWY2_ZhIYecFwg>l$xr6hXP)^Ec)`S(4X@AtX+KF=qxVu_iKO*D_tF zWadcsGFnAkeS8AE7acQ0;+vklTuV7rqe>G>Q#73JKTUTse&+2bH=^K^Zlj@L5(^e=BUJ13s7z|mglBZ2w>tlsc&2IOi zIMS}`fBnKPGapSaDvz4p?wn|qUQK-B+dTO*o_;G&O<%_2L&gM2vE*ur(ZIbbAdlXi z#xbuV3Ya4)LV>y%K{R%RmZ-C7g6c9?kBjk8I(|1N{Pv~`Q+n^Y-rgNp&i%$V z!*qpV-5~aJ9p7^q-a3+O+0`0y%i&ywh|j;NxX5fyvJveZWZx-Gjg<_Bc%~F^Dh%o8 z#E>xP(9jmdsdwxUbu-dfGm~%;;>;(@0H3&{?Q*@Bo_tuc&7whr9}4nFpn80f%6%7d!- z0qZeu?_qss)1G8+?&}tU5XdeHFVqjS|3D5R_Lc;0cB%Uf1_<4bHi*!-9%mj5{}Jfu zDtd3`vwOAzkM-HmNo^68@ct2q0K|Dn11l7Wv>iK||4ns)*wE!YAQSy@D@-Y^>sgtU z_g{BtAN$>-+qc7NSWUJrcQ03uB>JIvh{!%92qCr%{|k8T8?D1?ZRM4|D}`{wu3ql- zQu5#L3S#3q7pAt7W)nqHk7J)Rrx%nhCd=W?4*CToF|~qflhS~1SU<%mt4oiW5IQmJ z*xQ{WCj*RfpL`(YL6^>bogT^-IYqTgY$N%UE0YBIh=V68RV6%+s@VcPmrXp>J5gWU zXclZaw6%{7gk6Tx#M0eQe`(WsxN~ZXt#Wmv6To!s6P{o(vPlYtv28-WprYlw|D0Z( z-(#y^w}diO!_PBO^#+Rc?*?FV7;JWeA)TQ3%$%@R9t>Zsr_9fbKW8cWg~{dscP02+-#W19ex}0s04pb0?j`c79k-`sg!l@`*-9{-H?Y z6Z4q#SJiwDqLUi;a_JMGf`}m%G)p@N@qQ;*2yb3Y5y!dI#AO@!BVq;C03Cx+O&%brkDY|*{Uq6fCu3#O z2vv$#)4!aHI!|wZ>xn3H9JI!$4g-oA!p8%x#3UJtKw#hgsJoxW8}|jK*WBCOPde)+oJXIT+lx>(`!F)OqnpWNwWNqEf(%*CG_f! zy4=_5Pn~B4bAee83J*QT`Ngz3uCf!A@Gv?;^FsNE=3eeQ8G+jdEZ+KQ8j?*SR`xny z=0BB~2CxpLL4rnar&!bIem+6(zFJMejjZ-}9bDWV`+gG8z03ya-&REpTq)bEvl-bB zUYEZ-8?@xz+wtg4$K6NFp2QYhSyv7(oVpaQfq!jug2<0>uM()SHs)Dm$IG9+koZaG z*8Q)aB=o?k+Wdo3aMtB&uAbji+>EMS%e?LK+k%QX(Nr%6>}_5f71m{XpEr3eElK8S zW@j1a;}!kRS)UE*-{Zou>7V9;*@tjnt=GSOU6`}AT&gH;w$_)n21$V(H6m`0a4|J9 zXM05)Ox)iLXtV-}lTA)jTOoKpg5M~>J|KnOCrR8mFCZ_atmPte*T;2R$n~zEyOnF6 z!uivc&X;fBK01jbbNx*`Jhw+Vw+;B&JaD@YrQ74L0wPZk>&3~xI>P-2+WvZ9{fvBQ z*Pt!)gcAaW5|oJ*r9`lCBv_odSh5YKidvYT-IC0|#W?(VnzL%bPO9DaQ%5Jg_Df;< z+8{W`kpPTfMVTOiRz@Pt1?A9V%4q5=tDh(q%kFiS02ij|~pStHIZC>AM5i`Q?~wLEe!rrq-NT> zxg96&^QmfeiJqtkRF%lSoERk6-w54lfI+ky{1|62?UUdHbkxy=(*`*~ovHMh6 zff##9((uQ4^Rf?G_#CWJ9;TA?a{JN|h z`bC>vO|^0NZ)q1GG5vEgHSn{7|A=oZm3xG1`E z=Y%w-+nIy=3}w?4ZElD}Fu)&AX!5MwcoMYfadzw3HmhYkVBw#&{UR|yr((1ic_*bY z&An>>2sta%Ew-A|jfz}inJgInc@W($Hcq}%W9%s_HX%}@s97Rzb@}39>w0`xr+nC( z4v>wB@tmF%O8FljUWj$ zsvewYc(I1Pu>JMgeHST|Ff^P(pR>}2?r5`H-fI_#*KQbfgdV}J-r_BObIE8np!l_l z5h&YjUH3E*A^EhOIc3#24x#!q7!`Jq_u>^mtrx!a?Tv}g7N zq34jdir*XNR{bzs=QcR{oS9%)%?WpUE5&krID*$LmTZ>_FXSK z_+QFH9Y&3TM`9}3f}~DNh9!yP`&TQIoN=l91pZkhlnDpBhHqZ8T(UU;|ES=f^j8 zfTJkm{K*oxMPWEzt~EsWFYhG;39^B?0I#o1z>~fG_E7>#71h=-@T0{!;OQn<05OCR z#G%49kw9A88{kDO(gRL!tg>zJHjf8l@Cxd_rNw9NG}9rL7Yc)P0y9@06f6HMVE2)$ z!e^(Dt^hgI*$tuq7RGHC7;$$T*8A(lk#ZeLv?NzaBe79GE$D0?V~_Z}AV&rj{U=dP zX!UfTEXUJkVF(XJX&WqoTY4VAxT|g(mCl5cUI2y>w}*xXS$X&!t~_7pS7WF+v{-n3 zf79MEussjg-D`p7_pOZk7P$GK{+sWqsG&NH_A+Gl*L}4VE+%+KOVkl$JAOYA8OSAR zMi#+223ljIlPHQv_s}8=o13A;G)Z-L2|5d@xojB_L~#phf3kobFlxcJ1cb?me14Q+tIUp79~9{z<8XJr29E z+tpxuVj@Y&wfzP$bY+=o-fdbP6xR;weA*7eYrnS4o(c(ch@I(jr2g>suL8`W26I+K zwp%BtMl4|&V-%0SkFD%+L&XF)M6o)3tFX8mai^*}&2Q$AJNJo|umtr5`Y5V*^A;fc zQG<7Loeo$OFJ%y{5P=b_!Yi(Tdh{v$+u&;#=T3_VzUl>uM_rz0*0eRw#ktE1N2)#6 zn=^2(BASs@x6q7m0nCufflU+sLcFGLO+$>PVF;&KbEf55B3&2%i#U*coDQhzxGD^s z24rGx=TKLOYPd2AhivC5*Qzd|h)_w;&L^N@B*<**vbw(T;@WZYUVlacOs(JUY31%Q zE}Fuw+hxnO3L`WSHVGPbs`Kqb1Y^}b3kAT_ReJbjzF}zo*RWT%;`2RrQ*U>`ZD>mM zA@17$>&HKwz?m*CO-K%oEqh%j3E2}+-!WcZKP{xavYfDY$o|pm)m!I6w@w5X`5b_Q z^&n}8b;$0G>vY z+};Zaja+02fQ$MUUZgEkk5=z-6ij7w?Q(vXh=yht*ZZX=Mgj->@k}{f+MXm#{%Z;$ zLR7^p_d?@U?Ifo)g%F-s8z`TnhWmGcM*n>VxjXUf3FI#-Q!;17q3L2vU;#2WQ1D#9 zRQ8}_(eofr;Ma=M>#2G&laNisZ-`?EIC?>2&(hCdUqAQkT$eR2Hr^dJf11%d?- z8^X{oXl}$emCT$RvA9Qpt7Gk-g{;Lt-j(%J&Dm(k9M@-4J*k}&woltOjz(9bquW80 zZxjXMscXq;A&f)&>aD`i*E&*8O)mM(>BEQCL$3J=pHAmIn7XAWPR+FWccoCTD53yh zN@0>BVTjLJ8R_9^rNP)57{wb*PX3%xHqiKfMRL6aQL`{} zqAeb3LquaBf=k5yhj`HhrA6%n_vG^-IV$1|qqW}E{g*7$uCLI(FzJ3tRaxnh2OJB> z!06pQ9E`#a>PnPdMG?@11A=>l_i4-Svcn;GQey}uIh5tONJ1PBEB4>P?}ZSc#OJwz z19o_e-CuYWWOQ1)M3dW|gKo;52=nTYt@FZ74OTN31&zwt9dj^rXHd1*^4=}2I`p)k zgL4Dqx+s`$OC_M_h)*fUZ~5J@HlMIOXl%(k;KnTMFa&*><4MvNL2(o2uH`Qt{b#lC z-^@_{S4Q*CGL?@nxjF1#23{T;{olz+S6WWBY7a8{S2_VgMUmUKJCFNV;3M7ba(~PG zq}4nTqCl@N_Uf({#P=M7MwOb_cgS<}S-1vHu`6BuJSr%t47%Mgw%t5jS*(_PU@{>_ zGnlEB%ypgHWIWkG{t3+GL$u0I`$qtUOb5uosQz6a9BV*L`u{Ce9C4T=8=EM5UHmKr zXyv%*-4Z5g$ zk81Afa4HmOf3$kIRs2Q6ZchKkM*w}9q-h7$V!Jk68j!dv%9C1dQ>{CMg|s zADDM5cfWJuW-ARG0{IX_c`(DQz#sVD&^&Dq1I@niw}nLkVgbI{ZIk0QhvxDnDXU`K zoqb;==2U8TcPFP)nhp9X1gJPRpqGM`jrze0Q|VwoH=|iXpWpy8)RowA_H&3?+*`#u1AB$>A_uMREq3 zcau~Ew55fbqc$cA$N4|$b+9DgS$`vg{gD#h*v@+T4sKXTelXfD7dYMD02Z58+6gIh z9kaf;mm9bli%q<2nLmFArG%nTyou81ozVLFPo{hx?r1? zG~>urAqxhS>ICzUI|I%5#rU&?pp`l=wYWHXFfnumo|^DVYJLflE$unb+- z$3LB=&~aEy{XAvX9usSA8mlE)i`UU6_O7Mj@{PUZcZ3V5WHw1dDGyUeGn^;!szm~q zC(OU@3D6W8OWL`;X!C^6+6#$E-cdY0| z-2kc0{IJ`{N(Z~w;1-Tw^kj-FXOE=)^+0?9Vc&0y7`D5Po2n>-bRuIK1nIvW4Mevz zjTyb;Am1~-Cg?D)lvF4^^Sx0h*PZIZ)K7DI%|7wwB>np2fP{zsb6aI9Ew#%THDBdE z($OlVcsw*UgoY^Xr|j1L0E-bjaV!1&UVfgfzc_{xz- zF7@n9{`V9LLdXM$rU!`{X_8b?tz9gR#G|Ekqv3Nt8rN zbodaG%JR1!?&qkaRLstAbE;C&R($+mwfgc5_xZ$5bE>c)0d1Qo?h1^a^r%Ce^2L}i ziPGW@DkdtLuycO*F`9R;d226udV16rl<7;_YAAc~&Ykd&fBtk>F*up~;X|^AOO_|$ z>DKat!Ad3~QV&-cX}?-=e&ONPoKvg+)VFY>&sc66G2t9jBmK2QYb6uAv+LseUyb&% zCmw%z{kZ(4i8hDG|BBZC^s^uv9<`E7tiv!zH*ZZLtI?}8c#(z}cxClz-X7W+*wqw} z1xjs!Eq7x{g$)QLfLA!u2ju1kE6XfjZsh4|2F&^Axy;Md?%ifMR+X#Q5m05>FW2Sy ze3U7EC|8AB`0r=tO(Qtx;nNQu6!32=zZJnPe<3iBhNYJ*xs_u8SU^BOG{ zjiZJ`asAQoTYtA7XqN%!=Q2C89t?B{=m>@njX$0KhlG~T(*0i&+TkzZ#kcS_S4|U~ z1BDfu1gx)_Jgp+Yh+4bKlAzt?>I0Gm;RQ_aHx*O+@<81c>NDcv|t@Q5XQW47N$hV zX$e7gkC8(Oxd*B_Zc*tg**FG2cHZBFy@4!M^5ds>Yf9WQExO+sbhIls;))U}ysjp$ zyoffAgaCP)`FO{M)F-v6Usnmqxh-dzI-)-d?b2N{b$e8W7mI{A{-)x)h0p1N3Lu2x z_ge4)G4SgRqlOHbHs)!`xBNVWS+qU)6(Z|dc-}46Lo&U(1dW}r2eZ>XndrU{HhYjD;pOcl68 zOFVNT_zH0tSQ)q^f&a^79%^U%SG~W!2X|L5<7@ZP%a^J8-_xv{4S1fI#@Xyo(Sy#< zP(FiLTKPmvR-rG@+=k%aoMday-0z)={XK;l;kjyf6v2 zJ5Pel0O5#fN|U2td!%f3Tm5LM%5&tx%c*Y*+Gq7Wks-2g94vJlzwV3e$DMG-d3uz| zRjndH?H6XqzPNW$iKmrbtBVd=6MIJ$Y?gJ2PRU;>)6WtI9V_4D$bUVsyZtu7Vz_y8 zHxv)W0PpNw2xhs@t@6@RpvA-LNhuG^x4qq6c-fO>2_-p0Zr2ToH}7J9OennYn1!N? z^9#qS&xfOhDStykqcI}_WDk6Q7c?fo?#y%wMmI*OY;Z=a)N*Myf5S3je)x9zsOCpg zlg6;YT!s{AMQVH=5!T%<7_z0rC^K-^!)V)JXWSXae|~!#dXzHgV0I{i#P|;gZoGAJ z?9AI7c>#<++opHJ=mOivO{ez(QuuEw!SYQzy!4v2Q?|ZCAeNTOoAnyJPm&w4=1JoM z)gxZP4N%ypyU@&V1jVIn?ry5HR9%%Lrrr;&P~0aS_fS5h?ji<;?S40LcVc zlMbTo&Jk~g;ym@70Ef1hC&;#`?XjnyMp+%ba?eL5v*F2^2kU1((%LtYPTAG!B|$lc zBwqOa7Th3`)(?_+QrF+j9ez{Eq`+F{!<76dNtd~#L($%Q?C=7W#CE&o*CEEepxG>K zd{o9N4+XTtB}ju;4ZC6hW!y1mi5;r=&~rs)tYf!Ki6QJvxh~>POhRk&#FQek8F3V^PU=^$kB2F@r#Qo$1W`rvw0*OJdeSrbgSw@aSM(R_{MQ1b3C_fl z!oZ!LY#E|B-k;RzkC1I5d6pI0Zas68D;PM#YklAA>ap6F;|FK1^VOG@p1%LPmVt-3 zkpzej=U4m-aL?iT<&3%(lh!?4?V`FY%LC2BZ)+??{y3?&{OjcG1Af z9y`7X@D1|AX8cm(>J1%63**t%(Y@Nng0{Mm6zRcN8X5jkmrG3bgkkG7gd=vJ&r%$# z%V#JI$gZ^UR%@U>bw|1bk?B6B&7g+_jH*LxkSKMqF zHB}NFp|N)2_{|8g2;7R;;)h9e=*;YG&vWx^R^s$Ov&3a3$R0&|Pq?~SX6v&?dIAFLaSnmBN~I_s`AarZF*eXh#LNHD!6c{RCw_d#-Z zPRrX%08B8aro9B4!v^?r*Z@;e7q(;h($9Fv?#9%f2kSQdj*3PmeU_Sy&UcVhhOoG1 z)LaW9=R>*%JxH1?behu&U6lpd0WVg8KM#b!Z1Kiw%5cNgS*0QH*t9>U#Ff5Uar3(S zHNLF%g#Zh!6<7p91y}eSdkQiqrc}74gXLP<8^>k$sSj(}TN1~V>z1V=g;Eg}> z++Bwe5g(#OIl<5-A|w6`Y<7b=!i4-_3WMj@HVEvI%7HzTxl6G+vu0Rh|0DVYFm^k| zt-F2Spi=P4Tb-=^hjVElTC<;NLB*oS18 zeKtLSSkTGBml=-9c+|P&Fa(x$bLo(}DVM8l4`+<#1HvO;>a#z$2==s{*VViPpZ~vT zdKntdbyeY~BZrE{xehciA%g*9P^)c-K#EyrGNVhMg@vxur~1^dHkW zrX|xZFUs-$!^IRRzL5fq)5A~O3GgRy)U(ea_ zCrr1EYGnnV129xb$C1Qf(dR(owAl?3Jc?&NBPHv~^!7x#d@h00dEHWI0^XZ(yXb4d znR7IBxzBD0^+T%DBkO=y>yn*q={!lu795ivs?iRS0>NI_s$Si;c%}JSwROx>O6!{G z0s~dukrVrAet3UJbLDOTUeb0vm*`qfelq#7oqfJluU)`H{T$kj8^G;*KfTjs#d4-J z%IWeo8s{_Z!}HTHxJxACeVq2ZNb4uXs|GYl#d`fhsm|snGI45eERV%j zD|aU`9+DW3hCbs&L2wf>5@3D}TMO{N0}Ch&7{xsskkp0IIw>^E+pdT)cysSbMwC## zQZ#V=@qR!UK#VMN$hHg45lfGcq%HKa3>v1&6L&WijXfKrG?P#DsIt#QUF5LXyCZ)1 zsp=5b1(|K>&S9*Da&%$@Ob`2lH&OHexw!mkj#TCgC*j1$EM+Y0lKe^UwOCbI-kzh! zo&@Z^!=pMgeTb5)0sXet-AfmxuSML+(XB(b)2@IPro#HEXBfRx})r|n~MKzf1`UIg6} zDhVV@2Qe0C7C1nmc@nR!Qx$z@{3oH&H2HJd)UL^z6E@(hIxD>d$H{gae1D1~34!gh z<7mk?C~M<0&UCe``65zowA)|uL^9d9q*4F?>eJ{D|DGCc*NobjJ0d$3cOpGJ>uEiG z>!MT>KP24}I$%a8mw^fyL(lz3^VI{$fo5U7Q_Gk9Dr2E%z#>q%`h=#T#Dbf-u5q;a z_<@YY<>AZkCQY>(ll72q-gwYa*XUpxCthzxpe}5AMpY6!`29+ z@}OBhjqWe00I85qK?^;}#@}Aw+W`89hv};ayVm&bRkQX2*a`%d>{?{m;84s?Vu}reu{9bW?<=jCJbNDorwp}%_db7_WT~WDXI=3cXzbWcL zDB*xzuJ%=#*0|V}J}m~`liP8gdG>(gSeIZ#{DPHM)&%&e*pC$$=Cd@cBL$s#b2D~! zx7g0J7$cH3KQd80Uj5~FU3m}93qFSgs9VOaI9T`GDlRDuZ`0&9`>^=X_v=vm%-&=jaoha#gW=5=Gr=%9Gc#!Y zwGvYof3PP`c6Ve|mJxnss+~2k#&kl{;X<5nW79P3NG)rmrK#z1>#M|}H4i7I=aw(A zL63V{ulIXm81KQDkW>izCa_5)bwF#v%vxdeg*;`y(NwgXZT(6q>8Hb0$ z6b8MG{j@ox04?U;g?~n3+?n_n0emEf7EHDEn~D+6hLxpxI+sHh<^(HD9fdyJR9SYS zW%?M)pEh&ov|RTf@z{2jl*dmd6(N8|2B+@`odGUs9E&L8>Q+g@EGoSi-P8FXE#~at zJ{JWnEgcxJCxn$Z-Ha=u`N!^%G;|dV$fymV`;Kr&)e)<5YGNC!U?E&vJ zQ#QXIip-)EVax8=8@L;uaT3-oE!@Bg^{{{EKIw`7xqZ@>0qG|bs zqPtgmDE{kL z2}Lo#slL>;Y_zj8Np4YhqB z|N3R*zr66D_w(oa{OgVN=l=O~zW&6YKk@m`^Wr}rw148^pLqBu9{!1kf8ybvc=)IO z`ct3&sh9uM%YW)+piA|Cww?a;qyF^k{`52dtL^%yzxt>D{HH(vN5A+NndM)Vod1@- zV^+T2lsPNX60tj0AE4a|USPd2cwLQuGIQwl-!>1gOUTcoWytvkO8mz+z8{}3AM+~1 zNdCX6M*YT_Qb)nr@jn!9k7{$g`48aof03-t{Ojk}e)$CgE;PR<|EIA>|1Ouxpa19I z=lJ<^E&u<$mj9;Xs!fIbJ@r4Qe`~W-S;Uf`PEaHRVaDT{_PDX@M+TvsuA);vg?KZL zBt_|8osG0gwtP0o5d^HS#a zKk~#2#0(6!TVtXlE8w=PeDA%Sy;Yi32b5a}5^;kW8p3yfsI!FAn$qs=V2}x!P_p7? zTm?lH4$juF^jp+f>h1yaiCx;>)3_vBf9sd$xJazYh*WSRvR<-Mu5-MI`?1{q&&?31 z@8rjv5ZkAJs z&QoA1e-oqXLQy005~?S=iCOaKN)4~2=94wephCc`N;D-IQ~D{(hwvO?dT7}$0x@fX zo_2JfO*{>nPdd6sd|B|xWezsmYJri~B7t_H9wcUfl{UEnpf`g|0FT4{oP{8ePww*D z={Pd{^nE3TArRGxU>(&I2*651`$md&o!p!Q1j@>`c4*{IF>)RQD!~aJH+<|S^IXwS z@X(k#=3M}h*02k~%abg!PT#NpWpQeR^jZrYjzIW8=_s?A)3KTw_(MX-RO^*o)i~vN zYcy+H;mZbnN6&?BM>^Uyb3I&sz1|J^r3%Rb=*}&7lp7A!k4oePJnBD(xNL}gAHS=I z?hQU$coPzeG z1&7abV*(QR0^jQ*6|^mhuylW8s_D&g5HEs(?2dPigG2F$SgsgNagO#fANy6n>l19f zW9?=LUf7G<*A1U@Ov5-FI%{6?NtJl@HXS+6|DF1qtN zPyZeAXB=1W4!}!*R-^hy&My%&jd|vYqW$-3$69YaOBR`=r24?b>qAg#<~px~jOgVS z0>4~e2!;XHfNE51D-uWFg;1CPixL|Q@u4HprNhzBG+vchSOuecvG&-TTW^0XmvPTp;wAowkb_grVMa&o)! z(KX&Mq8>U;K}hW6@PN+&KqavF>}hl1rtu_$+ou~tuSaNK7OyD9ls)V?z3RRK>8w=EBB$eVk!!*}|{O~2wL%5Sw;1M*E<1gxwmh zlgE!LnGJx#VgS62v=-$6VGXH+59VaFv#vNpk0#Lr#! z0=<*Y$1lVLsIb$*D`k@}41J-=TsvZ(TQ;7iTwEky8`q@4K!}#;^Wu0KR-&8P14o}IQZjo`ntuad-9@71L00_Qo+tpJO= zH7`GhYpo9HcG@Z7wsmh%B1=+VwGXMBF+PhAOZm(4c_Z}%|Dy=I`0}k~Cd~_>AK~^> ztJPzkec2_YJNMz01W9)eUBq@iW9fN=M^yS8Khk%XFT{Wq;7{Dc`) z3QO%fe;Zp@6Qdga5Cy`a2PB z!(dDwMnlqo$MW4bS|^J`=X*tKR8G(D>6`a|gmV$sSD6#r>9YFNSr=R@ifjy>%C_d> zf>a-RtT&#wEV|$S_2QN2vwq#@O%4ypY#YLjM3K_KxK;Vmop#Bo$~qN?W-VW*2Uli( z=$V1CgHs+*7`EyGq$g#xoh9j9iuObp~K<_urX3>i4*zVBbVuD`;IZ%3{@QKt&1a#n52ik zWRTECgQM)Cc#MZH&SS^OPO`Zn12+57vL0~HOlnopn0zp#p(QR(XBxWKw2<`4zk=SJ=7b|v@=uKYCT>Pl1F$V#uN!V&OK*N z+n?1ksYV-pnPy_uY~lQRCH6GXi_6|A9mB!}lOm}k5@#%PIAZ&5bw1=s4xJM?u+uLy z#QVh53bw9a{*ujfoLaa5;Ic2Cy{XpvI_#-*>%)AyK=iGKjLEAybe+hR(AbX)luIOR z;_mx2EoGQOB}S~DO*~=zZoGlNY=z8k?ONTVyQr^|2si&kRqoT2>JQzQ=7V5g81%S7 zMfUPqRf75Ld|J8vMXJQyUNo~4xwZeKrX{t+PTI4!7U^{!YW3jO_igB-2X^UKE)!7C z5|6$UYd^lKAcx^+Fg3xth&<)5;NDvUcq2Vij3XZ&7;k5TE?qB-`7E$APUsF*VRY|N{vFS}u!9Dw4 zye#*~$;jn;%t`-qZ||+^kFu`^`ij_z-LX6;=Gon?ro7qwH@JMuKEAf{^bU1GcC4FV z{?f*Jk)7m#(-mOdtoQo1MxU=XdH%=1)yFIEZo~w?GQo%Nnca z-jgsO=-n@Ne?I}z1>~L~RZh@G2oYG*67rWY-r&oQ%|&fhwj+WyO{%QxBMEcE2Huro zVi#>_4;^c#{b6K1QdTz-7>Akzk%Ma zWOlR6kX($#5NA13u;pGR&fd7pA&!={+w!I^O;^Rq1ilpmW`x-gL0Ke*?uq99j88q! zUX(axUf1{dl{(Xi6>Ydln>rX^*bP>PMUrf==J7&8{!H-ih%29(o!A5=78E|Mx5j9x z;}@Msx}^pUM#;6a^f@Yxpqqw(HHAh~upA&=%S=!hh+_T65n9`yM_4H0=YMvGdsY;n zo1FTIml^J1gYR82G)&DNOQ%h{F~fkgfVq;^GIvzTzBUb;Ip@Jn;!YreiQD#2seBBg2a5_ zjjz>rmSz0JG6Smm;BUt%m!E;-D5~!%+FYoclg}@G`lX&z>duiaU+l@F8}Sm4d3f9J z@nD!dK~<>yAo1uOX}u4^>Wva0qOs{0(a|7w2WS;8a_Or55Lb)e__X!u&9`&k&`%Nq zhq$am#2>4Sf4Y19w@TCuX=tT2flBYu?mJ!jEV5?H{*173BAHZHo)=!>r1-$<-13cG z{sVvR^#1o@}2QVbyc3kq>r1}buR zbD1;2+9atR{^Old*!EIJYv`iP`rgl5Ji9Q4l|44c+7KsK0$qp7`|V(`~kPT<3j+pr`U|EnRIgzv5)%{>j_=wt=r-W7q8)_F~0a6Z+5_9Y(^pR*f42 z`NWTfxX!8&9`*Rrr|e`^v#DQ(Ne`5HKK-K!4FIPe-*%tOTKwvI#5$pLrg~&eyfZNs z9L}^e)tlB}F8AwnNa)vNg)!}&M}(Y@T3EbPpZ{f;7g4AXcyofjokWqJd6b*WM}`wL zo+Uh5XWqGCQ>6SQo5^S+ zsc1Sn+bU!c+Vz|3cxMRdpf|#6d;Akz#A(DQ84)IsOY^s)`iJk&;H2Y z%uuD}^O^b%F<~vaGWPLi5V(7UP0_Il)!{gKVUL0AH9U+Nr}ng z8A_=aOfHP(iSlOJi9fcM&h5BrZb>&43K9566BBzc2UyOU(5!Q1Ax;c^5pqX>TH~91 z+^1+UW}O?@{m}>4VH%7PbrcTazA*dzz1(|b#53l6f%T_h+=@-Lv8}_~AS1OqBKRx_(v;e85;&S$k9g%F~Uvq8Ki_$XJQRCsRD4h3UOyDP5ohdzyjiU<95e2 zL)-3&-!P5VWqvzeRD4~6rXFL24e+Pv$+ds7o$EkGL^79LU4a3NK_#;l^e~`c8ry&b zPnycd>gaJiN|E^nGr*4m2kagffc1?y$^|~|6bvPO$6w6w_}ie;igXrLCSTa6ka${Q-|<-h4gFb zs#4(%-!LOjE?&xHC)b{mPks1XA-fzEr%d%seHMN&7fhiVKDflV4rT%(VkUoJ?0{Xl zMy#jhq&z8vev*+p%sF)HZI*}alG|>;&ui){OwOaj^6*y{kUR({*nNoy5PC50f>dEj zG0Q?@NsgwY)??!2QJQt1h4w&?})V-di} z*`@S;1Rc+{#>}utLuCzU@z*rHyP;x6my?xyV)_bd&6rI#-#VUdCR5&%xk(VfdAs8p zxKb1Rur0T1iDQpq@}3;JupZWAPBuV&e_Z$gDX)^FHcL0}_v9>Md_$PO(*=)?6&6Hz zz2g5{TSB5wLNvgHFAk?Gf8w$}kbB48%b=JdaDTXqQKR>pSoP8UJLwY$esVteBKbCi zl=4G)GJ-2Nyt3)a9G_KV{F*dR49DmD?)1DHwo6w!qv-n-5&`3HqOaQt%>FDTtkP@$ zvOTL5G54G<>(&d%Ig0+-8%>+#^cT)jq*XL#iE9bEInz5c(>}4}B^O-g#Tu18a`>S+ z1l-|~62oTO0Gb}9VMMc&(+LU*h{xs$+(qXK9yPS&%Sp1ZZt{t8Px>?&7@1;zxH6{j zh%A*^?#>VDb+QQt%-U%}Y&6XYo$0)OF}uG60C8q3tg!Vqn57wi z{;qD*hiD8fBsM-Ezbb>KFSGP7I51S<(hb(bVh>N8j>o#vkf@MGJ-7y&e9b$A6exwAjuWlHK zPOr3`R69RZNYnH~^1LUWhsv)~jU+1UtOAj_AM!H^UySf_C#b=-Ggql=I$suTR%JO;rl z2fDpMy^d}g|22+{r&v^wpG_OZEkC366=tf@utfYJDG*9#syKu%(ail&aYRVt+OyLEb zhm80@{!V3b?~nMU9$L4eWo`0mYtBR5a%P4kzy4e?wOSx>KiTNv8f)fu6uW^X<{^DAF2hVYNP?QDZ2mJeDQxUy?2h5$oIj7bbypFP6ei5-Xb&3YJT|w z>vL4W_RpgO#UC=tzu4Bvi=7$S(VSH3KW6H!`W#*RYV?G{VGs;YrhEsYL-u}flY4IkTn(m2 z&LWIR^}%KBnwcc!=q)3)H1t~KdvMZ^X>y$2bN_wwI^};?Y!auc@^f9Y2vdC?|}@ANtQa z;NPv|Tazg|HRL6NTXPB2dg&2K{{6{|nBA@K3&Cu@4E);*-}z~!99=$xZoo%@u&NL) zI1lq9dy-`O+L6f=$@)$868qhcGx?#7ezjx^cUpZEc?K6vK}(QFqrjYB-5E zpj(#XXs@~ixM~`8i^?jTLS?+E>n^@~^x7+wWDqHk9Jj5X$NzkyBl{ohnpg1NV*)7^U3H_w8F zR7py32BI5!h4;O8#UDBOgNGiRElSny48so;X|F$i`-(ORTF4DMwA(uiu{(J(Vfg()HRzgpTpjiq}7lswtvjnJqbd(ssPwQzxuLGQp1~ zqOQ%^p^#i?SHVsD&KT=BBZ@@V15CuS&3l_wL=we-#N7-2EY-^}N;6Vr=U~c}MgQ`U ziIrhf#a^tWjNqY|pwD>K-}1_O<~i}urT>Lhthc;_0qNy|;GjqV5bQ+>vR&DbhW8>z z%;1V806jI%B_+AcN*PGlx(mvTRqt2hxx0iJrFL>jss_|~()Gk1MX0}JQ*iaLTU(B; z=)2Ni$OwW+uZOMyom>y2BWdfhH^I{N?@9nlwd#M3TX%g#Vai+XiVY{TYOQcGKs3 z0KLX>@NsDBR36cMMWVbv3f!l9l<$~tOGGCt3p2J4+$Mp_vv z^2d7=F>$93KbnAp*Hq4X*h6{@r_~e`#E~O8O!|iLnC`Th!fgEwm0y3B10h1N+h-q? z)9H``Fj}&!Tr(PDE(EhCowr-slohQXuaO6hUTSv>Y%$7P2}uy)$#K>dOcHyv+r)ru z;jmd-$1YeOA6b&Q@#%>t!YO;p(=hj1-EuGL?Ww0D)*4#2=_er|FN)p$f~x6WAOrs7gAc8f;ZK1q8fQ0*=f zwN$`soE3Q?i<4s>5K4es=RqA>iiD(K(cHT-IHUpO9 z^BiY5ucBd_-|$+f2_(I*h+_=)kVA4oxezq-z}Bvnr*G0k`fe9v_Cm_CTRR_Rl>|tH z%(*s@=Kw$r5HWbS0-HE5)N9Fd<}i{@ajCm>WBMjK+h61#jr9zppb4`M!@J7IQ4ZaR z#>6z#Rf_Rg$X-GbXzEay{(hq#L5sdmbsw^KQITU>R#fzkZsAU0TfeHW??*?Q!1+_Q zWXe2oG`4wZjs*({U0~+GU^)*uR+s1=OVJI(J6$j&t{!-9$hOdgx8^c6Q?Lj{Ugleu zu?tS+!Fcl|SlF`D!xgFR4Z;$D9(oDAeNP>ma9BOddnh$g=UYf=EBo$Lvyfp$)@XIT z!fLf29zXgcLS{d4IdS`pfJ{L*T4#`0`q1pKXDlz>Cw71R=*y`V=gJRg&UqT$E$x@$QcGr7JshsKK+>@M{3C2)VtnyvIv!2o9;9?+)<|34s6EaSc(f`u1~kH$&#m zE@u3V+$1~b&HvYi`X3zQe`8auvjK*Ody&9~8rMse2Bho?JHY(*-=x37xJCV?qr_R% zNV@-R!2|p8P{a(v>MZKlsOwC{Cj_eo7Jp`D__JEBu-lrRmX-f;>=xuT5O{!?p%Vni zb|R2tE^r`!SdrG$DcfkD+DjZCwa#I1(3_C#=*rW7nqyRIq&n!Rmh$oXIhxx%3r_Vd z@NX87OkrZ3W+VWVw<$P!Pcp!uIeS++e7W{8Dz0XeOtrcGLhpnJU-*jNvsml9}`sxHhdAG{*Xa*WBZ*H0euBbfVKf_-IlWo=@5cHTe!Z57QH|NYXp zZ+qsmbAgU$H$I{zI?YMmSYa;oQ{YT-o@iYj?7M;#^a>z{uHoIGek*)*z%;el{xvo_ zNuH-!uZ_P2&u}6z!d#suB=4gjGAr>|cgo+V(}F~A-#Di1{Z!Tx}6$RMgtCv1vGA7SmjI!C>AoO??=Xh`8DkbNNx&@+(%%!qUT>V{}bvBFuQV2 zrg0PItr|}{GL~ENB)+_*%#P9utQwd2&w7n>1BFjLm<+J4Iitz(@5!UxttiQ?{!r@W zX|4%l(#0ObT$>ZC!M6XgjtAeYc;mC(UkJ3sRQ_iyo#ubxI`_Z#U3C7kn^9~ecF~Hq zkv*Db)96o)+aJh`-ufB*ifh{nM2M;i$m9{^u&@;%a29ji&eU+=zw}OgW+rI;sbc0O zVQF{Q*k;Z&W*T*1yQ50Z!Jd*`-c#;3eU7>%7|JW@U?k42>FhYl#Ss5s_Igol4a|rS zyaOBxxM6;1I!Gdf`T35G3DHp=99*&ak)GTBJ$=GG5m~8>*8q7YAnN!?5EwguM2`AL z<7@*tu?sY|Fb28aKWR^v{?z|J8v^{l-T(jV3Rkhp#`Es(V5YBz-AqumYmBzcYZi+P zqy;1gu3Ugm%X?O{NUmNf`dUM|`;W#rr|%E%?!`B%in}-U1XKoO1Iz9v(Z72i#8Jr$ zDzbQU7GZY7)P7FiGU9OJX?x2VyXO4pt&?|;^39GHjb+T8=6+|MrlaB4DdsI?h%bKV zRRR4Z{mV|BXYWOfXyGP{NtfQNIs`Z&!(xJ`>+}etTwu&bCm)roP*Y1NUx6K?AF}WK z>$9*stMB&!bB#vqLiY$DW>w(XTm+F>h*EtKe-eE4kFn~a^Ml%ScD}e>uGjH2=hw8b zG>k>rJFmTSrs*4P)Hi^=o(2AMy5Cx5OLXZTBg#2+Z!V*Q7t32`7Ov!J5%}g| zzLf%slxgpU9%|PluQgO!8O!afGWa%qTx!s`u8TqOQZ#13p2AEcq;xDufyA6G z*%};jmgw>kqFji|^Y)eLdVBw-CxiZ6L27T-z_)pF!3sDT0tj8^yoI^RY2(M3hylzIeCsLCH{RzEMy)dUy-i*C z^w_boL0uKap0XuvKt?E3AZm-ShokRVWQe+hO>XCYWzBl z+FT|oPUsJ*Q#Gl0U^^>UdAdF@!u|x5|NAVGJ#LhE7=Bi4k~3#y z;=`hq(}m_|Q6IQ61cH>C{6sx92P|dju0?ml{%Fa39#_6N)l?v7b+x}WhvY~rC2_BU zpLZ{XfYKwclGu&Nd8cyFb?33|5SdGlZ`v!_*HqhmcaoQLY$#?kW)(U2RY$PuxbK^6 zIZ-Nx9fM{wkJeN^QZp;&EDq;O`$&7qO609#z}2%=+qYL|eU`6Wf4ceT8eh@&{3>^` z-=LzWo%5c}Nr%s-Tbi=FbmWf*uk1^!-(>IZl)d@``uY*AO1%s{?&X8*TrLAhNd_s( zKvqZcbYOsa0sEN#QeV+cAjzm& zOvYNbHh!M)FIvdQmpwLVV}w<>+F~ry-zd7i_~u(pT>2awvKiE;e`{J!!>HNMX`&rR z4ZBs0jC{tak5qd1?s;bO_}9Pf)nGFH@9aRKbL3e3Xp*`t?l^wYPEMq=sBd`eZNc}} zYmPLLPl=H;K+1qoR{1x@0$2-Y3;La}O&gS<)e>J|Rq6ajj6v@p*lF{fz4%W^ucbq+mo6Di?zm zcSRJF;l5_Gi@dvBxXlI2pydR{<%UdVTgD=z55&!osCf0t0b|9?#$(6AS|rZs_t9xw zV}IqT-GrCCyv3APChBW}ea+~P6B)b$`2k3AlFH{m(MP-lNty#N=x1d$9Q6>6iIul^ zB^-48xP=U9uC1?u6=~TLH_~H-wA#ppfJ+&!hGMM&vTX24(TlF9_t-RVbJD)MAnv0* z&=;^01b7g4DkdKqJJ#ucI`od3Xl$JDO&gYUxzVhZZ4axdeO49b6vfxxelUM%Fa5DI zb^>7DMgO<2K9Xc9q8J+XXzEXmx~cO?{~%#)&MbcVj)G)@%JUb3C@W7}T3X`efto7m z3kRot!YyH#rHjtL^TU$i7rom1C#*hto`t`!dQ%^$WJmYf{Ct=VpJ(B;R=x zRP*k|G2F*}Q#b`KL~_UM%{??EdzX?Y9EsROe~=&+QCXWBI=w&27?Ij<&9(X@(}0!! z&2`tSPk&<`Y%sh%6aI)+1X5WVGZbzTAWI`l5NG;}M8{;C9nv{k2XT)UqrtgeTUi#P;pUYR8XnTX2W=a$hXh zYux;({Nh2j)c~Wu<4p-~99(rvW(64sX3;b!EF}*S%X=eMON)wY86;0tN-G%(Y}dGs z!p`5_XlnG+OLpptnPq6sm2%TS2H6yPA~|4E)i9H35WC&L9THuhkP*C@A=aL}vb@yg&kKtpGPPpsUV_;=?aH9NeW1|NlCoD7$}I)Ox@$L^ z(_}0!J@1Lxw55C4M42n`!%{C#whzK&N#oEos{(7t%ZMN744O;FcNd4gKckVRK^b;k z`1xQt(CitxZoC=7woRU4oy47gi_gmI5-l&*CAw# zDpNuG3j@iXjkzkj->Q0fH0tAVl`l?3VIp5iHod~Mln8R+$|%QX>(O=Pom8NeA*swB zhcmr(W9aI|a`!7wv-40sad#LFY$USh7?7oJY}OQdSmLN+XSEcmK++z;J&j`ZvGt|D z0(URYCNYHF#l2+K-fa5!y=MYSa|EAO{zNI+pjOK5Q+>)^vgfG=%ptvhX3QINme?g ze4+ms!rjSo%Dp)w%%~YCg(-AnR@!6ptdROj{T7+cd@o6SjX<~*R()TkJuQGw3p-3b zXHStJai?ltuY)m@cLMY(j{A1INnP(HtmGOtW~{f7P@-}X&J=C?oaDJ7k= z;1Z~l_j2Xm>~1`?Z$tA!)4=p(T}P7759Q$q$%3$o|0*>$#g_u5#&eIqd}o%~55of9 zC@z>Kd2S_2VFlS|>fPks;wH+yUj(@$RW=Y(=q4-BnuTxQJO%z zBa^5y0M42qXzKx&{ybgQ-q!HiaXXDSV^?n3TutM4me5KU&dNka==CH!}H%mPNQNrGVJR5FTU@uyK=< zD#?JP!&!1%UVeu#ojTcSuV3y~Bc{hOqj+zGp_gCqy{lA_KIBmSW8i8iUl?#4EBOyo z@SHOs+GCDtrLwb-i~rFyp_|Z+;5DgV2=8!y1WwrPR7I1@V{B4tC4a)3p<3& zEZ#rTV#nlXQ&aH^4{d-34duu!ewkMVzUthzzdG}IX2)qm|5}wkzRKPuC5h7RJS(H# z**MBtT7r+}Q@EzbIwwpd>z`H%1jY;x8!um^$&8ZO$tS-$8X@_$e%dG!I4jV+3>syp zSaqJ#j!O;u{82-BZzWzJ-+x>w;Fn^Orgxvsuh+c|fXecUk`IZ4Sb`HO6%V!wq=~>Rdt;9pq=4zfR11_ZfhBlGHpMVfF>f3G{`2^^H5#GX<5IgQz07k*DJb< zH(2F=F24zCaLf+a50Q%rD(wv|VmN!J8A41XSih=+DUpuqD#+^3@)cNrgRY}9|It9N zzbvbFVPzc@*z?)>uGr!2%hcybSB_D@1wR-=iEavCrm~Y6tjMnjzHE#9g-&g_?x7%p1dE+bKN%ujv zTkxk+f^FV8me(aa8WHKUx)}AeQo>#;RgN@&YXicy_cX>A(mU?J|NL`feQTzMaO0g! z^CtaGo9CVGtC|Tm5dn@LQRU_2*rWC-`A)k!a@g{Euc<#l85vh=Kk7Io>y|c+<9~Uu z*6X__);yV!5mOx#QETI^+76Q^FDye|2{UmMie3aA;qEJb525XV$oqmE^cDg+Hg6}q z3<@y3p?hA36AvMp7x0@PW^H9@AfYsykz&~MmRG5Mv1qen0Fc>hLUi074}VUEd4o|2Ew1Ex88y~r`A z_u9y*_|aIZhbbwPVaBHRZo6c!gx)X6xKj1xK=bH<;ON zT9e(sY~iOTT((fObrPZ*^;;g?0Qxa*BodvOlHw}nsnKuOv6RM2mJ}vS=H&Sj4=j9b zbYqtE)A(D{2Quw)sER?(awDr~oMzWRTg$s>Ltd4Q>beJQC+&B5ftVe14L*Xnswqsw zJ|It&Q7lM4NcKNW>X55WBa-hOjDcZ6&_tj|%eA|5ZB|f1x`sNPC0Z^5nF{t|sJVUQ zO+;c$>Bcqc1Sq=o4GqMj44OrW>AhmBfC{W6e>emCmu38;*N%KcnWxNa-%C%Opm&#! zvL?W8XJV!W4^bU%2?vkTLL4GBN@GkCV%^4{KGSm|yEGSgt{T?WZ0&ylF*#7!$YZC9 z(9ku+4$D<9zQhz|^Q)UaCIeAb3wF4s{oBaAZ1Zn%`&K$&Me)-*?1%|qYvVv^Kpl>r z5@%l4!Q_e^JsP3qn3uPvUuxgkPV_yhMwCnT2oNK3my~ zMY8YsQ@8=Fx*a(z(p@&9C7$3gt5EB^8|}(C%@*$P$ge9z;+85K^*BlxNw*s< zK$V}P4xyNVv+JEoZ}X^6UnlxX9ezSzv_@6Qcn`QSJTGnd-l2P58n)j`{yFnSH+CZ8Rme@Aqfx+a2ht;3e#}7l-tWyauDiN24>HI-V6k zk1VpsoR!?#74fK*b%Y@8mOL|R;(rJ<`5KlvyzHib{V2sH`my#J+O@_(2Sq&YXF?FH zhHRnVPwm=Kq{X~2A0Kw3*umEZe6iy3H5hLh**4mg7|?@}1He53`01KvV&NAzi}-jD&c)Mp?niZzQpYGXyxl6CJfMBuC>UQ z@KH5X_@c?19Kq4m2E$eD`QFEtmucBo5gg_eCI1~=JkX*D^v`VwF_9sw(1Jeb8h@b$ z_Jpb6NJD47_k(q|;ozf^+6mp?kwAkR&bk**EnFVrhcIlm|D#Evg!$z1*~D*ab8BD9 zu}j(ia+yuH!&{Mexv;}(aE9!3YBUe+z+&;L805uG1Pkn$M8>4gwtrdL5$CyV}vw_I4+Y=bGj2cI3qe zMs+|K=Z3%~-a9KLkhG@bKRW(CS`=(=eIc~@EMwQTjjh3``BAvLPq<9Z)=U~~bmgcx z>QtNZXaeyJd}ZE9DE^5EAaa8^)C*Z9-};Km7l@kmbMU^o$?eS;A81J(w2w;5AT=Jv zjyHV~Yi?{H(PjDj(;Bm>eMrVx-P04eXhlP#e(vF5o8PhEp+>qee3BbygOM}A+w_>9 z^IBr17=6%X#0}1l2*#%&kD`UtRy*?SG^cf6zkj?OZ6XuD2fqY^j=`0>Yi(<@5O_2j z)P6(u@V_=e6-$#Zn7Q0l=<2089#;)>o^BPYIFf^+{$mejLNvfnBMIqj-h6Ssm2TgXl>%i~Dpc#SmQ%(_AXB60W z%C}Z@Vtb`M5%gST=T?1Nre@Ss_Z`}2c6MJomY4d`|LG@|fv#&iq-x3TN&&i?X4-wf z=Ua0R_&lTpFNij@==6`@j(rWZs3y0kV~}wXOwH)+bz+?<=_)GoX#GI~Zga*kVLV9e z`fZ)l#-M}DxfVdIAu{mGCJo+eg#U`br>DvtdaibmoLdP_W_wt5-_>H^q*X3eq1UCc1{?R zt0~KW`=5y70#u1+cj~0cTO^rYWaD~ojRxMoXF*6NoeP?9T?u)K?A1rlX5MyxH;>w>L(2kaZqh_J|a?1WcSH97nlWIpFu2ob36r?WV*i>rjY0U((~0 z%rD~gcmC>#U)V)+fo{O=66MwkSfZ(Xo6g`C)Qhs5EwisNvvS`=ZXlHe=ep-Ft#JPB zBV`f%cXWWpg6MYl1fa`XGq;<1X>!i=6{bkK!FI3CwK2{1mz`O@l%21M;Y-Ny#$Y^c zeBDes^XP{G{MTDsy$1&JY11nEwj=z0sXL5bPeNR$?n6aREYwPCUff=}c=ow7uoR|E z^pDmICWhG&r?9CZYE4_b?vpj^*Y0POOoRvO+m11wM#m z*VND7hj!Qyxf;(B-+RwksAX9;f6W$aXfKqwG9oIY@p?t}D*b$r14g-ypTb3)iC!b2 zfoRZUiE~q!Yr6)BFlcAkyjaRNxhpyrN4LjuFXPw*N}d?pD2c(;TIV*n48zyPAeSkY zq;PUE@dAE5Eo3SADnBQ4 zQF89G!X@g&A}tZw1%6p1NlK4{S?8ywp`XoKLk=+7L7RnEI@(`J#0= z0%~&SG3Ld$E^HD-_X}C0cwh+xeaDV@eMgIP8Qidx9x|G=)Cg?4oxTJ+)BfrT&+Xi-*Hv!$)1GoT zOOA_lx?C&Kbmqp#n*-Gv96*&Rqc*R80E&kTA}D+Vjt z|Mw3`^Jalli^p8aW*(z8G(i!{WRH3O`SR43(N5c5BpjGzfB4xs$?*XEbi^`99h_QU`s?!o^mXeYH)=0)j=G_;JLb7al`-P3-f3K};bF&DPF3O`eA{E59<)$aSC zRn=r?Yky~^eg5w$zOEO-0fhX0DuA?(syg@bP`ZDQiR{}jeIn5z@G0|p|5nR#rv8KF z*E~1+4nsJs-_AcL-CoN{^2nT(A3EuX_DN^XimugT0LJi3Y1y+-`64+w0T+Tf^xfiZ9u7#h)97APcYfGjE{1$6&(Y zwL>*d;Y94wqt2LxYaqu=*-U?rpYR>Wl;D))6R%O7@#kj_7Bg}p`+Fh&Vmq08p$G8c zc+tNmoK97N`!95%|gu z?qhYIprP>R)y-}l?b+*ZDz@tFj;?9Gu_y|5a_>uJe@Ig88Rdog-%H%#ORK@3S@w?$ zZWcZ38~K#cU+}J~b{&}eIXC%Q2K}*Y_n3EoDH_g2(P=!(`U8pAeSqvsR7Yw`ufEJ35I*w*XNqO3HWe~~aM!Z?v z(Q(7Z=dBj?2Qv!i>4E+Y&(ec?H@}5mqI~9OoNE|-_c@-T^ z(YRQAY41IWDeYs1l8&`B7w#wB6$6^|Z0))->9X}wK(1EQ4v9s3jLsJHQ571zNH5SEy_ z6A)?Zxi)PRJ8rCV`qN|JpU;2g{d|9A_|ZUN6%XTQ)19M>fUS=UEJ@||5N_d))kM@$ z97))29*XBmYT$6-W)`{HxapNyeLvUu;L`BhyRokw!rh!%B!}7 z;dk^aCc2&_^H#azJh_!iykG6=bF>DOr!0&uQ7>GV5vl5_$ZmgJRxgBC)Bct43z#>) zO_S-Cn3RWouJeC8r7wszqhLg#RV{vHXG74jaM)-(5T!rxWV5$A+y z)VU#4^?SKe*a9Mh{28{aRecK@B!}p2X}GP_l5h4Eaj~-?Nu0wINs~1eaAR_+nKNC4 zY(=DB`Evl1Bf9q)c51of!ErYGUR=lazLUAC>R%_XY&^Z^lYGrKEOV7OlHPuK&Jada-JreB-IuS7Y=7CW`<=9gh`~U4J=>T zt&)(bFM$U^!9557;L#!ZmAHq8yx0bbl0{D~zMzQQ<-_ee8V_7_(z}vI5Cpw7I#lzp1*9k-R5MOs&^O%G)c4 zLGW~_(T|B>k@^GSK67U3k0M#J9o{LpD>7wCoTe};qbFM-(vYv=IXG@%>ine zb>@7WAwGohg0$NFmw?l(J)HEzPzE9SlhJ-WX;6z*Nl=!epstvA7^_OTPgnkh`rBY_ z-A@sl)heu-hs;Dhebo(VlGQ>WPRgR=P3jxNR z^4fTvzgGGWJ>^d5^&}KT>i2E7@kICjB7t^ND^Q+F`A73Kw||LEzBtRGvB_Tr*VD7W zCljd*dwpv08N+sy!_T)P{S{QE7t-v%jV<>=U#9Xxh0V!{c(KTkKzx*?le3`KpKrDE zgDxEjZY($Yw{5p&zT{k^KCV8|(gS;(#HXjDSSjMKbC z|pnK|4mpDMe6jgGuyMO6#1TTzUZAvfkt%G@C z`GeL_(Bq7lPu=WD#WyZlaQugM zLU2shOxEkRUz-Thx!dcPnN7~~lWkuQcLy%Pg2+xJpfjT5J#`Fy{*$kA4ZPPh>+Xya zLq~k0lg<6GTjjYL8GI)E2RUN9AAVi8KE0KE=cg^%wF}7tSB5!~*FRDM$s71n2%TpU zLql6^uQPx0iIy>s8!X$%#G@b}ggd1Ym{2O(8AK34jKqE&!k>PLm@((wEDJz^KKePcHvp?z&5Utdq zv*ObYo6%DtO=SCu+b~O8tJZ;ynPcs*0mp^u=ha$~2B;s0oJ*b+bEcj^Z)n8zAI0f? zwlnK>F)nAH(e8VI`RQQ~g5?t|s%#@QkR<{35O@eA!T_4IZ5iAYuTP{U^{O4NU*DcHo zb1k3w&3`Eo-`V zb@)Q~N)j+9(P%8;0mi8Mrj#m#uNFX?aH1f zdS()g%+`CiFJuNp`I*lq%vqhK?||L@uBDrG@X7rj?R^JSQ|p>`6cqs}3L?^?0wTSG zNFXYQCek|ys3B##(*AwGXd8c(FTiQ?G?JL|J$wg!Y8p=?_m#Rh8B= z9g>*$)9Sb=Jy3=+cz|p<4Q`$8#)Il%UoXBIx;=Z}&3v2ciN5xWSC2INzIZ(2n_Lb+ zmw8s`RX2D5^c+PD>5YfBqF9ikgGy(x2uX|h-0=>K5NuV)^qCE9kwn=qpYD}N3F0I6 zEJVt-t26zSq{*`TIhgv8Bx-ybw>Z9{MaYS}+4$km-IA&S`k)Bv_y?n#(f5rX2S>Hc zl+4(zu?x5s6>n5DGX_wk@$0LKgcuxmai&*tGeyX+IXlhj8NMEC-qfM;7*ZCQjo#cl$Ng$tPT4$ z6aCSj;m5o?m=T4us8%s*r0&4$o5PSBbNkjU+}vMM5d1Y2!BJvGlftjmKe0gLPHA_I zo00SzbBKW62r-P5k2g^+A*@Chpb0v&0Uw=m?adQLSht^}g6MtjacInU^fFcILmDq# z6wPV5Vr#fhmy(MW|Ek0o+KMVyL%UltHxp5(q|pISfff34MWMB$ta-~5i*`!65X?RR z|9~^Q+lE84a0-ghQ@Ne);?JU||98&p-#WK{Gyd7~?N6{atYY()jGq(HULTf)>IU`7 z;|AO*KMX#ofkTS(L^K<`S%4^IIkZd|IlT&qRRQ4`%C6BSr5(+`RykHmwdT}|9I-aP zWum#ex{oryWemMaW@cRV--9CbtzRTDle}!^R^@KPf{;?U2qsOvFWI3%>&$K5VnFR1+6~2oh#<0-l>`W>(|1Ov>Wf4U z9FJr=t|NKdnXZ#+UGNGqZmPL>bA43`?`c5#f^XAdL_FD-?mg`wN5n4pdk6+ZDBfx) z4n@)XKmO!j^mJ_!LwPFxN!AsNLD;08t+K0B!p-EkYPn~w~6C;b`$IC z+{Kre8gx9kw&}bNT$n-o$R;!dT1p-9em@FHHKXHC93`y#qz_^g3@egOo-a&ikO7t6 zUSb&JYl%wi4IHKBouP#F-^}VW-8u1RO+hFrWF6qY`s0%gNdmb@`N6W9z5L5gV!8yI z?@vo^csXCZf}>Np_!icBoJuOFuS%E)?C~Qmgaug9l5gXaSNZVkLl%XRPT?UfJInh3^@kkPV6rlU03ab$S~1uspec`3f;i7^#?pkebtJhGTOrNZB(e z+8c9>bjX|K{VOuIma23@i5EtLW}cO60Sak+b|+(nwdq7pc%lQq^kj$GX{_g*Sc{^K z_8v5lY(gDqpkBKtTzY3Xo=D?%L-9EP+R8w7`CbOl*;#zYY9bNF}je!+-20eBZ zewHjoN}pK|Vb`}eZx4c?a!G#8*fO1C+fNCSDnyR-D4O#x0yl32k6FN=w5BrNVf|_f z-&moFKPx-S>{{V3s<~p&kMiA6A*fS;5}?J+p@qtdnnCjQM^q=VI+s-u{!Nh!G^c6Y zjV~%oW=vQK?Uz72bG{{kOG)?AkWv)^Yv*M?KHt+T8Rm(af^HRCSo|XAcj2qH1sm4V zo3PguqL}&0l;EXiMw$e-a|!)2=*A^#9dKqzQZoz2s3da|!}MT`U2WloAx;9#TQF=Z z`QTWg66qO!ye;nBsvf}(r=6R*!_7&MO@4nP{Z|{xTY^zvQ{CMi%m%q{rO)B=!mWHebrVG(bc-%EXB_7IQ!U)7Kx785a9(m zy6^_}eWl-QA{!|bZ-Gm%4+OY-+N6hYC;k>j|6M~_gKr+LYMktenASAo?WY-D6!VUF zQ`J`D!%*iA^KZzr1(f0BGv0jmafKmdIqIfDs&7luac>jgD_ilC&bD{d*di}oJ{j4j zaa2|)$$|$yI;6iic(-`x00hW46arsRj;u<^NXMfaUm?};)@T{C+MAD5(@#Wuq&rra z?OmS~zsIZ3REf=`eUD5#Gbz@D@=InhAIHVC7KRjA+?cBmmZi5l5$quRL^*wI+@g~{ zzaojF+kr!9LEI_%iqn_~y8Ii^7!;jQZ(Dc-QP==3MFjxbbl<^6uxjr_cety=qKaG$ z@9W#kkPb_nya}~ni>o2jrZ6x`oMf^GLD)3ZDFR`%lC2*3EoN8PqO!}^;Pryb=5@uw*6NC!tvqN3?K=;Dl+0$itXWqy^{R= z^2qCkPQ~x@$w2KKEz)bIceD-qlEODYX~(7aBUS7lDfJ(#jHBR)n(mt^k+VC)59Bw+ zt9F7e%&p`I2$-3s&Y?~LrNnEAdrVsR7n_=(ix6 z>JeLJ7bRbKf#kafB^$qHCoFC^=eH*0iC}7|Eh8sFh*(CDi;#(Ts%QMsx#eZi^vKTl zi#wPpzq01^%>vtCn=p;jQy~m}CKsY~{7}Fm0y)2DMoMju+bV}pr}yMKTAj9moDrNx z__R2`)DwzLF`e7Iq|kq(LFknRH06f@F-%^k7s$>tP(%^T#CP?it(oM&VJJ&kkE=@g zU|qY+{>SjONLQy~kA`i*E}lpe-jvcaJyAZ$5hZE_716hHKb>qu$eg1NeDp&|j0vHy zsMIypMWJgcd5}cK75@e$@zpRqN#p1A=F2Hfsim9X^%l)rUMi zx391#W>Hc(#O-OV#1S5sF?BI=(s$%2*dH+I8Lhb8V_ur#zyXkN*mlBnyQ-5+`3i(Kz~$?|5x#CuBotMNmM#Ggo2^@EUdh zn#2PAC7JdA^tf1H>+-%dCAVoLYFh>m-LXtW~^ct}Nls^Tg_LO-^8@53n=Ud3G7j zdN6r735Qha?J}!8H$63saD0;9d0wS#Wj)oTv_E&fw0h&JMC>D%vuCY5SYMl4*unA* zR;x=lmFUqk^(`0@Gv2Q;6Y#Br0X-J$hdGYJ(~ji_Al0%E&x&VqJ9T&7ndz>E$3`GH zIX$&1e8}2RM=oU?3lT(eo@-QAw4gJOuD%D$*tk5dE;yw;KN%dLq7y1nPTUg%YCz-}f(i_Df=+aT`Ic4tl@Z_IKD5q(KVY&`MfjozpH+O0SumY@Bg z|7H2HsbZRm=mYVIc7g7dr~Ewjya{p_#H7-N^SB{S8>1ML=p#pZNYni%Y;q_d52}M-3=o0XBBfHoMS;@2Z4dE=&dbfgGtZP&KAHvbFF*xX z4HCPF>1X?WKf~_b&2AD%o8PLd?bm~;CUt9??Yy&*%rOnFj&hPs#gu(@%FOYywn)Xn z8A*0?g<(*8v6DyxLWRFmt=xMDbMFtfZ*`ZMEW2&_0#uCOmp<^6>Kc*tfIXMuLQnl4I_mawGMI&nS)D z-dbw>_zjW=G$^z0Yjt$3PTnLeCfUL5ag5x9bEf5&oWg8;JWfxBKi9>v-3nJXO6Pde zCMX*t@+JX;oERDLoF-i5kJ2!DnLQM}lg=+9=D|{9j&*_$Oqt;2fY5uyDntuc7+TMQ zd(qyKBmzU&46G*FYF%sUf7*IFTEqA$+hkefhF?N4RXpkZ3~;vt0Z|!C)T~D^Qiguf zZyiIgql+P&k}GEFw_FuE_BQj(+PzmjK1XIwSjW{>rPMCRelbt#*A^VqurN&R%ICIF z3RUsknOMtwGZRJrIHv}r`6qQ6cF8fP9d>hgT@`Z$Zy$Ri><7D6?N>!@ z1Tk@ExcIu|X1cnnT*5=y*R@raYiroGl_;$Q_Y&zWZI=1znk%ic`5d_pDc&YdW8e$p zj>#CqWco)G)+HpOr*esg1v`K!){%CD>(uxAcy`#}JcgzV!BMoX}OC7n1X= zLTCKXUpSJ$fH?cKmfS3Z2&&e7X~VIpU~MuvSzl!)^pRnL)jUfRd&^lL6TOLfcj{e&d!`4%ztVV)XaE$aLI^70_~ zi5p!BKsLa8G)LWGoiguIzaLQsS1O%F=+op5IAA?UvKmcaM!f zMHJ@P{|s9x8IxM^(``wD`yc8~k``|a)&ZfNn<%EbQUIxe$BcJ}*=BxA4ZGdj!+2G8 z-@P9{Hytn~JzNiD1^od&$B!O`&wwDdTe$Ox{>RN(>r1doUUic$hhx1T-9C{LD!nA4c~xTjadi(AojLpFYc70KD=_YI27#QfQ9xDDojmj!+1Q&QX|1+JiW5-??wA;5&T}YW=ipOX`ZyU7DfK zGEaqbhL~2b+6uQ{0Hr;rZn9uRTS1ars{`9bm^JY+0b4aZK%A4U3?U{aG8av&CA|GA zyzrx||Ki)P2KMw@MlAAx>wcBOWlkAI9YIPTfT(I^X1L_qs%_&%TDUm~kE&}~W%1@( zJP<8U`>|MZ)O^WB^uB^$Y#F`jSTQ9>?N*tSnwz9>-xi zytpko3t0>vw^?{vB*!F3M0{b_mN;iU~4@U!kv8D#x8$ZiJ8C^6U5-3)e(tx z?6(jOA%1?)^6W8bXUy=!W1UNN?xfh+UTp4MJQ-RBe@Rq2fggEEwgi0BYlz{z0_XHS z`MV*=9dUJ}(W{Wn21#5ibMLm!AaZ>2qx^LY@vtqcETUJ|0(Ujr>L`dWXAavEVbYt$aHhLl%a z>74^JSs?&Y!fF(+ub5bnq_6@H`jIkNuzZ1QwEw)BxcyH3tXLyZYq%{$_$i;$8VbZn zILIo4<2t2%`IjS1e{^%eJVLM&pV`_5O9_)v%Ze$l*RofGB*hM#?0_z#` zDVGs96}sb-Pc18(R197&30eJ=F|{lZvA8jB%jc`x5(PdcNSvbEf3uaZIdcw;WF}}D z0)UO6y}Nj4xL`Gv@pv>jFRGE#h6nj{LpAUEg$E_sZG+aXddgWqy1=U<7zO_YZ&}#n z2?i|z!CjGif!cr$&JHHtEbo}aSshI1In~HC`!@9pi7gdTN;9hz5%MKcRVt~lVVcvM z!wZnrmc*BbL7;^WSahV#e*OKKnvSU1i!biUJDh#Y#5(5>2+&0G6rDjiDZSlU-C%8k$ad$q4P_sV&Xc6g}OZjq* zF@&u5-VuE22P#a7?#tS#Y6kctx9OsW8FZ;->yxm{S{c4DRz5jGr=bgY{ zB`&i2ehLINqh-))eey@W|6)`1RuU!~5x-|Vu%}n0DLXMd4ActiT^?g#dlvsjGJCRd zau)_92G<`KnRL~cpqt_BNa=p>OXi4iZOZ2uOOjvy_qgXf_})c_ZHGq}fq=@sm=MZY#HB%;$xDcr*FMHI!>f8)vu5WC0==Ier!7)_#hUF|)7jUTd4y3oklHc0jF@!$5i7od!aTCfte4{ZDA+}jykfyS zR@tXJ25K(TJQA4D(7jnW3e=y3v@hs{9DwX}LZ6UnNSuImU@-ljbctjQ@i5PP=`NJ( z0?*=cVg$!mt;YQ_D*N`yJ6ov45q3B;$&Q#x>L>8bss+2F1KxU5N$8R#Z|W^ zew}J{a}b@r=YLEug+)E`c9pGyDU%woGViA{7~pgwyibz4XV=k5Z2Rvir%Csx+uFLD zN4PnL%FJX=mW{oHOTTWH1`>oeZtvi=-glfDg&9Loj1*Cl!rUov85FpV4CaV(OB>Zd zHG-JGnCOR+*x{qx9HE}sQfyI5r+p_k3cJ7_oy19&s!`J&%^6DSo(8D~cYHBKiI-$^ zo8&b!`lzng?!EBv?%PzCrxs9q&n(bMUybA1Qz1v)UB4hWTEJyaYrb=PXfA|}O3{}U z(e;?da^kjppsp{EtD|#*mcaEjCaGkBB5j-7r}n8;_=SE@ecelD_8$7a2WiC7!D;N# z1gDT-H-pFZcMbP6^c(Ajm{DUzU%dy*B%l&)UAqb@F-Gxf#qpK_LQc0d?aepXIBWGL zSWXzKLP~Py1=i&A1qI}Orb7N}(wpDE13V5W9mE4g=x(nEQ$&}N$Ks;L!>OC%JST3r z4L?6y$I&x+EGp$=_q~v{Q~3)hx{$pSA#YanHsGsZd?FcaGk5$~0 zj;~^6lW|hoKjy)@U@Vw@K^Ixlaz$7}p3cmhb_4~}35K32(=uuG=J1;}@%`Zzr=_Va zM||G1Rv{(I6Q&-?d`x|g*O%jLuSjIYile}$1B|wPaSNcB+gp!yacx z^SA1B3OZ9Q&6Jd(=#5nrZ-%kGI6q(fxK!d~&aJO>;2FJ!E<*iE_FOnMky8f{ z3?gfbIyob)s(k5Nr_5v%@iM{Wi=n`q|v5l~Gf&bmIa0#?RVOQ!i8zM+@LKYjChmG%k|on^WMo-NPaGX$!% zlO1r$;BRk%iv*!dAL|OA?SJNwYqdP`;E=r1^xeA0VUY=C|(-(6BD zG$W!$>>`QH#54L~;Z6BGt=%6Qu-?%)3$N!>T|KLFyf?R5qkJUAm7WX*jcbKYpw$>SST&x3q=H zruNo)Hg9&a6~4FKQjQow5=l2j6s&v`nf++jTv4HEBTP)Oxz-JH71&7iYP>PoCw8Qw zT)s!H5z0+bAlu^QTF{|MXG%!!vxR{rme!_Auxyo_Wx4H71qZv}vf}NI}xZuBN5&!X$5OC+|wQ59rKe1>4$8 z;*)*!BMKYP@u)BY<0PkBS~9q$9^bfGm%W(ZlUBZ|qR`8JYi0htlC`4p(I?c;_Zd^r z4nn5F=%6j2Bo_5D`7}f=o1}ar6gT~Xe8Zgxuxi7tM1Vl4s@>=BZk}P;J`y`ObII?$ zrd$gFHEwvT5IR)pr{^SXX8O&1J4kv|S`m6Fi2AUwV)Y`#pPz2`o3bEX}(0k$$pZUu|^d3IocP-^h$nETNK5yGL z_p`Kd=Qz5v-XBZ7>Oa#92Kp|YgSg;Tq3npcJFcA1(Q&QDmE`Oy`N{D zGK=x+d~yJ~O*SIA5)6p1Nk`*6g58ARffV_{EqhG3oOTjLME{Gk^fsJVOR@5b{sUV! z>^RLazmPrA5P+jzWJ)Fw7Si_~0@qme10JPEGD<_J!^-D$z92PS3N5V0_-ZSe6+fn# zy<@$zdOS^NI^p#9WH!hVg4~V$xI85~Btw~#j?ruFB7AXu)B=Z|T_*1(y7&sITQ6Uq zIZJoi&fu~k7iKG(r3#o;)cEGvwLpCCEX5zc*_<27#qe3d@X>LH1mwV{8J9W-I`!#Q ziNaur5Fj$ZL9~8tMncUn1`MN^YtOo7O)PVRt3wSi0|jOCwN9%Jk6-7))h813-cxl> zNS=nOd`nBeTTDnLvy(7{RH7>Z+PseTsJ2SPi7|f~k#$+p<&R7g)^Ar#la#h&em9S1 zXbhG}tQq}^PU^%>k4K>BmGPABS=C@0+ynJhUP4|qCIM^9^UtJCAutr6DmO5g4a z@Y<>v3mXP?1qj}l2R9{`jkH>0=>W#uG#gT>4Da!h40g#bBqGf*`Kw>zCK_@EKkKEQ zDlH1oH4VjQBxdY2|41= zsBfR4syz1Uyiey^R!VvpP$3W60G}qguGZtA+9y0Z0PMvuDvUPU+i|8!KL2 zu&INMjiq6e%;biVHn z=ob?*SN8F+c5V)U@&s+5NK`nT*lex4Oc3b_>x4*^j4i)vXE`T$_u0{e7dML;B)UR& zHfPuUQI6|@U>awr9iXv*ywJCTIf40DgyLw;Gfz+GzjGcs5H}%)<$agxq_x7Zn%9v- ziym4Q*i##Ns^qc%noNT$3_z7GzJxH&!NgWp;hHa&L|2icnHyM(s;_zrH#bzr)C@L? zzeiLRrd&z+Q1e@98pEYOwiNvYU{@YhAcW*Ry(?OMZ=jlgu-{u%9Z-KN{ij-r0EgpE zYSw$kgTDQp&sQ_vX2mwF>z#j_(_lWSI&1i;`@6;>?bD-c%W_6y(s~Oa^1A0d^s2L; zrJ$wtx_oLXf9^NExm{OgO6Qy1nDZ{y(de;*DFaNovHa}E6`sHb6m=e#e0xL-zF1B05dA%_C>~9ZrM=j zCtbx>SI^WViMQWvFQ%-fa^owSBgQ7-!BKfyHDx2ztOS0MybmZv2|!747;U&=@B-R3 zBc&>tbQ>vu0D_`+Xmu!;(SH~vmn7SA64rk91qVb_(Sgv#^#jmF4FF;E|Lu4sb1V?z znJ9A>&^BwbneE-#I{_rT@^~K6JMa-R;A0=&vyFugLE(TzeSqK1>%J zrZa%_&>=oJ#0UTL@PSd@x(J5uK}{J-Qa}n*r21GL!o;X&43o`Iz49~Jj=KN|@TD39 zGIa3$bC%*ucRqnPq#dV;fQ~`R_Y5wf6febd^AG$}LWCs#DM8}Oca2-u`lt{3_m`u( z?BvY|2Ov-{rAIeW5+K8LcN~D~pnHNNTmlZ8;u6r30_fsAY8t#BeR1Ho-Fiw_#g)uY zO>JP}F9)E_4e0tb&__w__XCSJdVk_|wtxSJF?)h@6mPYC;84blCs|y@izB4FeGfol zJQP6FZzadDI9B`i4j?v)+WM{?a_18RV{-`{W3Vigd7^Uql-w@6mr#*`MUSIxaE+g) z)~a@1gJ6E|Zh5ZJuWE)D1V{=Lm2RCq*a0Y&z1ndB`A1npE$i^zXhwg4O=9*2NOFS? zw?BCf^qpDaKVCU9De!XPg{#J2s5lSwB7wdCe;)x#(N*rYcomR_inNTV3P|K%AQ=I- z(4QtG{ZD=`=P!RWOR;_w)o=^SWc?3Ix8`&=oy-(+*sHSNY0Ul|EjOLZK|oFKI{08< ze~(MR{vS6?gY-5n?$awpkL9~qu>#^M(z~>)XR0%+;)EFj5(NA{LfrD+9XF~1dMbZ$ z%$WcvsgCxv-hY%ZtxBdwbyPVVfSgc2Y)rHaOy<1Pm1l3Luoyr5pL~J-^S+xta|p=l zO_S>l`7}VO;hKSmE>$*7tK8)%pL3U^US9xA1ZY{HCTqg}$dG{tyBs^non^8uyv>J8 zMb0JFd34ziNpvCMaDZ zOYMJvXy9rRtsB7S4?wf@{SVdOa`8}3J3$RM%$S5Kuy&CTP!f%gPH!wy`QCw&1+1}i zlnCVmkgyYgyCX(i2E5`bQ>zx6VhlWLl{K@nh9#}d-C^`H~b zOO80z#iitQ%TVkR@6-N@*BsH~?BNY(B-J|$;4}4Y_0&igd?_NdsYe9UlaMiJGyp%> zRX-@k^r~+{<%{+W>?9l2ggCdbHyvfTiw0U20h)h3^V^XF<#VNQKcFvGJ*Ez5v#CO; zCtsf87!=_jAZy{&-C$0%?Iv{_V>Xx<3TlY8DVkGH6x*n2!lECD?igrIhQ2y>ZPi;ewCR{U6x$2g8{Sb)#Nig*<%!}Uu zs=D@-BhL+JdX6nb`Osd|8+fN}58{`8!{YyWLs?Ipr-Dz z_>W7Hf+9n3@O6$bzSuQLQv))gnW9|(#(PnYXYOA6Uz}k7N3Q;f4-0G--y2aN5x|PfBn1v zB%S>fALzl*?+~fdV?gMum-v#vAF}3-0wL`HBCVWC^d(a_G)bjw-=Oos^@3@KB$Y^V z`|%>R?gWP8j}JijbQBD|E6+$SE=#5;Sljd)eLeuC3318=)QaS*&0MLyNZ>KIW}DW6 zDQ0A5VG^D{ndbf4Y&&&AfN5j&BJH!b=W(O>On->n42sc|WYBcYjommhqvax|tirOm zt*UcdxFzb7hV6X~-YD3Il<0pG2ZA&MMtb2lBkkh-JHT8crQ)m2^&4RJ`JKTwxNh*r zO7KsAbfn|zIkp7Bw7@-4`fGIJXN2N#`^V?t8eplZ^Z7t5ZYgnEpo{WpODf_CeMgyZ zUw+{z`O|PWO}!a*48wpR7;%iM`8z8gJ`s)T_hMSp*I9u||6F*g7szZPiciRJY!Sz`Ud^wFxN`{qbwE` z7LeZI_D|12^KjIg4Tmd7Xc{sM;s@fd)AM6g+c8&@wwT#L4)R&C*`FLwID%9igD^ZY z*L$uri0Hk|8p}B|bVUBSU93^}AhHWov7onLWcdUBp3dqa_d}y;)m;$g@Tq@06Z(NU z@k`2m$7jA=!syZK=k^`na(pABZ=C%l>nIL$i$O3aE>R1lO@E8gu^?g0`MEKtKQh z_rZSvejd1~73zK!01ONOVE_Qg0Ad0L00Ke;;6H$X10enh1Hc6W&OcyN0-@h=2mv6* z9U%H0#~QpI9U$eS+`nH5pA-JVpyquJ`2~}pj!^OQ`ICr_6^UPl*KcOO;0A9amXo>2KolL`TFrni%S9u=kyGS zj*Kqw_z9o-3DOO5-y2T?%7|8Ol0RBQpNqgR(7x8w)PxzE8foiY)cR@n(LQzX^YbF4 z0|0NIKz~!6bG(27&3IH^3!F1kWCs&XT%@_zv`Z&A$001o+2&*}{ zIXHu`E(nWyd;1>2ARZv(_!l~^e}Nqw9RHx{;NbcP{F^LbPO#wf?g4&Y4q-oU{wIID zy@Eh}{X9;Czf^Aix~AZj3Dnz|r?37IOa;PgK8}V)Aj|;5Xm?Pe-(W%tw;)|}5C-uH zxtsztkBoE{5SDayIIj=FTp+CN<7IeM-$&_=SKYPsKp1QxgrV+%dY3@>DDPdD04*~R z2I&(%_4hUXy)43~SN%0Le$QL%;15E-;kN{NnjfVf(I0bj(fdVz`?}jDOE4Ye8A1{4 zZea+*G$70p;AwWm56A;V;JTaUQTk6D{~*&N{sq8vB^Mu^b07@z1F^g6uYDx@5x&27 z00{l$4RY7bUGFF_$R{Kt(CyMu9Uswo?d0&2e>M<)>*AyFyG|f>E&-R1c>5`rv&(rc z5C&z3d~)$I|6N|loL}I%qq2_jZu)usd^bRRA_^BTouhO<5atR9Hv2sII%h&;E6q1}N1gYV z|5d6#WB~ru`tNw;lH`QstmNwCLVwRmBTOUv2Zu*G{Y@XgY3(;&9skhlFAn~7`F}of z2b@7Z^?&E}4@}5iNI9e(@*dI&sfSbpypTr7TSzzL-4XnI`Px5g(e;ngOn=s~Cs;G? zf8hL**8xm9D)Xov1V|Q2u1I2jqY~&68VI&qK-1SR%-`MBEs$3O?D<`I^?aPfMR}zp zr6d91XdF4h0e~%*pW_1oOV^)ik?jDWYJ|t*>;Fu<7zzND;JZh$`DdD7Isj0+06+)A zDab$gH+n=z7h-?{patJ3cHjiS4+w$sNC9$yGN2A<0T%!x;1Xa3*nzFi4Q$W;KnMT_ zZUNCiJm`dY2xI_AAP2|?ihwep8mI@}18u-Z;1e(mOoFZF3$O~HfL-8_fPjFMfSQ1j zfSrJc;1q!fffRuPff|7p!9@a70xJT00#^bbf*=Ao!EJ(gf)s)bf-Hgpf>MGSg7*ZS z1pNf#1oH$d1e*j0gb+e1LMB3P!qbEjgbIWjg!+V+2yF>n39k`eC%i+LNce~_oA5PZ z72$irkA%a7bA+peI}iXu31NYpgor^DAes;(h&ALY#2*p?iG!p;vLVHgTCko6A#;#5 z$UYGX5hD>Vkr>#5b&1T0oQSRwMG)O1${@-osv>G38YG%0LJ{GJsfoFWMTnJ%^@uMM zyAp>GM-!(Jza*|CZUx__FT}efBqS^(f+X_b+h|4NL2`rS9!Vxi2}u)4KglA=4k;-q zJE;h%Dyb2v18E>>H0fi~*QAZ41EgO_(PWflJY-U2+GN&bK4g((X=Ja+8psC7mdFmt z>Bvu!E0G(KJClczCz0op*OK>*ly4|IDCa5nsTin)sWhpsPz6yXQsq%KQH@h=QBzZ&rdFr6rVgY|q%NRt zrkfOoVJg4jgFk|G@T}$16>5& z6S^9@QMw&^M*6e#M)cnF_vl~IchWC2kTRTR&|+|AxWkac(9E#N2w~)B)MRvGyv>-) z*vj~YiG)dzNsq~cDW0i_sh0`G%)l(eY{4AL{Dk=(^BfC=Pix*20OBu@u%Kj3K>8z-AOn+sbUTM64R+W|W-yB51Adop`9`!oj;hcJf;M+nC=j#iE} zP9{!ePAASd&N9vkEo@>Tsd6bTszz+xOKSwxF2&jbFZCXIiY^SgB(5ik&d3ls`WoFYG^aLVme`l0&%SX5EeM>Jb>RE$bY zLo8UVP;6eDMf{?8qey&S*)DAoWESL+={$_yuJKW`B4QX1!IMK z3LT2Xisuv&iuH>7N^(kpN@Yqvl*N=im0u|@s|c#NsN||Fs`9BisAj3osqw1Wt36kn zgPw#sK(nC>>ip`?>MzxoG|p&vXuQ_=eope7|GCO@dzwm`;hIh7A?J0@$DQxhV$d?z z%Fvq8=F@i7F4RWp$m-nCY0@Ru)z?kd9o6I3bJ8o&LtT)+5PqRWpGx0MKSO`vqVPrk zi?s%X1{Vxc4WA#)8JzjO$EDOpHyQn0z%oYYI1QH)Aw|nY}XG zy>#wU(xpjrA@d;f4;Hi*S1bxF_AJj^rdZBhmbe^#`J)wwmAlnjYf@_q>zCF$Hd;0h zZN6NQy%K$8#8%KY)V9-(!_Ld@9gG&{04ujAwzsr@Wsh+%a>#brany5s>WFgEbV_$x zbyjzN;Jo6Z>XPEJbXE0g%GG68Ro7J46*s6`n%kPYrhA6_hKH^P(qqrl$TQCq?`7## z;!Wml?_J}=;N$7j;(Nk3)VJSH#4p-!?wZoIhu2X4`u;Bi2m)*a-Uc#(277mqP*7CR ze6U*ZlVEg+MM!xleW*`pcbITkY}nFu?dvaY5Z!RP@d17kehWSyt`VLUK@i~>@d3e) zxP$m|Q|D&>Es9&7w|XKaBU2)`Z(H83y~BOy=AFeTov6ZSnrQ#%(HP|z?st1* zrDGq*;^Lg+y5c3{)8aArobGicoK1L?fKR-d*qbDm^z1&#eV_Xy$N}qdl@zLAI0*~)M#$>o<3_m&dq~s~r)7Ynbna-I5 z&(xn4Be{|B$b;wZ&&RTKvZ}IAXQ$ZfF;-=}Q(`LA4vS-iCmdwe`y_-Kj-@RbAFuCZoxcWKZGv>>kuhd`DmUxy5 zmZg^KSF~3?eY5%YWz}!>a4mYBe*Nipq3;zx)PHoNE~CC|_;27h?`^Sf?Vf(sU# zd7zzO1pthnK>NYww|U-AjGqe^zeC_u=qL2s^)K*mbHSg_aE zf+jk6Ju=lVsRM-4(tn&_%Fz*URa)vNKtSaWnkHyGev2CbNNWKA>yO7DX5#VKTyU;1 z4ggKpew$w&VUy4Sz;pE@Xqe6U=F#=92fhiQCnG^o^Fj#t077~K2t5J51>gaBCk71@ z@c4yHKnNisCLtvwr=SE8D(L`10tkeV2trJJDl4z3tg3!n zQ~RO0rM0cSqqA#ZaAXTw~;ux<$rxE;+08JvqO$DT>+Azn_9d zKxY2b#*t`0CHrTBMgEs0`$Mol<(dS|XTqNcgb=JH2n4JtBJdz4B|bVx$w0FTJji}O zD1IKG8AM45S~$NSc#sGINCV7F0{*8aCnf*&=$~Kl)8IPW0Dc0Xf`E=4dI&uL1+bXx z`++Z>6UGT0pT{~lZUg_-HgJFYMXn41{uB0)`;1%mO^Od260w0sq|51Q{2SbT<1(uT z&jM#`K2~=JB}7~ve)?sMhF~?d)n_y+VqkXjJVpl(_&^VAh%YgJPE}P&C#JgUph<30 z$=-W5cxE8QaB{W89uGu6L<`~pO&*-?3?A5sgQ4AFk%;ZHc;Iuw5*}bH={ykmbnsNU zarHAo0}r%tbRw44VHgS?%&mj>c!2s0$_y6`V&AkxVjPpu?naTw?XyW3!g@Tg$h;4= zTS3XseOYQ%4ehypf*NAv=j&=ml`y2ijyt5SM?{5vQNsnfDwG!G5e_FR^b- zmhj-`*oCG2FI0IX8$rW6W%`BTv{m^fZCeayMaKm;^#o6+cE%6x$gbc4XXp|JI)}^v zwRQ!zO^F9m@xX50S^_hA`g7~bL59kscTh8(T}>RK8Apcr3r-A(v(GvIgMM{}p)u(a z>dV@QSD`P2?g8!kS6%l^)unqO1#LGh zStN*s$(5&hoIcdMYAQWg5mGP|-hKDI>fKr+e@S+n$lXK9>^LFd_&nCZ|JiMz@Wu`I zJZt^%aA6H!Le>-=1#^?3)C;C2mN#h5dXM{9XE*3=q_-Q`m^@soKcUv_Mh>g&$jVEf zzVw+7>1We$X~T{mQQ&d?b+oPN?$?bzfj$xF*69XPsSQ%%b3V^b(7dRf`S^Ja5Ac64 z!x6SwMn2=az`Eku_-yv^fu2@`_n3$EvxmIt`tNGWuXRXX=)~MD@j>~5pKdf?|TY2Z*XwP_r#v?x#sXJV#O|xo!D@-+} zuPFajm1R{%LaybARPOH9^U%+l4_#ErWIY-Vq)aVscqoM`*7m^O?@MVAmLoQdS5i#7z?m0-<1e64WJpaQ+> z07ug5sIV0GQ|1%=vHsmwda4ASz`;y^5cIi!3A4)et{7O)=Wsz*Eh#YY|(?T6h*3 zHiZWmOTQ!qTv=*PB1C)67ss&P+1A#sxnvVx!G$Fv`$(iqe^?chiBQB1T*BKyJq-$7UZF+zV}knl+En+-SVZJ5Z8WZS!_MP0==k zG(>$rfz7_cOKB-?M+wcp5Rsg_+E^{ojFq@jRz2kP5>+wdQaPokB2gM-VcRkPVE!gQ zeWWqs3a0yY)u)u|GLI3A0*mjihr?wLO)*p`@l@2;tp(UEnL-#9I_blJX1>kT%2_ew zqwGsG+>R7c(IJKFQ|#BCGSChqs8o!uEgHqBv2VD{Q3e#cTcig>v6;w}o=JraMqFFJ zkf|3?8!#JA+3mk3{Gplq)`J?(YaSN0DSF>4-1Ek{ha*xV`e2(n+q8#puw~Y)ZuvCo zL0wDs`43334TzO1JMB*pA4^KtYXmh65KtHmBI^+oI9s^D8P52Tl4*m3ULomK%VQ`Ii5&l^8 zyZ<@u+oIq7{9cjIJ-a#D#{#Q@ytsBYxV^D;X(wKTP|Qf{;`2$(#HcGm=Tdsg_u(sm!$-wD%(T(5~<8 zNZz7j^DmBG7po863L8;&m1+;*)8f?GBDTL67f{Fc^^FQ_s*IU4a2eqn@o(w(Dh zLiSB0?^bdceVS^AmHIv@RGy^XbFn=#5E%n2i>R5Krm=baT4w(0NzWRhaz|T3c3n|s z4WNdysi|q*&ihak4|Has8F4kC2t1(6@$^jVA_sp~+YMEX$oxG(rV(`A|s}vd!T$bKz_@OqO;CpBQC$|ZGSa0h_rbQGM zu+xt9FP7dd7zym7!}Zjr)nreJ4JT~5mrwRSo)qv6ptoQLHdVFVJ{#)!kBP5M_hn(2 z7pWQBajb(F*!(z$0o3$fC;hd`p+cr0KXQWPp+c%>I@Z1k7}qR}8mbZx+*8rvZ_iul zD3M63%XM6%XJ$%HyJ`<~d>-vUmRS^r&rSQbAcHz^->^MB!mj5^f5x$0Fu*@d z?Q!c>^b_nUuZpa`NgrbcJn-@wrUxsM_i{Uu)wo0nmDEa09Xi^AJB><<6OWjj*S}NM zD6P#PEs(&MBzBvjiS3ENt%-LmjcRJln2RWhW@N%F+mp75dL`o_**h$4=D}N3(zd>B zt-f{dt}hnR#Yj1vvC8=lV?iSgP_XDq3FcKoGnW^WmE8->v?tH6R_X!B7SmA8RwdVj zdg;8-a&3lqF;n8VH!o%hkWI@A2|&;p`@V}t>kw2x3z7nElI0d5SXtNDF!&;RhA7c~ zKzFQ({T@wt4-D1VN-Z+ax>h=$#QM#I^D(Po z&ilb53rm)2Z?hYCk>=R4*KnCx2G?|r6sGD!_%jZcqTQ(5oLx@#somzE^Pbt<^Pd&F z{%~}iK1UD5vbboM>O9Eir2E7u8RgXAZUJF@%X7`P*{4bLkpj`2px*WneEC4`4MuCh zmo`-2K&d^pk}_PX)z(R#)s$=z90>w_6xdY@7bm?#cHhCMFT)M0o~VzCmhe@*gVBti zvv#elp=frxGj&D8dEqKRl`u_Xw4SDNBOfDIIx=us2AoA*s1m!8JJm+>JbhF8&BuJ_ z7W*iB9?n~BS_=JpDPD%x?b>H_SNKGe?{_uP>71k0G%U#s?4yTkqpeVRb{pxfo`=-e zz2(MzL>&inB+nSc6)+`yDW>dbVwng|3|q0&$_q{1ts8~&_-@!})uGm>A9hnBeCJm~ zIjpW$`vl*vzLx5XBHs%>!~=YTfiz=z%P2flGbK?X`= z$lO%Ws(3zXWNmalStPidmKmLDfbxy1M6!9Rx$Z{9|~%|TrK5se23MeD^j zB}9sjt1S*^kCsJe8!)5);DS9<(vH zO{kw2l}}?E#_ic^rO0+2W})AnsGe;NXNH|^-|+kZS`ccCp?xigGF+h(qS&1!1^Z0* zH89jDc1bS8piqUPZ@j5C@_wB)HL}21Ay{WzJ$m zAyp%NqSB(K3=8ruyzM7NUnl0iAxMgWOQS~*LoskP%zL3RI@s<+X_DdLc}wer1A%~5 z)@wcdYZbA#&n4%c7K-(I-odv2xWjC`AuC|#+1nrF@N+2nB!dIAh~3~$^NVh=9}(~U zQnAmRkSPXt)_otK!bKL4H=z~KHlqpUIYhiST#@Br7RDUa^W|OAlQ7Pg&t{zCW}Hiz zA1(%P1>~F_faLQ7^AQ*EKqO+Nv4X4N?1st=-Eg1~T+w&I#$f?nLZ2|)NiFesSM|*s z&h$`r=g)}`uxW`{;_irP6W9|qC^oCn4H^rr5N|wGi|B=pafm)+sgj!Yn3xyeEDPha zIDh8!aH8HFdr>LI$d;SxC*B__V$`uOeN~)FF!I&EzGGM6f1?f1{8LjG&9nOvTec2$J=Ddp z&b^%vUy~o zAN4jlgv~*st}9V&5-_OS{qB|8uAO||V|+8f9a^TAG%sefz_Yfrfiywi2zWk;E$pZm z`tIY9%JXf&ThK%;ysKPN{dPhNA^F0)_FWlJW`vuF6`XxhA#1SSJMWwe_S3lUE1SHT z3}(g6&q@3}@q+n*$|1rbvz78|<#W(PHOR2*?F&`q8{wH1)k<~+-gJq<&(79so;7Ij z@?UhI&8(Sv%h#Ygl8uUvJru$)U~_OM+$ERg8wiF1$MfWn!kxs!?PIcTFa7nUt{Bo- zeUzjEEy*0c^RnRV7@VLyeFJ)5AdgWYnD{j0?kFD6mJJ;4Ml0jAJ{lc*;(;8FT91K} zHmqLEhsZdg*IiJhdey^V^pgeOgdiw6oCbXvZkML!eBU5s!IPWi#z(i$Zapn5duLMx zY#w~hDYcW25@cSPMb$QXCLPG(0Zc<65+`fNdMJw_Lglp~#+K%LrdtM=?L_($OXZ># zY!&veM?dkaeYbkjl8E(g_3YiJbcO>((I*yBOS?BWByOvik-qnx2ol?dG3h<%hwI+d z$_Y&oXrku2BdihVFW)k$;Yb)Injf5E=^^wmA_ou52StqXYI7p?9B8I1K^tG9OQ+k66Pfd1rs?vX#hxJ;MdKGR?K#E-m=wRNd zjPU+ux#>}x`Mu!G$C)c16$Nn_XJz-7?kYZ5w$F-rxxUWXm^~dKbT~u!aURAldVYAH zp}KGtEtSb+*$%qiaWWV~M4SZ=K?C8+K~Q^~z#FCF!U9juhSof*6he4@2&+J`;YiyK z!R693`!tlqX3S>egJosjRck3WRei%7kGeuV;5!n9dIH6hHw2R22$du@uwp#XFLE(< zu$xF8ufW{VN=iun^7X2iuawGYM@x75G*dQRB2%uYi(b4h<;uh3jW{CYVGn7lV~fbBCj+2Mz<%o+KR<47ohGE^^c8u*oUK zbJYVgIq3U&pi)`Pls~4tCeBX>D{b$&oziHFI+V(UGog04u}>_vZ%DjHKG^sUqhRY; z;4SLS#9G2yiBGQR>w5m^y931!{8|7(FYe+2(2=gQv4jOzAGX(BU{0g$jnyrT(-ECB z3RP7JUou?#oe~v>%Im61oC))}Qj7o^y~3E5JG;;)cz`A}?F6B>h?YTQoYz>1gj@FXEOFROr_1|Qgg9(BkUSX%`0bAT{R*)}a=$+-#8P(iDD-St_bJgWjUZ*9*vQ8G0d%=rp{PYyq`Imn% zhiW#fDfGWU;eq(TWm#o%T_>v5%+~}2{n6}PgnnI`R8KiJ4CHq&qA6d(DA5?%-Dpdi zjVj$98;LXKgsF%F%H0*F$ zuTO!DFz=AyTDxq>ZVdS5YoY|P{$Q!N`?BHh7my@q&$eeAZ&8R?(X>^a+RG_6<{`H( zG_4BQ%ZMgsSux$r4Qw|QVQhg>V2BqQ$u5V|!Uk}|S?-b3-rj2cDiN0}@3pf2;7@k; z&cC*Gw$CiJ$MjVRLOJ&RL_3e~JYu|ivc*OZrFV)|v1$+toi0(s7PLh-mirX4Mz=m6 ze_g~4BgDhM{Js3=Y(^k{bvAJR8OvJ zGudQo(u9wKufmjT&ldd0PHy$=?ns<-v&~HVepSEZ#3bAt`&>43+{Uh|aWF9IzC+HN>N`tgpGEbO zF(!>g;ZI6JC7RU)Q56joqh1z2v@+P9->?WVcDhq=&)0&6;(;ldy}xvZj4v_TsTs$V z)N~*lH?f>-)9Fza_gy{Cd$MiU>7=Mttm9-^z|;P9OR-v9-?C_@|usODy40H3dL#VPit}~ z#D%-sB^y^7M4X0YR_)bN4Ek`lZB+vzI1^@+-)XxD@1;vAP)VLUIgvy9Owuzq&+JAp zQ}A2M4^Uzi{&^@f#uweIVv@Zw(NsCYCrNpzTU=iv<@s(>W!Sr}>fR!IQ{RQd+P8f) za8*>yot+-vmS;R~4#jg86w?;Xp7drIsht;pU)8Y|dz;_ymX2C8kziNGcWT?5)(9nx zB-%3+X=sZnd|BiBIJT3Gai zkVFMIAj0U_VdZx+q`FD%dtZe^7-3lvCsDZMg(8N%=8T=jiHh}erz5{||2To3%%A2I zNy_IP;*gJmL!XEG(2}{Q>1L=_)>I@8oEyx$uR+Y#W&4y)S2?z0)tsa10=8v7Ah8bJ zj`}v+B(}kN=s04_HG$0{OI8^tzjF7y^Y^XTeU&nKlDTc!P1t*71VyOyuEkJEgrrqB zTycTh&@+iwL!?|oAzJ7%5oc=P{U3?vE)kmFb}kP83LRIT6TSX?*s_`TO=>rt?C?jM z@4bj&_TYzoC}cX96PIP3$90y3*UMX>H_Xc-S1-Pe??@RqPr?$te!YCFy|sa|0xdg-KwriKL^u&!4RC1sI;c}uo47Eu)#K8o!!~hmPVPd5=oslW zJA>=2>zu_N5mML(GL6jNSQ=exhFEnPYZC~_ISom4iAu?=+NM(c)Kx|cS7ys%nrx*_ zZB2QoUiWdnPHw#x6re)U70_*T#`46g`3DD*6~zMlO-a zY22d*VQ}Vyaj@G~5`F04{Od+?U)dk@Q_ZhJZ7a}@jfdhsw{`sU zZ|TN}=B9I@EEPN2blNA{L2oZ@D5QxIV~S?ou-MajbD7il_Ql#dJ+bf3ll3Xrm2{O zXIy?xfFphP5vn7YitF57hyh?9fP4Kh5<0GU<=Q>dJBue?pJM4dhgMv`+O#)P)k7Ds z!PDNpJ0dWtK&^=v569*6J3n+VDc#$4uuC_doSYn=Y;|{M&>#{jZD;bJr)P37zhn;v z210HMN7wl6)*1};6ZZ1iXK5RLo%2(b&S(#Fv-@Z!-wa(5x$){*#H9ZhTC8-^7uc$; zs_Tjc(qYiM=(I#<<#~uX}GxIx~6z2i5_f`KOr~*=ZL)#CSu?( z`a^teK11i!<9o&zlM5XEFA#Tr-ZGSxalakAvG)N= zo!9l$b7Ig#3C+Ro9&gVjgKKa4_zeVq2!;uG4=D3IPL#fN6L@jvWd>1F?<`vIW_t^A zf{ONlT@10EXZD&0Er^J(mzeKkhFhXwcY{2|q;21AD8<{VZ3aeu{qpcTze}{d{XkhG zRX#bJG znwPVWtdLCbODOp@fq;+DdRAJ)x(Ylxp z+_id_+l|h?akES^jT6uoSb1;BVk^2}K0)3f?K^cSbi!Kjj{0QUT&D=rw0tTb`zcCZ z&dUzvyU14GamzVqTc$1isDV(nh7=NA?!i`UjZf*u0Ve!5oowlDz?u7JO`3QuZBgZO zz8{hz)8tursOpuyvy0}<0;DQZr~0bD#|mbCe)z!uT-pS=070rw#g!^bkL#^WCYK)^ zt$H7y$2$0byAAw(e)I1{T9{}tKi2td_Yho&j!rr}h4H{XY2f|#X_>VF7}_CwerVN{ zLjFBE>xDj(lXz!<0)aV1j*Sc6WI2i~>s#0V>FFDIjx_(x(`Pa9GCe@($kSKRLl%DI z=?guRSu-)l_m*~2dRMj*``nvvBQNqxywOHgCRsc~X4*kft^b?useS+U)Gzvxib9~{ zbi{~2sbuYO4q8VS9S%BLnT9X~Vb9Nrsq6nsH} zHpO4TPZr`jXNf>R#E+QT3ZrG>iEMrI@>74IxZbS`PUoU&1W%u|!(C$kl(itfvc>zVc3XkT+b z-tM`?mN-KO;q#&)-NQg=-Ah4{sMn@^qyOZ|K%c z3YeauWr|OMn+ zim^lA6_bG`AUVF*!{!x==j!YF#o+QzIpL*6PjzEYwbtLm*?r+mckeUS1k_)@2!6lr zw0>|DmhzubVoA@t3m*(b%-#)rVY{LH*q#>*+mhpJ)D!uPOpKsTHyn<+Cwl*h{(9;3 zI?uN}lPIUTyP^aBg-`H8sZEj5qbjU)H9HnbRX^NlBy5Tfm)Wt{=OA4pE4%g*2yV&o? zVeMYl3fy%{))b*)cDS$ewxnzG-asft?`z+yPi-?Zk*@vI;`gx1vLE>qvJ1LK4P=9Y zf~JEkyfAIpClyKKgLde7nk>ySiRh=}BBSH2Q(a*6(;-B60bG;j@e? z>{xzDO+-F8t z{-#-S=MquU-raWI(UIYU>X>n_W&6Cl`9Y^KKIC<&0u>oG*WKcnS7nis>athk0CfAp z?41S~jLt}7K$Z%J>JxfbFJCbN)q7Z`h{Jmny^!bG>LN1p~U}Y-xLZ|CTT5Z}%XbLflBvcm(t- zxMbfV(uG+1V$=Y|+*+EY^s3i+fo8lg05|vXuHZZqSY%9SatK4P9e;FrtrSEp*=PMO>psMlUY~jly zVT|w4Be;;r0&GHhKCwpdE>C;ysfzTf>TBBRofPRQ>?e)mzUZ8y0HjE}GW!5M zuCk2Xu*>2mhAn*?%E*UIAp*Bx`4NPuGPKD116b6EhREgSDm~UHciZ?5?XdU33Vj}{ z%f+I0a^?dTWoqqFp;FQMXNJuJo<1z`wDR?|#W`p(S<>&i{-bpVCKIb;W9--%{r`nA z{+}@Jjuz$!{&N1aMY@0MW%-ANn%hi@7-$dJa4x6Z2>XdU9|C>^@o%`s;@#|B2=9zZZIZ z|F0|JSSSDc>*RmQ%ktkS6hDj|Ly)1bYm4tb7A*N8fCm-|kf>-dKsg+`DT>6{1~$JC zgH2Vd7b|XG; z&NuFFL-%%#aNaFgI`Kg3sFBu*k?=A9;&yQ1n#>oB`ds>i2WH2i=vwGJ zHEI@fz;k#A&bnA_Rhe#B?KyPSakXPkHh?QtNN_@ia0Ufg#shccn-N>!2YSgz_p5o? zNuFwJik438YxNS`U8EEUY0JiWYNPMS?opTL`G>+IyZzQmn@0Xj{9~JV0Ig|un71W^ z_`rdjhCVJao)DTi6Ygl+zP9-9JQX@e6Uw`cU#b4V^u zE>5jfeEzuDpH*nzj@nqz9>UBKP zJf2n`I}!f1ALrOkKDLvO?c`%S`PfeW-_K6&CcSOE3w?|SIQq*_;ZOZzGNjb|HsrTu zXT6!;=C1ba(7K*z$B+C6E0&UhJm?+knb+K;I8}@4S1;bCz1L#8bnhs@>i9g?!Eqb- zkJ|u#^j8!cxJ3aiJGyV9`2&nt=7w^nhjNjb)yP%3j1y5W+gyi&^ovQ;shqM4TxOP{ zh-j=H+B5~RL%ot1-9l#Mzzs|>@~8mK@`{Z8we`Tk1y#d|kyGy6#rN_$-JR|+R?%rX zaR#*NAIh&J!)?*Yi$)V6Eh4*l-lkj4YBW|PrXRHiAGK_qCs#gId%y9~^?Q<}p2;vB zxZg8Q#BDX@lrR=qHO^sU={Lr9`c}-Af^}yBn$I^Ci_B9^Buh*_Ja{D@TmE%g%4m|O z*;*_n0WQDbOO0{*RN`&_&PKUN9!LMq@Y{g76@8I4bV{I1Tcc%;xK}Q<^~R6)Nr@*I z(4#psSC&hs-LLm1NLGx>h+U8-$$2sDuTqnvY93eB&Lv6Y*VR>vgnZ|%K}*kBRwth_ zN6kEB7kYm)bluUyR42$@gIj}5cB^`wGfxW@v!D}+2izNJ@++?uOoTeMiGZ=K6Q^@O z2xQokQJ>1qqH-=*jtAOb zjqF^iW*7roadH%si8@zNyvJTuLBQ_%lda8tp=*&kcB;a&<2#50GB6O3=%pKClkzr> z6c1!^j1+xdn~>Ia{o`TI+Cd|h2(d|Mk;znZv-?o31P^HNU~WDLM_Ph0b4fV$3xnB- z_R?y7g?QkT4j$k=#p5~*#v=0Lf%^;<%Q=sz`pUn7UuV;U+p&@B{6V)!N$4v?`WJDN z-EbH#61q3Rmr@=QAt#c1s7Q@Zy%bBD66Dl2x<2u`u5q6n{HAQu7fWPzk@(-{ zC|!~r`6nAme{x_QXwpscZ;KZ|@c0)SLVr+wn5V_nboEbR|01V*zs_+f#~S;+sUNqo zpZ&t|`*PgF9QT%g40C@SK99$j;}Q9%k#lTa{O@Ux2~#51^)Fk8$r76D_VOBjriFpl z<~vWEMmeGhv3=4&xejRjcbc&2KQLzhM@(jt{mL66mNkdL*hl;D2kf1Y61B=;JcA9{(ei^?y6RIWFZtJ0m>S*s;d`pY}TZf2fW9!{Oj)1F*0?!(}fj zg07P|Dmq(dHTZ!Ssa@t+<`%bkTM-?D6&wj2vto487Nk z!I{bYz-i^+I3;$$F9Ncf@xYmk5O4#y(QYQoRp=Ny3=08+@qwg$o(zQdRp>T76hi^~ z8V&{b!A?Ka16@kgG8mul2L5@Xk67^A>}5Z22binihA;FG!{~q5n z4?QFL(=4w|O`#Jh(VxB)eV3V(O=!4FEe-y83}l1+3W8gOPDRt#cbD6+OT)8ZJbJ3ss6x`M^K&cT)8a5vVSh`(Y0oVP zj=X6d{BDLs%5WB)a$lJ+ViMU$*l4thIwACN#XjJ|TMr%zk6D?_21}^N{8Z3IJ6nBv zn}v|Z&dLK~CKEe?b?{gH-#m}D@pOay`A5va4++&|v3EYR@DL*ANo%^kJ)_#7smu0o zTip8?#JyII1UJNI^m-hIQMP=82|>FQfSZE5G{ofCTED-M_boW%wd6Olfy;KX1-{!i zD%Gu?`;FTZe5Mg;Rugculg1*|ggu}<4cu;fYJ8}e*qj7-(EPfpMqQ-mwJKHXUU8yC zreq}=n{=mW3D$ln4NeYo23?c~Zt_XnauA&N^;N1@`766~HVI{uidH#Z8__1u#*1v+ zw^}~DBeQt9JT$%>Y8eT2QPtP&w~|fbK_fNa)z!YOe`17+&Ykc{@EWW^h)Y2(=Bh%olery{U3f)9<|S)H`mR(tzLfo-kKPQ)kK32F~RZ zGT5vJVQ@!u(iZO%i_HymsM@XuBGk_2!lt_`r}MC{Q!jt8vC5+kYhJ$@1^QLfLPW!M%l_Q~kCsT1cva2a?Q-z7_bKdIRpN!hiIAq2e?xPQwq; z1p4&(t%p1Brsw)oA?wnZD2t4L3DEh{}5Sx~t5 zME#>zFR375Wnt>#ipEgkIS-NGg@MC0SAE&{mr|mX`n|VJ4REeUl6}oQT1EN!O|ex7 zVw0g1+zDXzfUM}k$2zcQewc)<0{dyLOCcm4ATlqw2a?ik9Q^G311q>*;h4KF9tbKa zcB~>@c6R9jd`&LNOq*RC5wkedt&2PuM_U!Wu*!jIpVPp6!~V-pwJic`+fqqhkR++D z*N5y04QP67X7>q;>p9=c>;^~$sHiylk9R@;Z|s6j_&<@iY^P+Oqz4ZWfK4FE!@{l- zT;v*WoP!?Fy-HkWF972PZkkxlPI4ISB6kHRy&Egwjmm4!Ji>E6t~7q^#WtW@_47TH zB2wK?XT7@8?CQxvl{%$cdj2slb#IGMC$InYjAA`o5g#L|@(^*8OKY;+Q1gl;aC*pbx_Z#j#e!b1s!~~4==D1E@<0$m`A~RwVsCAL?dqXQfy6_;9i1`55$^Y2 zv$QG$Z9H~m+_K{|rGonQiTgl<>`2x?b8ze2O-dvVlst=KIY0eF+}*#r5Ip}c_TD?L zscu~tMFl|-kS;|c(z_r{DN&IwBE5rB1*CTfM3LSiNRh4-5ot=58tENGdZ-B?(i2Ju zq@2Im>RxxbgX07PQ^Pz;`Op z7M%!+qvJ>!8I1VnXLgsJW0@BU=G~KxFy7b-hV6T!Oa2RmDI$dc{Ocv=fPcFGMt{Jk zzPhbnWM#AY*YhXWoru%l7sSGvl=A9l^K7s`tcH*~D}Kba^(pK|!^7r6Kzgi#$iomz z6fG)mO_u_z3~XpzS^4iOzrk27RJ6^q8ORB_e3m`DNUYyQ1f6fI9zUYKYTmPCFfM+* zxu!XmKRnP<(Yt5GyGbgA&6G3z_O!U1X!r8kVBGtaaihWpr0c zTpx*3TR$uT*d4L`kDP3&T>ymg0T9y-en@YgmI0t(ZV?dP4e+AIO?(Wwc2TfAm&f`W z;V#oOJ8hwJsj7#_T@l2?*X2Hf6oqzdk1NlRm#*3yzNq+zp!(Z8b6Qa4&n!P;UfKs2 zmipF=L3 zRua!RIyznx{=mkYbLI}?m|^XX_QNUBf{DZU4-)0O=YLj;6`9#4`y`aT6Yk{UWN-d& ztN4FQ_5Xi0&OGSCbqoD4IV{V#3`HY6fK{n;tCV;W=g9L(-Ls3t{5`aQj%UZ(Hb_Bn z^rq)*4ckKVd&!Yt+e*U{rkvL%Gcgkh*_zwhs(RyfN^+*PIx2vW#!fwm$U~^6^CL9m zeSx+$*ACjtCdH(;2Xth7fg)$zzrE;x$1}!$NuP^0Q!KmRThA@D=0tHsh8w26OSNZu zC8TiWvNtV_49n!VY|WXmf;gc|e+(n(p9Zh8f(hq-k=V zW;8oBC$D7cS{ld|MeRJ^sK4mj%5&{2Gqn{OanG?rXcBU_N&b#L@APjN@s?-1{;2TV zZ@MU0+3?kx8On*9yN7-jaDBM0_1@xFOQr*Io2Q=HScd?&5wGNYJrn&R=k|&0F_*rQ zhXyGT0l}PU%%@kO_=`{3t+t%A^1E}nzGM7%8}g>)i#fiEq`H3VycRCM%8r31f~o^x zVRS!Vc6aQKcPU?;k2}UHq`f_$q8h(Hi%1%-GrKx1PhKia7afU$)X?ioml{o3SZUgf z)h2JD+7?c?NJMLagw2G9JDvQ zw#Ij5cf>#LXzw?2T*ry6%o6ClO8Lue>%-UF^%=>Y++L@kR;IcJYw?*zv_w^R+6tkB z)LK~s`>nt{T8F}VrNS~sMY;JO0I1U#12n}wbLt0_@CBfn8HSRy49ADsd@wozs=fZx z5aFQLW?!KKDA)drY=a)`4RqII()+z<58nfK0f{|q|5sw@U&^>p{!9DG-#WX6vKJ`E zw|#<NqJxX#`%YEGKrO2YHQyn+`ta#$b5JgbSj^qJ_4A_OyZU3G28j^R>zC=wKjLK` z{{&+;>spP(y6OReUGxOFRLVcF<*w${zTgvzcHlICW=wQ79>-;7DcchPoVYr#2vm~t z93{#lCaVy;0|$?Yxh*yxc9$|3VzwQG*wfu!Em`#QJobrD747{*K4~)tBI$H?FCAY3 zDzYV3gvwcCK}_fwOL1NqrKL)ZMZT3@y47CU4|Qd` zWY=Bt^)v?O?+4o6!)b+0vd9IsX=HC_2fPWuz=7KNkUA{0FKW|p(D}oo5@EM~g~p!X zZcXo5Rg0D5*VFc6qfrr(N1R)R23lff_w>H&C@l0ZA&<=uY80W%tgt%W*d;2+t(8!B z=_C?~EoFW1ihBA~kQm~QJoS$&4Lh9T+q4uR6p(&AC$#@dpgIW!J@sm;dcV~-B6KfZ zxmDO@%pgU(U(Rk~;N!sii;0@e4ObdAzu%&x2s{SnoL)M8T9Ngm%11NaQTP4(Z05J@ zz*4v6O;qOH^2Klry%25>NittGa>298C}d?VQ6Zo`7Zv(5IozAk6yey0SlXSs@IveNyH!Yw@Ab zQROrc5LPI-S`TR!NU0!YY z>q=P^r9?TVn9&Wy#IVgDD;O@HeMrXZceJ11=@GRkh&hfE1I$gg2Kr6O#6?c@ibKVr zw*R&A6rpo|bDo+!f}R?em~Bt18$ZtkOS2bW@X>+jK;*WY=gMYVYfVCywwL2PwZjIK6p ztE6cR9Gm*-7n#G7WsBM(;s$u~US&c%XNyA+edIZpb+JbXta`19>&d-^+SZDdb7b^vZX;J~V!i z$-PL2qYOe1qH4qVab6$9^Ox~kPC6#{vz&{?WP9mb6kc8u*?w%*ATe?VF{cKU_Mn3` zfjf7C=i0MmVNevDaY22ZMncohqw7XEj`lL*wAfm}w``?nosxdI@;~Ocs^(#xDXvd= zPMwqIYGaPeT^VJ77)`f`pw&CFM4O@_N}bELPCv~hcA-SO^zVJ#yhGlm^}6;DmQ@zgvz5~AZkhp>4#VUo$+H>iexl;f_iBD{Lp#FIP;Y)ve! zUEt|P9KVp>qjqVUYAjk1tEeb`evo%?aYyuxA-^=taU)9LNuz0RS>~^ zM!&04$Hw{h8?QNE9Q0srNDI{GUySK~S*C2t*tbq*Hx_mtF$dqF#w1}14HQj`lX)W` z11ZwQ6CgFgA|izxRRtu{KiIksv!w+*H&zP0d5U9uzDg>FPH{_jAj)s|%c>(Ub|})k zRk%rkC_lpySGwX0LnKl8?I`N$*9UrpJ7SXuuwX z3JItilu2uz9gVuEqIEC2{qYT-@X$^3xVot|7f2$ex%<@S`7bgT8}h(1Q_Z#dYBX_r zx1vyLRJyw2P*0WplEZ59BrETwJPkIPpTW92s%HZm9-@0;5RM9*l1%CS+o6j^k#@;5 zkv5WMJc3eRCH3(aI6g_K-&&b-wWyi{AzQo)v>AQ|NWHzryucK&o1irL{Bg)-8eROe zk0qT-7kBP3s-P@XIA89GKW-GDoPTjbr`4>w-(49#Z5#>%N(M^)R#|8Mdi}4N1GC_1 z!b`_rWWW~rd9O}H!W=M*pDm$5L@Fb7-%Aq(al&_SVLwQNTEqs4BPFfC9XByWhH+iR zAqM%C#I(#z*cro1DXwq)rlHS9*&m0NJOI$-U?p5yYAZwU)R!A-`VE`h_E3EV+(`|K zU#i>03A%W1_}|2ZA>6byuEg5cM8+#>+%T+Z8}gtqOzgV)7W4qeh|0BDh9)@>GfCIA zo5mKkVN{!yvb}yDH)~GF4{3)io+|M!aA`=cAI7~(ROFR3HG$kK=8#xRYDn3W=(ozJ zxS;i(KM-=Sj#A$QIxHr}iU4PStHa;5++shDhcM&C2nzWmdc2s+%=~7`Y*ogp^JPk- zNZDm_kxQADiCx!U*TpCml7Jr8WE`EnDps_<`GW`}33 z7Z{YZ3~%_kpoCXa{8Qq7ASA2ns_OPajub&y2Mk?Yiv((ql{Bg>(-x|~(s5oP_xirR zxu$e~{f@CfwP-Rkn?gV;rAvh|F#+gnJdH9TCYiwdjGfwB?}50&rj{5;*PeQdjl{p- z@Oqn+Hsy!PMu@Np`DYtosFD*{7(m(I69Mmuq~P_792}WpL#vHF>V#+ByJ_U z^#ql>!e*owimEjyfp~TR#ob1QzbRn(n`r^uOLRmk6IILIMu3F^Udy1<%aw7l5Wx?T zK20D(`0_8Z7r-7=YZ6}nBVeV+nQBZ`Wr3dw*+*l&F(F;uS1NOgUcRh5qIP(4ckv!y?&p0DT}-TJ}yZZUe?ee(Nu?2d!nZ5muJB%Z>uQ5#9}W6~usrX3w5>^Q@VV zOo3u%zd_{&KFG&f628lF>{<})T3oreTT z8}DU^?`xGinO%LUn4saPH=xgX8t4WD;b44{uXYF z#At)lfT939q@xcHnt}hYA$8y>vw_c_@&a;emYgz3lc3MNgzV@D=&ryovJ#GuH=Xz* zs~&plrIhN_x4y6FDQw2Vve707V^OBByT(c{G_YPM%IA;OqSke+z%>WC0G5If8ou%{ zA9K!d62e!$@fv5>-6WbIA+0@4Cy|_=5@;zLTk!a<=9t}g|NMbl+^@M~Oq*}(h!u7k(9v!A}ZrweHBNUVjqehdw+n0DG( zQU1*I@zK;=Z_|D#`^MNdzRIhL1(%D->-=h7{~Afd_#nHBBtEsK=TumWn-XNIl{Gkbo3&$WBwqlotV4|pHUpi_c$P}&q^MI0(96M zILNvi9k9F&rL$|n$i-ICwyq=w#`@(tT5B`DT)q2Bu{jV;Mn*G3{`~C6W1zCRI(e>T zFnqro96z$P9aI(XFj)!SxnPSZ35TLy+t8)uBlb6%f98J~Q)OPx>;E&+_GgrAFiU2# z4kIu|lQc_U@a-^wCppae4p%8V=p|j~1X^>A_by?!1komk0h*-bpWkYeoKDNv`F6Nfac_rSMWNG;QDgI?#-*W;cgXi2 ziY)6!Eh-Q{DT@ahFLl|RhX^c#qq(Rj?6cgYU95dGq}29hPtp|}B-fUFAm8}0gWgoO zs$w&sCj>s+$}%`1pJo~r9l6W8;Q)1PVNG4jV(syAiVeqt0K~EKoCEjIT|f|M`e6M?iiV{!1=s;$|Z!(Yj$AC zEl{~0m~HrK@O&j6yPG)U;rLkF{`J>#q6MlXQdugj(^?AC@Ur&ZJ2P!$t|LN6%vi=k zAwDqIJ`wWv^7}CRYeIrw)AY4qR>b5!aE*Frj?XVL1`+6%<_3qUQ}b4`OU=)w2=+^u zITvs9p>%_x=EAtOS24NMl)_cvYP9Mugv2RjR>(s%XeSzN(FJBzbceX2=;*DMc75wv z>gykwbw|XJ>oW;S)m;7Db93YZA8cDD3`!aU#BTt+riuu0wK)|ReiS_OfJj!APP!E~ zX-$u#Ua_J3-ALVth{A;r?C&bXU*q))@$(QSkKWT1>w0Hp6&fxy^(mh=7ay}zO{-)V* zXo+^Y`Dgqy&&uVv7e-Si?M9E-0+8D0ud(^=&875A_cVc`+IS#x7@HTqqYR_W^%-Sb z#w0_1&0A*_C%Et1@wy}SnaEkrc&jVmJYbZQWdUzHc(Gd2ZhZ; zx%Nj^=Ds%*?hk=_&YWSM~15P6J5rz`041F^#$ z8&e=8WMDCU;2l%Mi zBl=lLD6tsAhgY1(Y2eyMg31;3LS)Jo?|9eiedUq3`PMjyjKN+wA;%=nlC;R8%r)s- zO1ch_#6VvXL@I_}&2F96eM(a7ld2Fk?WkOO6PY~cXex9TX!LZ*YCe^Szj7D#X6RsH z>F2#8@$=^QHr{(Ml+kKKuke&!Z_5Sr@{75<;O*R%TaKy$4X-s)uB&O?ny7e`{L{ag z?w$06aqJ7Arz85&Qrx06I=@rn5JctNv`|rpH?syYZ)DI=RMZ3wQPgPD)3g~qQsW>8 z66B^xyn*>B-R(Mz?jsC1ybek+?1a4PNQIp2ld>uu=d+V~OqU_RrnJ=ub-Q4njb#~g zOp9-M73iD^)9;b*7ua;&vPrrRnk__~;e5I5254`c?_p}Rp(G$n^v4+9HFH*lv4Dpe4y<47080u@#xp3L=p{-xNHjXTdtAz zJQ;NjaQ0?)7ZWeMIL!1yTj<2h%#?x6l#BMxfz3=@$EYqby@fp8OZ1+r&@M0HhP9dd zdndb1O>oB5vVQ234~4ZDlimv1+57(W@XK`+QGCeD7aT3m%&k2FpV2Z7ICsbnwAlUn zM*{zU^xq=g(5LXrf!Q5!3PrQ3K&2v>QC*Dz(`RUTlw7)WmJ!dpIF;xPM{RT$qQ20X6Vbgool>`IGA`(x9O3T?l}0xtO{SgdzL@Jx7!DLz9nF#tQCwZ z=>UT^<5AR0y~pMf#2LMPx*m=CQj^!? z;|hJ^e|FyD!FkViO$yV{sjHrM$-*hq!@610rp4JV)Pit2cM3w2b5b_bM3k)t9I>&9H~ zVq&iUi>#niz}M_-f9nf!U$R&CUWdEZp+UV%G!Qkkbt}q-c4i^bqSJF;_8k&m@oA}B zk!t9=NQxx)y$`*(7v$&3>24FFcMeV4&N$aN$6smAJ0;dJJa?C)zA5a%lM_R3I{M7N z(x>zDtVP)TB2RQ@`~3he7BiWMcn;-n=JVmpUM(=el%PS7br6Ovj1qymk-Aa)^ZiLB zao6~D)2xthUB&w!hmv1Lom3ca$9}93w~z?Plr2B@-wHjNIb}s20~R734ycD~OE8X- z`!xQ2aX;jZqk~fe%LCM%F0W$)Pwe&2Byx!Fn6g43^wHE|_J!Jh>ABJBVK>Ei9%Ql= z@4$1}dQ&<-8MJH_iW(jX7>Vt8#TiIO1Btt~;hWgOfu?Ikax0Tl$*kSoUXCIHJ|5o; zo|WreyfIdO)$NcN^3{LZ+%9x7)aD^!FqP91R7s) z3UsYb%c(s$9WY!o!hbd{B}oK@c>$g1lCc>b(0D9}WgT<#=c(`16c^Vd@Atx%6jk5W zl$ds8y7#SuttiBK6{da`VsVyL9jr7WGIx3d^&R6XOqRJg%gUu6fZ`Vy<;n!aIaqS6lEv6@$h!`Y(T7|=~{ur}QqF3UXQ{M*!i3O2` z<;Ec4vm=33d1c|9lf!K#(f%*9;-CsP>y10(-P6VCp)PGTdfu*UA&`3c81S>FeiF5= zS(Ke{CYLb!+5pC_Z*#BNd)c_xsF+HP+6AP}7Vc3f0v?K)WAkyDTm#g4Ozp{(jxxSG zgZ0zHSyk7dEHnC%ZDtB8#g(gD8}NunPhSy)(W$r3_7Zc6@wQK9&a;^_^X7OpzDXet zGUoZ%@R0h0^P^fM-b3uC++-!94|Dx@Hzjz_hIh<5`pw)7S1ex1v2Crwnk|1${Zwmd z?rG5gg;rpLea8n?27vabNfOis^hTO80@cRH!4`g7Rhjdnc+1}M%>bb54mIH%3dFwA zWDjHRDY2usupQf9)VsjHOC`+VdgB�^C#)qT4KT)?)zHVVwtMQ8O zbp9l{tmn>r#o;56WJxxIRKNJ3 zSB>cMYORXsh5jpizsNq{nJ54=y7{?&sd7hQ9u%NLyy`EMoOGr1yd`6vvGr%0;>C;!3S^mHk)rv__Lv#l&+w%1##774TdHQ_M(( zTL7}v=FYTVyzAa&8^tVQ*RV`|9!1MDu_9-wucbCkRBW%j`l|wQX?XPw<%<{>f)ctU z`UuPs`0fegyz}Y3J(kZocB7u0g_j4sK1J$N)2EG|!P8z2W5>OvUA!?-^NTD@%(b)a zLP>8X!3U!SJcG&ThPmvnY01rAYrJO5CH^-(to@v-xj4!%%4yRHU!RElkpEZ{u2Byf%N%xS!ZRE5lTT^6Kysc^o4?==_cg~^0K7R<*+S8g)ltd+p zDbD4Bj9`QL11rbLd2)jDjRU2toR7mj2?2NwGh9GVh7Fw}Bht#L2SLhoZsy=%0R{=j)pCQI`^W zx|WbJ$D70O^-}O;K0SmV2VdTcQ|85`q3JBgc1L5lgk*B5jYkv@$t&4zt)@E+cB!GH zRD*tzJsOx2!jIKNe*Xda7*O+2(|T&stw|>rZaHKPLI&v9K+3Yyr<>xxACD0b>J1QX z-1IwwMYLgURL8-+Y3W;C?0K*cAGFK-J(^}VAH7o3(7$r|&T_s})f?sWkSEQUl6Z*r zGL$pWoQ^thOU<-oqOd`5BjAFe(d$6Iq;Gv>qAPYnCbzzxhP6TEI)$&4-c?C^`W-Gc zX}xizTavu9_6Ft_ZQ%VQxC}9;TvliW8Orq`-33gOui!&&D`uajbwW5mI6Q~`yw@ar z;D9b11H8A)nfJYcI2jp2=ky^);80>#`IoR!_ zp+hctlO$aYxL@Kb2}(@+l8w{;x*boVRx{Vh(7<3daMX?ERhq6P&;vK!R!QUp)FnHVd?@){X|a;_b)d z@WWt}FelQw2|?@4a^>jzr1F|zInx7jsY}5(Vv8A6il{H5%ee%?IT%JEJ-285L8CYpS0 z5>G3zb~g8{emt#b$&q2UgUW1A7H2*)_^M=Z+3wo$D6#ekL?4Jpf+E}a0|iVP^V?Ym z8C}>RA@@XUINPP?&e-Zd=)B&Xrg@LTsyi{vj~&;dMtA0UmCn7K6ES7ir8NGu@s>h3}iUU8PV`h=etJ z&%Tw_1DgbI9w^?uoUX0AT_vvlIc9E1GNuBcBg+y zt*CA=Djg2%pR%EAp~Gb9o(%-zTwC%{6zQLRoQsz%2Euw>+>mLGwB(p*TITxCvHMht zdU!imAa$Vx1CFf?z1i7RWJAx>T8B5T;w^ucYb-xVq2fC@WMLSF3wfxTgrA-6rCbuaFK8WX2;JjvPLX@L^7xR@7rP0@6Q{a715)emS^#y#G#eQ^S zM$>5YiFtWZ(T0$8(N35{;Ln}GwVL3(P{;%4)$w92NiQQy122;XahON^Xvovhd<^UI z=r#=Pqw$U4w9+bdv;zNZT5)KhP?pKp*4Uv~lQ>P)Ie6&|aodY#hC4IWYA0^6Hy74$761Ndkh|LVU)Uonk zWRLeiftg_(Kh0%piWXhyunIKKM!jDRdajCw+2s1jvdtvs`F*iOd%dC?$%@`aR+)x< z^9NSPvGu;|+&gUO{r5)OZ0sK3!M?$m1I3wjN|?bJVzFAwMsJ>^X9mWJ&0O1A%%UMIIzRC=(p)m9 z(Sc8fAU_}%zwj&#@26zZZ7#5V7hTw0h=j%~DpUf&n91QBM6;4F^c~*|>Q5BQ-rS7z z9A3MlMmKN))dDs{gI=_O!p7S!esAN%#m#jEUma;ISWppb9WrryHXIy>-S5AE7%2`o z_uRjF{gvkNRb6a6&;Xm-D3lJHgtJ9hHO0xAxp*DK+^mIe?=!dCMkaL~J=qaXS8a0~m=;n}wnD4sPX(}P@mNQ6 zewPzQq9=jgIja>y8?><%(^&Y)G0S`eWz zk^+I&HAb4FUw?78Cx|yy?P`|N@{qM*%B|Gi>lqHb;YDZC+lkFr=T_DRKJ)UYJ!WG3 z=4ST-m*V<;TN8}drMbhH+w}3p4v?iFUnbg?_>7D0OniyC&d8(q_^>_E^Z^ACU&l9y z+Rvut?(Dt=sdl&cGg<>%_u5)vBTa$@@CRV<@Ay#gL-=wIcuV;j;Nf5e)NjJx$SAjIDI575@l-dy|Se2~&=HFr{gy^))RqlX(egDrDMEjE? z$<_E_G~jvq0$zrm(pR`3po}-whw|&efMX*bzRUL8v0;Ad{;5R=nM>JYPO~1RsO!Y_ zu6UFFB!Fe#UgQIJw6KcMr8CClm+xE)7x@ZBCINj%Pnn?mC4fb~ZxlS?`a~ci2}CcX z+M^$=szn$ODKB*OKG_ZObGCgKmljN)kXp!Gp5r#Kda7mumrL)x0k8HAmqhZcB;F?| zu*0x0!u2JGc(wxwk`8g~ad~guaTKz9QnoF8@|tvI1q<7)~jxVoT^iRqSjH106y4H>pGC>Qw!=D;KL82O~OAp3_+A$5p?`ba}C} zt~3lk(__GPuoF2tz#}yezkGs~<$a^nVu9oOQQb4qX_v%qGX(btg$}e^11R940#c5^ zzl8n_MX~{@YZ1}I2c&5L`sSRp8Se=Uk19J3;~PhUs*DRh6~>flkp^_E%w`c=HT$w< z_j0vEG)mlzCb#iG?5b&2O{o%NcW7v*f}8IjahI0?=kEV=P69>xu|6JFD=yw z#43uEFS!8zhM*v%!c{dD(I$&_Y_`3>V(Li;Qk}Yy?fI1@8=EmBwlCZKua$jp&UhsR zPOjUVa2FE=4_cvPYI=i&w-~U`6$+`*_t?K$EfqM#+Dsyx>$KvIFM*kJg$q94$Z zJl0yc5fjzwz?Rh2PZhp6%^h{m{aM<4_nnI$P3ynUaOd5?ok87d@%sR|hqGEy$fw$5 zA9y=aK^hTv+r3Km2(SHtk`tNMW~(8RBC@e5h)rqjOalqwc(6__=&G(AIn?`#6_M5u z!-goYQ0$;b)~0ho%H@86oCg}oP0u53cF|uivyMZk(IuqIRUjaO2ZYFf2CPq0AU|GW zmQYoFqU^-w^oHaZaD;f%8@32nr7g-^E`VLfwW6W-aSerY<_q)M#hVEGf)(vawGd0pSegT~wJ2Z$@FxAFub;Ad@!)NI%P+E9;;hizA2e?c z4q#$64ONODjy6VU#|pY4KMGn0tyb!5{NZfV8A3_$r4Sf%11Wx!%G#89?;EQZ!Pg+r|O4 z*4W{72XHk~A880Lr~3vZH+m4-wwHnXPVm496%bs|^Xyg&;~Tf@b8iF1>uM!WUYiY2 zEj;Iv8d$zmd2|w9?_JRPK5j3`DK636Z$&}tf?%t(w!`{C>uHYnAbP*#wiK*ccFufr zX>EV*-3pf|PNtZkjdOKgmWY#!wrHsXLeIQBsH$@;doISujQf5}G9+xJtML-vUZxx| zU)m1Aoa<`3Z+#g9>TV|LcKTOeaH|ln#YlhXyP~Gp+bFPV+!Ji~{H-tkd)!8c6K-3o zj&0U@YazZS)M$L|#B{xD^^2lPtLXw_uFh|EcI%+=fNuNqGKdu-j@AK!A6l&5S~#c7 zY%*%nmbfbFzpvmd_qs{ppKNtD@~o=O!Zw-x4Nlrjyf8!qJyKY{5GaD$S$yeM;lj9i z)52oo;s9@E>{{Y-zh30Xd9QCKbE!sc*Shh+bx8Y7SH6Lw+?L|uEuv{!3NkeDwp8<@ z*@gFQUZ0Ur>M%Bf7W!dLz=yzTlY}{o9!Wl|c}}jsGwO=Oi23rT!Z0 zg$eE{j$!wCd?`o#-80QoGO5tAjjVScoz2}FODun$c9)yf%Oy+8u^hY&Tuba>GkbWK z+{Do)*7TW?sEWy23e@MpO7D{eh>X^Sxh%2J&E9O>x(a4Jar-b)1sMPXghxY$XpIg_ znp;`%{sW#H)wM%s$a`k))rv~ z`NF%AMtWb#j7_)Q*$oA>;@t-HJmwP^*7UUo#43X7<~(jb;9_WTRVy}3NwCjo6>1nl z9eHbR46fr?e-^}{M<4$Kz5OZU(8bv555-POx1Wm~M0Ws`BWn*GS)%?la<8`xV9%XT zD+`rN#EL7!ixp4M)C|*v+>d2>QcPYpg%kSvu8)<%VvZK7J0 z4?b%j{{08@%RX_wSIr;A?-xE<=zF9ZxSNk>g*c%Xqa`}4&JzMBYpc$}-y}P)KhP9M zhU;s0WKb(UJLmo^b$?nwLFCXj?$(Sc21-FVk7j*Ay43J>SXSr<`VhP^!mX#?nWf04n=gJoHs${cj-UEWn38CfMNoFs573$H0a@t39jSj@4Dzfj={} z3|jOKvXEWhRrW!&JuisZK4Sw8oLe>_@Pn_mP-3d^9^3io2#ck=#7wNN+)nkxBG=p0P~erE+}*1 z%gR;Sz|)IyOmDa-Fu%yK5OhQD5}lcuOMt=8rrlUi32CL^KInVrX|ghgXkoJ}1?f72 z17&B~3}I*Ev9~bCNixIiHV7V6-Fg>@_NN@RpT|3zTcTpS{C6W<(={!IuJFnle%9{{ zyySB{$uyBQBMLddL@)C~nOm&T<6Y=2kwSI!x`oaYG2@|!4e^|>&+4iV)AWbIid0EEU#$%(Gu|-*y>-3GaWM#uwm|g@n+d&!K4J z(LOykR4sm(>nq)#aq(J>V}}d(estP5In;F*A}*CS`Y127qpdWrCC;ygny7M)K30S; z!#klkLlAX~5_%4=j<>*{pRFLxt%hcg3?<=Ps-&#)L#`|?+@8LQRtMHwsMQB`zJ}O9 z1nhzf(=nAYzsMxE^BwV^ynXQN=8=ryxgU06jPm$G#n5xAtdD_A7$DQ{e`1%?HHh2t z@HrG+WF3eyFpsX*xhcomaDaANpUU1>5jpnNL0E?JT!V~o58+31k@=X_iE{+F9Ec>Rh?qcr%TPkCO{IOT+{@3lo;t(KA{(0CH zoXzsEUFU7Fp<{Dc%=J{4;O?b8adC%aE0s@u90o(SAL+a`MYTbG1+A73LldhgFZ7$$ zE)+8R*Sq)ItosaiuFhyltw&gWuWokl$2R+)nC_2;111{q96lo49)|!72(f~gb1a61 z^K8$N#%>Ois)jN+0#^1oR}_8A;nDe2aO7FcF-*~iSb^Qc=~Px!h7Dpp0BXtUpv~sy zFjOued)mbgcrdWRA}K*h*S*Vxw9WHb;;n+3oje#-B25J^DuI_r+i7@^ zSL+Ky_z0)J$YN#s6HY4|0>9*~^^Z(aBc%%Y%_=vmwBzd5G(z%$QzF!n$l3$tXi>tXhiY%{6o@tEKg8d7 zWi|YC1g+(G!1_eLKlyX@W!l>l`5*ws>xirj<#A;l8@llw-YORF_gK%)b{=xnsQJ4#(;$*ob*$3}fjRdJ8wVX^S1(h8ZUI|b7^EvNIs4)U5E#kW*6n+HQ}4x8vZnT#>K zmp^E%Jc{{vgW2#gnG#v~F!bK{7Tp4yzyQkziwdxQLki*t%TLU}#ZP^!oLp3^Te0I?{a!ubGNP!?ZCT(Mb61_sOV`MqX_*Zb=STb&~{(noRqf^c-#y5dv&q zheK&pgK;^($gW!FluqQO)NL13PL|wcOZKbZ|OYvV=OchJT3LY8pI5B{;+BF7u9wg@$%2$OIq>Cu`poFv%&BV>ju?a?q zshy(iun-vC>nDPSiRNAbNr-*~k-@z`2qY1B6B{^1x(d;3#Hfe2IQuyv-PA~KYWPn5 zxeMGWX343MsT%L@h+fQ>@Vxjoy~lYGOw2vHYS6P!(83v^24QD$QCLZ?qHh-Q*%ky} z=O^Ov@b{XRE|Bdkq=R+GwDCS1JE6@Pt?nj8epW>l&XC<+A}j(M)~~L;6i~Py&=O`0 zur}1dRxxW4Scwf21nhRz=|n~IC$iY%0D3C!+St@Ws=`Y+K5fBkAD<6L_Va&&sN$t@ zS-rjNy-97ffxGMNKDZTy<~<$>8I(;kWjs9ea~ z37L?|nNd!tzckDzP47icv+tuDWak#27PJtI#Vh#>E6f&k567O?YWl0YbI@qh>F5`g zXB=(*dk(SnjEpw zg_mDJ)#G4nK0(aN$W8eeYlc1qSiRn3C@_+}>#9~<#8Ys3BGQK4_8f<7)2ZjN|_ zma#{fF}!p`MG6wfT-xJ5W__$(H*TU`yc>D}Lx(z!`hm_T2#-dvD=vc2@ef`v4F_)V zmzL|YT+|HQNHe-8^_g3cBRPreWH(Nv=0ZeCbTl8>c(I~wr*-M*^I&YZVU==lUaS~{ zRm#usre9>yBoROZv-YynC6ETOOWQj4fP3CvbV^$f&F$P?s>AN~+^k*sHqEW-W}M@4 zcRXvX44j#EJ0)UbrD@_wHxbMTMtTs`CzY>3fxHKxd9t%uHSzT*UN-|9$P-O;%3#@< zlM5Y7Sjnr~1YLwX8vv24?0X$xmO#(Ivd&X@7I$J*Vm3moBU$j?;~cxNS;jM3nvIQO zy@S3c6qbb-3}`O#B6roMOoF|4oI*Ah*Bul`8FlGJ4ITCdj{VJ-Ldq;`RDO;=U#f-1 zDpSc|)9Y_+Epkk1x-MK_!}4gDJV}v5AlXtWAcZ0y$db-*o#xlubmmi9SS~_%aR%?7 z-dJh#Rv1EbY?*p4sxwgI^x=|aZR4=sCwJUdq{Lm`jx4ev}SA0HR%W(UzG;} z)vrbumFnlkyA~l1-DF|rXu9qSlMXQJGm?a>r)=v7)exUhKaK&h;h_eh>y3*%o;iIF z&t8^%PPXwHW7oTcu2tsVvR0A>&*mczc;WU305c^-F!obg9}8L~H$HkKu#5s!;5Kavbgib4+4Qu)Y%W(`E*aPBPbV z%dZbD+u?c|17zPCunYxRDZ94@uBYL|FlF8OSn z);PV3k_Xa_F{dI|985KyC>OlLSNH~mG#^ceLU}ZQm}c6BeObp3%gi~rXFUsxy^FUe zT>oCB8(&NJ65&@BXO*X0S2oA3X-_U4?px2m;x_yxQvd5KU77v5(caOR3>#JyZdPo_ zW)A(3H%=*f`}5b!-B<^h|9yUbLC?7n)LcW#Bx=G$oH5$-ijx49Rlj$0gG4}m#m1^H z%4goqkNMWDfS-MO>!G&6q4+Vj2d7hEBM{$m7wx0dhS8FCcVA6Ezr_2*$m+eT@vF3p zvhKzr&(C>folN&E)yl<%T_aeHDGT9}5VEk&2hta9AW+^XVljKXF98u0e>`8PH5K{L0ZSHr}h9h(@! z;w>Ojr{}=!aXnrFp*#t@M&CTNkJ`%14m^?>zl%BOBj$-K0|vwsryW+?ExgIjo4NSZ zFLPL^Kz?(BvIk_P4zi=_2gIN~2~8B{Y}=8|Fi_f5h z_7%X0t-r{Mftmp#tGe(1J@^U!HBOvyyV)h$^}eo_Ysn#D<>)Pvfv{IA9Td^8omH9)Qc*_)v%dOEgjn-^%~~gJ0p}}Zc6|D-royB{G%WQ@cw6R{q_duCW}6qR%t5ZM%v1WLDKTm zF;%AL|1j_WdjI!Zi~P@?pFig685cXb^zA$E_g)bldPJr`=*S7UGt4en@amtJobC1> zLv7aoR5Zs>8>xC%wN;1ONETraR-XbfPM(DSR9rU^5Ub&U`>-7M5-9gzLu{*>5GHH^V+Y>Xr%ABCjJoC?{D%)1%O-2AxzvS}=IOp_!?oQ^0R zVAEmdb1K8HA_!*zu$ij-Z#JO%hYNS&k1kwcA^s%pgB+)~yDk#7T1%TqTQGwA>DftU zlO2Yt(>_x=tcFYat-@4DwEU(*99jDB!WzKq-!1Nz4Wl(<#HR`Yu?_+!Spd06HE;ck zEZ3jOIB&|Tdmsr+qW=QulG|V;NBq)3Wk;M+d2?hkK<0GFvBKBY2|QjQB)=Iw^|}nt zYJm2|siBSuKLMcWE&&~Bz9@*T-epk-Ow_;sDhQp}y>~MG#IkrjNm1m9H#Wm$v${v? zlVQpos!gdlHT5tT2diG=VWDqn>QB{3G4X#o`3E@i2~L3&4mvsSLAnmZnT7#5{cod5 zce4TduJjZ^^5~l01n8LcIeh*J0Nnq0g{%ZoFeUVx3gF5f2Iw|DfP$lIUpl-DJf%0G z7^YA+s2mEU2T(f7OY^{3#()2b3%6WP;FnJmp(j|7tWW@dqXhqU zzsiL+q)>Pxp#LTQwi3S3zumOnpHGASL;zw3?$Qxn$^o@C)TgEo!nlvve~}&R5Jw5I z(7&y0;eWm3_~PE2@4FRQ_7q-;dm1Yx~!8``2@O@b4;v zzhp9?!v9Z^$rWa}m5zpEA!paH3egDRC`}&nyqDr{?Xf>1<8&W-bm>x=Q#m5(SrB-9-dn5mczZ#qOrsQCLr*QkudB#p~oikNyg`2skkyguXq>! ztKq*i-+wPd@t1V?OFH~-Djoh`vv2>m>}^^@A6XJ-HRW-i4T)TRUuIlS^+D0%a$5NB z(Dn#>+ZL1m!rprZMb)kAq9`aT8Of=YEKvmn0cjOUA|NO^v`P|Ma)yQ$kesuE(2_)A zO9nxj93|&W1A-E}iH#k+^IP9uYp-vgRqO0?YuBk;b@@S26g_9p@s2Uac*FBP&oZPL zfC|ENZuBho^H7~UKWF)_7HB8FJtGj4dbfU^vpoIii|8vQ-qMRj$yO@@;|fwDW7j5v z3kO zbV=nl@c&SW0Zkcu5pZFov#4$ylEj8w>LQZSktl(DE%p}}9Z8~w50L>3aUQ$B$w0{J z>%z^s#1}x(?guX%$AtO@{#>zpf~6yzgC}4igd32SxL;%-0xgi-T{(caF%#H;Wa=59 zw|H}r1cul@(+yPn)$tA}%>5~G^cMcydU1algagoue9Nf6jum)QLPc>m0C6Pp|1d_= zSaa^#xWgzZ;HCi5VoC2e*>zHDA8NfFjA16Jb-@2RR3Hlbt10{o169v~Hd$={q0sc4 z7?K7b42Lg?65=9(K!`BM_Y$|($|yqTW%g}dDPJqa=d73Q$Ha%-KygX= z-RqwP42>vy8s7JS;!M{FfPdrDa!9)f6wkVZVV(%-u3YnE$ zfk!k^!K6Mrg>`UtDhZ8myJxa<@W0=+SromnD6%LL-l;|-lJ26_a7F3MCxJk#leF(H z!y&L@JSWU?vPllcCtna_3`UC$Rf~QVGEoUPCH)fI=X1K|eEEiaVRMVSVEj5Q(TZ~6s> zse~uEO7voguX)L@_ih^;WrdQ{RWUq0kJ8dZy2z~_o@wR`U00O2`#rL7CX^@NH!?-Q zM=4al_ano@4>JOnr8+umI!65k< zxrPhyDbji1Q+J&1K04F=n=I=+ZS!P4F^O}}&lfgd2GH)6 zS?CbbyC{z`YGun2l75oCgvAr_!6IR#IL;IcZ9_1-Hx$Q6+&&;a(M;Q#sfmMyiq0#o zBvd?=L)T=M$jR}AQs<5p_anm!@8{<0n`mY)s#b}#JpH)y7T`dL_+)qnLo_5YXx_dq zt3E1K>!}2dMmz~LCpv@afI_YA=fCOw$ZUYWFCW0Ohfwq1H$lB>)_^L*`hT;=ATX7RtO0O_jyuYW(K zpPMz4j&c%t_}q;vknM&V8Fy)H7zG!Py)T*YCkY9MQhH4fk^3PjkEGX#P-5}{mHJYudNK+as00SJQ^S=4&sf|(>eQ*f+3+>`rkHk8M0%~{9&=4>$0jt z6|x>m_SA98!RDDRD0=X!E($Oh_?L{R$YNVsuKZ`nE)&sk&1+0oMT-7EpPWo;SC_%Ar!dT~#{~ zXtF#mpqeG%d?_uOyZ6GC=)m_AF|sVRjCNa0e~2a}(B{)d$sAVshP1N3sIq&k!zxadd7PIW&2G$L!yOLMP*J)Wt4n(+-)pY)HQkhY z?UImHWd!gfu@nf#ol6Us{wav15L|iqW{$VthjCq!`jv7W+Z{^FA5iO%lBFVHCBun< z87E{yQv1l0BS+1Q>cg>Z;gTO7{(>vI2({X;wTYy0{q<@M-GT_Sv-vBOu0a>B#7iZZ z$V5e%rhm+8QDM^iZ?31)F1yoC!~e52pvRM375WRK6OB0) zI`5H#goPfuKHQGTMaNA$EiWMQNYfTKhqn&2psgexTv=S9kr8wP@uJ>bd)@>+CAh8? z+waa)?3Qei%Zxto*%Ur#Y%@*>*g!`}?NF1FW-lKY|6923&yit#h`@zxbHSaKm zx6j`?oW%IcsAve;1oD>d68vh*RKYh4it>JwH73eYmaYA|RBQYYqsLD%h zEBq#l0o-7!Cr60@zZ(FWOY_VGP;;9l*xJ`5>CGlygdWDJLlUPdUC45S1%NzUILyla zeiI;ef(>xjeijds8=z$J7HWobxJxqJEA;MLP9yODdJ4Ug26Rcj@g3CJH;#Yfq{J%G zz!uufwL%%WbyNqk-o7ooF!>#z+d_RjLJcg~3RQOcX>0q|Gy#;*wPlmFy(G0*n0k^q z#<6q>F{5<+fQNO0zbRN58=9J?yTJD|t%A+cM=+csW$7yWrD#HL9{L8vezFf$y%pt! z2_rGc`HU$(DgDWz6@>iNS)aIbTP@Y^)>H+y8EuH2sKS6KK{TawXX|~s zp_2;qhsRR(7FNGdW!^-RwBV)VAfq8`RqeIGWMGpED0|hW5wqzszB^9u-(2yOI#xem z2BMS;USZ(%Q2LM$N&S!In*?t#COq$>>qbE{6ZlY>fJ7ZXlYGZeR^`%l% zQ(v3xsPQ6IRK@-I9KE{C>bms$ld0DCB_~w@uo67ax%S~UqGt_n`g>;a7rzSRgnn!t z__MnmO<>Ja8}PC}vqUf-KUh_aRhujMK{LFrHC=o0Hdgh*@sn;o3M+%!?K@c3uIoBW zh#)vMQu`ee_q|o?Q!!KG#IWZ_-7&}ez(I^0C}yYXvx3Ru@7raG;Xohk5tTbR0!^6A zqe2!G+Hacn(e=0+Hnl?8SGr{bqvaN(HM=GdRrBqDatcWtCV>0tLs9wC#K67(p?Z=} zpcVDKE>~>dHHhBZ4HX}m8*ZOA9~wrPMOv6NL1ABxlqP8s(HLy=lLGs4CkA=L8K*?r zbSUa(rOvh}RarngW!o1f52B;Xhtv}dls)(HLiHa-^JQbB1wLReMe7j@NHY4bzA$7c44yHuUwjsomc~g zAs1kxOT}>Z$!y^?3`@9m?l|W1NS<(9^(60uH3piJzn!#eNS@Aur<9atm#ru z3Dl)Z4~HxUwrmQ3bEzy@|dqpbW&!XyR1G99eiN#*l#bzZbS|Q$ zqL*8G(WHd~k_AF2ER@uI1pXz`*|bqw@k(6y+E}#5TH=Y@D<6Ve#){}bC{L;C($A5U zFK%+8C_}H~tTWirqiBpybCkcttZ_}#q|CM_MCjpARd`5ew!2$U>&>we?l4RPdZba7-C_fUy>A*n7jAvuP%Jye2-&q* zm6;YT4(LC@FId=RNmpa2XAmJFAH$G~b{L4M+RYw!fts_M$D(2(-8AuP>5;cxGG`%V z8~da&2%UtIFu`YpV7Q`1-KUh9H-ifhHH|1`w~~4=I+eg-P5$|^Rmj}k7JecfZ~4i| z5u}A~hP-W&v#ilH@8^ueT1*j6@~MO9lg~{z-s#;nCyx_<>mbP#DK+qT0`eMehobO4 zHpWFjX})&8%OS|r`8nvAfAt>eG>FJIym9?S$J6`YG`N9GhPPn{hzn*byA^@g!R0Q? z)M7Wc8>cV1& zd@c2;;^leMZ!HlgftqY%Jz41e=p;4XIXdTH(j~ejyUQfT+l`bfMlkA0-f5VL`_~yq z*r2H2^;Z=0Q&JkUee-*hRfHGB!X|D4$0&?-ncK2|tP0F&R^s_3Gnl^yGkX)*MC={C z6z|_ACj`C?Y#tCrbIU%!9#!IR&OkOnRk0xjgxmEPg1rAg)&l$J>aCjXORW=Xy}!vc zq}p}T_UPp5=1{k2^l^n~bH2M6x-A6S^o~84`KQKmon^2d%b)}EcHVKk{0nwX`GQn5 znPoTo54%0pCI9DWek&?# z7-Qj#3{F^CtSZ=+#fmngs*pjALg;?-4olV1G6B;*PKEn@%YppP-RHt*9+9+{W2!LI z%mDp*i?a9fU{t<`U0W2 zK{Z90?V}DlK`N9x9C;SkkAI32MN>wW1n{)wZU#tVL-Q$To((JBv6m=g;cI|u?n}(K z7`@J(6P|l|jRLRz6$@%sVyzq6R#aK$R?yC9ucY$lmXOe;If$t}ON~G%3|YCP>AwFw z2(W7^iNj2>@NF$03@6$k8x3Uk2D5))=jXhW3@T!GexZe8FIp(vyDr>I(XIIT_KgOX z)};sfQ-j$`=K@Bv7;!5_P$lLt^>KpuGJ>wC=hMsd@2KgW+=%Y8D(w89#Il1ao*BXF zt{`q>yS4$6LptwKLyTdNBHyx8_+@YBz|sY8*CBJ0srT`{<{JFj1_t~hjuhwlxnOO0 zY31U3cpvXyle*YO3&ru#)+fq7$POrTiIiFH&mv3u=4~GF-tgFw+xIU}a2)91gug3dd>!fF2&a#emSeyWx~DlVzU_Ycc06Gy>DXA?rOxKP-k4f8L7!ME z-48!{Hr6BxW38N&xh6wVKT3UctG*6%I5S&SdI!Tf!5{p6Zm9ycp-g|T>mB{hw3C^ z(Cp(B$7+B#(#Pn2gSxR`qSkkP&m812gN6m96;&G-bO>g6`3oG|$hjPM){ev%ua>td zfA}F-r%v*i>Y@6j5_Qf=U+SQ5to$%r>_wKzqr1e6MwPM$j*3Eg-k~!No*?1gkC&zM zSjlAjzLyjR(P{>cEfE1k?m0^AWE-4;G;lN{m{e#4^{r_r{5j$sz{#$+VaE;;7t`cf zn|UtDgMO_UGN6627rDXrLox6-)!S|Rk_hV238vD|Z#E(IpI$RU&JxtArlOWFsn z;om+K8eF>j!kI1v_FxprdNfJQ1bW;Uw(FZ}F~EClZ^KUG<>cVm(Y&4@vcvP{(hsm5 z)cY#20%co_ix>Dd3Tfld4STsFqOY-YCIJJUQL0KdX!h4dFUFB5uxg!g46uu%PagB| zVfqsx<~`zdnzAvCnSERteJnakiaRP#5Xm((Ucbrc6)mkX$IUap$zl)L1nR3Xq)d-O zEox5KG~>jrgcMo&hHx|L_xg9FIu>aq8-0qspJ6_pZ0gXuwcN=n<-N4S`qL#6ax62!7mG zhCb63Xi8tZwiftY#egBrjr_B~`2FZ|HkmzC8zcr!?GDr=h4L3Ne3rSDxV0x+X9mK5 zLFYOp1LmD2UIg7ZzjAe7v-n!qoI)&_+%iD{y&JqB_6G``Ad5Nflw<-2Zx@V9=8ec$ z2bqS1Juz2){B$9qkUCT-$=T*!bj|nK1XvW(#q3vQ3#6tt)MJ&IBIek|cR_`Ei$Z3wr?^8v8uKyEZ3*aw<`KcHca&0g_$G6B zL}QgXpaxOW3HOB{;%BzctZ2ZTY>!4Ast{j(gq8SjkrWM zkRJpA^yju+;4`qZm~`*jE;lo_9a~dV1qI>u$uzgm;uZWhD(HIx?^4vr-pA9G8@3~A zY&#K5u$xiM0Sp+2(D+}dn8PG%ry}U^#aGguAxruxwXh=mx&iInuR$NKM~k5 zhNdHpY|>v1JDMaWl6&kvyu2QjF(_;m!Eg3mzourW=-aFYRTU#xK0v_^!Qk!`2RU0x z5{5mg!0yz+^q))ndW2>=Sn{M$r`14|ey~YJOy7ONdyV(zy`{;aCawu-_<6uasxW8Z z6?VK@k=CxnQK>^?ZowQWc#rvmcaH59N}JHf7r-~vxJ@b5&eg@a#BA<_SrD0vHz>}z#$>s5t@*nh=k8gf=?$sFph*Ea9Ww4T62zuBP zv<}-#9+C0VYC8IPD(Fe6lr?&a!8+b}L7n-*O`7bpSzgZ!Cjz)}VHirlotzSYeJMxCv@b zE*?zVE@Fn4OA?I>pA}O3<)_ppUA4&Deymg$w^AFNhXbHPIkqIbEaga8aE*xb?LvHxS%*Z}KYD{b=+cEK;Vp>9X!E{PEG7@5p zbwIr?0Co#_UJ~39)owj%`L=Tba&%d9{p7t%?KYX&A*kVw!svIcz@x=&KCCR7u7hqm zss(XbNyHo4?t+7xVQH$;0}z&OG+%#dexDD|Pl%GXVSgSoK-phC7F3WBjMonsfio&` z6Z~=hON$qOWL*nWAFZaBd{I>+$r_oHB9_l`B&MH^URuDaGp(xQ?%1yrn4tGZ6(xc8 za>+ImG2TU;5tweC(aeLdd_fDXM{;BS%y&z{v#P%a)rlYAHeW5Dz7v1t(5T_JZr1Cm zOfU7bu>p~y=BhzPrm@7qn~Jz0wXh4f7Y8Y0b=q_;;VN5aCIZ3jQjwr;5Ec=SmZ_oMrbPD_*# zmc$~sJsuUipezx%BuQ;|#PQ0JjbiMOP4m%pZ}H0-?r)+GVk%>*MMNga4>_7%;wJHW z-k>E^xbz@}=0_-x2-dOkV%Fe&4DnM#!ws5Q^A_vYny%)@yCFi3=b=A+346F6EOfc% zD_(mBMu9W*0sKo!^O={+Bnac?tq2d#&6}YwOWHr=Iyb)}OTF6jj4ASMae3BvjKWb4 z2GNONfbyL4XEg#Gx+-Cn{++Ng(-T(Svya(X6P-UknB&%M^0-3pW^UL5iTy&?iC#|1 z{yFLEjVY_X73FeN5jK#@Q+? zf0ZL8T-*Pp!*Q2&hfH4%>6q!*l=5+Z7u= zb|sq&z2wa&VQ85Hk^)W=Z@Otg<&`3n`EXyiTI5Y*jqBI3owJ91vpZ~?{r;L5r{%O3 zD0s?#Y+)na%EU7R4b4JZWf$*@Lq8l6rN6qlqp^eG%CGP z2!Ew?7DhfU$)#*(SLW@hvF6AqZF;u7e0#4DeAk{d`AzKyvQ3iHf}o6XNQ;srC=`3^ zL2KS=r<683AhQ|NhlBZTQ)pRT*NftzO+}s@p@^axwNG|l*B4BBFUI=$uo%sqy*IO= zE_WrC&ZGzHUsLFZzGFYA442eJXg5Rx%~TD}*z4gWT9s!~D~k*P^Ao;BPi+YCCen_@}Ne~_E4o0 zXsB}#G6jiCyvj0fj(U?a#>XFMY29;@soonuj-lKN$s?FG;uI7u&g0heaAzk~zc!M_ zhn(EG<^7`Ay%I+TWhMly6YgHk2x*B1#Rnd+ZmnPxS}a5XQA9o%7_%Nzs_2rBYkU0F z1BeKE+`GkP_?&3xlqJ3M)vY<73X_pt7d2KDR-1&g1}FeD#&oToxUYpJUs97dttJwT zllL7-bKQJ<#}&vq%d0*3NSCAz7ZfAhKJGk00uvVEQR=5L?g-?`Mg4pZP?x4u(>N;G zhs}yRORHfOEo?y=0raUtK!cG($wWHoO?70d`J-IhbUuNLE zYxczlh1Q>sW*^7RJnZUZS*(?PBXNLYpTV7V&}?lTRh~pv;Ur6QQmpD3P0!WyJnXyb zN^ZrlmJ@4cwW={4GWa=wK43h60Z3|`G;waq)7CFJv2{2deL8?Jnh+DApPY@;7lkCN z@4aAuoYE(3Z6Lbto3=f@goiWZkj*BbAcFofm=R~G|7GMiS*1JlhM#!vbPxX%b2{;e z*m-Uy#^xp~vum7@I3n`3hY#TXONOO^m;w}k28d!mhFT-EM;u^a=F;|w=nD26yDjyY zn}JgoEAH=Hd6wu4pDJ4*$KMSYHMC~>rudAHF7EBsuj3cVjwoL1lu>@jTVejhgT+i9 zea3`!#D(z)Vo|~F;*PuenE2UGxaZ<+8zj5=?|Hha-$37{(7s%`XU{P2!?$$t4+$E$ z;N?3`troY22)ZTtBviojNx|xY%$$2P^(n8)@-O9FlNB5)$Q;Q1>JF~>TKY9?+ZL}n zGu`>QbtWddgZ}xW#2z=knmfkx5yyf>fV-k36C<(!ip=7uYYY`P@?Il3l`BTpp1&FB zb)jcY)zaBnZpKY3FNyphv@v&itq`lwHp7gJ2w*odg(m(qyub2vSm2zahq$8X#TS)n zaT;P8751*A; zFdgjq5RYX@#01L>*O$`ax{(9*KxmAtj!2F$Qec3;{uOJy@EIzH?GRisiK(^&g42Yf zOMzMs+h@`|9)5%*h$6)t@pLKQ{d4;V2Dj%Cjq{b9O**I!|4q#9vQUW9HE+GqP9@p~ zyne{UszOZQ`6ZdKwpyQzO=jA-S1?~JR6JF&laQ;ycTS(8^73o44Gm-$jj07zDIbs@IO_ZC zV>KcTXP>o8#gN_e7nJ)Zu_D*nsKuqm<&@B{22@{&B>`8!ZGh+IJ67Xps5ePA{OW!p zSC8+dZbPmeqX*G>aC+vwrgwP(LoA@PkfoP6*)=1r=Q5QGw@P2}%U-_y*6eK$zUKxl zQ!VG+LFNN4QI(;#K4uBir-{L9$(B1#3T`s~BSTp4SY%Dv=V4Ucd*ZmzE-`9a!NV8v zk)?Jbt>*fMK}AVwErS@gm#%wQKGcA6sIVUv=z)jKY^3)S5pCczxTwxw7HOg?UPV9S zlbn+Ao#KUpBw9n4`)%>Jma-JkpxEj-dQ#Vd#E{iKFP1gvz~53iOX9(B6x5EIjXYkD zmk+e93Y`X9u}K@jZBdtQMbclitn(e>QJ8SAtkpHY zMwei}QY0N{C6J6+6n?xYvE3ZFjv{|PyhJP|-B8O8@2E{7zaGUIFw)Oyc0iI;>}epD zjK@uBh_7P6QM1pVN0RCZD2nRP1_hPz$6Otd2@^8^**=GZsPl(z5N-gwvOt17~^ zPLU#W{l-7iG|jU-A>r+NZB*KJ58aC95>ahJenKBh51YbhJ`f&{1c;EPlqe>|#GI-! z8fYkWKaaW3KfHWyJabONx1X~R;O0mPZ z^gBYvxE^jDp2)XJP=N0I!q%mXI#K^rOO;4|l~r?`Ke@Me=T)GV*!@pC#N0{f&&zvZ zU4V8L%ohLHZYD00#A-h?V<*qq=7i4pG-CVCK%?C2yF8P3gxhiQ9_0t*r^9z7mJVzb zS|YR9o4tgf;g=_6$0(Ndz*pK}s4-`HdqtGLow z0N{A5yG?ZP$y8t$$`L~PR=+ez;dmSs`BXq$K=ON14IUDJSI83Q(90_tOImZRGANJR zSAjS+)GEui99RBCRquBCtIkYl{w#&vDbV3A0dLxRZ*5JfBDQaHs?{UqardyOWoZK7cInW-u4>7*t_|#)PadXSD|q?k#YM;UE<@4rCt%?#ES9Z>ZI+Q3@U}t$APZW7 zp^SrFE5Thh8xM7#I(*q3w6*8SpKp0J_WI2_@x67=GbfuJP^`h`(Kz-Z&W9N45v4TbS~?&)NQ*ntd%)vaC-Nv|DcFdD0>`s9h%%R4v(_fuNC$E>pbtYDTd9e7>dl z`&#F@ciF3*rTk7Q&t#d&73>*e^4{y=x5lzJLA@dpdtWU`X#*Hu!p$nFY}wCoA(MnrJEM6 zCwFjH>C$Ru=2xh*Q5H5UrD2M@vaaAlvdy79yqMJ7rJo-fpx#@DiV^wIymHBB6XFXz z<^7jbwMEyVcvEQHY^`>p_k?N<#!~a*^TfEdhZ$)@+n($Pf=yG%%hLI8vcqz8<2_(tNYY6C<3t0y?YH{EzW+J0jz^kRf9*aqK5i9bq7a_p8%sOlGN~_YBd4a(KN>I}b)7g<(AGa*%k^`s%%n@+ah+v8Be5VwF zM$i=l8|KxV1&P^r)^8pBRkv??mh0k^@5ntLQbZW(s`%jMEZen=T{}gFHLXwsziP)T z8!m=C*7!&w3zT|j>8^$~ozmsZ zc7>|%)AbBIJ-;jre)*!kpq52Y!RZ62mgRvor(D9lk;?|vRT zKT9XtV7GE*$+Bod5uD>4251J&Y)5m1X1IZpWJ-H4zHsM0W6&+veC3eB%FUGNDPGvT zFU5R!eFHLigDbvZ;N;nCWJ8tdd|Cgr#e7`4^x_o$$bF>RW5R&|qE5^`iD2#@AMg0= z2mhcPFp#-0ll45TceyYb}OO} zJ!jLkW=FQr(n!D>!-_7&F!fRCMWJ?+t!qx7EKc^pnOrZf7k`%y7v)pb zYm>ME0A;KaZ{BN}Y2yn{Fmq~+n@(GbYf(6625oGjT()U>Vs$7lPt^^-6j%l7j>4Z0DwU^m@+BR9a6x+my~hOk0`k zW?qUMCHvX0cN`oNr;Pd4#m6b`U&(zIP3L}Os=;?u89f-dVPetlu++1(hT6#&* z36YyEou8R@8i21%J-T`kkhE{z>f&^<7+>BEM$t5S$c74Gl_I!%Fb;EuGmIV56Xnx7 zXO!6=)Fw(>L&UGgvR}UuZTL}F=Uw1BoSwwwO}<>hp(8L{Tp2I&lB5BRt zeUo%ugZV0x*|BU5;aT;H<^1c8}?`jJ>lRWAZ5yuXe1b<$|iU_+xz?DW}4<( z6U}q9=X^t$%mbGJA*4-=lfh? zaEADvLUst)0nZ;W z2#C@?T#&?ey;*J;Uz?GTDBUT0mA-W4Qj>E{>h&$AGj%aIGFvjk5hmSl$K>&t_1B8b zXvvFeOJLfUHJ(a5v6MBWf!He!3)k*3ibYQED}KxTe$3h}xpk;}7883KLDh#I}R!rNNOVohe6gOx}*{4hMYz zU{M=k8|mTUv6rY4vd8a|rpl-2&IU-d=Qi`)z=nmv{Fd)XZl~|QSuh;lAq^|SZS2Y$ zPh7goH8O#Qpc;i2Ul}7Mn)kK%mX6yTD3@;`u~7A4-de0pgJVtYugIQjb}!7|Uzq-; zZrZE$Ej+&_I;r1RGv{FpS0pzVv-R`%drLtI!P+_TpzBisosde2w30>Wgwnan$j!&G z-g#&JlBl7sF1f3+#>UTe3%+|ide1&5-X$jQIgfpjW@xshEF3{BMQ_EYoS8DUx z3HVHp*jd?)6MEQ#BV;9<^JqncZgYAQa0Yh=-GI6TyEzK}e6ZP2=#+I;@fh;+39ssiV|}V2zPzB9O_GaN z%U2&*-vD{5)bTb@u~uW3BwaQ@5j?+&suADsC>mmZ?F0Cj&aa>jh^#K&A#-j*Su?f& z!OK8is2zFnd0NflAmx%KCZQP^)2uaqv1A4s-8Tv9}Co>oTYS+!}Ke^$fkv& zoy4atWPKEgBO*70`22^15lKmi2e@(!A6lmqFRBTO_(CCH_gP{h$tQ7k?%tZEx5fwW z)l0Lg-+T1#cFQquR_U!h^O0>u1|lvsT{JTL33OpKg3rg+=9_Fh+cPuMezFsm<&~&c zoT%^Rpr=jNQxZzdAW;FQ=SbMf10~Mb*-rXip#ANoshQbb9y^9yJDv;Qjku?cgQZk8 ztx|iC&N)$^6?dCamlV%nfV5RR2O_8nwY7<0T5KvP2G0l~wq+d$`UM3O@9}7s&$8*S z7d-583It!wSpI~YTL49oE?et}**C#Xx)P3FohUiQLwbk{0N=Xj!r^AJt|#Stf;LVQ zgI^I0c0$KRa2OtSzJvPlWK)A)*450qF)F^qZ?8rSu&A+#JzYwPrsp0e1@70%pr7LCUVEi=v6msSn)hE=9OAcFnGj?!6z;Aj&IfPi!; z#dR(|8Fe~{qSCzJ=s^XgxbX&3)7@&jH}%cAq|LRM>@GXk;uaAvi(5x~Z8ee33{?-K z>3F<@o{l@oJgwCneeTBB`bf$2R?j8V2UlO+8ru3+zY(ySgSeFnRHJaVyED6_*qac7 zU@088?F$b_Swlj9lQF^Wpm726Gioc~%ReUUpt9kY`$u*hYsxJfO?nYm`QxLFuJM;$ zbq(7qD$_6mgCECzw837QVeK=Zh_2@S}gYIIgJ(p#vWZ>wx}+C(-b*UM(LyVvT@ zOogH?UWhaZr-xZBC}F*V9V8FyFIDZI)H0|!_g?3C$(wRDrMyMrP1Z>>GDjFtO4xTg z1Bjq{U|RPfO&G!G^ruZiU*$s!E9~+$c8nTWE{eq_PZ6Rx z=p4rJ4B3lInNjTTXr+IfH+O(7R+iCSp_nO1A$twokQZKi=Isuy^lEvj#G->Skfhzl zShp{4m`iO>hPk)uzn9Ij#or|^i$2qcy%FtVZX2bSe!El=?U0hE>r~qqFNqQ1&;}mYeRWs5kgTGBsPeT{HIhZxn*@AzD zzw$|Q9TXcGT%Z3oBJrE-hU&L%PFMN#uS=2u7kyQ280>lerp0v}S|~yqs!_XOr*^Nl zn$=~S&o(`gMO*zgd9}Zvijvo7qm!sEAfeF($d6049|Ie)(;LeSgGT>jx0(5Qu>hOy>l&-PA@KGO-LRy7 z_hdbXug!blOR$SLttB`J3TILjMdL~ob(SR+@DGW$nco)eQf$%~G(?rz6IG}eOeECT zzuE)ug&JmaMKGv|1DBMeTr$-mnR%&ukm++@v{R(fJO1c+XV1^wz(UU*R#{l`mi=!# zMrDBSelY+9Q=DwnS%y>EL8gBpqLHfErGrON5lxe>JjSwH>1ygEyF9rV-2lh88hIX(d+LpxKjdj6LyohzhL!#n$CDTu9k zjHx#6BZ@}Q`f$B0>_ysxiJPA zN>KL8w>R0zaDcmI&vVYpYlgRnPON6@+)_MnE^+n^?p{4B`y=m+5r=FDOcuR4Z>Tp^ zH4CN6bp2tmanrPuPuB42S)U5a;uPJau`C__Boq)@brS9Z{CcVYhYC`6%2&F5+F3MEk$+ske968WgNy{9gQM-dCtCt|$7Pbv zC!smp0%p`}_Rnp1u3Aeo=V_#0=*M;sEY?24p;?eKc1Rg09 zogiszdkXMrolXmyaT&HIT7uRXfdAXpv&k|So1tnUM^QibOd*pyqhAwtiA-Xu-@jDF zmuY{?o&WowUtZ=4OL}C*7rT#>{)B;Rt5X^(YN-6~ z;y9p9A|us(F%M}R2WF;b=i47`N0FlFBtKix=t;F2?gth>bm5_&buMQ_r#3DpZzA2V$64o1Vqumwb+FjqX_N2M2&gD zbW_3f%Gn~iEi+L0QzmhySpx^@g(JIp|Ml*Lv&0k>ni`jzM=)-}`mZ&V%(l487)v_r z3ue2yaV1=2CM;ixmA2N87G08%wIl|>kk8Gza-#36W0IY@omct(2e?x}_1~d@A z$pyCN;3iQx)IS4gk&r;+DW@9;tB6Iik4_fsPyD>rIXUIFXJ>?qjI#tZG&J>D&*k7u z>}Nfl%n9v#1O;sg`P*)eB>qv~UAaz`p6X`PFqElNGt1E=5oz+}7M49$85+008)=sEhL(A7}9|`W-_0zb?;iaVt*M z>^waaNbPDAbo1V?)X0%6x2O=Em-$GM&_bEsL=EZj%#tq<%^lk(qHWq-vGQ)W9Y@!^ z9Oe}cZC?{!;Aoy>6&{ZeOtUwRd6=-F5goDhFB}U6TQ~NX_pYrMDGL@-vGb<`%cikd6A=dCKPHDKwDj>u^#L7Tj@oE826Aw)JYGQdZC7f(Zy}UMBBZW(7fav~j z#HnXbf1ldne_{>9ALQprpZPuX_eQ;cp$ByR&nC4JZc5S}gW96}x>TTd^y$Ck2Nvxu z;l~Pvh@X$)Nt9d)T-__s42g49U|~0)SWiDRu~dya4z)LP-1XypQrgGLlBDzXm#@s+ zejE-ckOS=0oA4zQfbtgJYPhWPixsFJoCW%(!jTW~(%?BJ|8&sKB~LiO8bP-wI{O4* zOo09-69j4^aSFh`g=|M0NYs+f0f;gNHG)6@KOnB^fx?J`aghf)mCD2xwdriqQqJHB z0!_NNT?p{nRs)3|_?{Zj$@bT;%Ox=au!*5Bi#QepLB&_-kLz-`fGW4Mt}S5@$ZcIY z0zk#<0L-@sb;1W!xY43mAtDt}9tyPklfU;OBm(@y+=)P?L*o5<`Oiy_Uc&2yD@nFE zc)XuIe199hx=2V^hhtK3Nu&@U0BNrJgE{xV48$VhZiekww$*@|(K`}om1hP)z(Y=eo<4q`#lPAJ{MSJk=KRgtO8s=l=UDzUIh}(J$sb9` z0F-GJcmHA{&|e23I{dfGKsI6cpeXPfJnV$B2ACD4Ns<;|G9Do8{Ac_8b?TXaApW>4 z?vDvmLF|Lu2*IZ_eLB;p@AUt=6P~`)r@QyxPq_bI?%qXdd)`SMo?)s<8Z7kM*ptey ztv%HY!CWG*-8y{Xf1KI{B`*=~FOovW-vfufiW&o3&qL`EC;_sj6e(PE`~Lrg`*eDb zQ#btoXqQXA_AejoS23Y^1`#RgoZKNzt z0I%gOxuWtdUA($+=2iofjpcLKR+Utl&b3f|GNrk_OU0J)7bxP=Wt?U}Bo4^YE$n(M z5J-Z6_|I*NqyJ;V5u}FL08euHIJoAMrP3sI6w~1O-eJI}88^EmQS6mVu)}E0CnYCp zx%Q5S0~}_CuBDB+*jQCiOh8H-Oz6!wS20z=oa&do24352Rp~R6PWgj@gSe#2uLoYD zmv$dMlr`8DEXz8s?IvOY6xzPjE|6aOha6A;fhm}t^LeGwEWn^JjMy}Vy!b;p4Yg+g z#+K%5K|FBp3V)VQ>YBw(HL3wLh)6<89N{IN6?l>#GC+U`z$arQZBXw5z^h7dzOtNp zP`NiC+Xgui1>uH|BpCqeMj&<<0Fc)lchX7LI6yeY?S$KdxtkaTsImd_FFi&8zf9ae zU9>g1FWE&1Ms#m}DpT9C0D#jUCP@#wNYeg)x#G|72q`HAvhEB{<>VkCUe#ev<(2zD{U5Dk zzE2IfN-ev|8Rl|i)Co7S==b`w6#IMhpCB`IgTKkxN#k&Og2D=oSKEI+G1PheU&`>7qTrAc8wqHp=7ehtNGh@{s3+si>H8PkC*G zXPE8tl)KtS`-uF25Q1?{`s8w0)QilAQc%M^GI+h%zz;a{GdKsK8wWtr1*8Bpb}fV` z82MFSTjW|^!1ywV?)zIMp0*d57ZqcU6q(9EIExb#Ner!F!T) z5ulp97#4w41O%3-B)1UIJ(L?Uc+FvNMV)kf6tu43HspbvFcH-^u``yM>To&#JfgWx z9I4-%%;BOvBb{zCbEHv~vb_qshgm!VKr|tK_&eSiOJD*Z!{h|ug5r$LA$UW)RL|Zm zV$?C*7XM@y5Ml*?T|+MZ+}j_(Ngc5OpHl1OV2uK!W$}ecFRx52Wi8~H0&+wpte4$kix!;w`Qs=ehL+9Z6#oFTft|dkzCrmnd_YV zI}-z&HmO?xGZ9AT*&qBwt5sm!5p#o)35ei#X}&bSJ{{P4@=m+aPP_6>*TDZ~4J3Qy z<#WFz|NRd+*MEWfrPWjhUh3zj)gjq{PV?u|nHke}9{?t;yZ@8iV1K<=u0~EmCZC5* z__lK%W8Q0LHOnBnJ27M$fQIWII<9~Is4)#|XIar!NIcxR&t|PbVdX{f3_q6qZ$&## zH532OG!swl^?%P^da+f>xt~7J{X?Kqq|ZHp`-9`14Nxr{K(EHZ4~qi%-)9}9)Qa%E z9m0FzLAc}JWF~Qc|8KEUu;UMRxRuuOofMogk zdlpl7$#VFN>#a{a>dd%Yyf8rv_ikx7E{h4f*k0ThIusz2skcCx?)6fuZ@!{XeGbiL zUc|c+$dya^-f#kr(L+T*rXW-YkPrh_-B}CVqOML=W3)cs=$0|}w`is1cQZUX`i4tO zEA1#Kh>0|42=HvDy&-@BicAju#qa=LnGkAJzv>e>FpJbd`Honq{>NoE}lF%HWZ}*Udn`@QDXOwLf@Hek7NJA z!oxf6aoS**Yc{li7jAtOmlyvEKKF$(-SY*c` z8LcSg;^9$XLfVbs znO6>#P@UL`&t;exUpKWz?(-r*;bLcN%lJik+v6pGIW|o#8PQZ`+lJtDs@eIO})OXTi4iz>B5?=b4ax9JZyO zS<|V5#wK6zwQnf+EFz1$g?ecu>C}{v4&g*VD7`BTc+Ys5gAf@V-O}Cs^XmKt;}Gsn zPF>AtasCj8_w}zp&o3UX)mZ8f^MEhNDG`Mu$i|*g;$gUzqp*$S?|Bc>rgoZ>hdqU{XM<(IHAA0ZX9d~ivT^Ua=S7~CaW^PZ z8RSVj8V(~Pl!cB5VZ$ibRrIGm6gQc1z3@`l{6OX|inC_gJc}~F@3Fjax$XTYNL#dq zd9qasx!5ga)T0BL0%am|enfl&a8wuvgIfDAn;!MgleJ1#NoQN^%r6Tb)_os2YOko7 z*KP&5eyHIkT)_Fi(>Bf-KD%ch8ec*c0JM~|K}=xFnAj+l*2yyHX^H#r zt>3JPs76SSe@x2_S3G#&S%luN%*5R3CoL-a%Brlt9E$5>#f3ON2njt^YQar!$o8?O z*u&2X`=IRhuuS_LUIrH8b`0X#>6d%uiZ0FXOENC@3_XCM;1|xzDPnt&CY$K8 z`D#s*iqX*ZWxuU~5J4}Q?^7d!`q{!MOfnpteBq+$6vR)*n9`RFTUnz2y%Cvu^VyMld5ar`;SZGN+M|LTS;n5;q^bzMUy=H*$S z$yT@}^{tHg;1T6*OX=nVrkAnDkL`}=Ry5ScX(P%2P|Q%ib9FUYlSmt0X;5qnQ-7u2 zj0zXqcQBTfTkJjTq1E@yh*?ou!#g8Mo&bJIHqaY4je+z4a6^?9F=A-N;sDIm{f6|@ zKa5vyfP#fgFVv{}W>$vD$SfJ`9el0vcINxh1m@UlxiEcy%2%SRv(?>$-CpcHJF>KECntme1j$6n#lRw;idJ3Qb zOeFq62~fUuDdFQ1C?18?L~0vUvmeE3{Ec)HYZ28K1J{A@2{I?JO~^#02YLvs6Fm#= zsH!d*jAAV#+YqBF$oexB4)3%6;IJ0`CWl3=oZj^?-(?r~V9`75w0>7qZ6vmKdWNnJ9PI7Ro#8qFIr-`fMGu>-}~rz(Y=UeCgx`~zJ-P1=4j!Cm|~ z_xvS5h8Wv;59u$g*9cqf&M(fg^$9(5n+u&AG!!s&wop)D?^gY-U27aqXgV*X2>vb* z!qujcz5QX;HJPR7rL@tzcucs=hX3l=RF!!8a|RkofTg+ zwF2-)iZH{CNi?f1eZV?4qNscBh5=3@;cC{bIQ)Ixd5y$vImYUIw-+N=s2F8@l^^Mm z&;)GcwKy-6*}}`Fg@-gsGW%5o5Ac=cfp)xI4_bED|2>>bP;cVv8#=dify(E1Bp=YLep;y9r9*ddo_~ROtO|x@$ufim4=G#v1b-8ayRqKZ znC5M}ZlP8qnkM0)dEMq}8ffH7JrV{@k1*(g#M$Sg!(J$w^6lo{LdA1er}mj>GV?_h zear>FGK9>n1)su?NfBgfqRB_fL<>a~R~GxHmeq&C-!_e&+c0WO8p)SRevQq)p_ya0 ztGPVdan&w}eq-W^odWM4#jlGvP<=*=vDrME6VgaZ*3MzQx9Lw<5j7uhxn z=e0UphaOnC{p*Dwo|vwiLam5^+Ul@DuYp`IY;^iI0ve82IGP9@uVEPjw;BQ~X>T zh$NEvit)*1yydr_lwIiVFG_S=%a@79E(yvH$VCdXrX1V|Z&HvR98ln9U2GKmbTUgD z*|1pLKqJn^S2J~of4G`8u26u&4R>iN*j{f*e9|;gU!l}*mYas*&epL1pI@lU&+W8_ z#i|jZh<+%OraYc_?AR*N%C5`j!v2ST~n*ncuT}oWZwv;bGG4QBqU# z<{)ghmgpvX(F-ZuXqpCQKIHA0+QB#4oGHKe6!_`GaHZYom452uo9S`A^#@i_9WSn` z4tUQPG{cREqqvTB=65Qq9GXV%MJ0pqgzd*CoV2^H(Q?PC&YNa01_K?3`ee}#YyN{W zdX4_^2${y2zueZyy3XK*rS=b_3VI(yX4out9Q( z8EMyo7Pfp}D0p@-)D+dUK5;P&((BC7n%&#Z^Y)VxAvg8uQc9~TUz8BFKFZ>aeHN5OS|1+Ch9Tt z{XuXF)e>C$yb_=a)W)Kh3Iy@BsnS>_LkG9HX1pWRm>T)a#hYuzlJ%f#8VjXHe4}X0 zbO|7PAQVyJydF}@e7foOeY=oR{P!nugR;>P25FtJ z^>dAWiYPwCw0wDakEaf*pcgPSngqG+c>P9P@X7n12dZeQ>y^#jBv?0+y^|3S(S>rr zA#?kGmsMMGr|pe8MzcZtnJgkIpqRQ@2O6PZ$I@CnY3<+z#-EJ{am1UvkE>mG;F<|Z zxOq2|(ZLR$nl`0CzZi;kx%Byae=Eo{iO8#qYbx9yBSrnDu;DnG@?IjY?Z_$(=Et9l zFle_)X4YyN+-`NFVD1m2WVvG{dQq3ifFTu~8@6YNFR9oSu+A>F-JSY5@}1Y8rLbf` zC|DLhSSy!Nw4MZ7aEuO;&2S`*uAg8XNLp}<`RrZ_J^p>kLFEl8=Bgh{c19Z4M{MVWqL{K{~V8HBNTAY)9WIarj&Z_aWw5!6>^73$z%udHaW;a`{LE4#&7*&CKbE2QZ^bo1n+ zo`S4>6yd?Qq;zo*O`UKDIU&_M0{Yb=pK83H#pxVr<6WFyBDMNQ#T25=j5?k(FlK7l zvVKrxU6dfW<5dz|ab1}kqZencW$3aM2)?xy&uq1FNL)|5D2|gO7tksFSwz?=);1xjXGQF-*nnMi8Btj zmyjYzO-Gx>q&yGALcPd9Uz~MoO_s!?=zlJj)CEiwN0%T+F5yHonryyLF<*3Wpol-^r$kF$5ObqlUvd3gScVlfnT4qhdJ+Ghe zJ6^R<>3uhySeeqFruqFC9D^3m1nvMr@9h@#VqKsTJs6@JyqR$`b!Am!eD&D#+3Nb> zL~bnKf->C{+M~R5FCwJ5_LEazlxsN0n18VEl~JZi)o<0johaL9sS&my)8JNu{Y z4Z&{DFIecUXX5UlyM@>SV;m3r57QtFUCfI;kbV@$!tc0WJkbm)W5JT;J#H0Yu<-jhp)8t6`SvCyfOx@mrkH)xWy081^{2HDowO zb0n>P0DnL-LA*?3ApGvRi|eSQs=tw+*+#CGF8J2;KY9+`KVjf1p}Nd-=^@9(@S5~N zD0deat~IZzwvOW4llRU~PxedAO{K~FwhC*tNm6)`$!~U0AfG3x<@Yu4^eZWdER9?3 z9)SyzjNssD-_Bb#Ug&+EJTvditJO`tMnd(Ko#wIHrmrTAV$U(gal_mYG8eB=GcjhP zc41XlVZ;|;@7fuMQiTNvjNvp5 z*E#Nss0oI?{%-7&X6w;`S{Nnx5#?(U<6VNSc+=RY%faUOXPG?Zl|K2g?T$XTmV6ku zH5kh-x?P9To4;`MBlTxh3p%oX`BTeBggW6m5lWLv8os(ZxeEsysHQ+g8Ky^hk1W*| z8>7{u>BYpjF%jw5P?D;*GfzD}=Oj%!+ju75tuc^!bV9x*Ad9=%)}+VEHG0MQ_TDeZ zPsyz#@IoynK3?MecFW{n-^YT!zuqUz$sbq=a~oeE3i)~5HmX7qCH%WhMxa4vucsKev?=E^oaW`Ql{qyr_#I9RwKw z6Ynebt%q%qZb1_nE^G*Prc1M`j4w{)G$7OlB~d^vg4S3o9E2@2PQ+0pn`UdPHx#~p zGEgcRNqxXrr6NBd_AyK0TQO5gW+wD4ii&c9tkiklgt!(aW-;{`g+slZb22cQ^ouWa z5gr@W=FaC`%A(J*dC0k+iXmZX%?A4u8zvDDW-k$qdS9Jz8ncoaUS;`FF(Jv~7PA4)TOwQ+ucm{9 zl1?=UX;b3FbCOpW>lzD6vvTd6(?or)2*#Onyt$w_(E-FYY%>SwA>rIhl-cwP!aPR*{f==+1e%s0R9 za4Z=bYnFRPUF!XAdiCX1?$=qi(MBUmSZKY<{sJzT!hh0dKaoI|DhZ3R!fU-1{(F8< z>COFXz>`1iI@;ZpE6||H%F^rG0cmM+IIDwuq5;mkQA`l2b)33jjbs>Rln z_O5VX8(-9~kl}A~Od3hMd&isvu}KUu1Sp+1%6gqxj11!ceAQvt_g&EsdCuTrMSa`h z+f#kNDlx}x?z2$Ks~)!ol~~b&Yt5OT!}5%0JMG-v{{#5G4l@c8e`()1^aR%SLpo(U z)^?O5Y`_(+d0yTHf?Lf)*7z~+Q5T5mv7M8z4%+Z*g}XT zh8Dp^vN79z%RHmK1y^uZv#H;C1+I2J6M16cIB-!&=QHEo@p^sYQimK1i{z7Tb-dDLkt+37x{hV|P0W1QzYUHsFIYTjP7t55#bmICw=A=9M7NHrnR zL*+rK*+d)B`VuwU2bK$)Mn1Pb5DQ7#WI>`Lt_LqMpd4{~tT#Lpoq2U^THlC@GU1o? zoh?KAafcC&XHpYx2zZL7DPJaJ`%F3Q_Dr7?ZNE_I3*q2=KH;xEq)@KucOwP=Zhkv` z|2A&4uMix<3Q+3`c^miqIbZ^%9k)~8HQvG}&s!lZhqU$8=3Y!zKHe9=&5~U{f#xu@q-qG^(Y=p|HsS2zt~p zy)U0NZQq&VZB75FEop1yYR)(}u-yClr=X$d+-VO$yHcAFbU`mP4bn8!2VOwg71)v` zxU=`r@7UE$8x1Q%#H6@;X!@R9(WeUvAJ3-6J|R+D7uE*`{`!r=RB=8M2@Pu_A{OE@-+aC$%go)I`o6-fd&c; zBJ;fMw^13Xa5O0O$!|+`ADDYzs*jTT@J#$Yp7->KB=>+XY2(j7Pzo4l63I%9?4^O< zoCg4oGMlKvyUP`ZJ@-xr|4^xqW*NGoEh6Xx)a&Yc{gc8F1~ zUS;7vwmWN>E-j#XjU+Z$;Z=G~6Ol}CrAkvxXW`B_nrb0Ink~`H7HX97pF(AaMc(&- z(9JEI2}r|#cKmowyvWT*_4%XY*H5QAT?jj4gXNXK_sSDx+%6T-hh#l;tbEibXmI)T zgu{yv@uiJqxwa}uG{A_wpi6?YSK9B{TaDihwa#MT3_Abi_j`|Q*sXAKp|b-6!QRFR zuHXEO=1uQ(@htN(f2m+MAas()9={16#=5?l7At(sA{W8#n77}C+W-!bMyJRDFjdpe z-&DE*z(w=P0yk9=axI2B*!tK~MJ^<*-y3~%>E+S`T7(Z=5O2_XxG;}VNg->HoWiad zuX60FH_j_}iOnbu%&cc!lNNt!rz@P*z)$m~GLOXy-+1XBLo?kzs_!td3q-625(B*k zxI@Rr`KN!8H#VDH+i%FRjJQ6kze~J~4Y7=7k<$xa<)ml=lmx{u;6!JMhDrA}C)}c3 zR%AIFhe~xPqxgUV{c?j}*f?we*nn+Hg&0>xpCoBXQzq;;mKTWGqe-Ou&94p0e%533 ztm?f!qr)RoRn`K_tX4Lb%(@|^fwk8eNsjgVI8zR9lXxU4L2a(2wgi&l3(bl-4lrF=Y2f!*2|BvuI1^7 z|6e!#bJOoqWpdSt`7h;(ugBkJwZF{v4xM~zpmix%yJ)huqV)`BNC)7o^wcYuJ zrH*RX4Eoa-CUmC%vU0(_qJj9~sO{H$%$5UI6FR`rz@bb>tI~G$OPfN+gFPgQcuY6SatxxM)s;oPTXZ-*ieK0q412h8C4dW5RVF0Qy@zSlVoSXjkoq7@ zugfD(Jm1DU#OC+GLHKLL^;eq@ic47R8rv*SW|y<0!1?ucXHpe#C!+tyuow$mb6u^2 zolnH=JVNT9Tk)wbO&ao|nXmMNw=RR^9~*)^+6w6rldCl3&}xbJPI=5**n54C1tw0t z+m%2#dO2mufG;!sQE@i9%Lp&gcTNW!wxdxWi3Q*$@7#91CNiPQFm0{JpZ;zJYiEJ0 z6!-6EYxqnDaC3U^1U2A=&%NJRrTa}lfaerbE#_1Y6k9pIH~I;J5_F=6cT-YRM^mU{ z92**cyx5(QCvQ7Hga>rM)SpVwWIX>PQm#QH0;#+#5TyUjN zJI(F8K3zAOC#7pbKIhWKX8jrxSdu@V2}IUBmIsgimUs3f+5PlZpWmM^CpP~BnKtEF zIhcs9cZQkQh;ptt@Y-%ledTUp)4t4RS{-rNZOTaWG$Pupjk(^Nl73Qq*mU&nK8lIA@I;wekOIg{1(wgfD7wCEmnF#g(VU{oc*!tq_= zqEihSJGM-ymkHb6IPCcciWi9S28b|9)j3DBvM>ST5Ji_$!KoEBeg(DD=NkntZQR#T zB19F;we0h@wQBoCn+Dd+&J6iw!3_;JeX5NoYytm~G?K_)i7pscAbC#H>5oa}BxK`0 zEyG&SDcOsAp}CAm!NGx;dIlBYES{Uds%RQ(?x@$O z)?&C|hh~qraRniR2w7(8(RRML(4`yK^CQR+yP%{Y@xZ1zX))Xhr7PW_*8jLt z{FI}k({E^S2=x@>SuY zfOT8?JCcSy+a>Tk+}s`^x#|2fLPKT$#Pg%GV@rbH;OF+qUTLIn+tGbwXZpK?35gV& zg)TZ^VZ8rBr|ZXojb*W(FJXbTj|8f6(@c674n@3^Pq4@P<14I6oo|2lfK7L}HWE|5$%`c{*1tBJ{)y8%S<_)Ys zW?d%#ymm|DX??A+W#r%^S?n|Z-PGMeo2GzDtQ+zK^4xU;*~i=ZBhY^X%*Z>d$k^|H z(_H$IVlL)>^v8f0@8Lzs!TxmbJybW(R`zP-qmP5_j^vi&41@w>n^4Mnv^1D+`px8QXTI z2fNEG>DXD_tVXj{`)|39fi`mZ(J)|`!eat0(G5&;bc%l1;X#O}+vDGt#XlvX*m|3% zv?o{i9vhcJ+S0&8;$wN<(TQ)$^MD1}qYal`e}nV@bHnPrd1TAI6HD&6hs{mCO}2e& z(PVAtF4d(d+0Si3MU(b-2iZV)v4)~SOdweBgLxlznr*OazSoW@2UAmgH~pG-@TL-P zB`=5G>{=YX~{ou-gZG^&{znTY}mreuE8iOYWg+f=e!a|=a+>tE) z%=&nkYFn5YasB_UB>* zf!DSkQt9fXT|6?Xb^l=laRxfcj&;)*vMq%UZ;*g}I_7g**~A5Va5tgSmF-!0zD0o< zNPmfUdFVmT2vLeqOk~G%jP^(5#gNTf2wfa?*%q^#$~GC*P4Dh~KcWz5j=5-Dfg)8^ zSZW=bUdXJehKEru39c2=65GWBKbfw#*3@A8xQ?g3L&xiK9ocGr7vb(KX3(oD5ef$i z0Ztez0*shgk#lj3}W1 z@xmW>7~h!A<R4LhYno3Rd2f_ohdK$e788wfE%Z>&q&fDOU`yt?Ep+M|F}P^ z?7Ll}1!TqiuT?gq{=UA!GW9)|?pI|N$u~4l=H3i41Tobvob(BJ_R22qVLba}FN)UV z#t!2@&2aSaotoe49SrHd{SlU!D^I>oEZq>c_$_uQn}`xdu#<(-c!=4UNEsgESXt(d zy!_p}{HJp(v{@eaQ~Vf!o_Cft7C?AGdXOo{W1hIh0pA`Cki?OBUCRLLwFVL^e(y z@`wdDYgsuq{6}7s0>r^)Q$SynLC7-w)>3bX(!uD(akaIy*QeR>#abEFxFlWkaE+xp z8Y+cloYw-dDC&N7WL&2n=?<~xSa(WMYA}D%H11cGdN#S#5RFzXF7UWs6si}m=NjFS zSUZ72$86Z_hisr;o=~`n25Zatf0ON--&gFMiQ7Nn@oE?pzhz8nyB}oGcA;L*(_Mn* zA~*fDYf-cRK(uT#vVSHPD$P5l{X81q`Lug++!51X;|~{n1(+PxVJt_g2*I#Wvl)qp zcYo}A6oeOEs*uTizx;Czq+lemG`~%Um8kL&_y;0$e(Dt%tiH9h;$%zo-pEK;Ex$yYVquGHKeIs}vH{WurLkKva)DufS6!LePT&c4@q}@Xh+Je~I@0gIphC0w zBVWxgi+WED>FdAXCmcWwr(E{l`mNP>MK_4>W*oACby4m|Hi{3bjYVBn8WV1`#9a3m zeS4p0aNnsH<7K~e6M)Crsn9ufMz;;`Kr{1^gRI1BU*lh()-P!B!rodp^Bk>CeDs?Y ze^dhBhycBJ9}!moawV}K0BE-_yb)YUW+m3HG5YF685rS;^U^cYpsP4+TOwueyIpjA?_=oRtA2CcipqaHPdzAMq#`s@^@QMKt&g?nTvDvk z6Oc_R-K??p{RJZUiIl4S5Y>B$RqJVy3+p!(Xv$$+rMIG41nFo*FpXL?M2TK!5u)9? zuR)*swKv7kT`j>W%5;dQI}^wEF_@rV&L=Bxt;Y^q5)%33*FPu)tOQNRv+5~!| zyWR-1S8WY@iN9D@db3indzZWSwCLTZu2Y&HpH4sOw&JL`ET6EVWvSr$IF$irTDS?| z2-!EzE6xS;=g*#m2Z0#U?q1gPqoVm#(M+$}!;PLFMm5m&9WERib>I#93l|QZvdyM7 zEdvUle2HF*iW|K9J(m;bvv{a;<`|Nr@4 z-TMER{}1MKS+7EXfc*dB$g>~-u6T@GZ7y7wWQ=^YcUAxt`}Es|=kLRBm%Sxm3p_K$ zu3=H0Pdxnsv(qhs%m6YG!GQB6M|dVGf$Nq=>ECk>=Q|F5|Hk5)8gC`WKf#T&N$Qe8 z^k;_^+UD64<0}?-WsyPifd*wOuhQ1O4eD7a&JEiPgKq^c{jC+$EXx1(O2mHuuzG57 z>&>4|;n%qNxk`)iucWK)JO}U3K949J-yWg}G*C*A6=q{%gjoQ(QdaAsPz+EJDig!8 zYozpZ_KNu(6Ry+0PguVl0&){B7cm0(xmJf*G5?Rtdq`HYw_9@rzTQ;9m|wYHXf2~+ z#f?GoRz?l~2JHj-Z3+Z2`waMf)>z&(iT%}&KIpkJO!x;Y@M+(db zH=F5_Mtoasn26b@uz6V*NJANQJzZ*~zl=$LTo4oS{chg-yT{%vR0xtQB=1zw4^PIE z2qoulC=j?($B#~pHD3b<;)|+&nLovp(G=*yik9*S;q{y4SyP<8<4A7~C<|4eW6dZi z=5#Jgn;) zzRY{)+2}{7owLZL1!p_aN8*{DIpo>QX9|tlYYk!*3iCOXaeI%qcoo8+e+r6N&jadX9L67-+94!AlXmfTX4xY~Q!(klCOz zEO6s}+VASWw%dk%1*Qkv$I~fTD>IEtN307IgzozD*JNgiZfJ@#E1m|>QRDsnEP5FQ z!xpx9gB80Rs;2ty9J@VEdpmdca;@qz>9)C|TxX)xU=@Dbm5uRc#M)o}vhnu^v93pA z1haWf7zVl6H$)L9#*`?>SMPRls?_h)EUt{NtnFCX>->5iT2gtJkF8kwj+Gj9^?4~- zFA~Q|7{u9N88I@~&Vc?ny+|u3G}x8(^^ft<5dQlO(k?@9g_8L5A`Td{N>P?OS^8O@ z3?$?A`The<-@o&z(BUWR*x{nh_retkvMX0V_*#kP^N5|_y2hJi$ssRjt@=|l%^~oimAHFYD{^oQ4g}pFKV3bO zFt45BlUZv@eAJvOnyUIRRp;{=Rd@O4Z6~&glz*VL50E48m0SNnHTedVch%l4TI_T1 z5E9J}f&)jE2`pbFD@|F?EgMWIPVV3g>#lEXWt7fN1WE1hN96-= zwpOoBtWmS5*R@lbG*?^$#LRC98n5|DYIxR2+WP^|43LxoINBjFuOuq~yt3eduY%^; z-RB0l28&_l0?=~YD zpBAsy?5UUJE_jBpEQ-2bn^BOnoz!;&HGBa*LOgdwFFNbYon#DYnw(_mv6Sty+$q13 zr0Qy0q<2@F+e)8{>IX>m!rT0aMRRZ}MSQ+fkfe@SK&ap+ung<4udYUT{l#=<7}PcG zh>x0PxlUX(^lr?EhlRWLr_IG{u-Nlbh}UbR7ho4CzU}S;&s4#gKZa$k@HIIQX&8{7 z$E5AjxM|~lUeO7AynuXTxw%YA4)OMmqPAb@6YiHi`IJNbDaz`_#geq^>#2`px!Esr zKXlO+elBzgG3ozE3t&M;$AoeA7igZp_ZP)|eTR;nOD#wH)Gs;|<$3~vt0bL-Hi<`h zk&nPRMm5<4_<1Ru9Y_m;ZNK1_tIyNQ*S}s{P%?)7oa8drv?x2U6GzHZ>nvrI(FRee zf}I|k_b}Z*+A087dMFwKCe-PhajkM~tr?CPl4o%`~A?N!p+ zqP?PmoKTLDP91gDMalSXQ#59X@B|k`zI6WSj|o(FuJig)kE^C~*V9mI_k|2M)#b*l z@+;JWgIov0YUfWXLL;JLiB?_Balb^DK6=d(3e8)E1j;m4ej99_bQ9q&Bn!$6o-!kl zn;23=6zt7qEh7dvm*pv~yX9~`w}W29csu=gWxc>B8x8wN^aBjx=y&jk6G(bA(8p8# zxpxjk8ZUhUPT}9QGB*S2P63gQRs$H6dp3>Q_x|z^GzI(i7m7B;`~wZFMmsa(3RAkk zM4$P7dm4+oUDsH-rj{M-B?oo&HVuoYYhRbz*w`-m-MQG+^D$P2gP+(yGDQ4H8 z*Pui_3V)cO`COM6Orbmf$w-L-^WS#`LA=M;5{td5KS-Jz7cFPmfYN6UUx*0cRbmiK zMA_ahd0+Hg_D4Ik^UXDiW2Qdux257Zc@Wzdap5+aG}v_Y{*$VOm8q5M0=jwfAB$Xf z11|c^a^%cr09x?>o@sXGCfy@Tv=J9^HvK4;Kc^PVIuyRGFIl?H@}b_6rW|cO=q!aN zuF*PmVkME)T+E;wa@3|HcGUm`e8wKWegz@3%lSbT_~G;|phW zM~9fM9}K)}$Up@XL`e6iLloJ4tTUWGzKbnT%Anro6KLR)za!9hK|1h5??+Gt-3RIy zHsdYE=HR!5I7`v=IA_}KwXoh9IS8_dUa}vLGge1`6G{GE5 z*V=>vs`l*t9Sn1*%@@16!W-Mu(%j-hQR#6*@W%~WRFqkE%BYBd|8sC-TzsY12}K}( z{psjlB(hOA*jqgHGHBEI^D`~S#IJVrbl%QL$KC4L)SRP=mBoPo_L%EA+`V58RH$RD zCL)(F4fO-bbL0>t1=2{@AB7w!{{&=S$zsj1A1CvVW(d`t;=2~C&0LyKLVYbQ~9%JTc)#Qc|$kXN;+ZdM#lSJAKPzO zPV5cnX|g%?|8N}48r)z?D|(e45T@8R?+YR$h$uXuViV5r{;?ERxX@GxH_ke*e5jll zsc+f&0n}>h;<=)g?5okOFHZaOHyUzr{@q+ zXo>Y)bF*3X*LU(g9OpBMI@iyrURX|V@AGKspLe`~)W@d>{sU<~Jv>)M&wr$R*9AAU z^f>}0Z*2*3N5Q7u+;Z&Tr{^YeUz~x+kAKB_#^M7ESm`wF0Raotsd6Ng#Own-`kUXr?^otDYMB@2|4kE>>zL`jTe6@6|k*k9+1sloI@Si%DP`A%j@y;v^R0 z&PeO?-M+j|b8uJ8p24(eOQcNclt$ChmTSF%tmG#-lQ-I{x0HFA&k7%68?jpBcGnu4 z;ux-~Wp1RJzXRk;Z5oQ=jhfE}TPG<9b|@Uk9!H13C^WO*nyW?fTiWw-btRXbR`sL? z>4&dey>h!RZUHDBYR+?zzZNM%$e$f9|3DuHBG0*R+F0|SwvpsniQgyCO#eXBk;rp_ z*)sz@E~6#Z{?7=>Fu>%%w&9@|rJDH28luNIw4RtF&810bwh=Kh&au#kx4AlI>8xeg zg;G1^VHrvH)6pBcb?1c;&)d9~vmSWb*~a#-*v-0V!N|yPo`)8?@_KgW&UTKpR%Vr* zEu(*GyI12@)NtF_Kz#P#*;Z<>=ZC$?Ud6>z(2-wrquc)FtN^NAsRIoYt==A|C%#3^ zEQ_!81U`7&9{-^LGf;fLFLty_xx~IM=ud?hMzNCFA8&bSLTY}aeGK&(t4s5uc#aPi zgQCU|B?bZ}9(9J)VuRc-e&6A{QZ;GU=49)+G12Rvkhl7UHx+J$%foDCen!0rd4JEu zwC@c2N+jZzLc$>CUYsmbU{yl#h*08*9iLp=2AJOm*@7B`TnvM)ucRaC`b_DdH6>Lr z-XGyoiZ5QZGu;A>37iI$!h793-RV0KZA<@kjR*W6*Lc|-8lF07p2=c!;9$9KMg5b7 z)~0ceFk=l-g*<`Mg^{`;yl_U6JzRatZ9e@aMjg@S0+NyVnfQvA%IdY$K(M0!Wy?+B zlsjgDc^hCL+a6E0S`T|_x@(ft30FHXbN>_nWEqHSA1@0_Oj-I?Q=Qg z1Ig;Iv8lyb#xQ>_S^4j&0+J1x%L)7vdqzeM59zk&vAQ_e2JZlPVY`PSTA=FRb&aST z85OiUKCZN=nD(Zv~_LCp}HIVyUti+dGQNWVMhEZ34g(mp9x zm+Zgz@KME>Sh?-V-0k5z&x-rAga z-lajrZ=hlXhEh9i)|tiny2M)@$~84g6G|J6n+%g3nr4Cw-BR5$_UVGMK6G8knHaTK z!Or7WEpeMC(f>fOLYfgzOtrd0!oi=zeV0IY1s)9^Rlkxf!(ZrU@3&pL9}%C(?p9mn z4}Qbg9^90{vqSw*}d!TAScR!%&Z^RtEa+j!>ISP!&e`n~hkKdCpjorr-XSE3XNY}e57N{_bdwcnqeYHjp~ zlK%RJte)m?9Un6dFV`Yxd@6%o-6PCa90nk{K?OciSglW&*QU2kmW#lzfK_FXxNSTu zmV2W%70OJ$6|xSFjVLW3*oRbqqqhiOsD2%89&O|IdoyESI@6y$Itca-Cy~5JU?Qes z4gpz+TT>}K6nD~Z|JKJDJpTlnyKWhFSTwpgd)6kgH~%t%-#PQ0*M{ytW9m0Yag`!FuJA~KS4+dwTW2bVJNLq?h*2BeX6G6CMBAGpT5_{E}0Dy zD3j%d{g}3ONBUcmcz|+TfSM{cdmM0fWTZbHJy}nqKYpKiS#JcGA+5Vx67mR;gZ?)} z^FPrYU;9Pvc?uV-r2^|;x_c5DRP~5gzUON87c)cJ1ZM^9iHLKCk6$$l(Vfi>dwOZqkmHdg_4+?Jz#JuciJ4Ogq9!oIl z3NoyGb-zw9Z`t@hF?@*j*TZ}Ep^{gw0Qz!_*p)uac}cN{I3Me?dHK_dV&tfP&Vzk? z^V-SInPm~sCMhCg<={6gDbL%bygAiVcsX@k^X~^9Yur*hQQG0Mv34n(9dP;lW3wUd z;2((7NPP99^=|N5y?t23Uzqc5r0k|i^VDCz?Ja1pe{ulj`?Gl@9YXcDiZ%YH(~@zC zPxD-FnBSwE79qFjVcR@w3&Z86*?aSiWJ%%)#yEGp7X7r+wqM4i3ZQx2>)Px5gK^)G2q_EewPLFQ;9lPm<%-2Z?lB z|LiZ|~%H|Kf4 z^l$JGf@_MxyEAuUjktGuXtefrue#V`LvPsJ)W^iWuo4ru`N=IXz%e{kaXoZ! z3*@#@YHDdaq*#ix?3pb?hJU+BXz-Q@@wLj!tg7FsatwU9?H`&`>Aa&n+cdd+S_s+! zM7M&sWfPS|Frfe#Qt>GF4VK7b;<>mr=m2-QV^o~^I*Vn2_o-hon*qFV!BQ6xco#8; zNd*^w_-QKPj?L;}#!}%k`VIH&FN)Y-uo28MIAyRs*}sSa9GS*;w4Y0wZ@kpjW#6(H zHzBK}gYrVN)Ju(D8r6jLJP%d4DSV3trPvOkfRW03P3o_cmcFsfG@!(z`G;-Ej(FxJ<<*4@J$dVvuWcSHSM!A~2)Xhf zPIXlRk2d-ZVxm3uZ*w8b8%$2t?!#EdpXgX-F&-qMRs!UHdET{*@wsf<%|h#9@zypvIPFXOLtFo{#|(lcvDuoz{!{V7TqAQ`dARN4Pso1IXi~ZG}w6ew6n-H_5pcwdtA$5`B=$W(zaZN{ybt8Gmbj9RLB%UHq z4EPe!dS&QgOM9XPzi6FdmAKbCL&xkk#*2EA4#Jg(5s8mtuX<-G*?|S$f%xmDCCUd( zm2>%t$G8}b?Ro6qbT&9Q@o;@{p;Ile!uYe7h*(pjL&A2N-b1w!vu`5;bq}v@WYpKM zMc>|DFT*-vAZe=tebGB!r^KPWFAx*olxmyCKRxV;RFNerMNq z*Y#Z2{d#`)@BZGu=lQ<;;dP!fW6tH6&-wWr$NP96?}IwB)A3A5TEwRs;A#7;_5RDb z9%eUqEecr&(_(_?*rg=01asm1O%*F7z4sCiu`(YsU3bCI%_!zM6pE> z1`=b2!Ga3QPMK3BIMjabLGMyQ2Ofhq-{C^N zZTUA`W-FnXDc~L$oR({nNbd{!jD)g)`$FiG$Gt9l7|*sf!NL<2F`ZGEk0Z#JnP)?oE2y!@8!uE?f*$emf}xm@IQD)LYsTm;nuVI0h@HFE+- zyQQd^vrUy}HR#2w=@zXmnp_EiJ_-6dSx1NOpJ{8>ew=t3>(qjzz3rj9xZ87s++AAY zYwT%J%(hZ&m=ZJbsYu|gx+v93vZ2dX^g^|3g{IG`Tn6XYqFtP?sC$bdcLqnfxkv|6Ij4zs|~7eNpwh+>RkCO(N4X zC|#z*=8<#igQnM>#GL#hgkSLCKi*P62+0( zL_54cHlhK-Rf~yeTyY=Fa}A{}W8B%;`Bbf-PQ%5omvE6*H2@}NSpFK3)2kwUb#)rZ z=BocloZH|32Z`{1wJn5}G_J~rfc8H9CT}XYE0j`A*8@i^w zZR4X_wMymfF0GqC5h%IRQMGka2I}t>@C0L}_Pu-}zzdS+10AWAMvrm9#^0shL8gqI z*0@;CFyRamOibk_v;`97Qap^cBGf;L@t2fEya|%CR5W}!_v)FPrNHof33_zv{D>v9 zjgqwEYOm&8Hc3zInZyJ15lONAX_bE!a4fAjucX3q>mTVWmH(W&-5)8l{d0o$ZSg;U-2I})mX!$2{wAf~H{JzI`?|kspt_(&0k4L10JUxl#iSB60hjZw zELls9%!&Yzb}i(~s>oiQJ8QUD6ad*e5#u9>LgYSx6a0-H@I-Y0L1*4y|ILLzC8cU= zMGQ%P46rD`cpXxD0RR(o?SW1M0QnKc1akZyNMc@1MdfeL$l@(ak|vvdd=?V&6=QUO$qETBp(;)jzjPi+qG1WL-E5qb0T z)q;P#+Y!`4!N$@1uD1*>{(QC2AJ1Nb?1#;Bw|~pZfAoWSSdc%T+;R_;f%+)7Z>)V| z0ngF?$ogdt*nbRvnK1X~tY4Ru{R#em;gEFT5>kNTsK`o7 zEyAhGjWGMFA}Im0^U!3+-3aT(1GPJBXu1&-rzM_WO}07;1#cPIW|q9zDoe>Hd0G3+ zsvz#~fm+*8Jw*Oe7YPfcXr91S4?q|ERLWD;J@`iC7o=%QpG8A#VY1}_PcE(38}J#;!LW58fun`rM% z1RRZvYJcqP0z^@r7f_595x4?F=ptJM`2YZMkz`U(lE_)}sjpcg<-%8E|jtEL<0qUfZ8?`^Q`wDd*pY>0Sg8q2XJ@LA?;oNJm8W5-8ZeQ zf{#h~&)YjdUkvw%KX$fml2e6{(>?eDwjqs{L%p12(;Hv`s|?Hd?HAT{lOODmig{YWSN2*z-Q1V zCPV;g-#o&$JHzV*ZNv|AKHWeI>Sp97z_k5P`3tE)n-QQfFawF3S%Ai{kd@huia|i< zxeKa30?M}@5#+~7JF?&D4%su%-Gj(4<4ClLG>c2Y94uldP-N8wkWl6aC>4Tatu`_X z@*iI?&{E-E+A)|Vn{^Og_uw*v07?Z7K&b$#?fk(%e22APM@^orhu;Iebguh){)f}3 z{rn}@0i8cC?SnNEyDZ{f_-k8hJ+Tk_q^*6@*gk3OzcB{>XrVjs+fx5mGEo0?NiHcU zGp4^l;VIcx^Hxq22|B;44x}ISfi3mx8a!gGfP9A`kPz(YAuA)v zrz7y1QqUbBt=A5?56y$#!nmUr;|tdLc4Ve51~LM<4nRLxsh_`M0crSH^X8u)sdqW^ zvs|1@dP-HnPiFv9jWm`3zY_}G0k~ZFc*Pe4YROgCQUmEfeE>y^e%b?l{kjJ_0RZ#N zYQ;%+=S{j}L*`L``T)31@E^Bnjk~$b-C5PwduRCP_kp}+36SYcN+JRxibO5m4j;c) zkK~O+0Djm{AAm8j*2oPYnfrVS=<}L7qFv~6_N%6f3+(6jf3nWL(SA10zR~ta+8@vD z&yV5$W^A*4cMCQukesA04=TKkWyn_fJ0TzH_@D5&Rxs z?T1nSh;H{?j-MCReV1b&<=96#02=;J2+;oOxxaeuub%tJ?H>sFe(bp)d;YXS?8lz_ zvFCm^>OY;rv%%ssl_Pz{J^?HVPeZl&TSrX0e@Wt<5q`HgE%{uDgOb}*bXP|?U|cA<~E~r{Lp3>mcX2roTWtp&zuLlywUs~d8R@s`$kb0(%+($*>^GHI*u;@->e zSdyK;SUhvS9wOo{f>Rtui+{hk*-Tsk@l2OD!HK}U{0rGjxu$d-F+A@H#ct7Etnd`y zb_sI{3nTErwXn1}PkfsXR;|@k2yZZ}2yOC`ZT=<|ie%OjWhyVQtiE=70L9_viPc6D2ZPW8m#*5xKTQ*G{&L{U zj;9+XeKLh8f5^lkLXsDt_VE%>3Vi#wU0BY@+SBdciZPl-bH-DMG!FIN8GYmI#&l<* z=FPIC4r_=%OsU0f@FV^rS*25(0H|xEa#q{wA!KerSO7sF%NzT;Gyn5-XZC-ifA4Q} z>!vb&vjfYwVtzVSv*$<(-QG*w`p;4KPy^luX2p<{i2fv~zsK zP@5*Msp(FNYv1nsr-YpO-cStmmw%~wr-T-TDE5YapqoHtpq4$9@LQx*xFBY2wxBg4 zXnkoEk&r!ZXM_w)>9x1N!Wr=9p^Ftugr|Mhy7-5Amh}M_zt{IkTv!=G3q%TElLkND zOH}eiYsqL)IUTcQ-?bAp*fw)KRBfzuo??zwE;7XTD#75x5+(r+ZQ28k4g;EjK*_rm z=?L<$U9}Prhx;`frFW;p&EEGm+vfqzgeIDOS2CtHN-qVKCtm+>(5Grv`v_44|KT0b zZv>bFPkJOZt}d5+laE)%ExEFQ8m{Y^`{$EL&N&A?NnExFc(vaCD=m{e?F8 z@UST@rl1k!=T+2;tcWD)%)}Ykg?r!BD0`!q+VPgxPNaib-~gvNWDCoP*Tf{X0UEHG z&mbJ+Pn;}diD5TqxDt9ocj{){x_zk&r+;BpK;O(cYqPO+skbzb=oqUdRu?(|X?Hq$ z&KKX-2PRiXCp%M6#>jf8?zfbXuNQs)>1>?Wvs<2{r~j2?tj8z(^Q1cu2N=XB=Q2q^ zbxUu!iL@3hd^d){9}sRbeDRkf>F-9^{`-IZp1b5&8aqB-C(+f!qU6;K4yASk>Kl$CK{PFLFTUt7gHN_wO|Gt07a14*eh&KW9 zzM8ik&#p>=8NcQ2oIph5BG&d=AbXD_EbzO+16m zT%MR_o>_p)Iu$g{xJT=i_KUk&4)6tB5U8!GzH8wmo&NHWnx050<)MeWvMRa>Ml`7# zagC^wwqQWidUggC28ft30NNpq{DQ#_L?}amp|r80E85JeO~cKeg8iG7YV{T zn+ocA+7DJycab$s9Gnvc_CO{U-$!TEP$@#{8cq&XqD-0^=*3whYj)!kLzZjK@e!n; z6C^FLWgr2So&7Ck`7or5VH2%odOvfR_e#!ln`!H1|M>U_1dCZl|M}Xwr87pM0*SP~#sNO$tm0IK~V_A5?3^ zKTegW!o9xArmBtO1$;3DC>AJG;)E7%qIS@L(rX2NsEoy>v(k_Q`q>Lc!~mU_#)#JB zrapi&7f6Oo%^D5p^qfWSpZmZ5CjZB6t_%DcL|-wWhaYm6OTWw914&k50~EiZB>Ei7 z6eP2lJ>VW*YW!ikdq--}RHHxf!I`CbP1mvsVv z@Zx{hTK)sa`Jo-~-|^z#RX`U<^Yo09wj6Ff&YWJ`VHbn06p+Jg7jj-<9uY%hlW@a( zAXRDCL1~2S;%``k&etS%xOTP&KUytZ!73%FJNd1Lx89%_WrwLaqBYF4E7!&$qGU%TkKr-pV?B1${Yqe!vQ6 zhXdB#Xm5NH5WF}AK{uxq5f1@{u z@jcL~VXf(cQ3~=Ar!0J@Qa|w~rj=HUZRuu7pw4USz7rwc8j)5$t>0G0ILu#jo2Mh% zd)4HZB~t3-fle+Cut0DLL+B=$hIpx0ddYuy1u;mKn%UrV>a}(8%QOSYJ8CC9DjyvQ zUoV~&nD+6b>%DU&x_(K(S;*B*PG6sclCgo(Ra)k*h6*dTpdo3@37ymi3p4uKfTFP8 z{SxPOWU3RABc~co_jzapWM=@dqkT z`q#R%MT|7#+=O=Ftct>XM0GDr645hNHq{_Ls!MYM@13K;R^)Ij{_B;2RJPGDoy1&b zm$a442C_Z?u6a3o`+`Wyt8Y1RRN!c6V>g34u0lG+tWL; zX{#Rh=n5MypD#+OWBLT0PJx!pXJed^;qn8c5rLb{gR4@;CNjH1Nw?~%%L8bpmNCX% zLicGOJg$*{msD#Yl9UJprM``DX8DL1sBf)qEO=uA(hSrROhrG)0o)s#^>cSfF1gyw z9-&t;fdN}EHoM}NQWI>gUv+9@bY7>wPje8>WmU2~!SWiU@lB+wj)n-w8xxf9#$=|R z0M15Ri7R^IVs|_Z$|Wl=Je#N5Nfopi9Z#KpVaYw*I#s^5Qi7R9OUH%Pf$Y4_Ry-=O zBQw_qj4lpcbh#J)ZcLjJVqUu>bY#5h_87%m!4MW>cb=XC1SR>?6g||shryOt5O3z@ z=4O^*O7cbL=OvCjB^zlzF8IK8$Hf#4>l$7@MR-U&Pl_e;;{6&Svc1w1*O&B%kfq7d zSD%f{-X{037{huh{rw!n5)T|#wA-GYo@!BKn6+wBq@9TiSaDn~oj`D$uJGN_abz@) zL7!-LI!RG2sd^k6;u8KcT2Us1xPc!8e*LqgH{@e>+osG#KFY1~@593B`@RJ;8yR;z z4G3SgjFPgv*|7ffF)t0}F$JK71x6o;>LGlCcl+VS$sT@<*y{wX&BzvSyTi+UJ4dbB z2$6EUFX!U~Y7X@b+KPx=9(HwN{x)QK5@?jl85@_a#50&aQ4(yH$Z<`V!|8L(0|I!$!(q=;D7w>_}Q6KDb@^3aLE#;zC3f7H=B3gqJTUl9jOe{~R zu>7Nw=3nen8)qQf!jKqo(&53~8L%g@Q~U}ix^1H^l*6GtdGBl4{Y@+OAO9XU0^nu zx>k6(;6!7#JD)|w!N)+UR1ZW5uF(r&AzmDUoU(ghGG$XOT|M5(`t+X77egK$cVUY= z77do7tOlaj55e$mvu{LZte%u=gTFnvGj`i<=poS8((`zTs|M92w?lD|#gA#uG?bj~ zebeqQbX55MYGwcZJ>j3cjiOrU9*8d#i3gJd21~B~AN4(c6jJ}I-~aDZ9{(c9<}tj& z0aX2NW1-~csbk26Ixiwnz31yq9syHBEt3x5Q=5{Qp1nJ}4TbAa~u_{=#rA<_H!rdZo2SYKpQADrzf@lUJ3l|QKAHyv$@Nrp<JSzF(HIM2sn26@y5B7vFAK`VMOx@6et8*uu35$n_R z&KebF$LgO%F(RiEIB_``C@vc4=q!pazE|LKs-bjhJvVOme4!Xq;;>9u-`DCZrDEo0 zZqOSjyQxqZCLL-8e&yDm0u!SnGN*#JaU7~P1`n&wF;mekTgl*i{$UX_`E=(fZslKTNF?sHXH)sH7o{3kq_t z7L=h%P}9ZGO_u&W&{`5b5*wc__J~QL0*56fB$Hk!n4_IWy>TA&=uV5lD3MSR`yDpU zXRT3!{&KVq&cOoC&2633UnuMo3^w~`kj*0CP;g;pXq~{qhdJdLXuxjbTfhrTl+?;> zzaK0ep*__+d0nEj3nz05$ludOBc6)9maM`)ki-zV*CvjBJ;f z3_Jhni^1rwcGDCWTo@RLKy+940 zB|QM6Coxquc^ZEJqt?pH71s#i!<>EcFs+mM3ZE9_I6U1EQ+qXn_Gt2~#a&NIPCOTx zhLW0i{!#EVImm@NV3MeGPk_DK%$Sl8KthluYk^zZBmCqe8nO*qVBHwv`TWkaiJjt5 z>!SC?c1xg<=`PCF3m;!nM)Dm$s)A@m^pROHtvMLw8Aws~0vmfAZu01`LPGXRN~{O5 zhGRrVy~EJGNZ>BUlXb@&+e6mvoEG0*NCv>UV3Dm7Trd#GAn*x5AmfhO1En$diuF?> zfMx^@0>l$&C?lK$8$KK)WpeRmJe2umpJu0eKF`f%_pjDAtU(+C(+}eb6}Z~LG6rCf z7e_QJD%VTozj|nq^5IZnk&54P?}YmEE&(ObVO=?shC9bp)ugeRM8-9;dR#bi*%rF1 z;skp)c^WerJPSU$h+xKwrNC^ATGECL%KPZj3a|U~Xg`b*jBH<&OBY-__?hSj{EGTS z8oYEKQM3+Ulxq`@41(Wr3k_u&?rn2+&3b!feMo3rB1A*4^VPYk7++tI90BNb>`#gz zvl5XQwsiCx^DF(!Te0QQ1VO`q5&r6;nz5Ik)kAnv##uBtE}D2uPe*j3zCY$rsBOtC?9^7+7yDB7$j^&fOi`Vz9}N!JpB++o&1M$e9#hX#c&<0Ng)U!Nf6v{S~OeLyoBiQv`oKlaplJr8ubGj1aDaSTf8#2QhmVzS|6tS=sD3g!a9=#B11eVaN&5Q6P6lHTu(3; zF*Y?E&(h4{Dm@U-5u+*Okei!+J4fUogV~B(!uu^D0GYkCpXm9UwCR5G=D(f1VeRmU zCb`9t$^f|3t48@0Sj7%?d%rZZ3qBbLvzuWf##$x~8@dthYDN6kM+_av6@fPZMT64_r3(m3-N| z3Z+(%B`6_2)Nx{$r;e?OLj>?(O`3=31aBJCZDWVwlVYK?8FNf3e375j7dXO}3C&5| zz^sBm45FA2e0H+D2l3(5LA81ha~7GUQ9+!n(bxM=`gYB)TgB*ImI~)R_Q(om1RwyE zTiAe-bhrZm9ceb!3D#hfnzWAg8RzlqB%KzzA2K6!kI}JvAcj}z=}FmhoB@TT7Y)$0(myb^XL_o>{eS2{6IoO3w%RshuC6ATbxut|CfaG4k< zh<1Hj=QBNAG&kaIIcQutZ?j(iZjGfQcM)cnd?SpoopmQVg!mEffK8a0S~uiyAMieaBm)YnnHuRyL$m7g z$^j{0=HrvBmQnTQTvIrQox)uQpk#A~!$uyvOB#cl7k$_@`qyfu617^0@!^F**HGqX zpP8Ix`Pl953-wHTX*CxycAXZT zoO*RJ*n_K^>q`-gesbdmGPh zmlqMbhz&dz$uBbP2H zzW#{FJUi1<-$RA?XnLxTXqLASZ?Te}nq{)&{%D&~MS7fBiBt7n_-Cmstl*1xZ=tJlVe||G_ zCT>M=+Q}b9X!{EBY^8_J(tHKSwU)DEg5vBGL%fG`;ELEsL_spu zr`iYAKCLg}x1Mr_=|A#@NPs^pe4NE&|`=sYVU- z+Ob92g4}oQGp!>PtxCs7hlU*7j`1kzQS)eTI#C`QZQv;@7S*{N%5Cj;Br6pJx&S%~ z%6J)nDkVfXXvwt)kBuN7+5;tXqHan3@ZwJKL_A+XEbz=BBfN$iy^#!farESi`0ZwK zt~+Iker7_aClre799kOaUS2sWK`SIEdVRolHwq<+a)i+tXSO9hO+1e^Ez9vRZ#1BB zOELBEQ+qk4opGn#Bozs?z_^llcU*m5Ao^49p+{LfvZ07m>Der;4DiW2e!aZ zW#HJ7`>vGMp~(c+rd&G#$9s<@=o*ynPL~|IsB~1(U^b~Of*mda%uo@{@fL%%Q*=Z- z*LcUQ9?%p^++FF?8Ox@WV$FGnP5+XiI#+xHMtoY(x0Xp790CTzeUNV#Bj_}&N0+_g zC#mmtblN}Hm``z-ye&-O=rvRK3crTY*1}FL2MRVt9F-nQ*<}b^c68+^IF`5EXComT z=vAz$Z-dqkexkzH?#y1ckX}DPDn!V5Buuw8dDAF>in?YQnC;l&A>nk9xg$}kQ~aLx zm+ar|m@9Isfm_LENtLCR*kfoAVUXgO;lU9alPm-v5#sy_Tx`%U7?P1DP zT*i-Z!T23)W<9c0(3i|i6z*S^cE?^1Rfse+%^x7RNH+?se}p_dR2imuQdqY=>;UC( zAp8!VngH=|pKT(u;ghg!Ge`4esC6h zT9vOKCu`C9(f62|t`or5+f1;nw*4@L6^y3I_;h|?Rtui*++yt#d; z%Xv&a3M@N6N^{Yp#jAqIVocVEdkkGp{s#0~)AGK7m>hN=Rhepl9b0r3D^JKEUh1E( zseZl^a{N=S|C@*-2UWXzEFdpb7GL%hL)aJgKuo1QG|F~ZE4}`$2u7N8$qAbW3Et+6 zP807^&%E|ueE1<3`V1n2oq7!6ney;M7x+6Wn9Ur+Hd$rXr^gs6f9!i#+}_(tEy8OU zOfg4UyoKPyhfc$2@mH7HyjE+>?a)gSbfXcki;eTYGCt;zb-cICa^_1c-+}lY5nMBV zVFpS=Jc)^YkBKlX>(7Hf%p0+3YOWXfWORE%MWD|4yv41;YioQfDsZ#H&Umdth5pt$ zX;LkO7JpVdY*GP*L6oG~^iWn81d1i!kEOLqQ*YN8lD;@lNf|6ayB+xQ0PAL4D{R#6 zGTt1crjF0cFw}TAi7%%;g_(?hTw`LgDB+38S>7o>1MjJbew?!*Ib4q_V{bqPk`Lnf zvprHUX_)-voHU{PBaRLZcP<|7dLiMRvPKIaZjUs_Q3{-56Bo+OlD)bT9GBIk+XR+ z9#Tn^i~75It;xxYYz4dpyr~NQ18n!XC=CxUs(;W`Rbt&%3x`@4_)SvbJrIJ6ru-!} zy#m3f%4C?;9x9@rXWgm@x^Na~=hr@K{lVca6U3BMO;lodhBDX2Un|YgtQ0Mi+cdd) zVRe?VhxPr(5Oc}5qQ~AWwO*&8$P;?6{}|}pr$1Z=C7vcFz#V3xL7ceY+@)R1*Jn#@ zTnUoTl@DJrDN$WaQT-s8aZW7+YO_P;LUbn5;fo54=*?RYqJ5?9n=6n>$sErdm@&=6 zVu=1JzLG;P~9Wzggmlb>lL7|6sL;C*i6DwEzN&Bmv3q~#~>Q3~~kA#vCw+^d>U zocbOp;3-~7Qb~I4GkwLFnPC{c*r@Ti%E|lL9%EkIOp=l`$E6ohY!Es4*-wzeOR!@W z!%_s&>239-<%1l3%E(h6Rqh1{(8t!FFWS`|j9NS()`( z=9I*A%A)c{PZ3|wY^QoK#VUv!*(gLrjztzweD^GoAF@1@$u)~pyAP|fy^@n`01?xd zzc6gz1i~da>i|S#!Arjc&Ex*H2_l1e(KqGcax>ua3C-Zkfg$q}hod-r4Q` za5#QPyy=xagqNt;-xgeV+T-Q%O%t~BG5*(;YHRr-&Wwt(oeEhS_0%(P8^#Y3pupV6 z=C~QbY9pW5_7wgQJ)+PBZmx#gZcB(?Opcd1Q^B@UIWKcpj_+75I&QiGSVdCdr)vg@ z2JaT*AYxclP@1GI`P6`p?!4Qqy+mtz>|u5a#%%t_G^1H;?q;ObCE zpwn-6Rg(z{h#}Nbq;15}OEY7-u_IfDp5EOYvSyO$23bfl7eDVDOaF5z@BvyocTod;iTTovRR)Vzja4}B2XrA4j z*%4xVZzXdws_Nk6JV%f_#hj>rN6-}bliQoQ#8jK3$(cPogLxnAM9(+QsLzGB>h%u9 zSlo3!eBor>eNsB|zV=g88C8rEdwAY_|5nW*Ve@>OF{WLX50IO2`i5^soy{LM2qa(D zDCjnZ;!ioXqG&y&p*lcC&E8pTQ zu4gX$5hRgK!bF(?GSDinQ3J>}sNtSfK}v8vg-EL%gj-n|DrSz9^3@&EQ{#?(^LeaQ zd(bs)bu}QON&FddJr;HVIjqI72fCsG%b(&EJzJ*zWQtL$Q$TXu1b@@mmqjP4Pt!s& zi((+^5PWvF;PZR94Z+X@iAw>-OZ^DILQ7zBg)aBVcFU-L0LW-aTdjm`E0U%;&qmw$ z(}NP8Q~*W;4ufITk~lrQ$;SYCEX2D#b*SGUP+wEcp}5mdtopL4^o2=Abkj=rMCWTq z4iYOVyH0uu$gfN_yuUe<@dRCly=dbyrsiV1tvYDtJJ)RLX%V7}7Px=tlIig`_2SS& z#Jj+QeI0MroG6pjilnMF7xd+?t+Wf4suH7bW-C^AZtcFE?mrWDe_Q>>9iGdeSnCTX;Iv`@ovK{T3!rKCz!y?gnt`KgYsarV2U z7f>7RqvU=ht!S;4<7KhQpERo3jHIoV z#@uX)Lmub-gm?6joTph?ZSNY0I>FdeIsZmNYZ68Szlmben28wK zp1GbnJwYJWXr{+%@J+fDi;Q{ROX%PMxw+SKy@`-x_{1P@`+qAp_ zD&@YQIMFY{SY=-IKIW-m{nrk}8=+Ds?|^h5iZV^eZ%ZZW4xKV&SFNn-b$Dyp6TAK3 z)YwPn!u!u|S8Sh%Ry>3lHAsSs<4vZKeuyLeWH3>o-@I?rLGF6{Kx~u-S6r+iLzh6l zr=@vx|6>rZ-%Y_s556l1hXI&0X#a2D2LE5ifXEB1;O>$*!HyVPT|K9uL9XunPBlN3 zXHB$zwQL4>i$nKV*L#|wpG$Do_~aQ5qQMO6P`#U76qd1MDUTI~(SZ$X0Z1xWHOzLCIK${S8Qn_Hr(9|AkM2C~*A`Lei=p&CyYi&I zKA&A3NGKfy+=wWm)u&o9-ZwJ?@iSjcjV4S~*x$HuwVWrtvSizFjch`!Q5Id8=<=aa z0l~Ag5Y0)&KC0N6nU z3!J;xP5UTZ{u6)SW|yOTC92#zG_?I|WOS!P+A>=9G1}Ni-~-Nu zhqU`q-;gdW>f>4XNVKN_4M+KX|52I(4eVr&1K}c^D|Qy`^mw%l@5)+H(O-N1Z3|zN zO1zulksY1u(|nI&##7n&R^aq5`DMNhOir%mi`T_hseQS7XNt5a#f&CfX^ppFh@VURDq>%gri>w!;^ z_rN1@4G=!R=22O{)F@n^l32x9{%V1l|G=E#y+nhs7`|hMxBc4Z>k3jr94ab#4KO{^ zagA$!1-TlSF{RKe4hYw(0Xi3L**5~-9p>FpS|N4j4p&C~9@giO86hOA)0>&rw#Wr@KVN8O$Sp z{s@D|(N2#%A1W@5MMu7Tx-Q@P`NHHoE}o@9H>f{?VhC{(P}*VL5)<#n>OZj)i+zK{ z1rN7Zyt!}4{K1ftq4L_SI2U6g0|l?23in3_2tE{3QjcVF?SiV}pJX6yM;5%o7;>1`ZDoPa!v=iYEhki2CFs&!%l9-q(h^d3&C3W1c<9ZnJ%Pq9U2;Ze$Im-=%lpxrOH+&^Zn=iab(F;lsxgj;9>U75~a^!`^v7!?}4|V8g_OMP_mu9+!e> zf)%emDaZ_3u4Sf+ljsl(5y`2kNx1dk5yPgZrN>JvyosSt&H|DVZ`DLT`$=3u47j%` z-9G8V*Vttq9p)A0zc5{3f9y!4Z`#4be4G<00b}C~AWX$F3ZvYRNQ(tG^#GiY6{6xy z@zI?7!`sE84XPjm&ySJQ4_{aahDARyO*fl{9=4f0?1!%9ye|%1wVdmV{(RXxjrO`w zq08il?vd{FnV$E&qfH!GOrET(MiOYro$-P}_pqmud{e!HPH)Tv%&f1@^a^yVt)6<7 zYC)Y+T^w=!kT;+~4h`g`#RCvW5~T;>I(eY??4)4)aCiKa%cU9hZh|NOa|bu-0FH0Y zB9$r6EU9kApN=~lFv%6gz0hNAf9>K}f^(vw*2vWMg>IKAxm<=o6oUc}P>Sh}pvJHz zk>XNrOLaNfebstc*u$?WxF+Z+aPiIO^)`dtvb? z*(QEKU;C%Gp%qf79RPZICX3ho5@$BS`A_~q=fl|sS34a;=vX|AxDAv^aS?^cNys%5Ovq^fkFMhi)N zh-!>j=@KUcv+ry;nZ;SN&}9GgfA{PB2aL}K|B>N*dlC%rCsj~H07X%@9mz^+?lcCF z?Hk{VYk%)gL=ogiRt+~MPkfhvXi9gH_^D($cykjL8O0VNl-v5Z&-L$;5dTUCl7Fev zYG2jmZ;Iajt{86r{l6{}{C{JYn*u74?uG4AyFwJFN)s&QK10uFFNZpbc)GMw>bx>)Xlg<>YB%)~}l!(-66r9N-bQsc~@3ZyUQ_weuAGgp*?g zzxC8#H+fz{`g7&?jzXP5AZ+`zkv(nFU5LGXs zU#tgFD`R^gmEmjh23K~y#M?j60)jv0e|`Y}c>TMW=kR|X9W$lCwzXC7fdbDeNKfy9 zXl-TUd6Q@CLX%`~zh^Av^a+1@&-hi)i=gd8W);W|Pj05epzTGGuSrk6lEMYCXHzX? z!vKOe7=O!1;JNM4ifx5V#aO*epPGH!nGbPvlaG&XZA$;k6XBmH#{Jj(4#)qzF>q%) zWNQmk_rxu~7HZ8l30vK^pO{zA-Y)#yy1bcu;8U-uELuDC6FwDI_9ZQK_;P7&~J6!@`cDIm?k$CYv&}9aHK$1txY7f+!bKSmx01)?t6{-Taq3ib|h-Z8JV4D!U z`5uUx4M}v5z?&pdp}zTG+Q>&mfdj1o*7uuz*bSd&&)_Y#Fu;jF{Pqk zJV%3eWNAQfit;Qnuucw}9*n{~i*tEomrE6%9>7p~#wSrjN0}KMFG)P+?k_ifV0S&f zBR`#+O8+=tm@hpD?uHq_8<>)ko!}ankVzr9hy!}CbkI@st_<$HExpW_D>t$-lz98p zc@BKLuKjt7MMBAesmX~`g_AU(awPQ|HLDniHAyirNkkKu5VUPRry-M7-$ucjtOBw? zS|I!9rbwhc(30+g_K9a6U)-ZR-puN|#EzaD*v`A!(TAGbAlJ>2UmVE!3(`7jdTd$&eqS7%}C*KK(-_ZIStIj z{6kQ*2N9Sb-wuC#&WD$p%1s?VoM(WmAV- z@)f+v4pdE2#O(y)WPo`Hasm)KY9mGreh#+ojnI9Y)RCmqM9zS2tF32?5RP8t#|Tye zSZMSAyp{gX-WN;+@d;W=-_~RoR4anMoswW2e?p=Edd*B(@J8vO_6dG-1xzZXU*g$g z&hBbQEneNI|Kt&-Txu{w;9ravStm4s%OYCnMf9G{Hs5T>`^?VkRx{S(h`zYvbma7L zchTcsAtXV}Dk=k?dASJ77I7k~=f)F3|DYy^hrNM-coa{Nw4P80S0X~Q*+Ze{mDy_i zgd$JP7P0G{P(cDhn%r;7jOUs`(c!h5ja2ip$MG4oBciI&psJX!rF!cteLM}5#=$)1 zVGMCD^eqMgmeF4PlaQ#CI&cxGs`g|xAaVCpL2DYuVU3V_+(deV4&FqcPR$W(lFTmE z^U1W$_N0Ar>1~WvLt6%%os?b*4NW{VMCM(Da1YgT%&brys;%rT`%HQBgXPC8!JzDm z&(FUVcnonnbDMkcf`+X~>cUl#86P{`V6U<9Fc3ok8VU?VlUb5%lPr_b;%IB&eSxA7 zYlbylL9th_n&@FZpH}{KXEGfroya(gd{%b`Pm?}2o>7Fhb5As`I^q-mrP)j)O7xrqR-xgx z1jlIe17YW)@m3U`|^YeeFZ@X_~L<1}!c&^@dMlnr-B6eA%J<2)e6r&;4E8j?KEd zf!buLK^K%0WecSsGN3SS88v3vw!I!hA`4OrQZHlYCi3|GXT$l&^916w6&^OShj(qT zn%Y(nrO1(Q;b#XC!hpsG;0Ft)oBAh-jw4zBe})L zM8iQi5*=#%46Wi>(8>^84QuEL*qv&AZ`(Js+o>EPY*A4*diuHMnac;)&eU=okW)P5 z36xBZ25RG@v$TE8r+XM}AV>VPss?((r0v{F`qDx^QShsFKa#r7q=y#};dy&dS;ygy z!8adG6*#Nl$^!apzXdkq4Q9BFz3zaoId|fji0e9*I=54=z3ZlVD#2G|!H2oz6#G7N zre{SKLqH2YCGyO6-MV87;l;jLNiR#^idwt9vUcKpdgqCzQpAmkvRhT(sB9{MOfgth z2gYL!EKh@x~30F0Rlp`$vZ9%H2&y+@n3aQk7pZ zQ?YVBg(#1GUjcZrNAc#S*q$&)QDkXaUn$o^@e%uNd#3TLbNbSj)8_7yvJT@3as2On zzxJ~j_`~@~Zxwg|o?8558PEH*04D`;h1f~HzOrvaeH)q{164KyMYJ3$_qd-+T*g;PMcF|(hu3m*S5}vg6z4vAw<>tInI|&W;r*qv3|uaerb>b< zW7CSvh83mw!09!1y!h2Yhm7jpG86M_=Nhtdg<$s9VSO|LTvu!@LVkjN)(pc`9reS43~682;qbFxzvst`)DW3|HIyUKsD9w zd845SNL6|d2na}1dQGsR?c#P{jae(T=-)W~Nd7lde9!KXsO z@Y>HnMv|Sx`zU1DcZSl3Wlrjebaw&`WaBRtW9#lVxQdL`wxcHJ+F)!DNe8lMRBN*+ zK{6(%yr!|T@|$Pc(zZ#bkvUbEUJR9+5FWIefk^(34beUn?}pEFoY)(MsIK+*welRnpvUmzanV)oh}lgIqimU)($ zWIJG#AN+?8_zOLAp~38~{$C&lz`OIE8+89CAQjpfpW-4wTcL+iHl~!uU!Ya(>irIT z`<}=apopdSd&Vhv<=;+7U;i7>-p{lkhaCUB3P?Qp!#BIHS>+d~ho7)biR14&PVTjA z29DOlgJ+|}9;qECciayB_t!g=U=}U^2#VP(K!Fc=ky9v=&+6_?J$P5)U&jc@U*G0%VYfu z-YZ&IeuT_IpuaY*!p5Ll`PQhw2sFCe%Mn;?HIpvhxpaN0#;;3Pv3H9;OQ77$F6s!KU+@#sVqFtwe7YkIx4+m`5Xe`iCk z{Z}>KMY}D-*ym*+dT$LK&L?)n)6j4)&uWi3diX-SutM);u0DuJV{lA~z1qC2SqDeg z52tYN%Ma$s@0*{X)0?@hJOIbe4jd-V;7TL@I3}cE$}KI~{ZvTWk0Zk`O4E(vX#xSB z7CPpU8qD+~${;iDn=K+{qkL6U0x`_PSNNv*G;|_$T&aKT9^=XDN>_h@(lJLz=|{IP zz|pGYVF3nu;N>)(ht|DC=Ins_2$EOLe| z8o43h57fveG0GoyYjJAi=-*R~kDlYlaqi?HG$23YMb3Q$WQ)kxM<~!QP=h(pI<5ds zNGK#^5&@KLD!sufqQVeN+Ee`;1Y* zcz~JR>n%G@lJ$H9GFjZ20&6q*O!f)l3c|tXCwPNd(oXz0)NbZs-XM5GC=It(qww{A^LB z^Nk6$UCK#vZTfSwrW%V32KPRlX}VsGwl}dBR%7(ezgCvFKA!Q&ebUoouCzfu48}xu zie1gf&+4wpXokd1Bo=Z<& z<;h0$>^o!P+q|{&lJBJ=oRVh6Jl8&Hk89f})wuLDt5;T~A2ZV9aX$cN|Z=a5wDr;Nm8X4KT0>j^wThk;rw3nH|wYoz%C(oAbVUz|#<)%dE^qH^R?8rlJ? zREXBTtB|N-N;}n4IBiF%z$w?&C4TjY-6Ec#yj%j(35%(WR#XMfc)r26c*eLefA4f zRcRnOLDnd?bLC%+FjjJ_uac)ZFZePdP5&n4fOnZ|Cp6;3_~$uV#2L!RJyIaaD_Yy2 zY>tTTHtW|Zh#fMh4Os9o9O8VAtRXukqsGC}NY+L^f^BPHHXY$OL&ct*^3H8DzT&g> z+hphX7!mlAnGn^Xm6MZT_{DyLSF1vlg9h<2im~x#uEcVLW8~1Rj<$(1)tPdsJGayL z*qy&G6?S_Y@@mjNy-=89^wgjOe4@JFaUQy1REBsosysT{Xn?b5A|!0E3OKhPHLeRa z7{%AVTzr-9tttILcyAFbwArlgK36fi-L4RWj57>t5#bb z3kYmz6;3?6`@~#Q;&ukb!HW_8(3FXdw*UQ9|J%6J@3SCI>{Hbloo7x}KrWwcsioK8 z`pFfw0VbVW9iBDe30rvK&?e3zcyKV3XQVKGy`Vq zHeQiKN&MlOe?~F+MXE$MjaJ14*j;0MAhvxnJ-j+bIevz$U7I%EW)|{(J|vRwopGRj zj(z2Qsc*jLpT|21rkGmeFeiy#UBbdm_=32q6%~82n@L~ltLp5(b=T3ld^)Fl?sIqv z740b&d4IpwN$?w(Kqwd4aAbFYc@@kLD2DsRHh7KzNpr$Ue13_Uo%?C_L0*SRDx~ZBrp5k&DdnAt43lkKjC1%mgofjpsrD`FGpx=h!lju~dpccH&4%U^ z6sAzeCdN2=%42I_Z0q0jnDrfQkq9GcpaiT}aeD}*dEz#%+;pY{s%^9fDkT}cARU+U2v zC?SLu{vZ+|R|{Qxt&YRc7xFKphZO)ki+TU0WTP3+|;e&~F!O_Hxj+e9!BNsV;u zmVaR^*n9yW{}A2nBvb1)@W3bO>QVFfK0D=Qsfs}VRVYpCkA0cw3_b-f2ZoL>oX

zP!CM16FYU8UFa0^sC6P2=Dk{{O4(YP1yEOJ3gFcH12^#-P>*`>y?UU-ObVPm%ceT8 z)n{)@4EwO3yaGJ-(5dpKg-E;nF>fT*p*dR&l(hr_Bk8$2h!FV* zHxXO}7n5(LZ^w3vO2&>Rf0`aTaEO~l2r&o0M)Vh-+SJ#|T*n9jruMM*UK9DQ&ZEHn z7yR-cJWH+6C}m+2%3B}ix=6!bPu4jZ_9*S51>q2a_S}p=e2`}{>=FyWqV5yj@F?sYU^I(jMyL*M?&@gdDH%RbPch09 z6IjZy2y%Yl%~W{`L=zTE(6QVXp``Djxr}iDyhW?)1G)@7m55sOFHuH!mK&suq# z-ex%U^QDG{V9qX+(oc$Vi2mF@JyF9M-8!qc+%CiCxw-71m(ahtF7hC(&dEZa6(qGF zXgL9^*(|LdJ@~w`bkaEi& z{=B>&a%udmG{*Og*Hr2bWKn12+a}i*H^iD!3uW{v!YcgTH^jRPaLaXK!O{NDBHuPTnKf%3sB`? zT|br_Zk|G7jfV?YIf91u_C0c_)2BFcdOm|?!_p@U;XkpGZJ3zxS@1}sf389CG|`6Q zuOl&QokP+YQvCQp@61Wg7iMO<-4lGbuH1iF#sW?S^OVSA9Ethc*z=IGw8UXJB3Yitg#5oEUpk!{i?s3YGRU zVv+4;BFV=3&+@{OYvPMa6{5kcjT{8iHXaBIF)Xj8WaU85#yF@}nib{0kj&U4Pux8k?CP6Spe#mNi z;9RbvKGPFu&^qioQJ(>J%y?pX7}Ms2b|Dn;m@0VN0y%0ZNQb)5#Ljt zehu#)^1k;*^{Cudesfa_PAgNVQ_#?5W~prJ-ay)-wEw+gg9dA|I^H=dX^$;dH6t(` z7h={br?^ELcy*Ze{G(IS7e!u6=C@n7nS(O~M@z!QfTF@e+Utc{N}aYU0=f_kqq6f5 zrt^?vGjAFe9eJ05)9T?5mKwqisbr1TZqo-0mB(*)_^BdU5ym{5I{2-1TvwNnLVNak z{H|ugSo*um*cCrg-Nx4DV(h$f+VH7jbL;dz`iPLH+x#Rb4hf6`pnM2OGcWOF&gD`o z1F39@Y#@x%l#No19gtF>Xu1=*is2A|M<=YxczCD(p?5ES=@xG=q1dd(Ge!&FRr@I>*yBDpW2 z``G|T0DAIp)Km23*y`Yt&Dte~EmkQShyQBxynmk0|K~^(R;9nI5Dd*lzpZ^j)-6`F zyeVjuMG-3|gkP)FLa1;$=p{OO8^RdgCHtkTGIp$|*#MN_i6JD6* zSr`cmDA4}2`Q;6FqzoykX*uapK9|>q+T71=1qvQew*6^y$6JT6X+gr)?VM6dB z8)wV*zpse<2c8uG)N0n;ze~>lDTX$iB5@qB;_~Ri?8|z9j|}7-h(Ko`4*LwS7pB^!ZUybJU^$jz<-AgXgg`0XEe(;V&fV0TJmkL414v(z)! z?S01mlY%~Pr~CRQ7>ntQw5jaW+F&uEU}EW86C9GM1780iu=4w5m1&4!{SE`2YmnBv zd)_79j~GNw>3Q&TNtlcp&sdo3Hca%7g=gf=HSQS?`wkZ7#C8w<=BNGRRoq;QNOrH# zbFTI8v?18A7(rqIZgZexj&G%{&0?(n{5QWDjV-ZHb;&j`jrT8eByKyuI-$Lzz96?7 z;hRApuPuSgRmV5i7I@H2-F;(a-{HUH^>ya>mg>yZb)|9op?XcwxwGN)_XhYc=osBF zG1dcJ+_&{QTtppo7xNo3%8%-U>Ysz4jAJFGGRH9J`W9?em%r+tI*R`>^kLs@K-QgX z31C@h4SZtdG<|PyTpAjV za-e~Nf&om<@Zz6`ZT}_Tb3MhGa>4^!CU0jf$EpZ~D7K#ADyZ|0`?PyA+d5JGW=b&Q z&`asji~#Jz4hXkkq!Y38>R_HGZ7)o>mjafh}}H;e_xN@ae5 z0-zA}_W0lvJt`aK-x7Pv;peh@`L5nxYRY>9n;uep7nAFty?Z~e;XP`R^QMFU0w&f0 zaONz6!>$sPE4!d^dvHIK^OsM*P+9y1^40+RgjnHal4UZpkdL)ftueb zz;P{5=1mjj4`gSi?gzSiOmj5>A)U4fVcR6=VZuw>Lsl}CNQtI@jkL9@kcE~@#n4c&r z#4UV!d)zM&$7(ZgT970@vK$go6q9q|L{p8r_cO|#&?|4Z2{!$lMn|k=r+zlCUJ9D^b}irkM*LkTBnn1#6p} zwlpn<$7;Py6q0^t=4cuHPNDIMh7)N{9>;*T%=rv-mj9B7^%EI~+A;P2BX4>r`ooY+ z|FJx>N9SLJ5?9X@C$5+}0$}wsd=K*2j3uJ5VDbw&$>Uk%Znh2SURl{< z+Z}-SdTru=N*Z^$- z+W~%YwLq%M@IVqd9=bU|`Luf^1$^}*jNxklX=%)3>bn_JFnrS588D^sc`Mu3=S^Km zn*ygU0OAr|xgj#YW1B**eX1OjefU70*~KHeEY}s~*3#zb_%yNl#?41pgE`dXEqm*B z1S{5&)$eP@#`=Bp$>5-KwYAS-V<1KV9ev@{S!$bp z@`dS6h8rgjKhdV#%p);2^%1^uB=E}Iv}v7EA&;+1ju$_+w(0He8Ij;K&up^H+pb6U zK8*2OIcR7C?gE;2|I+i_{5)l+x;5{d*#u1k}j6y;hz~5~Q zweElVYOw9}L*0Ph=j-iF$vK&Rz(g__Tad5^+r)6Ka8D*2q|RS-2{d7NPi2ydmsl718n-|bxgz&GF*^G^w%XO>q`;(PRxmy%w64Slb5pZTNh!Uj5)wx-zafAe^8@s6 zEIORsU^|DuK(I%@KvzMdIsZNJ1gvBo%Cm)#^OZ@^YTMuM@u2hJOZmZ>ZR9hP3BMF_ijjgq1Dpf5r0?0w zxavO01-##23ywk5HaIRg@;l3-bk;Ljh-?6 z{tMLc7@g3}3i!8XEL7DVa1ZHeqYsumtn;4sd09Ny=gnRmUsiYqy|*2A^tFEvk2hY8)#KOQvFJTz!qQC&yLgbI6M={pvLiIN(3j6h#W)r z4-a9CJr?ICyRfKs1wl8+Ndl~OT`R=0U6_hsk{+EiROVvrjESAo!dg4E%B0qAD<(92 z4D_Tw+{vs;8gl4*jR+dr4h5}YXvkhzilb#}TeARxjVx9_IXlEf8J9;@c)HjUOkA0YvAjy8Cf@DLVq_N_UHt*QFerH24To&alWF}Qr+)~* zYq>(=n!*-T@|;T1Z&A-ln3#+Kvcf+V4-QC$6a5)TD4o(oIX8h6Tq71F=XQVicj+O2SC^u)dPboo)84ne77BbEA zM6#J=vKFgLjhg(`FGFHE75F?g%BJdc7?fd?#<-UU8z%EvkGgIG4y+4u zkD;{IYqes&vOlK>*zHv{ztj*wc27wIZ^Ge_aZ0?lW@>D01iF1A@BwUb-zym1k- z)wHNLFmL@dvbS{rl&EiZc*wS`nzT`d}OnQ1_JC>ignAnN`LPf-Lj6!W7CdL2y=qkLV6^|nT;8aGRF@@>>?S_(T#eAtLbvW z=s;#ON+Q$UM;FD!bL&K+W{s(DGp-|D2S8+-C>**CnTTQ7mD08kp8vFGEVIe#F;OB> z_w;7e7dFA6Fkb1pUf(yHtsmuLq1@V3gp6Sv&oiXk+_OoprtR3xsuP1`gLzW#r@JJR z7mL%p3ylLWmu{daLp zHO-mVMm86Iilj`M@wk7nzfq<^Rm-i#NC;&k!f@au7#O1F8hVZ}7qdHXk{IkzW93&0 zz8MVD#KBPl(@`?aS6^GbIN{>iB@ncSWP~d%q;~>J$ZQ^BIU%T`6v%!&BboyUo^k-xr=J{a{$(Q|d&rd1cU5LCa3%Na%!X?Q4u=uSK z9ZYc)D0Xgt@47td5X-|rP zF*Tn>Xg33C?Xtv%PM-AUv%|Yd9208?JeD>gO9=}bDf&U1*k@mZPFB@GcAnf$JurQ? zS9;%T3e}~_Iewt5UI)Rz*irP4qBHtpgyC0DT=C{G_ zlg@7x-5*sq^<71uO4)&=E8XppCvSoFxK@C;oMZmbL1U7|I#M81VO3RCRdens*d)Sl z{Zm2h@DHAvewOIIY($x8M1G2w>=pZ0(kn8KSktEv6@(D+U?D_Rf$?G)oE`^`kw;uX z=&|O~Dz19@3N&=d<>IW7LFIIVAnuNjKBSze$Adb1?eqvbdi3QwDb zgIXi_d;JOQ@Z{Ex87Z&sHD^PfPsB;#fGvrn>%mFk7>Ul<&bVecPyIOOG+*XzD41Fws+){=h*}s32e>)G@B^H}CI>D-0ax~c35K2k z-;BEUZEH?Z&rPVxqA!8j#odtGr1a^>#DXz0l2D6NXrG%Xz@{fvQEW^UI>wLB4_AHo z(Cc!(q*irjMpszRq_{^dU9iF+;aSRsCo;oiC127#po6{!rrSkDJT{G&{O0*J{T;DM z#lzNCzbfWhK*jWTW75#z+Z(-2OeeY|e>_}XP;2!{XjUik0hZr3Ip2w?osTVJt2}M( zQcZVc`g( z9@Z6HEYmAlGYNG0U~At~aoYoNPDIwbP_eLJsqKW1!loo1F!2Rwf1#&40za&eEp%e0 z`X77xYur`Ee4j)(SXGD}>paUu23KzX%&y+WY$oC7I#FDqj00E&Dz~}GjLNl1=Py%- z_^BTr!)xcs@KWF(Ku&{n0t$e^erm=8l^HFpb+R; zeCc_mp7N&zYc5+2aq{Pg2dC~UO>Tdh)Bw!ERo`J1CTsWo@v5oC?$Gb2SB1r@GWg0C zQ#U=F^DEj9G#;3WoD&ER4@As(MBy>dR4`NYU2~@pw{Y9M@TXVsfltYogRoGxRbjzq zPaOw)s9V~8099ib@&cct`d7%>{Lw%Rf{CEiiK^oHoD`=95!Ccd49i>h#2F@RRux=r z7^zy|w_P;kU*J$nZ{~Df@cCROq%B9%JqBbMrx6|@`1BTUgdyHCNyWPHl5F~|r$!A! z{vMdU`6^PHp_7QCJN})%rQ59J6p|im9E|1y!k`kDnWsZn7*G^O_ap;d$c;R527Iw(}buX!}lZnh;tEe5`@U!2MOmntFJ5Uob61F*A$e=$dpihc7x0l%YaBVQ&4 zVZCC7x$E&saiw}4S)Zp9KUtUlxDjB&G{2Fo)Uu*~@q`gQ7|Rx=jl?R@7eqnMc&Hvx zHY3`fe_uNl#omAC-4(h8c+Z7_`K{I|(OAgLv!RLS7JU;Taiyy@<%+3gES ztxr^cgP{NX|DW+4ENcUJ`k6BHFOY*T5EMq&tcWfNm4U~Z;FH<_xGLA$#h69LsG*_G zbv#)1d}rUH)FSqxx?uL`As|O!X(2(8gJ!<~=GBRx$cPX+(=;4Gc}Z4BO&q1?yUWVf zc_a5y&Ij?bqa(2WP1u=Vpf>N&fw^5y0LyPd06Y+~8vO=fEpgEpNY&!$Kjzv%emG1g z6Vs=Efx1a-n-9QbGAw9slxs)fFI#dV|FWke%xmO8OvnKFDan=|ATROEhWP6t0NCg+ z=Lp76gDVdxClmmO6&S!RIY$40{lvk5YZo~l1BN*R9S5lYH>b+^r!$3Ce?Y4abv^8&+e`-9(!vyuq;{<_U7c@*8G1@m%h|yLQhRcr-91B%r&|CIY|6 zwqxLTIhAAzAaI>Jx;e3gfg~`uXEPI79Ye_dTpQ?4n4GY^ASzLxsYR0~8F%UOj;?8t`-6K8Ehw65J| zbgrsn;=H~wbvg3q;)$1Wq6rlk#TuQpH%itj{N{I67o=s>(DJMHGEH-y!UYMY(bCFG zW^Zy*V*`z^duEP)_dGy30hF4b2F;vN`EsIf*?#>a%@g5s?FzA)wULd+@8LWx*}_N; zc#>I73Tb1`-B?|2V?ly>=nFQI2~S7o9rTq7w12g0q)`h?xql_oYFKtVFCie;ZmLV^ z+}>yTys(U)=m-qwLqv#A*^13pltL8ZBDM${b@OA2bDbU!V?Re;H| zVkSYx8n0h~onr%HHVOdgXpBUIu?Mu);BG`^w6RQ3idX^TV|I+){0-V{8lrJ7oTt56 zf*^$c?i})X*WNZSz>TUr{_HTj`u#8Ei}ND;XlpcJ*AN2{frp_D614$nmEqMBy?sYY z5ncX%3JE|@3(a@-?}i@C&U9UNh|>k2Xx$Tk29ieqNr3qqj`C+r<-hxTINPT6FVNX< z1moilIRJt;azZcO$CPgOw6HooWKhx2& z7YOv8YqJl=xwIUXG%9dRuhq-#@^@5MIVxViVi&OVeK8d6)kpygg0Soa;9G*FN1F^y1?I)-k1*d9K$8Ikhn$S&q7T!pjs~tXf+Do!hVTcv-WygmGleGd z)g*HSJE3X8Jrx0NBB&*OKOO?c25E^G(FS_YRP_ z1-`1AfnG)VC0^&OUq5O05)sAEr}8ZnZ6>dcEgx7~bknRIDepU>Ac)Mgla zyn53IDyZ%V;ONxF-W4Mxi z!)vBcj3!Y1vqLTp_N-BcAb|4%DwrtV*_FwJ#H^q|HL_u2N1eBZyL3KR^mT=-ALVQ-k;0A_Yt?)NN6nyrot0=*Aczxr(3aNeM^*z_Q! z{Q_m)QVt=>H%@zzu4R@FYr6=KmRs9clADp^)0m+rDz5*W-2RW5+~dK2*R>+;=Bi!D znFbvSB+lw2ibM(~IfGK!x_zKIhl3@r&WHXcxQD(C063-pGBN{R!IS+_WcUVQ9( zq5v;U6r`(vh@yRRebkO!z?){vooq~L)aEF2MG8D@g!wZ^851O`OVZML`|cTAiPfeF z?lL!9J<<{6uXj@`I)X+7slr|_m$&_pRxhlRYRZ@JkeoAa@UN-2)8-(-5uSs4-M@F^ zi8GPyhJ16ADB-SP=vnSbn^oWcD8v*coP%*fh~Y{Fx`cU$we7Ko*Cqo>J%vUa&QDH> z^G&wBQGD}(6)+y`>+|W6jpMv(KOJFyGo>95qA5Cyd6)FPvZa3DNhm$hv~^Y_;oXR5 zsdxsC4?>t7;?~=$k&7Cwc%~#QXejoezeme{^r3{fQ{=$ z879*q>eF~E*@L(~510*3>O?F@i#Cn=o47ApyB?i=dFsVPN6Nf)$vC2F@#RBi!+2=~x&Ckz@~L*S-v|0c6ryvL#nq)hFHZ?j*}5CYI-H-Itn^ zT7U)-QC(2_QiwF%^7E{ihX7h|PGaPUldgMa*0wV_Ekp0+J!FN<8Sv}u^VsW3Pm{8K zf$mL++6OO;4!vdXAy~o^P~Z!!Z9y^04jR8QBQ)OUsxGODy=7uI~H5WO+`drGFJ1??`v=Op_ zhPqz|O@g{Qyoe6Xl9ZR|V=2UCV(r_NY`$@ANILf{*Px%RSLJl(r#9P((#49PwZn6X z9!_jKThCExWIQ1?UjJ;P7SN))QE|D@1kXu zeg?*1V}E}B1uB0K=zbQq$;PS*POjGyxPNQl9VjV3*mAQlT16qu62x`^B0~%U+*hLM zT*PU%Zin8kvxt^I&`|@JBAaSJZyO1b`$+V82M@L(jK`x(`?22;P=;(+T`_ zN=yZXH9X%IsbiRt9w-L#bz&xct1*&wy&fFHVOrNXQnDB4U!8tE?fVN}iA(L}$$U-* z*NXH7pFY=a!!~1p1JHy{!T5Fo{RBMtzZ4en(7M!f~<>l=dhfG z8jc)-i1&3AtxjP^LK2xXVA6}u!DbEoJ)0(@&8)7hibW4Co3}PVXfjC-Hw9x;hpmn&kg#@h%_}G>lx&A z{6h@ZUhN65=lMzaepgBUs> zF`R{LH@@dZGv}Itd8+N0qhC4W%1=HsyIG0?nKBG)-=lqEOC#`N!9!Y`KKd8vLDN|< zr$;tF(PN&Cn|#@n`Ro2-k?Q^Z;&Zyu*;87^t!$)PhjJ|TyxTbcH2d){&?#c&Lf1wXcAL>-GAU8nG!D#K zrchF~ZtU^Fyk_jU|9m@(i@1s8r1dEmU*&lCp|_DiciEsl${b-qdG7~{a!{)w!mxA9 z9B7a0~$A4-tqvNywRW9*7MOQxA0cIt07qz34xlWd5lRzxG=uU*ikpNtkohjmTp*{E{0_M{AjdFe3Up0$WeYm=Wkd55&gJqvJFm zCV0}-=9}EF9UIR;e!;&!^FnIHak}@1=Zz@$3)53DP^cJiNl>yJG#t#kQRUHO&?cdr zWonK;bSzl&c7NV0;QhV*OY(Dy=B8A>q0*O9@48hO7u0Qlnk++9$R&G@h}4ZJXCd5{ zO>1f{#KnBgJ)H%bZFy8KqvT6Iize$+ayo89qB&@CN_CSEd5BwPSE~nohh#_%ac6KGtC$;%$PP+r{<5M1sqnu z42XvxN9kU=6uR1Mg`KY*Q)amju2>6@*T3DvZ8SmDvQ4~5OMSuN1WDap(;|jsj6mQq zF=u1J-0n6@W%;gWsWl!}Ii4n|#|6rN{7~qb7ynVc5W!ODmVK7eNDeNApLH!$Zj$*t zmT@2B^H8nrY}vRJLE2y7S`76AN%4gEri)D4AMVtZ_A-gD=&pJ zRig@LYT~WkSY$gd?8hZ6@ulfh)}xs?sBJZ9T-xVqR1;hlbX;1&Y}zMrm}ocbYi7;a zeC(9or^@Qr5VExB17pQUjEFjs2*8a6hQHoz2K{c(mOx$d$Ry~4mMY{YrNW$fM(N4h z5IPx!vEkNiKmI1C5k87asjGJasjBJ@K0>9G3`P?wz(5uf$n9rw$>tHDq9@;l<3I`{J&iZR_a%yuCAa= z^$z(&f!SRjP#e2J{~F-|I1;EV%#pZNk|<(nXaoQ|q$tdTNnE>L6tUPs^1r{n$r{;> zKAr>c084pr@Xif#U9xcZ-Ge&;97yJSsEO=f$V)!a-te*Q? zd{Q&zy`FFUytF#5xwfgPa`?gWh(F&#b#-;jkL;i~27)*BnY0=%P?_ImH&Um`zz_WP zl|?6DST=1tgvF|bxl<11MMpfV89cGUudXCN`-ytw^w8U~%%J-5p^)2MLRGm5#HzFK!YBT$LA(bG#z1rQxfzJ-=MCTHs>9smMq~Lv7qFk=6t7w|~@c^$KLx${A z0m(~1l=P1V!@YiXH*TqFCd)uka|pRI?| zhkiv>L`LB@Ic)ITaSQdMB`N~O9~hvu4}Sc7`0k|x=g#P5$TG-Nu=b)unV3v3Oc`rY zU|9<7{~4;PJ;|2{oq4u8yjlg|K)pme(hyLXNrk+SX1i*08Ax0kq>zN9U2~rNzQce0 z|KFeBWSL05K|sgvnpn0qvk`*}CTG?|#nP5Nzvf7gSl)0)3mcu?`S|^g_fzfXkKfR2 zm@h)0#H6?I!1fHwC)%bzR>wkRsv2W;95<;arJSy`B=xCFi!!U87h|>*9HgUfgGEDh z8VOr<_%@v0`%FqvzI9t+OGsW&&X`A#p`GRzW7#JkcfYdIf$kqn5*y|>6XUQ7NsqT9 z$R|pnF}t=D7KJ_I)uq@Sk6>cK&d}Kgy%YGTXOd!p+C}IpS3s^YkUe{BWQ}dudA@LR zNyahh*1v`H&lUi{C=e!b!YxDH**HI7w)KauEntT!DO9N|@ZY_-{(tWI!`R6tl)OgY zd5qB7G4IfZ-)qkY5?2zoM6>cmb1k)Ezs6p-t%xQ3EID9$c{2fFizuDa3wbcN5lZR8U!0ZI1dwo`_Fr7or&v5g)}Ok59+2}@d)qRZ;5 zUFe^yKr@)$h63RKUm&Cy;Phh-s1hTmUD5`7^DS}%3Wsg{s$;twHNX0#qV?k)ADbjwH!f1aliPc#ah$?lghzj|+w^A_#gR zY=1p25FV3{Uk3OR$hmGH2WAvZIQ1xT2e>hpk43?!et~3>c!^_!0ZvQcPT-3W0QV2d zGk359JytRJyVE#LFSQNaUFiRwWA5eO{Y^BS+v|bup0-%4e%|p06c9tda;_h#(=^bY zF#?PU{_E?ambJ~XU}pG&etO%n{IFcLr{+Dr(yd(fvr8+z+2)aOXOYCtdQBn-9GgC=ZckRIKUXc#8#A@togeZZ-;Hk|}zJGeps|v-dZzEDP z#GF&qK+pMj1=*FtJsNXT0wxx;!C2@;KMVcaJ3;OAP9Y-h&{@S#~0lw?e`M}n_81Th?vd!s?5S8Y4bJ2RRT zQ%HT}(`r>V6oYZZL*SlBgiR(8aX!mps#rFb|iV!fF5LuP;C8y5F^R>dsw%T2D^ zPrFsH+|Z9n8z1fl1qJbh;ZirtO_=ml_BP6|)G}IJW>jf8twF!!-zM5}=@Zx94ChG3 z_lP99Ped8~*R|dj8^0sfb!1eMmt^Gdrlr`1f(L)c>FyVNH91tIg|j}XsXdbfK%j7f zd?kd{ly`M*k_FpjGi5h4fKrCKjL0c1_LE+7gwAv=hI9uPmEmG7?;tLau1$9+#LGQs zmL#)$BBsx)Z>U+jAA_Hg3~VYJ1BCrNLFaoouTk%$+}UKddQCTTG)X&26No?!m`@#Yhs4kbGxeIP(AxQgf5 zAmL!d+xw6Gho`R|g=TT*j9(mfW6w;V{(Ajn^6NMA)IKnSo5rsrlHyB4L7_t*r`v$+ zh$@Q$ZMQR(?Ff~7??wb)cBhMp#gCs1Ch54sxPF1$y#VV!e08HJBp+*Hpg+i(72?A= zcxl`MpHo-e5dV%{^4ziQGM@!4yUgyH*wAkgNg{xMn*i3}b1zc^Tcjqljo}C%|BkPC zEe{W!_6D2s*Ddovp<;#`Mk3VL5$o-9<$)W+03Fz5A|R|kRWs5YC;{*Kvq@2?Ko z+4jo~-V~iuYW{ple$=G+mB6L(S45?KIZ6hC2It|$1Gp%Zvs~{qRqfx}+S+!k@eZU* zl!?iUSFG(Txm{6v?jpL#HTU%alUPfrY-k^fHdNK!;%K}b#$tdhn(P!!JmOofth+#M zXpk~%*cYql4Gx%o<9N0K8HqZ1EJPL_gkpJ#p6{ks9{U>JPZm`WPc_t6>s2n<`7$xj zb6*5RPs6q1XZ9oD<3`XxR46-H8;?pLUnGFrCbj=B_P#T$sV!|gh>D7cbg5B6iZtm6 zNNjX50s>N_A_CGZlmHYBO`&H8)uf|Y7vY-~>!3HJZER|KM`)JIh$8xmIm zgc1TOcMkHM^qTb9XkkNqPq*DE$o7gqHw71o7i_OzY2vM}#)*)_w~wMb5L_B&bY)WM zgY?Qi(XYTV$}Qhjv-?{B=ckfY?RN(u{9!|tf^d#={9t~0G0s^? z+2KK+vA)MOrVM!6wpXX?(AESU==Cy!-LE`ZU_)05rTT&@5T!;7lS0{~+mhjC-C6z8 z>->5i^@g{6Y;eY=Cw85aIB?O_#@8Fdi~w}A*17ja1pi;su$@`djM=m zl{!ALNY_dp?vjDWr31x1-2H5ITu;SkvSe<*kNa|*@HpOY?Xb`&0Vus#)%4-)2{xh~ zdVyvvM=j4j+=|-GaQ8X)VXze22qFPI3}2j2RUbAnAxAoqcDLW-vodh7b9PM3PmKyF z&aIld-TLs0Wa-FY-;yhl6Qk6GWp+$|J%%ExMzg_v zl#Ru#m{$T$8iEbrMNj5epWjr;DceFdh#PG_Qvl`@5GHjS8owI@?AfRot!^BMfx zzy9}EB?7yU3!q`uV<<{|7Pr~VhO2CfxBnoMRwkBP@QpJ_&7oJ8*^s` z_L+$pV|dP5hwftW4ZXLE@yf=$BGGTX%2oGg@4Rt$PqStsJTg1D$++IsJnBX&y)tHh zH;ab$fvkOQ?RuH0lcXlXW!;2I8vHs>qO|4$oi3j_j|~6U>e%h8;ZP>N$yeXFK?&gv2N==#_h@)J`h8D4vs{i5#?{ zL0)&JMQ4x=#&^ZMNJqMDxvyPW#{gY^d+niMu50g23K^pwh>@A}H)Vq{g)*g?$T`_a zD6fW*SQN_CCDo;WzqC~Qo}tugsmmO1cSdu@4;oyJEkzCq32~BGIdfDS(@Q_JY5ILt z&*LujUVO14xi)Npvwd_ zs$f_Ybl}o589Seq%I|*^e+RV8mPktK1K*zx%61av((b&UxJ!Rxm;dMAzjC?$smB9t zgz^Ib>xXeTg$xkE^G%4{;w>%GGF^W&95z1=qj3nL?Z$D`NC`|dW>y}CAUe>sd-3yw zKrb%c2V5E=5ZiU+C-p<7ejz3RaGoavR*$t37MM#SV%E3W#xPro@bJ;~IzUJ7Mk$e( z5xv$Npx5OBj0}G|#=5!CO~+#vUxD?IlCkzS{V%dsjFbn3peMnFj>Ez$4Yzei$h#@yrkxs42Rp9deBB4F{;pg--HS6emAz4=nOA-L zJ8xHM(ek3NILKVd9Q1d2Q?y#4-6P?rcNbec%8GG;ea#)mhFvFS2WoiR`Q%!|5_aX) zt0=SH5xWt(c)RwP-PcP6r-J>Z5%pB#)}6044s^EgGwGZ)O?W(cQ0H*a=l=DCZ6VZI z5^Dqars^~mk~Qv5uI-gJcW;f#mfIUV3YI?YensgA7yJ@MKa9wY%~=?VUq7+x#_~1W zIr}EX$`E?aT3gUW@1?)A7T4DNw(%EaYXhPvyCyc&mYZ}lm!OK$au^rK<$JszkU)2^ zyp6XBQs3El%roL_X8nSo&yK2nauo%QUnyK#=xgXswUE?pS+YVcY`2EOM4o$HAMBuK zYelp}gXOc{#_ZR#6#sIo$VV=ueDcWIW{&GbgSfzk&c5<{)f0w@+dE&*&kz2D?lD57p+!2WTHBZC zU7Cty=U2#V;1v>3#WUzs(B|~qMk$JtmX)J5ebeW(OVc48!?FoS$)ZAzc9aIOKSq-q zJ?IPcm4L&rv#kiR94WJG)H&XpKj8Bs&^ZKg+-u9sA>zv9%B1~}u)Q@wO9n1CM3YUg zlA%Q?phpw#inOyq9>dDGx9c{Axxd68Bd6=a8?cjeI?ydq|Swl`N;Mc&hYMmYht@#psKV zc;qP2ww?r8AOcD%jYI+V#y*SD%S6+LyplKX&Kt2C6gdg6d?AkI2*h<&=>xnCM%-9! zP|MFC!Y5>2jCU|0W<{lS>eTXjl9D!(j0KJjvC4(`oryUxV|C9#y4Gc7`D^T$c}O0{ z$vv_?r6UYWKj`m%Uir+rMd~8jh2#CUHSg@m~TpSmMad)+90NObi z7L~wtr!^b1<;E1HH!7EOTY|)&ia(Utni%1Hr)*l#ti)#SwcG!L7Wy{TzUvq*x{8Gy z*+ds4#o+Ui_y*%Ij@W^bV^w}L&)+9!I?1G$UapltFXCyfsVrUxsj0d|Le#?pf$D`w zng&^E`wTMImYk5K!DFnItM{toTK-8-jvA%Pl2*RP>VnfNf@L+=Z_lS^`Cob(J2W7< z%DRzFPR+UHjoDKi%Q>$pOpL7=<(LgM>0gKM--=Wj$iHeKoj08#;>0fd41Hc=1dv)$lQ6T_!Kn z$PUpY!S#ZT#k*-INonE4)mpyN7!CauovfJ>oVQo!k@z#5sDjG^1sk|V_kAccvMed+ z!Uu9J36wKQ;V6X(K})}+g3hA7p3GKI*6NrRw>S~yE|J*cbA?R&LD#DMKlw{gO})3z z(`(b@`Zervqqlss>ss^7K1yF~bdq{>g}XqTXz0n!*&KgP?VG?3{cj-)z1xy*GIr~j zI@`nDl@^3H$p$rb^()TGW|ZJu-3oykPrg=OdyPQT5FI-!&sEt4U{I?=WUA?4LCpGw zBAsl$37#fa zE_6+mBnkQe=f3_O!jHU5nbt1qiMna1?W}sU)S>K4&9mv4E{7VImd8T|s*@YO*49mP z_FP-1h}^8fn&KptpmluEsE~#ZYxI$_@M0QIL()APLE94#hOPKd4nVr5mo$v^L8r#2 zkB407J(`k%tOJ^@bub|fqj4<2Y5fnVbh#<+P8(_8HuDy`TA4PYa@WY4<;k%f8K{T_ z>kZ#8-Y{cvTn9fal#*7kEsfIo4D|FZD#`a>R^GcM#EB1C#F};ww3tm^Y4hhC%ye+9 z-6_GQb$8D|wQL;Kja)nt8;u2vd`$;4RjyaYwbFFLnR)m+#hG_9#02y*_CCP7gthSQ zPq!*Q{$AtV{f?u-7injw=S{h`lE;@L%KMuPSvQ=Ch>&&lRD%w|;hKDMh!yV$4|j@y zYR?ge=!8H6*{2yA+))mn>B&7Gm4`S$nVos#YiLsksIc`#N_@c3{(z=oU$Y0kMw<-Eh~7{9msZ z6_o0sl6P${Io_~1q5mYXFztY;{=+j$^OI~*g?#&NPg}PFXatS*nR2*jz+lm6jZ2vS zvT_QxA>Nn&=0zC^IKHuUjO4W2kZMENDS6ZINnKVaGB-Hhu$@_g2lc2WlqFZW|mxedsti}Di?B{s*Jr%jBWBa zAtXkR+vqfC3K{Y&_6r-AZ@ZM+6Q3LoZLc0osQKD7vNP(n*!-=nrm?iwV~aB92&{Wh znk0B|Ix@uvSDYuE7flY6Xf7YkwBN&yFFPg80X7o&tKP+Oc#7*;UOXx@d*WcgPDA z*q&Ae)&L70<}sLBopDymK3hP~Igh29LWyzYAbMaDp3Elp9m1tU)w2co@i{dNc_;o8 zY~1~fe*rT`os^KkdlMlO5f5Fz#fnMj{!JbtN6up82^_j zvG^K2e>f^AXc3VNCTc3Vn;t~TrtdZcQ@r0$O8u$(y@|pl z+3dvY=sdNHmSTQ`ep^1!Qcm-67*&)G*cs31ufYTG2t)F~)Vfc=DXeo?GOr3?SX=rV zZfYRN;hdQ1y6yh0|I**+^o-sHjYDxdbQJ6ZCT{zV78A0Zff7(42*GAX7$~n)=Mp ztexCO8@XHVdAO_-L90Fo2U=yOg_pwjJI^^&xQVRysi%njHNGkVC<$h(Sv9VwW@cfF z?>ElNy&q(}_r6vAs(rXpzmaW>U&EoH!G!CUMlmgtlA8dlP4;yDm|f4cf~&`ej3|)z{WI#SxQa;vz8|Ks`}~t}3u*j!zG*~CrA{73FY>#aRZmsrq*wW5IuR7rb$|2FTHRl1haM7Usl1G^poTc*QZo;MBKe~5t&%^x~R^MB`x41Qx ziA@hMw{QVMYM^Khr5_^8>XMRz0WF5PgWV}5q3<B=*Gm)eu<9 zcr?v4^*5HobGI)ct?KA|d+Ge5k0zLhk7?k!XM(SFhrG2tX1wvpaAhz@bA$OIytNL} zJZfTOfNhpS`-1)&BhtBs(V~RVrco}cMmL(nX+Sy2^ZJ12v-J<(mWoexmG6}?%z5Ky z$MUqyLgncGa@ugDArl~*R^tc6#+hPWG$f(nXd&w9B*Pw0X)|W>)%Tw#y03bcc^9J$ z?gX^g9Nlkmc2T|M+-3sjz2I0t?IMf;gKOIEVmOr@^dpcWTF9Mu#1<`xm|Dx}>UpQ) zR%f6t?%lmb@R&AmJ(i&L-*!&K$@t#G1q1*()iTFMj{;I4?@NSC z@*AyFRau#~x)l?lm)_kGIo8P9Jd|;8FGF}uBWt^graY~*(lGlgS=NvYPeL|-~EYORj z%@E=4kq!iLDBfx|>E6)O@j3qRpyMxgGV-)Vu@#r@hKmDq3*O|7;iH<9Dw@*vcG3A} z%a;N@4pF7EZO(c1Yg-7%TUER)*}?MZb!osGy{*Rw4QSh10+cIKXm>JHhX&UAo6mM* z9%yor?d?hD>IOVEnd*F3=K4}xUc28DzHszI$Zd->6|WZK$k@knhlGc_3E7QMA@rva zVX{BT%D4*%LmIpsZK$ec+m(>{==HXSjGam45s2Q=*Qz2cU-pk)?mYLbwy74us;M@Q zhtN44%UKs;gz!pkMR6C6Q&}TlFO+`-ZPzzSj(6`_co6OWAY6~NM!IG$<9RWy3Uf2J z^@;1@K2HUa6)DF9(I^H7Re>ibPAYA7hndLEm7qRA=HQfNGA7!*tY%sf5!{#uce|1Of11ueT$g2cYD zTuWyLuJu%nUYBbT(mab^<@QrpuYkRLdNN!ONX=(d>+BArQuQ#nS6LmCz^#TBU&V~< zCoC0`n8sP7J*3rZVkdIv^%hZLnV%jF%-$Z5%1v~{-@Wm;C0BPj86|*W4Yyj>{BX0e_;6-;#wE7O2IG-ygAY|{Jn1psz{_Qt zmIS-WDu9wAlO|+2$t8myiB*xiMjnlwb_l%E`0Ukao6iy5bT4Ge39r&8IeG~J%>w?{ z2zd?@{vC}7&KbJcXO9YasB($d^7C77;pLRM*$3!b2GEpxanTEpIQ_g{8E*p&+2~xV z+X8#RYIYz>Yg>PW%+sVYqDssUzc!xB|LhD(%--Fze1LLjLiF>HYMSAT$t^u;4z|sB zne0wF#~hSx9TA!$^MZ8mLSbj6jiQXFI{)6CCB$Zt+o@MHGNccgT@|b?I4sAgH1qg! z>Fs@ghhUH``1xPD&ucPv&}>kM{T6UDuAa*|zeuX5Mh?U8`ll5iDrooPheW;SHFf557#yaZu8-E53=rh1|al~=9 z5#blfxq#!pZBo(W?#X!F!}*+W>$g}1+A-bx*pKRvDa~wN;ho#b$M&C>>~8Fg?zx#% zpD;4(Jp18|4{xz0dxpj_3yY7^3nQs2+4+NMDg?}6H4FCuj2FpcN$-tOvIG&)jYy5{NuG&3ECMQ?<~jJ75o^A4wX+*ytdxA0k*N>2<)7H2FNU@ zvj>BZ%o^xAGX8vkJ2*Eu7{yuOf+dP`yfmqQ(f!3C*J)r7Jsr1`ORMUJtfe)<`=wFjI zs2{jS?<+6wDk}0Sd-g#5;nmDI`J9tdO~~4yo*S2#z7(0aK?}FYXPkV-StJP{JHk;V z^3QB|_O5*}&E~mgekZuLO|d$={mbz)liY_Su~{CLeY11_HSHMN|+_JMx;~0Z+l9=e)&Q!_OYarI> z5o>~Gi zn*gNdq(Avzr3?O@mG)oXVDN;7d5*PX8c&~6?&;`L!NI*fXHV<%got|XXV@7Pb6bb& z8@@2R-rsK=U+XH_NEeM6kUqO%RTSsSmJxaoF5(>QeOJ?zcPmzD26hm%5}qch(C#mT z>2a=q%6wrfo!;+_Wmc?+eL&fWwIjStoL_ir)5LfoU+j*I!9ep+OIcLGM0b|Irg=hF zgMG2RL?gRN><2MdY02Eo%}#1;+NXPbPh9*}Uwt&XlNe{-N9y-1okPFtMC`!S0;p#f zK)hb$){Sn?0SxqEE~eI(X|awq!o#W3YTRa@KZ_ExSvB+O>Bo)yI9O4|A2pHBYV9gBen%TMi#s@9I1)bdtENOY#oX+&k-gx~mVv zHfw2c+^J3D+Kuwl4M!Dr%LOzsdM)fUzzHx{|Fd1MlxVlvDet=59d1e7 zrEgStua&uM-QWAg^hzMl;d}4>mm(lr{RC_<%K0_Q5Kv;4`DdL8n>|ujyF3bQ#HK40)u;n<50bPhqz=>TwPoN3TW@ZWBA+p%@P1&{Q zES7(xFa3Wt5d7zSey0=gH}41a3@sZ!S&6KmSG@qsBrij1@{X3&Q}qtVcG7z9L?4*Ie0kbYN(?-0Yj-mPK8-+uQQ(VQB! z>P`WQ3MCn{g`=C+P%_L6ETZTzRP#?O9Ruyqz;{T~8`ydq=Hcr(W(0XXl>Q#K!gUJs zw2+)kQ!W8lmkAcIOFu8_|6Q+{+VI5~YTR}Qg;ogC+4+@5ya^tF8C$}efMyRa@kRf) zXkR2efND|?-QvX&acv+Suo0{KbzFR5HQ?jN(|{w-+qNWnwB>5V8YT#YGE)sOOxIFn zX?(>BWQ(s!m=8clo}Jq9H3j&|nozF(<1G-CxN)ZXy&6hKoh*$dN7X{T?<9o7FRB+% z1J>JYR8Ll2d4?2Vaj~)2j;L_RF+#}BVz^O8&K~b>$t1nySZ%b^9dzH83b+cg7QNa2 zje)EvzUWl95W>zdI1^KWVAzcR+}!5`SlB|F{Dq4<+KW^C%|>5%MM&17l~5RBQ_aoK zYq@O-rX*-sC0y~XBZWKMeIs?S5Mm-3pr4a@E$NP!#^er0ws^yt*u$H*B&T6PqeVAk zN$~oC(f}pQ0cTC%Z58d7ROnc~V8GdJ(LAWx>GrYSfc^cxwgCA$UZxo4dTfbitn0YH za~%+6s$>EZF=kb~3D5hK5UiF`8_KJV3Lw)fk7KU1!ijyl-^>{${%){bm3zPt|^S}i11 zQRKQr`(mQ;0s>S1=%fQ*UJfo?70XpE<9Xxa{&uM%#CuCUIx~Tc#LbFtz$N}dkMDInSz1^8%7lk_) zv!*ZYwl~o+->Pv$k=S2{-#3R=A_cGcdc|f|_w$&udl^-mGA4Ro=i;)?yh+op*zk2{u9&*b(YZ{l^CQl?`?>B^9=t36{GoX1TkGwZ z2+}eK^+uc6f&DUI&mO+ z3=?jsg<=t#vP$m3$t&u%dEu;Dx!EP=euqO-#{rVR#|<-m>rUnB>=2 z=G9zZ7G!-YRW|>ubI(=Y|Lc+Da~ZKWjrZjCGX8FL{P!;4*o})DR4r}IVL)G z>rFg6;^Eov>ALHD>WHh5XK9Moz~#nv&_;8lUH8yQ#XCs}@2uGdLv})pn-5B?O(@~m#3^7AdqAuxo zD&8%yzWYjd(jm{$=rk{40C1%{cmciO>r2Na5rfx|!%Ck*nF1AJivOdt{8MN9Kc3(G zbF_&{l9)EqK$8k-e3?QC1-+c(xWT#KCDWU%3?LQuM$kXNXfjMS$Y44FPIX>!2m}@* zv@7V-KchwHFe)QxQh||^zC&z^L6eG=`LyTXe$%@Kv7*q1pWmbp#J=pn4By6#(XJS2 zaZ!$}9{DK+W?HiYEFqz{AP-lfpUr+HjhX0!Ql{|Dm)GfcJH{Q>2EKsdj{~Xd|43gD zRGHojGF+Wy*!%|Ix17VZ^3g8R0GdA;JA&z7#L`0%iAu8sO-2&@AO<)<)Z&%Fcz9s< z|1v5+JSUmJ$8(Sd^g3k(Maj8cvXjmVT3;^{lV~9>__bR-9R!D)HuQA^s=+GkrX$du zgU<$}|AQRI9a6IQ1rLGH`sTO2y~i*_NZZ zuKY<}ebvpXTx~oK_a?uty4S`=jPiMWhs3CLEX@koZcTP;-&i)Rvf#09kr{bS6zFB7eDUq2QIc3KkBQ+9ZE zKXCf#%`$u#5E2FwR3wsBeK)eM5zVQ$?w5zZ1teR_->ImdhI}enY0UouaTC5%J$>I& z;)Mm40oh$Uz#0m><{q_KB|xGj)r%{Qau3XT`-Whz(Xj5^FJv;ZnZx={EIm;-4f!P6 zRiQn^M~U13M~YA0R=|Augjq{DPPq=acko&p9fBW~2V3XWiIh2W(EoU!o~u!mf^=;` zJX4Ho;|=qhqwhOL#KhF;N6GeM7_K=qZ=VuPWzjtC!29i+;bK?~j6K%TaL_K!44!bh z{(e)5<3^a2cf#uOq8{ny_81lTR$??zg zS04;jlpgSF`VQG$rH;flP+}?w(CB_TSC>qRf@?1@xGEE1>IZp(91Dk3UJwZ^qN#OPAI zWr+d-Ixw$A9(3MT9Y#iucQnxWC>>^MP6fo5;h9$F9DEeuoB`*2trq2he8S^vx6ke$ z*Un=Hu$kUkK=rW(L@5TeRQuLLvPU4xThSc8F}KI39*qX4*DnjPV}BpcrHqn_(=_&br1UJ*jhK- z=iWE=z31b{_4pK3c`py}GoGx@0TQ$J?)Ra5N?$7BB<4D{(OaF`Z&RCP+@!uG9-E0z zb+TK92<)hS7sIgQCFzSV_5{5rO_c0IlH9N+SKJ}0ER-5MmFJ}+6Q>Q|I^Xd;l{d*g zRDf-bcDvxT-IQRdwX))Uu^PQg)-sem-0eJwaeHR2 z+v9-nL9+>du_H6zsOIla)+Y)$Xu@X z2+5xKyym(rVz~ZJT^39R21k?WM&|ALGmKq8s#fj>Q?aIMz1BQ_oivzok`Hakuy%x60~& z;F*fFJj-_DF|XD2M*&uj?P~o))q(Po%~ev=J%H8J*w|h-j=q23UHQF=0fVVl_d5)a z_-hRrn+}@~sE97UIW5A@Aarh=H2@>%<{9}KB}nQvCQgNx$zU_{gPoC5d7pRbYSnjb zy<24DADueYqS52n)#E3CrE;n@nN`xB-AJi*Kib}E+vVn|r`fUbJkdbHc#%ivaze)4 z%!6mg)^U<#{1_~JV7g{77aM^o%6~v-=ua=veh=Csj9XjY>)p@}Z9$64b5u$)LXYoW z0_gZ1Vh2I29&Q2;`a8(EAwIWsbTl-z+{%I zoG->0Y3K>-aX$RWz%ZW3t!L-LexQ$6Kp;jkgqXBYNMx-}i485r>_zI2Ui?5T+Vobl zsW<1*)}5*fKk{r+T5kJ{W9Ma`k(-}T6?!N2onKwqf>+ZulL+1*{yQVWE?og6%GT#| zeWh^&>}NmDx{6<#+;R5Cw`KuxrKwRaJi(WY-7v$GUyxYGM}pFk4%S49wH4C*Os8vA z$6dDx7WeC=@h#K2lR0Wl6>j|TJW3S1Oq3Ye=fxP0#H*{%W+4 zki@eIQ}Kl?Hd9@VAX_%O?LG95B|J$gaW(t{Dh98p-xO2~(t0u3d?Fn_I(V7G<@VG#4q$x`Vl zH@DgL2>kfK*PVAnw|JkGq~A}x-t=0eZ}`UW@JCSm{uPG1%Lm`ku_adiLpON#yy-00 z6adIzlWB9K8$h)PoU4w9Sivf$7PcjB38#S>GOJO%(SU*zW9jMsXL9w=ESTG$LtJVSOjd%T15RQ3RY#KF)P}Y zfHZ%-5hMVacYBuuVJlica^&k((cq0crqI9l3G-apEwEP$`og!Jrkm*6(2Z&Okgq?` zACjB<6`K8X_6z-k?T@DL2hkFaFjkT7H!_Rv>#kPj-UckP`az34kG9U;du#Y{$KmZy z@XrDQzNV;t2|bwe6>hRP83nZ{NC01WO(6yIor{~Uncs8_z6YPLUm#e#Co|R=~-?tP=^;3Lb z-SVvmpU0p3mVEGG&Rws`n6f6&-?Se}dNg`4rIn`JxfbVBnmynpn^aMPdNZLhUZg2O z7OS^aASVzcvCKe~sV=FU<>iZ$#sx!jnl>|6Y;|2Tcj+Gt-XEpibx|Jqob?=$ryfqe zIIxZ(93nwO(e+19_P^1r7hCnlyrxYoe=VJwjc%Q{jYOzY>|`QkeIFui+p#a6=xXf0j(5t2-|Ljynos*VHlN?3Xl<5=a{?~vQsbfqnY8c-_I z-@p$4jQYXOqd~Raf~6V&n#KT-Rm#g2|;`mBEPUHy~`$ z4sJdCsr+Q5$Q1*jh%14^q=)-2e30*ulMW;WimMA4dfnRpAwCUjD(1J_ROoE< zZ>#b(B9?)i9R>rMzXU`o7?N^$$gczQyKSoJ-<9RJ9EgR5fQjRqML)KMEmQ>5vFx?# zpLXvcfAnkfRH`+o=KOLogQfJxTDEb&>8t%Gu|e!%M)8xz7)8hqS0JpE)x>-htG#<5 zo#FTyC^5=$BG$;^AS}=K9atz4G(6ZLP4mD^UIVB-X0hoNK#(ScUj00c>6#8! zq;s9xa_FM$`pJB%{xP+*Vx?+VV<(Zb_v;5wygbnaOgl0k1?q{Z*TWc#PPq-%bqzSH zH74aDZ+5!46z5tc@N}K#l&}hsD7iG0xTPbqAp&*5$&iyt(kMvEMQpayJ!h~}93~U} zGAXO(Xl?g9NSC_)*qb|zdxq)-+;)=UAyDEr!8VjgnKtQtUWxBhdgj!LTQ@YmcB-fL z$b$>Prk9O6PtOME?JHZGBXxw1axPO1#|`1tX(vA4044-Qt;l7=t@Z=Rbdn zcoA@&D@4=ybjy*zZ9&M7K>8Q|cuBLLNQjVIom!lK_@nUi4EfLN|G)7!A7@=W1&kRc z8b;UGS?P}&5T(7pTY#2?Kx*2&gs1spDAufjBxYJImfSztu?zTQQ{GYoek8TO{Lt9Q z0N518kYwo<&M=Bw39fzaZ@oud4#ZD7q+ zrtv3&;U&wzkR|4+->~%^v&BCWap7OX`hPP&M$`4Tz%J$4HlSv;KtXYU8-&pg;H8|q zYf((&X@|imwPAwME?_WbH4ptVB)>&=`=6R;P@y1*zb43T@BfOK>3xl@ZU0n3n@b`m zO`$)5_&1L2{>K>}Tygo%6xk4u>E7b)FD}x;hZPIUOox2MJC4O(m4|0(>Bl{=o?1vU zvr)VE`q;i(iwlW)DQo7*Nbd=;IvCfSWaf;B9p9Othy`?=gE?A@MIKQY$*Rwx=+7yrKBx^lh-!-*1`SoCYK8_$+e{I6IPF0j0?U37^zu#k?{<#-S&cb!)^{%3dHp7R_Qj6c7K3A1GYW$_cWjsJp9CwV&L$d9k zz|?+V9gj|YCi>_=iA==TR`KNVZKY2oO)@#pm*lu-R8?`7FMEr?NlW}L%KbAe$ote@ zK685Gl;o>L@kuQGtmi84F)WZ{6gs{a_o(s+khcOVH6u?og~*Y$d>zqLrI+j}qJ@Mn z#!Jf!T2C@nl;1~%AKl4PJr=Y3P6~w{v0Q6sDy|=`D^c_H>+r1-r#zG1EzMUG^#nn^ z#=MiNZBCwF*PNE{xmXoU9Xy-Hjs@ROzKGe>f)cxDfvQ>dIEK!FrF9~7JFWbkLF_mU z7((julqv-}*n*sVwN*jq^M}nmrosW{bq_rH;y}_G3#S}|ae)5Yr{5t<5ftqR&Eor@ zwH8Bt7TQa~u6~DrD5cXj`qxL$p(;`^of1Eq6dp`}hj^HGDH^T6VWoj%PA+KTqP|1G z|7;!Cbo<=_V1(>$dN>^5$5b)cc6wD@dTicR%nW!e#jdTR9H>8z*J8Bl{hI@rMj{4m zWU{Zo2xe4+NH4Sx>QwRW-99kKiR@{_`L39vG|4|-uL57)1Z;Yft{?kHOAv!)dKFgh zlvuYBLALUHts2vA<$tqpcqky!TZ+MJ67VqYCtUUv88h$ZYDV@~qdCZ-8GxyUtg4Y+ z;*uXFuYHDhXV634!$Ok6q8Zzk^)82C8|HzZygyYgIJvdz@KfXt z&L3ZlMh|FFmwkAhOAG;CaA}M6;W!E!E9HP=5c@O%JfI z{KKWx**|rGj^OuR8t#5N5mWp^3u2F{U!_08kSI8J*Ed!^sVoJnH=GW5ue+6PT&VWLBH2m(Wt9ti}s+JI}!$) z2dI=91orQCwGHiW`=xK~Dp@~0NhQ~)<_&y|rJs`r8@{{f9*|$|^RHKZs}m3te!0)F zf4;|-ML<;Zm;0RY%jD_H<77zqbpp-&I(gP}f0}@Q@E7Mc+X%6HufB}bmtieRf~Ox^ah-|ZP3_4U7!<#@Va#;T{(cIjm{lkfXzLkby8n3 zs{gxOb?y82ebRR9&C+2~Jl{s2rk%=Z`ZdOb9j@3jfMjH{)tC2|Y~l}@jQ?ZH&mohc zdG4uWcU(~YZ22ndnw4w0zpe(+aGE`qhRR;gv;4P7gHB|=?>m~t@5Md%a=0j(%&&d% z)~`1>eU*OJ3~GU2pWZ$<)1d`L~Pg|Uf?6rYh$bDxI$YX8YW zY`I$h@MH7$4@shS@%@Qn(yv=i%9t(kWObKTrVI-Qo%l%nGIuNSxJHZmQXgJ4whc?Z z%D+qz90$0D9cIN4N~~5HT~lxP4haPEO_M1!(ex@D{pct+<}-q>2TGxb8kltzF;KF= zwiNN7s9!!`_;H zF1Lb{4KqfX5wNeJhnS$N>t?^Xd?m_Juw}v*OaB0NP0!|8u3`S_;u%x_X~u5VfqrQB zHa!%HCtex-VbA!R(aHF$S;P9%q-hLSDofX0z2zltO{I=q&-^*LMc*A>*L?ani=~JE zbHU5t-kVdc1NU7&aLU0nPyF;GL${cRF#RI`PJt`^eV=IJmB&_$dl?GxOu`zbza)-Y zu~hUZrvE(XuyQv0r>;y_;1L*BPfYj-TT*TOsFhQz)aSP8H*h&269;|+G0a3wEA&MdZjOa^IRepUzI_ ztT$0~^Z`-guaA3o7U4Bdugat+o8L*QtX4lEF!8cjQJ{MXerLklcI9++hq{lVX#rsl3yy>DrSt)pogl@rid z-vX^a?GXLgCHm7&(N^BJF*3=dhkguB*qXd!mvL^#8E*91)%y6#Cv?&Xk7mR!^yB_d z7(x0@IEfuuX-G)63$+N5+yD8KSJOSdX(yJT60P==gb)T{F49w<#BtJBldPaVy_a2c z32WO6i>>H_+9My1<3?FI|o!$E<2X3pUHMuX5t zdr;=Yjx+sAH=Sgr?oT9YZ+9tG;ts6NS&NSQJwmXNoj0t=39skw)Qs;r()s3Gtg?5S z#85Uy`lxrSuiNoc^J@mDKd&wCpDD529Ur1@u*Z1M$=L`-r_)T1n%ZOpamy zV682B;NY#kTWuA2F58mx(=Rrvq(}$Mqw6~Bt{vCT(vlpJR!m4K?n|j~`i47ai$8^N zW91@8p6*8rU2!gN3ImkkoQieBUWG>^X!~#} z=##ggMGm2!G^TnylZQX7QByEPVywSXR^#)PVe2HO))fBtHKxqiWXxBn!mX@BJ&(5gzv1d#^RuTyq}OO?NI2#P6Jo zotcwZJbs^!Ebl`-W?kM~_waA(_;S0BDf0lHBkwpUeYOWV{IC8wIh+}#*Y>9<$aj{y zf023u&S5=L$j>3exH;@aWy;VK$1MkK(VP*QDx+<=to=EW=qC37f|m zD>wzCATjpkz^}ls#G6KQ2Vy>^E)cTENRplH(=l!k##bC`x~Y3v%qxh7&}PV#yp5KE%9dp{AFDsPcFu9&S9rssqh!MIJ>3x3_?SmQLZ|tzWleplVZ{v~_@RRSFO4mtnc1ET2BaYEEP)$rG zc?y1ID&i{YGI1cijFc9?vTYs2co9I`B-zwDMz3G5eEI85D4;MgoG$BX9ae#n z>U<2!j^#SLGY*&0D+O*EbGuKehQv48L8U{+OLD2xl|vqrUuBV(URLJw#VveJ{#lD& zNuR|HEVG03^$ig9|QxIM)~od|Qq8#8qKMY^FHPc3$+>=#8Y3&`BqKgbi)qqG$5 zPmdLV141OLm4SFT7nr6;H3KCfek*_cja? z7de4Lvx9PAIlZbOa|%lrkso64?YqTc`FptTDDaeh;gdnQ~a~*gucDq9=rv;5-+gIt5|R zQO|qeWhV7sZ3(W*On-x-9sebaa#Fj+$`YU{RjX*sgbZ70Ix6wUUjL3#;6m8pk~wEg zJ|#JbtzI?ib5@eox@=Js@fFKO&4riXt1H|fqD{!9&xH4Jrg`Whbv%@!yk;;6W0rq%j}nS$=Fv4 zNNhME;Y_ua$9yajsen8&3vc=HRCnl96KLqNb?wQc4QH?y2@Ip1mfmZ!S@&OZYgKyp z{;Vn`ljEi-+583VStU;Mkxu8%XaT+ka928+89DVypVN{a+S%w`t(4FStYJedZv6u? zH1xAqU35VIoJo(Q-Io*D2;C*Cvcc76{8;27HvXK=zjF1?Q$MPAi}LgS)%@RR!|`o4 zrt0Zk1q{FpG5si=)P&1l(TC|Q%OtAyW2>Yw93@okzqKXrim=QXBwjrkhG-pYUQT9- z`GOK!M$giM1k`vE#W~advsvFheQ+a7d=0ouQu(&4aQcen5R)8Mr%u=JC|pllZ`kls zG-SxCt)qYR=LiI4M~Y93d>EOsshp^2Wa)chOEoU9css{fSoKY={|Tedgvu31S-Kg? z5Xen*8^Q<$`BShONe6`C)6?30@pVkdJbU8&!)3$DR%<)GN?Wmm-Q91Rh|9b*tC{yh zU(u%^2V$@gR2b$@!MQrp9H*+-j+G;=cSKf9mz6DGW)7)8$~73VDon?z@X6`C!L9hU zP#}sl=mS%=!M(tMk|^9Fg>r&Ap5?aoIv){31++*)M#yCs@9I()1M2!KZ~Z@vxV$H1Hpkat}@Xj~rNl<5MMIp#P|o z9uA!askz3kE$Umcvtb8O~g=yss?o# zQ0E6~evY4+w2dKbGu?yue;XQ0UT}K&Jtfwt-h7P-Nxg1yi85#p&JTE#((xb{hz~G7 zidKCTA3%^(u=ROe*3UMe(<~%gJ)s+Xe~>TFE)FKMG~|d1yMsPj_y;7`BZ6!mptuva zC#BMOnb2E3m#6ix{*_M84Bg#{SC3gmB17W>O*3x)iQjs%v_lPMtQpHP$3cicst#7u zFMqo3#4m#*@X~+s+l7{m`9Tou(RQxw7Wv-Pa1voierbLf-TrhnwSg}w!t%y2qhQkS zyC2YfxPLD!@h^O`|1W$R{wHMin_s{x`S#dxkB>+_u>9vlwr z!Fam+Jc*-%(@x#iM_kTM-%=2ZOSx%$dJD8OA zOToYW_bdIcAtJFb_vhWLVfb7~iYxcPiusit9fuZ3#J#P*rRq;!vsO2|!t65>XE`i? zd>8x={4KE+D!V*HW201?ZrC@o1`6q8SRH_31-h3;&*_6v_PFTabc~BT>rDn@cCyZVA+)-vgN|5lc z!K!RePkGH{GZ=c3T4w6V?!_hq-@q%Z$9UGi^{CWWW>G(Ek(z$G=V?ZdHn%>c3ZrJO3w!bV?|S`g|m z=0Hs>??0CXsYwI<8nm$RFpj!PAkcQfb}K`(8Fw(et4vN3{glpq`R?My8yi0BlfVSQ zml=t;JNirJ0+-X&nZ>*AGMoE%i||d1KMmC`Q%7c(lw(72G}Miz2t{Nh0!Uq!Nov*T zt>fPw#CK@)TUwdBPpyBJ;NIQaxi_eA=lNL;clz_Ycl9YCeCxJncL8)HiO?ItIHjOW z#3qKgSA3ExZNao<{sZzkHR5!Lnd>8Gu8W&nfh#TzGLd6DUTOvs)g{RT{X zjCCAMA=2R?^~_sq1EaG{712uuuw4_zvLAmrCb3@M1c7e^&}%SlNNegXQR!)s0>><> zrc9)FD}Zf5cy15!MSn?5F27oCNjNH8R0pL~bQTCC;t^!Xu$vRBjp;bsrG#1-Owl6M zxry0^GShQ1nHS33nnLzIzmKeEs^~|AB=8iRN52!v2n(%3bJ}kG*1?sPEe^Qw*Nhf? zkvH^S(|Q^HsqDqUOc%c!#pXK+yp*TapQ2xNaTst))|ainWFG7~zg3Q{ZLBDcR&$co zdAgS6h1WHs85uUX#KoF1Ge|%uAlTaxt}8NRTP58`&8<{vP45;JtF5NU!wp#Uy)8s~ zD(-n@FBgP=AUm{RUjc`uVcvKI6O;wez>W6@)FHLal$1H2<1QP15~eCd4k@=8*8iwWYS$rU^@GNA zSRVD9r0R1hnq@QRcU)a~fVVG9%=^1y$`$)J4{elp$a){7+3}q&^|(xxPt+-@TjA;J z`e^O4Q@wqpBx}5dn&tL>aw^rX%wVLoAJi@dXbLp_<#=U3NX4IplHL?ZkfhQR?Ydfn zlfy#1ORev3nlgt_<*wQrNqvrEzN5;-ttU**xeoc=ngop82EKyQ;d=4s{67RZbC+(C zsFMkuXw%8|*cL-WZ@JaP)ufBp%gUWU$K5bLIG$Gx=Ntg%;@dg#P|h89?1P#JeNfgNI17^6BE7d?A?N#{{k=K85OGbH1E)B#)f0;B zwZsiia>mcvkZ^h()HZQrpg=9{bU=WNWLusH(_5aPYi^j63^saaw|L7XiXAUj+C`Rr zNttYT99IW+7!nXnFa$|{z*Z)8C$ipLKlzT*tj25hff@K1@5igi_!Z0QnjlFo=P);F`b*6x>ZXXLTz-G@UTW5}ll%M{BRe>tz9T%p2aL6Db!vbyA&VrsvYtq=iuGQbeBi4pJp8SIn}<7iH4F1a zS0eMS++dv?iJ^nUJAh_8jEpa!n9AyDjg0l$eKgrb=F0x-=faXq9^LIMR25fxrtU?- zG%YU3@7qbBdgxSNC*Kz6gQ}iZSyq>TvR~e{G`i|0xtjJhh^e+n)G~{?|0As&zw8@` zwHP7_3nO)=?zek`rdEA7KNAeUM+`B%d8P|NF(p z54Hvs$cN!dyw>AtA2h}YFBsLnCI|DT&a)U?0yj&i4(graNKzy_To7o}A^Ika+z*H_$xQlKK=ooN#_j^Yzogug4a&83Q(9x(0| ztWT!2KJ8kpuGS<76H-j5>;F>C+RXO&$WrG|S zgxmmTg%h~^z0(ari&6psiiuieEw5q17b|n5E#Y<&mr!)*H;(yFt9OMjbv^eJ1w9Q1 zA*azvCqCdH2{ZN@aIoD2r}(ZH)A)z>_QZaZL~}#Z@3pK#h|xQb_cw{PhcB#{Q)l1wb8nmJOH_>J12pPrzvL)@Pz6$lEIl zlUX~mO9tT)Y>jPaOCR}MX=Ar!pKL&&CSwRSfD=CedW{h4K_BLol3D<5+?faJMVxxR zs-D>8=!<`0p#1rrZjUBq^fU!|&G|4^f#jNY#{14wK>oQ>5l2V3=bCt-9g=YHDK;3w z?IfuwoT+E#MzQ2pON$R~z;{r0{eD}v9In!2A7pl8$NQ!7x`FdOX)B>CiVrtLseR~C zXS4hLzVQfV7;lkhgmN<}7n!?TeMm29V>kQNGnT6MitO3>eNL@511)^ASv*tye3j=|0&<>85l6Tl@Jdf>h;n^WJXHKk6Y$>_ z3071jjXwBgVqMf>cu3C^=UH66FH24S8>Wul_7AN%-k}su7o)jp#uf8V+X$HFe{=*v z;C;nd6U=wG+?nOKGsHV2W8Wy!^)~T)nP16f^IIHmLxufJ#ZQ4y7s^tfFXS(%$y#0D zZeCb1lo5blt|LQ}^#q1%_x-f*uin~r_StPLn@D8gujNtnjAnfCK_Fr;1l2{cZ7Z=V z0Zmv`1*`~YCP025cN~cuFedg7Bzo8OH(G|sg}=!-3Z=9`pt=VcTn+caQ(ut zet3&x6pc6ZS%fsH4-63-VmWTM+CeBwGj4ou&N6L5DnE1O-mAB1S4?E*!6Si_&Ok5) z5`I|+*@;8*B9nW52ges7WqSoW@imt8;-B$BjO-PWxi&L2YG+OS>OY5Nkza-SI+@S; zQAQIm3PQf`IV&wA%jR*8syBYR-z9*3A)4DI-dRIJNbqx}!Mr9H1gt20k^n?MTnr$s zARwLnXl4L6p*xA{&xc+1E1#>5&>pFO@RRFg=M?Uhp2z3I_x{w^=wrdpyG?B$V{6_P zaII!?tQCit+=d2;vXKS<1$jF72PAp+I5iMTJmWB*9b&2c>2zQqqAWWc zVN#gl90!5gm?F4r{-d=bP1z%-@UH!rmxnas{fAca)$GR^>Z&{=9Zx;%WKXEx7>g&| zDR|(u8b24u1&M?Fj!Od45UFrD@Su|!CWjvaU^d|^c6Qv2Uv<34XG(KSrqB?hU5L(LjEm}dV0ab0k@CfCtk4;jD0 z{$Q@_6Qb?oK_U1gHm$>z-bI_7v)|SuM#|@mf}~Y-9Y-GD(94W#du`(3+up9Jo~Zu~kj>4Ru?NbKhGa$zu4(He7LCx!H%OE;3JpPlmpm$vwoZAkZzbq=o;+dXx0b>hl& zwMMUnazV2~sNMNkXx34RgmfN&ci_o>FFK*MG2(LClqRTL-dZ=4Ic|xGP4Vwl@I$?( zE3M>PF%VrR(}d?0W1)a6-Zw!&xnXoq8mr>|*rWA@-^kUtR?F8SUGx5qp91~Y^aKT6 ze&Mmp{{nX%$RxLR_VF4@aoz-cSqCaTb6*5!c|)TZAeBv8hrhnwdYzPS=ZVhhK14ynG`-LcD=6z$X!*JB-~ba{AF`NaGA4E>wb zLg*b+1oI5aA4q%)$Rmh{^VzMP$<-(;&S!yNO&?mcjZyRpi7rm2ru57@Mi2{zzQlNY4t1w zUx8v?UU2Q7=-;S)=_>UpIe1BKEaKKeOzPLCZ}=WzZ6{GSq&BedjR{1gV8u!N*qXQY zgDy&SD~A*KXf;DMJo$-y-Ts{nPSd#M`qlS{R}{NE5*z$JGAWB{q@&IfWPn{>w*ddB zQ&ZYFans#@wyck|AEMiG>Fo_`FJGzm$l(CoR2QQFGJPO|dD1v(HG0E*G$^@-$8*kv zQaNr~=;8}88fEHpCN_c~-7+MsjQ!_vpD!!0WC^5}fSy_xN^|M^ae2~B?>uUJa?G?J zec&>^l4Sh6;j^s4=5wv(7*LDrK2TQe5g`Ytyh9dCAXwcH58Ecr3_0@Y;=&~IYv*>R z6GAHf%m{+DA@26x1I7xsy5#oTXn|kGJjlqdCwl#ttG9XD@{$uYR-pAyB^#$3*6nW- zz6f&g3f-sQea^)^GOO^{(L@IclCcSp69mejc1JQS8eI#DZ_P5F`kFI$Wn#Hm^K;8% z$0Ze!dver*PTZdkJY|yLHvl_)Cl{bL@TA>ACPte`Kqh_urOlt;CBDfs`=y?|u=H7x*P;X8&9N!NZA;?L^>nAg_DicElVxo+`}ulfj*xSh?l4zDo`umdULMbTUHN-uj5z&IgILL?9oH+r;Re+u)X(_Sh z%&-ikHetpNCFC6G>yE;|;j?(>hM4HDT(+cdr;9ypLyMCgzGOexoz&n*g;oPqrV}vz zbBggmwax0lys%Vp75KbVob8^0v?l!4>l2%h%X|d!kSC&DXo0Ox7A)5$Tw>~qe%-pf zwn}2~fY98hv6BRqt_L3lAM*(l^ z5;LU*KVs-E@^y-*qUC(bGd9tRlWU5vGh0V`1=1}_>5Qz1mM>EU;UaEyL#B4J!!S3k5TTD+*s zG=7yS?+y7g8uq~FcjjL^auR(Jq7G+wCsC&0#-&8TbM0B?Obqk#%@L=JvxKH3CRmI4 z7Xjnf63&hZKF>l%p3k1ylRA6;I1OM~NyFuw$)KFhSn+pBMKa3ZOpezjiBh#JGA|7c zt}h?VX?Z>G5~H4ZVKtx{pNLgN$&aB_NHRFANQ~|Hp<30ArhG1U;#|!$<=(hBw|_v8 zyB7tS=H<2vnr611qdZ9asb_jFh1(NIUQI9pz5izf9{x)N?q_Pkvx>1-M$c7Iw@5Nk z?dnDD2ex_yDc?RT0Rf(OxDU1o)zJouTRN%f2@ATA>AQHyisuAO05MLg}1+eU< z>0vTTeli6_b^B{BD{11R)So1soDz=H&o2Yep4QlrXcT-(zgb3dcIM+#p^4$!*&GKh zYe9S|^dE&(y4lBu@cVqWC1c&7NTcJg3PF z9BxT~^aNJ~ClE7$xD+_TiY(sPeUdtP9BrT^>BKy*|E|acLS6y!D^MA%d;Blg?8#i8 zJ1HHcTrnM{(*sV{dEMZ-QB!l?Yf=)+zICi-Tn&x8t?iH7~YbwHaLhtgC) z;Y%sO1nPoFsTThvT{hC-FUWx{G#M_4f&*F5-Vp(hjsEYg*bKi)_mKJ-Jt-o;BiPg=y1Ym>+~X z&)vv)5iS2S^JX07YIw{_sxy$>`@}ebht&&o8}#g@X{L!P|~he;?5(qY0JNns4#R<5!Zsr+f7s%>dFROQ)KCLyr5Yr&OG~A(Ge0@pxhrt zNi6f06xldPeZ|$)HNCT!DmAG%An4>Ahm{F$z*5L*HUtI6bWn3d&;E1yR?<@Pxd4!5 zk0E*2#g7krhI`Old5XDTdG(?ti@E)W9441c(t+(&a#^63?t`#hkJ4!w-yPl%vV&Fre4G>72xB?oYWlV{BQ+jf{#XE$1 z-Mdf;srKOC){K5Ze4=7IPA*-iu`x~%u)J!}LG=~^BcSLaDzXBlO2QVS9yGYIdgiLH zDtUT`NX&7t*m6CfR8tzimx8%l_8uFC=l48{C1QGg0ejVrq?N{&l>Q*F|DaG&6n#T9 z-_-j{+AX|h^+jryNQRx1=Zr04b=i9`dlD}moh}X1N7S8>YR03DHSkljHqRS%wGR8{ z3C46}S9{(`x~{`mwD@TT{6N1}_!W{Ry7q^_b+@vqvujnxrHl793+{&)LgnTuA(THa zM3@e6cMU_Rn@t_)Nml(>S-3Q@v*#ZW$YOu#R>b8~i*Mg6B_#rmBqVMPvBjQShVsTP zbP4evv=<~3K>T-+mc*ER&JVmbC(v6NjPmxW@=tO+q)q-2zlR+W=2%W$483%Tyw67z z1|d6?Vkc22ooSJ_SIVFM8cD_qk-U^^B(pO;1h~*fao-ivcG7<#*C>X6K3s?+givPQ ze7@v+ZNBKeuI^*xl_-v+6IVMRkEEoLx=2q9Ur#vaC!UvtRQ9iT^mj~nRC-?&pVs_J zUMb$i!nL4bMpbt3(pWI3xNGI|3 zD4(kk850so!JR9+*A&B9)@MhCa!isQFgs-~&IhGEvQSeI@*9CnUB>4}66$);3~o>s zP&#P3>1kMqD@WPNVBim_=$cW<(e5i`*RrMa$%K8pV!+@ZL9DbJAKtqu^0}g@!+L4&mrCJ>! zaIF-JdAId;R_&u1g-jNooSx_>K8&QXnl%%6OeVzObNan$b%CeLRmqXSZIt`UwQ8q{ zT5riur-3{Lbmj)WG~zYnEPEGNi?g~Pk{#}{A8^!Ep&S7Nd?!_B63mG)*$ZX zTKyS^FCB);Y8c}d6>L4YA;|EW+Yhrn3jw#10yJ@nwJ9>~H{uz}uvjCu@pWKWRoVMY z{NjP(Tiu>72Yn1*m>UJv6NOiuK9EM@;Np>P9udOh=VAjZ`4_lA*@+K>MK%i}r6xES z&VB9i&h_fmg4Y9@ViXH*b?8pld_%l(0!$I42?}f*Rn2%G|eGaV9)6MYf)Aj$d})vIM!2!p{diW-Q44$8RF1Kp^6CQ+DQJlHHGf3R`?$^-+tWGDLM40I^`ht1h9Dkp|#3 zOYbpIj+27vRU`i7s?C_zMRV0WG|(MOosoQe`wb~YmipT-t4~J=cKEeTEIa8qcC7(y zhi454(6=`>Hsy|gtq)@;4WR0s>!C5rhzp^hfj|nXAAW1{P0_drvs%WG^imv2-swp} z)(T-m)bFFeu4FI2JNdrL#4yASTP2$il2(ce57R-Vy4Rk$0;Mnu{5}OTn~~A|3ICr( zbjfDtgSh=ut(|*5q3h2%bY8dE7w!%c)~GtBRy5L#!J9l+G}VC}lVkd{{YRFXCDPf= zWiIpXk{nm9!Ht2dQR*y7CneTXaN)CC02&XaM6&kD0miq9sU5G{JM6^jHrhHmw8aH& zuokIoj`hR$VxITKi2Yy7YF`|2r5Axi$UIKEHCECIZ%XSbq? z-jm%&SJaiaG}pI$Y{Yne#3wGQ1-j_I{$_BGu1`!7N%@BErzS^5-Kz-RGjM0)BU5uX z;!sXyXoeY^AAa}eHZQpOyta9(!`e<_u<2!PU_*=&L)QsLSTIQTs}&Fy~F>XPPJ-Z<}E8*<@iH&2i&;bX`Y12-sQ$vo3)lq zv6*aP3#w!lGELB*0|Fi!P!hcDR1?X%vVg&bNA^Eg_}J9aMr^|6u(w~MpHHgt629@q zkjt-~??yLO+EU)AFU)`>ijV9w^6YV-oSFi=Cb2s^0tY{)`@;hQ!Xlw>GIsOU?xiA8 z0Uz~M=)j=S&_TujM@wa{oOmvR5&^OB5qe;x-sZic3I z&fd7h3t=CG{GLq$3S>A@!QamL>`_nNlc;LSQXC?Rd{-X5Ptv!$gLx5W~*4q|OQ*BKfi$6U!5My`@BHOtV;OGH07&$UA=koo;60iqk z%xUA1tF{$96*n$nn5UOI?VaH$%=Vx>d)VMUb2MWu%96yG1d~}-H?|~N=1JGoiX}-% zxD|y(JLl@$Tw`Lf1e*^qRQq!=iZQXe=S|*r1jZg?c0lUPl)#0ubHe9a(hD4P?+7*^ zU0TGkL2b7vKH!X1Ac3ETQd^hU;aAU$N83YJpp4UQ=_PKQ=hr40PlDoGFmJY)?<~V; zFL2{6&HCzlQ6*GiQQ^ja>F57nP^bR=&rAjCNbj)gncamHQvan@_J1#IN7knWI;QH@ zfYOCazolCp$3MRME4Ay^?!25EKJES>(9v-rP1|8HvRVv>ok^33^I9a!vrh6!s@c|2SR9M+=mjFPr9 z2Zh8GhcQ)4l4g4JA5J`^2u@du7WZf*CW8j()8C78c`rAcfhzd7zgRyrDQxgJ<{t^r zguX!&Ti|>s`)|@sj41^&IflgD4g$SKPqyXp!)q%E>C&DvD~Ty73&9ffrOw`~Q1ebw zdQ3Yv$+s8EQ5Y%FvI}b z-HW`Fab)|h_?agAy$57nkYKhg$cgk)zp4ffkuJde?TlW+Lsc}|tBE)7kCszl%*bRh z(*Svng$QnRBklDbgYuaxsB5J{{CVEZGjN{l@%tu?U~`JLH;)dNaIDUy!mO+=LYCPm zbp~ksmex=Mbf8SV36V_h*?7ZHjSn@V79aX9YuUF93(w^o4%WSBw;{!JFEO{f*C9jj zRw*vTrI^OBO-aYGUq7U6y%9S*7Hc0{;;zZjzQ@aI3I3we#{95gBRc>)wm4|~lM7j3 zbHm^RCTry`#yhNZq@t{&N5@mr!+bFF`qQ4FOxo*fiH`=m6~CgG(|fcDci%5j_ID8l z$1H;6^J1KXA~jYIP(NE*k|);Y+W43eZiZ~;xY6O{E3&;3kk5K8Ff(mRjxk9kQmJX( z!Yz|`@F+h`ma%`@#a3ON%vd?3FHVE0X&(Yi;aC8@?%#Y%4-1xzqeEpB6LTa~+etd2 zFE7c8Spfqk0WVLtz&Lj8dotDA0Uuhy^zFxP9;H(uS*_Y9nkYPdZz$DoG2aq?{rw(G z^Ov{~!E9H)Y{k*9gj5PVHO@{Zp@92!UAr7{yZ86Yh4bQyP1^hS`8S9=P}SgSV|s}w4zr`e^#?A zqtQ^^BS$ku&nGEeD)c5Bcad8BwoGj|A)W3_37Dw{M*2doPJs0mQ=`4~@$GMP*Yo_3 z9#=mUdM24NmJbL%U?0B7ex#_a-p(oa%E!sT?2PCxY19#g) z-){5N#qP9Q)y{o=>tKz(vW_3Po2G9{BwSHRdEE_JQ&;UL*b8hdFQvi-kf(i5YRl_> zw3>U^23J)%#Q3Sd@4T;h;6-`jIGqx8_kxOu*6H=!&$VTI7c991Q=%E2G@%lJjP-k< z{8V!RrA@34tD^_PdV6*4wVi~mIDg)KlS**MTn+;WEL#dxw=~mrY2g5KR3$4 z`Pt;OczVet{R(@EA@2%oBUq-#}US>cIg z8Od;9Q5=Z$JTj(OlzPGORxFp+uIfk5@wgVZ1?2J~F9lRqod~ZlSfs5;QI;#M$J`5| zE8k*dzj8&lNXX<}34|<)`u$(;BCCx@ZKU|FB{r0K_2v>=yOVUx@}KMHhKB0Y#?e2p zm3;K+@V#{!^szs4-)&v>r1;1&RWS;Ds%O6d4RI+og8$5!2_I7K^^u2=B zBz20NZP;z^*9NcdiWXc4&M&*qruP~1pu)$5JeTN^<~``?W{e~cSKWRJp5W~Dnb$2~ zt$x<8g&CwwjRzW-mSkv`kaJr*Gd+n`8`tA|jH|zyln^EUE=7!@5L^*RL@=O-x9VPE z@lcKIV@wlJR>gIYaVq6rw_bevvh?HS=u!g;$q(g_HhFSA(k`O|x)9jzjifvmLupN% zU%n524bEJ(9PVBvtz_!gmSix#NiwzGPfajsS&i96*T3VgS#G%`nkqcqJ@q7Rwzr7; zhaMPJ{AV(N3*MI-sdU`8U$-4WAISowTaf5X-4AG7GQWd_SEj_L)P*S@!r);^;fG)A zy7p6_L?*QRR@l$G*-phdjSaU2*T_e@*?xv{(nURYP#pFfRQXY@H+{%9svW?p<;OF` zn{xdIU1?Yh$U%F3e(4U(l_Z3x?yrHXaNhjx{C?us>owi`dwmS%qZM^ofxbzIOXpYZd+{Ub5i*kX_Z7awSul<5=fe#&eM0vY z9=~sWp5|}ICCpbT)>#^8Lj46HfVx>AN{oMY#=PQLTz{rFDY0fR%gHGob`+Sq}!bou!8BY+Eg4#6Ohgv&`;XTGbYBCbxb!iXw3UMQnx`%5G)LnvQVj44YK}?Vig6QH z{nb;?_Y2BA{0yZ3bh>@LIyq9dlrMjqc=FLQ(bpMcfeF2tU;B_j`$&>PTAL#M<9amj zt6b0$$$H)~qsv8TUVvU7V#2NqStgr}f?omx2)@xFi((TX-H>+RI+v&Jek z`!<%f{X=8^p0~o_Ey0e3z8s3LW*2`lJJaYrl)JYBGb};T0~7cO(uD(0Z~6Y#h%CSI ztz+i)N?5D&g^L-pioS~tD*kdQPH)$!cW%dpA*IcSKBkJ?iJRTxatWoTZc!Jb*f5@1 z{Jw7v)&V1U*!P3kS!Aa}?!J*tj&r8Uj;tcM}ov4z_;R+l=H`&JFRlsb#|f7)nj5{=I{g^u%=WD$laB$KTt57)#^!0aS`li9;Dzl z{C0NzC@j2u)3zX^vfZqam(z*C1Ndy!v zWky*(921!o@_xU$Rnz=i{{^SZC0^RbH_IziWSyEDnCLZF+pF<=pS(e#Gppy1!(ztY z7BVKBb8an>EAl_F&ccPjrAfyLyX*C;WrsEMUa;x8z~E2BYD?17H}o?UYxFTm>o66P z@hxI}m%8!tdUFmFu>N_;bW~_8dr`L_EP3kX17vfh<;{i*!=c@{5b6C<)n{{Eu69{G z+%IoS#_AHwE2wK3%OI$Q;xh)4AaNj0awN6s9}q^Pw{Az4IZCQ7JvErwEB8M?;miD@ zrA|ZMvUCZYw&+Drw1<#5!4?m*57f}e&L*$#iA%4xaAGLckNIt89j`_&azdLkLmYOn z!UcnQQ&gbv9M?VC`hOhk;r$S#=+0Ep)-0lTJKxE+IZOi0x^+DJqxrcbK8^H3m+Q#~ zLEjR(D9<;4-c*-PMhGB#jpNqsu1U8W*7RUx`3!0GnQtW+la0QqYpJUgD`d=7%$LWZ zDNrI+$j`mD-`k&%c%2lptK@P%HCbJ8cchX3Xz^hoI@*}L-45~XoDImsBc8Qu5!u)B zaJg|ERO?kzxeLO2M$a1@c+0Z9JQ#F|5HDAC%T7)4Mvma%>RnID$FCXg}dV9rd*spcJwEQNhME$!7!3ql-JJp2i47HqVUM$jKXY9_SH)ivJO!Nr3{l~1lhC8 z-yBJNw&MVy59*jYnJRd~8a4WCJow1evTtmYQhox+X-1bmQ((S>7!C5Vu9PMYgXAB?saM za&vlo=>b--ThUs;5UOyiV@mNU#lpO;y?| zr6&y+Rc{MOH4q09zV4OzMJ&027-3uLm5di+>o-zD2kb{SGbKF)WH11jK=#fa_be+` zX^^|CHmzbL)9D*?W>Y^VEzSizQ%e@FA0TeD+&JYZj;4_+VVcv;(7kxs^k#+dD)GkZ zDD?)q&p09S0(e*pdoEsXDj34&chuK^_|Rb3*V!~#l#yauVZv7NV(;WYQvf;;GdOY_R@v{>ku-nx%T1Kjpgxw-9c)CFKV{6!7)R( ze^v*l=!?)eGyMpdE^F*|C};-pp0+fe>V2de?G=7EJlaU%5Z@QU1|%=T z&Lv|^CSjg_1R1EO;LJdUgROm^kUaTY3H@2Bqy-vb27fX^ri-@!6P%#!MzaOV#6?mC zrN^9$u+9M^x;zChz2DM^g!;O4WLja6w~H)Ozw}b8h+ik83X$)F!zQt;NZ&3rrO)9c zF<`J*Wbb1&jldp$?2)U6D@Ok%>DqJEoO9+lvl}BzM!pnxa-?{;P1tQNMSte4pst|q zFw%sgdHUmf5X@&#l4u;3%Kj^!{>f)UqY#tOqK}^2KfP~A9}Fs(o}@Otd8RdW<9@wp zBMH+NNqhFBoyZw;E-)lr^f+ivD&U@gdEvxPbqx2dFQ3`q2#@9G)(@bs1CH{w+1r^K z)9KuKZ_llY7jpW%_6mZpN5QDA0VzCfKZ&w;K=tsq$9L7T#wYfxTVD5;x+V47G(TCV zMAf|=b0Ck9_%VfOz@r4BCDH+7p06s?`r)K8XD+{g_Hu z@M!$*4PFQr^u)tBF(K;*I%x`A_dxiCp^E_m*5#4>o}H8+N4Dw?5z~{( zLId**QqOeH4bN|=EprOa6f$1F&&Cie-rCUce1N_{nQ_cep(SmcX77!GDlS@&g6s`h zOL}FQp`G=5*sGOPk*xhs?QUwlsc7+P!iw+{m4T#Ep9N5c5Of1YoBMBBx;J7xb_xf1A?sbgZykV|-rw~4jWXP3UWJDk&x!sJWbk8=kcFHf>V~H^mwfDnKhBBymv1C zo5DW5kzb9+R3%$RzZV?{30~E?=^R4o&6l#lrv&e;aKuE<+_uAINXR{8z8U>>5Ei2T z6@sbf~(;OmFY?fCG9XH*~ChAEHXA}=f zE4P?%H~$*k@|#m2BZ3i^{F^f&;)*Af9%YI@f$=W?q0{pY_=BcASlXJno~|ULDpq=M zC1s7vX??#%d2oA?Zxqx%f_7!ABD!VRwjB7!6x1pO-4z_A8V2Qbf^Cd?Bs2MLJRDFF zt@|JBeFs!iZMtp{5v3zdI#Q&A^iD*iiwH_@N|7cYy%Rv`O+Y|Eh|+tcOAWoMNEeWj zfYJmK5C{;$-E+^Gd;kB={AZmrch=mwbF!9uElsi^zWe*W_kG^-JSF4x_lXCXdel(h z72fDJ^A#oa!_(W7!4kaDPiBB~XCpB4#)fVW=NtF?m#H-;X^A#X%^n{s(X0sA2Qr^@m~x*;tm z2*^rMfC%3MffLx_{o>6Iw0plfy2JhIW~%ANM~#zqK|SS%0?ixE;fus%gOp|`PkuiT zPxu`=$Gbv46W%~h*k$&lhB%sg=0)w2i$Uj+Ysu_D7} z&Wt4rMWbiDmTIn|5i!}M+2&37T zpI5JbTuJS3v7hqZO#(AZZd-RYO*F#GUh;xeGmQ~ZUn51{VykfzZfmj1KdHBB*D{YS}{M~!zo_d*? z59GVo$5|#2ET(Zb+Y1B${6U^x*(aR9@xICGau;B5YBFs@A7D2M{b6e3(=%o*8ZUMH zif%XVaaS?D(Oza`PViJxduGsA;Ic@HNk{ATG0~j?jDw1%)w9e-jUO4FeKm25Q_@x% z{`gL3jVSN}v*4Sv9Xx3EHmmq2ItQ_>@R0|bR9=?NkP%fD-2OsTQsQ^ ziZU_yvFM9n_IIBS`L};zcvJUHvOMc5MrjQK?iXB$ge3S7%UQQyU0men&XyhHe)XJ7 zAndaSp$E&Gpvg%B)M(5BEIKeGv&TJliF9I{jRbWA7Et1RX?pRQtL-FbjFv=YDUWLw z*^Y|PXE`C4VoT$DKnGOay(uhdh=OAW-Is>TPo`Z{3IHkLlzP6GS#)09j*E|EIjBE{ zgx=yJe(5aB5i!RTH76M-by^xnr}2e?k8ouv4t^;Z=-mUR>%L<3sxjSrH|jbfMh#x- zCD#BwrTh==Y7%NXhg{zhyfFkb2Wz0<0~MnL{$Rw<+D!&x%i0+!mGAQ8%EN1S$+ z!YUOHNENjO-Z<4P`r665AugC`4`x_aVj>Ny#v@3@3G>zLPmaPo*pUu546XuuW`)*7Gvgt$C9b z?ueUR?;C=315jhZR}iA~*lUR}tO9Dk_pm9u()Y`~+DbARJ&7x0Y#M}4LY^R{+hqfP zI(7$+a1yAse#(Rnl1W7xPakrcuA9#C)v(f-)uhY19|c|xWYJwo^R%m0-T*H=QgoX@ zuJyRb8;`p{SrjdKl2YgouHbhT#0Z$o}XX37lZOXkcUrFT~RqvB5I=_`fjeC zazn>ejYRyOR_BhMS@wT5ZFm*Ke7hCX3bd{)QF*gIF!&-F66h*EpgAS9PxKMJQA!`c zwMekH@Cu~4dR10HE#$c*)wkX+7V5SAD`ZK8{A|l8=UW%T%5M^b033-1a1hBRl*B!l zaOKR}bgE6i7zlaWT<;xXbK>L8bq%h)U3$T|moMh35>RF4KJY1!p9o|*`i;netphNZA-fRD=rbE<+~gxeM_YS;(3mY5E6 z*7#rG;@g{5B}!K}p@zQxwP7_6jM;4G#BEvScbj{#UOF^An^ z%aE%k7IO>EZnZ4~-l~Kb^KbeVro1HB^wd+cQQFDRzUIc|=*DGg`xporUL`;Cmn1;L zJMW+dF%3uwl(!{ibb)q^g_}fQ&GxTcPWPSXsuz*8 zj#}i2Sd@zUpJ3wFAz?UBbsg|kRzQt*!xODUW`Zp}r{#&0>(2xqj7!PH8AVvv+_LqL zeJI3o92t?)y&^00whm}>Jb=Z_X~YLRI8{31u0HRxx)Gvt??a6{=VplfMgM#e=9j5i zq>qwHFAs7+-#h&EbYWt!amfhE9LXDo^+F~-(4VeX2ogMFFqn2%wa{}rx~lj^ah^ay zN9#S6?8AdjDO*fri8Gj5(FuKYClMAbh0r5`*vx%kcdxAspE5fH<~fv)V~Z! z2Ayh+@u&l1iwT$QAHP)Dyu7Q$;?cv@MXk5||S>Xky=9Z;ht(fx4LYbcA${+!Ze zrm99j=1&5ig_uTLWiz*94J)F+16qQ8>%Qb;5y+);(AJ9eIcVI(8Qz;rh2{GaDr^FD zQ}(=9XV;u9#zY-k{rHq+Z!_I-uRoT@@+0y#>7($J6ljS6I!{|&nsj@brehfUt}zdJdDhLoDKTPO7oZPh3CGH^n;Hm| z^F1VZNCuJx8GQLIfe-N->ruaGG@Slm;SLarC$xYggAuqqK zh3hl@ss1=FzL;K)Y3d54!=x`KCj{ycVIZZLKnU4D2vL0*QJVSZT`I>zVznnk4Bv5A z1IcFQ9uCT6r%_%XBss$#VC%3G6qtwo=jtj@w@ZI^_P-(09}6a z{T3(vuQ!&jaeg$sGH^Yd?VDdj2Pc+c`XEFGC|>KaNVg;X<3=4yLZZ-;pExyoE=KW$ z6$~+Uii>f)q~uYBeyP6`OD{Xg$wy$Q4kCO@*dQOKERBLC1C*Ew0}$$9Fq$6mtA45> zt4*WWLQ-5a^QBed=Nek05%o?Hg~nU!PCy!8nHEz3Xt>)~uL=#K<6HI-Plnw%$O z4kIhyp`Q(2AzHCmV@b=4>-E?Rz6YUz_fgKV-)Y#dKeKWbRY$E@Rt&JNW(=*4NKZ6; z)K*7-X(aisDSJBXc)dCH?T1AB#C}GWO9o0^%adV51P>okfLKcj5!O*`Vwme5$TOMV zj+^L@z_tA=#cXawDSg#9Bh5m(FX}UmTTQQw^ul)1_MUyk`YtI}Y`RSW8HJ`>N<28T zxg-JUZ9MS_Qu(oV?LPQ9ShQGh#t}eQKqmcI9!7c&`dSfm4l2llp5FPk;F5yTLkK4% z()iCCYr31tdKAyPW^XyMQjkEOT~=fQC=Wmp)6O8MYXZ^LJodHWguwG4^PK?O+}BO5Z1< zH^#y|(JzEuVak0M)O*#BJk_q8-hC0g6hx@>{MyV6b3c$k4nmi8Tz8(xaVPfQ?a9#4 zow|6H)F=C!$Y9p(on&v0n?&m3vRlcu0{qJnKW;?*kj#+YOnUd~Oa*{2G|!Rt1Cf%W zan|)BSx!I9FaRBq?nIls$W(zjtVSKE)jA69HOE9)P`=8I^rX!L*y z6up2eD1_Unv3ArxfVHS_hP>u+-HZ835AshPHPrJF7yu73a#rZEDm)Dld6n`_G-gUp2sv((DFhn2R zWKWc)$Xd83t|S2DIo34MZqHE)E5u2zq1P8iY)de?LQ=w_2HE`FNvrdB3=pL1mBF3c zM;`Ny--*K;F!5EvV!)6odo2Bz8@WMf_I?J54f0YhYL~~)NQJ-Ea5y}QtGpfNmHt%x z4LiITIM#1lsHc{{f5xf`8X4qL8nAtEpSTZx8CX5x2ADF3=>AMAVN7^6*F3q=-t?v% zZSB<|XBbJJTNq)z14nRk*SyuivS?Jxz;h|B16EZawvFY={?;knpp~I%YcsrP6GlLB zA$_!f=^zdWGpi_Z_v(6~hx}%c^RDtD~ztxfcl79;V-EjH>?aewWtZtxXJ zjC&>Y-iOH@5g*=$GzFwibg#hdnzDAW*Wm7FmvxfgFvvB-82vNmyEaL-sFYGxH{h>y$t)O`WuQTcl4W!yCv&16dW|Qlu3(drESbE!kD5l~mC^Mn zXe8I$?Pirz`ghrjr0G{Yn6%5gI(^6pML80VSQA0Pgf3_XGmI^2v=@9;_^qz|5fYpr z;xNv9U!8Nhdzs$6+2+>gE;^G)(3-$kds&4%5FA5SZEgKkWkn&G9+>9SO`Oh_(m6H% zFeuTzX|P~Mm$b+s5&kAT9iT$*SkDgwgT0sHnWQsM!4_E7wy5ul{uzGCj7(G!s?YYn zNpvR^^55<--{tkw4}X(z+Mk7b&?~l)$CBW`Vm0KmDNGgf*T@;E0L z-=(TRoI)$!-ySZMfMw9GhJQ$brq^_u1Drq*q7Ev5Tdn3iQ3@9;#VOGP#$9)gpyZzw zTC6%ctDJR;t!(1u#u1wKgR*CrGZwF8%VbNYnozlmz){o ztHYO*8J1kwq|rR-y?$l~y~a9aH^2HR8t9S?P$eKzR7QuJh3l!mU|P0J&fehITyP@L z-no)^m|J31Bb1_9CW}^v?4x+=GmnP&4;SgF!&4?hv;arWkLu|MUldWaF2-c`v&jLM zQb($wxv4{KThjQrOVro*v)!)KvQaLO&R_Y&g@F3rR|N^3G%M6~XmCp#}#`li@oOL>3m*rQfp z;4)J-qf?v8R&L+eX|0KFhwGC>Lo#ho0Vetm>Q_eX$CG&rfxE9~DQCZkEu}$od@l)R z&fs{-WlWpD)C&_onAxc`H2XQLuK2-^EK+FTN3b`@YeMcK#Seh$Fyb8aaNKf)-LS`3L$GqXMlxev5kf;8G59bI`ZuRwv39e|8hNjZZ}9r zGyPMyg~;q9e~g{aMQrB^$U*MfXSHV;=O9KKVe%gZh$;uYu^m7dqZ} zWBH5-nSrbz^;1RmQm1JddKtf^IsLn6sq9!S$4-H8Pg2Pjkrp0lLxkB2sOokIl2vZE zft77nE#-;h^y0qz>p{?UR7sdu0-Go0y8D(XUq3*1fnOT#tnQ4 zQioW?+Q#4CQ4{(&0ODIs4FSPuGglto(JD3Z2cYEGI~!P;21(4|gNV(_&h%??+zEbt zK|Wr7bHWE_ZH?}soQ+vbGI4xV{KgllQ?=HV>jixXWsK1M(BiJQmh)Z0KiN3in(8Ao z-*=caf46(~_4=(%`BTGDI{#vJl7ZqOsmdnnIkOi`fiX3wjZk0KT8&}p{Uk?a+B#`@ z-B?JPR-PPEA@KF*TU&jOTk=9o<8wmW^=6hD-fa%TY#!K?vA1kjkjc#ci#;ospyW}R z<(~@YO)Yv)f^R4_joWR1xC?FRSY?xc7z%C);a$;t-e&DVzS8Gfuyp6?_NyVGx_g&3 zy9pbh9w56g`Bjpm<9bKl>FtAlaC>7ULO*GA2HKyxrrOvt{qtZ5JY!mre?j7?>*89I zS+yNkB5J1h^+CHg#>Hr?ft=)QMZ&yjv($9V^WL;U=pzDd@8x}f>#BoWBOhQ4M!u8df zYsAE|Csel(#w%tPPO%jm9Sqa%uKF?yBeYuI=MRQ=gk)+H=m&-gwx-)TM|yNz{YtI% zJl1qedpWb(8t!g0t8}BD394$2Rn;eQDzTAWvo*GQ{drGo1zm7U(Pf1=QK~GIA@@P& z?E{`Eu0+ISRYX}Wsif&Xp(km?*fQbs?4p&D@!$ZI?fq!LAs^hSQLi(t3Z9JnfymI* z9!|Jo+4@=2UA5oCs;%Q{EgOR}{Sqz-67PN{xi9Z9vsmAdcy-BS462sf*t^A)26UlR z*gqb?UdndVkgCSiX`)18i|6}Xe1arv2HYP%eyX^Yb(@cHm*r&v^XoTfTIGxMn8Zu) z@}}qm-5Y?u($vLJPxB>pP}U_+TOV#|vCp@56P8yh<>~6Sj7}zU$IZ=i{9nNqhU6Xv zU8PV?FFgbzIM&IR{rjpZED3L0+?KbW+S&Q^-FvQBVu-2bnB4ibOX=@tI5XW9XK7*D zulUO6bhz+ME9G6X!@+_+HpLtRjCBywo!D&glhi`hN3m<^20@I$W#AAFUeN7jn#9@V zgt%WWIppfbwywd#hDn-9MBJyTy{o5FYCReo}Ro@y*iBe(LHxiW5n6MrD^;Pm~PM~@9lqI zBgXknsP)RHun6F_JfAwl=D+kV`akBa|LubmI;w!0!ejG>$ajECdS5j+XP)&IAiBLJ zP&IneSYc?ic4ltK!H-eEsg3BJx&Uy7sm1w6Fe^|^`(APe#HwS7mQuRbi6`llkpOY8 z>8t3`}$qW{8p)$b{7eqYzXzlXQS|Eo3d_Z$0r zOL;zn_pbjsr#Rjt|8qXezoU2kg7>a?&-4Gv^Za-Cy?%!7IWHt*nHntwlhw@lwX&@5wfl9`y}9_({s@K>T(_b@28zi<=$JKq3hTR zE5~*-`iduBK&tqSCFG0HIcRAY*PV>HCjwumhwL5!&G44QhpzA=h&H$mPzPu|(LaTM z2bh{Z1|G?sgMRxt4J9clE2W%2|&4+0uCO&w0oW?o}xM7QDsq3kJVm{`aYZKQ8d6CEi)!eI-6r zz(-2>KoK7&<6#0GCE;-;9#-SC3izbT|4KdKK_VU`;z1%FB;r9L9wg#HA|52-K_VU` z;z1%FB;r9L9wg#H;=i?L;4v~DBjYjhe@~437BgUwd)If)F-dhS&vID#t-#uT^}n}k zX=YGeAJo@I;jBNJ9f{W~@ITVx{a~~IO)k|~>FY@l#nf1wbE$s#z0$PS55VAL*>Aau zfA{wyRwsT9Gtl|O-_n5kC-PVPg|`8I4gB#M0CtzQ{^Wh)^S?zmE&un_w7=WA`1knm z_Q0ig+04?zRr-gLIn$Oa!B&I8_MlMlwc65`26N5L>zf((N-YYAmR2 zK!~K1!g%TA^t0e^e~{$wZfrHuA?DHNpfDB~{NU(~F_tHr9Sd}mugaW*kdFVyy}tGOqZCWYSkU*7 za}cZz2}cNhIR~w+orA8!&p|XAzq{F`AwS9A7YkV?7Ti4xS))4#U3n6H4g!OZ$$>WY zZ1C^zwXCA`>S+SV`ayEmkgZ)=*zYU_5FP#Q=55D(w7#>#RVKp9B<6$)(R{uAK)q2T& z@+=9|ZehHq!^2?lx5oDRx@0oc^$+p~6K)ztsbI-P{%4N>>7RNP_EK9ukQGv?s}OU< z`FNS#J_C9e?vGQ)Mor&w3}15|Zf!gx@@{t;GL0bN%P+j}AIe1h&Ajt7#FwX@lz#*C zMw}fvehui0%{HLi{gKRq zK~nvzf+|2I0?#|I|If))j^~j7*Lg1gfAY>-1)%+UPckEvY5gbq1Njm*nTVqsEDgTg zEkf@9+_ukF+Puu;$1ylKxN98)p#ZzVFnoG_^9r9d5YUKvIJMcvUZsqL$@+w%hxW>| z+e^-bzKhQ&ZgDB8JE^^I2HG^$Lb)M5>X0r&@cOH+b5Mj9mgN;z{=J*cr(9~Z5B~}ux{ZHMubJ@+ zMVWF;o#m^p;`K%u`NY-ogzv)JTu%0n%1Om87cO7WQ@O?LZ5)lga`vu+DReB4ZBkJW z)xEj7*>ku3l&HtjT&eB~wmy@UtWA$TH5koh|m9Ti1z=>B60pR+l=R+8%Jm` zu6KzFve6NU1zMRS6wX0IJm|HvglFfV4Nl|rwZHfj&}AJFgqvk220wukUHl9o&x8!_teMgV+z-ih@f)mdl`*!H7q=&r7H`8>oO5SeU4>K3PSke8}`yQK~>t zaM|l~kS~o@^Ev1u4$}l^*ZLh=qpA+RE&5gFRf%sa$hnNfN&`*Gv?bCy%}@6z}KI)z6Jf~c+T$_~pn_t5O`>sr2k?O(8Q z31|NFY%2_qm`$e{#f#{Zy)8yx`MgdZwiQRNhEAQdiGdZqMF<5#m+Cr#Z&ICXkR`LH2m| z_a*Ti+#5sRRgvJRlf1V!=b$`s-I77OnA3q9t4aZ^y1aA+w~~x+0ed0_H=142HH4Gg zdf=?gK0#yrVa(Ngemy_L;AC^|8ZV@-%U$x_OX2PdKR3%m(H7OA0r7vb_}xwAhd2_n zwh3g^`;=z%92BbC4a2FyQsB$k?6t5+WjU)YFtsv&rxcV7W3VACxj^sh<)U07URXOK zeu1taNh;ym@zo6Gu7^FLYyLUQ#9i#y{N1cCW1e@m5cQ`C=~9JDVjl0Mw|1ii6ourY z6Vt<2shk>Ue=^mwM?lz>>2Y5|>Hjn|frxsaoj^^eGh)nUxSdcy0f9N#DK}I5$poQNG@lAHL8eVkF(U zeg)aVaRv*S6Fb$SXO zN*rdQU{O-m5$x0liF%sv+u)5T-{#c?Jy+Vgf$v{G57nw0j5Ne@5kDWyAJU}kfqm6E zT){Y;3S*Vf#4m!~^IckUr>iQ@K~AbS(pl^JYtHic8sSh6(n|}BiWhDM&g>3!!Q%qi z`$wY!8Tv%Y=N4w2TCn1}?nHa}-#7;ZyH#Tr?+|<2C5Wxi9eV(KKMfWA0;`5{=$EnL z81vq~=ZL*$t0gMT`N2o8W=ce!O zqo=IX@ZnUIOt}cUuKC@M=$Q&5%b0@9BXc$>bOnyY@>BuKF|*UgYjYBv;1k5i#9TCX z^+tVD`W15KZ=bjwKbAcIeg&j>^)g2QECRAz1qsd2{o=Re$0(P-io0j#us@xIwM}3L5cPFr_$dyV9lZ=ieg|s5I3%nUM>WCKx z+SL|Ai61LzsR%}aA)AqGVf4H=quc4fW7j`H#{=tW$}L-}<}n+~1~O z&et58+ZrIgNSUs1spLyGeQSX~RJ|6>5bgeGvc6sW@=le=_8T2C)bP8Mv6<`X;e(tF zE-R3)$%hb3`l&RQ4~kgp)uY-tSw0QUY^2)gHj3)vz5gWAKFiiY{S_lR z9i<20Ej9lzU-n0NH2mv-Rbduy$KOcu{y$hF6r8_T4*m!rHZFBwH@hvJh_pN&Z{hv3 zz)RhKoOCJ$#16;*QQ~R(E7tW6*qo)_bI>VGu*x~8_;_ni19!y*rHUZ#14o5QOyamO zU=1|SLPjes{l2qN$~Q%QW;>fWi>tIXylf383#aOkp?0j^IjBaam;J;&4=#HST249# z?P&!EoP%sxz$cpNE(n_-XaJ;#9XA5`rK2baxY9u|CVL&r3mh1PDE1g(MbqU`kUvCi z`YBn|+{th^pWAiuf;*?Ix41kN_y_K5!k*?A|9rw8i^hroPDV=f>sTB8EDT^W6 ziu%j(kQdNeBlxoD6%jNd8MJ9+Cw`6}8SmWbb^OTnnqP>~o9$$5Q)M!i2pp6Nck~IBcG<_I~-M^_1s}aBM2z!}o>9zuk!6;olYOE3_-klW|Bk4})U(8%;lO;k;hnwf-&|>6U`r!Tf3J5*d z2yvmD-$xw%{8YJNMORak+^>B71Jt*yc+RS-)v56jd!Fes9x4GgaSx|4pgjYf8FJ;bo0 zY3|ml3imBVN`1Jl#wg6)_&^{`NsHq_$i?K(dKj)HY>FropolaH`4zVaH*C{IwA1t} zvrb}pk>+n>A2w83U3i^lj)cdwoeX#0egmVI@)L;-VCIVfy4p3RzBG|MzR*do|x|(m|=x zt5m*gp6^-pwt0}?$VDa$KXL?~Kvw!UE!s^Vq#lcj!C+mB@=Q@tuZ`D*?gfh)BWbXu2eajrEgJpf6<*fJ>YS$y9^|O zQvNVY@Yga2_}Bh2n}WB=KZQ+L?)<*4mh~K`o@kC+fd8`e?kV!tE6K+uysXz(dvY`X z4~QcEOrG#J(fjVjfG>irgJw3=sOnoA3tu1|z?IMr)k*~H%E`cI;i$CrrW1{MMHu)e(8>^w*blBkALq!p&A0p6GDn;3mKLtgw=(XP{Cs{Y z4(Z{?N>Ae0&OzNkfOAFTFsWI&?r`)y#Njy9r=bC!{{1X}%~yG})fb)nb-rJ3%3EL6 zZz>!$lLWUpK$mRWBY^lY9!Epya2EAc3vjx1ic7MyT)fzjvodM-1?Yirg5M~+C)MSy zRVFjOr<8-D3G67XB{ED}{{&`qc_zUQb;mE0+~YE1Yp6OM zNQU3?okkz}oIyo8sIesMM9SB&T(-L0bNwww7@Z*VPTu30Z zJCjqBxiJ-KiyrNVqO>r-;IvxEnzg^oJ1YHR{a`feyKObAjp+cvkSzcB4w8xGACJS>k39apgn zIO;wJMJ^I!WR|PIfE9W^Nh^t}PrUk>sO7|+(i~v_5<9NFmhnVRNftz~E~$V25BKgL z?P>h$cw(S`(ltOB^E(gabrUi;RsorB!o^p=_O6cob6ZGd{~tCN6jbr>ZSoQRO>A1_ zP2kPBDnoPVf$PJtlI7iF24V0v442@%QIUo6!^USo4*@`+F6BKX6)Lm&P?;9^7Eb`p zWZJ({zQwH&-!**>7Zcpu+jg}2GS z*c$jdHgrw@!*bz!qT32c=86!n&JNNksR|gmzh19#CV$nYFYLSY*E>)6?tVQRZ?^pa z&14rNdKhOD`gzRX>PQO>{dtDG;(hv}HO~Bl$nNTg2`Od?T(e2}UDKrmHscR-T_%CB zUN}>*c(m0Rjv-j9#uR~;*E}3wQe$?)*~uN7X*@EpSiVmB^5X}N?BnMvl;Ocrr;5sH zE8ypW?LZOMa?=O}i#FP>7H*JzgWY_bl6||K;K>vHmzSmmT#9pi_02->4jZ+9opm{EG~1NV`hYTpu~QK3G70BfN}@dMe$>li=`TnyS9jjTUlCR`&RFkYl3E9klN5 z^I&#Fl}mqiMk)b-s%zfvzpHyPy0g%~@`JoYFu~#b=jBc_>p9+TV+d)3b?lsO`u4b^ zXC+hKtKk%9`cy_EX;bRg;Z43jS0mmYkr9)hidcVj`h+I!G3!NZAYI()on_48hF)Zt zKpnNB0>tQzxl%8AVO3?9C?uE|RE>12b zmN<2@bNRVex4`E7g{Oy*SZfxnC~Ce_-nf_f1MlS1hLT2e*{ZlJ+~%*%d?2sG>p54U z2E>75=+VA2%C2nUXsNGN4pVT1Kzm*7gz&cZ6&{yKQD$r}`G-#BpGqzWSQNdVHKR{5 zNiZ||;l1mafI^oq&WNr#hm^VD1$9W=MaN;Nq3muVB*L$yq}M&hnzD_$`pzsyw`5bV zwBmWwc8UeFxi?!ew+W+Od85Kqi7T14 z)1sU5q#J2UBNVZfbhi{**cb@q)*hWz)mQ2Ctn@KaMg;4WJNXV;KWJ@geBf^1#4|b6 z>QXDhh>kSm$k3t=xpsGCFV){1$JRy9otfOi)ZsYZZZxt za%Hb<(idApRgGr@@-k)mMhVTa(t2@wORgwvM)!B_fnAfd`r9;$pMDUseLGtY=)BRU zzIE6z;T^)?uuFqs@0}CL@n8&*-rV`hZJd}ma?LhU-DiYXsPKYU-0_C3JH~c5x+V9U zs8^wrvVeKJ8IQqnjrn|Ea8izrd;;4QF7yfMVIk%@>gYa(x_sW;g`Vj}OJ_aPQ=|O> z!NDy>Pxt$UFH7Te*g&TxsRYii9#*+*ia5CBwU!0Dppp^;mJ<~o#2qR?*(!BQgq|J8 zGG^Hb+<4T(GF+}5HSi$vM|)^nU02{*l;r3o45i*QtkTte_g4<>#N*}+$-Drf`o}Lw zRwZtd5zL=0E5sehuchkP-U+^fX4l5llwch(?iHBbUiwUFF2D}4G8U|Z$9(r3zXT`%EvyOY~!k0bPPNzPD2Q?3VmBN?_!$`=i*ASH+T zgeyjnpq}EsK=<@<ylv~Zu&7zdGal){>f1{aey+7zkt@Y zR(P~`@e|urt@?QGyw!26HYNuFk8B}v3FVNudql(2ke---MPyfmWm$vFE^(llJB+v) zRJXi~O$A?sd~GfS+QYaF_mj63C~DYymm;$h8=D!TwlmfYnxc(9H0XQ~g7Ij!HKy?N zI(+Oj6jJ}lfMfbBW>EG-dYhF}7nQk9TH>P2_a5aJkCmwMmw7Nv$a>R-D&W~dIwK#f zpSxe#pk32qM}X36c`1&`JsxX~gkOvoOavRCiavVW%Ovvfpq)?fQmap^Nmun6Bx~NX zmhzwPToiJr!3c~Zqx(sjb6(5{i`KhDV%p(R{sMOqmR=*g>Ur*P&O?0T=gB zxrfgHGIfbKcRu>|yAHFxZQgD+PU~6T{!pP;G)PhA_+)CU_tsfeMOk(NVnara#vU6# znCkK!!BkSB5sh=LSo;ZAMWz#h`B552dUw|Lrc|z=C)b-YRbCH=w>5$6rUagCt&2FZ zt6^_r_LrBU1FfSPwx*!>$FX`hgsUsVQj9p`Invz8x}KAPB(m4MDd%K#JJ3m4%jY0k zjIkB!Rm&FbxSLeG2brH_GC#HpZdwkj-+1l z4Q?jX_ib5c+6>GDQeg3O8om8fl86%Pb@|0uPK{D0`NB}ckDU4~GK669o9oXgOS=pf z8?42#^q7pf@mZ^j+$C=ZSy`NMRqDmA1&jscmoYlbeMH zyo%G&QEgm^-OK)N^WDm<^`|$|9Ftk3adxTOT8z0-$Bb{jzs@r`s7{TOd;Qb@M?1n6 zwTn<&iVCI0*i0BjP0P^>Up)-qj`DZo7Jc^Oqn#5eu_yIw!Z(Ctdi@<-UnHUQj!hjj z7;BVfp*uZLNL|weXwBz}4-tgAQ zRXtB#2TVn`6$`o}+5<64_f@TQV@7tLBa(EB@ZU+ z&p~n`7uB^mIZgKHp7*XVhxI<|;dtpUH8ZCBS$Cnv^r>N8ZNvMz=lAMjZ5kV6ugCGQ z3#f+)l(L198HX=~4li90m5Q1!LiM@`4y{Rwefy^I)Eek)F-Uzu3Ppf;pW1Xp?1O0g?V<&M*Ae>-xcJ6UCpEdn1A(9v!Bp ztB;x$RGy050}WO0#qmooRz6mvHNeY0{6RJUpS0?Oe_sFldHww=U|;@Gc{zLq3||5K z?^pr-yH>#dp>v1$3fI5RXg>Z~{^y_N-?8fT51RnNdsn=7#d}v^K&$yRc-3(VzC8~R zZ_M14H@&Gsu``E^j^+T28q96U2kalVa7&8?E23CIcZ|{809JVSm=-<; zsRysD;X-ZpAS)9`=b$YtycvUShTS{|CAb2!e85$%a}M%gKe-G{Ecsy}5U5D|8y>k9 zDraGsW5%l$o*>tc2WjV^68D9mJR^ZZI;RpIluVTdt0-JxO!UOR!JHT?0H4#r#b@Ho zr zR-l;arDK3kAgLX^JcAYE#R}!J7)JbmC~MGvlmyYzSI456KJ=Oh{7sQ!FGf@nEcuM z^JE(8LsFNV%pOaxC8WN~`NZNC%cY9ln(Cm$eLV*ehu*}*=@FS}mHIpMuFo^5q3K#? zEk7>XX9#I=DiD1B)P2{h3AD1RN4N>E_Z!HC^qJ}XL?DH^5Pm(d=$7Z}*}{d=`h%IN z^Q)J9_qcieFKCRCaO*d!e;ep*7}<@nX220(H82fm@O>?1F6?!*W$K1mQA2xs;b8?` zug9mS+)YV9`82^U*%w*;+=)?cX?DQIZFFWgeu*uV4NHXs3ZXCdf=VF>u2vU8_B!+W z(_+gk^7_PrHJ0q&vv)Y&U|ozkqDs&RW4){cWwW;0^f0rSGiQ`=C#<01x}5Uu(j$fd zW*RxSPMjI;8xyJjj1EQ&of_iuU_X?@)TzTQ&+fwbr^3d@SD)P3zSy7Xi73iP|$!)KNY&*u<&9b9tkFSf-9p-yVK}P+0~E*y=heK&!r0p-h<4EWByuwJ#_U!>MtbAC~hJjXv&Mi?YvtkJQ=AxtSwIg!;*<1ov_uiVv z`fz{vKt=q}DFbxZA&R0@l^>KWrgsVJiwQZ^Z~6&Cz~i&`os?y2%*%XS%Ixy?<`!&H zcN|_QmJGFkpQMUPOB)O?=Xo>;m{}n{hA!$`r$Xy0q14KkadYxVKaVRg0}s%~(IWL_ zqFk=`{9Z-h)bL}OxAWWkZqerUFl^-q*G}YdO{k*3@yc4SD4joSCAl9=6|6ii?4}4K z*-&PS!{m1}9^OSR^4}LPf9Lr%Rl_zSuDm{o;|Ca03LDa!eSVmLX+XlBL#_q$6gp4% z&-bzsyw7td*-EBO4k}f>*=$nixJE8i9mSKuoo=SS$Q8UyatubmV!bI@9I0Fa&q3Sd z$mC1G=BGgnmY&F;j$2HhpLGOYGGw#n*4zxQ&9hp{j#S%v_5#tQV_Z2)htk$mJFU+!AODZ2VC#%{v0?9#MR6iDmZWR~lj{AHGRp4<^^hssJ+G4%&ek)QhK9IeO zk^!UI3nsux`a=i&hP=)}bV5vFExO7+>d69So~7JcQ3qXD={g^CJY_mrIjjQKMMPRDETQIYj5s z3lg(*5tv|7@;eNg3VvLMf%VJ;nlGx)y&2_S`~s|xca}>d>3)iC_rsQVfc0@NBPUwy zWJ)cR8TZ)=gef`I@&~ACA`if^p*&xLMc-|H656u&;nMw6iIU%)DrM<=lw{(Fy0U@x zsvSSO77plaqgLi#2hIY{(2tO-4X02V@QZ|*z$fp5_jEkJn2)lM?+@g6&>j(B&NTM|?mO?OXGYjgiP2(O`1ZqU z98i|&bu~nKK<4TVX0Ki*3@XTfmDo^z^zys#CPEhOKa)p#Sw!I_$rNE=QN81>npe9U zg6ECCsVxjR*iFZzwa#(k&ZWH+jl5>z@DA#6W_=PU?5=nI3o;L94g&+G`CmgE20q)( z>m3*?yaT3NHLBw6bcU4zC}KJlwNsmI9I%38j9U4O&fMAg=<%~X-5@qbBmDVIe*2w- z(v(z%FQlYDbkYYsAmZss@UNUZ6f0^b(zP;zrcF(x$xsXkF6l~?Th8LO&7LcUl6A2g z>GHlDZ$1!z3=NG0P}+C2{l__t?PF?)j6ERnwlky)?tMKvn%`>oc7kCQ+wl3H=yAo5 zqZwB{o!&wipP{{1UOJ>u>+%z%XxtnPc1UO7k3@PMyxv}NnMV&F_|^>09Y9CE`@XXR zX1|?~P%taShRg`-!l9yTCqi(g9-d}vqvq-Eto1R49N%v-EmS!kv9Hb_Kqc@3qU+sY z5mNOGjkzD+aI2=d(a7G_Ve*2~M;nc(y4t2MZk|u14}{KIvxnYfykWKddQ90DRK3VU z&DCKdZP|&7;FA*76s;^=IzAQ=g(+_txdj#zb4%zY$W}XGywM6OjsnFGt~|nrG$ef(hig5CR>1CU zTF*EiGs`qtMqiDwScDw8u8ECN2Kqy-Y7(YD1R&B$Jh-H;${3 zd8gLOR6j5X-7}uO{GGwu=V4I{+O0B7hkfP=el&&>n7e@~P+B$iP~Ubm013@sI(4Ma zn7>o`@(&A65Ba@9S?Of$u?!R^EBvg8mK?u?#| ziPJu{s1qbe8<`eY8K+&QaGJ!}@=t2-_&uQ$qTP_On*3ZOKzXrsz7t$42gqKC zdpLC=I0$VqpEeT>631C;4+_t#zzd~?E?qg&^chA3ky?7u)sLvL+Sk0yd#rR=v#o=J z*|=H0W#vw;9LT0J7dSfYJ6?Q3lOB{hpN?Vt3aPb7uf&!@qZXCFwJ~$N3~2Tw+3Oq| zt!Ce!l#Lrqm(sR#%ydvv3OM4*R!pGA2wRQ4Od)Trpkg2#G@*^LO*E(Wts)p=+T}^a z-Yz%2>bb!Scl!L|PxLb}pKMytTtRn~1EO2HcQl~cV&oA^TICuucM|ZwX zt%xu1KgD^yau^j&6Cb0g0vnHpiU=`^*)4zUuz*oQ?ScwUpVQ&ZL=V=&LW*u^cb9R= zI-p*kZxDWiWU~x;^@k3Be<|`RxNFNmZCJ~k%usmo{WH74`li692;v863I7NYH>p$@ zz0jSkt=Wr+D$*fty$cl4@AZd{lVbAGjp0CcQEUEHqD?ryM{0yWT6=R8?RCGg7h@J} z7zs2R=VVYhZ65ob7<$_-Xylt z#SK9J3&QMvRi`LeJf+aRCqHt_bpKJhVMW%J{0l{gJ|CZ(pUx1CB%;DVb%EVtj6?}S zWj7n*sIHQebj#cxWYCP34U!fJpL(QPBQ_x@9QdqiP%`35-_?QiwvF@lqchD41V?Zv zNJNhM9z-la#^uP0tI_(Q{4A!ynsbQuPhRk{y@kekHuBA*>$E+WrL5+q1W+xi7b=YC zqH&Q>%NrGb!zK?VA@>OP@(UPZjr{6Vdm2?vPH%W`h}3+rFMRbVbXH+5;PDXRi&eY_ zM7&M>CrHo_8ulXo&k#YXMG5AxrA$(DvO5FOyl|Nk3Mci0 zztNnF|5czpgS&X$#v}&RR@wDpAEoLUlke0fiO>z~4Evyj5U2Z!X-gP^Fp-``iD+0a zOS#*o>4M|oJxwr%hnh8h7qQDkDUWW%TE{+3{gTb@bjTmuhbJbhvC$iUix`?g&((X| zhJ0LY7}ZP>F3OY&44hBD)~|jfN4Nuu(*aZ4>MCCW@^rnWSYxo+xMKPyZaPTN)>iSA z>d-VHD7r+g>;wG=)|SB+YiHRXH#iZwV=1vD@g*Lx>*%~E*mc;h_XR2ru8Fh18eDv@ zNG&xb&JfCNpClbFpSGMT`{Z)UJ=_V5KsISZ?o|<~5LY^yh^&oRdnb`Op^N`R_p)tH ziRfcC@7S2g3o|pAlz^uNiD7;v8Pu|nMCqImEzI7R@9IH|)pAs1n*z)i_a(iB zz_SAB+vA3*_6ca3zZbYW_F-}a^;qz}qqN=a&8l>n+dfwtExwP8^a*GQL~_VT)+$17)F525|&a~^PwUPkmUcCLXP ziYxm#Flb!;hh?-ViIHfZ-PauTl5)1dZJHa9H?BuNMVUAHh`wZhw4ikqC;W~zGSzeZ zWU=xvoSU=m)ZO@u+>C(0m-MaWt)03CK z{wNLp#&Z<~9k9Gqz^Utxs@?{3P2d`OL9++Fi)vH96|c@1wgfBMc!74(vt`3iXHETZ z7p9lCGFZDdRJ_$Og6k^u`Y?ouh0Bu;@dqm!<+uca4xR;Le=JM!_HSh$uW#p#6oz6s zQEi&nDM>fB97Z8A;LjW#v%iz#k(}yXI8U#+R{9D|Za7QA=gs*a=p@apq{Wm~FVWvF zzbohEW4Nw}auyw#mGBlmQQM6if9mIsvyNa{AiI?IIJY54Hibj1WJ;tJw08JhMxB$i2{-Ns$dESoz-3WFqn7wf! zhPdIk<&SoUx)@rlrlecMNIx3+@Z50S|EfY`Q_{j!1;U;owG1H*gAh;F5+*U(_N2BI z+l_L>PRrPlDTLb)#P;HTO-}qa zb{tsSwJDcQ+&7rYJE`wWlwM~CNf5& zMf^jlZXpZIi+>@dFg&Os{fYN=&XoATtv)a>VtlD~uN%w<7bB?`z}4D386l+R6p{J& zI{J|w?p)=|ut#q+Glj2B4r$V(pTI_#M@NzMXh6DR1sR59)z;!gbNZtNNxl!Jd3Mq< zT|%eZ%K2K?u9OdIy|Hl$>XHpU*)yWiXlC`WeRY<)Fj2|yp$N0|XpX(dkJp1e zP&}jz18OPSl`3aARasW%&*m_8ai@IuNvueOr{01=y4s_PGpS6EV3$jXPEEhiFVXJT zw0Zz(NLRqr#Pw~he0fEyVo@D=Gr_x(7i(NRE6F5ea(w?s6}gQPq7He3JmarmFG4$` zNhq>v^Gu)C;csrr{2~=amY=232_I=*Crx216K&Datw_SbN?>%G_-2Bic^5__jQxX5 z`I|eT1*o5d=4YqFJy}zmEM1^)g&XdWS>DoK7FULXmr+PDZ5u)`mWIxS&6v{`CgEa8 zzJjYQj0cs^y!hfdlwY&&)ALZa>8p1ZSt6Ydsm|vbTa=5u^J35I{qrTy!^*@~bI)bu zDbmZ{jJP&7dZX6K9}d~+BLZ&|uieCjUj3wSw1%JQfwIG`s%H?Aa1Rm{XTku(t!?_| zZDgrk&79blI>UN9&h5RWN_TOhoYk3@%(>Z>xiwNI!JPPt8c_!k(y1x7BQ;%)V0 zbZ|!Qzr{2zI~|Do@?2aqSiiWAPH8C>-Tql?qD*$yMckx~p=vbGHMq~<@ltLttgh0+5#&mI@(|j?C?Gw`ARK8 zxYL9OmOis%z8T0amHc=}qzI|(WFD40Zrps`f`PlB>n$}Y56w+uh6hd{L=fXTym*ez z%9!K6ZdBBw63lPD1jwPIdRlnfPd#?L3Qib56t8hKaQ`z#Osb`$QQc^Vmb=&$J8Wk z&lO{c*+jWtc0=`4I+ix)UhO7fQ|_RblB=TYm+16;AhA_+SFsb(4rX+k)={QhpW%q9 zYjMG|w>%AJx~S1r3QeVHFI9kF=%+RMPGwIgxugaH)!Mx219kg5^LpcZ>cL(0i@l3> znFc$e=k3uqAc>%w_3$=T#9UMlSOjiJ(C-%KNgcEdR^*;A$kDB>Z8XS#8xb{R!P#4V zyYM=joXq!kuelN?o_V5jQ74e@*T5@9aR>?6z0sT52FMdnxvY)U8d$C_WXd$hJukj} z?nIs3DOBsVE5}dKqR8bOGg7kxphF|0 zr<2n+TC5h($N>B4$Wu)4MIEE3mf+V3wXbg#xbL03Mtx&^Ve~4j|RA zQUk(Fgj$l&Pu9JUTj}>97`0+2-_xDUoYgrGcBG{05W2K)n!@XS9J3&x)DeZ7Ry^g} z#Au7_E|j;FS-vQ%-ZZtYo$)z$W(4heU@mxOcUCM4O<^H>)KdA+`2OPuirD(^C1TA+d?^yf!_-UG?JPiG+lu6z!CcltD{OiUpI!WrzO7jv>U} zOgvnG^c#P;vi7>f1IZ!RoHKK$nLm(WbD@0p&i%`Dnx?hCD@On{O&`aACX6rPthNVB z;Wws!?+8zy{sPp^@e=Okb*L&C4CCot{dbyPNoSU;Pi_jmc3HedV@|-At7n%R;lc>) zm2Qi|Q-!s{*ILPH^J6|w#`c=xKw5IyP3*AqZEvVqhD*7=pxQ}OUB`co3i7`Rqv%uG z>IAzk6yJ8;QZ!1K28O-v$hq9q{O)J7O9J~xKQdG2OD;)_oJD-qd8wGG&Wg2wfXm~& z-|Kh+z#p;{2pZ5B6d%~lWY*4t@OtZN1Ue2OxaB6-HnA&Rk20NbiUcdKE3522NqoK= zd?eCbHR?mwqm7BnlETQUaM3Xeeew4jxV@ML%jCO6b8S^M;%UzcCk`Rj9A|Q_=zeZu zP#5tYQ9$|lw=Uu`VhVte>o`u6*4x3=+l$vGwLw@mDZS6HyBB5Z$PbR+cSZjY^kvvs z8nT{Texml;E1B;`qQ`PZUx+5QVMhvULPt3dV9ansQV8xa%DAPTa4OJ4=Y5c>nvbCI zkPjWaGu~GH%vT$+!1LF{`!U!d1jZB+C(el7e%? zx@Wa>YMd9QE2Rv+2}w5VEAKk%JFo}xiz)cCJN+`pn)IQgP(nZeacg7B+4QJnve$Pl ziHi#eGqZ7ca{m>T(9HPb1&1y11;vmWieT?6gFBJJDnL9Q0mI8;0aK?qA9_YvF3C`W z&<_#6k`%nxOErP9OZ`rfi>6cjui^74rfJC&&HS+x8B$dU_N@}-aRuc8weUBaQEzf~ z#<$v0Mv=aW3y}7pS@TQM|+@Sgf+KCO5nFA{dtOEZG8^N zGw#Rle{v5DOX^-7m4&5RKT09iylhG_+C6FjKiSD`N}AauBqe~vY2tADalZu*ob=&+ z+sy{Ok?)xKx-KCLmgJ5XZ29GgV7EVX)sP)Y9Z^y+ZYB(IachF2JLy<6w<;Xm z_naRhleu_(P3Cdyol4QSQf{ZL0J+Z75_p|9Z6)AU!|BKU7AgL{a7W8t;lbDk)X?~& z)=0)w_wpI~HCGq=zE3CGi-dii*L5^F{i-2Gk=_$DvCzocayu+C>>@lUB)Fu<-Piru zli^nOvb*t;`rbmJ_CKE8U2UP?8~gtcwXA+niFsdD>YG|moz7N(|%e30q$ZoPs4A%l( z7}e^v7qZT?>pYYDNZgQtM%S^uo7UR7zVVyyNbH%8B&`=*+ZRedg0D^|#4dJcXxyzTZQRd(?$d;GxQeyNpuu{($#p@>)jbGPxqJaFuFSYx5GS2O!I z-|vjF#mhhHQ8XXA!P2j)SNJWQ>mBESjZLu9HTt*I^gOg2(m6yQ2LbX2X1!;rMn6W| z28sJ}hE2Uvu@If|LtZWo>dPA~oqCH)`L3C+dEHz3S*tC++baXT?*XvCkZEj4$xBz1q^_heTk2VhMw(qYC4NKf+;#t7R_jO#&tNy=EP-Qtv}`kr zRuWvYs9*8atwA7z+eGD)?R?t(ebq~JsnKO?%pysdUvF@5uCZHvd1 zZ+E<$(~Y)DJuD;J9~yFI41t>?et0u3TtVd35pC<92PI*iD&R%1vgO!4-Z_%fLwwPW zSS8677oVZ5QRIPZs>r^Z79-J{s`1nLbbV;eozCm`EKKM(lIBq>BQ1q+eSBbh3>=~v zR?9N45MthQm6o2t=3SyNkn_NC$&akjZRbcmkc4X8__(1pd!@GNxJwry4nI#K&7_m2~;6NbEtwSI6k%Lv^cSf+ezkis|g zpc29L;2vZ|mRz^JYiHK!mO+1nXHmKy`GU&)r}_D!tZ>CWiGDKyH;G7){I&m9;_-D; zH1W2;UYTsva>S%pop1hJ-?N#+it&dJoA>vxxHxJmOJ6iFjSxKnNrte(&k_Px_I6kZ zXe_m|yF9QsV z!0%0Is}^i5$`L^EVD|*4ZV2~>^q|^c2+OsN@xzZAx@*08Ot*COcMEREKMGygF$1tC zP4mOeSc)a-1EB_|8INAh$>Aal(;9*qqoZOb?lw=B%LTjdI@OaM&jv)7$fTGf!KxQm z`YT*la>59Q%N*ftAjCKXU+4ec+RS&#+{YuJ5H%{{2B>k$&8mD zF?gRg8oHA7{a67{URjEyY0?HU=&sQOGq~A|w$Ue#!!EMp^rk!i%t+_GZ~7c>$J9#| z3_#hVO{;0qJI6VkWs7*gI8 zr5EQuV>=tj%6HvifDGVI4(BR+&~sZWUy8zz?g{i*WEV8XwxPQ+N=Gr;?$S)^hF9(2 zLh6wRS99V8_-4V|DJQ?=@Rl)KwEKBic1yM0e{~3V^8Xpw^$=u6%3ZMwW_#Bg1YW%3 zx8k<3t7=bQm2%?dnN z=GV_|hfNmmb4xJrHCrYZ4HsuuQF%-unV{O4UUV$v4B7?oQXoNZ5S(+qtbj$nHoFn@ zGWN@R^5V0zt;}u?O7@@0)W12hQCFWvSc(VOHaaSZ-bMazI+saCxWopW0@;r2;fd&a zkYn@gA_i*+ZgFQP8C~qG%w$*w9IzrwmWm%zGxN|2vAF93^Ylb`+c$r^Eqjh0 zVe#yeFK;weWNQ0^WV&OYBv?zmFVwRZrvr*@%z8IXW*l%?0Z1=~Yv zf-@x}v38~nW-9Wx3v?G?6O-51yAR+y3V}(8l3-~cOa#3w^`)uoHvR55W zKg+!2p;W)WYDuzzsH84yq9i+CgCzf%#-i=ko*_iT7z71o1G`pYc$Oi(p0Y?L(%NA! zn04>${_kuhPKTO@^EJ@Zxd{y)e|V-c#((f>668Dq=79~aj7I6GQ+x?;kV0(=TPSvl z2)3mJm(!v=aGCTtW$6UTU0K}+XCEv-*!}g`_Yl##gxibLwpxZp z9s{3T*o{_;3is(PnVb}cJ(bn?*z(Y@_w`b05fAtuwOFMpETd*YE9hvr9qtdEFhyhv zZUs*K6>@?-AG^otP_PkvE#sY}fA$WzP3kZu&1z6D@SKZrHX@r^``h09HuWt$@RM6Z z2EV{(TZ~|Zr?Z<&eBEmE`-)d8Ke*XBZpA)K&rlHi)davftlCC66G002TdT4Nd(I%~amYq!s+mU0ghdv%)&H4E*o z2qq>@!1aqaj(IVHcw%lnd(A_|j(HNK>RF7l;3D8ab+vz}lSePT%)wmFo0OZ}XOejlQQ(~pARS{BpCxyB*g zpnMxh{&j)C^ep?b7s;Pv#@_Zk9c9%qi|LFPTyTuOZ1zfibR3vGBi)k{b=0X*+NuPe zE-L{`;V->a7gKNvc82DxC8s~9nOz@Cn8qz1=^1k7a_nE^>m2v91_t43R->rux|v8N z#0iqwUdQonInMsP+n)F}^M_w2<=!mbbLDZBQyy(oUybY$bO9+JvsXVI=>bFs4F1z> zBL3k``d=<<=PRx{1vkutc^#PJBY}I%e6gG(jToY|<1-8J{h}*rDd)~*bJpzZc(&+E zTPXn-SaqXFmP>emSJ=r0G+9vU86f--mkthAk$to!DXRY7F|z8gbmC`4tp5kW;%4{S zy};oBbcSBq7w(MAS3gJ0o|}6Z+1Tk*Fdz3eG5b1?0rlDvvLSK|_;G_R_W-!ne-ao@ z{Gk)^M|0b3|IkVPo;SA<>)ec*wK-hSovZ=j-)6Wa}QbF!}j&&3;T~X*y#YJRd?IC3s3E| z>f>I$E57oxfbKHgnL}h4y2iD0Z*FbI{3Uj{?#J^jasBzC)|OQ4I{!SStVDr(=K%CZ zS1wSRknsLN`m24^6~ydPjb=h?2)?r2R<7f%Qwy3Dq$cm~?4#!0I$d=`^qlFcJXZ?q zxqueQWV?5v94E;4;3`yrM+r1#b1NP7S*Wm`ZHljJrHTJ1cgqZ-&kernKEM$(>Ds*9 zNLi+d`de-oebMGMzO3S@*ebk0_h>khr}YLI3fCZ^3*466@QGo0x~|2W;HUK_lKxj? z6n?ap0uFbTNpBLOhG$;JPz>>QIA`F<2w0N@%Ph^zEm1GWQ))H>mCX}!;ctD zy_dAVs#K+n_=XygF|mM5TbR=_3~`2X*JOTeWyRcW7Vq>kZ_FQDXXmRqn=aO-pG{2q z9U6ZG+k5Bhpjbc=pcbN?mqbVvqsyb=evoJyGeLa}U7dJr6dd$xBU{V#)$7}{_X9K* zzHY|0_s*xIt=)=t1g%L$Sb;F`Q!Kuw=Mc=PZB*!{b7jT~8TFxhqL%nlSH7w9?zi^- zO95I;PT=&H-Y$+lguZT*S4;JfUK6IuE|X}`nO3F13Tlb=Xf%fgift+NHFQyUQTLJ1 zbvxQFUrKod>_%!F6rG@PFpxG(LGaoV*qiH0wpPu9Vq_zq)4?{1m90__VLzh0jw{? zUxzsHR%?B*Z1S8akmr5+f&0>;%fnQ`N0n2+*yRkxm;l=8!>_NfC*+6ZcM7v7h<*G} zO#L*cotak0ZPg!S36PH=AbAmv>`F!ud`!R2aaD(zAlCtn$pCnzeGxk9wr-2AFVz;f z?TpGzb}YLF-898zGGlh@z7S%A^*ZXm-YPoMrH*XX9w0;d* zbwLZBq`3pyIw7=ASh~E{M#{^mMMgw9;RA`bXlj0|`ifGVjsod)zI)EO1a)-v(_`5W zm%_f+&Oo8QENY+SmANFV_xd?Ht5y*|sEI%lM8@RM6OaiAO^T-m9@f`e-QV0fH~!dz z^?)U&!BFHX+x}^b1feu; zfecnVD^*Rl#$W3*i|5zP4nM!S`I%ybEvN6jdipSeV(P?RRIuq?_hq55b2rg?zF4YQ zVxOtQ?8GTfHZOn~f-oah5?!gE;4%b-4t@}`dhj)?&NjBILkQt%|Cp4DUn2G|<~(J? zv0^X3$KAG{?%^UcoVcz_K3MMSNMeEW;%nS&d5l7eA$Oqa?_KbFZBtN`tWjJH^94i4 zfC_`_!Kp)wUvwXS#C$IMSGxmN2)8>3p9~9p@D09H15^z*4{eTG0*?@IPw|~5`}sgu zA)()V2cQo0oCl3h4iJNYvjX&G6xoW#edANoj>+c`6i}~W0!lprLJAOIGLRV!fyYw| z?|i1)>hrQ**M;}>JDi}V1A_UC)Xd+Nb2Bt1FZ>`)>T+*Ct`$lg4 zvY?G^nY0W@A&Zc%pk0EM=Fq)aueZ{V{bsBJvbr@oM}mX#zsr3JZ66KXHfE ztDaBgEq}4z3rM={0|Jimzm#H@*jjCZ@P|D#P)%azB5?#%dz<*JRQjpYfupmtzS|(f z*?cVc<80IQ#8;3V#I2C0zC^Iez za@9P$`IXLdcKz2#tOFn(50}F2%_?Bmn(%VBNXogJhs}3s;$L1rsGZJI&v93BJ$3Kk zHtUU)-fw(1XI|Y^?pRo(X#$LSBy10t^Zp~adnw_?$1kNDDoNGDzJ)Q0kLo3kQVLG) zaAZrJQdEW~huz6xqH5%2l}d{iQ!1%-o@mz+nhNX@Z0jKb+=UWmQI^Sw`;~o@D9NX| z8Z;^r6W1eaYRf64Nh5@NDjb+}q1a)72~~YjS2sx?7vh04A-br8xJmgBR0sA)8Q(X> z4ds?8cUS4f8?tWms&b!3ER*s(0J2<9=s3mw!$$M(toq*#lRJ_vF?Ju9Un|gsv=8fI zp(jal?bDUc%at4(FHW~Ms^}KZb-5&3UA}PkHmjZq#J13K>~oX9juEMaEM^ZY#RXGb zN!M25_97P*0r;V0)Rnn0{K$Z=Mj}hGtiuYXl@hDq$<88<0t^D)Y}1%XQ4dKkaVESF z*i!GJ)GfZK;JLtcK4<>&42|CMe1{}>4Se}$s0 zlvg};4y^EAUkWzHjvB0*omX4Ac3IkN9{cGIa^_#S-Y>!adt&S+J+5-r4lCEK^b$qC z2L}$wbeSv)vC#GHjb?*xOFOth~NMw>=AQrDhNBH_oBgD?irlg`vcCxDX>be54?< z8Yyv!?AxX1I*DzrubnGrDGDlj;L-TQIy&>~b^8np=_K(iL)k@$CrC2Q~}uJcnS^& zg31gr1`pj4!>j676BHLCiY}rwvi-I1^ZI!tk96APa)_opOcMdU_&lOK@hdg%a0wO!BHp+Ah(y9-;n(#sY?(3R18rUg1d z%2-BqFWe%M@kPCZ#v;h@U&G>dcK^~9W`nMwIXa$P|xT2WSWq~BP zvn$pl3L#2(lOx#{1T^b{n==8+m=gCh1K0uqL9MPq?p(*^<;IT6*{kxODj%(arGR~z z!6k8Rd9oJV8!r&!Cjq~OTaO~k@E`X_kk5MVGujN?7JP@Zyfu1{N`*gj zkn!cu{Gy#F5HnA+9i}(0$cP8uRUDZ#doC^UOGw)aOfVr@kTP*ezzt$huVj+>g6c*^ z2s>ou8@0e37B{V(>Q%0fN4gp5UI1N$40w;QJPHRJ{rvFYvC{#hi->Aq>_&;fUMNC4 z9mGf$*z&8+Ay09Femi=0qz-dQy;P9~%d-YaZr594T%XZ_@0`o~Xx1nV0xh*BUxS zP%MaVR}&J^xDyhUlzX|XPJL?S2HqgMbGhdtykIRb*8U@N*76{ zA8E5X8l<|%xTNT2{wVx>hp?kdi14_W4src{N+93-B>|q>Mk!6*DRi+XOB`*{*MUk| ztc+iWk@~(3D9G`0JJ*0AuUu>`^fL+BV`bi7;1Kc&1F0=tRQm)kE(~%S5Ty|WCMx+r zoj@Ssfh&`}C`Kf7h1-$~J{?_P;!*Sz^tAr)2n z*O&W`v#~wvJ4(KUjJ|XvcP&+eBg!XAT%fT5c6XnKXKK_}IbdJWd{-KCNoruN?QLF^ z*5)^91Psv)K1q|ONRX6Qkj#|ZW8i9kdxvA3hXS$=^Zlsm%R3+WC8%0)leeBw*xp2z z>vld~0aw%onX>~rUN(wn9?}(-WY;wPqpF&0Uq*Yruu)IMqcnsHVgd)^(W>!Ia`X)7 z+r=L@HNC5joR>kf>wO3*YFs6PiF7;-W+Q!43|O(9I5lx2ko#UJ6TGiJ)q?qarj%ou z4ZRn}raAtayFgU49fW{MP7{aa{kA=p@ao zvU{Z3=<{v{n013_f`~gf{Kvu%EME$gFN}L#uxWe5aI)$LD&H;dLrY6MU^jOi2v+};z&>9b&Yq#G z$3biguJozIL(y>n*SV^v^0+A>&u2vcd~ZEqP5QO+G(hJ7vb@WVlnu#z8FT`M#4$wA zm=AyOm{GCSRcu6&3Bx`--rh93c!l(n`gczpx^^f#v~x1L5f>3iEQAu}5StE=Q1B z(8hq7-2(25Vk9a!cT-j^oH)j1~J2~rynG8D*+8ngyx1R0mBo2cWcvol;D+TYj~=r^?W!!cihO~Stf2^}nj0gm?W z;5jlef#A4-5dJ((6DJ+m3RoR~Z3%O!t26X^5;3lkbLDmnF z>Oih*4(UcUUtvu8g^F$V$^>-*Vu1J`pVegDQ+}KYeHD;`=VeyPI*b6`SZE`!sJ>+q3+bq^$(jYhde=2b&J>5bRocomd~stITM&oZTW z2XHb`3-U_mm7k;DTY_pJ-62ro$p+HtlKEQ&uz_>VZ)``k&AMgdEK`r9+;fAZsN2>j zUUHUo1>RH`%_ChQo5Al>Q~aS};#cvj8Ik@F){jYyQD0lbUR&3Fc2Q#8W9#Y6&npPF zex(=krGbxXnU_)LR7I-7Edgal-C+`f&KfQ{(Z=&roTvI*Pjr(;#?8hv`bD)pf21%E~n3Ds#um>m?)B~Ig|dN0bJ z4hT;Y4U>ykN&ea$OCFCEvzonP(vOTn)|s$qxJDon?KWtmzQ>RF#^e4Xcr*1x zAuRZAUA1Y^ZR?i3#`>EhI-7ZFRnhKRDZTG-mMR#Aok1vXJhXe5(T%5DHbt*v=8Fxg?;i zOg4nG)m2Tm8s*xt=^Wmeyz72?r(Ra1>kc7b*$|^?=`V5WiB?7i{M-cc8At?f`x#&+ z+Oymuc`hd?tLh}Uv!jB2iw#<0ciytZie8=+`C^+|*$rFEIhN2wXBkJC!h>+!{Zl~? zXQm$9Uk|aCMyOImNkU{>iYR_5hQ^Ucv}cmji35etz<|ZZbVmbOwwbJM`6+=-trt<-bC}oy2C7xiVDmrKgw5Cv0rftlMA} z4mUNAo?Cn&cr93J}@Qs3Q= zQ)@`Qyl$06NQPcKVRGrS_VSruXiPAW{8~`4ZQRsC1f62}Uc9!dSGwj^-Fbc9K<{&J zy*Q+Li~M|BRZ3ErZx#w(TK^>(d+i@(FM@-lO4f(JpymS8FcdLsHJBi@`rnJ7Ar`M+}*c`a5c4VS&|sp56)i)tfO-3T6I_E#f9 z{kL_THc&Mt?O=>67P>vW0%F|Y?plU`7PfXuHdG#7OU!5e%o6*F-COM@P(8)-dBxs{$a z#_~B`H^pYMy3JxLnf_Q2s2QW=kGAkLCe$iQ5CLK^L-ED#uwawI{mN4vHm1LA93Be4 zKC4*wq^EnVM&pD(ETBlCsi|Bk9P*DSp-=20l@d(4Z8hh#m2gHj`Qv-EDNi|!SW&&V z_S;qW*9sz__X0(Yqf5MI{({@^X(hBfgyin)=ttG0@$M15uz_u$x{%VZBg*I;gh(3sgPR7hE~(dXuCD#lEL0)e!79eK(e%RU(SaP2D*` zjhvw0ar-eWz7sE#o>Qx6rzsCerQ|Clo_55^F>sywf-w1R*73|vKt0XOZeyb3?15a? z<@slcr4f$zo~x*M{JI(IFtvysKm^mi|DmIAJ4bQC%Y~^yqlA@+U)B;zLh_Emb(r}e z)1wobUX58Y(Cm15IZQT?C{B^87<(lyXsoufKu$v?H82K{J7b^BX4C!eV)929O^@xShI zg-aT?4SN5)?Hlx*L4W^yB&I#GmxJ#}WMwG|Rlk(jDql)bCZ*uJIv1}_DM|a)5V|Wr zc3i7fOv>R-^7{H!_4C^m@5|>_Dz}aKd{F1InvSvoI6AmTxN{q3a3yAf=s_wifn{LPJ>a=b zCa5|ps-8&XavvY&Wq(wiZ1`-z1(xRrx;hXsS)I%)nylSmN0K2wf!`1_ zB&c13n4}WB44Uc_ffe47UHQ!KMuAep7n)Mu-X33;3=KL1w*N<0TP9l6zQjTU=3)4~ zoj!ud3VTg{2&z+}~J^^bWNW#jEe_rF0Hw7h!`>L4WtJsYw$VibUJC^rZKouFEi zcFX!kLeVQHJFAI{nUab7Q{qN*e_^C`L(R3_+R0@0#TRDfv@SE#^{+=@$s=6S-pSyAFnhM$)}SN z(5|EGh)InXkT|$KA=a3G&~h>_gT}STZfj>#pusJ+n-`q@Kt;`&C|Qza#>+iq9q(GTl~p_1W0XVTE&M(g%;T6~exG>ipj0L(J%U_6#_}JZ@A0 z-d<{ztnQ)ZIZ4jY$6o9zXX_Ij@4X9|;%m_5i@EVnR>uGS-TSxit#f3)J%d|dhpjq~ z-^z|!S2uocq!+sMy>|@kptB`BpBD<20z3#5s7+|sI7R3(x~m)naLTTfLWZwJ#VTFQ z*PWo?tJK@0c1}8LaX|+5pRmZ@IeK|z8|@64)9Pzx>;T6inRPB%Yecsxqxx$bZFVXJ zd(WP4IQuB;{u#r%&L%ShipQ_x*s-Z+4~u?SMYKwh{V1|{1qu%y-L=H-VLDqo-E0z< zVYyDVvyhM{Y0-2CO~@X9=<Z~9kX}L&5EM{p(vjYzcNC;cXi1PNfrJtw3Gvy#=hc}r=bm%_ z?|IIdJ)0MqVJ6vg?RBlSuJ!$VIm%?c&9bkzsYCI&NvdGFjl;r@<#SI#IAIC3G+2L6 z`MT(BNxxPb8-D?7;mBJOmGc9<2VRJ}kT}QbYS9-E3~w_`qABg?m>;I1JqE*{(TWp6 zGL{3Q_XTRWu&p8Vi>RdSvE28ae5-9HpYH0z${uD=g~mhTnlpO!=>T&>Z- zUHGLDT840jnUhVaKdIdZ9R;MfXW6)Xy=^nZ40?YxFYnfJ{_Onx<+bldWXaxaR4j3b z$e8&H5Frokc0D^#yPrrcWsIQgZV&Df%VYba<)ZXvI;XK+oE`wJOU#?h_Y;A&CqhAF z@b|dp)7^-_G!x`AlW$L3k?~!^T0C%}JMMtAlwVl^hXC(7!2P@Oh`tKnhcboM+;Vfq zwN6BSmrgb+G>~fgZ4tzw#fSl-7%BTj_9%7Y@TnZNU99Vn`j_TmJ%7z>0Mf<-Q|}Q2 zBC*>l4_rG}9l`D~A0eGiweeor=2c=%k9?Xe74qlpbB@#5gB43^6IYm+KFN*PdiK7< z3CqIH0`nRqTA`}T?%3JdNvX+BeZSoMS>eKGsnb-@*3KUVObt$wdD`c3=1#yL-K#>Z0~#viw-Qa`GB_l;+(96Reo`L4& zaCg$n&|g+Px$}ee2yEAG1)**e9LWsJzG!)f7JCiM%kB*IS^^qU%p#NW@_DnA4R45L<8+nzrJHFN29f?x73dr@ z)?Jnse&tVSx1J)b^Q8z^qR?jyEWS;d-Gl85OOBlL<=ho4v!KA*@F2Rbkp3C#SWNdgXb^C;dZoom%0WXo zVDkeZcN!)z2v*N#RoiE36AZcYs>DNM?t|{Ps}fo_LTF#o(m4wl+1==jo$eGQn7mqJ zXZuNN?h7dkFY+{%o2^2{JWA*Nb&HMr)$zFw)m38GS+0DCX+B#sDXOTm_|;le8zpRjbsDZTR@JW=qSpyO8iShx>u$4C%pLuavX_!yEs7!`_mQcAiEj2 z2X_Aam*#1!`OhuJyIO*d&S`(ZC>g5*E#tzokj2jFNaZ_B3q+ z7#vju!hDgeO74cLAS#CJ+6*A@8R*8Tf-A(R)BfWBT@*#OaDbU zX8fy1^}=23HHU>1lC$J<8>i=Wdi}yLcbKbHeP6C{&uFQACyYT;cTnjbobIPVc}r#^ z-lcje_QkQ{X`rlU&88wR(eEkqcU|xhL+}dhj@r*UE`AyzOlz7p7J4*iH;M> z644*Q3ov8**;z>wYt0Fj-a#+Iha9A5#+H_Q>-ihDg!OqE9Q(YJ;0xyk?92T*9(K8j zuxhXpYSvD=*;!3cuCKgQ^D4I{yE{Dgt8Dh)jXdnO9{YzgjQ#q<=eET^*AS6q$)+(qs*%SOsU;N>h~dr5n=X z(_NlBxeqT1-?$~KFTTmY(Wyva@9TQGS~s-YSLyC>t*&9F!TtK4Io4=P!fV-;`a3k4 zdC(!`DGw94-GWi}v%#OWK{NPW5|CEXq4ArM$0N>l^AzptNBTB8Ts>|T4kNPKXmlB` z^FKSGruUBpN{91%0&w<1#4kV$)4>i?I15Q9_giN-GM~h#c<>4o2cyb(`ox>la#~E& zxeWPtl#VpvuLy<2=Oicq-s`J@YfLqOKrp!GhsR6X4=b5u5{QEgS+~EvWK=ZRCeMvO zR$>_Unnt)H_&v2WN%Uw4&+kh@iR5M8CHn`fVK!(60g*0L@ZF)MnTD!BrW4si01TB3 zW(@rLXv?-Bg`(n7#(41k{pr`D5ZWR9Ta+o9?4)w2kE4G9_zbQJP}IqCTY^<{u^%Bt zMp$2gm7lE%JNDP4Z|J%S7j$3Ah}X2pzHK_Xs-chVin0{tnK@pKfz}s+KD%_ZL|b{QwJosa z7Zz_)^?%GJQ2Izl6^j%p0zl&uq^KwSHUxNq4PT3>ylw4XZv%}zgFL)9>RrWT#~&4n zckhJK@_>z0ypEmg`^CFhItA&oT0E}wZ9&w%;S1>k5BH_&b%h2lT|>tPiT@JS4L{DraV+X1UA zLhtC?J7(uL44qg5f-k2C@85m-#XPQ}5hk#!MZdku*U25xj}nA|jT;EQ$#U17+ov1m z+Ea|&QVx!bt@{c0xpY`NihC;y{h)Hze)l39e^kFHuJ&qEhzU&W;(#Tbt{P82lklka z*(w%1KPdXDAvs$uO%tUiH9Z!p53z!aZdOV|0Hzb(HD-KwPe@JI^cG> zZmpPtHHB#2t_Hq7@J077e(&mr&~$q>+u4Q}cQ%w*9C}2zuWzIlMcM_W4L^C!E6Wt2 z7{NjMLr_PT4kCB}gj7h6x}7!LsSwurO}{MB`si(-`_cCOrRxf}UXL!ATJlFRE~I5K zG4o$hotR^^+ zLDsw8GMI_PXN`#@&R^lWTsnU1gLmsI9~Sv+F$=iRhYBBD>*9@Ig)w4X%P=*(l)Gwb zmJSTLzaPdLfAcL}8Xj&9ZxNL7==hMMd$CX|lAjBNG3=C~TsGasL@S#P1YlSa zzv^4hq4r0Pg`al4fE9(LBO)K5gT!x8RPr^hz@QiwDqOy63P%gNI z%ctdK@pOwO2cW*TOBfI*6+W_d3}%()N*~F+b8usho7W^8T4wz zxGhCcHG`}R55n`rO>2oQEj{)W<&PRUsM>g^*U+MtZQA#$N#GZgHVxYa$NLE{zPoXYLoPmNO< z!rNQv{H|bm^dOe5;<8CuQZ&pp0Aa^5bguz=0j^DgT;KO|!ygXWj>ncLzs|CwOI7wX z97n*MeM!6^C1S$VGwN09445H;jg-v$yU$d&99C#nn--!Qq*C;tsaG53Vx>n9p|^iU zCzuZj>v_RmNEM*|Sf%g0vHI8pfNNQ~RIZ>34du$?#alQF>D{bL4VF{6XoLP;grFMI zD}q8d^uiICWT$0t<>FX%=6jZbNhH)|RIjAXFCayaX4BL;?Ib>4qQFp8{3bH->Wk zqpum9Be~NpEu_xfO=Ygh(z*c)Hze7S?EookB1XtMa0Kq5T8zmHQ+Mz82p7^9vTI0a zp`X*EYf^+ajPzpP;aU1l!2|3l$eP;#ly~u7`3fw+4%vI>YHN}~mg;F(o$)&87s#N; z@QG4739Nnro*3~eV0Zr<{2pGvA4jhNL5sLfKb{srDKyw>q3h(;B+L3FU+Tzq3v>8I zg6e8sXP@Km_ls&bMtuDQ$GFSQ4VDjLZq zO&1(yk;D=};4?{ZNkA!c={X~1(F)&6TQn?suI% zmbERO;(Sx8sQl8#;LBfS+xeNl8xIjfh`3V(;5&m_CCT(zw#6oNn3bVO2<_=AY|65H zBk1djX>Ev;5mWF7EH(X_cn04QBmaf}Y-wEM>vQ4(tOuRjnF)EC$QYMk*Z?ReJ|*>~xN_ zv*XQL9U*hSYGyR}VDmbg-+uh_=-XRQWuM7MyfTBnn_m?I+!)Tmt-b($sV|gzMa2p1 z$#SgoF^!2gLwrkZLm%LRh{F^6&IXs07d^dwTMs+2eA84efOEH81P}d6I!{<~4~t%& zi-hYJdZM`f`-HQ8-+uKeQ<^HzpG0HjCf#?A(RhzfE0GjH@WKG@EbqK+_qzo@&r19_ z76`1^;22}i4q~Ez!)(S<&2)KQHe8f7Of%y7c0q$$aznww#F}savh0vv{hWr-S~BE* ztzGzKo{lfNDoIa`;wEF?DKRew{NlYeVe)VQU|E5m)m)$`HJ^Qy58P*Bzj)6ZkbT0Q z$c@azyz{F+Nq_uHPX>i~D~@`3HZS|A%e8lN>x}2ns((KYET{ryhTT0R2IFV*O9R%p zW7ZqJU0sa91`YY#IZ`bNx9RrAYYyJd&fb3?BW=;q*Nxz#-hs)it;FL&YyB(2bFqmH zzblr7EPj|;d7pMQjIrBBj0Pr)vv`>QFJgxGi#F#WkEK%g8>)Y46~GkZ(N~Nbt7Yf zr42Vl3v^(=0YdnyDBNK#f;D1-V+#et2lCdD-u2%(HB`Pa0nc~&T2*PrWe=2Z*NdDL z*Ht5N(}yetZj(?6iYRGqt&8-a1B#Dbo6Udcge_q5sHm1NEc_D%nP~_{FG<`tD%2aW z=-DyE1Rt*FUj&@0pHjT0jQ+ixYJ+bG}!cYpcZgff?7ZF0*rUl zoMepg!%lFGT(=}j%Qu6kgw)t+OhH?>Z8)VkAPwb@ii2q1nS z39W(8%M2MInY=oM37w7JA4b~*AM1paEZe7Z&Wv&!UU;z~ZJm07QtAQzs9Y>`&QUkw zISjm}kAo7j0c<0e20I=FzUaZ*$xJXQD-{W_j10c#eQ|=dxYAG04*r*>EhP6Y(}l5@ zrLu! zB?D0`1$k=@j&I5>c!ICf*vgm zd2toLm0#O1gY6R!M1elVkZ2S}^PX{Qikvp=$_l6p_o{T%B9qH8)u*Gd_06V8p&YsV zHvi+Zi=R4mNM8tx*sC+}OZYMLc+>?Lc}Vd2oPfqZ>AGGYw}(HBN&j;Hr_;0b=4%?v zn_oA3o4~KNu2TYmu0d2^7gLw}ts_nI#lauTBIo-B>HNDt9gNVWFFx*5cu@AoM*COI z%Gk5pB9WV@8LMto_8=6+0@yD43Ipn5ksu71&4xsaZqE1Rs61TtR8y?ra!R-XZx3>j z{a%}@TI;&p2pF>RQ-46YBQ8BiVQThjG!6VwPRp zdP}BLJ`+hHa&PIifGh+RBxn8aqN3a;)sr3I&u8IIr6ev0vwIliHN~dPgSFB#_;5_R z*RGAJ>QkhuWT4;rdRpA_hPZvZ_56q509Lyb41YxWh=tHZOn^RYovOVmF%t3Z7Zp#i zp-z_7F3ruQ{R0`}$KD-#znOLrTjM$qu)7Skm_8DbJ$XF4Vdo`sXT`3)>@C+9opXF? z!!++@BVly2K*zCAn@|&5sbPf)@1If5GvV~}2;z6KdFqpNKH71*g`rbnDnb#URzlgd zQ~{I9))E_!&O3O8*qVXg+b-h;2)A%Y<*bt%p|9Ka&Tl-NmW4@u>ccnpckyj8(carOefE#fOZgkbJ-;wCp^iLHf8fribzE*-<}vbFK7HPl zWixTy&PgIZSKO~dKX1VQ=6fd|2!}5H~4f;A438b;x zC!>5%>wp*eQhWLNW|?%G`#6LQVIzaA^PL=G+lToc-WPn@-^teT&LDqhG^9D|p4#DV zWT55JiB8*a(KV6Jk0`yHJDEHOi~|LU1$+vfSFI^@Bo>ciwfMrRdE5EMuinmgB66H@ z>w{&&|Flnlj?9^8Qkbq!He;Xz6NznVg92LT;4d1d+-CO!o96;qL+;v0Hgq*bHyLw( zxo;%3<-bI89ZGmPOaZz`Tz!&uo2A|-ys>1o0a1~C1u4~AzKg71RQ&tFEVZ0t3)_a$C?Wo zw3_k$(y7X>~cgd9*X12hB8x( z*AQac-o?Ki81mO3^9{fKFT5LOvf$u#I{5ajy!|bvPO+Ooi|WzWc-5*5!Z!29Wz2bB zI>de1qbqAd-xU@b5pL4RZ&K&yqcQI}8ElnVkX>MGF;QBPLjWhimC!#M{&W~eWHFbo z_LbOVTl%UVpl_yJZnUFs$~R#Y&i%s+0R-QcE9_uCx9N@>r*{|sbs~tdkZ1UyjO%nf z+lOfAA97|;w|$rA08@Da!$f}p1C^g*gkLXee!fKN(wo6mPK+rhrP_m2gZF4peD{ zG~`w{m;Ou~w#3o~1#z=VK_+JmMh&zYH?VbWGmqSOONzs9weK`Ll>grUvER3$T;8f% z%3D>G*$@uS%W(o4+&|z#AMJsi|0LeA#Jc?JK>w>8C(9=wcn4Ej4eh9TA^B&ck`u4=BP+<-nMPf+_cUo!uLT?#t-$qfePTSDfe zt$2J{gw5^y3OPmTNl*7{Dk#^hT^`>2RddyrV3s&(-?V72$+t7{>2pm6g&A-U?uw<} zT%-t+I!@(_92^`%P9&DR#CdssbxO#5p|miLf}E_p4bFj_qm-bK7sPkI}V z^?J8#bl;b42wUZ-!V=h=YCrOsE)kw)U^4T%X^K1YIlBhIe7N|6O1VX@iExwM;Wf`( zueL=(ZQ*;pAdiQo3^V)dt_>bF@?FsrU$53A2KvSU)~(>d;F%5^ydPZi6G?As$Ikxd zaYL?Ao>|rSe8!1mriAM-e-E8gzCn8cS(lW4NDL?VB0o$!PHDKHe;4dlnfC@MF7_d~ z@k5u*y8M!}?pn#Eb|*C{K57Z)F8c8ParLLEuz@k%?~C>#HExA7UK)KZtqn8JP{C7% zp13p69`cKOP24(R73b)O{@khX(}OB#%x^1S3b-)rCaQZXZez}8D<)md%aG^bY!H4@ z`!k{%&zICN5$C`=l1#|Lq}3WMC0%$g>}(~kCR-5`+wkU1=I$T+ zT{3vPbTW_s!DwFSfz)*4>}+*=&CaI1F1OX&u>TD^_)j1S4)?HN&a*`7C3aFJxE=vq z;0=MzzckK&$cP272ifEWrGso$WA)z)zE#p8XCX(3`K1R$&9H!ls5DW<9_ ziO`LJNvC8ZC9w~5^PBsz5!WJqb_pJ_Oe7*0cj4DQ!3@_6sGMh#&;-n}h$U)yL1Q8R z%EG1lqjzbBThVzfnIHAm!1vs1A|vD@rlGuWNjw;{+V8E!I09mqT*I*ZC4;cb@I$YdenSwIHrhB1_5kjp72_`4C zc~kx4c5E8ap?(b<0%3>xKp|i;38jb202q4XwJucY0OEp*P`EoqOlT)dRHWS?N4jN3 zS?S!0%vnc@ zzHC8^2IM1bqK^oGc?VF?ZQCM{pNIdeOqcl68*Dr;wa|i;HBvklvFIT73V1kCYZdIw zk6{Qa{MpuwhT79?j-6cZ=;Mmg_g7vFPc1TQj1;>1ec?afUIOI#LsldnGB;diPUE(V zTSyftMovL{`ki^&r)gYiyCHODL0|$Q@<{ zxw{R-ZHb02i~{CcZ0i?q3!GOu80z~DAvR8GAc{Spmv9|w*i~k);AunoFPLwr&Wt-( z0}r{@rzavG;GlB$6D#U|F@M4_yg(HRv~OJ~#tFuVJ}63+0Q068UHwup(l-5#lYgz= z_)mfv!=w6iwZkN{kx`~KXxukO;;u1;UQ4IfuJ z2mM0h*^GSnwBF!-krXik!|KB}d~mU7DQ|MwWA~Hqf^C2Jh#w!+=IyjPv$aY}<}+9K zc3lI$O9*fh*TWu*;4aNwvG?jn%@0g)*^t8fh@oEJO^yreF2t1!WU0796(4YXcu5;< z;roeVMu=S#>*6vic* zoi)|^{l%mx=m!;fRhDP~vUKB9!d068;66VL*T;gtAbK5v0w9*?3tVoLJ`LcUqX6tn zmcfBNCc3fqHh zm)4n@B2GKoe-6KGei{YvEMP7u*T7~6{cI`6nl=>GXJZucK1^6^BHFGs}4NRcCuoJH%7%A$ckUoqh#gDqw`QbYa!bN}E6-E~ zT0cONU;LkhG6yew0kMpr2H1Rf7VuE6&UoVr@o?XAYgjN&!Z~Zr^v5?ASia*^Df=p^ z9GWNIzu!lt0b941n$4W@D!cm$idugMwSDT{FrOVzEB!Q*PSN1kRjFtTnU@eAg8Y9N z?`m%TPl8n8qh;WSZ~niAz?GWs%j#<>HFyy5DhW~v^B*1Gwqw7LBFahGLaGPakZ3oc?B% z4bfs&YJ@k2fMK{n{^yPXJFrH%JK;d%RsKWz!3+rElMXWC@XM5cxo6s!ma1gsbx`pi z1v9Ji|3P%(xD(+R@ViV)4h~Ml20|I7X0-`{D8JcdjOuhi@d?!xPD-CDta#kLws8r=|UCAR5M)Lh*AWn*;1I z{lvma1$n@V#Ac{sCoC^7JKOKdCk0z(OM$ohcIH+f0g=#K8tl3MgBa$N0qi0>13ZN6 z1g#qsCz2Z8$#5=0a=`-yOeO5|dp4cw#eUfK3*|N4;Y0u7Js5UzlIZ8oab}}^CXot; z!M^^dG0X^9(?10N9Ae#Yns_7zl2{3+#~P8_ksPZ<{v~-OHs8YmL#N=vVF`1Nn_JAw zDSkCO(+!AUoL8bzSlTJd+8C()>XkWj};4~saTayKM zte`G9Tqmr2ErzR3!&T5VEL%wubu(~1+r2gG7e#;4s_O55(Keu}SXqd_Z~6t{BghPX z4+n5cc7!mffQ`*hVALZWN(#3$)?C=#$e+Y$1qvnJNbW72yZgY#8S#IqW zW}jbQ{6PMC4LV^5jrJ`U@dMh5WBg{kmJ$i@)x8+OMo}eM6x(@;f(aY( zjtuG9>(SB0U-RCu2LuIt$s8R_PA#nFKWz5$B`FLPH2OwqNxOHllLiX6MM3!0I7=4@ z2gw$-4z8<~H138dL}pwsZezTS*5*wQEFc>h~g$oww(Y5OFIkr0imwZ7?TQ z(9TfqU}4W&m3Zw*x|h-C^ItNY6JFM3OunJCCtL7>_fqu$Mwa?{$|7DYNw>D)()%hA1@5OJ$IlZ-#yZbMpJfBF*_}D(grNTyD zh04WYw5lI4F8`q%t|U`YQB8tZKs1NvPds`832rLw2ft!mtBIA<5b`c@ zZgObd&x_!P?ls@lSCL(f*$JJT zhUEJsNr3;3ME?eP1aW@wl-O8%)cU1vbm`kPQvPOkie9{xNE7=!uVbryicFN`--QF|~O%`D^sM+{K>(RR3DIbt6 zVSTw^QN4n^#Ud+TFm6pq>qd*`#AH|!p5gjOlVd$e56#;H@bHfm`?HS`yc93IRWC49 zWF^WsAGjYUu?J$o(O+rKA3c~;d66#lfgwI;mT!H`Ef~{KhSj)MPU^Z#Y9vFwI%zq& z;sS>?)Wb`M`~-4uyEfIfXOCSK@OQpo>VI2&n&=pCRFXhq!7AYFv0m&8`aNJ?IHRvu z=$e?&Sjl#iWv5~Or83q1rceF+T%UhDNX+_U_;?PP(&e$rU9d2ZDNX4VEq;@)2uxQN zx)V*m3*@3ezbmUYhXt&Q%m)d_=(>&UddGmhQP74$V(uzVJ!p+pp+}7F$Q#Jv(#LSN z$iyJxp`5w);sXvl?G30J|FbslXQ?;18~y*%&}u2eA+r%Oun9C|5O!pTyaY2JUwqg! zt1KyjT3J}4A14+4NjE_K!`gdbuy_y~@V`5CwxB~KFsbx~>=5xIU-$<+5Q)(|-*>}P zORrFQ?rxMEa$EI?%8~lW2Bat=k`UWn@LH8B8nb9H z-LQB(+xT|-TB(qkK?oZ zBNRGE-RH77k-4|z%&1c~ahP1iQqW69s=fcs$EQ;Xq(1b-AULsURp=P8u(^gL@_wwe z+lqott0dDIaz9)Q9b?heF!!&cEXJIB$#I6ZK<2 z9l}n;sG(w#D?R2+#=QLyPG24k4t;lD3wd50;oWW%qemaG!T><&amAJHotH?Ja&Q6c zJ}WF9cclYQeLcZ?mY2N3MymFawia}^=nAU>U3F}5c6mbtPDWn>XJqhaq%p!BaQrE_ zoBd^$;4|ut8RhwT6*-74TObZ(WaXZ@@Khb8|At-+M88yUZS~D4DTshr14mJBZvUk@ z2SC{qUx@DQ_Y*_-@&yPCFVl6sgP&yW%jpVSm9;)y%d(7jWnd6N!zZJ6g=FhXK(e9VU&p#Z0Bl!}# zh@B)d=FC!ob~}O#Us8ttT^5+^zh=RwG=!+s#&rt)V~k~*y3y$vaCv3T<9zDBg@4f- zt4+CmoC`sIjc7NerD^Mtr5ctMjWr1D60rVbtPFKYKrcQP@?G&s&dKL$bz5jjYNFK? z!+DS`VMugA9Gu+^?Jm~{68bsbidA#B4Nknr$BUOr!?`SOG*o}YKi9@0-GGhZ#l9}Q zmB6ybnBd*z4vv8`!WriL?S2!pQJZmYS>W5Bro87*SUE4A`*R?b7Sr>qT7CZZ8Y`4I zN^na##(^+R?=Us=Fz7#yJXwWU#rY7yKAgmQ;SL3TVeEag_+8WzO7o49am9-qIrve&A(XSQh2frHL8if7HRq^*dkn=q zf3^V_@mW)Z1WcEzOp-Lgr{rPAKEE@a)KK^=-QSi+eXlr~BcsPzIju*FyjUJ`F}kKI zf(dRh4V;@?|94n)S$4TfV$OS^xGA8eCx9;bBEhG7iOc#Y=!wr`RR+KNrtb1#jsHcF z_}?uAvCkE~{+k=-5IOlsrE)IubgQGQX5d@MZH03raD(S zRL9|1-Y(HfRKP2X{6RG}Lx`W_e`$#21io%{5fHi?-x>AEUCnAzdOwZ}8`@|$;^q}= zJtqy~=B!MJt~GrA?`c6V=>^$Rdb0<>66=x*3RRP_VlgLbw$S*73iAtjcYl_DXp+Yr zn2eXddy9LP{OyDKwTJaTxRGBfkOU;M<1(5lupPTmqFaBhYCIFY`6GRv{1n1iZl7!xnAhnc8hn$O#{SL9Z#yr# zE6BQ_Nq+#u&P$;ssT0C`gCDNit-$vCP6zU$9Np5UP(+<)!TaZocbwEiSeKRVmR14o z-2X0sHE2Q?Ag}7iDNbYO2fW0Xe`{T^OAMNCNM@GjGn?|>doKq~IYK z+BHr*#WPhcF1hS0b;8`%qFLDY8EeJwNFB-dPPtnuAnBQ--&MEQv*_Dm3@+A!v#&qZ zm9-Jdt5(X?M5^FRUq|o(K5SOFfKOXgL9dbMlh+Cg)qB2swmTbG%$_|TXTNUz(SpB#OPKQc2mstx-eOmHAy{jYcRCF2NU{Nz8PF zRM~lOEb&_Z)1Gg5|6+4Cx961BQWEZA64K1F;}U_f2f=w%GS|UbvFJ&3r#?oW7n$s& zU6i=NmK^n7F)HCtLC+n%JOUr_Gbs@Z;nEQ~C5g`8pHhaE>PQ7|?5JgV@YqShg5au3 zvC4JZcMyFDpvL+K!m2A0jqDdWM^IrgFqKkt@F165qJMnVKaN(MtupLO^|s3`7e*aJ zvI|?p`!05{TvhnzS-5>i$kVrwtcK10Ey}c9Dy5^X`RwFy3_?*HxLjjj({zLC$o(f%L z5-ssdd)Vu^Y<&n)&IoRpHeOM^KVmoWV*1BnUB^brm9}DetH8zkC(*fa>_6U|tL+dW>|@ybS$)8)B=!ER)BNJ=zOr^h!lMI{0#4bAwx_BFaFr~i@^1DbPen8||I$R+L8YCY zS=>>5xOY(PEp3R&aN_o^eqGjgj*Xp;bFRUI2Jr5r?brEBBdJ&Qm&RxHRKCq|s`V}S zm-}oN4mi5joqur0>Yvjvh2aqvU2aP!z&hvU|Kn{om;NT`1N+~}|G#C#JVxd-4QFBy zVAj|!uIf5Y!lN|bm08&A!m@;QQs5 z32>Kzb1vF0>ecpLl;yg$rqgI)p?#s8fkv3t(yLG`g}8U4RMggwWaWeFtU5+~GU%g^ zB3>K!&GlcVCf3>W?JNRMz2mR}luFnrK1;(G;qH;0$md575LhQ7v?)}mSQn7|MRi34 z2d)K&TS09EkMpZOdnlpY!;nPd-FF%l6PM-TRn;sJ+rySiA8Is}@@LJKA48nP{(I8I zPViarrvwBlo9LC`Y{OYYG0uF#FLvZ*@?n0FH#n?8u&FR40xNA<(&3-WN=_+k!eGy~3@Xg2n|TEgbXjyvn8A2h!2Li3L0K zW?Y9AnjO_=Fsq#GvuM@PG1(Z@GMhhbJ>{zY0hSz}&3tOufFA?=f3)t0YExK8_z^C7~4j)B2POH`j#(wh> zQ;mMD=w)-M|C1!`^PbCKY0+PSB6HTj{I2nBOc$V(e#;=+2S~ zpU7T!8S8JN7Bdlc3~m=$gh5Z-j!r*@dxc6H#Y^aAUEd8hwF#JK{5;X96?mfKv?2C$ z8Z#8H#TPM=FADs?B)RYT&4DLjdAKr-#jm^jvU=Lxde#ZPIw#QQIEMnlj2jx+FAmyMwd&$$&%8U-*fIn4@~R9vZQe+|@|H|lag`Uj zI~Fa#6e?Cf%O4}1R`SS9l189gC{Bb{(}3rG_!g@e2YCs8Jga-$6s+>bCKvlS|iJ?E_xv7BF=mIUY>sT zD;H#0+y1J^pw>0l#x+JI)c#!nmw!M0W;aM5 zP6iGiFXG&K+v;qL1H3+aG?)7Km(XQ!eSBOi>Fz3PusBgj{dOW)JXc1DA~q5>-i2V! zKm!MT0VSyAUfroJTb}yz#|>Ut-@edB4_#5T@~`_sURX;prHiZPjuDD^u77XB5At#R z?A#DGB?=hE<{*s_5LDhF981ke@m2&+D+s;Hcows_cWdbhP^>#NaE!2wn_T$tlqW`O z2k?FKp!j*q0D|1C<2(pD^H*-=zO&^DYdQaZV zZS$ZQQp%{>`+4Bw(>O%Mdd$JUMyq7l*D*ZeI1Szxo@K( zmrg>;SqCDvNFem>2!6OUKD&>c!)uq!ZrIe=8c42s{`uknVnLC2s4?tG!p+NXBx0Y? zK4a}?dzs(DeQKWGn9d@`NP1&S3LviY=KiX3b0UC%b78H#;004uX7OZ5q}mq0_W3o* z>!Wwl3ZzH~0ti^u7dz?fBgRn8Kv&kDqBFhQD932bYa5`2{LIpN#oCwmIN_hBQE3J% zI2-f0AB`?7y28) z9SB(xKywchU@NJzT7j_W!t3xfvBEaU}n;T7b=ezmyyB}L?slCbJ zfOPxa>W>S*oML4^D3(3J%)USpZT_v|9Wmf|p!3Bl>;a4kWR@>`-H}iG93?ttAmLXk zJ$RvR-%b2T{YKxu-w9|)IQl_crRm<|B=jlr9;9S5;$1Xy!boAU5RKb>y$6>Ax>UMf ze{?u<``hm1UuvD)lOOoD;Cz5)P)nZDN$&I#-xQEcj~Ktx^pUJY9kJ~~Ql+*|tFp4$ zD#EL*-OYwJp+7xB4s}I3grtHN55HtKXQHZYY6GAjaNH)pK@!;ya8GGL`7N6D5OEG2 z0mjcCM{GyvkvTxJ=}&Nrrt-q9)@1tjFWAEpb!HrT$+lnI?SqVrc@HjwCWK{wD)tvK znA_+)G5jeII|O(W4nban8^L{KXiNd!(eHg;_`Mm0-FHT?qY+%mq{Fqzja;vs!sMq9 zx!P{(y9hPkr1b||?q(a~pT5(P?gp0!3H#|@*p27mlfr19mq~{m zD_<*~HgzX_*I&zyZkR|BwCXn84bqzrdU3`0sZc``BgES2P_ah-tfwn*Y4=)sMSH;0 zE_H;*J}SJsfTL6Ham2(5h#)c%MHPWXtY-{_{IGj$6kcU-cWb${TW&3_@FkdSkLD?} zz=co3UBr(>Fi}DqW{!{oB&j89lue(L^6$#UKS{(Y582Cc z`&LZF3*2bcQ1OUQ4+U>6XD;*PFv}W@n8R*qwiM=gd!HNX5v#`y*5HMRa6;D*BC*Z* zxVjJvm^Tuti;L~6o zzzUn`$F+bKif|)Vf6kHC%{@x^t=bpwN-MvI?XI?6x=eIW4p_PW9Dj`*+5q?aCTfYC z)pfW5uMEbwNB8S21zbdmndtAlHkUu@ub5@U;Kcn%PooB%her$^L zBA4tr!`_z+5Gle^t{+X3s7_&Cpe;ReToXJG#mO))(S}R*1KH?scm7mATh6 za=fYOl@l8LviUT2s0Q`0zpLSEeqM+Z`m0*sBn;BW$5;DS?BPQ|tlyd}w82@iPm>lY zbzVJlHsUWZDUx%4mjkGyBrlL4#6dcW_E~tNdVuB!{Dd( z2UqCv%?X8*J{^XoB!&JPp1CU-E})@+fI=Qn$gj|6)h?#okwrY_-`E+!;zmwn8d$UG z5BN=dcF!Fku8AP*+GAveatABS#b-02jv&3^yL-+Gg}iQdQY8Q1X>##3@weMUSp9#)(jc z`1K9!QA56#J4DU&2qMl8b^TH7;#{M?Zb2OV6LdVwy{!G^&ox4}ZNURPVt3z*z-Kkz z0FG*o;H`&pF1yQVxYSrdUN7nf5_hITO@cAn(lG~x{xJ^hm^$i27k)vE$&TnZsUX*( z+1!6_)2@YY#j*mXynRw>95JXzzBPDoE_o_&3xbnM8&dY>E*BBz80`~}`WZDBx0b>` zch$^{!_h*I=6vn>SH>1~wXKlxH zq)5`jCYzdcWHiKko_>6#B~5sUneSeW?P_RFKAu3u>d)v$Ydk0BX2(!;y|q5bIkp%y zt=K+hVPq2?4&awvG}A$=iPh{2`_o97c60Pe-je)yI_(-M6!%Syv+_%`#d873jOaDl zEFt|3-`#yQa$z6KP)6YCJO`7po;rHh#kNceRuF(fq3`Vf@x1!U`bi{iEK2BuG@&&( zDSC+(iH6{yXebc7Se{WYz#Zyml@Vg3t42lDu?z*8-%u4&$wVht{NSWozJP^MTMYPy zw1LX0e_Wb)iV9Qt4IVuj(cZT|w5O{2^kN>-fime|YHDlhvU%(QZjgUzB7-K%?J07E z*_BrJXDR~J%fHR-QTerxm3dta{?ee?Gbx~wv-TigLHE@QM|L&rt6qZ8SY+JprGXO^ zt;>w}5ik2@htG%q#ol`cH5qpM-k=~BdhbC65ow|nsZpwch#2NIAFNQm$4KKs1$?0xo`^E_wHoDc8oWcYA143oL<>t5Gd>stTc z|NSHMoG%61sQ2!99N-&xw)d<$8GJ$M8h95e-He&ho&M4GbiC^NYTCser5p96QBO5{ zYo6>lxFKxoht0WrUGyl07tMa#?4oG2^+8eQ!>9b{80F~nTr%N|%YO=y0qll9rZf{gixIGa0%X{7VVXUV^-3%eDl zu0gf+^as%8kq0HG(zQT9#206u;L`ZWK;A%*3BIaW=53|uwdMAwfw8>~#V<#myvpPM z$pL?P;l$$I#p^@6U{?TBW7JGnC`k|n8ILImc2Tg>EQOZVg<-a}tA(x|!op*$X_Bcv zN@IV9ooH+ZDvK^Lam909`T)H{$<=$xG|B9dTXzMNjHuEG`XvN7D1!0(*u&P8QT(0# zHoeVs!PnaLHAxNNZ>|aJLZ)cg$DB|r`-qSCpN4qv-z=hP2^7XDVgPO-MrvJmVy8e4E;Pjjz6u-xowXE1dGG zg=_fBBUbD#=QH=m8hRJ+aj+ql<6>d1*`#jXt5~XzlFQBrrUq%RTJ*0SMN{yKv)8hn z#EG%bm234iF~@Q!5i)A_YXx+pj!^W*%~90^_8)5^8Ief6^suj4Gr}fDU{*;U$kI`G zhd5d8u3#}f=}1w<3OJj1^SW(Qd{#A1-5owIFtd=``{bDm_0l=hhp*m{M#pZ?&d%-~ zTzhz2y*`!U-c{T6^r=CwF{cr*SBEyQS>l0zU<+wSo{IfwQpF0k#ZAvHyLRcmOx!snXSVClkOYSgFk6*Z_PpJZoa&Hx*2>O!~LD-3DvG(cKy@5F&d?`7SdS4~v+ z6TTK^r5MLNu44{(&w?&WB14Rk)PTix+fqufSKxUy;QQL^j}|qk>RyPWy?p-;%plhKl$3pszT@D3dX@2|73nPqr;pp{46CfG&yTAU!YWqceT z$GNpQYb8)i8gclVmL1*Y#7m6sLwUxsFq5M=db%c&JVaoqaviMUD3VL%@z}D|tjQ_QphM@cRaupnJy^mMP z+h(`n4tTO{37EAi0%3(}`9?576Wmb}m#UQUjVOank8q@Hs(r4w8TDvf)R10e$7bhd zqyvlAlJvT)A-}9uGtO=VVcY1l`pK!eVlhN2s@|1$>!8ASBmk{yqT%+c=!%<e! zOOiz%B!;ct%;_i-(gOS3CyS&zZTS`Gz)|g=70LSNgjvSai(Wk z3YRby%akSIN&;02F;P+VMK_jA2NmRE>U&#=xe?r#u6>ZZ9r%SNR{=ZXfTV7KV6B&s z9nFjgJDsnK#E0V-in1IJOJj|y%93tW)6%k-y~uHY#TE8rga#h2O~Dk()R{o}td~dS zdARc3g`ASF?QZ;vl~@xqiz-0@K|f1JF`I<)`Rw`GgR;Z1I~;_Y&#^4B8SFI$!ivVi z(D~isk?By)Mv6Hx32#6Y%AO{aCYdQ)dwM z%ckp2{+)@Kx*Zk0Z@Sr)JzU$utorg_gH8Kwm7#hG@E2d6e}IQQ<&Tw(&rDLuqP|nw zeSMB|^ZUj~W@dgzPp)9V&c2$4`e=nwo&PEO>K$9dp3#Izr&|-F^NGoMQl9&El}BJP z5?kCGDqIc*FrXh1gDNPVAqy^y<+24xam7PrJ`8^>bt zt_*feHNeF@&*=2AIz6cItg6)Yd9fAyc~`-N*xtS9B2ZrlOYKUtdOWMt#UP;iAbUop zNa-8i+8laX65{on?5$jSt!UajDyrduSdlZgz~^l7&mt|u_uV#g!W;cP21}<>z2FtB zll<29@;x)K$#u6ytBKLQ!_`FNwjapS1l@G~5$VVVQ5SP`Zotm*iAKwn6VffB3)Zy@ zD&4y>+9sOwV0nOZ=T7H+c@;kLIP16ub}_cy#g(EfZFRrNVwEWIdAXwv zdf$9=&6=yL5;&e%OzUtmi0GrIL*gsMuM3A+;0W=C29*CTb~A_4*Sz~SM^3i-j?T)t zw?oCNchyVrF%WmS?yz9cDSDGK+& z@A=Xh;y++I_oBCnHvs=lE?ABJD%n5942TL^6c(uQVl`A&CrmFgd*JGJ*n*kgIqCtpMXaF>c}3;WB)z>dm=Or28Lx!>rM*!y%T0KftIu7yOmSGi~?5I z^&`gpFwQVcH|rUFce6GQWdX ze~!W3x^vUdwBG4%%`4+DnztTfvov|VW&hi;!@$iRvwkS(6QoimTH)y`kjgBc11LY@ zG~hR0qEAgWI-5XmFrAf7^3)C@ zo_@l4VsB&s6uE=&<<4+dfx*bCD_2~ZG_N2REf#g$Q{TL6g8ypLJTTxbE=XKxesnVz z4ft>OBi=Sw@3$e}BFPmrmg%TxoP5CaUd^j!!zkRsEes;G`2}5=C|2BDyqxa01qNAZ7HSiW!9^(Z};Md(l0DCbA@LvJvj61@|IZWrNzpx6SJg};Sq=KJce z&C5hr7R39XvLq#cAFh!pE9jDV(V{u0jefF|Y=nE;5V#CfxXmcG*su85NlwF*_9Adw z^#V_$^r$w}%Y(wrOj7;fa0n{(vF3>Zb(uvpDMH1SvfR%bo2{APof*oZ_?S|5HTIF~ zli7#Q<3BUZ1q^Ll7%5%Fi~c4P%q6HGCQ)w?zvgZ>{U&=K0Zba=w77ngJuaV|lhpT^ zSS`aBVES-g<1oJ*qAq?C(}Y{q#peKw(1_FJp~ZoYs&;9(MTx`k=Nm3cL))e`FKPEgqI02&xyo~sd_RBks>W9md5zkY)tQbNx`NsHAYC;HZtsH^*gRqETYWnI| z-P>RjhkRV|F`E#+L^N)fd}Utc0j8@JLIEHO=)KNd_SlhH)lCycX1%N{ntS}U?^G!S z_n`v!*GjE)(RZ$OMn(+-jaUUb5551Qos_q2uk<|U8GyRJ@UNnh{pj8jHE`niN8puG z(g5)3|4sJ69(k6yfd*RrXSrzEeJ1CTO zkxEI*e47){Dbq05+2fR_24%$BL77+nIey36F#(X8><@!9FASY z#zi+sk{HISfOx>0R_T}PxQ=>zR;adqSM8FqCwVV3rO&g2i=gZhSBiw}eNM^v4eKPz z6vbEm(PLvC1@l*@PUvtW7~M$NQ%r?678LSpV?xT69G|FzwK02XztIr)_>iJ3e;HNX zbA^(uY(_cc;nOAXzaB>5X$B1cV`RwT$f>&!_oHNHv`r4xf_wwH+$4;*W!*Qzi+g>Y zsejl7v^D58tmW=5RSU#F*MF!Wac_{SQ^9d*kb!vl?0pj*%zb$I5IBTxe7H07J`uCe z7IpqCPvF_zde2g2cX^L=phxKW)KH{Q81(TF{v(}#47`;7gm`ZVy;h4g%6JZ4alGn5 z*!i?o{Palz+u%YRP8 zm)Q<0It*&}0j8sgAJ2>6#LJy_J+7W0zB4C?O_#&xdcX9%Eq&G9twJvo)7p@`d?5!z z>cWL%9w!pmeZ$*Rb3?^+Mt%FVYS~IMOif?XaJ>%TZ17+eVNPpr8mFzbb)7sQXIFTw z_di4huw#u05gpaF0Ky9s+?l;SdeZo|21}NzO$@uRU-lX@ z>3$ze_aGEwPSVxIg#rCn*NeZ&wrY%L2f5v?{ljKdsH2x+R~L}l$oplOqhn&Wt}XzP zc(QovmE0taw~)(i5D>`?R{W6%WWAXZG$#7fD4Ic)Vz>EStq28UojLC z+kY?l=;E``iZBhm4MqU@%qu!338Ds0K_53`sUQ=3%Mrf{oY79>g&8jV=_}eFDef!7 zaU%w_+LUXgF#`s(+57wa^j%!N?z{QSWk>v8M92K#8@=bjb<;*e2Q%T(=kak(QNMmJxiw1D~Gfoj z_=RhaUiMzOs;HH42YflT5|{ZCe3$5ZiflbTLn0iFMqRwX)V`2b>=y40!ZnVs0Jl}- zg-LO;1d*X$B0l_C0a1l_d6^Cvn`vESh2PjrKaanfW9i$hohE>UOwP#1C=F_avU&QM zqF?Lqhu>maxzmSahOn~0i#68hbc$_>rG4uAxP;!VYw>I7T$Z3%8XEc|#Bk@+^Q+(cv zZY-#>(jWTc<1&H)A3$JgQ%672Uz{;9t4ZGNeB~{l`C$t8qPf-imtBB!K=#4j3(a@* z-rX5t8Y-{Tot}}gbCc^Li>j`Gu9CXI2M)YffLC8_pY-0s2ts7qAnAy=K#oR@f0K=- zjR$6^2@21N0DHv!*2tUxrH8_~KfiAXZ--weun}*7uqFt*f8$-)A^PtQl6nqtz>0^D z;yx2j{BR{!#VY#44aOd4WoO70@v=bFZu9iwriAtx@~8C=Lc1Rc0Y-4$?XZ+ioIE9h zj*gjxe@VeK0lS4gU^vyv7<4LHurxT0An8rhokgVsg1?bQt!5R6>>S${af1*_M6Xma zcsJb{e0pOYzJ$=}u`2)w>7zhEg?!a6VxF#|-Ea9uhea(!!&vGAkK3IP=NxR_Eb?iP4j*)qL^{fEAthW6Mc>baob3=eW^J`r2=CE^=OEp7X ze9UlRrw!kc-L9-|kP-!!0$KG2aY4#N8V^}=$y!nL(6aJoKbj0JyzbR0!(t(%8l|tP!!y9$$xGXS#N^0e-DBV@eo~E?yrvdl5 zhoHj4+1YuGpBC*2UmwhDbGXY=QN`YJ`FvUNYw{H*7|?g5*!xYEsE=tr3*25jwUmNM z0ohwPvK-Yi$lzP@9aI$-pYO;yUtQwom*uqMR-pK`EW6+5K9-A0c>P;RJ!_)6`@%F*+(UKnt2n7E1W11RD9;eXE0)<9M16vjdF>WLSx2 z&ev;ZmLRZ~SynfxfLr9*s#H(veshkjN3XPaXoTrBP)~<~O+r$JA-fErCoxjsX9%Obcu!d%|*`jG9c2Tw68Yf)Om)MB|*`>(Pd+Vy$dqP3+8rVwoU^ zzb>{`KxXTAQxyvnsCdoq-r0T8dyy=G{KVdBl5}3V?nV)T(Mjpn5L{^67+0tuoO|WC zVs7{Aiu~rDVTMHe9oimFJ}Tjgb;!J2n0$b5w%>~ghM%(DhGb>D*?)GCx;cy7jr|TV z19*3Xp#K27+BsoNx1`JFYb8$Sn_>&c;Wdi4hEKN`tJDr;tQr9KHJ{*c&Xr( z10P?k+;3ZChKYr&AGd%muZ+7&@xV<4D#KO?`k^l(XUOmHM;o-qeh*F(jStFcR_9?< zmFUh$3cFm|&4;`8iTd_zXX$KbS!ctoFPF16shDd?*eQG>4mcT0h$B1zcu>mqBpp3? zTk`=O9?(MBnzutvX&M82)CA?{MBr|uzVr)K_!Pn|m@0;HokeP&-Z!(uGW@jGmQPJ^ zLRPxwm}Lc6BZ%Mz6@m)>>B{3AfUwZ>r>&jaS|s&Tel2L~yOsBgwzC(5Yg+!q_6<8^tT7R|1)@c16$@^MF!~}_>0*{77JLIVMwED`s07m3w8Nwu79JAzuXSAazgv2& zr1otGLQw+01=B1)Lmjy?>K4!VMs5Lg@A_?P?Lanfk%9L{x3Z332bm_BK&?~mNWn)8 z?wHT^@w@ji%C~FAe0*Rdn5VC&7KQ0 zt;8cd$|vr(m-@0Xl=8nbPK0D@w4^{7z&7=Wb5r+X_bo9rjWHD!EP4tv?uBY^Njz&V zxPic{YC?}!9}-0{+2B&3WQUz+4aMfRo|00q;0Gweg?HeqjjXs-JQtVclL;AF9? z)Ij=j!8xiL#iGhYf%bQuBVEV*x2}i}tzOH`^pbri0Mt0b5`S9V|9Ld}pKN`D=Ug+2 zwf~t-%j?M9sdsT=0W!Jr(}L)876lLn!0O&qcfUkjE#yiOzR_6*ynV_H{H*9diOJ$JvZ?Bm7r=3VlD$|K;$Y z1HZm<)(^cD(V#`)4M(GraZPm5o^nyY=1q0lj4^3;&+B|kab~G`V-s7HaRUK^vlYwZ zK;Cjm;W{*Ty9lekqa}A6gTUDi&KMgefcP@3FGls5((c;(J%|aeDY=V3T!OH`IL_jg zD15=YH-KS>2I=%3EkU0-v)Ryyl~G}`ADa_A`J0c@sVdxf)omgD-lvykv{pP zPV{%_bbC6K&;LuM>;wVqZFv~+uE8)i$oVE}b0@RKSfazksZFZtDGXQc2x-))b?!=) zih#WfWzVY1;_0Z)lRAB{tVjcsShnP9d$?{m;z=;4UrR7CS1nsh?D;WwXs!u$tr91nyJnL+k4Mwo0=X?BG!Jvq!HWdwLtb#>%1c; zTtFFpTK}o)B(ZpbH+H z9|RP8&%&-U_p#fPkJX=JPOyMdIVaU(2&RdvDD)+^j>ZcU>tIT}ipHl$qvFNS9pH-y zZ{1X^aL_EP4BuxPs6}x7c{J<4=Q|WO^p5v0pZoTmn@o5l*^5fE*`6>-``CG_&&B*; zcIBs0Bl@Supy{J=)yCYtvDy=8(SG1QO1ip=xa)@qRuc6^tWZS|&6jnqjXpuuVZ64d z7J7WhA~|ectlloQ6RC|pTguKeI)9OvAz^P=$Na63#e@fSYcoKMDpwH4dx=9 zYv&};k$LV1XrtR&9s`3TmZYe!tJ& zs~Z6MsAlf+x&G)tKAkqRKyD~4M}VaY-MdhK)ZEv9@|$dBvJ&C~ef&x}^75A=l#Bs_cC9D$A;olE^49t_zw0weX7JU7=p$;R;uvd79sx z%gq}rjTs@TFJfoJWesO3+@)WK!SD4DKK!{Sqk4=|mpDTW*@4_bF%%lszxgC*PycLR zBx_(GCp#6|IXgWY;8m6eYpOC!KhvE*6f&EcmmJY=nlzpvS%3S}-ZuDG+uQ&6_x}`^ zr@omLuhOQZfH_(WRj~frQm}cv0GWBYXAILnxg(NS<1>3rnC{iB^qef;;tfED0PMss z2(HtJisqpgDFkqDSK9I0Lm~-IlD3cB+0m4;b=`6OgMQSv{{hByBPwLhm|}oxiu^a( z=`TdvRZ{=rug8+&M5^CpJCnm>28VsMMjEoq;un4Gzr%SeF}bfRrzB%|yZQ-IY2~|- z;&SRqxY*fjZ|glBPftDlKP)yX1}b6=>L)MbJ-{5LRJgmQLtu?va3 znMan70&mY08JZ)Hpawy?OZz8mqF{6hDcWhP;3LL|7?q5~0eC}oDbH~!xXiYJ5;IUL z+C2fpH-7{;e}Deoga1FRf&Zg|v(f*Xg0trfzOHIxVpe;5i~Y%uT%db*gUFU{^H3TB znY(-&@(^f)#M=P-NWs_4B7@Z7JAT$v>xgAq%m(okv1SU!=Y#+8V(VKj+I~KqKY)9X zcy)pMHyKiw7$pdl*&6@x(o%{!!1VZe4{sMxF<zKA?P13Jje9@ ze!IW-?(e$$`&RsoDE|4#d&S><_HT~zH-q|{eg4hd|JD_MYqI}dKK`v3|5n?7 zI~9NXD1UoUfBScTyNmy^Q~S4K{97^ptr-7SjDIV}zZK*ES1LxcA3tVwtF^UN4_4yj zjrmvk6MOiNr0gPvrS}VN{uw%1;rowc7#97Y14*Yv9H4;8-1*8QoEfOdwq_IhKN~&# zw^78KJDOT@kz~Ke{;y7D7z>o(_gk%4Cp>lO@ZtKAoxqHrhoFOtKKWZ_Y$wn!< z#eS{Y0r;Yy&Po8jD3|~uAO--ws3oqX?1W&e{+rA)zQRuCXv0N*T*J#vF(yiWz%0;Q zud;r$X}}h`78rXtsHrr$e)SG%lV;dY=YTjpKjvn3)a@|iI^AHrBC0|F{TctGBR+zU zuLGk~etIkbvlKb!2lDu`_<6D&R4o`LqTqvFT%rm(s@+>1k?Lz^R0-fo>rXDZra|+m zWRQd6dHCT`Zto}5Q7J^_mt5qDMk}~1r3FEOM?S)Ohe-{8bCi*oH$OS;7#sGB{~Uv@ zPqICtcs8!fL7F&y9KRZ9{2fB4z_jA}7PY{0)vJ~$?^I!CqUHXGM(CyFDwRa=aqtsu zVM+@WUU_3u(zp{r50~`SU6t95!ZLO7Qqmp?X$c?J)HyNjIVjGDYvzKUFgiq~kSA1_Qo$Mw$Z4^J&Tl%oD zyj$y=Em(qGARqdr_S9I-V}S_^2`73i7s+>!m>c8tMx>lQYb$Ht63f*|U6dx=VfyEV z&t0TofQZ8<)4B1BD|F<}MN4!nTO@W&QCxV{l>vKt%^O9Y6T_N9AsplekwSXPcP|)o zC~92LuP+@e{Z=yg2^0ZP0<8hL!Tt#8ngbnw-F!-Dq0x*tL~%8B&lmk>O-aSi%Jt)+ z4Xh#LUa{cQvpAw+29fF0%293%QMsA15>4I!c=}y(-maiOX1MRtdnZ{K_cSD{fKoof zjwd3x+VsN%fjY<2VK~a3oBa+5T}{hLD)9eIuGvZJl1>>ZN^`cVwg;Ic#i4w zvx5iL7WuQ08;ie;*THS#p%aj5my%Ub6aX*t(yHc{gh2%2)`%mJnuJMx>%paIKMT_SSZk^0k` zVU?=ToZg}WHtrFPa4{BN?(7p7SajgUK|>Z5$!si!tAa}Ov~ zvspxPuf~ock{VP3F&?c8LMd$^Mubx{uV75k=b}}|$$iJ17WdkPu!Sp{Mb}!EGyOE# zyDo%Yd2PR)!-9!x*^gF|#vo%Gq%emoRBxBDi*J8g<)kW*aKl&oF-9zR zb#caig*D4B@|*B5E+RB znt6PR;p?utxQJh8N;2oioVL6J)8pAD>>B~?-re5s2@j#)lMV0ZsT5p6 zew8$C0Y>(HB4L`CzD^K}61nfHNh6jrt}O>OA*rK&(vE^=St;8e@Oy-;lUJV8HF_qU znI9*L7sp(tn?be6fIv#p&Z)bpgOPjt_CtJSWBgU&_sc^}MVDBIyWT8FGbQVDyfR@E z=|2&zzk>W`U<{~a$_8TRzWfFWjD($&SD0^jgu)Y}pTDWx2t{uID?;f&W_QJbZA z?`6fUFgrUDXArI&O9kLkR*+$f6(u1@0Y&FrBRE5s$E)OTT=Jle&uPC=8!Nb7ax38h z`(R4tPm_>Z#l0s@DN0kB%@U*=M6vR-=qdyi41!n7cfvR@IZvd5qdc8wx5PzDpi&pE z7MDrL+Z#a|z!C3b^4Vnqu<5fF_+x^$BcdV~*O`%p7jGkh04(4w$BIvmRYG>}RVWLz zn(xJ^2s3=9?{}-!OFHn%j4c*WL_(9b&7Y0wWc!+Uc-29D<+B?SYfr?=FZjl?4)x#(DYeGD*7 z1?z#~CgnAywFfp1*#|Dx4oK@f>KMQRiu-kUNiS&TF3t*Xi&^bxzUUcuMW?t83MiL2 zrXA|?`wHf@Y%0=*d|bgr|q$|xkmW-41dgxt4c8QmPQ$2zJ$c0`b% zN$Y6;z|eL*tpAQC^8M}WwR|4h@r_R`0H*Z`WMvU;xeR%OU_`^27w|q-lT~PK^*E!^ zqDphGx@7Fnngq(~Sj84pFmpn^G>f%L&r6{;tS&k<3#K%xK<9&HYEj}J+9$s9vZ)@4 zzNARJ>-h3*JiFm*g_JmcM=~;-8WF?Cj^8vx2g`1jgrgBIu2i$mYzqw7xL~5~ax*Lc ztAQLmd`IU{{3x_0u`dS70&-SzH+M52H>d3|q0_)C5*}?XGB-FEz$7OWB#QBZ9jS&T zxZshaO;#bn@`dY%nYR45sr%AzdnAdFU%jX4#HKN_y?Ju8rBv%P_fl-uw$M0+trZyo z06u7my!cwIOiL;+iudF4BIouKXK9qNrkk6`w}P1t{^XxXr*_z{&ei72K8$W=Gf4FK zvgM7=!H(nfbJzr5+HI2zB~hq?SUPnfvsNUe-&cnF((Nk@Z;bfQoqgJ5)0q2Z989!1 z%WR;*xM~dTyFP2i0`6!ZDa>f&GL*&ktF9?mZ$5oRN#@yS559ew{he?M-khMfWu=70 z;!RgdF8YRlx4M-)P<2I^$A3yaWum7~l2Pa+GDw@|3#^b_z=X0J?KXFs5J{ZEl%R#N z`a8G+tZryAjAf;-h#9a4px+GO`|-g_Rbxzm>pOif?UD-9>yf5+fYsZhO)xF&xieW*Os>kDxa6-Q!c83b}P`EJJ^cM@$3pCwTG>kF!s1046^fi z;nsw=TuL}hWx3W!)c(Q55-SR4_vpR1Wk073*}Ly&_qzw9=SZ_nTy^7Kjty)}U^ZV= zt3PGmtP_Ax-c>zyVs~3_5cIZ-<@1r?dc64IT#iYx=1VrExy&Y}vmoOAbRm2I_Piyk zA>njne?_`h>hlPjY&8JLPX^2&x^Q~ZdC6F)bI|!3( zA^J5OQ9OOI$felkUM%Y~9}SUc<^1JZz>kG*a$54U*__X1;T756WYD5>hwWDU7~>Ek z72w^8Pi*7-k(Fb)b*fXYQ!Og@fXT8UxH?>N%|2*+))VSa_qc*6BRVuzTxZ4AtFTHH%lqL< z=dqA>ZC4sC=uzO)w(1uvotH+rR$?C^rBw&}$#^d58!+ik_dTmq`jOd?@*TlN;)1E- zZIr|u{3~DK-ERt{;+)G%8-r1nqg|f0*JQ78m-bN5_nMk&o)p3tc-don6rTHG4m&3n z>DE81fTEB(7uu{JUT34u=zDvGm)$mQ{z~)D>@QQ6ARj#|N~}FD3M1H>c3yd$Q+|BEqyvST;!>COJ`)SqLl%g`5{HMlK-Sn!Oq z9TlS0q4~}e5i~jD?XM-2cey|0q-2WsYhJ%cC500ZWJU3`M&kWPakHba2ZcMl92mAX zB%5!E$&go6qxcilsA!fibhYZ8s$haU$t+?P@jiTA$((iOwyqym7?(5Lz_FTww_RGi zv;z=mV0w-&DP~D2;a^M>bs`@zv*{tV*s!r}@xIeE(*3miGKZ%pcsx`cl20Hl4Z_vG1mwc^`^$=ivd_@B$VAsWT=fsLgZy~X+S*Fph?GsrtsXQ9Oto~Q>=fV}|TBNzY z-k1V>Ne78fJ-MwdmHFH{z7+{~RKFi9(83k#ZdiJ`AjuU-!)Ac-d6ovXd|yVu%W6V_ zYn6wSrLJzsYZJ&yojUH<1Qpy)7Ad8yk>y*ZV65dSX44p!)Kh!--)Rf9D*6*JW9T1V z!t!GES=1k1!q%|bS;qS655o5oUJWn;Fn;$sT2s1?*_cHv-v<0F!31sKbC>i2u7N|v zqs}sLt`*j^{avuhB5jc;s)vtuxZU#Xz3&+sa_}d9C-aiZPAEqmp+1qCehMA)XEr^k zJuC4vz1lR{AhQ(5;=I5z$}_P8si*+iOtZpzuFti(^HG$&_@p5kYzTI6Wi#JS5U5FGSNcnxoiA6IDMoKC@lc7BF; z3uVfawC=3CP0U(aO%E3DR(Jk6gI}}3$i@M?o#skX612prP9ubPbw!-h+=20fl#YgKwQ13_BskGw zw%LD+c>md}hx{HUg_(_->XO&ySF-nQolh1f&=r9(R*vcn?u8@AsYdmU4Mhk`^xSDk z-kc=L;-v>zkb!VqSBt#VL?H?E^_TCs7_#(8|kDH6|)W<7zP} z0v&xkBKZwI8sOP;neACEyIy=^k7963`ywq|X)FC6*7G+R-O(cLjuHb_#0cpc*=F)a za0aRZy`#MSYD&?aN+ra*T8>vQ3ir6~^(*7a9(frkdVZ$6#m?8&;ahFMj~Txz&yp%4 zO7S%EL>V$uuTeK~w0POqyoGcX%Ub)zDWxuOAUW+^U$s2j!OYLk5(cpvy`8isNwVjo zkKy$A{Y>A(7XQJB28pcg6uGA0tEe#r8GdcnBAV~eCUez+;LnWN?`S8es0%Z<*FJ3P zZR9=fdpz&mR3|vxsL+%9>G>_~1g84QW*zj`B5$+wEj5@uK?r7r?TY=?*Lb(XU%kR7 zM&-%#V#|x99?s6b@}YMsei5IoT@-gR0EM(u(N(WN{lOMqTC8C7uX$R#*LvfX&U#V_ zT0v|kNS}SJ^Mmv3C&9vD@wE|e z^}B(_YQDge?~0>T!+5W*TE*Ipdz$;|8->vnxEGIP>o67EzI5#_@q79-MaZSYE6ACB z<&a?oZMG2NQ@3TB9q#n&v0c*I2`t$brFIeKw;<8+L6^SY8}5-9ckR*HoP+54c}^DB zyPR?w4q!adgL+OSiyD)U)9oh>3~7W7Mym#-CrwAhtQ*Q2L&Ze*u09*?V-C7g9zRC! ze(TH+D!F^C$UJKNK#f_S{a;b(8DGtFRuZlzO_2sM`?K&49AtO@*JdVZ=+JE=a0wQ7 z9od|QU#UC&BgOPUH)B2^IzVSRz~|#{G70c?f_e8WX^0>*U4~w_ZgSenUTB_NX)bB_ z2+7zP(`RI6d`z~M2w`*vRqu!E6HIF{;GhP`sw*|#+fVdJoMF>jQz^ZK?#>7Hn!^N% zJ|#nC;`DUboy>&}3xa#(iANW>s=0NL5+)4fhMoaw#;psY=FOeTHicHW%zG{eCLfGvGu)1%hPc;0bHA-D z!E^JKgIItl%VF+ou%j!5@8W7nWYf7V?_;4tU$gn#vmBQ~X= z%w`!lAAH8lH3H6r|B8czlkN^Fh!=0BCdDSM6wJ~j-?6YX>rO80l(vhN&9*gJqfGH2 zkMH4)!?dmHhLWh^T?jgu&+12Uu{WoNF=qd1qA z{a#tW=-2T;KgU52f`pVew<}Ts%^JX$ezxnhv|>ckHDZDP&fHwRQul=X z{djd+(~lp}562k$@9QO6t=bcGe9b188WwqAUfE7o3`6W2y47QEG@gtx>K&*W}4 zS1Qc;E&774cW>-(!0#0|{UJVa6I}lgpELj;5riWG06ytp0&F|a^PHRa?%|#6WBCSQMrqa0GzYATzJk~Vf0;2;`Yy51R5>L8zpmw`IPl9f4 zL0kXV3t|du(e8suPnxB@pT~KuB4-wt?L(Sa@VcvVia!dLU0JuQPc7Jt^1`a`6r%YP z)u&+hp=+iL4+7iBIAsNdN_q2OfL3ggcAilA9hxw>mtNo3$4-zw1lxTc|6) z5YD{M=$&e-h(uuT&*1Ksi|wAp_ASUtREUBrcCrIP?pYu3enLUiWwg)ds&0kFhiIWY zYGI;Hf**vaFL;-6U$!Xp`IGM>hMFA)DV$CR+w09MQyvYI*d8U%R9AU+i>!UJuFPW{ zv8WWdd?!Ak1Aq>er2Ox^;51KP8f$E^umCW6x)>!kyaa&q&ORTH@b8h(&X)xev$ItJ;D7z4<^!z8<4S$L{w5QDwHPz&@k7yV>v2icFCO#d z{kI6GK{}^XWZ2O>*9vbIW?j*wXuh|oD(%grI7d}Fr8|5i*4&4S%B{i1?O%JvHEslZ z{9=tfDIUb7Vya47{F>zOI}ZWh&o2@`kkGt~u^Hd^k=xX_)i>5Z|0XLidZrb!!9YCf zz`No)N5o(nnGO&J80E@fcr{6|#$1Q%>Ev#^v=1BOGY#rkuG>8~;7`8Ct_2T>0hM5P z;efW;aOHD`@qP45Rdo4vk2@-j&2{zNJvf$ZUyhQ_0!zEaRabQIitv6U=#qkNiN;qm zhh#H&lqVpZm8&RxbZqR9c#GNFF6ou|&lg&2)c4ev=HsTFgxBae;gfah@vAZRz+2E( z@~4s&%U%9DU8K28cpzF7UBllxlHl`5x^#*yS^rBiHI)$7det=yE=lS{(!+d~>>JCa zCuF2$yeA!T0XtWAeBSm@U@u-FXM@(C16FsnE z_Zhd}^(ZAlSFSu@mJ3nMnSb_ClX9G#pPr1bSldlIeveJ5Fth0iK8|3#*~EYym~4Zb z$E&mh_gN*UwPJh7*L})DEmt_iP%s57l1=^Qd@-ARlNlP$0Uze2!sjgkrnRZmGSw+c z9Be{G4ykXH7Y#=DL=C4iQyJTZpfRNz6d|-6rUq-?H5SMD!b_hZvx5&NVAlX1V{V%( zr*j=k_6?}@lk#%)s?qAT9*(5XBIT+<3iWVRBMvyNQV#|ct00RNY?;xGZ4mIl60su2QZ*Jk4*$;W|IaX^|M%LRGr3}=-W46U3-sa7P`eOY z(hq=M8!3*ali~GQpz1!5C7dkA0`B5hv7m4zzzOwII1!j$nt{wfrjdtC2jHrPm}WFx zMc^mi1v~lm;#8fTGq~_6p(p8-w^7ZYxn4)9b)BRpQa#krpOwdu_kyan1IAzvSUFN) zz7{NP5(6_}a@gX6FEinC<7a8n?&glRmR%|QU)40;UCS;CVPI69Bb1-hbA67o{&hJL z?*lojYhcTD+~{cH!9b!KG?xPW80DK;rW|KIr=lnqp7eI_U9$rK&5`_+4+J@INZ?Gb z(zOj4x^RA2Auv#MqRe$A@nsXJeB?PnZ9V@uKH@nmHlda}I+s64hP>}i9EQhc##;b1^>r>x0t*CS9iVq&Imws2s;=Wdra^Q1J>5FnU1-JdQ9{luiOSL!%=qKr zrmKCJ!&Py#PA!Xk(kL5SWq34(0a z5}mbz=$#-45+ove?^f@_^7tJsww(}@TQe7N&4SO>#|Qkt`&eUhW6zX~{4-f14ts{j zt?!tRWS@|@G|=Z}5xMe8QcMCqrkcJ!8-h3_syc6AIj!SzQNXN`+hg@kF2#Dmd3MNcF2?It z#^+Z^A5PJsZKXfr_iqibw7@RSe&>)(!3FJq;^1Z+(;#8g zByXFofs^T6t8ejKKrDZ6Q4C;mga*~5MPTiF*pXd_hFwi-p`cfJOA?2pF=g$18Ha4C zAiSk69qXINK!#(mZCB>$EmdeMzjZ5?ENVR{0wIO9t3;I=|23GF@GO3kslZ?57UGkI z7#D`3S$lUmhTes-3T&ozcm^Uhed#^`J(Oy=9SE=ali*z6*f8a(Pvfdp$#kIU`sci4 z8dNdF=s1ulCh|NhhRo)@yPZ-2Vwsz}F;`;-uD4Fd>TBPzD$o$Vq>nWyev{-fJSY5D z`k9&5NnSc{{#K~eu*!3tM*=J=>v=828{k8F6gcFsqDrt_RuORVRPH(f=}(^bG)KR= zC56}-XK=i>E!^HrroBPA^&WBidWxGHpNlR&j__X%F2Qs3n%$zB?e?!j@L78tZc2GD4E^4y_i_~ zezZhg>o7IW&B5DPF1}WM4!4W(iI%x_mJrTOj*W#;SZk zty8;Bjx=lj{YSg97QQ! zwo}rCjg|i{&y*=&%xY)<+urK2(H7_ObEpvSF&6V;ay#nfG_>q6nnI#L>vhOu0kg|Z z=&RB9q;z4qwWReut#9Xj1KO_zsxbvP4_o;dSuxL=$>3ml1#|DAukU_fKUi?fg*b1% z^4NPThAJ*!O7ALbN{9sD%gbInUW`hLOp>i{wPA(X)S!BgVJDnntTZBwYt;39qO^3SV7Vm9MS_xOBY$m{a?O(H^ z|M^Y+|0ZAnnf;N;;cSOS&ECs1J~~qW^(!`6cb({wz|4Tyzlk$IEI~->`=??kjKEMWhi@Oy z=CmKP`$}Ky%9IA6&BG-nwqsj_to=3`p=E{C%51D|TDSVYz3{2#8f*LeUoGV-*_5 zNPzT9e}n1Z6li3m8G`lm(!OGO#JgGa;Hnp!Z+_rfTe2#em^eg@_f5R^xMX0ermsQz zr4C$h20^Xb_p>&LzccCaiN5%6`-XVur6I_hn4;X_PEnD&^C90;gH>b;5KC6KTPGz! z0YHiC<-UbkitR*piJ979{cyv1bp-}qoSQOwl+#|w+;N)O8yaU z?O!YTgzHJ*^{~DzKMF&*|kS=p$P?4|k-tk~n+lJa?Hyn4;4X7P4az zH^CvfHA)2PDOpIXVdpjPI1t(^vt+$He6pMV02GYYc7@mLWLNfK{*u%?RO$ROn2|D7 z)9+n;Uz6Jtcy7B`+hn)H>EWjsjk#J%2}wO`f>#o@*-@!IR7FS2b(P+(xSEnl#%gNfjX&mb12d%|#i##^|A-XA7>Q(;R zj(#pKJmKf6?#|QKFGmC$)32@ksEI~{VqztUdViSfzS=TNwR2I^9I!U@AJPSzWmQjj z)gC|%AN<_!O??XgrC)GdmOWFWFCiN!1{Hu3btIdxn#VqlRaf9U9}oa^hY ze%$q$c4c3cPwZg`VOH4Gq#VBWDrMTujUa-(3B-dQ`26rak7{V1YLRD5%rLl`lTKn( zI(ctC;#ub9Zgdk9QxN;?KP?`D-c)5LKoYn#+g1 z7iqs@&^p&WuSy|SZ~mT?7JSl{nD&d8U)`;DH#IIfFlQxe7Tu&bbus#GcJzL0R#FxB z$7eesCjlz^$i>OnbI-KMU{LfzS8o$n(^6~a&jU6BX9e8>w#?vAf1dCbAB<`bOFg$_ z>x}s8+9F`)>B^wNS(g|Km8C0*+&eiM!!^Zp^ZFv@^m2 ziMj$85ixBP`$5cYLT~554CStd!QxOTYWz1~L)WUeID*&sMR+v8p<5?O&tb;b zVp&k!DaCdW1QX_D-o~Q#V9g~^1-(U)HvY`dan!AV(0r@+aPx`{%WnY?q5@Dm(X#7H z2HE-Gl@P^HYT6C%b53(1DM?RvF*-JIR%&5gvTmuOvX{022j?%;il3NuhHP6URN23j zb~2h!jaOPfUI+kVd?F-T+&6^5%x{^CC6a}{&FoJ(;=1=TvSK0j>HE^41+ zsD3!G^?A-+eAo}PAzT^=vvai%z4#&O>k2t(21By(oaVD`m~x1R*ir?ML)+~Y_P_9~ z{lCV%|LJ?2;onQ}WlR4$7Iq<_mn{D}7Ea~GTxyH}j)lP|pm@Z!&j#RF*bmo6jnx6X z?N|R0F$Uq%ftM4Zn~-n_wMA6LTW1KB39<`TtyB-u$0U<3D*7 zeCKi|{%7X@Pj|Ebv!a3s>$zvq!c*^3)l{AYq^??4 z4VJY0P%P6Z*J2JSHGT2k$gp@J$hJN};+Z>Bwy5h{NqtXir|ny zWyX1Lcr?HI(U9?BO=c{(O}kI{D=QHx5iPpul-f}-DV&G4)PSY-FLdz`*P0gdq~&N$ zlAKE6k$KtG`66yXu*xodtvoFX_|yC%zB2Xup6XxEVZP&XuM)11+vloS$xHKj!c|p% zP+9*%HOIwiJ=cDDnMPkG42KMps`-cLAP5jE$OB$$Q9g@peLIJ#99Q02BcIpivKx*~ z>7ppD$>M%oW%VHVrd2DidvI$NfKZ_C&<=)+NTmm#J-X^k`m0EDJ^~lJeB;a06?6xo zf*3=PV*{)0oG)tEqFyxzJNoM7bvdk)$ED6~KlkNp+ncCatM)DLwu->1&bKY$c<`UE zibt-;Px8dB3soCVRCd&mkA5Kp@Gk2BE1|f{P7ceQg=>X$oY?B+t@xd4q*BWqDf6i8<|siZdsXXBElg*xU%7O60*6CaYIYMHwR%u~RWyGjYE@`;22?MzhpF1I63nctR{{jSElPG0P~X17D? zll_=qaCRV!)r@L>g3R}8;k#IEoFSe9o6t?%V+X=?+CoT~MWmo*uHxS_7@;@8)kCZ) zlsCg)T1XKE_s|y+x}5PlI+(Pquh(M$Xz`=o3Cq`qmffx=C1loIAU-#}lWY2N|C#W) zy-(C|^QWU&QYDYHmCOrkoE!FU7ZrGcp)>QU=PH()X96V4R93q!?dNV|tx<=2^y2cE z*Lz-TXZ04j+gObYnB-ty^DR3EJD!s{4e8FRZ>H#v zO1WEpR>c@DaRCw2)|d`tyw1zU#u-WRyPs}j7lr~JJlmuWSIV|#b$qE!E_o0R8$ws_NZ2|ApAR!=>c6Qof} z;EmC{v`a_1ya{KM%yr6u{TOg75qvjLNz_C5F&ws|yWk-Rj{|LJ4v@Stxs3Su~ zWmwT+FQ(i{^^WOeet1%;h$OT%i@(%YDDIL8F>FO1J=N>)6kN(+6z%SDN7vm$qTmJD zGMj`$##dH_yWUV6ny;os#g#I`2Ss^mm>8TbMlO3pEGCd+U}|J*XmzkcKz^MJ3#aR(zmjHl`UBOAi4vf-FF# zeC??ZEIJoxg1mJX6MKo7Xg>7ls*2Vrf)|$7+afUFE*80}w=w1T=59dK<&00aPBxSd zR6nn>*i7!cH*`PFu;{h?LsM8}Zk5!*DHh!0W2b-xYWF`xwX)6AQNm5v6VnoZOXy3C z5+tcU=W`f6MrpaHq?om_T@QkZ0GIR6z`QjUhOCke3(as~Ikz?M>`oY>(`q{vWk?R>*rwIGGbKcV$kBmjVlld#RQ#5@Lii(dchWrj2H56H z;xG4sz=b!qR$XYiLk8^rhDwa6KB_pTm0ztAX+}mBF$sO*BN;c52#xFV6yxPZw{D;l z4r(zx8*;Tgk=J+e##|aEad#g2(e(6unbgYla)h|NmL^glJ$bx-o77(=6*JWC&+=gt zZ=dHpi{oZZ8x0_zDy@GK2YX+Va&xa!f07J3*6b(jeQ>Hj^7b+;A-qK&ErwhI_nzX3 zyA*?`t|@)rV9mSPYmCng(bn^~+@0RGhd@8ASI5)Q(p{AN1qOt_VdmFt{#z|fjtthm zlE+V{4-X~W_~NJZQ;kwheJL29>2jqSet#F#g#?neU>CRlAv&on4myDb(qJx8<{wm; z@gQIF_Qj_z7esz*2gZ7`iw_zFh8oKpQs-6tNF)1LduSnglw(C3JnYv>aODWxODtV? zGmYJBpsF3_YMR|l(D*Nl&$x{HW5zr19-o_g185AU7 zAIiL{7YRP@k!XKdC7&;nLgLNOH28b1GU#9cn4_8dHf*KZ>)iLAKdZkTk+W@W@#95< zqSe4d>mqUzI;ppba=~CDlYwGOYP=On^4nDlNR9oIt-)WE0`!hH(J!WHxvJB(5z>b1 z+mLP*T72=kT*@W&zQ26T&Ls3KD^STgrd!dqU_$cO#gcMoVFn`-DNox&BFvHg;g+cT z+412GjCQx3@-&e6E06Lngnk2p8ceDNzOSt0%YHvB8GJG;Z><6oeTHd&@T`J(M*w~y zNzj0yBjFG%G444Fw|rc8gxSQKDXDKcy9S!QSMB+Ch{Xolo~*kHm__~g=m!h0J!I(4 zr3!L@QTxK4*EP+(#OjAlCoT<^gUm7=Jg!<4Lo6S&(j_XI@8K$6HkG9We6L)TlK5UP zJpMGy<6>?s_XdIy|4_49^>zVX?>j*T>qtl!k^SD1_BTbtbyWRb=8dgh!N(;Ny^O>s zNj-rgMvrWN%fLAXvFV>sL|4Xu=K(c|ZP*(Enih5sPn*oD4rs+e}DYMeaW@UtnwM8&nhIO7j5e=qT#iABQ>g0XVP7FS@)BF&Q6~38d1*hzSyMAw+tCs7=X}1M(=D=5xKvKssgKxAU#_flxQ(SE<7iz3*!r( z)#*m)Y9-j`Ri*NVJj~=wEfMp&ufj+0z8V#YV@jCa<~4s9l)A?SmHTfdIj~Sf4OB3yii1axZfcl9g3FQ=jPRoZpyfV)kONZe`Gq z4Ulxn)cy|BNyCzB%ojGnZCi#`#=kqWF^r7Mlw`^S;*d zd(`>G;;Q1T^kFZMQuYv|r=FuU5@3Yw%`RWI?%bPH`{7a~lIcS9=&`Yur!dDyXzcpj zf{HReV7)w=nRFDgJUWC z1*$y!?&R^&c#p(pilLAD7DEdAfQLXyqz;>jC)*o-Om+6ds zRCW1$Y8V^jd=-NLbuh!%gnjqp8p~sXUdO@oF|oM}h+F&BJ@#liYTqG~R_1D*Vu3~I zc3(J(_+=GWLGr^e2Vst|K<70I1h;B;5599zM!RSC)m3IwdWIwlIySU*d{X~1b*&n) zmhP=kCWbCQ=)pYPFe@T!#PW2G?^%7iRVlIgV%c(Z;%>h#_o78?wDe=T?6279PqXdt z0Zf$`EH0>q<&bp4kVYq6g(p|52IH9ajbocCE46OP&E5-@%7wu6FAl180PA56d>Cr$ z>dQO0eA(*Ku7CXp0pyhIrFD@pOC=;A!v^#%axq+v&Ew>VTKZ|`#aah92_~W|h}H_P z-M(lF2uLiCPD-Jl!l?Vihjqn|`qJJACV1G%0*9C;kj;J1_Zz`!!;sv1WuHO1wWnKN zUM|~C68@xEt z3?cquaWijgVepsmum&?fsReh&FVz~=Xo3Y*6j=e6XUk1IV!^K`+a*vc%a(Wc9#dm1FykEAU|@$Hk*~Ssb2y z>Ajz69!=m{2l7CzB)ZL4d9gcDe}0x8@+N{}967T#8=(cMQ3eyp;1C11!aFN_I92L@ zh+rA61Vd4a-8Fgw8_kalKc$b+`dXcyWNRKT$sQCEgQ~x>iHohYu^@)PH?FDojeQe< zx$W-MnJ)bXONxz+ojxb*Z<j$|sLSOb9QwP6bup?I75Jb_D}YB0Lq9U^J?%+XghhF(KI*(`B9H1u z^UW{!AIIejZ^5ZWWd9&LgFb+7U6U`Zs9}b>DqQH`jJ7s@$;->b41%UVvNuzl1rmcp zLPzi6D=}0ko<6Do3l$-}H;wIq298;Wds4_YmBXh^vaQpH|orOFlbZpl! z3MBs(-=*G)>5CTUo&Hn$R48O`a*Mb}96BHR+mGb^Et1=hWlxbIs`hliDSaGO+5$$E zllL}d$3%&5Ha9o5#xHa%vn!MdCEp)hE(SEEsk}42E_Y@8X8r*Akr*Qh!9ps5M1sg0 zGqDL^aNIWTDx;v*9#1m3%Hs{+z?ENR@n;kNY{u$+=;HVEP8%-VE4jgqZYv84zotq- ziw80D7>q^dO&Wx!U&EJOwqK~GY@X+6U-U{Kht`(774o}PX$UOna%McFPZ5`mD}{B^ zcwflQ<;ny(LN+aSRBYahzlS|By6g#T7+l{@&P4WmtLWj2ArPs<6^w!9Yi+Ob7Ih6K zl905i!=0<_KJE-zST|)caOEj6%|E+TyOdI2D<(?q@bY|cd+Z^#|bjyaQCn9^G0ARo&>s32egwZVB{nxzsUvT*3+3HBA|JGfz7*HI@ounZ8>r@^0PeT`vF@rM`$z)LM-E zS{-?B9C^n-M0ZLE#AR=#cjd>seDbW{zTazlzeLYqUEB4I>g{*q#~CC!h~2)GHToc@ z+|V_q7VQE&vQLFO{?dAaU9M`HFDF3nSFtoA;BC^2JU-bN6?^JD7Q(^B0F;L_u~6W^M>0y3C3 zbI_=CCHTO$pP*Z#l1bgnz#^HxA2JGQ4_>J6xqg_{2ZV@*N*u{Timqqg8>6>5AW?r^ zr6g+Jmq=PR!hdjXHoW^1@AA8|FD9r%L9!<6_#;BLb=>~;ZaTN>tYB5FWP92e)L}w$ zbzYrJ$-E3Pi)10_VRAd#xFR~4t!yrkF)iBms7vcsw+B<=+&dmIQJot~lnxFbS{hfX zApt=jRM>nuP_DT@ckOOYPU+Un)QZK~9Wka^njX7`h*#YZYiob<_NLJEa}`r2do+1h zIVq5J+%p!6;B~nVQPi9;3-GHKq0RN$NTM9zC^O(T%Nf z)Fl%>qBDtLe)SC`;}jxAubOaXy%QH{`J=)*V}i|NsKD4St1>ZM?Tahh7^W=$hi@(} z@~VKKw?1H>s}|as*5q|Hf*c|3Ev3mXW^zACixfy|dw6=&W9$K3iSC|Z3toLw}RD34p`}C438ePusBJ4AmY6d{V5sxjlV1Cb(SRqP8$PaHyd)_QFfg!h3ltA)jyXh=YWMHz3)rA>L;x*Xj_ z3i~k#{@o*$H!yBJh{V?()fWaRIY{u*LzhaLllji267U75lZllA{^5+xq^e=V;qKF2 zJ3%Z5PW38BMa(w`%;r1Q8RcHQe0XWvQ@b*g)VN4QW?G*q>)lS&CjW&xhtyCSy7uz` zenYVA8ydNgk1N2kbj1RLglvg#Z@{7OK>_&A`utlv@nG_eq~H&~v{@Cd7_0GF z81+6}0B{XUz%DVEzn9FD%$D}nF|WwelBiy|{@PkG;J^P-oE0jT6pb^a^|kKGp~sx% zek8~iTJJ6@e^hm;y*^CR2UIM{}2&hQ@%}sAnD+;Txmt1H$rUh?~hM0}#(+Ekp26pb?JNEt9lexC#q76Ely)^ZG!|U;2OCKf0 zsJq4;e-#CCAGwtg%|G~x&t8Wu%Hu4t$`OYg9`@_|0d#ke5t3eUyw&r%MOHN)U0!e9 z@7+6?hxVj~Z!~JqAfFMmuaZ=q%A>CZQ+l~&F<*QXTYD#fAXG0ehq=3tiAR~Io|MfK zx$=7xv9&Y(u7tDTP071{;PqI-WzI06+FNz0TW^@pLyrZrw{6!|Gp&bLlm||*R%EVKIZ1V^Ep_F;Yq&xW3(*32QzOULTbZdy(Fk8_&&!@#)c%B8Eit zq_cm#fQ|-3i)`$6PtyXFB3DsKgo3b;1KYt2lH4y07v}3=ptZt7V8x5R!UoqPF}5>h zUL$Jo^TN|ws`e0fN>72muR+Y)~IMVK36DF=FArkuM zN>FA3qFft0MBM)>>DwFn;=79v8}8dT>XfYTpaDY>9>fSw^>GM+f-H%-cB7gs3;Jt+ zaIA25gyCit6YFqK0a#4nq>$3!!C#+H6%v9FFs8?8qvk?el*qEa?%y6E`$qEqsbjNV zveiiY{QDEjdUfw%uC16^`HCE0DI{Uf?Iq23?C{SRTGA3{xDQh`-k6<7y0RdI}$jS zEKlscec-LWWsolL%{B(ShA!4D40TM~0V%{UT4#9e2T5Dr!K~y9{PJmL)G~ibFPC?u z^mxQc|56Fgo{M@0CUL}UI(4{JB+0DR*xVFgVEcQHHgazn)MGxCey_cP&R^j!tX2cb z-|zE)@(oe{D(8&sNSX-O5aGP7%^P1UVKgPP#KoasGbz(xwm8^(>#!81_A#2(gpco1 z^aH6~(Z9O28~>T+^&39j0{CCwE(RD?%fN=f(#Fn@{^}et#-Us33#wbDrIX#s`A@{N zWs2g_M(vI-)qu22{}3@JLEpx=NYsBxTHZ`m>uDkU)Jh0od;-S$IX=IX@MHqShSFQ& zIJbT}>Dl0_>XkwN)o&+oKqi(lG2`_}@Id%#j1tKC&Y(_;T~ zuXBY>-vQg1w}dbC+n>sgSprS-YWyWyE_@4g-GvXol?vuZ?!dz5qvjpNvhd!?$~OwG z;$#CU$JRX+Wll9+ik(>&WBmy)?#DYz>JOK<1$NV4mgal7pCsje+St8Cpg}pez@)mJ z58TlrHK>Btoh&IibpISa?yMHoIk zx$oEW)T>CbsZ%<(WR%;>?>ZT{49N3kLqJ1U8^+S+*0v!!Qx3 zKbdApKllA9-|{S3)d;y$_EEgxD)FP7V$$k=G?+B*FqgG!#w|2~e5XpXi@1-S#LrnK zXiv9IPRw__Of#x&Iph>lU<)^tI(=0c8cPobu)#?@9c{nywmGOq64E zfEOjpTYZj_EFGg%agEy)Bp)Ec9mwjjjy0mUi>|FGRoXuLA{RZky1CbA)Yd;lPmPl^ zs0KTYO%g%vOWIV?XUOG@-7 zht^%OdyD(2l4gJW>;H1IT#D`6aT!Lgv3oLzKiG$ENN61Zy1-XI5u*ET%t=BM=*r0wm~h1BH`94GcS;l_ShcnG$7BcKN>|w+;fpGNXZ3MPUuMsCx`#r}po@gCqbODyH1k?U&%A}*rhQTK+YUXUjJ#?c1}2Bw(0;{arYrlacxLn`XQ z!$M6HUG+Pknod=ttY)j$%zc6~PI(S~oZ7-Uux2UW4U+aMA&Up19|@RI{DULA{A4=W z@=I>WDoZ_{`1`yzh*{o>F?|B^e6&*pTBg|@KcaHLG$@^Dorm%`Sr1@N!kDAdf;X0O zqcVje(^T%ZSZekRGdxS`cj`#WB)T@(;TQLIs2@hSLej7a2VEGAz8t=+9u)!1qJEK0 zML@>O#)dk}`5?w9>d2D5W_$M|eGjz9Gg=|je4_!a{Me&psIE|Ey>!!@wkIJDbB>Vy z=<<|O^0|Q=v|y^*fKWE3Z<RcaEwv}EH0Hc!% z<-8uv;lr2*%lM=WRoB*6OnLsMs_Q>`rDPv{-vXs3Oq4^Ryf3AD_34^yPyai<&>9m9 zUMz(`C8i|=ujF;^i8KvM{$d_4WTyQPk@HA4*4OQ>w3e*!h+O+j17YT0YAs4V$f?Kd$$) zGE`H0%(iOa2nj=YLsXoTQS1n6g{Sv|>u+QpeFpI^AY=~yL^gQr+21k1{~M8kCGS`Z z&k>#gJwmlwtAE(Fqn{Q((`O!C*s2a6JnFE7t}w5lN$qLd`5kHfUi2zu+iOp@sC~C{ zw%RI?zwrJ>k~U{ne@h_T+0nQxzT}qUOC8>+9V^m=Bvq&sD?v3EXO0z5PoFi%_=b<( zl97#?gw@#&h{If=oky!iA5z37Ouj^)(8a@w;CB*mfmh$)T2-xMAHUXN=Ast`1Xq`g zD=GM!Vw3Nt3ch@FzUW4i+d9pH%es zKOza4o}8c@CM1r3ZNhV`Cwv6gF(X|8w<9ch+j_EUdv=>EMo*T}9Z{lcg?U zy}E2`Gc6S87%*OFEvm&xQ6}>^UTUg0b1ki)W!&!VeZ2p&G- z>!d%etI=aUq&$wa)(Vl0EOrvBfOd>(TOp<&8K$c|0zCRq(7A&kbP&Cz-8?e<3`VhR zA>yTXPLlwHcYp#&fPAm9>E|<;Gh()a6Exn+SOE0)8?K=eL2_0)hoG zxOStBW?#Fz?IxziEEAbFA$T^@({q63rzvpve|GJ*2EyL{efxr?jbXBM7tQYd3 zKP`tr6AteH8>+YSsGB(b7PUS;*U8BRm@?mxfA%E;U*r+wG2jR|1T7Wmuab=my6syE zWiW3!-43cL{fIDaI9b(-R*vdBn(*;@m*e~&?otZ2%TKrxx}mD=;M;|D*z(@U^@yI; zoA^L1#0ohBViIkWe0r|6cV35bxZnBeRvDKG1#4W^%yrXMMT=7*K^O0Yu}3F-Xwf9g zMp=TKeyp@rOZ-~t`tfvdpJrsHIs0>sJKqq;I@!4)hzALx$4qtb&_ZQn=*V_MI@iE6 zuC=9F4`t?V23(HEfC|Tw^}luAn{R$@AIA1*iy(Wc3g^Zogn1nkJ9Be{)6wG7TqI>B zL@moC#S4;+!XI>isW+Po3)5G zp*n0(cnc5vp0}hxb@I{C9!|-L+|3!?kg3xp_P)fVD#s)gY&314dms}MeedUg%ZlVb zAOCEzv}5Mepc`li9bKiq@s2h!eBi?Xi}d4t`u6<@zQ+H=s{}GvY}v|kHsOcdKQdw} z!Ui2!Z}1Q;T@U7PCsQpc-2%zFc#yRvH$8b*hECINkQa4(-Uc7b`cf9D==fxzN^Ojm3m%N%MdG~Eh)VE`VXC;X%pXgNzoXeEgb5840%?(l-#2(7P5~m3VDibu z;5FUtg$}atN=1F#P@`bn;Yfq+(%}6&j{c%4NnqQ3c9m2#jp(WRoWxz^RP8N+x~AF& zHGzj3qN$!Uy4#1BL?IO`s`&l21D)x?Et~IYODYlPo^n7uBPVl0G<@c2E$Y<_uB$ zZe%qqj(EAZN`loaCosUeSMO!B>-+Sv>~848hK%i;rDRzJm+7A8Eh=ogw!7{Rs5-&l z0~E^6rSf@z*LuxY)mj-uv$x97P&3J7=?(fT_d`j6-!9K2@#|9DM5;h=&BmURGL?44 z_&R2$v_S8>wUuD3cbHGNM7|n(w`q0iyxjT@e<^(EzfnEZcMRPsPnWq_@!$=^`L*@F za0H)kDS;*E(c}-zX!&iy_1S!LivTD;?ZR?D`Rej_HLf=aSdNXI4se_uG2RsGV+**G z?Apl%WGT@YkIuaFDi#hiZ5jBQuzA0N_aV^&QKg$X-PxOBj2KF;5i>fqeqD~5mjVeE zc5%vO!Y7|?ue>7R*M5{ZntV@yf+P#0GbYps4qL0LZ-<5YPhh1!v`8@hDBr5l4fJq# z4*={zpK^H<*_DT(>4eD#^Ir=)?(R78OkM!8?h5dg@3h6zGz$9e`u za!X?V_}KA{e-D93XtC|oW?L<)iCYif(GtA1Au2!<9~z=|AoDLij5&^jYhvlNr`pEQ zbWEjrZ~x}N$8f0?34`_A*8LOOl?qpjl1HT}Ba&XQ!~=L~AV5H1m;$KypX9Hz9m_|r z{+mVQA0k&U3K_DAkKyTwn5stqtV#I>xK8EDv-^D-+dNlsO1iF$0gQ2QEAb*Zw*Xpw zLWEpqPeiC^$17O*UcJ?9K3gUvSo!L=X3mS90ikge<2&1*4?1JN)EakIVt5Y2Hk4J- zhFz+mJdA)J#XXs0%7G1Kxx=#zsM!&hw3)eut83}oIjjW(!W zFO}ED&t2*`?|$7^jLVoxAn?^y*8Gk3X&={xs%9NG-m>8~pi_0jLvRSZGKzZ@d6;m&C#K*q!^t7?m zVY!eYWwphmSf-JpmY8Rd$XT4Vr=XQXy~H-_3El7wPHta?b7GVfA(yT%2%uR4+;yG& z@lsDLg02jJjA zA4ewRS$Z?cJCU?_)ovDl&W|n+-uid1y*jtr{%tGW9o-Hu?Om4ks1ATHV748yaJpB8 znKbs-cUY~v7qj|`p%%SgS-WDsMx99IJP=|D{z6Ms4k!+}5Pjh4-0lPx{fz`>UoDZd zfciVOL!>h^1wICkR%C!m;@TZs4W-^WX0S!1Up^wROn~m9VMM#!?9pRg*Y_Kf_bn=DYspw#ZSj>-7nm6syHpu{M|Dt`9RgoHdtm8E zFZ1G@S;N#txRq~qSNW^W7Q%p|pelPo%YF*TlQ^872}C6fy07MZv^4SxuOk=Dq)0DbJ?`bF}w z@4maV;=T4n1q4!F7^K~qyAZJM)M0CE>x0?}=c}9%itU6I0xPw!xTXS_yFiWwe`qyu z>qhjF?Lj;^#p#+-exO2gws4^-@*;X6SaOr;vPm0l<=!ke#>HpB6;|8=jvaTIIuxiM z_WR0RKEq1&0ruzJ*ObYRT0l7*)l`Kz-x2ccb+!Wt*^j=RRMI2TAt65P(6~lR}Cke<~ zZP{|kp2sx?3)Kx~mi(ug8mhxwZLo)KVKdDpWM40v`+KAk`nX>KJM{U87xnn+UrmCXC=bU@HMfUOqoT37sjeW|)wO?AY zJi?s~{ci07`Mx+@S@fFM+lPg^*`%Kg#nz{h8-Qo}VF>}(AP+V2-x^UI9B*TKYP~M|!D^V)Y))&)_}81+dQ@ z0%0V{fuUVUfQE)rWx}WTUh_<~4VC(K916^qwVW4RzOcyeyK%Cal%MdrnQrBm>!`Ib z*PRmbTrcbo1mokeQQhF`uzU>f3aB_6FH8Vu zw-znzrY3zHm*M)_EE^2fC-n?1J<*=F5TZhc=AIQ-rJ-9J717`(LY{8ja2WT(&hsEo0&&Nx04__j} zeE0TYUy~1KHGTOdZwR32>%~{=IAr`+hW2(bHY?&4fHtYU{Azp7Qg1<7yuk3#8=_rK zeWFWALSt3Rb2GiGrLiWFPn|?4(ub&keb}p=+4@Ie*rGJ`=;BT}9~s4GtEUa1Lg%30 zmk=)h_3pZD;O5A1o~wA>6-{e$D48~~e?&CHICyF(b=5{2EfD@ILqk9zJz_mpDk!Ma z*SeE;2D~iT1!e$1_ebqlyh@l&@>*&e>VG8L>Q-L~91?x?Oo*Bz=tc7-DrS#jgl1o&XTBRP9lp`jI%yC=hq<<2&E<6c}KZ!bhxm?;3|) z`|l+S>u6pkgy^nywRSv^y9>1p6U4k>@@L20AH346Yb`z{*wDw@&@gh{ooNVhcthKF z>Hr@oydt|OzzmYn*bIT?n*o5c4?T`ZdkKnhIzPVql_QbL=Cv9oGj9Y(5 z>QThXk(v#pP^=_uOMd2*^;eH#wXmR|x9w(Dx$Q;hOF)|(l|o9A zM7#ry;K248XzFEUDw(YAxXgoi0)H)$A((e3GlcN)6{u&7(U5k4xWeZ$H_OyX)2n3y zrnhaAW`@qDj1nEGxtxo*f#dQ(F1*A_DWcqIIbGpgR?Nq!VM>PLXd`oQT;kG|f?uQR z`p}rbC$k~fg?jrxjZJItW*}+MpzHH^HeCKFNO(y$arr#%L*shO#khZ!bJee+1XUJ+ z(@DKhkSfmZ*Shfg+TwpJf4j`T=fO&zIUId5QtJWc1iwWYJwjk<;e^CC!DIe1DT@8D(;eE)_4 z_b20cyfIGb;tPxmWe#U`%%BNJ<2-1htZOV67Fx-()+8S(j;bUne!KJZBlU75V2d*@ zI&?2UM-%ghgur~&3O_PBMZCrvUTKE6_pe;fN)kUAdL6wak)hl(-NUE7w94VrdGYue zmI_^oQB%Wwt<)-q22OR{_uFlape;*#SfQSI?=<&($^S+N3>`JBH~Zpy_Th1b~goI0XrPLhm*Z*j$6qH;z<$D ztwZ}rh}PYgBJVYHa`3%=Lr{S^bm+m5jAB2KI|9K%9JvTq0TE!WRoSO`rUmx^$4R$yF{a|MAOGU5; zcuk-SoI5tZ5T-D)I)bk8Kb2AF(6CSY)tF>x8kDL*EzV35Rl|liu-#}W!?DB#A#IUt z3xT8H>v{NzqLMhsGK6f4$Q6;N$5IouCS~3CWxwopbjDVnFMC;T8&TmR3k1eDp#%^V z*n%KTc{_q0OR*Tv$N9`Gqw@ZApix63+q24>6}%$ubyvUcEiO62Wbhi8gB8lOA}3xt zPtTE38S_&ak@``mf+O*KL)91d3ChJa%;b8E@K9B4Sb4W~<<#CLmcMfhy4sn+7#U!N z?nrst>gDCcJr?Vu#muC}Rmm?p_gL<{V{|j7ZLoVYy!}f8WJVB|;V2V_SAPj%a)$7f z*4S{qv!N3Y7VJSlJ3d=czIkv7L7c3P(L2Hkrai&rsX*-TjumE)sR_TdKT)M{mSZ3E zl_|tq1?3Y5;S|4hE<@9P%BzLtQ~`4&THLmAQuIbcgL+}IWmD}d*I{vH3iW4>Sud4X zcFknt3%58`Vngy&)=ai*hiA@-R%rc}c{go{% zYCP%602$y171d=X4G9oSE~O}*=@#`^(Bv12RP(k>kowj;_-NV4Ap-nLXC|>TL$Ds} zUA5d3bG){(v+jBzjxH_uoX|OY*8{8ABci1%b8by$PbKv%`~`F}ui{udQ8{wOpIs^6A66-nE)NXx6; zh&)%c4ut&Z7(I1qJq~8j8zA;P+dqh>lUoTU#7~=lewZSSI`z7_IAOFMmG{QoRrm zYMXfD$L#5%a!_WH@@p&Vq8m12#<&2yGJ+0+e8;BL6|y{_&F%2G`X9mnt>5&b@%{e@ z{+rC4=w>X3_t(|QSkU~#-VTG9{P9f8a|lECD->XfqE^fHGRc&#kaAS*4IQl@feC;I zViv;pR;a@F9fG?pFkQKTI2S6;{VHR2Z}Hjr{$mEU{iou%)isf?-?}G90PL0pn9&|z z$(ml*Y0RlUyf&_Q8jDtZT6GH2NbKQlem>XXkMG)Zw^G5<;2r_mTw!Q|H79haO?Sch zL?LkEVavkA=f-K0e;T-CyqE1h%)gP;(vfujEYQs4UE!7O(xl z2fYMU!JTrejoSN-oH|oHf#G^104vM0@~~$H$k#Zhrwu29EkMVnEH4 z9|R%PGor=(sNyYDi!qSIceF@pN7y%o3CPaoe+}ZGO5qQ!zZXnN zs^865d#PEX?SRw?5U#bjf2InOc zlYX8}q10L>!gyI@sxuxAqsHCDnDf{~1Zqz%hYLES(d0_nCRRo~*LKfv$;Jr&(-I&x zf~-)a&1=t_PLXVUV!Ehtnandm-Asdv+TXN+Pputs z?mZqp=iVDT2#zr0j7(~C5VQu5J!mF1RF{&aPVvzQ;lnD3>O;;(6n1Ti!`f1A# z!?xAl#`i2V-^mH6aWOnp3Gm8--NW1uCD2Q>$Ixh+Thk5E4m8)kGBt_gSj}jzm zfy1p+@I6TYlE$VCD^hw(-$OZ1eKg?FxhPw4k$_;EcAov(D9s}@E?VvCU_uA$cV+cS zvpH}x_WHpmHs;8WFW%mU+wsoeTmzcb1Vc(eqx*LEt~juU_6`R22^`)d4h|sqrfOX> zxP}$Aax9<_>oN4f@1`QcH`m)rBa(C>5Z8JN^;SJn_M0sn4$~%sVjklbgoD&s$BE>! z1M^z6zZl)+wdn|Djli{5DGT$v;n*zK!B39H{&lYv1Y2Dr3JwNs|hpBHS zt&;N?p!+gZ?~07N1#&@eA9W{ZGP!xyFLg}H#@Imut(1Dn!pUFLt|zzu*uP@}c+$CB z_$J$hb?V2+Cw`sx&6G~qXsXG@g1w{{_D@Fm3rSO^+6VOuFFyhq_Oqh%55!WMCmKB` zGN|(5y?ZX!IGr2-$Fk+(uo~V)>!3M~4rCw*AC?jP%L>oB`S;Fba_Lj|*Bhvnk2pX2 zU!yY=z-<92eiKF4`yD1F-uSRp9ZrLkjMs%;pX2QqPgMxnM@0(3ZfF1mV2v7@fiFA6 zDysOSkj!`obYoc#N;564Zb@ZBvPj8W<;@3>Az3K%^IvzFI`oSp_1xcIt4VB5*l9>w zot&C_IoWDsqwI+pu+n!saajmRPtWYv8jMy<+=^8d2)Qgq?v!#OTW%-16+ohY?rJ5QL5X*;h}L5 zf)mfXQXA)$g%^Ap^{k?~Az>fNl40nZPim4VBG)xR&CH#3l|&?p79L#uW8z7 zp{3Jur>6^YuJ9*bD_c{cLL<+kUnLr8^)1vry@0?wPUpJJ?(dDEcxN{Cv8?F@Te5+? ziBD5egZ}bKO~Qzo^>^Vsi3@VizH(Xql)}?I2z5ghVuNlfn?VyHgXPL z$)<{VH6`!ZpT?#Z9A)C{UoD@h$mFFT&!hV*M%!1iRsHi_FGUKKE2063*}H%BrTDMe z4eTKJ@Wy)Bx{zb~t4=&O#uX)e{MSzXYLolwk{1nnMSSh*FHqSr$Qc`p@_#L&o%kOS zY~(l|N#w9b>0Ge=A>oBDZNb~(@OJPB@Na7ZaFz$p2D&)Tl_N8qZtl6m=@mu3K?PgS z;9)Xw24^1OrXNSm1Lg*IrhGuJhwhw)LN8|PW8gEomif#EcmElM2Oq#|juS{Upmb81 zdM0lyMMa3=th;D}Z#8a*Ki$gIQ90${1Nh&+Uj7H9)qf+eK9wKUi_Lil{xf-T&MoZt z9}lja7(MY}sM{oKI1o{^)wwvi*#qi}ZzSLAz&o?0hUS^at_JT4mk&b{aJrKTpS-f@|4jYgL?OOhG;z_lXs%5y zpUHXc8nw4|{)Pm6Pfkv8!g>!0w44q@{*c__2kgVPi;DH(qfZWVzYzPeycd)JYf2A{ z%{`asfdA(DL(;1bkcAtah0oR2Pj0NMNnNC%z-P37NY?V;t7{ThaPkWBXf&{P#uNzqQ)G z_3VEu?*Gjo|7MW?pUohRsvM;y=@VXz&Uxzi>Bl%&D^bM(II@0jZv7!X2rQOgKkSgTM`7ETTek*`F*=Vb6v{3JR zsOe$h;7D4T_^an>WV=jM4TG31W9&KYcf=d=RRYhow=?zD}mrNadEr8;RDyCDtw!c@W zj}c4GWhQ{}wb)oO<;1n*;T<$GEv5v|Ws+)#WG&-vFWqaC=nMM1{+W)n)Nf7E_Z!?6 zs(1dJI8FR{*qjO2fTf@_RJV2EFEy^GA4A5ovt*Aq_O(p5{sN?W5b=mUjR)V z@9QX=I1#jv75MYJ(gxK)J@+M+a*ME-ZvlmXQ5n!lT??ASNmKy($fiAnF%F)_2sxg< z06L;i&eA`3!s^bS!ye<2Suia?hCj6;-r}@!O7H^J01dJ0(LOx|T?(c*6)djZ?V|g!wIGyi0@jS!^#%C|h3neI+H|1#%Y9G+q^x7#uYQIbU256LC-wN}~XF#*Y$G=?Jozn@;pcevb6Fp8(01A$t0U0n&Z?s*KAGf%?2!(0k)u8144+$dNkgO&98GG`AP zgH;^ML3rKOX^;>>1~b*6;BWuKn!%~|WZ?BLleWVm3HDcPZ`68dgX*s?+qY0=XNR(2 z%VV3(&y@+P_|{T@T65pmX*q_it=8zrj+NlJ=UCv0k57+4ESFIJB`TAtn~xL2s06N) zm11a6bscGdNgt0ao*Vmldn)iY=C!xaunVUdyX!GG=+uY5S@1)C+#U9-WKAS5eI6bv zSQvwmpwq_GlFzjJP?X$g~_FqMNBb9C{qQG*FhNY`F1d!KD4_`)KyA z_4E2y`Ds%in!pji!e}BRw5o$BI}%eD4dT`;+9uu{+4E5!UEHor`9q?n+fwOX{at9` zD46sGDSyZ#kKH>WN15kv+#&++biaFjs#z{yDHS%m7D!n?8Vjx(d4`fJzh1KY_Jws* zl4bW*gH1>!z8_aG)+~2^cRRD1A~xAgqUK!T*68oI>(QzC*lDqoJ7HcC?Ui@38dbgD zsprQ3rpYuLvHl7el*ge{FuZNaOPmP)U3s>sYAz=+TP$zrp6BnHH0|1YyO@~LQQFaJ z?H%?8JF1N5ti0KNpwhzKS*_%zykB*!@-fxM-eVFA2^__G zW#k8WauN4{TnqK8c6aB2O1Hf-HkyYGuP-T`nyh9NZi&pzS;`Ks>LQX})Ye37q#8dk zh`nq2Ia7)BcA}QTz2u_uLC9t360YSU`}f1gsDrjrkH;8DXzIqcqD;=x_O6d?DQ&T| z`F`1T)^{2=D=6*-U+x;_XbJhrTf-c9>mp4C&^Y)l#^YRFS~1Q>XB#n0ANeOdJNuQ{ z!)#4GxNO4?0rRq1jY6$#i?fYL!c<}>uu#RMv{78-3u3K9H^z`Z^gH5~R|+WJIXw&B zymStNXW~54n?4MYM(pAM>JCu|@6f?Z3zNZ088+4p19sCTqwT%Ns`m zLM7*Ej@^s=K?8!6!JBy_)_ef)nh|juZ*7iuSeAG{TUr)Vir=+LZY|p{)x+}F2HzOH zpS+9-Q?ZHWxtHPM4~WWx!Oj7Koo9jBSbCIER5{d-Ut-Sl+>%Z~qmY)V#NS^3(;S}> zD2s71)>52m?6+|zm?=;g_6j@HHTRF%0ShiYODoH%(i!mC6uYQzkyYIygSb*Og>XIX z>G?w<`<4su%{_&jM{xtZZ?yxYs9x- zVDdDmN<-;CU_?&7)bFJ^zFGcI<_lyxO6oA%Q;cbVo2KJTz6(NzNVyzcKH z&UoublK?Ob84*a6xhfk`x&@-EOL8mwT~1-WZROGLLUT6;BECi={kC3Nb@;o_C1nTd zPi}1B$3^9_*0|cytcyf3q?76IpW<$4SdnKuziWyC8?D1yF?wPBv}fR}LqGYUOD{nO zH8ke{w8#hF#ILW$m@8p-CVfW`L%{ETEz?*)CW|+)>;$@x+-Rb?NhSwqm!om%B)YKoH>-erDA= zG?P*WE%9?!qJ5$wTyNq)luf^-xdj>B_wD+%AkHV305H`NF?_BeuuP(mN;nus+zA|As-bKsb)0#+78G~sQEa2@Y?&h@0iFe@7W{0X}+Mu5SE&<%G%1jwyRfQzYjSW_2D`WR?!Rr1mtPMXPBWFf`>1Eosi;;Y^TmiYg$9-h_a1+Y73l^s;{{RN zTt5+<7`mKU?yf=~+s1b@LGeS`kGBo{0n9~EK=A^9f{U)K zmPPQ4A!}V>E(LR%klclt8$6yK3R#f~A5=|0u_!!-)m!e(bJAp*>RR&>XfDc{8L{v# zkRayuS#rFSza5HZK&ri>^{s7+NkyHJS5u71TMp*B{w@l?!3Mw^;3{U^N77|cZbTH( zT{Q0`l~?B|pt-A@1NFXS(R^#_*H6Ctw9~+foL<7FRyATRHVXvtvIu#64HU`XS?ZxZ zDs3VmjijA3e`geM(=gQP$q|!LhF9ds zc%_n&+8r(r+T!Sa#j6uKq_7uwORO524Di~PZVA-9%ZU;Z`IO+86hWGy7;Y%=;vW0M z7?HaVc_Kwt;B)$`OC9h~Z!0cLN^7VF%(@hC%1qK~v}FICesgBC0V4h^y7s%zyh$`ciqpRhYvTqag?1sO)UQ=+GgQZ zUK;4`Q{n<9@SAIi6VWpnK+aWv)MQJ$GI!JMx}6SXQkZA8@sKqW-0=@dxYcF6ZaG0? zRAxa$mpE|0R`y;^52NL-Y(;ZUhvd;lfUBe%{_k*AMW%F!yA4uU-9VRxqlx1+pI zFHqxYy8ByL6gyuOhbWggw4;wupXQY5hB!%M*7%}lFWT&Cm0QUM8*Xif)%^8rp< z4rU+Wk0Kr&a26036l|FJ1Zy2p-NJJ=r_EVCykx27HZsit3sQjGxcqCWi9EwRXn@t9 zbV=9BW4SzPiH68;VzpyMiB_2twnErao92 zlwobl>Vj0KH*0F%l|o0H5w_DkOSPXrAY*-)(#LBS^s0MJEWW;I3UQH5q;Sd*f>Z2( z6o(ar-+cvIF`XX7DX}L!M~lFRZwW7A=Obd zcEfT>I~nuMEyVw$*LM@0vwx>765!VgJE=aKU)nZS{7SMOcaRXINJC`yKZ+n?PkBQLC1Wf|BZ{g z#Yvw?H%$Lr8AgxM`9L2EGhdCNe>(B;d#{s+FQ>+pmmhC$GTJf(zHMgkBWY z0vK@a+1vr^=MO5*J*^;_=?IO}idzfa$=U>L^iw@@;%8TrPb@+>blykKc$+~#lFJG`1-Nh-dhqnT%@$3-5C&ukrV?M(>UtXjE*Oxye zcZa~|fQ78~7dSK!oMsf#YISF{CO7*IA_r$IENZm1^1(Y^dm!8f)*6ZN zMMd3xcqbA&bTx1oN!ILyV!;%KDtct^q*h1wvy|5CxgALctA~Gmszgo*ttbCowm;W} zxYmrd+YA!(axsNHE}XlCo=p8g=D|`Os@&H*&L^7tP>$I&Xk6DKHhuMgVuvU?PN2!( zH8Qs18_CtEp_LUjEOX8MC~Oo@b>}ib96*F>=0lg-@H@G_fnQdb7<4(;Y1eqgXAaKI!z+4*$MrYW~QJd2hb8}B5wOk$ECOoSQW=8zl7rH`HPw`ew zF%ly|L7V}IJ%-q(4&>GR$!c{^e~G<%Pg-5^6WLNC-!9OCBXBEbS}S063&6s(PV9=x;7pS-Bq^J|!&Pa&%RT2)Swr~y+n_44m> z)}6pxcyyj6)CZ*+@3TUy)28{|9B(AV??0EHY-BL5=ZbJh&}QbIgNjrM)Lbv|0mbJa z%r8BEmbNLNdP$ffc8|1I`m32YP5K1O8saMc2mrP6 zR1kSEIx*6&4*E(1I8F0vr*!=TX{V32y7L7}b7UcLUqAJ|! zQbPR>rSt1P`9_fe7#}un#X4?dA`4?2SzYS5^|ZXGC8&Vg>zi^fS4!rUbz^hEBlkYMGKYM9wN_+u80gBcSj`T1WtA`|!%l{!+QjWSSzax@7+6-CY_OPB* z6v=a*tV>0P6Ee}74{T}0GH02qt={myX$)5NTRt-m!;j&<;-4=Ski1?BBi_L;psd66cFhFjAEw|eC(nWEfvXOf8`-t^@Co8dWf+pZ}(TF+dh`D*t#+ms(#h?yT@?7<#PE)kxTT$K| zY)Ig%kU}lS*j~f=*MDWIT`!xW$<))ekocEpoXikjYIUeJ?t@=D-oF(jJyMgdMRtEi z%x$E=OQ(6H;8DEV+b@@rJ`b7Ygmm9ViYY!iSFY;<&&r>)^04AZoB$8BtqP~&f`NiO zCXMnPwltcKgx)C^x#*ye)N!8@)ZL?Ay}r=QX)f-zzK)M-?(A~RJ2S_Blj74al`?t45f|cH52{$`@6_5fOBze>5pt!%e&5 zJN3LK{dVoW&UEw!pU9!BLc^*0jpazu6SBOV=Eu)3@)0CXx=v%xUftbhHc$duE|Tv_26f8Ea1#Fpj88e=Q7^yISE z|7y`Id#s1u43&;U$DwHsM9#_fkh9>1q~^FC6U>Wx^#u6P~NT_MWB3S>;4xOO0_K@GLpd&v*qR>_(7N zN#2q}!l>p}NVlx_>09nO8`xLZw{-pnd5fJq{VKLDjl}SkfSa2gJObll)h&{}iv3aj zy$P3ZJ_|~T?=d9*NU0-$s)t{KIpejk@*DoV;Y88Vnz>@TC9#(DKE<6c0EIz`lHMjGzXHYEEXwzidB~{NgcU zpVyWOvf@4$BUoYuyLBSX!lPl2u=Wp<#f%N2p5guNm}#yz8Zdr}^yR&9A+dPyK;TpF zYuSl%dtjr!kjRNVLh=yI@phO-pNjQ$J zPsU=vmdk|)qv#?5M+#7tP1$zY#yyXh@;dDCZ%o;<6)Y}E76L%aGX4&LZAjlrPl11r z*XazD8?G+3ynJoe(prV9&BXS~+vyMS!DLCxA;TjM6+Epf4)e}uh8Zch8+`mBlxfVA zJDR<>RO-|(9Y|K^y}!)1F|U1Z(A~;qc_@yT5-1?h12si*=$Oi+m&{d_{L*=d!uP9H zs$Ujv7OnlTr3W7DlLbo#w8aLgiGF5@P{vko%I|py4 zx@8tG0T7=@VPi&glX_g^AiqxjC;M5~=2)NDiN!PpaiHoDH(-_kYzo1#K+wuG9m~{| zg~+CPPTg^puy_1|UX3-lWj!bodPmz|x9{iiQ;|*h%no-lLHcJ3mdy+hz6S6?er+@c*x$&eWzn=PIcUy>#%k2A zy2mOWylCM10F-hvR9x|pu0;lH>^sCAOh%PWiR0e&s5#+LDA?zu)l=Zo=hL7ypG&~g zwj)&L(}obk48)^PH#txCr38%Z6g) z`%&SouHIclkpZ~QSS~Wirl~GL*zKy+_k9Wtil>`JH&dhBegb86caR)DahX2M&(p8G zgPy@@k+&xO*PE7$w#SRci`#ZYxD$ZA=yoP3bJ2ppwi9Juv< z_kO~ft!O0O)^x1Wi!0ZE=R3Fr&5fuq|C6hb{I6bXG7>yceRbeCa2RojtN`_2V>e;Qky%#g)-qW9b=nP_y z+XBasEQ-dMxuF6Xbz%bBa#571D7 zvXteb3NG>_q`k5GU&P;MaG2*~OzPs!RfQGT;?P}|2#2J4^x#FqizZ1jW3^RYU{Zj1 zU7S|Rxqvw_Qlm!QHM)QJU_-?{$%#!4C@j&S$vyM?y8I?s(jmp$_xY zCmhNdmd;*k>d1NS%{+JHHu%ppvtEJB(kzF^)L>U2SMaNkC%o)$+0@jw#H@WT7wp@- zw(N1px|;FHG-yxSIGo^)-~Ok%( zsk=e)OF8pSi0MU>m&ufANc$44r>0MP43}=pc$pWuK7rojHE5vOz3-dFnZ7PW*W#Qt z@-%lvq8qK#$s^f}SHbGH>)}PZak4|OWK~^{m*1v~_s+FKd&quST&(fGJsK|#{SEY; z6M*s)rhZPa1I+B?N1l?E1}%4Em9u;P#*}~XFbiXHm27;}-KS#TPlY99rJNb>(&Z=3 z!-q-!=1{WjqtKkz&oPRkntk(A(JtlABXWlu(L62#4i~u~vRQlr@1BB2pFSYJRvHpacUR@jqQFHCksSZHgMJ0V z1U-5*R%4RcmpbV`-Tw0r$-?JNMqXV$3u@7yI6sjjEPbpZ?~2wn`fJcQld7@b#oum3 z()1SSl9#_#de6T}yJ73vZ8gyi5IT7fG|r3S!2V4042uZ&LXimvy}pTvSa%x#I3ms- z_KD$vm6G z6Sn*PYejRLWrYE=NeM=0qXQqO0_hO6lzDfPXJooJZOo81Ei2jgoG$|L?Oa+?cWw&X z+dnYW?G?x%xzr3GWUB>#F0tYxV7FGvfr?#n*&%yQbsZvN?Mv6&3c~cKWu_1PZ={r; z(Z9-Rkl?@{wZiFsd!XpKcfIB5(wm=%OKhq$=DkpVGXKcu#x<6=Z?1Gx7D4Gz;qAys zRw-vNJxrw#8cbtv@O66dN44n89RVdDz87@&Nxxp#b*SfFXIYa!=spO}U^m~uQpHqT zDsI;e6=;PoNieh=&sr$&)80yh>v*`Xp?WqyT zg$^z!sCT7!m}lT3oL25F7j$0s*5c>lv?V>J$JVN@5&}qR>#{hr^af^ zhM&$t%nbh1)m7wwV@7HD;7EZ<&}ORWyIInz)0x-AnR&nG4 zrxz=YDAdbWFuPLcN26WBWDKv%0FRrYxcT{fdD-Mlq08dzbemj@ zpz+LMlXXh!;(_FL%gHFN=6Ay}1zt?%4{COt>Qj>T!j%OYo1qdKEfuO@AD!Dyf+;AwuU{x?Itb!T+m>_|;Z4N|Sq zxHcR)VyyrR#OGtlesYRU)U_{Nv2wZJtySORY7)xnoqnA!s=1_tDxOiZ1m?C{z90|y zQ|AkSt2WZGkZz_cc5#o1V+h9ynda>$Z_`dnIZUD-lM{dg~erO-S)f z0PIvHu-q>@ZoGE-Vf;hpCjuCWU!9n6fe#-DeY_+-)rW1O+Fx&MlUI} zxE%Lj5W7lU@4sl=jSzshDTu{I$msl-d7S4gEC9A27q{qolHCSQ z4mC|txL>wt?5(EqEb_-!r?IcL^9`>vM)&qp7R##V+c-J}uW0AlF{j8Ddo7s#A@Qg> z1SRDl__6RPuw!`;5bOcj7Ljj+V3^f{u0d25n48dOydGV9zu+QCJGy5>un~+)Ax}E@ zD3|Gv>0b|zb`};^HLi+5d%2YA`B{4IW{+_H>k8Ca)Jq~D2_!G1Vjl_e1vo6nMS*U+ zoLQCT5KKq7o=thuOjg~mXcaJ$&r{rMs1?6dp`eW}65{QdxaEo^cnyfbs7JF^mS@c4>q}d-8HPYvzgKCU3Uw zcj4YDmWcYA-t27^6yy+O=YYaeYn-2!*fFpBu-BD*@~KVUI&sDg8y=Y%d~b9U%eS31 zyNyHC?bK>7=u`sX+#&t5|5Z@;AASCRF3{74@uXKAW)6dHn8A~^Oy|K$ABwQ6&NGMcJ zlI0EKVLQ>J@Dp5m^j@zRb>HR|z5jPV!v*wn>cA*U%D$I<<%%Cj;-ts7pBY!9g2Nc0y z!(aGX=@6a;_Tz^5J&TY#Z+s302fw-vITyjy^`@m=HPIjuENkXPC2pxQAe?w>$?gzY zMVO9)mvtWy{*WNY_qs$@tmmYjVy)`1M>zk{X8JOTu$s9j2t_50x(~@cJSlWdWQH~1vzDNLWD2vc-ydS@?HZ` z!`s^M#h5V^1UEDdUa_2a_PB`JL-@=gt6zmF`XZctLDorM_Y%F`yX2Z?jSnv<8s&7t zd1=8;<@C_5Zex4|Hi4dXi{VP>Fa>-wICG6P13pnV^1y6DCPv0;QOHEK5%$KaoBzp2i9TgayW{!ytiXQb&a;y} zB$iAGo7{pbpE*Fi2F$9(V1{p}X1n5UCsCH#o{V1A@NlcDU{Fjq5$XkZFjJ7**C3Bi z$kYZGSux-aB*2HNl0eh{Q&N(`i?mPG&c=RQY2k5IUD7jGcSElqEk~+zSH%C|Bl&)@ zFX_XCUaC6To5LtrUnIlC@^?X8V>0x34cJ51fTA6J^R5%5bIUu0MvEU``2F9m^WSOj zrzSbD1deo(_LqNygF%vbLod{Vn#rW17t4|J;?42rgB$y&)Y6r+r`dWk0(Hp(y#ni} z?1v)O(^IIWZ~`|~8P$`AR;a*`nQs)mBL78I2bcl}#tJJKSrTWK@Itn&QH=p~FUutPzts}(K ze}Loe?847fWIVxi1k#nvPz3d;BI)uu=LnQ^Rz!gh1?4r$B;~LWbloZ3;8& zR2Y0k2BY=?#_1N=ebJI{wVmlSvvCT39lCNP>!x*nf75M!@Lv4n4_7%0?_mI4JY%gt z<_Vc`S=rAoUTC#(pbT=ht8a*Z89}O`y7`vb7N|$*TiKoK!I^RU=%Oy7 zeBSWOmb!E3U5yM{yLVSmB>Ytg=>TjKa?THPtQh86=}N;MnT7vUC9`jIabg`R>b8ps zo{=HD5pSS&xNd07EA-6WD0RbaW%y)h#=m=(x1;tee_9n1o`+uz3sshe9}^`t6{*fScj%bvJ|{K{cYR#whM{^|8qp*VivwU)Ijc zULlWumsO!+(?d|Zh)3Ll4y{HnT~`ES-K)7(*+XmNA@{>yjCUnL*5BI(m5B#m>h@7Xi0OyU~ZY;G+IKB-;S#GyKg=cX<||FoK~eH z9P1kA#73LVA4%W^JJ*xC_i|Ub%wH+)UO9I0uO($rn4z5$qm@3|$Xz?dZCHLH7 zu{IwXWQ(v{V0WUV9Om#2ea^)%;3kh)h8lN6c%g}_Q_+Cyrkzf3)u(qwI=s--dx#~C zinmXabt@kDfBPxapYcWKbZ5jqa2muh9LNO|#>?bwyI-WVEi&MPRz7{PSbz1SCf4)l zmd6(8h^J&maRMH0U0K)-em^UU;Klo6_qK4xY}YIYEAgN{)7$llTzSc+WqHY}H%L=# z-jT4Au^h8(wuWQtTICQ7FsG?}Y{}GcKR2E`HwM@4-zkq8BvJ0J%RXQC}=~^RvaQa2_ZyxU)8mw=V9y?i*aQCu|5r<^!YQdx+ zu9+Ra;#YX1me^&iIiOUJGdNyguwywt z61H8D6KX!tgyyOo4BbV?v0h9t=;Vp|h)s-g&b#m5?*i`1-0zB#5`J*b6R^z_n^hOz ziSmTU8Pki-nRFnY8Nu+CkCeYW%pU$m=w(QbeS3xpwC84@igpH9g$FlloZnsw9BCvr zl`O*4#}&mqP^JWxi+o81Em1MKABRcrMW{fJ{vX!fGpMPy{TD?k7LW+iTToD>BULGh z#;D=aGblI$q);ownS#)z)8a`E*? zuU&6xOZ!-4207Ud4EY&UzqI8XepVfC1>885NzP?g%9kl#zcc-uvgFE(Mpl9kt@m%o z%;xzg^Y?BKhK-X_$NmB$22i3*K-xI2*IOo%B924byHvt;= zS3XH)I9k9Us>IHHiH$z-u)cm==BFcEGFFVsFH5y+)cZwY|C;yNwLQ6JfgvB;i#kBX zul$7at{&Nr5~}*XZ?v;0Cqy-O6>%f=&b^aE?i$!tptvXk0J+X0xlT*y;#=7PFHa(? zAfldAA0UaN3^Av5h% zD#RJBvL|pCIvp~Tq9gb$;>`V5So7HF1}qd32%5DfXVjnOU9>^!=pK1`a+K);cmMtd zYf!Z|JvD&v`Sio$`wmBkE`x}T{DGRuD7D(Et6v)pi;1<@0<|1 zum!PyS8Dh!^}O`KyZO#gwZwlJT&a161d-Q3<&AdSv0)S-lxwI#$Op6?*yzGNgp?H( zG9-L%A?#A#Vu!gN zU&D;0z;o66+}V(r29fVzs2$~jSa2nFO+uvR>W3V*GvcKhGS`K_~agg5W^ z;JU4M`CC(}(;4<$%+H|mD8H#tE1Hvt$h7h>2aKZECBm6)Sqr;taWmw(+Ql+OJsw9( z$K;!RdvcioE%4JXbJ5sjYEwsi3Tvr~ZPn(cTe@eF|pVE{YUK_WnVdPCVL=!(Y<04+h@X z?(DFvag0e_o!)ln{58Gv-f(BR25P90K0@dZvc$#7G8b$;W zD_-|wT3*!JC?jR}+S1Y@|J2QsYpIOScWsy%nKrDWQhs4Ts7pvqigg(RV?%uO-b-H7 z9(`I=rsI+UQx6+cm=ky5`0VcV{0jr~(Crqm8lZ3CqCF*@>lj1zL(e*2T7{dP#oe5~ zBI`pKlzJMYrfgJs5qQc583kbXAf)66mbi8lJ1OYZNrh-{>a2i| zx}^@^C7FYe#Ji0CLhN^|%Fym`ZG-C5Je2qntmn;=;YAOUG|w3;y*SHj(TrOM>JcZ` za^OTCBa&L{sWt)H4dR3*4V8cE4k+B zi6y6)2Bl<@k}OEj_An_65hy!wMRdAqb(nSVeQ3ZZnq}*ZGk(@OV;j%)TKVL87>Fuo zwPXp@j9mJF8_w2LDz4*u{uaTV%(3$pAQohi=EUGuAI4?MN!PU9!-VYJSgzLmJ;LjQ z-Ie=~{y2%f9$~PIHWl|r^U%2vajVRk5#>n1HGS=t6hyFD9WE;%{i+ZAxge^K;1tc& zr67nzFC{c|C(uWr->MQIs>sJ95YgW-&YX5%gu~6D%wqkIonPkXm!y@nMl35GV?Oz$ zF&8*AafP>ZRGRJ09D`=t3CoEz!!=R* ze=BOSe5Q@#Bt`>LP6;HY0i0NOyqC(b5Y0QY^Y8WgJaQg?vyyX3T$LiP&Y>^Y(C_u0 zehJ2n`C6jBKSb*Ey{4n%+G6mkL<=m&9M4{bG?7}^24eAB%iT|cAKb~aZ+KpGrA^3>TdN`BX0q)^VaBAH7dAa!H@J9ruO?HmHXhGSA4a`~JD>>!0NN3ds+=BU1UIPW%=b z2zMDfWdCJw^ofRC3bSs~%opI+&Y{kt`3zRSz;x@%TEIa!YMP0ii42Uljkp-J*uUj8HB7ZW zro!;Au8$f$`u>IW&tTq3`b_d)iAf|jwP|vRLutklr;;Wo_6Pu#B)L@T8>^nJWkN^ zx;AmtpVcegm;9u!`i@L@;Yu}Yt&nNgRLvF0r%A{)iu6NLeiHG}c+w%N<0Z|+u*7}d zb|YUp&?SX#Di!_uz}ct>|zl@v}EAI1tb@Rsa-AeVhuI3r>}v#r2X8K(mJ%{Tn;o ze}~h8PabM~%6n=GP_vo{F|>6PufKUPRr=mkr#+RKGYDQ33PCRiOCrJuAZRuY!Q$C`h5nS z<{6v1NpQ!lgU_rxP)@W9=86Z5V-F`syG&Z|ZpU2NB9rE}oq<<)2dn({3|Ff4Kr4@v z5erR?@zn(v@1_;l4)t7{#$sqEU5vy$9Z&OJEfouM?BGo~FQP**s=mi2HB|l2s{p3W z*C(dj?!8tg+(|=PAd?Bmbs9g#lPct?Cf7J&2c6JVS>=vjefkOEoP7|6Ut|@kmhnOi zXqTSjbk838NCFdr+n}?orkO*NJI!I}4~W#Oxq0$!-md8v^JC!~N%opoIJzGs;hJTs zG6-}VFk}r!vJ$kI!xAgqh2Dm${oDjP(Cb5)P4*2 zpd86Vl%_C}ghBlj=vDdAC5`qu?;?SPd8^h?Z`TY2Az9fz`ycj-_^S7zE7Q;dq$Uy8 zUPZZCQBm?n27c58cWg=9$}}^J7ORil(u;~1@U7&$b*(MY^sZox7jkkR3^eF1`UBz! zjt`V>Vt7{#O^fugRsdBPEd1_eLS2ztPLK@wpz)*A9D@VjbO^1G8xwMD>a%0nm&|pWenc@xOnwZDgAQgc7_jmjoG9^NiJq(YP8Uj5 z1!@phD_fjWx^48!)v9_*xwf;oq`0|Y5#UA{WZqWyod0tFt8_y7F?M*?up1>r8p5w7 z&2FxSEw>X^%ZhQ6M_ETRDxnwT#qWfC)SZ!e(orquD3mKL#ZWkkxG9ImAw zSv`!k`HklUno*0b-8wQx-t@1xwfYM@Pr<%W(D#Rab8SnCvb#xnOkeP(v=CQON9p6p9DW4*Q%Q~ z#pyfCMl?^IpRaJJmUxaKER+GH#Aob%Dy6SHAVg0Vd+)xqq0aA+MSxmW1 z*>9h-O9`oXKzR70e%wpm+kW|?&lN`2id?tyYtnBj&G#})4CY%g{3_@qU>Ute@mW!) zDJDI_d1|4^?N;OBk^8!htb*lJOzhh8>DTT zw7;jaYJCE4zHCW=v{12Z@5cF=$oU_^j{L%&egCOS6$oyDM*IzK&k-a~7S&~JZ0tWp zpoUH|)f8)L6GZ-~5*~jLoY}pXs_%M1{QVq650FiuC_{Q0XkjG#gz}*IeSrUlnP-}g z94!VdR;cg=*gl2a`mST(oWm1G_T z_#OAdZVXVtvAyGafE|Nos$St=G<2gzdu|aFw>ME zIAc+k$5um3g zX?3GNe*egxEU|pp&Umf%$=xKjv&;;>fa81(%84kmJWT*5_@wg>9RsVZC?z)4W5<`& z1xFp`im~y^6r|>lqf_1Vcsr zByhI5;Lx-DM~KIs!3(kNMXKAja$b=8T-KXI+YlR5Nm*h*WJOm!q6nkdh*TT;( z`~TB>{#CC~_?Ma$wZUQ0zxzp=7YM)|gJ_h*Zb|9Zk2018;iB&1jhrB?SWu!gwNfkNV2e8yIz!b#-1no*kxnm z0$bv(VFC>>Tdl+JfXm-5G#UljvK#eU;^e0eQ8N3ymby|A2se?;%6s_sK~pA2sNp}Wo22dVynW1iYb(}6qw2wig-FaZUwWdSuttL{73NoKEa z;s&m-GGwi;V|y_j{REwd!IO?`%;@3 z8g3u-3|Xg!Dpbqwo+&|IA%de&Tr_EtdE_ym_ZPs%Z$K}&DGa%$9`0~_sm*NRt0;=S zNiJ16+`=mQJ%SK}|0+2kz<-R58RP>a%UDm#y|;u7Nj7eS|+SEoeKXd_w7@ z+&{p#S^fK!iq_!aFQu}h+kNG{`U4sL~SBsgYkL_6KQp%~HY z;G5xR8qQ%;97Vl>_`A6}9gb3_=~K!AR|kXJ#uj<%;Wq>|)atXvgnX^L+4?fp`SU)d zd1m>2h?q^CNUvwfdc9(J4)GB0jgR3O{P??A5XR~@ZS)9!ZI)|iG)?MKgSkX%J5&C# zLAUvYCX{MM9~B^{apY6=iIB_?IOl<#o6JAag_=&^UfcDq?axkkWaGO+4T0;OtvL`H zu9D?daWv>L^PA+M+L-r_v;6hN9@6`TFK^}4gwE94_j=E_FEcxi(A6l@YeI9Mo0GcK zT`es8S$o=a{eRJ4d8k%T09B+3iV z1Nt>>@;$k?#A>TC^dIh|>(6>xp2Ha#9QnYOpjpsra5x5N0d57yo6|240eVKZbtEzK z5_RVE!^X3k#?*%y;u3p1QvDM(s=7z=9Q0lkSJP>hH{PY{oQL5@i$zxRFf%vEyk_QQ z+xB3YgYJ#{!W(X1Uu=Coe^K?b6)qrePZ}7?^l9gT>UZ?a@-sMV`^&KOlc<0}$U(Pp z9&-7rgJXQxXo-nHT-Z)AWEMO#x1 zXt5lkYLjgfu$g)Fu32Qnlor)*J{Ufv=)2`9Aze`J{q!L>zh{0y zPk=8_c0&`mtFW*>d{vfEzUw3W!n;tw941=m!5Lpltm^ zMbARrsRm)RW~y0j`ttGe=)VjwU!|EHBpQ%7qg(RDrjI_yPd9p}g#GV}MKpxt5u(@m zEKc$C9f}DFsAP7Q3%5~n|4EME+QO;5`Cp%71E!`Q-y0jUf#Lo)C*w6`?RDewi;bB> z2NtKhGEWV!v?|J^^b`s60ZRYpZ$L&5kynB1ErO)f=2?a?U+M0WebAcEIOUojG-8m+ z{_%SBckzDV^o7*&uZ2##GtWvjVqE&Ud5fy-YXGdz10Rm#BAT}>hyTmKQaeBR;3<(v z$t?WcH$8pUItBi+etwO!tD5jkr|&((mleiWw-)I$`JBY**ANf__y^C9RcJ~UQpP*y zcq6e*2_olrqQ};ilr9KdXU>#P$`Orx?%xo3GzcT>5PK=E#5F?j+d%h#Fb%?f44^jU zEFYhb>pi~UH83po*i7fF=KdXr6@@3yZz!CrN7_AD5CxWJ~>#qK^Z7TqErPUk(%4gBHLh7uV^%739q%?a!MGa1ky zPzw~0*QH-{SXJSyPH%7+(DegrwAlAks%#pGu3h+7&{{|%3kH-((*Q?kJ{i0G=FYxs z#@@&su-uy8rUbRxaa`CM)dRaid#=393V0B@KO=@)vQ0ab63)B7n9)PZ4ml+5?cK4m ze0EvQTV`;A+lyl#TnlT_mmt5Qn5eZ&`eZ(k_ID3-d|6lU8!nFZLISAO-X&H|8}$`P zNZ0vK840id;E6t_&BWkN%sJFlzS#HFc^yiB6{YGi-ZQ)!?p5?+?ioTWzOICSE4E>n zTR9sObF@4YwL0D1?*r+#0xWjA@^%DWU3hKQF;k6BjL^=U%foJB->q&~6XYhnZwX9E zpsN1@qywk8($jR2aQ62Z0v~I6Z``Rp=BOta)kAmm-G@O?TjAn16LW;L!|79p+PRd0o13T~8Bj~JoN26I9 zVNh-Y5!$Y1l^$7fso5PlouOK6vFVxqRJwWKm2QT{WbBcsdBzeFOe*Ozobe<;l2)G8 z{=khsN~_TQ1nXV5+8UYr^kpg)@{D2QF3QDJh?u^`!m+g$Rx{iH(73UooGH0h@W+(nyjG1A>0-S00PmOqOrh% zZnTGvpmz@!KWNzLnMj()r(THfPriG#@s0m=V9EvbkvKWZbJT5$k{+dq=)Fzg?RfZR zYq@>e%-Q5I9%7;U{L0LqTQ+b54sl%$HOCh+P4y^Fz@R5h^+tNs+k*5t+#Au665sB* z^US+jjY-H~o{wJmx?uT2ce5gRi4&+B4-F+1tATS;=D8);7i18yS1195U^lehu=|p0m%2(mRxZk&Q0*v8llEmY3@&+q zyT|o9xrgbl^ySBIeB-ls^wab6fSvr@nDQy)d<7hi;)s6!hKr+<>*-di)U|5>hx&nm zf#J++yW$WtXbPKBshD?CnsTfYuv{$r{W5Y z{}At%gHFQF^Brj3K*|G-NSnRE`NgopT@fE}s88m4(9qsQ?j#+kA75JTqAS$YkTC7L z?tx%-+SMtX+%^ZIz0=BLKLLfN```qYJe`j^vvszO{ZAWr}4%jOQv{5bIxG$b>IEG=zy8z9t+N~l`3VOAv zfoAdv0VI=USN;fOtHZlo?k+8t{>i2%=@Q+>@50Q!bNS0N0m2bx_M!wuLak+A5Ycwn zA>fjOl5dtMt*Dw+(LeKX0p9kcrssx&_f>-#VtEgP?Q6-2ggt4c^{Ut&{+F1&-|+zW+n{^#5C@*?)?u|G&MgK@jNVJ`K8J$g%zR*(1+IH62`YT}+6) z@@38cJq_9f|5ug}?EmRF^Hg!dSH|_CVWH7`$Sc&Fz>K5~U>vh}?J1h=hu?I`Nu&>R zS5c)$WA26EQ2#(*Wgs_fOq}H(x1_!z3+_Pqyr0#FRdZE9JG>@0Q4MfhwN|Je8ciTI zA=iKX^}`;wWc;+Ys~}T4s>>0koQlN^QVk3%Y%g7Dio6}e7b+_Vuy8OR7Q})8S>}h# z-&40yf17dbXPQiqx!>b&Z3$`h_Qs#~uII>v{`eoCYs~)Fr5A!Uhshnp%*f^o#L#v+ z6Okv~ouCiy%9k5yR;gHUBWgQ6%9PA{uQPg6=DQ7YmPv^*uR{ethhO1s{g;82KBT@> zPk@5lalDgAZa8~Ufk&frqm|vf&HUqtTfPD@7JUo1T*SYF@>Uf7;(^ets*6Z>B1S@4u;+zI6l*!Zlq3OgcI)i>S8pGaE{^l#0@dm%s4>z$)J*wKgDi?ADfu67fd5 zFWcIE0UK4$Wmf<9g-uO~W*MeTm*(S?0-3Fuo;cM`2;4E`-p;gRqf8Uek)x*XjuS}B zQI5otnC$zPwYAp2EzX@2TVL?D`S~wHkjzWR7Tl$+`h0du&C34Vct^0JwL6#}us3u6 zHs5^_BwO*WQt)xox$2CGHLa)S{Hu5!s2l!Ow&Cs>VzE!8@v>Z`*~Zvb*D?Iz*qpA% z%pd#1s|x}=h=#xx-1 zhYtPv{K;zjENpLouCctE#Ij@&bN>e?X&L>0e$0*b6Jf3XG~Rj&Z`u55eS5WA-CvnF zdc{v2G1Dt&FU-pwb4K>I9}Xfv|I1Ka)d@FmJwQs547+v>pAwl=HlCmnzhb)lWJu`P; zmG!vUDfx+u&6_iqCWMwRpayVSKPWN4oCg-h-LOH>x7%c88in6lnc~u1ef*`~D)oG= z38{L;_u`YnIdQh9L*>V;LZG()ETd@naDv(P$KM6AYKDNKPDl3IJY3r9pY>HiU%?E) zIJpa&$K^>3G-aY%BHA01C@>r!;Hl+d%Rb)j(4|2!TRoq@ZxDriBguF*`TQ$0(R8LY zewDp^>C-%9$4YW4$?aXgzr7+jMFL|9u!(G*p4V zTfI`;Hw=KZZ^C~IpfF5kb#?gj9SZj@o?nff>D$9Z9W3>fA6@QOxEcIB!uZ3uiH-oo z^YmNoy!=I^4CN_M$D1EP#$WJUk{mAwYmdwGbjcczKI;`unu`$)tDb>occgANr-ne_ zBXihnQhW%pfmW$$+v7`h?P zxzpig;gsGgk&iv17ZTe$&GAA3Rk0(8&1ZEZ0jD?g)qO6ALT67*?xgXuBU_pxkD*&} zdkJU+ue2%cI?)MXy%v>7S3-M*mC&zv>Pt;i)pnL(v(Oq*i{KEtX9&(^VXa^PhvK5A z^4OEYHC+{a)XNiqi7;PgMxC`qT1?G9OEV;~f3LKi?<{7Wxu^R9i!q_zeP*-kl<@R% z#6`_2ndt<#7 zpmUtYuM(45@iEZzqNMb}BlKnY&1QXrgZ_c>)03(|=>tW-?CuzT zh31f;_qu%>YB@JN2`Nab3O5p$Q#?<^6*+f15;u1K`mqRG(l8`CtU z;w^KW#5nfCG3$1Y+j>**VM(HFnu4PC&ucf6>;)h1@j2)o<7dQ-ag$J|e;F9{(MpEm zlAq_rzV~tfzM5Md_tP{EKx=S_xMI(q zoHLW`fb7LOo(JOATxSxC@b-cF>eCkEaz}A1gYYn>x^X6lc*pd|s{A@qFAUD#5iVQ# zbeaTFu%b9@6AUn<;b%#N&apx7zt84WYX8Q3`!3^Bryi~&K1Z0j@(KW>$)v}*sS9us zXX+Er44mWy-W6cCHAm!-!7E|jOZ#TEBQRstxQg!Lxw~XvL;sfp-8~6$JvHkX4Z%$n zP&D!iDXjy;2~efOt>~Hw^d&6l;`WrEoySXW?5B4*4;|MRt@|?ku7KMt~(z1(P z=i0*53?_l&)@M%MU=nWsqc(fG?W~2In5DxD~RmzE`04u^xH3IFPz;!e@@Up-h2edN>KvPVssZK8VwYK*Fk`u>s?bBQc`?dhMJ0LjRV@&mXLz^hUxt6go&aQ2T|Z4Kql9{g zW-*~@uhxZ*M5&`AP&Y}%StaN;+d^T;yloBD>#`JB@~5-@NM3(~;!H?3SZ9qS9? zLqR)*L@_{54ZORjU~3?Fsf1EuN^0g6$oT$c>&5lO-NDI@F&_XpN#^G$fJ&u5H=V!* zr*@B_nCJsnXhI}>f+oBi(Y4=Y4pDtGC~r{cRz0}cQnA^jb3HI1eX;J5*i)`h6WMr- z*1rsq_bFKfmC0slqT?FR$CcqT+e*V4ZW4M?MyVY(sm_Ugd%9*8Prn82NIlEzsBuoX zBT>WTiw4t$+;EJP5TYyDXAEm=3}f=7->DhHO788o56Z^%9J2Cet0etQ)jpl+?qB~* z=YRq92ib~py>giF<8k->I%4HVf*#d#SIKDPTDal&M_7$iUSAH*`-a!~M6{WlHYJQs zQ|Um^1oJrVtQB^#5>u$S_`C7TZTd*vBuD-|WaUTgY&-29hD+to;C$T}3sfJNQ`2M> z#J+??Qfh+Nc0p~KU$@jz@!9&gEUsy@)?>Sis@A)?lSw+sQ+Uj-E zB~Gj9;xO>re;J5%XaZa9=+UlJ+lfg{P2DJ=ss2js_NCQkKdph+dA8=a5=&&H$59Lj z!PUwL>LW^Aw<1!;CxXsKl88d)Y3oNlt8T7Mv#8Iql71IEQIcVGZ5!*@WjT|J4MlhQ z%#K@=U@!>j0cXK{w$pYMDReKLyP;Y89h;S*iXfiF-)8VlHc46|DjIha}a-NAl!SoBi ziRJ_YJXH&Hg_71j2a8tG@}rYkdsQ?ns@ROId#hzf9+!(f0V%vr82EE%jR$r9SGFC7 zxJHhrJpNi)LVz)QS}nX}3x3}iJEB!SG(`$&`U+q4&u?0&^V5acQiYLhl$vtdnXzU| zV(4nc@@w7>bKd^)8QtQ0U#xpoehegE@5E>KO&z>{`n1oF`fN||Au1LrN?|5|-on`S zP=d3%kT2QQ-*c=dS=3^AANhOPq9O*;Jo>Ve~ zp0wb(nx#qL)x@S!q*@xG>P_?00@lyUZzp#4cO51xCdA%5*4eLz^z3z#DtPx8 zBY+x0sZ1h0P`7|!u<~U#P5VlV`3I{Sfi+R)zn5JQ8$v(N zB7~DQiO&wzKfUO#P>we^%RDKsD^70N{0+PKd-)&%&+;$B%qEDQ=UVkO06c@~u;Wt4 zgd=Z}Ty4had>-|FHiiTpS;xb-CYYu98wE~^-B;qvLfnep<;^-+?9J1=mR(PC08iF7 zo%3{gR-n)0UxqmV6?%UdWcy<}o$P}}eqXK+&VK1Cw4!peB=ndm>oxW6Hu_>EO3SVB z379QVJ`ToN`-8hA>WQT`*)$?PRk+4Rc3h?0j~6PF|5VIx558mvATxe|`XER5v<_+F zT!G-}CS*-(UR04zV*fpzaq=}J#csY^xc$eMPuI)`-bOqQ$}hqZpjekNow-?_DI94v%s@NAevwu*VsH`X0>c5f%erE?~6Z_>H(F}s@DryoxNBpeK=AhWl8 z#DJ{Kz2LAC!IR#E?{ogIk)%ByR}HoU;G@@iula#LlfGs$P3(~KI(1BO>&4~5#pq6d zbhT^Sa1@ji!VHQ5;)HG0I`eOk*6F3el}lSwq@{tO%(T1Jl35mAu_5dGa#C$bGeEM;um7<oXvZ=2Op1LO?S zyonM=^4QtW*Vn z1G)g=t*ats@@K_R_g?5IR)Ri;~2*1dwl!(f$dd%hHFg1&* zX}hSW`HRZaShcenh^yKh;v6A&)!{wu%u)*H#?avA>uYGhXv>9^r0UU>M)#T@1!yT6 zUZP;`*PPXBs$gC$v6M|u+|0P33lEpsbR|YrrPto03V5ncld}!G^3ZKd=O*{WnG(FcJmvmw!;5c@eD1#k&gnV6hX|m0M3lo%8V@K*24in`bhF9> zZ#(O?z%rz<_e4qCc7;?ZLcR^p15rf60n$b3aosfbhjeE>gl~Ko>y~<;1$|sC=y197 zrqjLK;;H9u--ZHORH_P%kpe4y0LYe>I4Dt7l*2X@$M*?GVtQghfuKIbH7M3q%05;% zkDVZ>_~r8*(=KT|X@6&Ub()e?N;9KeA+f9xhOnzQ9phlH+<~Q3AiO;}?Y+eF81?Xk z8Lxv!V?&mAWQ{C-0u~DuU<=#K`q{>^KeM}(A9^CS zCH)vLGkMmy8A) zXKAmz{&?akCe&LL*A^5X36-`c{CKTf0N){z(rof&>*iJXJzHBQJ%L*X4i8i6Zu&i| zZe?_XT>-{TRZ8`_s81Br66A}?3OZkp$bwtRvMt82+RKlRqr7nIi9*mKwQ&rK~i@GJxdI7d29 zeKZQ}xjYY^MHAm35k-_z8?o)4F*+wZ*c_B1B~!-v86GDV(X%2Hz$moYW*CWLBz5mrlcw!R zi8=0Ni*BHTN(?-V)9|8TKWu5>+KWD0CaEtS&JS_}tEzwrQ2>}~B1jShdRhM&UPQ5Pb$ z1l#D>DKF>f--~CHu62!VjqMg#7sYCdqnqL@FP~+LpZQbPQOgW~Bq%TgzM)^sd4}*inPG5FlfcS^`8I5sL;> zraQ@9?a!vXkA`DO6|-?`K17E|(BT*PTT9fVY(gi)1xS3!&je}j=g!*eiqCAX6)p5M$9?A`@$ z(-hB$Wq`iN)p)-UT7RYTyO%1mbDE8WQZ;}@(i*cPYZ+(=L^&)U&-*wxAJ7NMRcWW* zgG-(Pi-|9^%E(a^;QLs&36KgRo(iLasK$D_5CD_G{y{r8BqBrXyfo^)=1;nm@_pZ^ z$8IgQ&4JZvFHDFfFI$IjUbGUMlfT`e}cZ37~QDK82Z7Q@9#sBNpbu>SM5{ z(hnx~MbWYqN7P=!{7!sBE0dS{<)4@DU2Br(rT1VMkoqf4pmXw(yUkFZW-&@iGTcf8|p%#z&K@#ae;|20U-DxSgJzxCR$xT029{}AC)7QV`= z4DD=F<3iuCo$d{03&{&Ao;TPkR>7>l@H|j&o#v|~5$>q~C=-Q8%S2}k%TQxwYiF}i zZoH()6k>e&o0n*%+O^A&r~0Jfx6J^hK<=U3E2SxouZ$Wd$sX@2b*Q^!3CvsDwmN&) zJk)6Cvp5m!vCUzq&rm zi(Qb*e8S+Hkh8cxiZ0QU&g~il5v7C!`OSv(EBMR(RUuFpzd0;hjSne_ca!tI@ZPu$lv^)O%$AHvNCh<|Be`k?{`LMsknL(&u-IBwA6m%6Z zYOSl{&-y64WhE4+tmb+5jq=BZybve6c@sh%>fX|=YLMWMsc|b|J~E6sH1MCrpL3GHTyG2nRU7?3p8u5y&AjTr#6>Hv z2cHHXp{Ey~khNaoo=ii39wF5L2fE5IJ-r`hIh_VW%29o~64U_Rot!_sb9&L1mkR9} z&f0i9_6HaI{#L@w{Ce)1Mw5Avd34DmQ(dXw8s;8 zFIh$#N}5Xi%QlJ!`FHIPg)IAVWuns?z9o~B#r2fDq$eriZx~LJqA_Pw;KAK!Vl9rJ z(zwI zxz18pz9brxeG~Unp{*$6W@hDxq4$d~=SF1aL2P1~n$Bv5X#|f@t3jG(sn>M#PTCeC zNv1;cagwx=$tERJ?xYdMJ--MIw8f5;k($;7Xv*Ui%20MIVIVm4sw4cP8wp5guISFY z$pn9+)X({7$5GVVxrQiDuw8Bkvo5Md`#`Y(m?T&aFmv>=CH>xiR#1DI1O)#bFScC~ z=x5Xbnp1E!2um`&PxYp*U%XV5tIS|LXn2m<3X3A~O+^mk`ex5V5D=VN_ z0Xa zkb`8q-S3XLzdu5+Pe0gJxs_OVEk3=nu-q#X9ea{7?^e6FtWOH1>p~OIJGPVPqYNv` zcIWCYeg(tRHoyt&_1U^%g%bU|UwLU~HzBiCrJ8EQCaWxI+9)yP3f41nY zuq)J@!C7(}bf+)Ay+>qxtjoyH$l!(0CS+uNKuUe3m{dG&9E`wa1T44Vb9|rsb5hHlYs}+)Dw|+66Xj;?byCLOn#~jI!cz%H^jGM&>BO~BFk!u_ zGtW+*;alwkT~!6_>RdGdlcVeQKY;&uGL7EHEgJx4o3;07Z-30&@m{&)Lq| z!4N3&9k^IaV2rb6s`0e^mD^G-jPZag()!5p$;5{#-A*|Y zQ#k+xXFJOz)~=M+4@gT&33}Cs^`5dHE}bQZCHusIlb>gGl~-=<1^6`jmKEM^;3Y-f4UH&bhBbQbMjieedY;lzEs}3bB5to@lVW zTGH;01qmTaY_Z?IPE_vf1XM`v@94sB+slj(Vs%3Xz9E~U`WUv(vmSNt%mPJ2-KCU$ zf?;f+JMHcg)8y5^rHCd~?sdodPHnZufktDNS8s@GA52 zo2w+DjcwC$Tr2xWk7>}!#%m|1%T0l|nbJmIF|fx0jC#!}{w;*pbBUQ)6{8|3>)!#t zK6nx{lZj6~Fk>2cv30j)J|gh8_}-G9$j-D%yQA3Cp)VeVaq%Iry~SyzmqCpu)_y-` zyEE3Y#BaqP^-GxkU=&Y|PK>925xx&VX%>-Zo9vY*FJTdd_5p|i%!-!JTT3td8juqS38N~9q zrt>GgukjL0&#ms3@tgnN4|Iuj(nU!k36+57BO-83&j(}+#BmjOmb4bloqiFcmbzH* z{V966^7@yqacc&na@%P8{Y*gu?MNW3av)B*#mlqD6$XmaHX|t0v~1! z)aU(cM{MNN!1T2VvO0NL{L1`*gN)VMMBBIhuM5GH5X+a>N_aY#mARry2M5$6E zH538q5=uy-QUeJ{h!EoY{Lk9&K5LJ$_C9OxvBn&i$yFZW&?id*q9O+71mr+)fftc6k-|||(K??5TVVm}fK8b_Q=2Z^-a+MTdcU%Daq)k38C_@kYe>05vO|WN-f%6i!uUsF~<$l!_Fa4JBAN{@bD=rb%WkCEM z|6lgU<@&GmhJQVFgtL=5O*pB$29siXTlRPF&7I_c8|84b z&MT^Rdv2GJS5R4RTy8fvhvx1jTq|)@?0+Y6Um%UESwlzkQKRd>k56{kP>~7BsCLmqgFa^v3|Eh2Lue{E`XkKz<`aSW# z3G{SWgsk74Z!^!fz&x_`%p#u1sXd~7fuB#)3_>(H^PAxdkU%_70QQ8d<(2pCP*(yW zKCkJMWYFOe?QJh@QqjTv9>h=P-wXpEfpklY`-L6kcSy>w7@18UZOmW!owrhSV>F!$ z;SNiohvxrM1yL=Gb%oY{SrF(Bg9mR$DP_QhXoclBL%R20`@_F`4flkpzB=6uFbR0| ztYca6umZ2W&xrUokHG2w#~1ldnvS3{;MzZgkj;M;^8EWdnf~2t?3B5D{(Q8*YwAC( z_NTA?T?_mfp?@Y1`kyKH&oKBi4E_v*Kk?e1P!j!T82lLqe}=)IVen`7{wJ{jq;UT1 z4gTy6{_G9@41+&G(Vw8`&uZ`|DEbo={RxWx6(@V&J+68=HyU~^9Vk`jjzKw^n8SA1 z+4Ys3<7HI-@=N^Jc_nfk`91l+toVTC_f?zVo1%XnD)xcc#8VzLjX9@zLa$%0$iG+n zu=%us*=xy|Q=JxBqh!w$3w*X3NV9v!=MP#HP@`T88x5CxEFQSERI6lpLKeQG;OItE zTRoG50O6)eS%rQ#Eu_`Y)41CV_fvixZwKxbmh%Q2d8KmUG1ri{V-(%?!wf5!6{SCN$!O4EdsGEvlA z0t_xd(*%&stO#qUm>L*ukzaSOY^mFm+pBdE={3g7UdGqi%cYJ^4mraHJX00 z<=TMPhH!z+%2{vzhYXJjNOz8Tk0-c2Ro|CJGE%n=3}{yl^L;P)aqzF5*ssbQ2Im)D z_X!Nvxmdud9*kg(oT#425Rii%+ z(=bYI60(Cu{=N5Lws~D0j)*yno|Lx(Ju%}uPmM{_~rSk6U!7a-(?QiEY z6@DCL9Z(x!)A?X~FdpAULdW?6u3kR3$u2SSM;EiItZ#(4s2vUNm%6qxXL;=2gT(M7 z$HR|QV^X8Ix3_wL`p;X-T^(A`D9|YycLnVRIjSKIi=DL`7S3phJo~W6OTP3}?D(;x zdJ~<({oE6@v(&v}+M_JU7cXBs{jLrfQWaUJ+Eu+U%-eH0{7Zi_O7?>RSB66}06*`y zZWgYQ$=lNnw!w2?)*rNxol!V!L_V7`Ds~!vw%J3==fQ_;4I5W4@zET%rdP=`_w@8m z*08KK+f^+RNN7SEDh}AKe4U7c#tP(O(M5>+Yb|e+sGbGC*V{`Ms`nxP&U=jnvhZi4D9#`u` zPYUeyL1H?DsCTgf4Q#g&T~dd+K=B_&oF`lGZO8TE$H#UgT^>9T6-FNyT6*d#|2%`6 zlvGBnE_Z``rJth~keYf#PLfnmN|(M;Gq+ur00P#`mu_V!4(g{x$6C%bMm2fYLMx%S*GuA8L2grKk$kFpJx*SK@Yqs`W51&&HdZ zB}GX$R48{Ngjt!!lPx@wmnVK&e8%#j+)jXnsNKd?hb0uNJ6MZ6UFkkUUTN{EVub<~ z)y6(PqK~8aUxszArYF{{V*w$HE1>lsX{dpLY`!Q1#8nzbTgu*(%B*$AMN_t?;dX~54Dkk`>?SkDM+_`AJmvyZlaAptA z8m`FvP>4h|VE_6W2!3U3ls!YZ$GR5htq`Mw0RJJ6(s)-f7%uMR)w>gk1_o^POWYTG zrJLRfk5;Z!nVhAj=#pY$c0pX!?ejJ5-%>4H@&w#7>WON10WqYFj1v&P++y))L@-vB@ zvG&Z%e=9kt^DN!{uF_aVDnTsPvtrLevXj8=@d+!`ahaOm``kYQuMqwm8(lv)aMISj zNj;-yr{qZO|2_5%DHdFmjLTbY#Uv9>xR@uLQWYgVsck+`o( zq<`YxMsI8#SWrDENo4&*C2iJ~Jr#3%Ue{BqGiM_xR4);;WZi^E^*WhypDs(CQXH1# znL_)l?MoNF_**r(MW2Y=Au^ZdR~f8M6ICM<#p`w4p4GbTk+YN#?j4g(BnEPgS^+RFaGT8q?s+Waj&xp(mlB)1R=QTxpyrAM zgY1X!PcA17G(u&DL*#B4yP}^K#$Wh1WhktpfSf$uO_Qhz6vjCe5JCRV;8fQ)E!z>NuIXGT=%*ZPLrKFO0} zU^(~b+6dP+yGm`^FJS7=zd2^_v!oplKTAzT;6qfq&yGsaPftsIX}GMUC)(7AWhA1?yohRcg{NBJc_yCCOm<5nQT zXy;DBEd<>Lko={v{F|?A-S*qx@J^>Cr|CRPknp5dGTCs2O4s=GiCi29c;d#8zUK$( zZY{zu_oL=+M(dxp5lbB`{~l|mCcOS)3M{jd39wP1B`G=a*t>+>z3crLAHXp}UXY3%nU9DnSqaWcaz+vO-+Gk)l#}1N@5dsE-e)}J%M$umZa&oJiJe-sJR&dE*$q*xjYYAj_};<8T>0*d zg9{PPKA~5!t@*9>UZpQYs&!#ao!W_+`TPJWoC}L_d*Pe&n}&jY`a!T+nZmw81-#TAht5y}8vZ6Y>hHdo!nD_;L8+F^L=I(?LFQukO1`U z`wGdLUio})NsKW0?=-pdFQC}oN8jNiSq_7TFFWh5eiGVR7+t`qn!Eh-Z5oVx+Due3 z)fGJ{jeMc$eV`L;ltpk_?$i#avow$;H^bcALXc|$$!}$=iQ;W1#|q`I5WlxH>PUPG z{dmu~T1^J?fIp1!^mTb^9t+DUP}R`)If4KDa@1PgyeQ-X%Y_zMZ{UQVtkhfHO+b zqA^6(y_~jsx08)im_(C7!#=f<8@D$5Is6LSW^i{tkhN_|mZHIx)&bcQ%*jVal~*4qKRhY@?s?Qt0jH>u5?_Ppaek>69 z*YM(yJtl0ymL$E`+`W#-wI>Bt7iRh0C!i8r1Zv4mT$>I&okXnXQ zh~g2@E5ZMAiD&b%tp8Gd>I{E^{bJ1JV@#VB+jDYXEVRho1mUty6Asr7(Y6VRsr!~Q z8%mPN7jB+c>5ykG&Ug|zJ4k-B%Qb0fOL_i(;|Ok{@#52M+aX^kTOG&rj04L;!7?xe z9@*_mKTp$&C)|JE8c*DKn*knH?rBVs(9_gDVQnxN4*MqZk~qm>QrI?!Q%IoM5s-|Q zuq-r~JHPXJ@6eq(*FD9AI5Ep_kM-owD#mdgV<=30^X!sI@t3Lkf1BQYNL%>)$PQ_a z(@jy5c{;cxudVL=nA|f7p1YY?<@?%!$H>t_0zch7E&uU6@jsaZ>=npm1j(|_Ruh&5 zyVW#z$6mPfMB8Nnv~)s$$hBKHi5Z@Qd60{j?mUk-gxpjFq8I5Hw1{dtfg2qvL9+V{ z=SeWIq0-E~9?T8++daU<`n#w}SK!d$9JYs2it?Q@qZaQ2>=FG&J*%}pd;>uYep=$d8ZYNY#>&*iYtr~ z+!zP=2VbxV-eG6yM4A;()jI-6@qddJ|3PieKV{7ESA}wSJ}|3BcGIN+T%H0^VPo`H z+%FJjQ4dRrne7-(fhr2`nDLeFa{6mMk4Fahc{+M16Tej)ZEy3Gt?j>Fs25tN$oYxk zRQf7JgQ`u*Au055B*>9ao$mX^reBBr_uHV2UkA4lQPRlK#>pP?1EoPz@ft1ltTy*9_6OF^Aj77 zEzi|Q5*%%9)tpk`I-m=m#MS1TrvMB>?GPSZ_Ks>|F$N8m!MC&BGa?G!y*MJ4F6b1m z`zaHwXXDzZ|A+-+bw^$aT#MVp98}J(2H8_~8WJ5}<8q;u6+ttNBQwMxYq~}ACYQzV z;)TPv%7O@fclc4N%Tl!wS|B<69DODY1KS|ViP)y{=1Plw$0*jbn=pJ+Sp-VW^m{{i z@qGyaQBA6cL|apemW%?@;T^RS zcfQ>0Q6gimY`VT@nI8#t{2?=}a#Q;XZ-uoUuIVTTjhg~(B1Lq(dA0=l-C-R(8o zNWUIT{b+bCC+F#O_47Fk{hjl7*-iEBk4OkT=j{R|U^x2N7?;h*t841#h$^cae#TdR zso2ii>F=eYy;tUaMWY@LDp$Y6ubS@n8d$6QSy*7!_AFL?Yg~*JyB}0;h$#fwCy&g{ zVn!C8{M33Bzl}`*@hE9Wws6-}yt7_#w`j?oe-3|L`nBw}Pf&ouLeg=aiL{W=q0=0> zR4654a;{InBD_NiCVr2kwH(VoVUUN1ZFzc?*gg`My>{ZeXv)io@M}`38TuD{&5DSt zUF4Z}t&J3m)+QUNhn24#R;MV6S?y)|P9Zf!CwP|o^7tgMm@Ys4Z~6}WZ72B8g|^Rk z9~7nmLD>4HVHChixK#MJ$~C6g2)bU94SfOi)6TcM#OKm~sF;lV`4f_w#sj2+`~K7L zx~N)Gdi@&c_tgJpDbn9QjqULsWSl(@;CbVb!VP=3gl2Xb3O_-b;SD$iHgLG3s^PeD z%qsS-v727v+VH(%q*S57NVVm?hziqLx!E1nK4S$s|4y&@ZwA2*kcn`W`eqT-0S{tJ zkM;AnUH()Uwr{19H#Zkm!yJWPqLQNmr#oo6fA6CM^n*=A5d38u?$f zlDMBVZSkNhY$t+=QjiQ+S!9Dl5y!#9Dms$2>D0{o+mW_IYoh$F2-6?Sru{2z~ zOj~I2fkJbp-WSHpbZb5RXLId#A=;yWFcM$cOUoQ<}d(M?7$l zIYn!Lk_iXHN1x9`Djg&1eeejtThx#9tjZ?My?PR+qZvOS!j(C2yi{Xm!CEDU0_CPA z+@+%rc<10iu8I@X5QxHvJkUilp3LXrbA0%KL_t`AKH`e5B^8?GZ^AIMTm=$yTk`W$U6kySj`LE z9hE)~I3zpuxy`zbhcS4b7{93>j(MDkcieH&JnfTlF_k_wvmBj(gJOADW8Xy>sqF|dE5(%h zYiSP4X-LpOFn?X+$+n1A~`>b|^HHb|d$hR`=7bSF-_IinkL>JY(g9CnDiK$1MEkecq&RascKJpuYS% zXpbE)-mWGy*bZMQd`nCG`Zz5%t?vR}=4e%xMkc?+DT77Za=xK7LlL8;^{u%G!0$K- zw6vH`nlqX9V+D-uv^08ItF3$4-=y6vaBOaP6g=?6C@?6^L|%vQqQtib2;B5}zA=3O z#qBqmn9oSlCV;p$=nMCK%GRQlzl!`AbcyVL@KoTYnLpD>{#b@nCs)AQRA_e->ZGP0 zUT{HvkYH9vN^TNv_}NHq|1AAvS<>-kh3`E>HD-2qlUXe8EC46f#sQ$Q(hbP`>W3k@ z@8dO7*_&$?dH0HHdR@LoZky@_4*TWvC>fjd0FWprT>Dv2y}No-%&w83LBPAfEMApb zeF3j$?^<(#>G=4)YgIY68166I+Ort9{Ke6K| zMYw>d*Rz%^!bPb8<+(Q3n#SdbM5xs%6OC({&94a(ufFYM?3Lc>8(fa3v{3c_0*<2r zk{UJ|%o9D)lfC%?@1f29A^)?1eTcPDLPA`sSp+fpI=3QC;;j12!ql70CIQX59(^3N za~;7Q>^O6-ZcJdC@BED4Jyb`FjqWyatffBr$eEt_D?L#RZ!Cteb=4_}ZIG&9{lhB1 zLv>>z>SCXCuwwB*nEI-^uT+1YmjU*v89zKKOnS&Z2q5h$QeIP2$+dlMbUuY7FfaAq zG~du0nHwEc@m%YwnT|zP{KzMn(XBY8c)mth*1aK~~z>ql>nYozs~UJX33@F{j5*h+ZrDZho~Z zrKP-b7tzZRZLfS-f^Z2dfT0ajK7rK~lkW7*5i82i=ahe)H;{WZKbKT>K4$9*qvP2; zR(V#cHQPuQrD?o=0YY)5rntS+OF3nIbZT5CF-)uQ7wODqZC_+in4QbUFGSEg+A*q6 zg}dyipAXKM$I5Qxhrfqf+%uDVzZrta$mBM+Qur(i)CM}5-{(}yb7LQa}EkSCczMz z_>}#~MfLpn`>v3a+HOP(GitIq`V&Y{Q(jXwuu>y-seW>U;2J*P%9skA4L1mX92odz z+CS7ly?kIjL`s9s_RUz3g7a9@O|ov+lf4eIQ0e+l7ats(y_WLXb+E@)xbh4xH=6L= z>a0F)t`fygvp>v-U-=s7-;~c!yCNIx#$9i8N_DTyIDUU|eefEW(Q@-Vwf`D#^XR-b zpC2nx3MZAcYpf73_k?z}($;1}4XQ3ee#)o3E!71IM+hsl-6z!|5-9s3S#N0q z<2AmAa!Qp=tvTi`9uGdm2kPirrb*uqxV!jJTVC+{!Hntqx+&j-T!p)_#vXyEGIx3w zL@qq2te{*pD9^Fb75|a{wa#dwK7Td{_fz1}MKt)8SFsH3{`{~+ZCX(7hCVJi)M60D zf+OkWlOUA0q^!g(8$;k90)*2_?(;2MjP51N)Q2hJK1H##dLfM$8Z%}~xg3=C!yMYx zAd&~LUWEGsCPnH;8+yk`=-Bg9)f>i%yz=8wZH*Zj-?wvTW3Pv9zw7a2Y8pd57Tlsb zfzAY~6dQS*O8j9;9|F-Fld;q9zzB&&649AJ@2u2OD)z^AF6m zH}X2TTB%T3@KJh?@i`NoCy8rJ-44tkH+8k+hQI8@8;cOCS2b*%;_t9+KIfDOCuEE7C^+W)6VN0R=Np z_>S_z5_IzxF+bhYa)SKB12R3Di?B*|=bv)ler-7*W*I7-zHy=iz^;l?N6E+02v(X6 zDR2EoG=zD6O;ypbrmf>{9#Jg$Lh!4*uTSX+hn_0(=0EBKptfT=w4D?{bF?-thtiWolhZ+Ax~tHsCIhITVMG;Q8&oO$Sk4fQT9JAlB)1QrWhksE^D z)*%&eYZ=vs7a0)U7u|xVH4^jcQK!!tD^RFZD@1AOToSY^dn&p3F2S$*ow24Q`nu-) zk*yS+xDLtStJG1_D4}7Q$V8I5Sx@#u#r^yWoIP{FoP&BMe&pF);$i(Le;#bCy$i%!o$7+=cK?|(xLE0p$&#Q8w^oMu1D~=-!pM2SyLJG{JGAe`Dr>wxY$BZ z|AEuV4=+Naj()WWg&7%5C_$*wJWZvp(=RNoI!U$M@rxMAXug?)JM7%2kDC7E{%O%w z?LzRcsG*K?Bs^!&DsuCG-l~fWtp7!uRq);Dka!bV>*-mjm?r+{^QXQ7z2H3~swV&) znp3o-B2{vmx|-}6Q*?pAe>8FvWwYXZIq;l`8k}f2@5s`p>Jo3b1@G3JAlNO85+%uL zLzKr~BoWk`no86A*dC3KmQgQ`ak!Km2ldJ@Y#-?tifB0x(8)KVJUkuA9E9DBH-<;s zQ7Mw~(nWVGgj}P{%=8${{({QXWZ4}?cQC>tdiG}$w&WUK`6--+%)6^@c~shdsoC@!1;2iFz-;VjN^8U1^?3?5r zMaID(L&21f9xI5*j&szVpd~FIbLtSzPQANlIx7o1n{A)uCn)#5*r3`=b3iIhDe&=p zSl&%O%t*!X)BM`3E^S^a=S?ywg)Y;T3J7QDl`0k0?*@eM(-O`$HaF8$eJ}S!zCYQ+ zcJS+>99^4O17PW%nw88xN25IL9!2r>f52b2 zc(z1j5`FW`8qu4N0WG2bIvf(GgoQBm*b9;umMP}1k*+V=i>F)OLs{*7KYOWvUNJEx z|LH|SV=GGzq<$vWFF&4sc?|IJO<}OpYDdS4+v)dZCkp$HviEiS2Chi9s$DCi-ij8K z>_;EwwrLf?j3^(etGE<)OiAYJ5;yp%`ue6shey%Em$|tD)R@u&rP7C=Ba#u0fYH+F zHt0K`U5_?awJg?-HGG?Xp4(fC$`H8uR`vV@tTk7>~W1A6=*W>dcb)&i&rGAFBTzB3&ZhrGIR@?q6SFx}9fBEl1$m9k=qIjo> z*i`-J!`h)+?H`-a5Orz02@pwC<~xKcwHR0AhN#_&R@PF|mt1U8DGI5ueTO&P?3h)8 zv}p%ss}T&g4g2lYkoAv~B=zFW*ppAzzV8<$=^QUt{xt#k%frV}wb7MTFdy9UXgRo4 zu*xJi2k>-xWGD0%mtvwXy7+5Zeo9!1dyj zurhYUVOiW}ARb1}&3u_Z)*k!E8~WEt_ielZr9WhwqJKuP(cDOTrqnv^M5V0_D$SUD z+-gRtXt`Szqjb=Cp9|ZZI_Sl;37!$2yl;}BbrTi|xKaUVmC+=7@R;%_&wBRp?ycyo zR2Uq6n{>E7YlJ9&=ZyDgj`fks95mBY48Qas=8EppusAwTh&JH|} zvL{71mD{$uQ{1i|T!`DWaD!fa#(z1KQHVj%eK${(gg_%gfwRLlE3)9yOq3j54CaVu z?GAe98ci3L-|W60=FeZ0`EZat$RZczEU^^IrRaw}0_LaPYp3Sp5g2iTUv5ntUh8?6 zFo)3>x${OP<3C?nImt+NokdF2mOIwJxO4~pFwS`O+wmb@EKi#^nS-K2^&{k(bdYP& z0~U7lW-X&kquA;L!X8>Eo@aRBG^w!p1!*0SvL!vnQ_`;CM+avO7~J@Z)g?UTa<&mRBxJ+aa~-V7ye!Lt}o~)n2!dTfvb8z>I3?S>fPPe z8GZ2`!sD7+4o{nsJRVD0VT=-DzoI2_!kCzsz18k=-3zh{!$UsAbf$33(oCr(c!{aq zz5LEat*QDUwa1g+J%V0k*o#Si3z2v3{?@wlk!cb*sveCLz@oPVgCC`%!CE(DxazYPM8qj`R-{lrM#ruB>+nDDNW{5g(=OGKDrK@>@V?2Y? zZr?Hm5sLbc=++viOGah&WdpA&Z|{9VB-)Eo>qv9By^RD?j1_S9^^CS^ai3b*BfDtU zTb&KW4c4oJx9YPLgyOAcHY?QBEFK>~bg9N<#tDK8@i=}xNya&yki=_P|HTVD<^`Ws zZhSSpUDJ61);Q?@!|dAgaDC-(*3gX@dNGq7l zn3{pWXL3?mtR4ZLa-UB}I%kAFZF_V2*@@YokYr6Z@?NhDX@?R$)+XoTNLKAKZ&LSf z!pY3FS~N__Zo;k1SwH^Blpfg_I1%tGfQG&hv#xm@NuQ*Hsp&;nYRso>mo7kzL#9GQym9+sCSsOUi99 z!*V5QEjPVfZpsPie0!{Wjy3pVZ*_82deNvd!cc#kgyS9FG5Mq2fZjZrLddp zZg+2F^g$+n%@2)7R|&R|kg;!)$dyF*OSOG#S!DNlG`8n+jXqKkUf!d{SM1c>PP=+(=^q z!Fh-A9ehotGfmH{87WWo1`I*!~3n zV@BIGX9yR6E~51*`+DMosx1c*Xwga&h!gSXH$#GYOngJNvquU$HKw;EsuGR3_?j)Z z^~BPvwA-23tDmL5|AjN<#MPuMrF^~7Ll>K9V6)yvaM9$0=E@sbSLLgT^KP8rAr1(`ZBYYHbMoD27ipCym^XD}I^4flQzUs}A%nO+}Cq*p_T6~y3bK7+~ z-`-*>A2wd%U=I$OL^y5n2eXl9!W_pM>;ya0sUFu_BFq|^6KqqfYUGM8a(`;<`>J#0 zJ#(`}%?YmWv%5^an#T`R*7GC}GwPwSd--Q*HZJ%e2F z+W$f;??fRtCdlUj0`~)|2QI<4=?h(grqYpOKT*92q=Q}B8uJ2p>I_*2_>&)}8eZ)2 zI>{H-%KBOr`Lr<`Bn?X^aC9QVBW{xSHhwdZ%X;V+r#Jjqou=!x{B71NJ>9$X7?)DD zsxIqaNj9r{0p1!;JTxKu=#ddUkU2+vs!uU&2td2XAmPF#l=2p>Ih$c6mh$<>*XFCP z^y4Mn%mRMtq^r5FJt9Mhse}cKo20}1ZZ>gTZky`Uf$H@cOj70tp-dp@R~?VRh_&$_ zzxeEH-}w4oO3^~FD!Dkn(J#L@a-t4r*#Qz}+oDlnlk5c&bd&TSfxj8nzN!HE2^Y^< zd`=p73NJ}2+7A^DYPgMH{yEC+(Si+cgW@#W?`Rl5+TC29*m{_nn$41PR7Y1$^l|2| zS~KIP*gDWB6q_}D9L4)uIsc3{O>}=c_DRHAohpX*Rmz95^=rS=R-PUq-VC6sO-Y2l z=P5*=B~(1ma|CcOFV%%f&It?wY75LJw>9+gOkdodi{N;Dw|rCgX`ToP+J}q;ba#7+ zZTfFv_dr}Q5I$rxRcowwj;#`5V!1%57CPDr_;(FaByNCuvsG z9iTNpBy5oc^(vjT=u(eVbj!?2HaujKT1{^CUt(yDT^+`p4!4$r+5p}ZSW>?eD!@k(pj-UfFdJABn<_e~}zYKmOynK01hlyR1v$gd0HG1uIwu ztDP}C1(uooS^Mzgw3YZT{KSv*QgOwYk^UE8pNU7@h?n3q!A2zBNQB!KBg|w8)MLU4 zLwA8?jP=lv+L^~Kc^Hjyxz8_#p6uQ2((GDNe0iMVOshwz)&Zdm5UT~$(LmG`4@XBb z0Ot13GOBSCh?x7T`))W$$YJv#dmNNM{-*5P8ojUm=1!tG?I>+GWIU>#w+kBAafuq@ zwzS1U1rzQ=HmD6AHglEA&0%I`Z;JHzT^t1Tg`_{{+3+%OOO{q~_#~4|K7m;0;d5ZM zF_0};I!14-zS^Ci*W$HvcA!)84X$mDY@??z%ap<6+#49FWF!!$ng{!KOd)HW$J&%} zY*P1)R9_FbofFhiDpebhj%s}K;!4mIikGTEfOKzRl9z!6dGw?X!Gr_Ws`p{c&+=H& z(WvQc%J^HwFfenhxNVeerbPJtlQw0fy)FeVBOn20MMlKd4|kj)r^NWSU!2|=jq3Q~ z*koD5IcVW_A1W>%&+%m3>wv=aiOwC&NDd&1ktiI=+MI9+YSS&UYCLW3@H`unsfU(^ zUgHj*jl?BS2~t50dvT?s#*X+i@D(bW%-Mr@kLYnGpRbk$E0cI*#YiReG6(UwVa-PM z+_b>CFO|pAuBtTiE#5eL%mArNx(R7KzCp&tP~~tYF`3$@>#MIA;z`&zR0Hwn&*X6z zmn5j%W3kyn*=J0m=)tN_j3!+4q5LyS$gg$1h?BmlptufEYSaCunO(?51JA;blVy`~ zQq3$9#8W|!;)RYqYNe!cJ(doznE9A&L4bB51cR?oFDMX?m(uQ#J<&Z{$5`deH{BX| z)SWuBEh8xdj~S9R{B}69_y%$Q??uV`W;jm=+6`QiI3$(Xv%=EG{tA1%OWb2oztxtu z8EW-g;Pf$jq(JATV)|VM-5A}3JDavnhr%Qy*xJ<1Qr3>R3WRCYNiZzfL zlfX?uM|*oNaj^+k!Jm``G4t6bF1^WnZobPky&s{eLFdIrYp-x15lg3kGZ0=Px(-O_ z!y~&}G)55ZS$kjnOkVyrUBcRKRGPHadw9I3Ww}x5TrBbMt<(~N~C$R7O zlJ|5w;3a%j3ENV24|TUN{-WN0DsA{5;A6P~?_ARI90GR<&m27kql0JuAJ2(@LeXVC?vI#3m>q_E8+AmH?NJ^$ZPs;>3+?<(V^#7EEHNev zn4a;bl~R-joQK9tP9gG>)@)5c51H?MoqwP*;a#Ul$w(ofqQJ~FpdDg0 z?S$Z(IrwAgCB`+Ya_73Wv$Mh%ek5foC^8LQ=^Lumzh}@%aKVp8?Lud5aBr4zP4P6H zYAP1*+)xZN$37s-zugZD-&`MA@Hy+rD!8#QBFHRd>(F8nhdK_|gjM2Py4XNH0dWK% zH-|vCXvb>m2eDdP-QX@h_HA&if~S9#u|Jlv?Dcuoqu;_dLG`1ZL=%EVH@~J9Zs_NP zrfxBI&Lf+9{+)o@t_)+J98HD0`wCCzT&w>ylUt2bA$LkT_#%9?j!f-=-42A8C3#FW#g0I%sb3j#;@B51sW?b>oLoN-cV z2+LmOa|0@Eb60NmW?j8E!w1z@H!iV#4;%O-e<&dmGmK)S%TNiXhgDvhel_j^SEzz` zz_%~X7sNi-wn>QtjDPoLKXbn0{N6W?78IRJ`V2u@+ldnb5&?4xM*@;)>WEOD%o8Om zP)s70np1x?gbyw{)rG?xoG(Yjy?%8h1{TQd_Y)GYU3WbB?O|Fl(~?OP_(U`BtC6@N*^Xu3eD-S>z`0&oKNUpz<&4Zw*BZLHt zWV80P8}-{sFhPIzTbDaazYF(PENP!XIdO1P#g{DNXn|0&YH!n`dIM>9ce8#ElVH1= z9SL#r332tbGugz5i$-S3rZm)jVp8a#i&GPD`CmD4QOlvuQ?k{i35F3p&!c0bb_M0m zjNkWG;_DVac0#q{sLudHnmY1~9eoZk=jq^F%Rj0NjZyc{LiiOAm#m4%hImaIC{*`I z3hB5OUm1qIee3Kkz$+Q)xVi8D8mEmh!eKWiNb7o3M~{bj@}znmqiR>)ahvz3##oU0 zv_|#tsb`#_LTY?c>?imYupdQ&4piN+tbogOi%Tq>f#x~Y(5}58s7LxH-SvU3EBG9h2^V=-OFzHzn_(_b@)A`~fo;t^*)K40=E@NB z{g-X&Tedg(JWrsHfbBEpRQ|Iz*`H1Sm0toZe}TO4igbq-yKNbT@IjWosQ^8hR#H z$9}njerzu>4{o26K6~|E;9ZaLpVA6#Vh0|8!oM-U(mg_B*6FY$cN{7b{t8o5oN{^PVDLzhbWKx&@Y z)8fGJo7e5kV()&gFz&-o{*vj*=YzA-xCEq9P%c3F5G+MDZ*nZRk#8tiuf^Kgc$lBP z#LFB%tpus!$_7s@Z;$GWNPW}%|VOEX=UVMt0pd9$(*1|P*mr;tuY2!&^Y1kK`~%p zEV9JVOo3fD1Ou7P-{IWWZfHwF5jpBYazqxLHGZ@Lk@Y&IgOk+p0iQFL6C%*He)pB{ z;X;+M3_RW=^q;y$yW)SkB3cixplT9E_i0@EK06UO=qD3Cz^{$HfQlpY;!P5i^0}!W zoF|oD)e9SL{3PEdOj5w3l9fT2J_6eM zN12a8SjPn{HA{y?Y#rHh%_pUVyy;Xg0NZ-Xde^djobTP=MHZvn0c|6ouZ-!0a;!p* zz4gJPj<^drZN->hEogcvSI)ChXoXP=waob}_UhR7r*BIjMPOOK1Y6^nmHGr`rb0YZ zM5rh2H10PT1ulhU@82cdWmOt^LA+vXcwwFz68h}Ui8r29rsid9{k|kC_FEO!`woj~&1?wHY)U;Si3A2|Xe@6jI zLo941 zFI2sN*u>sa3m-FZ$|mbv`;1qTH#&h{aJOEO3AhU31S*OZq7e^GqIvU<)x(w8-rQ1(k6ZVT=Fr$YIe%2(Ik{-ym1D`2+?q7P|(O@6m`nH6oRb zd7B`sW@kma=3>{JwmY#U6@yhpk@a0Zx5H^q{sOfqK6r{suwt93X5T$wsjFU1ocs6JrHQ&c$Dh1g-EtDM#xfJ~jZb=0mCQyxSd zlUetH)`CWq*U9E9E*Q<^XE?l-C1?Jfg3~WwIS5X(WZeg)YQ&pAZvD~-dzD)C!pce$ zoFl@TkV+97!BMLqlsM%&veSd;R>V4--*e%lQo4n`j2bj|35m&5#8x9n8elUfsy4-D z7D0Km-k*`r)1?OYDDO&$bVe!A>3#{UjUq^=W5ye>b=kfUVWvK0e%CJ$l!i5Ih8H?= z44DAq%}Lib_YXQ0jia$Vn7cUxAru5be+5L;>ukn)1P#|Nfg6RXzWVXbO6SAWpr{?& zaJ47-xG&FqjTR?*GpX*qei=8BZ;U*w3_KTvP@snT@HB&dC>JHEc>qQYVcGp)VQsaf zd_A)p7VD>wpWteOOn$BZ04lW&miX_$fG!mfVSJ&IFofaDerKSaOCjzt_GzuT^CDxZ z%s|&F6hZuiS#2snQmS8!KKZ6bj8;WGIZK8t;=hOl#>X4Y&~zAP8c;_IA%8E#o8VsY zg`?i`^QSm%)G6jDb`18)6(<+sBsj-^uKGD`X+T12B=|@F)2It_M8Q@Wr+I}{IJabE zQbvJOJ9U)jpk5GUu z(qKYopCgU$Pj*Vcowl29-+%b_0)ox3)1h_KM4^K5e8BfZ!HaG{F%G0HW7x0@#V*;i zr!fVnYC?Xo)60?)W@`(l&>jq+C_MrD+p)a?+LfCmg6B;;1Ui)Q!Nv1C5EX1FgaZZD z#>O%wbgBeY@2m>k?ka(LU9f6K199l(Z>o4RulWl4dKMj?dEq!vWXM_A{uz3^H&0@+ zdJ~tEvE%XgpUkc`P zY(MSO<#PU+98qFgfaZ)qbdB1^ z1Ho(&aO1G=-r3q(I&zqoV}~tLVmt{NsaHufki21R3=^WM&1}=kKNREpl&I%Jo`bn? z%4l#r&IUn6^D&PGO|=&3O~uofHC9^m;VaSBs)g+Q2?ws<_SUcf7a)w7h*aW3uZ8*O zCO{iX;~^>mh->R(SN1sB=4x#nW}rG<&3?yQIr6?OzN*IShbsv;RDr!aI0ODY%pRcd ztxC^y(_$rQVmT?$Ta|J#+A%Zlr)s`e8|{G|*-9vRR-b^9fE|wL zad!CZ#^jh_QEU$K21EtOz2c7&X)@(*oQ|w&;JsLAogKhyCn}Nv|5SI^*ii;!ydQz4 z=?4Ram4hys|HMFgPPNq*MWst+#A&GuTY0sS+K{n#tm%X=e(e^H-VE#QFn z`(Zu5`VgaV#DMjj9w4yIKqNvu{G8m&m%17oOvdNtB`OoH(pR4Fyu7(#ye+=Zh4Sj_ z9Ubfzch$8B%vBgvy7p!2>#jaNNy~#>;_O53P0sab`PaCGkNd*kce^?9d5Uc4%Jr6h zYewAdS%@HY;kq>~Hp>Xj2aQ{wc|yA2PW#aJc%hl!o?k})Zf^&>o9>$%FrWOc38=St zyb=IQpYubEv0fFse)E8q#37~@!c@AfsnCTV!t}#M1vE`tj`|xE)qU>`%I1L>s+2_i zw}D371I-3si;)qooZ!Oh_8SM2Hn*N^1a@T23XrlOGGep%S?nEk{D_zbZ%XXKXu)=X z7zi7U8TvxF=H$Boknxvyl&+z#QpD(in;S2=*)&iQ-+FsYX>+4E#DBA0A94?$g>y$( zFA3boMm%-xfX^O`XCUqbbx)F)VpbzA_RBt5YKVQ8Vl!fJ<9>2Ss+pJi4*~t!*hVmi ze;+~sm`iLbX_$7~`BULX7nKn-OfIah(_eRcttpl3QB7mwW%p;ZZb#y7&xHBPAt!Cxfg^(Rmbs^GTDgTP|&sBbUyMz5yAiN>AQX zXY5*|P+SW+ga|Vz;j;TL5O(Yd&I-oWl-#FF;<84}onz5BsdRluu4NFe_6}|Cv?JJ> z?h1cZr!4uR&3@t&H8nr&Yug;s!$fc*l*Stxy+$rg1JDwC;V^*Jc1uQ+%Xr3zVjgNf z1ApBZH8*#*K_^Vqv1ziw=aJgPV!b)>%9;)cmgiaw?8&=|B?F-SRS8sb+_YZ({C?Ad zSZQ<8E`=AbqpNcqHF#?l36d-TXiYw|N4*XP5 z;836PPSGMKC62Bj#bs-=kfE`a(a=>JQl3#{KIjQC>`PVf1>D^!z?R|!$epic-wozP zeSSW_$}*$>)3NEBYrcAFb*&qT%hru2@1MSrJY-f~jDU8dN{1#Eju0&gI73wQM_}cp z?c_p}o}AlnYq7p&HQahzrF4Is^T{ahW3D%F&2Q8zMI-wmWYW6HW|(NiiZ1eCv+30; ze=1_CQ^5ukQ23=P?)Gz+Hz_PzLF@IB8n7EYZd-byn3ornjPa@8tC`l<_9Mg(h%c^| z29}9O%jC34pLgu=POB_fS~O~2Y`J_nwZPEcO7of5NF{*?{|4uRj)rGK(eVQSdlzSI zgC-uxyj)|VUFxjuTH*wKuB$Xh-()x(t2h1G&}S!dh!+#m(9*{hpRL|&>4GuE_Q7ve zL1bKuoELpc!){0x?Y`d63ht0H!IO%S;fO|Gxc>T z3`jbD;Sj!uPTR%I%~jgI)e3OOQOpx7KZ1}YemJfMaMSLvBskT^i+|ty$3y9-oQ>BnG>q=aTi)T?5WD7(>LSh~7NRuk-qZrN`@f@ugN!CY90_12+Sh>An4 z$?nhBy(X@&rkbWLEH$bjP?6qQ(J?kqqhoYiBY!NPQ zbC`6?h6iO9;dO->Z0e5(9_G##=pRm)){agjdEl-kBcfvtfvO91W;{78Ge2Tj{1khLfwc_n&j)xh6tRw%*ygDw5>3{Iifj;#L?>zc zAHC{iI9Cpyu)adz<|2a#Ob1_AMT%cpb$RI*J6`Kly4;gh-D$oOuxl@TnJ>mN&hlNk zLbpDx$Fg=_;5t`4U>6|1uZPa%NAs6gjIAH2KbrQo^xWBqew?nusj}2KuJPs}v8)zH z&z0!I`T3A5K0#(n7@(x>2waM3V!#G6^mJ-kx{(ZiWFF=v3&x#v$WO>1p=7{9FCK3U zB@33rUPa8vW?OZkuUgEyyB=|8%O4129^M@FjKA6$OQ9o2k|L6SyG&-#g_9NE(rJSt z-&>~wn*PQ_K5sm;lc!6cadWn|+2W@=bst^bcrOUL-FHmWlB&39uVC0pwa}#yt&)H* zP^54{Oe~yWywT&el`f*?yYA~jjN5j&aHgcgPntz-Upq!lw|* zP7e5}mJhnN58EkTK_$86KPO-7?IJ-rH)vN2$@UDl-hAPmeRk&J4~ArRd_gype=^1i zH%8$DSMr|uv)S4=Vy;9i6heJjlWnoC-=Ft z;!Lqb)&2r-LN30t+Hz&*SjA<#&%KSiO_TjBi%y-nH$32J-hxatdK3=rKM+97MW3re zSf=)IT2&@H;_wxhKEHHzM;Q*$O}R^7EHsbRr9Izmwug4z75XHpGtZ{}nTv#Q6U+2* ztuZ=Mi4(_!&8YMTA|_>8x|+MEeOlV{EV&*vzZxU?qUA#=+8mT4D|Yv6)OLSJ9q6yK zVuBTLM%bki?9huLj_i5Pv(!b!?ZaV)uCmwFzAY4-Y$!S9`A)+E zh!Z|XF#u8RXENPMQ*EwZvUlMJd^Ykmyyj_S&FiCU4?%LzSYAK9S($N847oMcn7lBx zgve+vu52!?*vVdbmzid*vFI(xvHxC?5#}im_AF}M=7V**eB%mVqlDPOLlQ#R6}1qS ziVNQeQZwI28Us@mCE4CQX~~v1w{<(>oO>a0ywrZ) zQ5?t`T|>RaX`*>ouQttz+XlwR>jhS$)dvL=Z`IJb}d!b@8m$H!}e8VF?3BMEgI0$`ZK(JD@_Y zC2+BL3*TWCXK|Oo)f=a$R~$Jxzwp8unx`7ENniQh`4?@|5XvV~4)}F{gLCus_79~^aT~2h{V-yF;HH9+5vJKwaYnZN9%@StXW)f z95UNOEYkhxi}?L{iLX0)*Huavl@u%OQzaX2du5G!gtf(p1l0h_<9&U=A?BY9$H@LQ zzZa{9Td(`L!{+24G!OZRReW9l5MC7eGOGZDUU12LtZyA*JI%ohmCje{@3*!X2k`V+}DbcIBRePDx=Z(KW z_v^#Aeroca0IB9e+Lh7{&vg#{UKB+nvfX_-+Y&1yth+Q}IV~>3mNDrX%ox;FO*!tW zZ!q(oN-iTer`OhPaNi^QnClf6d8g*NIaUpc-0lzI^sl_1)o+{yMI|}qam-}*&Z{>x z^REllDIv^SFAAab@W!-+FMAw0RDb3I=bx&mt-_4T1&m}ef z3uI8`$Bgk^$rJAHq$&uW3Hd5zpf+2Q2_(1xv~H|oP_c!%uFunItuhOf zz2T{X(TsH6;3?R^wyAtr{j7?CsfVB&F| ziOmx`N0Ag3us<2O**&5`1Kcj+%UhK}zuVxUkj04JY^J#Iv2}N1e?i3nnOAFfn#S{A z!mr8ErZ&wno7|4#c*B+PhW!rEPcVWW?3jp%7P;76yuf4RSF@a+0B;QPw@#bMJ#qp4Z+V^CFoi zE*KID4gIca%)1T>I3kB|bX6$$~YwrrC#mMa}%!yBexDW zd)y@=XgAScLT?hSG4B_r_Y+d2IE_ z`#Q74qn-zS(dD>v8mR=heS|P{Iv{FaDbciG69G{(ODUYg665O#c3f zp}jvQ!&76KbYQV^Ytel_ABlH|zv7~IBM4zff`wLhMr+i)I7=QsOgh%UeQ#jQztzG* zTSvxjdqa0+{sX`QfDRtT!zhEfzgaih=erj}*?E?BZZm{0Evv)#?5H-=6(3Obui6hi zAKp8@P^`sZ&C@swb93c_@8YPNv3?~MyRsPY*UZ)1th4Q=6so#>Vu|^r?h?;FZm0F} z^PE1=ZJ42^K}-y~bK*?!nS@LJ=Y20bup#{fUi4~4$+E=)W74$%uBGaCoyv8n#>vZ+ z+OK&)8~P9jtTCEwT|J4wUfM?!7cAz~&9jT_ZC`F*&By0wb{RhZMAgDKTQG2xK;m~x8$;;l@M%2jRUgrVFQ!EglW%+8ceZ+X zv*-C$tKxHYh%CA^8DfX>GeYI%V)m@bu~XAVvl}Py=>0jpgB3BpRMv+!hl4C#7s)kU zoAYgY#c;G$!DFz-iQY=_%h-wjpR2KGMoV+uIbagJ;;dc9qvhbvHgucOurDh`;<+1} z2AK;(jo*C~Sv)~5cs7K!^I9c#t^c-qxVJ(st4pqeCM?iNpfzvu6>Sw%A`V0{Cd7R~ z?W?ZPrJr6%KS2B84@3HW1bA0|y60A@a1LGL);Tvttj)QIu@S0B`-3LK#`3Tlk1-E> zsPM)S)$T74D@63%0_Tr*=yj(y_aC2{+P>E`=S|kFeS6EUt5gQMt1}mwu22a(ygB9EAbwVc+6&IcHA(8Hg_2(xEQ|m5%k?Hh)`lv~QQ>-Z1Js zh3h~n@TP-qfW$x|8#ox6s+($O3Y&I<@H^l^XuBg+CVUqiQAMYkPi++K60WGYIA%!< zL=o9q-|-l}Xu$+F#)$w9Wxw5O=x~PUZKP|0)sz8Hl3^S(Zuk~Q&RKRwjnFaw%i&|3LJxi;twE^Ro0~xQgP@kTp1&E4oHyNcC zE~VaxeHc+l=Sk(w)o9&Y%Sadx1_4Y$MNu@*KzmC(1YGu2tCGrCh_q)*Myyq%lcHf>uzm6U$6?-$DQ z?0LBQuz$7nQbgb6GGW5lN<41&j)EDA;V>7Wef>}+jN{!yE7Qu!Kni$h3y6E=MN>o+j4 zgF@iPnxdjyjz|WdMvuCBGu1sodfg++U;C2ul(8sT3Vhz4^b4i(MM{jhsF)18-H z*MsEXTSWq4GVZLoI-`2c$IrM&`HI6#O{9A`Dpu`@79U(~v+y>0$O6#e&`^LRAT)vT zsYi3>!*$8AA$_q3Fx|4FF_n8rpqFBvfsub#wD!h&+6zD_XxTdrwb={#0s=k)DY23lq7YP)Z?5y^lM$qB|Vc3!{ZV zu*GPYHrgQ>XIPANzlToTY>I*w>}osrBJQmzbcno-Be{QEFxWGYq`(eaIESkz!5qO< z*p~a)YP7<@2Qw_ObvG(0WzneM`9^?vw_5b7Jl!sP)(cC&H_k63 ztrN^(ag9fHi~f~^#;i4|0#HhrQ^O12k!C@T!tvn!F!RN?=R!DH0Biv|3O)a69m2T# z70BJWrmkB7sEO^J(`U4lYi()TIn8pz=N2{@^vkDpybgqZz%<4oL5Z|CPkN?g&gTxX z@l2!aj2Ls{slR+4nx%8 z6U{)^{S+woLNHmt;ehMMB_Fu+xSy-+uh|c^yiGc*c2WTE!72#d#}4&-QXenQ(3vd{ zrmILwd#YcLQdeWPvs1jHPQrPqHl@b9T3i)h50NN!ob$yn)?-=sY#Ap-B*fe{$7w-& zSn_l7?tobc1tJH!=ye|(eKGThX3<|iNYVu+d+o!)A+JyJsQA{qO5)aQ)-S&w$4y35 zlnM)6{;{&8`*v%~``xS@^Gf;9VKQj41<;{y%M&l+0+|ko*OO!AIHj?H4gfK2B1*>Gq@WeGf4XCjVWI_5HXq4- zV(8sKdWamn?x7Tg2%@<9MIR$L%h9!ngX)^MRm)%bQ;Qs%8z?fSpA(-YciZuCnsSv} zMJR?Y8GkbpdiCN%|IDVRcbiyo%_l)mw`}v4!^WB>hbYvK;usTuuNxKb<~*kT_|Gs- zU0DNuH8Dpx(`tw;_A0zOWGD-zT-+DvdD@b9moqp&MC?Vy<+IHc)NPQY4m};v2VtJ0 zO5_uHfxjNcAqF9KOBH1JM z-WgA3zQ7rvvw9L;bg^MYW=;f&S?NTh>3v51{8u9)o2lHjcCl`s0)eF}+VN+VzKSUDXV#ryi5 z8XnI3Y}Y;eX3($WS;*M7qbXeJd|-PnHP8rf78k?0B7K7;zI1-WoTzcdfJ*Awo|%2zj~ZC06y@uTMxk+c=&_0vJZvD_scphWK1G!7w(;D$t}d3 zbWU=4N_A`Nn;y9f-YS4L->G(DZY`N-KNZSaI_~=eL>28{=9F3nwLAd(}KG zT0306J0_^wc&l63KExV@zn2=Yl{p9C+hRZ11ZBpoMqSVA)F|UnMFacDw1=ePZLim< zhBn-%HnIh|&0|b7*|@!J{j^Izw4ISg z5qip$`XWV3O9Ro%1EiAX)1J^bfd?IsM_&lnzgf{uHU_dNu`hlr5Kh!FJqhAi78+r_ zD0!hLG9jdrJIY=>g|YMV>dngNQf<$BdfSltG>_(_)6TB#rkd|s_x(20a&OP_pKY>u z);Ot_TU(0S9abONbon&!8$4_L99>TAHu=T2 zPUP-491-yTAx;5t>P76)(6MsK?%LJPr!Qn^>PQ#tXrqNMw!E<<4sbkFvoz)vJEVZB z+^UQo5Soq;f9$c*V6oT~9ORZ}43pH9Zu7qNq1^{{_?k86h5mNC@1%m~j{Qz(A(!(_cFO}w?sN>5sRUHjC{3`RN_;X}@%mJ*uQ`4wIkLBQrSl@%uipi= zjld+@mDDCfcqpsO96d+l6_Q)}>z7sOix>2!x5%|XAW2vP@svvhw zY+FX*u+HoTovGOlnMs>+qjIaFf}(ftSmWY1Gl2TRae8u(gKiS~93W_*1Q!3E0rFpS zb>{q+k_ddPui(5&aI&c2e59q-#3NYabSG4DO{>|ZW9Vc{!+11OLo_Od@%tlP=gog< zovyX2w*PKDue$XMRNHpnPe~l`VBEk0meTj4lVPZLIe;3ukieD>Z^4su0`#I@Pj`Y? z_m_ea^uARo6Y6B>wtGL6Y=*zL-_4K+01(D0#1qvDUEun_Ba1wMEf61>Wev?1l9Eb zW7)a?UxV0;`D(FDy?`Tzx9%1H2*6x@vlZ3VFDW>L5pqfi# zK8=Rc<+t6lsV7D!)K9A~<=z_e9J35KbB0|3gk=^@+hI%;L!paTF1q}3tYN&XwrO+%JSW+M5*RG5#;9=;+(agGs<&a z@MrqX7=Z|sV!1wMM)j#pO-{|Nlw_{IPhC{QZ;T(yT7EqqV(IDWscHW!(1!jW!8ZT* zeK!WoQfPX!VVEIIWO5E*{9=8;wf3Mpqthvwz~)X@AF?~|v}>ItR?_FO$aXN_|`0IOVg472R0YLJGFq(6*Vh1# zB@{Rr;)-U{$i`^v4t>};adz^!F4O5+GQg`BKwe*YLzstgc_KZ*rubzB{a+C0_O6=ru7FI;K6Xpw0b8s^lZR5=iD=NJR)fFl9 zIF4VS>zk!`z$s}m(Ne}s3Gj(c^_(Uw{sMg)tjR8^9mGF~?hOb0+dthrQq(NiITd&E z^Vl5aloJEIwn;qclcFkswcZ9kad!R-G^`(jmYLQwdUv~ah(IKp`uU%KBpveaeo+Ut zPXGveL{5H$?h_y==G9Oi^yKsxD5VIfJ01Vsxl2hwd|w0bzpP&@Ui*1I?m)Q8MIAD+ zM!1&_=uZp(>8vI@PMmt;=ocuIF)L*6NFIuP2$BB<0*9QD>k{~r|LLsV`9`M#7)Ah@ zSpt&SKEBN!2|GMUXuJT{Q%r|Q{iK3W@UJiUv+-LcnPqQ#j`UbED|*aU)Zhl6NB1xbQqCKO@iA1mIxbvAtAWJ2wt^0AqrYu_dJOY+Z~ zHLturR`a!GbEt9`mxC%=z`KjphUU;8t_Go{>qloyqTqvCLW1*7( zmJF4W|Dmg!jp@^Dej4`F){CYlbSx(9;kT|=&526yk3H@#`#W>%cbt6|Mm$&^aZh*H; zcl6=RdV%m<6*g~kN(foo^|fL64AI8IQI+cp)9U>bS3c&4xSah0Jv%{W;Eoysg54C$ z*4Pwh#yw73kF*C?d*1HO7>_Hl;A=u0#F??-eZ8x!=&lS*Wra@WT;>SXr^W`27Znt} z6_=HY$ba5W*LJ&EP!Cw}++pgyO`4BLrd<(D$|_zO@d@yRzkL>Ut!+7yvL7VX!(Z~n zXH2+%krRs0CWpIyUoo3w+f#T&A~JV+i8r?A$tB8!OT%P&s@yV;fBSpdWFLQ0oyOvH zgQ#Dxn=v}l7b0wIQ30c1qBQ0 zsW?<^3}C9?lN_1H4XDgc24z{Ts?O!iXhn|i^Rm7E%$=lsi6_N&@uu=OwV>$xbKgVg zoEWo#xXPm^Gu}(s%s}%FCq@(d*g?b8nG|JAerYS~Yvb`OXj9AnN-4IylPLg+=f7jf z=g6Ve)}m?HOz-kOYQaQ~goSADo5y#Cv4h;)ckPkO=#MUxuF?&|@ar0{-5eZvZ#*K^ z6aaatXuDm^7T!L(96W2?FrNf5$RkJ9CP^4DZc7@~-lM>!-wTuYsPe!7)p z{*3QU&!*qSTtwp3)o^NFyItYs=RO?Z$J6VxjeBq0s%i>M*V`iJH0)w~?7V&WOigu^ z$w<7kOIj`*Fr2)yZd%))1;>#^AOOiqbBW!Ruy*C=wxV@6+66Js{5%LBx|2z0Q-K%H zM1G_8Rs`ax&!skI8pqo_UtNs$Y2GFC?#pNCWX42MQpvW~Y0yWObhQcfaXmM;hOBN<^~F4x4tLoJxuhF;vS-vc zVBDM>M4Cw@HR#A;wi?d5iNmA9O~z|=0kfew%dv7Lwoa7$+v6GB%Jb@ zuX4VM1zl5B-x}BqIG-O~f(5Isw2pgCGap&Yn-J#L8jOk&jVQ~kPES2ECe`1x_i-S~J- z%{1BQ*@dtXUeINkEie_pK?S5rTueTujpEV4V)cN$&v2z0l)37wG0rh1KP8*07GO&$ zG47$72lrY67OA_yOb?>hvl2v0VG^)BsF#>KQh*y%m3RD(o-Lz)+SWIopm|5pDN{Z3 z2FcJDFZ`va+@IX3iCgdH!s%fH(Z&zb&9Q#93odgnT9X_a)4lF(xKUhZSA4F{Eg7!r z2aI1Jp5^aft!KC(IE6L4IYbt!pQxx6P}*EhnrDa`YEYMG%x~WB@!`4HF!TVlf1{QK z`}SM~!iZJy;fU@}W;FSBny$vLrAB9A$^12i{o@7A8~VybaqH{I{F;UyuB(bfXk9he z5cpPyU9E|_Kn8Dfnwx}X=n}6=bYh+I;yOF~_fiL!uoXRnY8g?5M}aZ>V(;4mO&>~C zNs2@X8du!X_pLjmrm`#|QVsCUMHj+rDiKHYSjHh!~h zQVLv&R<0NrJ%k9Abw9d4gtnxQ_%(0xvXs)KVRJg7EefmgCtEMHz4g&4!GNf1f z=O|AC`SD09ou4-v%_#(Z*y3lEY&D%I?Tug4Q?=c@uy#Y9L+UPDqmf)RM5WNbMR^*h z3tuYkn)+exc({M~=*owWl2PhJp-(Q!ZxEYH|AS7i-#pW}H=2{9pj9T&+F)lMQ60Rz!lu@F5t&E?(7ph|z)9g(I=56XIcwx8IAs8j~q zvjQJJ3Xnm>l2WpY(cd)$TpwMm|$R=Xpgxxx)z%-~S>x|7Z2r z|JeP%gL=?hUtxa>>ghX|0}d&|)4ULjF0=)oj)69AuZ>PL89dwAf3=cq_0KUushX(( zYuDc8_V`;kke*{b=U{FL)^5%|KJ+E2dUQ8RlRc6orJ@LR8Bvb48DOPJz=5A4YALPw z2pJXkS{So#R8@-TPKLgyB02?qA;r_bWq2U^SUV3BBumlC+u1}uy;Kx8)z5CH^NpC`< zUeJ0(2Dyt0>8A+N+55Qo?&Ui(*FW(XxegCenB<_^J*ny%XvvaxfS!FNsC$T_uH#i>QZB1r7dl&8f(_{9r z?y=q044qs+hhpxUpn}|C&$xuyDm6Cjw{Z&N&)oTlrdvO5HM%}Ps&_li&JTAtk=wmG zG92ah8DU{ZIW2^J{oBjqW{i6ncXo!c1y1bI)k-+LCSI4CcJlF!TaPKsR0~%ZZmw;D&o=}%ISabTi)XIuR)hPXw zu+~?ULut2xWi%>oVyej!Y(6dWBUk9Dhg}GXvC;GmZcWNh9LyJp`UJ^RsI32fY5(au z|33N8nCySMzZMANh#>&pn?M+c5!V6?IG`t#CxD0of`{!x8}X$|1goHmLM8!Q{{5Ff z==Jpf4`P-i(`VrVd449yM6HfC@`?&cO@UC*uH%IV!lFOAu1N<#?uuVa*N(a@X12>u zH?Yx9p%A6L6bkx2@n8ZK9gmYku2Fr(!g`rT${l~Ev52}AQkDw|)AN#%_fZykl05+J z{Izsd=sBBtpEm5&St|2wmKo)(@ET=uBZVx9mh+=|xb0irX>exP5CoLdKN_AFSrHGV z#hPAAH*7ez)4k?EloHE9;`yS_chI#c^o4)vlRK<`o1+*sn?&VhE>4;45<$=bqt9*i zr0!G8#hkR(s7WQ*hl)+A{)-x>-!9Iy_;|uq8f+D~Ap|(UTP)ka=i=-|?us}Ml7hb@KA>(@%b=?f$rBa-TBpV0&$aRN`I-L)}Duoeooy zMtR+MZ`?^tH!!K^AiUSeuFoo?eY)StnEswH^y2jm+)jK0_`2s5gs`*3WIEr--L-RA90)voMpZCb}GB zorT_>y>O(@4T!vabU>Yrf^NpX1=VTjRy(4M8ljMjWh`B zyzi=ggn5}ZRo#jVeBx?tL3f!Q$vzz^KaPvT%>MM__u*mlQn1#2J2z<+fIN!(1)}a| zTI%ycuJ|r#FcD=lZ>;c6y&6QM^w;u)rKZvUsHP!-sGxNF6GfY##Cwd3T?ODQp1b{u zx-%lFb;b#)!<6q+hpVlq+lzlhlZ~v7uLTdfFsROAgj}FavxI~3@wnp&4xB625H)@* zsxZXK(>N{8Z|L3p?l&yyghr;xe(SkO z;;>9Ux-gNxXuh(D7hl}Un^IiPnh*4;uUGYVD?WdKBcD>dzsfKJu_^5<8xmHzPC(}; zsk&Buun=OtQoerZk>vGdzTVn-(duo9cD1wI3v(w7Dks*hI8~oMQVjvf`YDpU-aTus z4)53B#568$E$&qQ^ph-(&wre=Fs9&cpW7A4N^hKiHOE9^#gUc)5Ggp6VZqATjbQPJ zmRHSz_*QK3eN!E9t65ieDQ#r+J&TNW#JTkRmLa98(BxJjAK%6_EaNR{oVIgPm0)O4HY%ouUS;Ix71 z_>$uZHe!G^viohRS*TrGn+Ll~>pEp#QFQ3W_kw=TBdU(k(h0PYSm+ zU(m1@il!V+zb;jFXh56vQjd}^VA?026w%_OAZ}cz%b>=PCu4T4;Eq+?jT)~P z|ANl%->W-81)b6T!93?oIDRg)NeE!V|NCFaXQ>Io$O&NX{2_Q6^X~jC08?vK@!HIo z&JO^}{xTyZqx~m@Z0iZ2FDf(wLQdTAOqMryEU)f-gYoc+{y$-ke@(l8bq;YLL3OhS zdUF6`Hi_R&`{W>R3Y3|k3BuT;TuETn93B1z>IR<+&2tDko!pcFf2aX(Z-lII;WMsH z{rx74@TuiS>F3@-F3kO3pp#?p(HbBeRR6ap=CAesg`YG3??0GzE`%fmtK)&EvS74A z?{%|2NqRI4h|lFAU;+Qj3WNH$Iu8L{DKzBAo=%*_XKI?h5AIEmcZEwyTh}P%ezFD$ z*F82LbGDD|h|tnL(5dPXs-F1STxs|>br!cER)L^8s(bG83slJ3?z{#0XPK6^b>hzq znn*w=Y5Mwi567UTKkbdT(QTb-GWW09KSVe>gxk@u*SGcw3$BM#Uy|`HcQ(s}7Vey~ z)>L{h6z3LcOP_rH$P*{cVsEbq0*&xjurH5hc|4edEOD`!k5m&z2-l)@S_6K7Uzx3} z$1SSc@C`*B9@FU1cMXDd~eO*rrErJ%Qp@u_gF z0~J7!O8n_K1Yv`*ZVq58R{aHf903dV^+x&z8mb`fWqvGlwst~W#{f2F2g%L&_|8tp58diF$NPdqw(*2gdkO1HgheYMlwY`#0%4+C2pcBtOW>TY!D;c~J}h-jiP*F8 zkqoeE9G%=;zxJcHqtR9CKuH+Q2*uZ9*6M?z34CjI$FK(6*Z7c{p(ETc5Nu|DP#6i= zbC}&I#g~WJx0a};vi<_~FBlO414XTIm&&nQJnNfSv>$37lZsDQ;sxw~P$7MZk9E4x z4Dd{?8#Z4K57=}3R~>{!<~*)vB(k)<@JGHQUq2uS1y8N93D(q8WAhb!=qZ^~Kyn=RE~F2Zca%Vpdc|6&^RaU=XP zLW$l#0yEo*C4+;RakuMH88wmlSl?bMxw|tqZ8?u;tG)LOUVXN`S6{gNCjKL{?U|{c zY=AUGxDawvcYzJ*5FbpBy=sWEkFR!m`O5cXw= zQ5}}uoSfmqRDP=dktXh^?%+}6B2E7aD_LW-N#y6u4_C(AJxCHM(Hk}|O!dN>NjLkR zI4~f=O|?BxQrtt7K#Zabq9fPL0R@X{GS3l}W!sL>cF740D2WSr^3Xk%i&-JG2NW(z zJ+$wHLiR%`U=9;B{vm^mTNCE(fn7S7nLO83j9&&1_Y)owRk`>7i?;U+YAS4_ML`rq zs#F01Y0`U>me^<_q9VOS1f&x>K|?~3-UI{$1f+>dlU_}vE4@icfRG?XYN8SYgn0IM z=gj$Y&&>VK+JG%QP-JMN_^mTv8&wKSZ^b`kriU@$XpG(nl_}&C9P3>93%15(7xXxt{B;sg`BkK7Y@6)Cg8DLK59;A+ijWuqsofNKCh8t4NU> z#pH0rg%abAte-7>snv$u8b+Ed%1dFPnb+BxRR%n>HxOl8k!eJZzJiGt08S{>CnDD2 zP-|>H>8rRenQoZFpdkNCGVxC5pi1)U%bpud1&70w=c_|WKTh+&fF+tPbg%_&evf>p z0rMrKIyw#newYX}sBMxB%uwRwNu|EVrpxaO4x2foiSSlYnThcwq=bIl<og)~{w65dliDVwC{_|LDxknB$#^c*4- zUmALS@P6j2FmI!^g;pBPm3rkuom@5@%BL-eHXi^E>4`&RFBIuAjg?s0VL>t1T=3g0 z-X~l&%s$Z_6H7NbWB6DyGs-fH-Rh3np$8zpLTVy=lJ<*B&Y>7_5xE$p49S=tU!}b) zJ)V$wV>QRy(aRP2W?TcyuNx+=HaEZW9|#Q|1H05G0CNZMm!BwE%Fx}WIruG-{DbeI z!rt5DWofUxz3l5^M}3IRzrJ`~_c3?cXtBU^cOVa)X#6b587wN_vR@*4ao_rF@ote4 z!`xaU^-Uo0>iPs}J;Tyb`O8Gc3jb-QzWfK;1X5&eHsm>=9PiD)_ttU9RkL4rqbO8w zf+u(HLT7?UX8PriQNxw7308;7i>L!jqI48Wjy5aG+q_fD4i@kZ2T2J&A1G|s@VT~t zsg`CMbq~A1uBO#S-yVdj-#=?lnOZH0#x)J?=Deq{SWoXByp2@+Q>3M%xTcM%YY7xm zP^;@ z#>3^W*Ttg6OxSuZ)<7Q9rXo(u(H_F0gp4omvYpzA`h zc@ke?Kicu;cKDEDuczpiYc=c~`y?!vUu%}pU*2HHl`1*_{OIEq(?|r}WEJyaf=a+51 zpf7=a&=;uBC=Y^(&sX1-eB3VKghMZQse4W@jB$IJ>YUlDs|>Ym9TNGol0ICq?<=Eu zEDh-N^uDBUd_i0$8g`>X5F*pQA*!oiXIh0ODq*lhsA?9W3lD)V zk~gh8rVt`9vzvg44#CINygQE;ILgN%v+klwuo+r$Iu*E|akiT@-)pY@B@dxNoZqeT zs;0^{o5rD&+>-~C_8&5O&aGlc7*@^;Bpm;Jne))}2XDRm_dlL_Q6hHmprWo@D+~a;%gR*xjST_E{uZ^1}Q0i_-|A> zzie~xV*Q2NWSpNv?`=Qso7x{}ItVL;^TB0{V!~}b=7uOXswu^Fa6dq5V}8`9kA3@ ztN7!!TeyI8&e0Sx!}>cynNmoG5mA}=G3dQkigEeyid@%sjU(UE7&7)=@}Ll`*y@a_ zh`Yk0APK#OU!O!P5%QCYR2zJxYwx`8L$)WqI~F-n-yU@)mAR%<*rv8e6dm?;l94=p{|)LLVV*f*d(m zvW8B!A2>)}pMK=qVfMW6wcGQ%ZoP76?;*eM0E@iWSjBfh_Rf(sI{WVv9VvZQm1}xH+N*H&k z;E1aoSCd1&c5`-04Ph-Gs_Z`K`ugj3wU+1@yW7M#JwkqoDn{a3Bb%STqKPh1JsZB) zx12Yu%hYTwIFFX>Nq@=DDODsJLVYZt2r4ufCU_ad(X3cy z>-{Vcm26=2G<&q`*FxNitLnL>igKe%kLO2p4`R?>3us?aW-t4Mem@Z;?>D@BM{Ve% zDOU$iU%rU5FE!Cd;l3}A)-nce&NaF|FEZZaB}w$EA{IK?Q`W|~{?QHc6<;J`mSN$2 zf_|l+i-BTOH+5}ORdhL%xA7<+*|i=|*T##b>XDdwMUzCETT?#ltXw4V_d=6_L3FTG zYku%$zTD2k)NkS_vh4(>yJDqJ#O{lv`jPQS_L@T1qV+Dd?O{a%^(%jM`;7ySagmRxX2~$$gZ(wS%~@Pgsh0->tSuO}(z$ zw!4R5&WdmHX6%!^qYs#jL$^)*Z$}p zxde*llO0S}jWah2)U>bBKT>f_?XU}@&}R)0t|$+5ay(8MMEs|ae9=?TyHP3`B7s-WA50+g8g5Lt$+X8OiQXLq)0GV zyt?Lo<2p9+GdsT%CDlQ?-miHFI*~* zx!)Moi;DO^FD7LSV;daS)(;XvT(lmL05Pnsy7n`<(zO)kb03|AniOkozdtW8bldh$ z5>#j)XZ+7M;T!cJl0`pq@xX>+?z)=60~a9KBp|pPQ+xpNcdvK1SRD34FGAwwrUx5e zijM1H9{2M^4p^AgBgT>3EjWtwcpP!sTccaog?{!T$_i!sjR>94|G+B<} z<*Jb?W?}$><-peuOvDP-_d@7ApP?$(4tRdW)L;`0+B#F#S^v3pBXRM4#4-ZP9%M$Nu2*wv5A(eX~-fg!z11Ec-TM}MBDsd_A|HB$!l)s4_+`aWDN=Qjy|dl zY@0m2SC%Y)22hQ8%c{(?~3|VGx7IRuj7?Cx%$(tz$%7Lx&?*UZA+WJee`PUu zG|f$StZ1m=8a%OkZFE9Tr&k!-oH!46IIRODu7?Q9akR^#7d$&5G2IRyy(H|uzb!V( z6^cj=BRBM23~;-B^Y@*;vnJ6uUj}deqhq1z0@mgLEHEhKXMt}?+sG#(Z#Ne1Vcu1` zeL}UpH&NvYLwTyzJlMBUczaovqb=w{`3XNDtpiy@pXMMr0bL$1tB)41onyPLNYJ(U zerSr|K`(f5+knHOjdBH|f zQ~HEga`2GEf&y5^P0|?$^9bMHoteQt(l4`2>e6v?dwP#N;@qV_P?$eVkS55vB#S+% zGOxd3hzrfcCD6smdZjg=u7+~-$u?FIaK zjB6>hF%vy_(LENIs{U@jGZ@oY*|S+=SH56-;c`G*?{@lWX4U);m}Cl}RZI0O z{@9+vf&jOM^4(vm+Rvtpkzb_Kl< zs%O*T^`tXN>S%48oHqL>OG|<-O4q=0sMBJ%>ckRwiv}P(E*%X-ivb5exgCr7@)(D9 zzk}xXyJ`-1#f)F_sp+LM#4SeMkc#+^YCCVpK`O4TID5^4&2D)B-$ImHPS1=C_b1~p z0X;znQnRKqcKYQCwSu_}dK`2==oPi5`((UUiR_FqRr9NxFN2|NSc7EKSC7ds2XSUiAG?&|da9O} zy)dY(0Ew5E=I{kK*&z&%mp|==x;QHDjxffpWnf|laFn|tB>k57!2rd2*@3Y{BmP!Kw}PAMnd@mcn{;U|I}>THA+U)sCM z&;Klbo=vKd56gPhyh46oFGzRZ9M6%0Y#ADaT%sBh(S5OabAB_TO-iV_q>pYh_t)t@ zsA~Gk+_fi4tci)vUbc^uIAtEPLr(N4Cjj@573~R00W-ma<^^pMsUB<3_n_C)9lW{= zPxLCX+&wqWyI#7z-G64tJL^j{76HsdfALcQ#VU75KloVCGS7Pc@$K9aPR*ilLe<{I zRiP7eRmE<=j7+5`+{aU_yTfN$cKzj&Sx0KLZRRC#AZ(-i*6QXE_8%PsVid=M;DalC z%IHV)=$lq8v8kJlKW>Oxp6EQL#^|?8(7j|nM~t|@EIgEe{P6?qeQ?4bB6_N>2_GOP ztR5sGxB<6o(Y-*Tu3id2p|rDKF(WJs+S$$6P8F=rJxaQMBzQK?RxbAMt+erIr$q;d z@>ivaE`&7ImeRNC31=gQ_dfXPe3jC&CbN-cwupc3#5cGy3+?F4(hOG4&BtE)rr6wY zu0hC^5>7x5O~m1Nsft7_Io6!XZn`^U#(oR)H-S)q+dWQY?#3<+$oAOLpHchBelG~| z7!CZZY{VwQN(ZrzTsilr`X3!PRj$yieOmu|$Wc}Lj&Wwuiom;cjA14`zi8U8HX~0| z%a!#YPSanGRWD9ZLEr zbHg2BEZc~t`3>|Q2mTUZ)(ORc=2t~AA_h!fiZ7wRA9}eyIpZT(12T_k1*db8?!Da% z$~*hG;FM=xvsSOK;A$yB_=yYDr4lptJXAg;oh3xgWN6XKw0;D+h$V;3q6|FkH~07n z$jh+#p3eGyMepNdJt*sT%Dd8;(wwqZ(D=2fY9z6ERvBDYFlykGv&h|&tItxIiouT9rJO)KmfuWIf{{d%TM7f=L#kRB5 zjHZ}W&Fhkz4XpuFH+jdgxl5`N@NN-#pD(#!?meUn2lv?8XA4u*v=WG45B7`=v|{3~ z=m&1RI=rmcU?(Z_MBqN1+)DXnEDtzK4blT+g7SQRNNW@cE)YcyWci* z7(Xe|9nzv|{DxP?;u4+Q#-HjVN4Qvae=S88%jU$UTc$%jQI zeh}Geak))h!@Fd{w_lcicEY#$`pe8rCRWp@9z7aUP>{520P#okG)Nq ze|`d{dJFRISH0g-+d&D>YrrbwnQ!~MdR8Tk2UVzwUB9ACVmu2&?haML;Sh`s;V z!SV8QpNlttP1T`B)Nj_{dTYhsyKb3#QKZT1l<-xH7X^U1r$v=_CftHJUc{Ir9ZTy8 zYSXsQd1H1)?he31zdTwRtzc)>Zgh?H8u|L-ADax21ROSt5QZ5)q!_HK6ibmzsZQ-)UTlQ!u(Cag^|arVNjygaR-invrH;j;{@xAF`fr^m)0P!86LW*0?=vjskCg z75T2JeP^JJ;$|mg+3K9$o1(^`bggQW}9{{c5c5n z&o(DU6(t)F%MZ5T5oO z7<(=`{_K_~O;kkj6p;D!RKCz0FIGd5H=P-cdTF_5{X}u`a;pEhp>*A8R29BH8Qf|- zq{sz$Bllpz%v&Oy5mkbWdG$j9$LZBj-*wh(eYXmPm-TsuD_;l02-X;&iuS0-A%-vq zLr7+?DKC)RqW2K^AB=ZYepLVzGae4{v9ta$!ceF5MZfpc~(=x$)TK%KU5CNKY}qGp2I? zC6pw0dsUg10}9momi#FW=C7#afNkB{gdCwdepf&9e$Gpb^idL?@Q-Al_jS)RGEgeC z1qgdL3)9f@b8})g><+kb8A5U9ZTGu3Z_$;>%d*UMv5v>2>}KqfhOb8Vef~(B&hCZQ z%1zidN@8)?fna8XyTLM{&jNUEg6fH_8KfYdc*-nmUIB_pb>&y~3IuePCU!Y&R8x=JfjI zWk1&Fgt_~u8(8Y$c|0;1+e0^Fje0veK{2NS&DD)lWuR^n1CAchp}oNMApeL?|Dz+S ziPDrha1=|RmIK-@2%wQV1hfwy!FUU*`ail-1h6&(07Qgp$Z|yHL6H;i;FRAlRTh`j z*g7tm7G>TF<;l`wyvJ*s9mRZXeHehT=!2ZudiFxMF1y?T>x9j6&C&LM_~pZ(ZTb!I zu7YvLw!e35wt;!RNiWbjpZWjl`mf0w{~a+80Fw`n4}j-X-=4qwtmyQxF5fly1H?qU zwK-`sf5I?bQ(+Vl#SJMz2~#Rho=|-zl>ru{Xan(G5?(qNNiqJDhLBH~4R!Ddcl-Sm zR_JCfFMFOrd@}}k-A_seQNTe03^MVSVu?Pw?i(c=XKq-u+$8yb{oxuGq*Fg$9|KrP zl|+H)s4}e-9nweK{Ym}MRnN*9a3kMf#P~b$Fs)zqW?ULlPal31Sf=;=BxNFX!>g=I z$bg@)30S9l^nw{^!c?Pas?gOmLOmC(ZsgW%w`TQi(kOhO6UU=)av`$x?Jb^~3b|`v zr8S!f9LYEl0Q|Z(PZNWOLOFIYanxKskiaBd{VZwiQJ0!>reu@wcuB~5xatMUrYFed zB(J@x$*RS<17psg0tlf)xpJ1OMwW9x10uCYk%Z%duatJV)+T zuA+G;Rrsel1m$x-Cu+P`7)VzO316ERCMLo~iZ+;Ct$J3lk_tR$hP*B?i<#Sb7F=8h zD(uper*O_mKY)7e)JV)l<7M7OQDRLdUE9sg%v#$6irtjOe*IA8qwfh9SknuZJCPI> z(l=(>GpK;8qo13?g#rIlq#wl}FD|RM(i?8Zt>b&`7w`JuRMg0P!O_r~@tz;?WDVEb zg^R_V^E(vfgslxu8CTZ5By(e1-$;f2{?VEHh%+wk#<|SJN2^&pT-rz*o z)qax4xn1BFci2?*Mk?~Fdn*_7)wKM-vRt|hVDmbhM2w9-O2-~5^B zp5Gm#}0&y>~d6GZf7M@oGa{ z7L5FoXOU&*kxuq{=Q&4z?qgmM_II4XgK=dnth$HBcbbT})Ye~e)?&?q2?CJ%FbgmE zXd|t@C2eZ&)t=~IR#W5bXWQva@%p&U)JfH!{YU3x&OL;&&Le@aeF#NjZkwM*){e;K zvFe}dW$_lO{=)iOlH=cheP23VYr6!^LtO+iu{Kr9rvGcjJXQ0w9LgV$>u*dEpcdBZ z_gqZZ)4;v12tuFNR8Am^HiKhAN*0FtL6YC~0fQokL3^vO-H{iDM;?1F z2`zkId)@H3VqdEFy-Th&Ik7tu;K;?`+BnkRQBvmxt@8S7!F{bO!k@Kf%=|)w&j#9S z7@17Pv=!VlJ$l62ARwUVgZ(6Uyb1II7!TmqY|*a_&~BK;i0ic(@#WM0{C0EVIk|&E z)iN8I7jE~D>Cc#*bicoCvY;XvqxYF%$oX2+=?Az0v1(vyD=!a8td;nFXmD?OWTZX& z0e>xPHS1`2?Fads)aVImrsz1LV+O@f6vI#Z+${wd+TsmKqC}D~nD*@!^5>j=Ztlu0 zefib!A%HA=krGZail|+m>o%)}JCLMG61u@2x!tn|_Igr}4DXLNRIB`!?748Bj^Ew- zSbjkC5=fPLnWA2?1HM?(yoV$}Q#BnTC2mcIw0Eb-Ko5F;DXza99yCmpRr`AR%!1(+ z1d(b?oFIpN*AK4*7WTdqdym&FD3y4Qq+|T#(nyL=qA#_>d8!{Sj;3swc$0uhW zavHCzq2bnB`s`w+j+$+GThB-yw+ESaz@qAZwhsQ^-~T(ZuyYkM(&wG+(zea?`Py3X zh>hSW*EBPA(YI&kb72|%B~O6Tp^qldv5Nyf6G!n805uSVz>zI5h?x?kyyg;Yrf+Qk z#XjFH=k_bU>7BC|?Xe`!$s=XH-E<>u4~c>~AH&lSXUIH(pa<|u!wDICDWv)v-INw0 zVx+e~`bDuF;Abp4tx2g9eem6{b~$@2pWv6NQB!e+HCEprnyJ$aKm=U?@5r}BBK=ym}&61G9kf#TD)<| zTTmd{e`ZwSc1lY{_7zsP&(G#nPwXf@))Y-*3LY{5W&OCkjbl`5#@cweCN&?erVoaA z^!S>I_jX8>bI-@FiD(d^iKuh5VI&jk+7>AS0B)TtLig^NQo>UPTxhddp9GdWZN+q$ zs&ottdFEHyO3b!!E!MSOWmG7omf-2qP6YRzx_R24)oR#n@9t`IVeQ&@`gla)S6@R6 z_2ZA#HQo)#MSXyhdW)#nkLHAjy5RLPIJRk`pHGnSyAKJ%mgb*Ots%c()OWD9_TG@3 zYPz;iL%%#difgJ*JmjEAzX7vr=tU^Ot=`)@zzR&9(Eq!9T2JC8FH?d^9IMiaR55(D z`Mpg7dmDadPwSvB)}o#3=Py%V(#n{|nBbQyEf4n{5CP?KI(=r4P?p)b8PqlJe{^Sn zW$uzV!J!0&-TlLQPQ%JA-C*yB8rFO>%N6yTON}|8hYB7NL5Jf3Y|q2{#w^IqQ-Eu= z7m|CgTbqDm_6eIYRcgSGVo=$-GH$>5@H68vclRKQP7^D7f$_v@C@&1$i)-NM5sg;Vsv=`)YT^a$v{kYd)|f8cstv`&wuv$b?aX|Gu{IhI@xkaYOjA@{|hF{!Hi#=l^A+9V6L$0>%^{stCNoWq{xRc~9 zh`3WQ%eFiigr^!1e2Z##`|WRrLX57ZJ|oEq+*<a!3 zdI_-DQi}ewqX-ZDKTdJCb6S3JcaS%eK`L-p3b0LWI){+3^TGfm3EU;`)?=fDw?6|T z`0nFyu|FI}#Bx$oI3K#dymszW^7T_Z;qV|C*P{JJq6{{%)L&vnY0 zQ3zJDN(Zkr?w)^K*c5O4U{h@o@dc!ao`kCc95G$srwJn+y5gm$YwKI8tsCRovwV`2 z+-##>obFY;znsf5c0v9lOG$IpwY6Hr1FF;{fIsA&Hi9Jc4}n2rYn!_l{yT|nenDDg z$?MlGmKtjlNQm;f46AL968%8r&qxxwx4>d>S$dTxSGU~f*}KfEwdXJn@iWusyL(zT zl)JUWp@lBy12$nB1HelUJu>)5mp;@+wuwXkN!A_bH$CPVLtpa7wOS-o!|S~uY|S_} zihS>}#QB;Q(To0F?Q=r@@UL@=m9}pskzCauU*2;Fl1_zXuQ`7vm6MeyUCODxHM{!e zcvEGnLG{(*_1%r)DLg1dC`Bc$@9~+j;Vky^481MF(AA=Y0dNu@q?KGtFg?Uta4st+ z{Nazh>jf>_AINV^9(aWK{Z?VPMyp{YU+_I#g^z)J>+~ICPQ}<;J7lln`^ZAm4%Q|w zB5l*XCOSn0#((jX}j?WGfNe~Cc1)2ebjmX$a{hjerF0UN=h)9*0;fomxV340GqRz&xx3eU+x`Y8 z1=pg?F4fG0$JNwZA~?J#=A;+Lhq$^`e3l|s=>$XHEs`pM%r7cwoEV7kI8Cj4w6bYr zU49RF>6Xg<+b_O(iv9RaYc&Z9Y`*jX&dvzV(<1J^W90-Y3k-9wst%T{^Ui0?UU9{j z@7wtRF7Y!R@^6F}f5>iwxT$c`IJz8eM1=HzmYXo8WDut@rqJApV6V0Yv$NUuPS=G~ z3nd?&dsUoTwZ7b-55^x1l&~O%XkbbXac2#RX*QScFP1@*pb46#J_hS8hplBi8d7i5 zjk)^P#aoS6r1gxZF~|#*vjBTFdo5v4UZgPi9SqWs5TOkar@Ab8+Q_YZbyA(GZ-mpg z-f0=Ut|u1w%eO}5-}(aKL;7W;Kp6J`N)U*H$!qSD{gOFv(Jnui(~k1fUkan8w#HB) zHJ&6E#-~oBc-xC)=ofHu1Kf{t3y)5k!ldxe`TbDGp0Rt<(VDZjX(gRi?0eTze{ay| z>pwcz`XdcdMvmhb&j09s8V)=~_J9%r81gO=avJjeAKjnLP)j|#;~3Bcz-ADSdBfpq zUKS-;Rv?)7pXJW~4MOw(E7J0`DO3>{*gj{}A9?Ooc{erfYh1kXJ42YoZUYGngfI{t z#e-mxLK{16sAjvp6q&2e1Kw(z*ZSGQqADtBRve+Dd0<~zI;%0#bkguef9bIL+?JSK(7v61+=B=$cI~E~%Q6H@;FKAR) zxarjIx75|f@qnn+aN^=6qC#9k=_m9e)QK61L2dIO0Y#`%x}CP<_Pny-k^@8P9!`RF zPvC;+hD9_=dI~Q6A5Yk+P!3+02yi-|`Q15YbG;iSuc2k}{+|8r2Wy2Z?$$y9!wY`H z^zL}L&9W|t%?ZMhk_DGMP!?({b8|9DN*nr3d=J$G zf(ma$a=gF^futq~^#W8u%81K52N=yxj94q1pH{m?Z`SL-SV@5q+A_4y=1DA z4&^tYs;@p8&4KiS3hk7%uxGr_xB$cNX)3c(k};9j?fU{U{kogm`PeV(yxdT+YAuWX z;%@*UKb=N;e75K>)+2d*0Wg%D!^OoFkSq?D214+eKuxJG%e6yR< z>V-hZa@0Fu7YRqwBezqI@HiIu?e^^6XB;nR3sc+Y_BONr(b>eaeBi>ry*{WHdS3t4 zi2v^gZ`MuhPg(2Jz>iH`6UaA-3NyMxf^6>jucJOPRzJ@&U8RQrG1VAo#*Z%m{mANV zB-P5plHkSW3(FV;s(RXFE+#z|4~e1)&v;~8t80}K6#XHTyq{j2!yjU#f3KLT1oQ|P zGq7b@jsl^_h4QT&4r@OxM(Bc~KYH`q3(PkcL2lT&a0uRU_4F6ZE`M3mM;{hPQ~6S# zftUx0Pv@;cWA;EQJI5Q@#Cv}YOGeu#*V`S;iUQs9RGkgVnp2A(zWeU@Nk=|<D`l3XRl&T5dUodv$)A_2J6mq)Sr0m(HRY|oD@mr@fy`A^|IvkS)17t z9NCRhPpD6^H_lLo+mNB^eZ{(S`g-nU+tgdT*0TOn&~t?$`I&9n0&B@636kC#{{T9! zM7ZWp%9vp9K@Uxq#2(GCWdC&vmEyvZaFh3&wo=uZdpsiFH;_ySeV8Q~LP{8b#)jwgd09Ebu?exyQ zNU*~^+?C*-ZSg9N{I@M^q?1uXBFN-~{o2>k!THDe4JWd8aEn;--K?Df`{L|id{Vbm zx%rnW>%Zmv@uM{UPR=HIxO6ZV#X1tvCMI^vD1OY$xca0 zlg+DkU)rls##-iLiE4khs{6Nqn)83^7hMTeF90NbG4?*im?uxGScPa2uX#=L^VMG% zpNLu$?F-CG(f44(F?P&-bUqmLlZ+!x4tnH*F3|Gbsj8B8+wY9g*+F8qF_1+MBg%27 zgrkq{PF;?B+4Upt9jJb8HCKbqMUBknBJA*?H(vh%$(YCM?$!2Z{yvil^W9fyJRBfVhl0KC1*`B}> zLj3%BqXinyt;eB0p5+CP{_(r0W-VZwU#a${Ht!-CH+YaNA{~C?};Xd|d398%z^^w@5ZRh};tl7WuEA@O$N;&4cQ`VDK8Eu0IYh7(^Al4{PJy6@Z=_uvxQfQt?+L-W zwP;eWY$tv!du^Og4P1Oj9gvBYv->7=G${Xbf{|*MkMvYdx93Cqy<6NuottUa!#{_5 zOMK1}s9_r&+;|+UlEL)&il4Lm*C(XE3A78eC1>42f}W$7HG~V;u4Bi-!v0{*6x10;5j;M7;g*d`Z8^<;jr#mszEPzl}U^ajAb% z%9nnltFuZnNOiiYaqFQ-SnZgCl`F|DTuTWElL_ zvoq>JdK9c7Me4)_rnkn?FBa^+dV)T;?8)>f8RPT16y@-t?##6~;l|;SD0*p~L3;68 zkFqWK;!2VSVRK;QAej$L4?2VKGADTcX_;%;gF4u;m%OvniwOK^d{OE5@F`CWokR?a zh9AX-6inDpBgI=pm5BO<HcW$qw@fo!06T1B!%gS1WP9L|!{h8Z~S9BAoxiWJ_7k^Q%q;I%;Yi>#t=lT$+$u z7ij~VdzK}CdHesc70vJ!ZcG3-AbVW^LPY`@3Vb}MeZcC^ZV4EABE1Lpnn353cprW! zDvSGJf_ZAFAaS$wP4vt1K&x+CYS$0NyYv351?sw;L1n^us#u*VUZu89sW1%lIN(Cz z6iWnM%=w}GHXYuYxs>Cr?!3dl?J2Vq9|);_4+Gb%r&`j+h#oIOYI&9RSBZnw8%wwe zACHdLK-G2xa!W4hS`?S(0$etL$@3gh@A+cz#Zgu_K9%>Kkw$fUG z3dN~M%7|{2i|GbLYD;%$cc_l4-q}g%FIFJU4{68KWHp5CT0A;4tSrUL%8b{s6{=Cf zu}x}MbR5%SXZ8lct|g1H;6IklC8r9rJI)U0Cc1VJV%}M_#b+gb{7o}9=4}*2=htq& zkDA=tSVF>x&zpUfb3yQK*Ko}r#iEp^lSgm_ZH~10#e^zf3KJauT;qct&3LYH^woP3fxf`;3&O9M{sTJ^bBh~Dp9@ji`zVeQP zzqsb16u9(>etrK$B8chpRJZrvk+(hgZ@g>#&$=hpzqoj*m^Y($w9hQuAFf#sg0BsT z@*sVcql-mbC=H}!Y_IOYi?#MvL0Vp^aUd@(2O26qC>d|cY^>HFU(|3BDTiGD4bL_#0q9_H`;sXad1l55HQ>2{_0%NOY*-|{Hf${x); zKvJaVnq1%gM6yvY5&#SLdh7O>WqoC6M6JVe|9Ic%?}`G*l?eS!pKD9HaU<2KHZEF` z*(99JJV*;*JfU}|@P1D=jfv~D#1(lGqV(~GQ2rmJ`nQ;AS=C<(2hq|W8#mdkTx)E=g+lti+5IS#qnmG!{0$?mEh(Wrelx*g_Zxv(;?1e}Q1q;(`^S{ng)uh+>L zhnG$P@x$ivOE&fvy@29K<(@RLX zp?(0&O*J?zDxYjlllamomD^HJiI;uqkoF+j)yL=ZZE8bw5{uG}O^J1m-yXdqr%*zA z5}>^&*hFkg)Bqw({IgxbiDZx2=AV9wHQ)y82Nwj~>FxFf1_wk{_8Hj?qGTkry!jj><$$DQMgg^=p5;r_z1TQ{hi_$t@Jn7?2l6aA{nRw zlngvNfu=VHU^o*j!W{Q0&m?nw_LOvxO`2Vg>!wDknkgfy_v6fnqm`|EGALE1ekiv3 z5%CJ;XVp(<_LLi03p<>!o3}gt9-7O0Wd^HU(pKaXun8Cs{-nKM{oy;+fnb4^U)3HE z=I*8Obxi#+dyN{wn;RX6#hX7f^Y~5eVHpt3WHIFuZwP1Wj>lNV1sq%K%@cPFDYuwn z4~4;28HD(f%DPmz*lB){Kg23tS?s<_V!uQxv zU$q_8VzN%zMM?BqG1=iHH%0Ew23Xq#WAgQy^oL_1^5=haSqUc~PdJ-N z2n5h=Y4+$trWdnQ{791&SDPu6SnZ!@z?LzgJ$kop*Tv3WoBK^8*KoOB(vnaBX2g*S zV0u9PoFPO-Qc{Szy8*gK)X}fRhZ0I?N zk?oh+uMViyn&zQSt){v~%U5HowwY!iXAx@D2YCeN&qR*3!ICQJ)R0v^&_TUUGy%l4kot`#fZV})-uv>`fRNeS1LlEzVQ|} zJO$4_417MIfh6 z!kS;r!O2)uF39=n#q2D40mep@1og>jErRK10Th_(CgnPFbr2of<|ch~`Chd#-Jjm8 z!+Bo}7Gu`<&@TV!9P8@~h4wXO@>EKLB|Ha5~PuPx3g0{{$aH zpvH3M@}Z(;MHOg%Dg=m4m`>d4-z3ymxFP|~-dc&TP9(^Jv3siI!tm@sF2tT>UYyX4 z8{?*xGbklW-vGGf=?7v)-_2Q=MGxkzcJY;>GG#sQylyPEqVQAfaA@}ao817DI)3ux z4d|D*v&%oobqHcE7`^=b@L?ATX}&ty<P!H~Xr8m`X&0QS>L-p9051W86Q#|py@2~8 z%%N}63F*6dONW7P)U2YO55M7F!Eo6Deav!)eYgNSZ1>t;y^klID%=*V473 zK9MiXovIVjDQ6b?n&of48*SJ2lJ1E1;K>1*MhUI^Y42P}%)b2{?y|OQ?Ws85`*ejc z{M_zRv^K`yo>|N=$|G1TGe}3S>-Dt(>|@`3ggVuWQh?)XwunO0HJ^eY{M*kQd@$*i zbu}@4rqi*nb5^eXql39eTzBNv3zv}#Usp#7!y%LjKn*7K8S)DnBaSof>LM8w4Q$54 zZ@iVvbZ{z^@={XVOn2nXadld>qI2UY43LPYR1$Q+9u}B%jtr1?Lp$gk2^m*Lq*Z-b z9Q^B3=^gf)`Tp1U@fK3knpV9ryZvkOu|+OxwesY;(<+1rr5qo^uZ=oSvEi$Zc)#$*{AmAAD2KDFpp&jSd=5AtA|ilv)x4Av_wvH-vZ6n(q<0 z(%FzkxlgUl|1^#cm7>~GAk}0jxpOicY&$$w_kj}hHs|3E{)#& zgu$9=O`9w&d^=`GiJwLff;fB@0p8mT0GCdEfcVc@T4$S7{D-dw2)A7Szg_?3RQ>aR zC1GaWoP#^WP5q;T1gb9_3g7t_YM{GwFTy?Azch7eIS-WT&g}B)7Apz5RLK&HcUTqW9%dOd=hce+S_CbwKyLMe+Sd zH=7pxkFGLkz9o|&XQa6`=)6;eFtufH)m-ce*kMvc_?ZD1 zx`2Do`rCv34B}wa_B(GrY-yBZ)V`IbOBuo+mh@ZVGcek{e7|8@W{)Bn`U9~`X5yoG zI7Jf1oXNiKnm8WzF{?uBw&)oRQ4ZJyVTNi{tGRzPy=eeLI>-B-Q`HFep6Ei+xHgxLDI@`MTk=HvQ& zN!aqdp@+NtVzs=;|6uPupqkp+wb39=>7euysY*u#K|}%~O+s@`Wo2cqx#oP^eBb9e z%YpHup`pMYBs1*ZtX<5}9yD{WO0=FQ)+Ob&syo>&>QtsN54BHMmtIr&Lv~)d(XYc4 zFo{t@A2L_>Xs}N=$AsGu{4CN62@dOt@lOR^2p*q%AsE`wCb;g~zd{JRi+u&@N@R3; zj`i)};AruhnP(E=*nZen_uR?2>REzSD35Nc^iq6x=98dMU_tnH{s1vx;d-%a1w)Hl zc-psWeDw|0S=4-Uw79yMo7@`x&iCmJZ(mz(y7p4GE0SQajhA0fyS4UnoPM)D%GItY zchU#75YcNX9D=Ho(`B^*7=`468 zy|;4ze2rRC(oM8BfUAbKxaR*7mD8u0>A5904O68oqJ zF+aN?{i2#Kx!^n*sKfZsEv}t%V&g2iLL!^MvELAV^qe6(=u%7kqE-e<{KDNZ#@FRn zn{;wW=xbt{ggZBYb>avCZLN?_u6^!{E$Lr3F=Mh<>B^p){9gF^@~PZPbL}7`kZ5nN zZ(`9vGrk?L)4L(Hq}}nP^oDPRAVXK<>B#7 zx2JH1U}~8AxGX1nWsNs3!1t-`w2*NZGSJWK^LR2H^U>gE?F>T4URsM!?x|$dTU(sU zMrcx=*-fc_>R4d$woAfpYDOZ+>b4VUu$3E5dJ{q@uYrpEiO&i8LK|vacOwkM-uE(9 zUKk)x1sgxaX-^zL!C$~clEvQS2wHP{ry$;w&WtPj+NpOY7#7KyUT!*=rkDX(G<_f5 zdhnwB z1jn+lBmFXZ8sl5L;a#YpU+C)qM%;P7PXO+-)@sjT!P08L| zOQc;`-e$3$=mpQevCzAu_RzrL;zo}mZ#RwdV$x@sv>s^W3Oil`CsB`8Wb>JiiaMl5 z-B#31y}AQFm7^h_>r19j_IYMaukR9)EWNCvkLiBcfT0K6N9qK|dA^)7m|V^E6-OVw zh2hkxy<|0@bfFl%AZ*uUs%3Ag44l9t!mDb_Lvio%aL}wm-{_epWWHZHV*3p zCP+Ewl@H%+(xo#VeK)cAuBJsGTyHe^<({l>GPAFM^fkEUf0@1}DmT4^1rV>9F`H49IR16^8=MokuG&Z6L`;qq}{M)+jL4c*Gu289M-n21f5%z`GW)+CM;wMNtT}lM|3WZx5in zG^6wIQJU27)fpgvK4JFN4^THJet6~JfrKcI^ap4gQ1TQ}r`O@*(qjlT7|1i%-DND< zYcZ(G-=3j$Y+*+Mb!>8b0vi*0SH`=z-jh@*<8oQC`{H-TmFQpor_bkwcYXo85(xfd;_Q^2-#$0wCq>9V|H+PaZJtre zrOZ{hn=||XB}$x-q3BwQn$v}-B46`|zmxSUe@U$0`~ze#?O3|_161Z{PZkU~CrKWY zcpy9FOJ8Mrb2cgbeKQa&a)BRM8EWVnt_K$=t|wo7{K**31m8VTUtzv6 z+ugwE;$7+>CNec079rLzl#`Myy+|id>I07mdwX~y2$SP0Ad9KE;vk%TI9t2b0#J33 zdB54xH;mmn3l^*#y;Gl(l9gdcl3movUSCn?L?PCd!<`_(s;_TIpfBG+7$Puo$w0Va zcSNTl8bEARBzr$we(0j8mNlt31+Q_lp8IU>f5G#!%VU${2X`7i6Z>zyKB@@dFLIH8 zUt2rdphM}Cw#~s|0#GNc-+ADhsOQPv3QX}#2h@HljC>PJY$(otp(s#8~ z3(M?K%?aUddM`V5paUv4pI=tfL8>Md#NJ|m!C-pW`Sm(V_b>ZX<+IX;{{rJMd1EjM z>YaO5(}<#@! zD(NcM+!)_40F1Z}K_Z(6y*O93VzbBf@UOQigvKO@WphMvEyPUN#esbX zrAq|JY?gK+tjfAi+9QT~_rQE7W42N6T&EVjz7?%WS2l_^9Z`LkvUk*^ps;d6YTocQ z1S%z8KHV&_cZK@v7!hqOO1;}sa0+B`1hR;v=%qDrS7V}Tdx2J{Jv9mbHDI_e7! zCo1uW7-YQ15)_sGwl<-|wD$dQzDdt;5=!SHng2r8^_cB1x%pNs(n~2z^sg=ms1E4( zN#AZN8dn1SV_+8kF)&5XsEL3In+o-x3A9QePEZ_&LSaAK)xWZr*nIYieHv*|DEY$`-ec-m?52>a*9e)L40ambnDTg~+45TO%jL@C1 zP*XQyn)mM*#(JKLlwC|k@z#pdrX-{seffVb6|Ssh@|VMg*Yb-4%8G5Ik7V^?N=xbG zK@=cq5Sj5GBYuuQClYy`zQ;*`qjXj5=P4l|G3j%uF`zKy%=|7yV3%p*et3ftmADKW zjXyo)0r4d*LJId}YNL>Bv$ip2HxrT#wEJXh6jS!v~6X(tf~ z_~VyAg(#g)v=l)|;Ob=Yn{zL#`{F*765b?^X5vY>c~~_5hnGX6q%x8C+xM3biF7Svu5ue$C?!ZR>C4m0AAlYU+`Ia7@_~2&RI_ewY3`hpN#OdI zljr9j>Nr@cBtx2Z-qf63U24{Z)Kutm>{Jgjf*iifkoIrQr`WkH!OA~+v(Qwoe1ujL zc!0@MyzR*|aX3qwd!G9nQth8- z*b_|C{fB|mJ!X+&0lEKN=fydVVRN#reiJ+cx3urXWfh&v{&}zGWZehizp^?|h+hx8 zl^75t^|vb$88nRD8X&sXxBt3TAVMfejs36RB<}bSI5Fw_^Xduef&SJ2G`ou5(`&U? zg`OM=sJ_PuIQ}`HmubVb6^Vc+X7X=OY&Br=k6tANItAwM?^>!oqw#s46RDyYp5*JFa^>L-EpYXB6^{#a9E`EH~t6H z$bvk-%1rd_fsZ~rr_w6 zk?X3c7B%K}Tj>v^O!Oa1ORwG~&{qZ#f(W)AI*T2sD7Y!PdC2$hUEOZp~Jb5 zkq{%Q2Qt<_MF?4_u#4rZUG7MURL%CUZ?0Pbi%$1XsYcM>{qgapLA2BX8=-h;D0F}d*Y8H(+A$pP?9r9JVT@VOC0$o!_4$Uz ziy1j|7h-nAU04Sb7FvFaT);$$RQKcaN;Vo_=5A(wL02?&aqLXM@hYg8Zf1r*3n^`- zX8ltN-MFpFEP4A9!KZ8{Jh`9LIy`a>z*dYUo^G3A6bvf(8UX79Y_bP!@^>`du6|&$ z%R5&TrYz6hQ;uiEe>7*UPgEOk7qd@CYm}y>HZLIE-HX9}CxxZ>9gscAa4Qj2e zmp>C~^#tpd;hBH!L%TJ&&7G>+Lwo%yE&oT>n-&DzH!EkH z{6utzn&Nryhu2Suz5nvq(NVyaKr1NyW1jn5juy4Z%S924CA$29hAq)S3^7#QVzT?O}?c_kVY!S z@ScwmE6oEDd?dJkDv8KGs^XVLwaSj<1ur)(&2mgj{^YWW0ex3LdIIe0SFPWEkM+;p zZs7|>kLoqlYxr2C(fNhhCaexfXu%M6s@8GJ%~yOB?F4+X3+v3l4*&v=M{n%W!u64_ zTqrZk`HwBbh-mx5=YSbeq;%upt&u#i?8%-AuO_IZOONwBXPwg{arPQudmT76r9)8p zl#A(;)?hcWku^;qtwto1%eoQpZ{3_;i&*=BFedpQbVL97|APPh*);h!y$Rs%i4<2| zPoeNA_Hr%lzKkaUti3<@2|%C@B#;D3;_v=F%XJ*V>T9*pZ)!L3^W)wG30rHeav<8? z$rErg`SyC&L7f&MhxDiZmpKj3{!r)~$Sh?)3BYQ-#+@K`*YOga8rikvfb5dLOpN~! zO#N2@)_*$2_TLnCxf#CnVE_xoKUg&gqr>sa@h12s#DSStcY&wa-@Kxy2M5rkWFXzO zyzi%-_%HwRDtNDM%Y%PRp5bzzc@_Lox=j6Ajth7FEC=AiYt4jqfSG|jB+79c)l_zF zJgo~vZ~q~UVB@@9k~REVr!(#TCSj;41ji4ZU&kjX{s0NN012N7v+fwiwQSS{q$d61 zS3C$i3WRE0V+HQM-2$Uy9Zrgp--nvDPs+w}e@`H{NKBJvBLgC!YxnT8-~$ivcPj@7 z&ZkaOV|EFEi+}!Ql*$;}+Qk7%05dq&U{|1%E>}{KN6UlkaxVAuM7el;#v7lrrYx|; zchHHe4ph3WBKi=dK%GIYUu@TiaQ(>Z!b$xJH^xE4q$tg^u|=in2MY5`OoWSK974h5 z_?f{Akh%oWr{}AG_IwxsuyhM=zr2m8Z?DCODq#>fzGc=);VTn34Wz1z(lV1euHPMxVT`QO` z*$QT*@Ca{BAKTb-uVr+Vq`k`J|Chnz4cIp$56td--rYsv2CVxwme-|0RD=X$`cSN5 z+sz*!x$N%@ns|YVtKRS^9Gx3?VQzEw-#$tFTPrhX>1+jkXCHMI)UToB2|-8sdE$d0 z`$E|`eekahhA7`-cqjQ#V4-wyzsvl=)?5B|57G5ZSe2#G{RR%REy zrVN47`}4k0kj=>-Ag%!b1Pcf-{Jm}O3-`s*w6(&a?vvW4qd3lGwjZEuOZTjIC1rv2Nz{Atbq4;t_~ zU{dU3_)rmE={dknnLD z=Aie(OV);hfY+7w>)roz`*+9x@Ogia`0uImFJ#Z}#re-p=KrUpipXBTXUG~Idh;I= z{BI3ms=ZwR0E98kZF^T{q%X6j`P$l_68xvuh$(`1aj&iXTQIBQ7lA(=zV(1|+w>)% z58!_Uu+)G6mTvzO*sbNC;jEu6z`poHjch6OdgOI+{3+|70--BL%|CQi)IW69uL4~4 zW&xl^Xn+dLf72sHiGNd@zbcZ+$xxIj;_rd5|H8e|SMnt6#Ir&6|DkeA;A>R>J~V$D z4aYw;>fiM9f2pr4?eH{v|K4e!I`Ws+ucpBNN#HS7vGo+O8u5AI-*zh%Oo@tWT=;s2GHAW)x~ z*^up=n)>u}FNaU1TA$jLWVNr3BeuAhpGo!7(U4E}(+JeU50KLAeHp{+q_}vN#$3QXn=+P6*m6%;` zfENbHihd%cl)`1?m55cUJJTJomaklK$Wlte^%K8U8G21c3`8T*1#qXtlbh7I>bh+F zEvVJF{)Zo+d_gv;$Tr~$mDQ_loEUCnDAS6D)9u2d;`-MC9xFVbyKR?A_-Xb(a+3M? z1*CsO14Rl_t8i)~tZtW#7mGnsVGn10U87lbU-Q7RP*3u(nysZ8PqI@Ekk<#~-CX`T z2D05i3dqKvDIo5_zmyZSURMfz!2V}BLC7!ZAiDCpXkT1xYW5LOZJ{jbH9d^Ig;yE^ za9ja;1(p`abOh_60GJH8cJ0-liCtH7n}y;1!F1?`+FU<)kIV}LDLi+&dXPB3q9xKO zELDE(9{=|#P_Hi?XaHH6d2=dFh<+t4wF=GU%}qQaWwW{AU8k+2@aH3-PpUF^oDY6} zdpW8I?quFyJ6QW|Vqs))Rcgohj~Gy6>bUuGfwXW2>r6UTKGb8O{1YStf#4dVI9 z^Y|NrP4^zswcqrCgN!!t#Yj$xE_=Q_zL0aC_l37KY>S7q2#0jZ^=wKazMRvU$|yZ| zuyjCR=gnH$a3VEEoH^xMy0Dey;kJKFiCt>smOkt+0GTc+f30Yb|L4=btjII?YPXcR zKauM!)e0aRiUT&mBQ(;lP3~>}6cQE&8wc1#b>)?rjE3S2hOSC>Koq zt7Dx1c=O-wVbLbv50L2NmG}jZ>xrfTy2pQw$-muf`G|_?_<=j^^j<~zlaU&3PjRJp z?->1=<+?(or2dQ1$SJKn(K;Y-mXwv$qt+pLL#|M=iYy~3QPd(1aacvZA;~8Rxk4(T zOHedM6tWRxA#nooI4sg7CCUD!KpRNpcajrq_?gI$-UF!T{z&Bil8Ybv=Dr!U3QOe9 zMr2}<>4q15WKOQ;KI{5dSeO6X$3964|I;MQ{P#&no%H7I853a%Ne+L z-F~bMo38`bC;qXb{;K==r&P%Q>*zc0*Oe2ImPZrKFaNG5 z@16vRz8@g}H_9A9jr?YSzG#s{8+vqK5i98mKx|)GY9EGEI!U$Pj&-*oRE8Fz{8b_Sj^E zRJ}|MsI(FCb-qI1B>T`sFQjO7?>nO~1XYEPbKEL>^>nXR{iWca1 z>?CqiWOili`Kqo~W)`@*?K7OSXP>+U@0c)mF zi4rR)I2qL82k7Gu&;s5KaK-5M>VpzT7X+kEcH%RxA*ybkWt%;D53E)~j*s!?X5 zM^WDns~Qhnq;>$bD2AM~#3Rv$vnV_t#PJ)vPPQ0;&?y<+l}&6ObNk@523@$`foH`& z$9y{qL_=ax>EBeQD{<cr!?O-&@=L zVmF^vs;%;{Yxgtv*9r1fF$kNg^Dv*O9hmnU?5%amsPIEG!QS*TrxqbRYh8PbNzr2# z)Tb<^7yV+;7ti!u1gI|w-Zr7sEN#Dxvqxw5xy>;muO!G`aQ8ePt}yLV=~8L9b37lk zBbJPQ5SlQcdl}tBqd*k1PaO$qu!)LjC-;*>Qb*w>Fjt~*H`kWCPkbxmrqNmdw^Zzf@Q4dWoleX|>^W)GP7 zF5;?Ndp67leU;B;HV?Uu1PPx?`<<>uRP8)n(+Ec5`>3hEWU<7|8h>M!ZK@Q`SqNk+ zIXixK%bDAAkBG3zrY?D*7_8x^*&7VTj7HY&F=BO&ZmXzHS4?b7Y;f-nu%5EfTX-<5 zQk0*+Orr#QcWUnExekw(C9Z4?ku@yBT6HzZaZHIyzEMx<_*8T&&#w`8G}OHTiUx<=o-1-T+KZuTT$9 z++cztZGCN=W&0y++UYec^%}f09*Q*Vfkdc{2Q;pG+w}XJ zJB=6>V+>?xZ56=|GoEtUIlQfW(`A1DNEH<^o8~TLuz;CITYD6j zKplA~nh3y-90s{QlvOG*PbB|12Yr_>!yEB>!ldVsDqdH-rAeqGywRQb)zd@xTx%bk zeiIAFK-Sn%*x5EubRYg$X+o0q7-ZguxjD(xWYv`YiVC@qFihAS%18ZCurHl26HNgy zdsPV^px|qLd1VeQsDhpn*7@v)QOL{Hq-cbnE_`V*?)o!F@Eo}TfU<%_Bp}$iQ(SOT zNXW(La<`&Km&E7nt5pj(g+sUmMUa~b=dTF3>$Eo#`2%rwfUV$+y9QgOy-X(~IX==RNZ!%l!>ce@&U+KEvtb(D!X#5K}vYu}M?H7RC) zb>rnwOYu74qYu8+64|Z?liV0lM>ZW22Hk+=m3NyKyLyoG5lv3A3Am_Cyxex*%Jj^j`pbV3`OL|E{@SW+|rVHF{Ao zq|BR*NNqp#WuJ+V0>m7fVOEcBj68I^2<3Nj;p*GK+vtW_HN+QKTv(UZg=TQD%^W~4 zIzg%%;@4W=i`JW6S4c(f?bHY*IykxIDo}Qf)MX3FMq71T2}K0NoKa%a)&_8o(CfYC zboI;`CgYOqGS^z&Mt$9Q)JI)SsvJK!nC1ru!r0F;*3Sxq*%K48SzwBlh*+5Uv0=;I zRK|T1#WxFXeiaersy@~Nk>4Z9o}FK6&S=JJV&KT$6#%DRL~!8Kv>X>qI1P%%yc6I} z-B?$Tt24Z%>Lz~IppWUIpvpH_A+;TZ6?KdpUGv#12~{8@uyDT_tyF$u`;Kz4jC>1a z#T`Exc{#W4k;#>*gg3Lpa-^8XINbG90a(CUP8;#1hFNnlOlnz~{qq#o^~qgPuExLu z-SHgi8{*RT`wHjkd|iqbRc?8rS5`l#?X-eX^bQzq1290lT5UBQi8y=5ZPwnPch75` z^rc>?`%53^WzeEpr{r;J&goqT#03ClAB>FZ`%?Aj-K@|-Y~ZKr`ft`O@u;dyPWw&; zmiUC>>-+1DkFg>h1eSyp?ih zVUSx_SldR^+ncapj5(zh0BH#6fyAGrX67$`ZFtKwYh3qszT5pVuUBK5IDO)9lj@8G z$xWV+Yh5Yn-@|S<_6OfWZ+0gVJ1#>o8vS!#nH=Mln;v341pB%Co#LuJT%tNVq`J^F zIH(eTbsO3Mj%w$^sW+$3uOq<`^}@lEN+Njkj3PI&hl+KX&HGk{r*Cj`kJ{=3p{ST>D6+$&jVqax^6gc4&HdRr1v&)3TkPqIj+5;D-S-D&r-gfT?o(F>-{ z(UJHMH89*b75RH{YRY3+wLrvPVYoF1%UNDKr#)b>6=27a%+^g9Qy))<8N=Grv@FAR zCswB-116t%RUaYhms-y=rxkm^)%7b8!L*AwjR{#3q$GAAe=ELXq_UwvDBGdEQPGn( z@9wab*maV4g+tVWM={?L6IL$ZFXOB+ zMNe=dlChcKwSpScC2Wem>+ubKZH-8t%Y6d?6*3-g9{#SC&4<-syE^Qe8IB&y3KvL&eWm0z|k;2dL!C5B43GjukU^Pk|b^Pr5 zWcUg^E3iIa_tig2blR{bI{Aas&5#%GMapUN&^~`gT8dLUdwmFxgI}t@?X(V#{sf_P zE?*5-MDM;T*0ip9Feo>9cn_&yq zW!1{fg<`hss3|$J9SJxe#X3eVbkl=uv<0ntIry-&nByKffwK&l|HVb9y~mtJV1fAv zU)HQiM;5b-b)^006unEf^U6{pYa_a@$9H5+jvh91Fkvx(6~-8XQ}RW+MHv%UW_#Nn z8`_?Ey}P$+sV?nGh5T}--O&BKRpv zp@-)Nt);GpP#$tYv;{;RoA_fxgx`IUoPeB1&p;4d;I~1xFK=9Oq2sA-rAzp z#_p9i0uQobT5M#PRI44DkFVF){xD;}t5>akI34UCJRpYky?^!wf6E?Db{~qaL{%O< z70#=-bmp8kXJmA;C%6{zjj+tQgMeFmpQvhVez5SfFi@3S%&e|EB`gsyvu%KYi_8yR z5aEN_IlJ@wNFRY_H>A3#pZKmc6lMluR@Oh%mJY2gneTrElVeRZ-zCrV4GzxOJsG$v zFE#RxY}fQ+T`j|68F&j4bD)V;g9(@WdHThk8fv!GEC-0rbJ>6EmvtS1X`Ye*WVl>d zeQ*a5dianIjc*4ptvIx#rg#}J4+fP!q*I+r+Te=%IQ)*;!_P)I-!*rBQ8Va4;#yRf zXe@-F{hEniV3$ln39{-53+lz*PF9Y%Q4Kh`L2U&gb#O<*02m~ zbzj&h3wPyvt%RE_EYJ!(BpRdWD3m?`EXo3t#YDx`p;(RTW?&awZud2>ncbnUpK*CY zTUT`a;3Ma>$)oo?B}631w$`J^Q(o^b9;IN9*Wh#-m*fPe>W9qkjol~mShC;XJB6gQ zrWxr2Pz%aNZ2E4*Be{N)M<~qMUW73~l|9svIuCiu^W=i?<}`2fout~T!4C~zwf0p% z4ouNd>A&SzKqk(+b#gGCWdX<`_GPh7W$`TdiM|bTrZ~8hgJ`}gF2P7;YR-uV$L z^STJe4Rvi5aREm(84MY4@C_{ZdUWE|5D?Vf?a$K^%M}e0x;Px`=|+GEt@`h zG=?E%mGVkA%Sv3EOUbh8Bwnmbm!)*AYnrAbLcn@~Ch?e6F+ed=zp0R30! z?UaP-weJU`gis^Ld4_6o6Vo}Uir2nNvg`|&an*!`{9R>sD*0VGy00>}p{H&*r|~vJ ziO1W)oYm;VnXqrL$n^(}^>gC#CVMWPOg5xK|gR|V^p<{mU8cU?b3UJ*ZUJGX~CB)iZh@J!QSmDp62XLn|kqr##)8Z zRxk@1eiZAFI$BidW3C)+<@A)VYv7rhzI&_33-W`;uF)q@8id_DtKOA4me0qrKZ_J> zB#&ZqmX~fXH@cN{w5HE5Wl6?$%Y@PR=TSEbChxlMO03M;9d*vgssSYobl70QL^`b8 zi3`_vQI(_MYT5?N*7f9Ns3a_1tOJQ0k8Q&EV-G<{So0S;I`cJcZ^Rx%>P#hp?=e)-D7o#B$}F z-$H+y=i-oL{>+hqJ6P@qNT)5Zr020o&P`u8&j_|;P`MkBsypyLczWeXasH|cyZ752h(SV z_Q|tL+i#ua9Y7+@3C3jg*Ift=>Sx;?Y?Gv{vFas!Gih!LPCB0#)S7bdm015Hi`UI$ z9&#-BsdUjeoHuDVnAuOa2TYCAg*(p%xTHl3&+trH#xcNa@0BaI2qX{6caRc2lmFg$ zlq$zL4RHjAw{xSj6NF&gkIKHtM6`z^nRhs+g?e{7U!}k{Xg0oH;8I<9e6xdSx7TqS zK%Hp=c7Dmb*E|3g#BT-LEW6K38wzs1l&qBn3YHa^Wjn;FyNG<5F`9L?{{G+sLCk9v zA!kOrEy`f0;Dr_RE1Wr|C=vn~5|NF`3y#`b0oifhQW0~i>e9RkT?|(h&iNlJduEnn z+Np?xpSR}QPpEd%64=@Tr~>&}9fqH(I@eCs0c6EY4Ea$yRw#=SKZ3bYz!y=Zj_gBR zhudt~&~ZCA#MX1a5MY*Kd!>aIQ`eBJ=ojf<&aM^h1!GO2gl+umuRhT^GBT(;l^k(v z)$);tsc5&~6?p^P7TE&!3MO0`ySAE*eIOyonkhGnn)Tt(m{SxvRoS0wSGMWqP?5y+ z?}T4TkfVh;VxvwWI4u^N_Pk1~ei`e4Tlc&c%^_(%sqF#f8JE607I$+G1{+aMH=mMW z7rNw_vD8%`v9U%qlUD#rfch$wS8FEc4X2G)gzwqHXeu8sT_B=Txb&I0;>oKq*xj?@ zy~Dk^(LMxCJFB0sDPus;a_t(%-R;vWuYvN4rG$bjALJY3!?MKZxMO?w8B_4kq$>O*&DY}3?VzgsF(?rqqW|IVqo$H-V|Kz)9^n5!V%iV)b zyN4#R`tQOuUM!kc)PEX#?;|Vrs8Mk3!JT8!>r%}P#u~W|^a?6I-xQm8cdVTYOWvDJ z?Sj*M+>m~wsA?|Sc~^v|BY~Oi#-rr>xSUY-0mAexyg=|Y$0e*jMs9ZPHa@h{DPT7* zx4&#_=0vh(Nj+eHQO&hsT;-j~@Hu{7TbJVMoLjXa!KTbV~vz%MR9jwV8A+O8p~NwI}NB4#G{!j|W~!-vpq9!eq@-^lNG^GR9N zUyHh4U%?L0L);Ki6K}}&v5b20A0I!Yb9kt52uhYeECsx&l%;ZTJt>O4NK>HSo3Cu` zdotrKv-KOb@q^Snuf)aOeZG~m84MT=~-__1KS!Yk#dsI4^+v0!inqmmMlxwF>r+Zt3>}84+19Z=mfjRw85Op?P1FcGtjGr-{JGb@7_H6-Ia6 z`>YK?3NToHNIjuSbiiCTTilZQP+c_OX7$Lyfu$wGWz4izHE=YcAj(bUQ6j^OJx$OMOSA`FnL>j-C27u_q^HtXCwZr zBb=xSWwMEK7aEU{^~XAo-6xuzOm0K9&PoyXWt0Rlj%jkllbkgc;!4A*oR-q;k3VTm z1o{wG%|Kj$hY0k0o6e6Euv21jo@=Aj502*3qU&za-pHzAkX_*%vb2d~tF=*H$+&gi z^DCYo2q1ENfr2*9a=ol>Al91J>z}FERlBO2F7`WG*(AN-NmAqEF}TU9X?`8pyR4Rq z#SxS4)UI_p1lko9MY-%+%<9;wYGficxIfGiH0+4B4i9-7u+4VQI$i-{ufZ^fnS-Wb zIo26ipzv{&)&8(!i`Ccp0F}2iO&VW1C@5%xLyMJKiRX?I3Qj$+x+)ADT+=Y}b#e&7 zSE&nbq_LZmJprCiO`JVT)4ox*o_+El6yGn_q(9ox>6KNJrK(Zkic--{v3c}NfsIB* z5eg2TW$;PD_hkvys%j~aL={D^cg%@8>+8a-c=rnnr zyMg&?lMPy!7XY9i!auj;%fT1zkByJw<byU42s(h z{F;2pAvCYaFaX{m))R$5zl8U4o)rKupyu`(g!|Ow{Q`dMRBEmowPDrnG`ld-7TyyK z#Ko>Xn`@da|!?OdXJ0Dvw* zX}2K_D^WVf4*?eQ5S-b%8wJ+KU-(dz_KT02Tvipe_)DgyZ^_q&mgxl_65*8336e#uLua@{XQ`B6t*1=b?hfF0YZ{}n$cJv7mz8qxBxy@- z>2a<^rm8ea2|U(nhmB@18;}(88}B%8%X$J^8^UP2t`#zvwMz3eKpXPTVC8<~*J-ht zKK;!6Wcvl`Xv(%&uB)O=7KGYZ_)*rRNE<&A3dSCH$#J4dBfZE217C{5l+G=v74!C? zpAvDtiYs^l3TaR;f{0bUM%V|z*P`NsFX9+xg6WMHt~{y23)+`Cr=A2l%QGk3KBpjnWjBI?1~g$wmLngH`ATZtf#FwO0dn zGc-$oG@v34ytCfAU$_%(UD|EM) zP?Pcm-*Lz`}46C{l z8XeO*Ub45`ywM;!rC^UQ)n>4Zz_t^7e%-tg-mtyQIV;+x`-$H+eYRJSd!g06Dc^xi z8USNHeQjr_4C!B(Bv}-bLn;R#8Q}iuX;9K?QRBCe{UJ6;7O?K!c z9<>3;Zc>W;p07cl?(w1-c_xo+)(ijaUcx$gI+a}!1w=w!eoaRZ8 zG{6yoo?MrT45ki#-wwhc;`3WuE;{%aq|O`_yNbG1*-==9@$!%)bya_VNkKT`0&~Xf zbqiL_3HG#{Wqt-|74*^NN9p&=hvWQ#~~>Zr0lkmUnY!6Yz=J5lJs zZa9ss4xXz0<(3E5%^;c%y-izIejB7Cwt4Fn=yc&l<((QQ*Ed15tD^G>-932Ow^+}0 zO%lJv4r5@qvynyW=&Yre>dj?>`~)e=p1~;hJ5(}sOvP^Jv2LeoFs&JgLn1TQNgM4J zQ#irH!rR6o8%v5)B^vLmSu%Zu=FV_W6Bzb68l|tz$KAzlqdnKbp?D^k;jDyav7Us0&*CAK_b1E7?2M3Fgg>%hgAJSKUBX%MZA~@hx4i3wI=Z5`AANm7S zYP@pdl^V;NyF+qi2Z5o!gO=(}jFS_`Y?K|{7F5NiAh~&ahiaYUb;fw?Z`#^g)pMJs zT7_JYL^WjBRYeL1Qw?ES`%WGdtZ7_Ga27tKWu6ip2lz`~TBtxIHqVS}&*?ErCvH{^ zE>IKsojAEM;U1|z!azgYNHK;F5mPu;fd-L#-<7`}Hmq4+yK6~S$*xCgdBe@{r2D7= zlakm2jRKS6`TSUWXg>Nq!aXW7ldIw_UFt3z9Nebt9j5ZJobHJga_ew=@vYM%##tmV zDhlp&Ca~EfBk~kO+R-k6rbIloGcg0}%vKN?_%hO2s9Z{56?^~vyW+W9$)u8p$FHC- z;cV^9IHeg`)}k#4Gu%FiR|2p$>SX+Z{A=@>8(F9aSQgTTm+E`Xsz1$ZNa6WmTE)y^ z&;TK`TodZyh)B57sCc4y>0Vxt{E)c~hmHP<@(HMZLwiHt?7-~}`TxC#s6{ahVWRLg z5n!KR{Zs{bN#QMnRgS8X8W)2yc0L|`ySDt!dJx3(nqVp&vqJL);tbqZBc5Lr1xA5) zR=z*=2hX=FuN+0qwT~paU1#4e!<@APl0=iv=!=l9Zu5j_ZY^MI4RvhOc5Fv+)n~Lo zXO%Y3g2}j>zul-hb;JgVddDUb`!V*mUq{bIZ3YIZ^vLk0Ygkk`f<6l9uEaW#`?zpW2V?PwiLwR`L_Hj^rJBvM-wqPw50Ecd2;Zm9}!} zK)+EvkYp0|sk1G?@~x~k8#CcKpGOG+fX*6oCmMH94@~y38-586yu^ z{X`zU!%&dBo`jjYoqu+R`Q_k4`STYByf@QV>#7#)5&X`_6&>vF+fG?P6#iz$c=PUfwMUa zvFM>zSgR+i*u$6Uz5H#RLw8nRCMuooH+kdDGX42&YvtIEM*L(fOzq|dS|c% zb_od&4RB`UFY~ipDoWl0wB%~fqld||*IY2NovIes>!Vir-W>7y06f$weT21iDjA5c}ESiE-R>(y=d>&y-VK( z9v0SP?z}(RU3BGVxsw1{2o_fz($XLv9bdY56pc2oD2J)kx2Sn7aj(4|a4X%G5(=A8 zYq)hU$%S|5j#k+@aib6d9>d{f*|VCuJvx{m=Juy{LQF!$TBfJcl(SdWC3B;lnq=h0 z{M`oItHa~{5^-g0AvL=e;y1bbB%#E9>9hC?3rJ16`|*5@>rS6A3H6^#L?xsGp3u3H z7Hhk)c}iJGd4I}&iCsBh=OzwA%K(w2m$FzCrC*E3pD}3EeZV2{=ReO&b>2d?wmVw=lvs-{Iipt zz4yDGwbt{j!kNunvNL*gcYv;21=vQK%i83*j|Dw+Z;ThL$db9RyAsSV^Q39{qou1F zRs{8cGSN2xH}Y2*949VLu@koTH%ZR|ub0M*U$%u_IuY}@uCWV_5l>8} zKfX`-(O1Mqg~VW@0$2hx5L>j+6!EK98O_83M3Zwl$Z=wiWYlgi>EcOa2}Np0na7++ z1o?CdynALsTm{a){`I7bxSM8Z+;8Fyu^%DlAd$hjr$QYpdo9y(rw!Bq2q}>e6>=ST zS_TYkD=UTS!fZZHKU|c(``!Fhv}F7f(WHe;7L~K4e!gu%HLU3IIGj&2gXrFe7MVne zk}I2%nUfLB8B*OKrF%jnsHVkE2zBQBH_yRF@y8^{9gjn{X zwxok~`nXKkRW!xcl|`I|U`7eMJhqib-Ccg8u3R6V1&3U;{b1AuF|zjhc|L6Gi>9`Q zvU``rxuXg?wA$B2d`2T9NhA?JyKkhj&CuM`@PhPCtMO`$CGpNsz>4d(_OtX$2XG*< z1Sv}D?*lo@JsX-tZYk;}l{=ffHrITk(wj#^tnrc>F{=)y)^#d>{{P(jaL`RX?v-D) z9q!clbBP2rGX+9$26@H1l!qy^pA^?btEcDVGYQ;D3az2H#gpbbolEmU?cA#As0^j% zM+t+cEozU4s-E?}6>=X@ku+L@&Nwc`pVawV4qcym$@At@Z?t|8R{W^`cXct>&o=p9 z$Vs5O3yi-m^nVlub7|tf_sz-diI~;phj{59Yiwt>O~qyskEa*a8^Cs;74Q!39b-hs zigL0+pJ{BAPpx7cTOZBcbH3mD>B;D@Lu;028o<6=gw#Ompe_NaHArpCakTpJm&2Rh z5!e#%M|rOK6 zEDBa<@}Bs!*;Yhz=sdVnL_Oec{I(!R*NkcEgbWw6q0;RMRt!vIHP-1_2V(afWSdp8Mwps zd4&D79(p--DdVLVUNo6 z@HAUZ^)mFMO8I*q0}Wt?q#WU0LXDwrmsdK=w5I!|U0LzLg$Hl#{)XHJ)em4=miIf zdXgp;7k?~{9CG@qEV+k?r0Ht-`9lL>eV$&dioLCmwdhGT>U6QF=w-MVGLozs2UdcB z?aG#eZ9_nd);Kq&`E_hvr_I+Vw&E|j;p*tmVa=5^DZpaR?G7K&<;}Ppv(QjTuv6Aj zkh~`6CfAQ+VY}`sOOvUX12FG1_iLF(&89}w8^C`m>&n6R-X|T9tJbcocb^a#3|@2k`tzNT<%{|L;y+s;b|L?Zn}GaZ zxQS{o|C=-hBBFlBz8Ig#ks612+ZRR#EW22u-*vqY|HX${P25b6}{DG!DG3%aav*b zGp35UHus~hbxFv5pwRfHR31eF4_~rng~)I;h;g(AD}tlNW?T9UPP825>gme}HivN` zeaFAEN69`)nsX*7WdsITFPEVH7HiwMMotnGozsduX$~kiN@5b0lP&>tlA^%hKoV{R zK;?1hF;|w5!+aU3^&a;PdY`-Jqi)^j&qVfFq4V0;TBt5h-U9Po2C9^REOK?lW>XZx zsR0&wue=~>`nJr2MD&eI*(bhrTl46_4^n2(0>BRvq}$w`WL{f^ymkj@cq`ix_HT9~ z1|j{jww=I&Hx=Ujz^t?3QVqthG8jV{fB#DQOQJqVl<{AHjNZ?T6yv$H;~-O*8yAt$ z2PfL$!Ax)CG9=H~wP}?53cIhsC(M^etU*DKng>nyz7I$^U9V;c>|c|Kd6T8xjUZ|p z0^PM6XtuU5p~YvAE%-{YmP3j5fOD-}H?Nw#J(o$%Hj%mT_X$JgslW2Q;I$Mj*kMC6 zk?(@U5z`Zw|8DB(X%^IT`A$a%biU9jwYfOkvwEY8r|ik{mYeA;BXXxJ)jS+_)Tw7y zhAilRN)~AJTRxq7XNqT#U0?b&+yT;fM)}n{2`hg2*V}F!XG-6EGCC~6d(r}b9!sZM zXLP|iQ10aREuP)=d8?eW4q#h;@;=3 z;7v9Kmc#QWvHFuu{_a*sSx_H8PR<+K&BgqhuvfLqPB~uwq2&Ww476$y`Ir44CCdi{ zHe)vrzeXb*Qm=Qul$~03P&xVo}|F`xKfgV#)b5zL6P*gBjt|gYP4%wM`py?hyA+`4>!|m3qpI?lO!9s~N>cDG7QJk9ooUzVI3$ zUp@}hg#-z3j#cXQx9mK7y;`xNu=a#5Q`UsxyE^9-)c4Qvun5!6;x3}KP>MiS<*y>) zaRbfcuMsA*s{2EtX(G}jNBh#&Nh#Sk7dxAJ3@6jN;{L|Se`h!@wlITl;0Q*z>LPlfNTj(TgYbo}Pc55? zp%YRN0@upDEN_7<#oAMiGpm(3&p!0T266_`LZSyMQCGp#GZ^$prRBX3jtk9aLKB-u z<~t5?lQbv}b9#-CzoJ zGaH+5c=RS^5$I`Olno5dj+a)jW5}$zrk?OOwP%SJEkjp4dWmKLP8&VFnbBLM-{z-l zez%vqpz7_A{oN%L&SVa zy*(j^aUK)Z=BasN&|3>9QvZz^K|lWzXHw9 zruHZ9cLK)y&)?>J-jLwIv*lcV#!)$$1WnBkCuGFIg+S?N!pbMYx#j7$oykmxA!$Y0 z=MU7+Ez9X@m?;WaOAFR&8NM5=a?^UZnrU>#^r%%&Kg1xh3drk{xJc=L+F=&N-dsQ~ zv>lO}cvWY)?eVfEZOvH4&}4`i{u1>jYbW2bFG|n~n6E>z=J%|R*^O(YMg@qzx*1h; zIO>)(!Xb)w&pOar);TS9768GG9I!@{qw9k1`)8Zl_2X{VS2=M&9HzX|lOsKydyw7J(8+4uBl$!rf;iyH?&I6Zc>Z`t+? zOl##Z*ETsS*E>;ROjWg=oQ{&e3bj~K84muPqW)S6m~q?}PeW%ea3wZnw3{kZ)nN^}I;NyOd%&FAX2D z_(?3!%aN*5umTn2RBBwfx2~-_5O^AXp|-`teNB&JWFpDwFvsGkP49}__&!1irBBU^ zqeE&(#I#(_Pt}}?2$Pc@%noBiRg|9McXi_aJQ!Ym!E0{K{&F|uueN=-Ap@1!SCWMH>zLNWo%lwEJo*JuN zG0n5P8&88|zSB)HYdF5M%cK-|Lb@k(MA7C0@QNnvBcWh^SXh)+WrF;uA{^j4{;;uC zBK%#wd>yIi!g<1m>*S%-#zED%o*HHF581MJ=?pTlyG&E9>{q^A$=PT>-wD$sYN|cs zvlncJ11D~_$n)=>-qNAnasuW_#~CDXM0b%Q5MH|oB${+i zyenhD7lW_A`KOpTeb|p*5{dR&5(FB?Ratx%r6*mnFYeQlRJTjw?1!YeY>cj43b=fh zuQ`xKY>Cci(p$tM!9dY^5)_2c!bFpg)b}isogMCjl#Th7n2@#mQ!HXU8^C4RN1JR% z0${%7Nzm2!-*$?g{IAddm1LP{F#it&OCtRaNSwfl@VVkW-d!lBBMrC3*%(zIvG_pu zd#A5YNpt+Rinv>ftjhMPLRH0pOc4WPw)tb#B)ZPQ5^xJj&Nv z4>wTnIBM_ESH_l+5iBSjYB}gyd^aGqh%D;qM&sAIi?!@q+IG?}vOI7rxH{x7HpNLS z?|1NehKA5NsO3*pS95O8U}ceRXLN#8a-%Qg&0Lxll+j6}~xMmg^J}-T}iK^97g3_nRryNV(1KivZHS1XMM#oge$CIAqv_I%WQ?MJ1 zjf3UXll&i&uuACin?=cVLa&`FCF7wAUg4v-1$$}wvY3b^Ab;FWYUiBm;pF@_#+3ev zlxAX^+Dmb|LeR&|b-eoXE#X|ox984V{h#f0?k4*HA8SFqTS=V2?7wn25 zxQ;mgQ+8prx9BkVJWkZ z(H>R{nvHmoZ&enQ7rHkG?E+R}6_)xr6X86X^>GvOeU?PfJa&2}|LdtOlA~MJXI zHg(6b@7lv9EjN(2%_I#qCZ#7;4k0&>zrY3QAtgW#9?E3Eiuc#f=y)Joq&qaVr>x-y$z{CIKsfx=Ix@(4{2yvcgiw7=f?KX|;sjOw^Wpl#q?(MUz3Z7{~Oo zq>OR2?C~T~KDHx79DaUHIShr*eSAu- zPrz*P_7<~7dmz}5h}+F=Gp4+{Ul}F_LvGx0ilpV3#vA%5mxGFR%i7N{NSh&^USZ*J3FCxVY?TveZC>t*)g4 z?8dDStz~z$t#4x>6;@=^8S~RX`ClL!%?g|nZqMgX!<)wuorH!ZGg60vVVxJ33s#R0|&h^%5jS(C%R+fF0AQmtzA3Rv` zI&HXQ4t5?Y3oG@V#x;y>j+7${Suy>+wGzfDHhOc;PQL0_YdCLzxso;S!?=j8IciY$ z55P*I$6~+Bg^CKI(UF0cp zjWylMeIN*CVSn2#@g`IL<$9TO^Jgv|yYGxlFy@}u8NA1H2BKe%rNPEBi8PQ=;|B5w zSV+;LP}7mrg1q17?}?+?f%7pbLMM!~icddEZQ{;W!}-X<0UyL%+bz_JJ@sV5P6DRo z^P!lXI7Qlp(wVr`P2Dh>d><_KodMR@_sv*y9S(j9 z8e{?&XvV>|_wqgRsyp zXwIkT!qh{7CCl9J@`G8ExL0CU=NG{cL(7+M7*@!3DY`g7&MRiC&Tb^dl27Jg+UN7c zsaeI}=Vpk}l-qzC^kZU*dMd5DR;Isy0UGcG`FlC*x5i(o!r1K@{YCtWOL8c6%nD!+ zFJGARJ&4e7*ed%*Fc^vU-b^~S5NiIp>Q;JDc(yn2d@C^Zw!R+*kD0y_HML!HD7`V$ zlEp_;PWuodqV&n1ws63}@N+$KX0#adTpguLwd<)T27FO3kJCi{&fvQ84}(B*O@^FF z4y{MP{X;a`iIyDg!3{|Zg(l-L5=}#5=*!dZo5#IgZ*qH!sJO;|oShY_7Ue%?~|i!yX`Eb;QI(&>4sz(u}aZhgZsO&c<900OcPZ2c;vuE zl`^tlpVT4mPd1m@vn{a5QuW_{^jYOrNCh%gl2zr)LZJ0i_%#qfzoV#L2i#AmqNUca znD4~y!y8%Ml^Cs>JNNE6oL~nX0}r}SBux63go`oBoK+yc`BXryK1imNcc-R7jPfid z>37J*T#f9Ccp{(F#_d+qZq*C7(i&7I_JS=qPMjqKW4VqeBqV@ha`jGP#Nv}0K(x=6 zixr&clyCx}KT;_pT>Db&W{Qa(hmP=VQ_wl80cSs6`nrJp(C;OHqil;>vciIkZuwFd znDeLgmzfG!rTs~{7T-|I!dTUH5w9eue@5&TXxv(ge zP-k4#lO*CeW5#RG-P-t&lBsBaeGXM#puQUfV1lW7_v!(d)u)Ee#;-NgKe&jQwZWq` zMmM%{(*ixhthCZGMl%P$DB&p@XZAA^Bu-Nk(*h)0XcqNe?|r(k>3V&Z3R^9?dj;<5 zGA<8RMUx#6n;EARsk#U8pRDgF6?3Ubd-V?w7Tv#X`9`TX%G{8~N}M-zr>2{_na&>z zyubu&_Tp#d{J>jA{^dg|g5S@JiZ+a1 zvFkyzj$`G$;h5%EoV{Z_#&z&@7rwUk-I{kuC4YBb4L`O!4Xf<&E&Ob-kemV9ckHbh z=<08j_CE}6nq$YgLoU-M_bO(}JiRO&=HSL(x3MM}1>+XhzRtfc?@!pxSN3lhh(;4x z4`QhqPdfZ6mkdeJlSCgX{;h+>baj+g30Lm-*ClN0t>+^7x}84w6?2@zF+sh<0pa() zGZDq{bi)!b-qWYKW#ZM^go@i^#@_UAe*>~~-7`qrEI#yb(#|R5(h6ZMF|Na|iVg+x z-urx2nhESpn73}sls>n+8rZ^o@oJX>a#gF#E*@}RR+d{jsEsUyICW4%!GJrn?^J=# z$cxXhWf8Zy<|~Zu=(S#o7oJbB3T}m5FJmFevJ6xxT-Xinl=bvkLPR*cFI?E1%3$fc zO}G)55)$e^HqzGK;g4$<7x5jO(SJZ&W`0M7^}EPY1^Wu-hYBTCY?ts?%+u(Zj*fGL z*G{G%HVq=1MYBy;dGOvgM|l{38x>Ua@{OrF%n@tP73znt`=SGSzi!8Akwu*{7=K|frk|DbqVN$mXT;8l0FaQRl0 zHpS#AxECwT_n?K4D-*wGiTAc;vS34!qGhdxhXHQtmJBDJ#4~Wp3ntfqO1@XhqOV?N za~5ptvChM`!7XgwZ%S)~rTAC^QSaOM@q^>BVwI!ZY-j&9cvD>>)%_j?T?fjQiu#QB z>3rp_>B=PMebI!Lv{kk1%kk+t+(wNjg~0J1V$idwtF55aBL1t$z%4-K_YONjM(!>y zbhy-*gZ?^q&pABOt`21cJ|cNhd{i`sG-5PkJ+ZB)Tm9G0HbjPk9rCehZsRFuJEKRr zq4-@Hfj`Vkj&_ClUouO3|H+bb);Z~mM^l)cniCA9(@jLV^o{-UDyDkA;@za4+jy6k z73PPxFYU~ZiALC`V18jf}fq!bPpb@I#YB1+# z=5J^BMnVXSS|5(Gv4XR{#Mf;a66YtCn*6=&IZ#9X0^tSjI{|i~A0?G1yrqHaIn-?a z?}Co!3d9MsNB$La-ZfZOT?3aN&ubIk-SK{1xkyE{x$H02?U2XUkK%#cW!y=+=oh-? z3hv4A`Oa2q=ys($e+{gvfJA0`9iM5={on>$x$Kk?+lsJa#<*oIIvC{#s8aHlP4J%$ z6i|xTJUsUN*R|#xScl_Z6=+kwiT!HYyQ~EnyX03dZ&bBHv1HJ$~bw?o1rSLeb+4ew^(ICDWgE3l-3^2~;On3IeH-jiUq!$IG9sZw-Y7>u!>V1l&du`FAzd;FO z_h_aYFN##Cs(97Jy!@XNbjFp(+hvpcqOdsodaE-l*~AlpEO*3)yEulOO=*}OlqC?d zjF=nhT?EZx-S<4l^$e^0UgX~*sxO)aw_)NZ+-`pz-Mx%gVCaft!voEko@OSjChT&P zpwS9SgMsVPzl~NcSuIB;2Z%=Z`Qd)lOubzukby4-8J{@( zF{qz!scxxmj{Qyk3n4E4ZziifXK*Ia*>x8!3c7@pCfzHN7{9%PDps`}pR?VaAABW? zP-=m6SgWF|smmNKFK^)San}jsI#exMwf*kp?~SmA%yboSQt*WJQ4&I z;OM2F(LLoa^oI<-ylurL7V%GZ@Gc)g@gle+O-{arxyOqSYODDD+KaWka#1}U=q;xk zxXp^X@sb$uRQ&%M;MTFU!rAMuND}N>;zPlv%S>xK^xr$Va9-N(7;KGI{Zsa`)bDuW JEW Date: Fri, 11 Nov 2022 21:25:01 +0530 Subject: [PATCH 068/103] revert microsoft --- ...-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json | 175 ------------------ packages/microsoft/docs/README.md | 2 +- .../img/filebeat-defender-atp-overview.png | Bin 0 -> 170105 bytes packages/microsoft/img/logo.svg | 1 + packages/microsoft/img/siem-alerts-cs.jpg | Bin 0 -> 399141 bytes packages/microsoft/img/siem-events-cs.jpg | Bin 0 -> 523409 bytes 6 files changed, 2 insertions(+), 176 deletions(-) delete mode 100644 packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json create mode 100644 packages/microsoft/img/filebeat-defender-atp-overview.png create mode 100644 packages/microsoft/img/logo.svg create mode 100644 packages/microsoft/img/siem-alerts-cs.jpg create mode 100644 packages/microsoft/img/siem-events-cs.jpg diff --git a/packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json b/packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 04262528bae..00000000000 --- a/packages/microsoft/dashboard/microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender ATP Alert Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset:microsoft.defender_atp" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "w": 4, - "x": 0, - "y": 0 - }, - "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "panelRefName": "panel_0", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "74d36139-4d22-44d4-bfc8-020c575febb1", - "w": 25, - "x": 4, - "y": 0 - }, - "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", - "panelRefName": "panel_1", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "w": 19, - "x": 29, - "y": 0 - }, - "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "panelRefName": "panel_2", - "title": "ATP Techniques [Logs Microsoft]", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "w": 4, - "x": 0, - "y": 6 - }, - "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "panelRefName": "panel_3", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "16e7059b-70a5-4ea4-b622-9015d7430419", - "w": 4, - "x": 0, - "y": 12 - }, - "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", - "panelRefName": "panel_4", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "w": 4, - "x": 0, - "y": 18 - }, - "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "panelRefName": "panel_5", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "cb8de6bb-1096-427d-834e-210963aad3e5", - "w": 48, - "x": 0, - "y": 24 - }, - "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", - "panelRefName": "panel_6", - "version": "7.8.1" - } - ], - "timeRestore": false, - "title": "[Logs Microsoft] ATP Overview", - "version": 1 - }, - "id": "microsoft-65402c30-ca6a-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "microsoft-3c64f400-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "microsoft-e415af10-ca67-11ea-9d4d-9737a63aaa55", - "name": "panel_1", - "type": "lens" - }, - { - "id": "microsoft-14d367f0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_2", - "type": "lens" - }, - { - "id": "microsoft-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "microsoft-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "microsoft-62f081c0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "microsoft-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_6", - "type": "visualization" - } - ], - "type": "dashboard" -} \ No newline at end of file diff --git a/packages/microsoft/docs/README.md b/packages/microsoft/docs/README.md index 1f3dce647f2..7d31ee6345b 100644 --- a/packages/microsoft/docs/README.md +++ b/packages/microsoft/docs/README.md @@ -253,7 +253,7 @@ The `dhcp` dataset collects Microsoft DHCP logs. | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | diff --git a/packages/microsoft/img/filebeat-defender-atp-overview.png b/packages/microsoft/img/filebeat-defender-atp-overview.png new file mode 100644 index 0000000000000000000000000000000000000000..7df250e2ae8858b2323a30d23d7d252fa431e87c GIT binary patch literal 170105 zcmc$_cT^PL(l&}&QNRHa0RbHZBn~+ZFe*dNISxpU1Cql4qarZm43Z^hkeoqsW=KO0 zlEaX5=HqTARtyi93>OCn2TwvAs)&R0 z=okm*9`(c9H0Q1P_|u0+xTb{to2d==L|MTR{*{_n8n-4(Oc$*|A7w=YsItv9VlQ^W|t2TU257FSfpZxxNgp$_)AuXMX3;raqJSh6^3;W{yUIp)vyE=kC*@?HVU8@TqDJSfC!WvV$=FP9uoTMi(~ z>+1|$T>7k(+lG;T17jVgrYF+_ci#V{sb7$|o1Qk8Jdbh1G2*QsS%*o}+CDy2NR`C= z07gn;vh)wwYzzpJI{L}_9n|XBm-5GLHEn1c*4Ty=S`rFPpUG{e2nwG7gq>8Jl;=aE z+{%kTq!(PZ2(prqiLO5++?-C-Q~C4LaCSbJoiJ`%4LX*cA($M>SYqkP$jG_Q4jhnb z?myj0daKvxy;PFiQxA*ILauW9M0d;Or%#LG82A|L(iIUoh%7~=8r$Q(lAH&BHLJsU zI2xWt$HPXx2otM?wkWC@aCfBB@nCf2)>C5IIGDE|8IeS2#HVzhcUMq5pZU@YWx_B#sO%D!H6`Nl2^=4sz`6 zJ@)PB86KPI8=0QQ^bDU=4G&RJ)+L@{C7cNBF@tWyMXBrNPnc!e624iVGUfM)9vpQQ z)z+fhj$9CTZ`8NitVlK3FhuM!8D`>$gzdzubebnQJ^G_VoNGtKQETnK&QHm7+<1<2 z@r@ad%%J-Zm~Z?{O8CR^7UZNh7i*RitEEC;Gv3oq$=hYjzC{aH!%VI3tfmGnIea>D z&CAu1=DSqiq*6GdXkG7i+F~FRTP1KTin3KO_ob(OJ>JvV_BV=NHUo)r0Ye+ zWIogX`;bb1YbPhkKl_Nt{&1xr7?~0Cx@6+AI%P4MnLI7E!EN&EsePGHfPm4Y_t5e- z@&I{RZK_PIW@@8OLD6|Kk7@NugSOZ|0#~=LcW5n87jIjzIv*9RdVL+D>U{!=CA%78 zx@tTPA5rYL1{j<>xt7HTE|9d1=L-_8pS+P<9Z;sy+9Gxg#n!KPxPo*h?-;RJ2L^X6 z2c4}euRdgeym#?Y5}b7|xhAc#*Y>lca>KTFK+i{*f@|`ngci^4^cWc0Vyo-m zS{H5Xlj(ol^PMabeSFH`c=}MrygK*1Yl6$5%1Ru!1X4c5xS`+8lJTo$1nIH!fn*xL zI=_#PjJOUYB*vt)bHD`4=+R+qEZ>jb)5tP)-xoNQ3;DxPSGS_RIw)bc}^eG=6B4WYU{Jl0eLSZzl6Qq#a zka_jfH+E7<&46=wHn;9&vkju~a)3m?ZCOlNTM05(nkG3e4pn0$4n0+Y+V@MXrfkZo z*d!#jm8)_H0UQ|?+|{HKf~bF4ebVD#zD_`)z7Jc!stQbXDSTSt!!qOT-S579+leCO zEGKThbQW!SzFrvPPup)1TRzDb8=baf~UzTYHL{-Y<)48a&>1- zBzD3Ckv92L?wK))B9eQZhyFu@YVOA|YCQMr@>UL){}{o}UpB@`!lR-zl$1)C-q`E> zjuTr5qN7cq1`;@p;vi=!LLnW7T+xHfBqeNaS`KBFhdCiPw^?E-0>Slc zZj(VBt6SnODqIy?#PJKPNuNB7qN*qAn(Q{_!e40Kq2xWtqPOM=>~&|-HCE#msfELP z>Jc3_dIl!+h2==hXLunpI`*JpuMoX-C14lPj^rmh9i{lLTI#`Fgz73WljFQ6@pfKj zefNpDXFKuEIUw{i!Fv{n5hlEXsHnFF!8BH5veT zv{8He;^dg82u28yfI2W69sjN0ik&*dEU}) z#&SDwNPxQ1M@!m}WhVje3JIGJ7Y-v*1xH3JeMwzeb~eLr3SxW;Ndch&^E~Y;>dt4U zewvzUM1X&(y&Z)@-4?~F246F=a2q76OtQ83<)L3WEGB-MklYSbh1OOz||q)0C?dcgXA_B4-Zkc}*j6mCC z+rz{o)iE0zn8gyjMyCEfG-9_kH(W@Du9}RkZycK-JP2vJtrJ`+>u1*;U)NU9?Q(MY zoUWaOHUHvvX0@qGJS1H8c!y)FnWKD=T0`U1{Wyazp<4Kh zIBl5IT)0}DXuhOXRm6d5NN{rm+yx3Pt~J2U#1Q^o-&z3MosP8ZRYxJPWTh*n>OTr= z&}ncrS??3x00OkR`~8~R6!9b*%&8A%1So26t+TkzPrGV8Lw>u*%Zr|gogF?qxY4=9 zBretd=^rb)T6IFA@RfUglxdk@(5Ld6b5tM}Qc_W|v|9-^w6;Fq9$AB{4oXzi+E^af&lXLKHLGFsY38@srO75CbmNTn!zAhY<5FS5nUr z*nql8_0{jl;)Zr39r|$9E^w9bwBNRLIh15Cu{nLaos%p@3we%?gDN{(wxeUDeVn51 zBa7x8y1^#(f#*sR(6Ex(&F2>94aDWfaXoun#PmEUhtyEtl) z-DVPY*vIIXxs+E&VZRAxDYM-L9krytgrOpktN% z1?uK?kG*(C2GbKjxQux(-THdaK@inGWy<$fDjm-HR=>z3E*2&JvV`d^L&8d#Gi)rjs*Oh)%Tj%Lu%jn|CY)R)5~6dRa|778pr+_+H+S5`Zzv!<&eIXXQT%pCH^2-^E6Y z5)%TJwl$tT3oTeH=Vh{QRra{L!fY3GXHj>L$3YUzKNu4Jd~J^Pp>)GmVMk6L`7%9+ zT2Ajg>>lz9?^_Hn%JfgJtD#nleVKIi{h9}xW<=aFZ@aBqRLQCJ(ZygAJ2=;E8* zfhM+?I71wSrPn&o;(TGS9xk_+kpj+ z+E1%5njbZ5i-K*tS>i1dK{Xd{^EcB*s=&cS1McPwPHYs5V^8tM6E=Xt-01;XO2c4r zI#fB@olWbt{qC=?_5aKO{Wa<7CihQH2?quY+B4BNu-UxkT5Lxxjn% zE75oy%+d)Ile^j_>rWKv`Cs6lW^r(Xc@cv8-L%te&HIe^-SICphN`Q^C0-3?C)lig zaBz3Ga!~2ObnC)aYK=JEzqZ=Kjb!y>b`GcMwnl`$lN&`zAgl(L8;VecBCW+fJR4SI zmiUb4 zE;caXPG3<*?-7ra;-VN%+KyDcDWbZH_jmijHtgIcbGA}BvO*E+2K+p~O6Nb+c>6&d zw|j3^^yaXghm-@RJfS)#uQgn_xEw455bmp-g20q@11vuAqfAjR=2Cq?)%bpT;R7mP z+4##Um0dh~yjZfQzxBlpYg(=JDP}{&ciXS(PNx*eN0@gO0ikhO`V*5y19U6i558;0 z?xEK2YiVd4(E*D&x#kJ|LB%DUh!aNn_@~GO>1Ef|P})&UA|k_RaM>rMGYx~uiAg^{{t|5PJh+|4D=$`^TC`@ZHPK4*ekK2sbgcdkC&VD7sZJrL zc2}!{>E|1uZBbf^S)4wI$-amNIJgfRI$$6IjJ78tw%puaYmh2w>~-c!=RPewH_27K z80aMb)z=(WwxzGxY99)utI_|7ks7>+2v~ol!!yXia8k}fOVD8S&w#-J6_Xn+$@rQn z4pNbiB1h`KWM|uGYSIGm28ZetMjZC`1DGG_ICE~DfVb~~V6`DAZf|SY%hDg%L)Ro< zSB-m0sm*#7P6mB5?1xk}{a>YqkCl)`MjO{G(sST)i_Er<9qF6KDeeam$0Dp~<@1U# z1V)lLxN~fN_&QOul{}iI0xqw~c+CVl&&7_`7dcEtI_A5#1o$beLi{c=2b^c4vt~4Xat_bbLNm!iZpoya!3<$)- z&s_QzhgA9Ws*6+j`S=LAt-nzUjxrgj`~*w1NVkOQno`uns9;HO>^Pzx11Z!XiM& zq5_|JI;_km|KqjS1`zjYe>l<2iYH{?nUrc-UTnZkIPhJOOT+L5Ig9t4s~t>94D<$< zymn~<@Oc7g*BDgmLa>=+WttkbY5s`YNBht;om(ukBud3*w0EjxHJ@H!t^s*G8#$55B}19Y>D?%y5mK_9DLR22M+BD9aZNAcx-pT^b8O$Io~2 zMe!?GZB{{*r<2}qfI$8AK#gYtc|Td{YF@3hY&F{~Z!;x)>|CoJDkmq1QL7rl3Z+f@ z*lW||VqD|bVtr8-`WDvhNN2Fu*UExi>f8B~_Gk>Yk{;l%4uvw+RLy!-mica~-=V(hM6BJJ(_bk54%$0cpyMy;mK#U+9 zRMI#&wU0}=opE?q>s#$VVW)qRE3ls;Ez`o<`X-ImyIH!v^SrqDfIyG~&CN&liDP5P zs4k5_00%5nFWl_Yy+GS+*9TJj#eruzd_gZMHm6=XnzC!~QylhZDHfejNI#hD9$6|| zZ}+=|OwXnx9iQ)VcjgyJhR;^*c>Kz_E_w9xMP7dAn-nivcydomB!K1KqH0#Yazhh_&^=tU}*xY=36jv6<6Ki6~o?*q{?h~2ARnbuC{sRX869*AKo{8DY492lj=e@%A z_N_oP?fF2^rjEbtEDqHB$g#;UVzq9~aLF>8{^ucQXksvbtVkP+Bk0#V+^jTAF;Eu;Fq74 z4kA;H{3Z~^sgMN9!y!Bgu}w1NmXC*K4GlcKV^a)Q#^b`1t9HCj+gGb*J>T^p+Pa85 z?Z&}5`|gkyS^5%sXHtMd!|O%vxaGPJf{07nLrgJl_I(9+jEqf}F9*HKvUP(|(;MIw z&il*Oh;HPgz^c8$eKv^-EMFVcetTk|7hy4Ne9swgFsstB>Ro{WN67dg4QIrBGXf;H zM`Dxa)v(oT%->Tw_jJfDjbr7!uIAAAEavfgH@YQ0^ojctg*(u!ebhaq9P=WVV|G)> zkkujLQ6~HTSPaCs6kM1rs>7pR(LBo|z?^u_iL7fyMElsToPSqz(N;FBZE~uqfe$I> z<*g4{2x};b5k#fGoC^J*`kpA?SB1wS&unlevb*YW8+eDI4=Ng;_37%sghW`7TBucL ztOlf^Cpm90@SqzN>+@yr-fadczpMA0HUUYSKY|_)PzW~KTBsY7B8PF0`-EK8sf}eg zWc)O1;&s_(zD6STC%2w7UYH5Ee)s3GHtmVAQij|rCL;0FGs-{qHlqOZ%TrNQ`N zm$0+Cn(J3ZFI8(QsPOxWw-@o=K{F`Jzh2S}YH%}dR6@1E;H!-3Dns_(^o4=Bf7}(P z&ez9haxg?5iJa~Dza^@hvV5jof}x3tFx1S9G!&dV1TyI|WLHvJs5>XH3Vw*3IXt>s zKG4nH$(3?s;L_PM3QuC^GMp?5L9B}|3q#y3e*R3QREAonMo(_v%!s3n<5;%!&1KTW zvKWF+3g3>fQ67GfH;TOrNt=@0>_`}6uPZ@d`y_?qy`WQ-EJiA>O>4wLTHKWT zweW>wn-uH!d(0{v+ua*nsdjxP&Z@{STtZP~kW7W&5Z~3)e2`cIK3OdH8MfMcgRw>R8PO*Mf<+5;uJSNqbGH$N7(Q<$nfjv{|WB zj#Yol`FQa4-AH4Z9wN8O6SnM=|J__18k_M&7d|pky1AOs?};1L-$iZcfFch@@d(*F zG*-g_xeF4eJVKw!F(#9-HAV3h>}<%(-3|x##DvWj+1m|QTen!IdMtxK7d-#Om2ibI z9?5_|sPLvx{`6oH{X|PJ*Yov7n%TKti>8jV;Z*g{I;Q&U{VC?gp{IlXJFB0^9fe(S`m2f!evON7^%M{Vq0x zzHVgIzv|#{?dXB>yfm?x(o;R>ASzKWEfJAze+VUM;qNt#phueZA9LVw?;ok$luR<--k1$Z|Z|-B@L@Kf3=4 z*c+|ASxGm4_;TYO6l%;;{&kv8-LW7g)3xajzXaXoP+BlkqU-xk`ZgT%{RP3{@&2jV zEZRRh9|%Ms;~qlHpEbDpcF8D9nSy}O<6T8Y?f5+-RoY;-sLkns$C*}8@E2AeU*flX%CnPD_dI@ThZo@KyeunI-+Xi_a6D4U6R^%pHU^l1@$(F!B-}G*K&+v3OEJS5(Ee5g~WZAH{byE!^<+!uC zVaZ)^o%di}LR@+VKnjz0zD#CzaPX4)O5*HV=^!S!w`jdyKvy!HWcV5;BAmJ`&l5C> z*d!2KSD&$>h&!(oB^bu?FO@AG*1?pRuF+&w`aga&ho&FXPY9ynJVP`a zt5E}JgRKo@QmF&cY+#)*l<9Z{_Ak`^-`hdNO<`}c1Y~?h{)Hn$rnsVni;Ywgdhg!o zO%3A)RCp8*Mw|^x2rBtz`b;j|ubBQK=oVJ{Ha|I8^^%P)18%CE{oQ@68C(ymvxUw0 zdfun1RdAb=6JZ__Q~;gA&0QK1h~HbUPUNmafyU5G$y;KE}{1bwL|$m>r|xq2HzdM z6kO|+(Toj_-Wy?1xlq_Uw&ou{rkVnSa1JBo82<6?@yD#HXJ9-|D(K z?#LM$n_qyQ*n?Ar#_E$+z&F^b5eI27drC#Jf=aIP;l7*L4K8c~Pc*!}O7f-rzFn{< z_WYWSyk(hlbI#noA?!usKLU}!7o$G(t)+(y!AiQ5geS)B!O-6 zPFLSsB^}CB=3bAdq$C&Vcs5g&s2iB7`RgBz6xBl0@*A}|hb;%>OLAO|d@mAd3a!zj zPc04OwQa&+O@r5k36R6P3|ga+L|Y&^QuIZrvV?Wy}}XKvo|O3@^Q%=0}o zkU_=MPZ^5G5E)fOjyOr{qcyj}_$$q*PLTDi5bhEVSX?>~OawjzG4$lsD!~e!^Xyd2 z141uuB|RzI8Ez~s|3hUsIM<(^GoRa%JYw0&i6+d@iqA^Cyw(E~9@8pntWOV8Dv9kt_HS^}6;&!+)s?s01*}%FP9Y zO18dh`>%WRLmydRFhu%&LH#!)rT-Q1KKp-BS#&;Zy8Qhd4o>i`|Ig?x{{z$bii&}^ zHy_GrtJ}{OjG6?VcFNW*2ua%M;1@o+Y|?wVKk~Jok@NhzoD{OppA@Ir8TfOo>5doI zQkotup$F@Xew0vn*4$2?lHMH{%RN)b_H8XLlwGS{`!&A?L!qH` zT>|XEdyPim^a@Ph*z&7zO6_K1eeqJmkIyw-!dV+wq@A{dLbmJ(e*fMPjd|rbd|m4%?*WW?{{iix|}_- znP&3HJl;IbV$dK{TjLz(YAaf!8L}x}wJtxL3QG+u+7#;&(v{8tGz9liS2*sySRPJT z`pcyc_=Ce$uLLKimU)u zS$$CXrYJ{2ZS4ATSC#681>v;jQ`bm=gEz=$Nm+w4!(41<96yJz*!^rxR0 zI#xFP%WUK)AepEuYhf!HW*;8DUyiBN$DMTNm{(zpT}y_|W)oW+F6EPkz?A#I8*Tw? zfRwSsoFPWjz};u_pkI#&K(9npSRh>+Ne?$97>-%8xWVtzSrcQF)(&AJfdY3$I1af&pGm%|IaE4ivJ!gN(BF&{cGPzdy*L)!Mij4T| zHNDFut_3_e@9>g4cH;_Sq1f3a=u*?NrwN~_-MwGdi_kJ|JIXrHbw7M_Q+LvOW4$xZ z$_Q=vQ;$1^=_8lXSx?Tnd6Z`7H!^4LZNE^|Z|j=64`h%-KSbph?>cpyb$I6*5Ri zGlQ7t-}f^gOS#2;ylsdjcl*u%yS~ghGLo?(W1H49%ZR$V~Rvelvf4RRY=!{?LtI+ZBOsVg*H5VJMJb@`a9B zRdH1s+pUojs7yCbH~xjrn$Y;=oyW8QU+sLJ=QKbYVZf0wpism|gXUSc)w7<5r@_sYvo zti>U%Fx$W+&geb=O9$Yf!?QrX#6eT54=_7Pu_02-Zj{6OxuPbtgUqO?y7S3t67lj@t zX2}9ms+)2>JqyY$&7>0-%7!%SxTR`^3rIL%i!Eq0XAppSPl3BU*K;G*`c^!A^f$*DX z*fKy#@)5%FnSmzkPJ=GNq({B!Tn85r2z;G1Wcyl%0w2>A_uza)@(s8+Et|)}?@h6? z*}_;<;+d@`QCD@XVpZkA;OEEr(Pp*X18#$a7zbYSNZTdhN#9nkva@R&^Zc)9s%CV} zD}}InG6&~b{;F#^O*%km#sE@QW^{Y9IJ;Sm4rpVBSH>)z1d&dK{TC4vI^0@aYbn&O z-Lbhod?r?VcgUa?(TLKbD|tg#yvOtMa<$A zY@q$OCYPbp4=zoEkTeVEMPDpTN}9sG)+Qh|F*vm!HS7G*MASvB*Ic5vZDEND#+Q#6 zBa;)7#Po>gvhR*?k@Y(UE=~-FQRw$}7Tig!)B>*W2tibk(m^pH=Pis+|3L9?7@iAx z-MPt~8ErMpk2Cye_9n#mW$0NVLqGj8w9ZX<3`-5L0A7a>Dou*2M{AB%6XvsX)SY}w zo6eRlz-wTUlLUGsWgs_lVkH%~?XNjTLMrJR4OarY8jd+f=*cBg{o@=#^mP+GqgE>? z$>I4Ac=6ICU3_{u;RjrPl1u!|hggOs5sC`8H`OEeg)r&4ETypV(Gq1S zxou>;lvjOWT9j65spq^t)q-n-sk87(uaW8$*Y!t%yFHVf1PqK+)72TIqD&7 z2SqnEW-e+M)}#g*TNO3dy%@vGb;jkhHr%dD(zh1J8mzZ4Jo^4}D8@oxni_m#1l)+SY)_-wUxF z^zd3hFU3dP4<`P8N7@eO+A@ZgC+R-2^IkqlP`Bo+@nSErp?m}ExBxSOSPhln+0)R1 zRCqkQlf*_V^Pp(Lmy2VQaWvNSxgkt!lD7*+>NN0PQ|_WZyd7*=YV26wFvphINBxmp ztF>2;#h1~UTERw5xLF$cZnft5{s9Ku5K@gctT|3C?85`)7@7wj68AE6ZGLJqCd3ca z$f|$CJql6K>0ESvQX#~zv%{J0r>!fL3wzmsm(IDx86}^&4?}wUt z$V%UIh+5yUeKEH`V)_S`I2v4YEtgmDc6M&)Vnjy94%;xp)vt#;QfncD*rS7Y9D8_)tVzl1pb?vy5N#(&G4Xa3&| z>;J(L^nWWm_@5BI|Ce4TW%pP4qAJEN`;P$fLvRjf6aRQ&(h}!$;=uUIClafve3;$* zS!kZEL|F=0@{ELVPyLo^lS+M?=UH*w5$m%q?{elh6*=|~gpQ;z;fBZNRqkWxntw_T zpOKX$bKPTmaVoI1+7oVaoF6p~yL?kIGxZMV#0eLygF;orO=aag4(zseojU)oq|EtNwsKCYM%W6h6*BHS zrFE0k{Fga@aU=t)>6W81T=Fy@HBi+~xkvwF3um^e$)YvO1J+TynW>D;t|>+s0qI-BFeyg4(g&pHLR9CgMeD$kB6t^h43>o{p zFGQhzW34vzfUCbRwrBzqc&Hs0D{73%97lgwTdQ^ADR>5}B*Zp>6_C4n<{ z?0vJ|tSs%s_Lt!=d>2&scA~u3eJ`cy_(}Eo{=NvS)%TqRHEBz{Qs1}9KjwWR!eAtl zzFD9ZK(ov^LCtb8NEUNET(Xx76eJpVMxDPOBCio zY(((vdrO~U7-fQE{5>q(r%GKc@+*#`B7kdkS)|R08i8^-iw6X=@k`aRZVQ25EKhqa z8YpHeB+lBpBvL3(gYW-G)jQS-i~ux>g{XeMbf|y;;EPVLp~xw=;Tk9XkxpI67q9-C zgk_p^gEifxWS9?8tiL?QMRRwvq1S4n=WTXuDM#Io0h%&@V>}xLW1p)4_&7>iI$3lZ zKrUEQCb(ApML~S?S+t5Ey=QcuE)(3H@;D+o8vjx8%7$EslS@>r zER}J7rJ;zq#4_^a;Uxt2O z8PCRR+5TwBG-*#FmRORx;e?b0I!{_nkeQN5)LgYSI5F^+Ugylk3%>Sng&GQ6KW2!1 zR@U(9RmZot=kmiU3#W)>{>P|}PneXcY>T6GX`Q9K(^`xB&NeDr{Avqqjf{pb!cpQ` zb>T`pyOo^b_jv`kyRJe#zMF;1%kOp;-pfbe>xOc+*17YMIW5U?{!+DNOz#>~>lk?B zLJ^u#-?(fetjjUC`W9Q@OJhNxGYK+#GuPjpyj%{2a+hhr88|>|qBFLM^EPg%#p##% z#8$WMjE&^gyVMl9O7v(gbh&n(u}iR^J8CKI)83Svf_yW4GM6S4?pWTF&IzMQTdZ|i zj7m$tTi*Zs+{IW4Z_HjUD#UFznQlKoNyq$=>w`Sr!&)UBJYcmNOltT-7T+H4oRt1=po_l6;{R!04RXwctEZM5Vte=0-T{<#fGQqKLT7oN!$ z;aV);<)l+TrZu)~ADX`sVN>3;e5i%~gEpVW5xo_>cKMBY{Sks4PaY z6XQ(dhjFy~%xDJL#kC~!Am_M)7>Xa)4$fGXTFTee`33AV(l!r z6AgyOTougn=3f}?=T42tuKW3QpFCG}Wu6r9pA#KaT3a$qVXTj*=Zg6~!+sLI!r2wX zP4_&c1as*yOx$jL$}q1S6mil#o47sY;6*I9BFArd*nGSn7#q82nOF%GSjp@y+{60G z=FR?OT+4wrl5Jdw_UFWK3*26fWXO$x_GS}Iw(P0LJ(UiNTOc`CONoHCosnm1opN4Y zD|X>i)sZD#YjRwq<*fp)yLd{&F-8Zmq8n zMXOi71CgYU)S~0V(z-A``7$3SnKm>N<0=+SHBz8DodaYmrbRXzIIysMU8JKCJs`n^ zc8}X*@#srP*80fV9T%{z1w%|M_sI1)?@WI=0U-25^62YWG1N>j4xPj^bGEPNzS`P< zkUhygPm==1wwK=go78E2k0Sm^zDEd%uhNCRVX2y)bOS9+)&k4U3t-e+!wSO3y`y=T zdwX+!VcEJfh8iw%Uqsu)M{w{JE{zl&;_(EN*B7o&Wql(90%=#KeN!SBU97Jr zepo>4H^0w8#L@L(7s?P0*PMt^mR3h9#k=Ak`XCf_D0w#Zu3BP zR>VP@*KAwu?^9^D>YSnfph)kc*YU3-4zsnLcVM9|-4#tP^JL{6Ek|Fxn{ILU6e~YE z{M2>+>*)->L)2aCm)1fnnM~%sFDLwDnKf+R9uJ>Sv-%Zon6CQxs9XC$J@gtG!GNPV z6KtS|=1O0Bv1c-sE~jSIZU|8WKbL-MJ9gnXkD_iPQ@D*v_7dJwUr4t;4IxwuN3V2s zb?0QeFways;C4k2FDU}2_fl*NLbqlWax>(ELEWIJP~r-i2gMOwQX?c)-j>?Nt>I}K z0jTPnVY~H|52FJhk&WxJPgjUGDD>VVU-r0D>QgA+Y#!?7XAj?t7H>Mi5|3SzI2jLI z2V=qW^ZWgE_RB8V4SxHpYe|v)mtI1&Q|HA=XI;!Ir6WBy)1oR`M~1z;Ka@@qzu?mo z5v2729+%f)*ITls1RWguMm08qE!~;EaX*j@W9ZO+S2nK|bEq80n18UmE)UbU3LO7= zMUdwXON`w@*6NMeXC|DPi$w27#ph(h&zMELoMn|Cok!|*22EI+jepGwpt+w28MhJs zP}`d#>$95>cE^598fdh1wn^%9$n1eT_c#*sK)>*0d!Qo`EG}m2E_(nkA(i!7j*T3( zrQ57Br?&k*SdxTJctl2n%m01#rP*GfWJ9zoEo!wNs*sKCa>_bRzU^%lk*@tFE>}!+=1BtV&wIx}+AJhib!fq>ZLI z1z;eO0hVmi&-#9LF|0;zr$tjhr3+zp+R-kUPIt|Mt39L5$GTK86par}46`_>__Pzh zlM@*t(N()>w^;6+lOKW-H`$2j`g#~`o0}J3>d?-jv)*fX{2Dm#3SOm+2Ze@-i$lro z&k!ZZl=`9~#yeMX@{Jp|EpMnP3G~**;e{n}DUNtSm@$cRAdqZTaO5?j`;aib248gl zKX}J4h=RdDRREu&$mTn)qgh=~Zsjg=hm+0v=SDe)OT$u&c+ho0%>|_wJkq16+4gg+ za`pA&&5^=ltxQjksDs;02BLuATnXsc&%4b|@Oo|OttjOqHByV6XLJU)g741crig`Q z&;p8L_Y_snJEL^>ju$|_W1pG~V}en*!Els#7+aj;6o1UuR*Uo7Hm3rL!}MF=y7``h zlBr$D-9T<2aC(=~Bwg;TGOrtVTDL4WF>lg3M;Us7K&N3^hOctc1 z8qc&8K#s1vE>@|LRf#@*^nso=(kHsEzLbH!_1+0 zNkT4nrqN}c*$>weiF&Vqz;z<_>BW{6Bt-!kXH8B9Dw_+ftyMv=HZiVKOndY=+<1J| zg6_F^jp@%0r300(Cji&=3hrSOI93&tK;>w1RS_XBe9lEw&YO9%edvN6I4%5s)99l8yYe<`WCTyzAEbVhAI7gx-=KOSourkDemMnIzYkC)yVT>tbeTa9Q~mt2fc)hox21@~2oT3BRsLPXQUt*)2B% z9wC4NF<|$sA}DfYXUx9jYJ1@PKPwTOYbL_%vvWJ05y3>EmCvj$Z8#J_paVsaX1ez2 zMgQO$LSY2S>cc$wG4jNEej)9=!Z_PQ=ksZ;e&wSj|+ z#n1f8K_SwbGIL<6)p`%>L-UPJlI-o2<{U01YxG)jCZYia*; z??8WcVId7r!iZ9dZgKmi^rS>uk%+c1=f?m(6L(dSe5E8J{S36Fu;V~0(fs|Sv$*V+ zR}ToDgeZ5hr@y3I80j?UN(kWH7>r_e!OT4lQ?`*wETt{U3f&y*uQx8L%qTuM>XyRQ zIvyUebIUOv$_y3BP7pA>jikfmiYD zR>J0q*SH*@&{+PLgn{Mu0%o|5@~bIaWT^K@Y(SCwYEuV=e3BU3HO zkn81L8Hs5{{Qr2*yX{P4?xv%CJ$}pj)lVmpG$U4EAF~^3!%b;-?xwW+QC3+?u{bq^ zZ$#;Bn6e>5*~}{DOIH>g*$ZDt03m7{-sAYxNrva2<1 zmiqYx1mQ&aTxDG7(}gj`(-%))%71~r6Oji<-;x?oEK+upO1A9|dtTPFlvx;CZyx)- zo<$>;II2qJqra(jN|Zi}=_8geW3H@%`A|{{^Bk#o9>$&mvCW%DK&(4$!6vl z*g~Q1W=Q`^4=cOL3$`Qeba4%VaIgC$9Vsy2^`~DfDJeRHs%#akM{FJ8>}!W z6zBHpvxubKMEkE7F6M(fc5ao1NqLv9|| zTa!vou0fw0bRE|}ubq>q6|P4{N1_y96&c{MQpTYc?MV?k-m=;Re=ig&RamZ5qXE4C zf$@QLXdeaKE?fyB$?|x^6tVD%HtGg(ZtfIOOR^x)tyHX$6tp=FK-6rDBI-9*p04V% zv~rPn!nB!s*zGtXWwbY9E62EO*g)u>LRO;C;*_D7NEUd!jz{&r+7Q1_6igdg?XC5N zyrsJGfXB700FG^$$v;l)E`VFWgSPpP^V@6>!e#TJX#!4S<`Q;vMiQ=DbIO+u`W#wP zyaYa6D{Oo!`RG4u03Lgpm_UP-z&NGEm@0KA^o7&+)?XVgn!scpqG zg&8nyxfb`(SR~mTvc`1~PUcrBUMprf*G~PMz-Y2-GHtj);s) zh^)0(Xd|dU;}V0$a+fg6L2Q`>!E`*AqZDx-)!I5kztkLOUpTQa@|-sn>K07yUB(dZ z$GZMMi?&~$zf$Egy~_C(c+z!mehCzodO%MgMoD&qgtBE5f1!vZ@!%D@`ntC%pJ`F@ zJ}NTZm_+5W#(wB7+DUD^MsC%5rtb8;po60#EqX0dAaiv3lA(rk1?^7)f?Y<3g9cL~ zJ=dzfZ_gteoZ0>lZ|@n_WY&cX>-egp2n-@1eFO#RD$?61K@@}t2uL49dXr8FAvy?z zKJ*UKd+!7iM0)QXLhlJR2}wwD;=J#icmAAneb>3ZbNG{x=h^$&W$m@^wbs4YBZnF2 zV!C0dtwmX7S+@uPLlzI`=8^))mL~6?of?$CR_h$EDBcYUtUm5zJFVnx(Koc{`pn`A znA9)0_jc9T2~gg8GEI2VkRdi)aKll{Q){-zr|f`?tQB3rg|1P=}G;s zQj(+rtsYi3h1dJjH2!#}cNKUpiMG%d7HH=@G$oPg;rkv=e=NCXPMFJ;L=UBK_t<3i zY7I?yVw8`~w-Q>+J+6E7H8oL8zvVk=9bl|Z<4Q|fUksH;=*3ZCuO#|e9y=aN_bYn% z12mj$bQ}u&Hf>cHVXrk=`jos%Mox0Wfh?xucetWPWObdE`zcv9c0@Q>FHQO};e&5s znv59lT8hbA1LSUMrD3|9&q&sIx3ddaHKxCusu^1A+-Bt;BID0}&BvXHr!zxBs+UTm zunJc;n>`v!hAw!cI9GB0f+61m#IvIIab15-Q#6>0?J&D_c7P-xxc+B{O22~25mVsz ziS5ZkSA|7l%LIE`lJe%`&HcQ^*sy#cXc2=TBEx;|{)Tqq;Z~a8fOEqU^G)S>i?bz0 zX~WdiqYu~fVac-e?4+_jL%59CLX3nB&V?}~NNJCjd4|HD+1z>z-QOY$HMnGC?X1QV zJ+!V^EJ2oPxC!0T5=jY4W zk#m?wG#b7JK~P_`O0!A=_*YbOJ5a*!YW#2mj+$B-5Q>yD;oV4S!r~S%2$>H7W7m?9 z4Mf`{Y5CO2{0RebBc;tCE_)1htl-N1$nKZz#+Hg5ST32I+md(eT# z(*zgk8@C|7=!Q;$BSX5lQ_UItdJmS`WB(BIEkBAUEx0}mOh{}M1URZnY56?8m=exa`x=4^h*-%g8 zyD7Hk*S${>zTa!J`7eK*nLGwJz1U<)&?@L$B)DDoaZjFwdwqqM!#V}F%fdCO2Oo)I zc)#E7h|xche$qMt{+}GjqPWe0I1=Kbk+(jfoKWqlwd5hnt2yJ_Sa-4Tyd~PcR>Djc zkDdSC01NDH|eFL>GVbB+^!<-D5T@zEx0`r0)F$-vZpaMUS<3&pD}Uw(_HLpS@FXlQi+Us}V>Iq!vUg zcdS5+V!sRf{P}ZrOiXBX45Cv+W@J{BFWu=s-EUWUwv>MrF?8({811du>PK9wh(b;H zM1THFD}`7rb$wh>%q*kzcW9cj`y+BpNvT-AH0Zhu?ybuH`^t~{7O(xUC-qbJ7vX>8 z6MHJ~e=JAuO-BNHCZxuYHfYUZ<;-j*CRcT9pbvb70k^E(4`%22duA_PT9N-T79=9+XE9jy-F*N&PhdE_G`ol#blChDg~|6I0g5 zg9}~57r|P^b6u8c(K62OZ%Y*nD1}#_1swSb{BACf#O<>wZw zvPC@xq1sZ={Fw!D85da|u+tzWU2?68tb(y!RyoU5-OdUrcDG{mj&KFJ$7-I!DgPk4 zuNb&giy!vS(%36COO+&)=^6_Yo5CsWE7j<2!xL$2Ccx0b`mwsZMxMXz#bzvAwnSik z$T`(J@FE~{a(M)>ir)X_z|zIrEIO>*(Tay6fEVZaM;L$4z%T*t+hRi-5WZm0j1r*p z(INi5UUZ=&#^LwI+;`k5PO`#PL36ujvo&zpGF!exVS>eIXPKm0C1w^8ctLJ}* z_*^7nf0h;U#N(}uI-7#W)R`IR!KM_hT3XUTVvlq2n=sw&|_~jhJd?_yj9{Cc{M!g;;D!#fFY&ZnC#P? z%ghCMy4R&+tE{Y_?3ioV{b9I}@F0F^#x z=(OQZ{wf`PUThZ2V`eVvjBqV#j_DmLWi!!En=f3N=iOc)qIvDCZ1{8&;pgA2Xy+tl zwClYdjznK-MSnaKvlr1G(<$*AYJ{%qIfOB7|JzW=#Q4_kFe-_EGET zC@nx|KCtjcAwG(YDJC|qn3tt-_Q_z^2+aXh<|pif3LB7Nbh2@}&v(-*H%-RO%NpS* z$xOR*Lg+AbANW1ply>85&S{(NjygN70Uf^gPEt~x4~}>i_x|2=X)E=a2WMmA@*~&U zfQqdapXNY$m#*o0xO#fo9j5Y^2N8!ouw<_@ZBCC(4+f21M26Df) zTBb1Pfg_*w)gF&Q@?x4Px@c#*e^FEwa9=9-4VM|Y#D&4T4*kJYH39FPU%R zzP@zpc09Dbj+`#eYEDi`LwVjp51*&EuJvc@A(1Dho$}8z_7}!q0P;>Mf;}B=Fz5gd z8w;_Q{G28+5lFfJvT`orYg1+OC8#)bC;{KAi<$%T)g$p8 z4o~>w=vANpWCOQIQ8Y^PFB!o_%&sK{4vDon*DJ(@cj`bDDsjC*YqzbKnAp_mYWb5G zljN@M*%~AM^vE$a#mN57#zy^w+y=3VyUpc zhctue^dqNrCSiU)es(Zt@-?=9B!K5`LZaV{xyXN;2b(n8#Cq!v2jmQCW@QyE7nx7u zgNxI?OY=gNM!UK&%c6><{&plN`MD#H2`A+KOhMavJ&U(mXP!|}h~+`dplQt3l7A!K zu=52Ers?P?jh#XBide;9zSDa=u9Q14TrWgC6y2hns}IGmAUWU`REFFLiKus!0d;mh z0cls{mcsbP``OspD9xzyBvwuf`|V@4>;KglpHkW56ZI#Ttn50+T4PV5v-UkbxMif^ z=lLVRcWLadH}>5}`2LZw)YM~NxDr+tp#_nU_WGzEvJ%CR!Bq~}0K5n|>l-W=l(b;< zO!;NUedPN;3c+3~mA3M^E1EGwo=8f|k!b50=Br?QwPoSQ^i&Es{I@-qCi4*g#A59# zpa0+Exc~pQ{Qu9;@&DQ**VEEGTDDJ7p`t!dam(9 zVL$b*hn66Z&CN5k4b643g&y`vh&E?my0v&ikC|VDPBK3~r8-8(S?6`TZtRDvU=mqsWP~L;2PJj2$W{o{M&i-N6~}3Vmt)-M0n?(yv8*+i9N$X`C9- zf7itIpPF`6rYuTN_B`dqmpV}ZA9Ts82tDJ`f`mlC05LhQHJD*tV16T6E9Q7Fm?75y ziU*0jnqwyP^)Q(**pQt=eyqh$;FZrBeVXHV07dmgw&q|z#+o)1i#IZMN^G21n|I~4 zS2A0UTUPxriFH*;rMb1GR-6vTp=wGjQ{9~y9>uhnd_aDT&@`Ak#Lz>9@gHC@hBX+tD>?+EE5o0+g;$* zxDQ$&l`6v`W)@p)FGN+y1UD#gy)MJ5twJHB;$BwXrn8A`0Pd{WB=!M${TD-Z{FsU3 zE9_aNpVJ^(&Dd;y8Mtgwze{Y@=9cT28k?&p!^EaiCuTx?W#!>5QM0jz10cAqt}+An zqxb!PG@ni%=o>P=%Z;A+aqC6~6!?%f8kas6a!5aj26bV(+f2CwSp}yh!(yE!TK1X0 z`@u{UUHa=@l``+i;Vje>A>iH`n)G0jKi@?iah)qno@ebtY%4)+EP?XvBamI0yqD|G9D@;-(dt+0n? zfq(d)!Baqf!sSYZqElx+JR9QkNOrn|dLE{OXYy3i`+yrVfxYhbIh z>hs+xF`v`cC1dlBkUh<>$Y#NmL1Wj@$ytjydSH8Vz9G6M&^xKVBvt+3Bkb~imFx)JO~-jII_(!DD&`!kzY zDZ96GeF|XumA|Xxr=vLH?&s_&1@whkYZ|=fDAI*>_{`?ezKfdN-pfC9*<-2sUFWdp~s+9pciWEv@9Rm)<6`Oh`>?vVZ?E8i(P@04vD|3bX<0zye?edAw2bLq0c; zpUw=o!r~9O_VvAPoMIWY&<6+dc9?=7e!n^&{1IpM`AULn;o%M5rJ0%UQ%mqe7y&#E zxUclYe?CGe9KRL1@xWgZ0krjDME+?699Lph%H9CL(bvD|IY z6uGTZS-GDq2Fg)x+DkxO=Bc2yD9{{4eM3)(8F%c}7MY~>gzp-hA?zjcF#uiN8~KVDqAug2 z-QsOfk|8rD;F=-Tn$%bd4?#^CrrurtKGwW2dt?;ouXJJ4nP3Xt^2xJT1DxER1_sQJ z3{266WE)0M7LOK9ur*Tb0$ewpIJr0V#X} zJTVqbZ*d3lp{pi=zwNc!+dx~Wp%i zQ5|16Q@9(aei#Z?+vwNo4m8Mr8JW`ba(p z(R-hfKZ|2R=N&lr609whR4VjA@GC@sSoR zejxXz*-zdqD)liGh#eGlT*!;5%^lYd6l|NdNVxMj;H<{?7>n0=>GwXzc>MO-6yJQ_ z`TfW|F3m|;oGTD-9F=+(YoFus`=5n;O5Q_xn{IsbokwF<28ViZdJgur;!u+3;5o2F zA69>zt?h{nvDFv1k50eM{rfzF${v~A=zxc z5Fav#@if{c&D)8VtJhHW7iZpK-waq8zA zU7~j-n;mir$J-ob93dpEu04Zuy1a{3*vo$6aqf4kNz6Uh2*x*D#%KLauscGbbc|`- z32UtKkm;8|t-(FR0$2S~zqViYtc2gQJhCx(*N$!cRm2nmc^#J{!z;=p6dD=U_r|xu z2fiDU;$t^`G$YMB?iU<&ccW~Xg-2TIMB`nOm2|fdnEoc+@#`DBN;X*K$nDWSe*dR# zSy7yFRJ+jo6`Atc53GG^tBr&fB?Q(0qJB_-7!tQRv=BSLcP*8Vgc_vy#B zy@K#+)H~svidWOY+l3&|RJE$T z`{ae(jrp?k*09OvDS-zNwA+fyVJ3qv4M5Ob88p>1$~*j%fjGshXFMJ+Jl_FD2H z#QVeBjzKr2wmYQT%&|3hLYV6fgslTEvhzeozIZ;SFM%uzT8|#ouYR_%uMlcuyDw1i zA=C*bU#U-Tim-g;D(PIceNlA35AMzG{`_otAm;#X_r0GoJs;>n`ckGp!!g3e#N@`& z@*eFZ@#>8LgHeLJsF9rX(_UwnNf7CirNq_dgigCUzMDZE%WbH^-t1FAb{W{lVTh1i zbV>|ypxR4-mKXUgRnI`>3v|3?8R!Sb7FyAN7FBwGpht`I@gdfgFYXV%iZ#2AwTQjT zoyPhRq-t6${Go5Y`LoUKhkaMR=OQ$2rAb@$tR5Q&Jx|LlTIOK_i^{!nR`Rv0npva2 zakFxT?K8H=zoxjHwK7TMr(qJL)P#?|Iv zb=%&Av$?0g4{xVE*XMJa=*gNXxh5X=Zgk=Gekq!%#%&?EX)fD1681d%jr`TtYH8n8 zScm!TM75bwk1iO3X}~AHlqTQ@wi3Fgj_tI`z4S4wWnYLue;ZkHFZ|Y@^ltfK?N=QQ z>Fbj$%{^v1MWhUGMwMg_>gd&A?Y*~A|dC9w}VH*G(v$fqmJvY zsJQ!K?Q^ByL*@s5(RW8RzpC%n^$<{gl{*#o@Qwy}gtCeX3JTA`gl&}9It^t}_%M^BoJ>T77dE$sk&z2Dr&#huKu6lUi z1u$6_lxgVlr+#6fWB${v`r)WbGjx1H=Jo;e%Kgye5TBQ^z6|sps2b4#6oXc*!Ro|9 z;dE(if<}G{1xnlo?TJP{T%1=(3x(wj^je(HQjh4*n(6hH=(<1a`7~x$c14n|&n(vR#QbpQx04Te z@-}AlN*#Oorf$~5`j`650i9x=nAkT=LURIqH}iAbU@+bM+szGIG2`Y!v>$YZ+#$k+ zV|IYI!^G_L^bDHNL>v#7{WLkkVIOn6U#?z>wC7m zeKNrHLP}c5MO~#@r*b~O>AX#a^$E=cVUc3>6OBZAnxv{^_lI}$-Scw|hUN9Rn6rTM zh3pS;owQs_7CZJd)p88HHlrjHUxQD7a4*Chrg57|k4Zvx zuN=9;Nx!H}pKn*l9<*j%uBF`)n>T$M=v1!WTms-ntQ%m`b0_mUoqx{aV3LCB_x=iT z!LbSH<20BytLjUG<-%chnsqn9z%icNF&FV0p1Yg(`-FClbsln~^=~G?{w1;ebXX4n zC>7HwT4ZeFY{Df!`JlDf5m3@}Lz%x3b&`D3`gglGwMCJR9cqi+x9Hy7S6jT3Sld=? zH^Dqn|Gu(!f%GkXCjw)|YKpI@GMFm`lqx5f@?mU<9*+4nh8v+1y+@TjrGSho=hck| zW8ur(Tqn;Xl@3?Rer!wakQJW%jj5uyQXgV!j2^_srpG>@<$k^+=QH$d>dzD_%DBiI zp@f-W4WM>KYPHe5oT&|aK)eyi(8Z`+j#*;N81HALcl1+`z~<<@QJi!@%Oi)EhsR!1 z&8}+pl}}lM7S8E4uZgGuOmbKp1rq?TAhidv857&iKu^DWdpmWQFz4^^*9xAcs(-EW zMc}(6wn)GQPDv=|=k%;Uy_NaV{x9YcAE7aM87BK}zq~0gyRsd`=+;6URJMC3p}(75 zAI^{Ob}>`(>Rj30!sv%T^uGeRGanJ}DT2Dh3r1xkVq;>(OD<98SvSi=M|x?X#E*0q z!@MMrAkVF|E6FC4|y%3SR%NM zvr-Cslfe_maeL3TWEpN_|Mnnr$EPQlfxTK(TjXXCOkn?=|Dd2pQkOxw#)tB^VIL0O zNlQIB-r5JTEUDjerzP&Er#~*<<+Hc`t@l^KzS&0sXPwQ=FJ7C|X!#XQ#|gxUTi*Ib zjUzYG>OXex?2aX|xCFi+YOd{#eQvuRVN!Q$cLItu02J${OwFElU(^o&2a9+d>YfNo z*~FNuz96PKSg|qksyGsp4GSulcq($TYEW3DciNZj0qCsty>u^pob40Yv!`(fv30&=K9U~uglp3)x=4jBiU%q zttbW_MN3s;!mYXhqXrnvATHC_ZlOnVhN~qt`@ibl?JxEI8WKn})7nn=yY6MsOHdlC z2Ufpzoo=&{xarn<(iyOG0yFwna@M=4$;V(1=_xnm-V)%OMkqm8_->9YE8ld(;k|A% ziJ(3$wAdN0N?9%Kxhd)ID#!pH2whmbYuoE`Pd`x2X&o#@uOh zvrR2IjDS4|bbU=^F{ibFdqyv%?g5|ht6gfx9(^r5S*QhQ!N#+e$lCThCMN@wsha4T zyp+F{DWmq*r=7OUFMWhI7YY&drL1Gtq#dSO*uQC~wwds)clva$0R;#bQ^!hzmBw6a zxvxW)yeFMzUs6TNr=Qib1=SgrFyp#4dz%6bOHyb^bNG9bdh0J=VJ6ZZxZwNxqi2js zA?tZu`BG=a&mGq8KI(3XFoQovl@WgZw?oa(u$0Xq^G|{`}@*p5eUoLl<}>7 z-R0BF}pJ`I5%T_>@puPf*1x26GPwBc#dUkFH*#4~eG*J)WBMcyhAsvm>_m zb%uTHU)CJJzld_ufOujBq{MaS<)x>|@sX88AE>pev1-p4%s!_Ff5zJ?kSUk{qmq@+ zG^a_=UoCYBbfZP#zus$VtMXR`mcwBEWbMLazdwb*S`<&KWD00V#W;q4k)F!&SE>YpdD z|Bqw$|JNL_|1ToT|64cnU75e5o_7Ajn-(rRzg)W1*fU)hnvv57^3qYg{?nzVZvCl^ zO7zRWhz@qXI=0aT4mHfR)Hf+6_0A4dz&?X^q86w8!>0lv!ymYTLli8YOF=|Z=6b2R zQW{+TA??y7JQ6?5hGG=w(VW#TykNuYB!Tfh5 zezZN{oLmR{;^qJJYmlRHz%cGq5Zc%J@pXoF0vq;hy-x-3;X|dg*^)l{T+rj5@n~`) zdH+!EKXLme3!T3x8yw?Z9jynk&rKx5zZzunty#}J5hATgq_F8y24kn`xw$w3HJiJj ztai?#ccQ(Vg!p*0rEMv_3OEy7*46o72Kx5Ewb`wmti`5Y<9vc4^(XwGbhZR0l8VM5(V7C5&iC+GXbvo_l( zxFvohM61;w*T~6X#sl#k4V!D}?_alY0$z9*3h+-1&X=fd<1VkiFjkOaV=~Lf%v2&& znyuB%iE5_>(~MWo&!f4QJEva&v;hH0RmUdI0hXm0GrtioM+Z0SdyR1>2oz~JM3uk8 z#J3SCBEi*87L&wI3Qkb;v6G{{v)#+Z85T$kFj`8A6fOc-UfIuQu2W0hwyA`RYJRdDCEuDAdR8%32`#3HS z%BKB3HHpB(?45Z6UZaq$bsM>_fb$I>LEh7XcwEFKJ4KpufQH<5E`}uwz2=ms$?{RO z)vwq1-hZ%rH#I)Es0)aQJTHs#d;IhlrpMAxiX5tIbz!jV&(ECUm)hGN{l5E}*`sz( zEVvuGkE($oa-XY^Dr@rF^7||B5!KSeVwnCac6I0yao&{1TFGxSvwxz&R z^(jv+Eg>F|4to+v^Umn$rn8K}HXyXft^%AR@ zwRPd><XOj0uQ%teFn*C5h#7Y9Sm_qBH$2bG; z>8$`$fVMML2f&kY{=6p}7|+V8b_P+FSRc=4F64%LMp#fIVTy#|r;R-=wgQ>q{uJty zxMAzUivUZi1m7CAGC-QKzRnr#zuK+?Nx-jw_r2to_?cgz%GnrJE@%4{p;gV7&Z3w6 z{ZdWlJIgYXQvCYA<(nr(yft`xmxDt?Y=*4?bM|rx?kG;x$?Iz_|8!WP5(~`BRJ3z& zVZx!Dr-gf(%9+5@Vsh-Hq4kjwS;ThfA1YH~i}F#)jbpu?o&#%ced_r1SrV3Bf0`p9lkrbIBSTn2rxF<&*Yv(_6g95A}43DPfWEv?g6d^uC4uO%5ir-7>)V;f*+E8fuNJ%w_Xgk@Y!sPSg`%R z5xqa6HzoM;uLkkGw@1AOycSEPy^w=#JKo`xPNcv8kL650zH%PWI{=sBQsnCh+E1Ev z;bHFXYMqlcp~{(yDC#dUgPk6)#^6^95g%L}A?hk(ml#{OT(|)M4?+&2Kh5)Z(l=M- zLBhIBP*4q|ojE!(*}=&{fN#KJXP*BIi;CivgOM|uOrfPEpO(0XE2r07EHD1PWhsB`Xa1%?>KtbR zw3?y09XBXi-p0dy=X~)#zZEl6v#0WLPh>b%)@QMOv??LVB5TZbepX@W$gezgKI8%% znUY^mv3W1ZXu%{TCN#b)Y}UrBFV|>4-VQ#nRIH{|XwyqVc8&Y$7hRr48RS!%jr{HCVLD0Dv)o5MK}|N$tao zAf0Ggn$pSHEG^~GwT~)~TD|__b>ekjE{JD4!(~lqoT-l9^T*rXaqu&@nmj-V(XS@_ zwDcL;WWgj9*4)ulXnWfCja#9y!EvYQ(qd*#&f1*EGG>m{7XVZw&k;vB<vS;T_^7MirZ z04678xIY63iwNfk4o-Y9IS=yz(s*#(Ud|aDV`6f$S?&LU0h7q$k zw2-fENP`Utn=JO~Q5K4B^X;RfQlmhml;wIOh&`z#>c*I%gR5JZh9nrZYDQOF3%+LE_28HjQT|Y*(V@cq$Wuno zIP|5FWi^bZP*djK(X16P$|%=iecWw_nNPPT^rufI{X?&rnFb1kndCfVZT8`Mi~c|L zT=*=syM+%^T1ikxn_W0Ndm0bvUjK4F83sywJtT@SQOf;QP{flMVyW5a1#$l{I1fT{ zqbwk^s;B@@cht0?h1tz>tNhx<0jqH1)P;`V2m3_8&S1!%4E>!xlh1c_3`UPZKl2<4XQtdPAjdE zL)r&2noRwnY@<1snPL>NylGpJPoGG$%TZ4)sYVvM$yCC{*rxS7r+H6Y2UreEfG$nBN&H}{ zjvhUq_pUZbhWfiBbMuGZ9kvHET#t;lFd=DV_}87rH-<0KMK?O`e7ppMaW%&iktl6S zVv^Zg^F8YszC33(33#H{S(c>4;&j6<9_8FOvw@Tk2n$i?M7l6ioyV4&>&cnO?9CXN z7o;eE4S?UsUAWL$z1~8AsK^-W2Xmf_Wm6`ClK3;o)`cGL;0y}6a7s1TQ1CzKOhREZ z<;2lP)dSnQA?gU%{XJ2>=pjFJQhm(TJ>$Z&r%$Dy)Q_ST9PH;iTZsi$oQ?86rxUl`LT>J%Ie}U znfNmaA=S6|!l-_L!jdK6bYTEkuHwX0m}-SVUxrhi*rStk17EVG{hWOD+8x@+07!A_GAwa&ru`N_rSCh=KS`*hTA z5?*`QI@oN3o!7Dd+Uiby1~20j<9LOMMN-s~T4%jSbOCOd);7O?odIXD%{if)pQ`ET zZ$$#~>hd0)xAN=PpZ04k9N-rB{G0db&^T+ z922yCs0242o0FgG4*=ND_0rah6N9z zDofSk1X#6F&%Ll(+LUrPeGs*tDE5~@U?5ge_SiMM2I9F!cYT>uMl;N2&J3}&H)*e9 z)6kHX*4xo+<;!tcAcp!-$ZXF`L@S%p)92Coj(8n8 z-+Gpq0o&pI(pKWDJnS6<)(3?80Djl;&c*p+&@+Pu;u(QvlQp^?+Bl4Dw1cw}SR8r5 z9<4Eb{LJZ((WiI4>TBT zcrzF9*gv*J%kgmg+7eFa%FznJZ+CwxtHm30+&SRNe)sO4u!uN0akg##&NoJo7jp(C z+M{QIfMt$h#c-EO*Q2NLD>IH7H>F&ZKM$jMUFNz;!MSy4;yG?g5@Du1#=mkSDeAI! zRE3Ostk?ALwE49?^5}Oc9?d|Oi zL7J8rYb{*Yy2=Zsjk&4ev2tS6Q2L@0FZ-XKD{$vSATyJm2b~(Th_eoYLRoK_l09F~ zwE?u9?xoIA=v)kaG0Y0Hf9Ci>J@f*k14Clta!y*Qir zhJV-q?nJb~JNk1P%AHBqDRrLZ+0`*75>SYyy`_$|T30I1$Xjf&Xyv2Y>f21t&vf)t zPPOA%l6Hi>Zf@2W-Ovn;kJ4XuyRy*(Bs^UW=|lS2j9_wDB~`B&An%((DhpkF6;c|c@B z;9)siOvnY~R%GO0d?J!p`9%WTZxBW46BHxJo0*Arh{O>rNFJ)^(={k5FDsHg$6gOX zkc<4N9j#8}E0W=kbe~lS{r=aJaG|6|Zh}ij$Kcwkpt_R$nUpGjZV3a;&)|?#7a2X* zif$`TNZ3SQ{6TD!g@=we5PRoyeqti5q1n1t`mY<42dQeQPLQt2&a)QB&@*IRy&A!$ zgd_3(3@h6Qinqh@kz@W&*hx*t;y`^yNMT{wotO!?$0*UXBQ!j&2hnJv;#?ovagpF- zMMGZ!i&Z<@)N-nK*T!SbhUKb58XQSg!k9w-<^sUIdu73c;{`@ETs%GE_X3dmZprUP zCdYMG+B&Fbd|yjFAL^feW)e?5-nbm_&9b{7>>wikhj&Fi1xVe|>_z)E(|h4Sw2wbc-TYHG}>0B+z0|;U9JTO^Sz(%G)=Q8DxG9E zRZ;o;`I{GTK-0z4{P>!{mJRJX?JSSJW~hJ#&16ZNlspIMd-$M1IY4QGnG~)#QiKptL^E~)kB)(0rI>?T=b{H7wMohuons| z$tb04&NVA}5)NGVB)4hSI&=Z=VWd+{=|&Zlb8*Yp!9O1DbTJoVH3`P^3!!ahHsj4S zL+z(Rgwyh5i>x8dxAeh|M$MO51DLIoN$5C!oWgU<232 zs$xra_baNoAz60`N6h@;r&L9D67^sS?0*N_Mm-)maPe;bFm?Z-(ddWpU+z2y-nxBb z^rPHj>n9ew%Sx#wUwNL3oqzAv)C(WW9ZP)kfQ!Z9YU%GRZ^aE>g?Hz?5f$R%v->Lj zP2;z@Uq3vnnVTb!AE!OQ9|RBFPnkLW78u)iFf4;s<{26Wqp}W74v{DOE^M8q5VW(` zNb^NWOp=Av_@M%J1bWBW@3>l}?P#EwE^$)n+t`p0UmTRUAI==R$AjF7)r)a_%Pv|jYE$MeN*jNNjd75K=`AlNy5nU z@zn!NWyLf;`c90iGBsx`e=osJOxiIz?@<2&wLBUVW|kHDa^y0(!?bydryer5=RDG8 z+eyW%HX!xKERwJw^8-p8P1Cy;myaw?~LhD!Z5oSy0>PjLEftHdp{!%spEw z3$E7X2xc9|ObUYb>iNdSa2=mYh^>P4zpYHVxz5ancU-Vv{`xBHy&LwGviC-5(=y~t zg$>&}=n#H$=r@L9Wh3ma#mx1$NSLQrciz%RlC_~ZFp-|o>r;6;!_ z)G3-1KeZ79s0-h(zh7g1K2q>b)K96gqH;imG!Q0u(_)Z}+lPj~oWqm{poExqy`LQ{ zmmeai{go)_raie2f9PugI52COJBT_gL6Gf+#-pc2%Zn+PjmINYiswO2mT9^A*urwa zGr(eC@EpAEEHsBTQ_*vn!hLv%I;PBKDROP@%%eMGndFST-U76FD(}Q#*t+YFE-t

Xg<7jWg zA#XN_M_rbQYI~S%h&<-UInURuB6{E!T;RQhb%#jQ>VY{vEDKS;d$dee@p}w(RTN}E z5+@pOHi|>$RwHm(C6r~x;4f6kpMHz0NTJ!n;QS0Dcn$JrSR7R1?k5F0)fcS?1(j4_N%L#!{U z(D-BDMmcRW6b+gQj6f`qv+!YJY4_0L@v;c#O`f}c>rQEH1Iy7e6fE{ZN;I|lnH!;h zb%yFpJ`@(|&!Wzq)6^{pNqzzF!;%C1vp%Z|qKsPFj!;?Xb9C9+Lv=$XlQxIN*J{=2 zispn>Mm{T84mf%yTv{A__ieh}3fz;bE zf%$NA=!pvxJ1H*2*w-CmNlD%7Na8_Wltkp+vr_A1UpS5J6u|{t6q-YjNcheWo!?oD zY&Mns!j`nW|^YWWUrM}UFzV$9WIPe~SZJ`!--__y&dx1jZvzME-&7jw2B z=8v+Lc*aJg?B?qkZ1EYDWeUcWga`f83Q~kUg@OmPb(JGXsPGP``Oa>JKkpR8Ph58gYn zUW@ShmCeg>J>85qmp76AlTxZSTBy_Mf=?VTn?WZDaa741mY;sJB3H7j5S9xY5!jB9 zO7iq_{z5)Yl@3%=Mw@c>b~uzIxAAJFCl+SDX(&U;>Vr1u(K?uFbvD_uz4+Ai*up@W zU_)uuTeeyfkJ$IYCXdNT{K7P|*_ULIP)!p?!CQBqkh3?bpoPFFm*F7^l}#n07oKiC zHaLRYYv7MWHg@JL*>yIFAIj6h$k$|Mhb|8KNY1KTk*WD;&Ad_ZqjQR0%1wk{AS?Jt5YzSorT% zQZTWd6vN02x2dMx$eEApZAi*#m>^=7Fmo8i+g3-_&vh~X1!emcmVUysU~%zmr;fQN zYR4k#d<+V=Y3iG8F zTzxuph);reJ#Ee!*wL@|nPO3pVL@2bIRowI?nUFjjIgnAb8>EL+>Mv_-)MTA8=GSS zy~!*xXSj;twyK>I4a;#YvIy*Ij-B^d!3o;3Lj?J;v zR9;%>8nf;=f2;z>Bhk2`T6kV9Dbe3zD#lh*MHw#guS@BADq0-VBXjH7Gn$d+KVSOQ zZn{X5WV$#Wf$x5fq~)rL{L^+MHJ_jbR zwrO$ZUw?Y-)XjcUD)FZ>j(JpY$FjP{2-_Ia z{J{-gJu#H~*hB0ail=PsFNM|JxRqdg-#(Qx^R7C_fUUT6M{mczJoHfgYzkl7kPH}U z`)jYNkr%`G;^Jx-X!XCHT#)5?^%KTBNq;0P$Y+t-U#5b4HR?xr*P7*m?;4kpdo1tq z5pU&24_})~iTfg|V66swB7%v096JXy$KbPse!0k#0~5H$RYtRi%AMu?5Tl_bflFzN zlBlP-)iW)XztxVv!rFq}X6@`j*EzZat@Ng*8lwWQOuwHv3=;yG5sfTX6X3ng!-Rpx z^BK#9FtpjH2=2_x>}M_-RXO-f4QGS;Mo3)!JUc=%lFahy=||UT(3bM^QUWZC_kN}+ z+?^FZG*laiA3@^@LKB|b>FAH8xL*~b+*(IsD@yDxCxsV#1JzuEFr&R?Sa`P_B$UCA zb!#Z5X!3c(5oS+nSWLy)*H?7~iqvmtS|!!!?%ppFVt@}f59Bit+Js{``-y)vA>F0=uVj>*jxEa{FqmE%wecC;V*^8`jK3HvqB*`cPC0k>Y zu9^b@DL9P5v(=ZKqxI8KW6~+n@BHL|HM#awT$T#{a(fY+`cnZmXT(TemkBK1Cx{?{ zX_mXzdb@4nS5%a9JQxvN$#^K#+NO`?q0k;__&g?=?I5#)gCpVOM2y7ssY4I*yQwH} zFLkAb%u(K$u_DEn+pBiI)py1`rVFH?(5xV_SemKfSm zlb<^|gX0xJ3M$*WKjz8T$3nBeH~J-grWnz0#@he>J<0}m481V~vz^m9xC_b(Bvsw? zxpYqs@{se~K4uFDa^T@NIu5zRwa4RD#${Po62D2<6COdykB1KmqeYEv%bKzt=H9VP zx-2gK!|qf{&nb_7k*F^%;}x8_`{{Py(uLuMt2YKK)zoke+ROO&F<^+=bNiUVA1NqN zsm&e@yw!#>Sj`{5u2f^I{h_fSD0X9{r$dX;#`!@3$I6SL<(mWpNC7P;&+-Z1Sq9!M zu>6n( zwF#En&aU85K})taBjZ}<){C^Tw7!SGdaT{ST8hZ}o#bC`*wYfPr{tdg^all5pA()Q zXpk7+o{D+~WCX3jO_ZzY6p2@WU#mw6cbG~`aNAs#PS6t<-d`9(6(X^J&9rK$ZDNF1 zsO9&Qdd%(#KKbs*(f5wy*o~?WyALSw!vvt~-VN$un(vz{I{ULT-khsrKi3jAL&WLn z8Dl?tVf7zz#?Tl&T7u%@`Do!>&DXEE+J!9!2gD`!d&e511;)$@j}{^cnfz&KrGlLZ zJPw0~S`L8_Kp-u&Xv?7c;81WtsknZvPsJ6>m*82Ai`4mqpmaM+9>V@1S`ZwcK8TFru0-WF#JLyKObn`nwGKYP(y2lPDe= z7@2)&abOjJZ?x`KG7sCPY>C>}wsKegDVs%m@KE-}KD1XI-hD|2dhkCkLp>354(&6d zM_(G`mM>6OXfMzcijMqbJs;v>*R`v83$*eiXascTKi@ZvXPjMWXnJ_D_-)@pY-yG) z5~-8xpa)RBt9ny-l7tP>B31B;FIYYg&N`|<*};i&fn!LBIlnA%JW9rsv(BJ1+*pE; z2*A(G%A!8(5u3Hp#g3f+s@1uVwQkxg7w$Zicdd3zPCjVDFx-c_v{AgxXH>#ogDFaG zwxD2<+7$3-o;b#mvH06omBhIdHFKO>o~ExX(A>URhZ-n3j1k2FL{Q zGz!IdGrKEW9ZeZ<JmDbRc7wj=@gmFmt~W1w7-F9+$i09hIo8ka9MfgA@8BrG_4{$xOeIN|K z*|2~8a&pca@&YzW#$%xU^tE(nUqqscn20hu<}kGS?r!?|UZ>Yts?3oyuLciih&{?v zkKlfyQ)<-ub)vHWtpfYJrsH<|RYH=u29+hvw~Hx$mHnz2O2n8zT4B+w`cI-=p=T*A)Z{_Hdg0$w%8lozBSLOiPH|EWuDvB^0$tV$l#|M zzNt`kSYgMuTd%=V&{+J&*?`6Q6&fk-O$`@YOe|cGMBI11s*=FsB+OcCy1@@Rv>)|2 zzyTcK*W&wCuSdKF77=%aZJ}IXbssNzjgCvl+dC58x5i`v82;26=tCebgu2&!rd$_qZ+>)^G zy2-9o=;7wRRj|l#z3nT%rNT;P*kBKj$9&%V=6{N_nYZ0EISraWwf~*N7W{TFA!$+mwux)`unFM zTX&?`em<`=Nwd;z`TK013W{QVMX#cA)P6*Tx}nL%`RIyNhf1+=rOVIX-?FwV9~&Qq zP0le7l(wM_gAmZoIn1H``Th%8d9xx~bFyuXa0U)@v!x??+Zhh#%|chxZA&;}R^Gb7 zPz9ssd|0>?NvWo05LS6GIzKBA{fmZb(K6OZaO1eXqO`=u&e9L*3|iX5^~tX7 zfst8j?N@-hvE0AG)d0j>Sn)nb6v{+#de2X4dxzDzk~EIEls!lXN>To(R5&6Y}1 zTA6;4W8p|&H(2hIC0>(Xo<3m@JKCJw{WiHEpYbmO4fWX;$RtlCYrChnX`}P&YkTG0 z<2rI3I(Wx6;hCt4$=W^wU7cg+jwGhyo@AR(2ET^Chwxuh&u)xE{-Ge@wH7y0?``hx z=cLB^{THzM#n-O|H_)##^|Ek@Td6Z|EXxYVJJ1@VH~D7*Z3YeM(9LdNLLyy zAvyPB=jEcfgr-*il&cvE^A8`@?yiS8xZW+V7ND^;Vg1KaHuj-H#)gxYa0AtH!G0r) z5N){`;k`B0z4!CkLW8D}ptP_#>V=3!u!BSerH^^daJ^(R$yjJ-oEPhQWOGw)r8;Nf z4MpI|c&^JTI&8ATZZLDu&T4Q27u(L7gv2MomF4(7erzc|HIFk+xep?Pcb~%grln@C zKiSbb^6zX94gbv!GtDR&zG`(CB1`Z^!<#BJHgxg<9Fb`4p)9FINHotYsJZn+t74=J z=H#rS5_!dup810=W0BSHt%VWwNL21C=n>wg?buT>y#DR-;*1A&<1acAw!3$&WbAg2 zt{E>kj$G{+y@2O-t1h_AfoRR!NJC>uC*RpN%GbACN_nvPM}~C81$x64LF`#`%YM+B z0?h~NwY0REb?rvtbqGaZ|L_YK>%j?u5!;RNKP2djMb;1~4Fy++M6b_|OZ`#ytLKqI z!*HA{E|>Fd^!yw*y^B>|+tiJFb1{6dz}3Pfm-Sw^7bsh)j?f?RG`LNDn2e)_={R__=G}V> zS3aEXk9z20H2KbOJwMW7xWZs@My>LXrZx$M^Vkd}?|x2=5dQ2ms=#JHcyc*LeP)!4 z(XpdWtS1{PxRM9Opi|KZE0#eIaq&0Dso&xF?rU{;wJr{1FlbnDCLKS$&~Bi+AXti6 z>fhlSxq}Z#Uz-Cd!P>UL$f?@zc=6zZv-}J1KKIbR1%I>Qm4CoX`{8zo?)c_zP1T1z zpDFReVmdS8`9XK=K!&{$n?P5-UUSS{jWV+d)c#6?W^Rx0WTdPuqgSW8RAc%ylb`&Z zs1%QTar}0ky3VPD@=vPmpGeIJMv8FdTC`Nbw?`5xOPx)6ZA(8>Fw_TE*pkh*+?yK- zPq0;V_{~t?45It)sJ2*6TbrW`8KXBY@ohIZz$aV8r1Re<#E2vUwj8d(d&^L|m96zv z^<}$>tP)Zv5Gnas%jZ^*d`#XuhfH0b6n~cFA=BW%NHFRfZM>i6mYH3Vqqn zxQj7}(EYGiukBa{G=bR3_#-4qh~&G@N6&2UH&yUQ4~Mwv*bqc4Wm#_r=MGqqN+{iy zXkNnzs4WwRvJ*(c&Otm=(QcU0F~UfZuRJ#MImre+V{Fupi(bJwk{s9WHDIdRg!h*I zF4<^YM<%Crn4hDeRerlq97L#9#&`Mla9`E8(Os2^Udy4j5s-%5X4|dEyx;c4-PKC{ z8srJ1d-UTU3HkM6h{z&$7RWg2EB8XDFqvb(+&^g^St3&ASby}Uu!ra>xJ%bxLi_*( z?^kx!OH!V`!?QWiH@AolU4|oF9%*6C)T=!)Em`$)zwL|Sz$7)EG zbcs!dfc}I$5jger6ggH0Z?o=Wk}bO-y3j;7KMIkQwcoPtJ0I37u>k`l?iS8Eyh25f z*BIf0n4jTEZWPFbSm}I<4*%PgF|yD2vJ6}i>vH^Y)o`ry(4XO21-4)NWne_H|DY-0 zK-8vkg2z%tVp>xqKN7H*+$`@-3Gv=G=1(?!}HNk!#|^DEJ%9fGAFR2`H!ISUg;=8(a;E%QjX6BxGrB$b1>7K7q zOsz~~K+#&(Igqb%3cwu;&`g}a2b6PqRP4&BXRFDJ$>zT;^P&lYs4`fl4dkC zwCevlttV)CAekJTO+BWTrLYG|<65W-J#{``T^q&`B{0nle2?jxF5t(zuTD)B!!uk_ zGWidzpB-My0z7LIibHOL!oQ?ABn_f6PKurCtDo&9Mnt*H>O^biau$+rHvC%D@y{@W zcR25v^J@h@Vs!F*QvlD43+L2&kf_ru{=S|+8U4>eVsV>BKm~}j_)}GOL_9|8JJ0r| zs+7y(_a|}g{x7)`|NO&lAwO}NEoI3uGPhWfqiTdpZFc(_=cb*Ki|6)#;9dUm8hn|(D ztTdE*MvL1!&az?lIeVhJ7RC7yOhk&4_tjs1UkP z#&QM!qx21v|FA~W6F$3)uVA4L$bpNB{aXG%D>4cejJ9wYN+VaOEpQfjJvg0HkEC61 z`xrO)Jl%mAxCZqM%ek?FW0}kA=JqFp!+ij^Mx2DF!v-9N9oO=8V;Z@0L2jog5ZP%@ z{8W^`ns_qs+TWhNl;X6bvn}xF)gI7J_JJjPH|PfczY7BPx@1=YRMYS1R-TrV$BBGs zTH{2R^Q&G~7aDk4v}u>c&#*3r6Ls_342g1Xlm*eCN>3NZKe&Z_b$J-aTGvVC;3Qce zx6pt;pI_7i0qx0bZu~na4G#SU?X1kZ!1DmC^ZJa$A5Tea2H?d_j)7>hP)ycYXR_1I z?#p(O8vWpr3O9ff&*U=yL@uwZBROD}jajgkrgo!`Z2jm$O)S!m{duBzN(b&}EchF$ zgv;#W9;H4#5llHkyG1z*BR!~i9d)~SjS>3r9`3o(Zydz&>s3%0kTYL7YyJEPT#^{L zpRc)`&xsyj=N?=X{<*+c9?#sgl&NH%0y>XzxAwQSg=CejTHg>gj3lAJn_yb z?uiX1PM%uOdQ8Zlw(@8h!y2}yGaks}tb_%pt~tOX_K0J+%TQM$^#I=bFFP%G^lEdN zkZ{HjU}W-NJ}8!}?63;)2R{MjbJLD#flwj*T!N8UUG2a;QLJqd21l0MH} zK@{icB1?$bNkS2oYpyO!PHh2GryVy$w>N5xK#=fp!wsH&w)#O`%!p*BDxq_+)c#B| zKJdagesHpVgh#CKvNu5i!1mj7=c=O??ErrfMPV&QB?8CQuSo3~olX6d#RndwWtv~t zCg4Y^^l&Tj1SB)v`_{~Q>&iu_&hB2nQZ+HhqU8pF3PsaMmN4F1Xf*(w{Yj4oSS@kP z3HJny>q5#?(tYg~^+je3*Og*f>&w&19Q-<2FW*bPi=0_@99fa|xqej9fe$*wMO7Z9 zX8y+E?h{}w&-ngE%n@}oLoyS{GuFP|FIo_gn0`OUu1l#@$4(H}kg*UwHL6mN8q=L# z%6$1CnJJoKS#Xw3D-iME$t(>h0PC_w|GzJlqnAv!|BgQK-mp#!}@S6 zGyWj2=SWON{I*2ykmU$v(bVYYc$i}PyWoc^WcS|pVAo@Wk_S1GdeIyeU9ei7NKEX^ z(c;lPrv_A9E60=E(x;J;Zg3(V?wkL?J978GVp#l>O=+V^4f7oqXMSq2adW$?sd38_ zOFZs`7DQBB07O#H;$~@_u@;vY_>t^bKV)A8)V1|d_eE7AKmHLk06gD(?Z=%B>N)VS z43*5JU#J!CIcd$r6T_C6c}~9TvHXT_q$q*qi~UKZ+qKC|q**;?g)d10YO59jEJ(wY zXiBTErZ8*E11y+(kYCG{NMWCbIt2Da8IVr%&i>u!pZrn+&o}nSEH~^_h2ITQfgW;5nFv>S2#&gFrY#>zENU8a;r))EE_Z%}fZ#f8qC zXXa~G{Ux3lc_m+G@J;b!;k#{HI=wLVuR6lcL-(f$tSExClCtyhSB>#*9%)oMDO z+1nZ0K4*B~0ucT-4MJb+rGu6x7 zQ^Q~mn4a{#fFLUHJ8*xxWV2EU^kO0RezAWH-Iq!mJ%mlz`l??BLiD$LHl9| zjcz$HFbq{exE9adI|_U>~RVl^t!JD{V_<|kJIECv`CGte&fDo`MoqRV)f z&g}gu{u_Fr1y}*_^f>_G{%ift#w{;rp?>OQd=V7|!#Znm=JQG?H0xAi)2CosX}|?L zS&@GSwSv*QEuj?dnR=&~2^{atO>@@b&Hs#T)19lY@<&o@0OuSt$C*ET;s9`l>6t&t z)g&JbeEz?4KJA>bRx{HcxmWD@CF2a$+&x{-PJATJs9%ZvH{c-T#ZmM=H_r8`LZ_XQ z;H(SA9Juz(n<`M?8+5TpL zENvD@#^L&&&8b@so9UR)KZ|C>Pn;&^ezfIJj80qZIFk5cks*?ZoXp@C7c^|dXjx=RUEe6FHU)@MpmpYRqGP3k!e1O z`=YGxV;^z`>Y3}SK>tBY(4E<|t2QT3u$R$Hw`UMmOj?Q06)KW#ZCsF zx{C`?9=LNS`n|kOdm3q+@|4^a7pz_L zd>yTb4e}mjruz8?ow~&gr|VmX$e`6%xr;^P0)FmnVim}VExfaW)2-g7MQ8dfndJBX zJU(&uIrrp@+=Oj)!MMI+O=08z{j^#1NF+$eT#*$Wi|jjNSlbh3zuvV}V}$hsgmVY} zO{LXg)1dw!=`vQBELep%;3IPQdL`X9mlDjx?ix=0cADttgIB%2s$gNY@f0^)NPDRb z2aQ|=RY->{XegTYZMHbX@zvL{s`8g6z#AgGE5Ar- z{-9MBizLfd;wCzyy{m;JN8*R{%paNC_RZnnv#8_>DGKgl=X1+Fd)}`Fcxw+bNnaFt z7Ajr7{t=igkir8`A&~qDZ>5)+EUX~$UsI+ljt%~wsDN3Kdh^^DJmVfdF!2Xeiie;2 zsHn-z+m%71cE6nqEm)75hycv}tdxY18TL|;Bx187IM|-=y4E$&kUx|Z2?G3}ckgD> zfdL0768I&knyIQlP5f2kp2O5_26i1QxtVMi#nGenoCSsb7NfrQJH9aUA2R)Q3oLy* z(QcuqZ-4Y4Ttg&10rFT18so1M(Z2nlY6CaLulV~I@865rX5pAYU9r?*{(0|>+r_L}nFJA}FleEx+C&BMCUr^H ztKBUnKGW9qB301Mj>(-3sJrjGel2$a0)?xZvRpW`C&c&BH$IpT+Irn@+*;;f8__OX z6*ZlAhw0Bu@ez*%4-&_&eUKa#G@0|=h}{iwcPdyB6Y??_{u;^S_Z7=H@}@Re|D-@6 zp}+YIq`Lu#PuaS2l(BZGB30m|T$K{LG&xUbk&dK5z>Jl0VV%$S`JgnQH-E|(25k1Y z>Za>ekRAcQfj~Y_5RVy0aGg|C^r(hYKQejX?wFJ~^vOP9ye4=%M-}eaR~5{j)|1?r#MatSu;Od4Ir8mg*$3)FtLweiSWK$%1_a~ptk*`05X9j}>5T^Pp> z83gF}(U!WkMfT<*KQe4-G9TDXrZdYM72^pr9T*?pA0Z~5YMYn@4ckL6J(d@LAa9uo zSYYCB7AOT_JJW(>!fPX$b1Bmw_oU4H_1JfQb?wNF&9bh4SvLPW7p{~cXM-I(vDtZW zi72<)G>J0wqtxoZMm_%@v}K&j@W<)PJ}jdiPU@|)+JvfoROwqwnh7!XZJp&e>bQ}0 z^7rNi331h1^<7o}iz~{i%BO5`o#?k;f}rf-a$ij;Z+7WyOSOH-E{ibB*JGupc5?bU z1v_BBk;2Yh5l)AlVNK@X^+Gu?FS`fMip8a_!NC5Vm9^PU5|2&zQVDV}=If~vkF8O$ zaUAEN8hrcQ2g2*~>g(gyaqIcPj13#ljggsz;SBScssRp`cm2axE1jt3?v;snYBzKs z>HtsWTN^qWyNZoI6C#m2({Iy>V|Yf#RWr> z2&i6A|F`6CQzI)MQwymd2J_o`qGr{ee(X zwze`PLQjWsuX9xBA)n>Kj~`JPx!Hn0o!8&nz_*6CkBq1JbVgQCQQP4PZu^d1&X0E_ z4-JRD8R$rxs=!)e!>CrD_%vlS?c0nl`2=*im%lw4U$<}AYFphNvRIxeyaDKZ-R*9^ zyr~sV$ACgjO2hl7ahTnp+AY!uXLALkOkHu;(F+2jI)x^qu5F!$wx5@cry7bmC}V7` zTQg_V3P>rW9u!z46k~n`S8dA9zy|EhN4YdF#2W9*$ma^^UbX5o?3kU>S{|IJ))P6Z zN!B}>JR&^aTkEQX7fI;$%?HG0Aq7}GP~~6#OEL81C`0{ZsUAMi zJvJUpw_y&Rcg)r-ciS?!KM0pDY|S$~*z7U_8@kC$&2vg%DT+0l%o))7IkBV$P z;v80U8Qt>@>O~%h(#uBLFAt*o*QP2p3#LoI2b_KvP=D{uOx?y57BgNy02cILlRvob zQ?Z}Q;JB?$iJ8+=Th>cR5Lzy~TFsTJ5c3(CSu-?kkSR0fra!vWV8D32;p<~d=+T~X zg70&i(V8Sei@&|MMYt{hv`gcgGd`dm*jo^DY^98Q_2E{eu>CmZp_&sR04 z)V8YNfQ|Zga{}oB?A1Vhe0vot0nvhV*-M!atG`}pwI!Bye=mvOQx_?-677bpSJ6~M zyU{W3Ge+^QvJV(+Bm?%>>Kv@VI$hv{jz#5D(<)uvt+Zy7SbB!wkk7rqx2HuM|0`# zQd_0gyb)U3w<(<4@v)9V(p(;;b`7?rDpUTEBQe^@L1#0TYmwO)d8aqK{(WR^3M_i| z9<5~`_P8vX%Z=AsOJed8G%Kd(e^h*z&8HrHdFOXq_sYPs((%!@#v<>5w0MPx$t(D7 z58l!|ZZQbnECKr?Ky7%w(U7W3=RZ=od z2Jq?EG+Ea@CP|6z#Kzweg3TnOwI3ziRe`Mzl@uWJh$kO)4igZCKFtx6=+Yo@W2sg) za49v2yQPNqcSLTw!3lq8?#08FzO@PQR58T#Z67JY;U$mwo#xFwndGkgJVyE< ziCZ(RdnVNfaUZB-M1-Zq!G8w|Oi5BMOT z_y3fsA8c!%*9!wV3}{JX2u z(|NJ2H5>hKeqHM0GksjWj-z9ws*JLsO+!ab;MEV$&Si30x|*rJmWXj@XxmE0tjybX zDx`JfJmjV0(9N?~+}ylRNvj{CsBqnCY|&a$fUcKB+r`K(P{kFR;Okq>{R$x>#gx~L6lgiQIU=nRR$&DPXF*y8X_;m7HtjW&3b(pV(+{8ZUFg#` z&AJG?tqjLR5THVLjb%0an7e$hJ7Zp?jM==^;u{$V1KYzuZV;Q`2I-*a@0Wo&?L5`^ zu7hfg6cPN4Fsn@68l-`#!c&RCrFmurBBF$}#zj`B>vDVTrb4k4@33Z(^YLC92LIZ& za|*I4VqD?2i)|!^a%(4;wCzrQ($NGRLZfCe!{1*ZuF&6CsP&F{2pu{*{mFCy)y>(P z%pzL!xi&WTWVaUmmsi%E6{QMVa`INVtlViG2fQb%Z{3@EOJ5S_fGnTC)45fqs4<%$ zl+)&x>O7Fw_hsaGP^Dt7sT0wLg0+%6PO(_~6dEm;5moy@;f5ZEO@74nIhx3oN~_)6 z+$>=IP2QatXL68S&KxAXc2<4}%v&R?jUV#|a3RO#mKfATk-aQWtE)S>Q{%s~9++^x zIC4ScU>#i=LRxFY=5B9fh7uFc94+78d!LG!{-1)P8nY1Do8S-}bBAyZ|BvsX3H8Js z6)2p4YKLj2JA9@*zqYeLmlF{$lTah+^Le?KzhHq3PVolQmBr;#`b|RI|E*7?cv+U! zMk4ciLewL@OoFA+B6sOggY6ytF>q_jMZVQOJrCQRMVR~kl5LlV-Df>D32}UrOUFpm zbXPexgh>=Kx733&@O=B<=ssb~S%8LlJ?Fa18is@#oL+tXZuBkPipr{}aRQhAOF*=0=OSizh9sYSAmh)qpW5mwobqommwjWs=lOiHN6e5U?6H*@=OoG4 zEd9P)XiY2aXdC|6OBEev+DSR`$Ly@OZyXip-4(^#I-uo+D{%rwEhM3RP>=OsP21J4 z+}o{4cddgE-49`S z{;F17p|wKm?;(a8Z~fAy%gMgLLSry^jJ3TDGRx9pcz-5I@HK|g7$h_z$}1<)Z1!8z zL5eaz1~vxsxLZ3u_@tJ`xpB<~4TQ(JA$VD`zppZ=8^Va_sHR{WxtCavzQ7NC4H95$w85oxBUhCa&nTI97@XJ~0aa%g&p zk2S-Id0N_#^)@D3{TE%(IfYGQO!Bc?ll}cO35eW^51*IK^_o1GtrilW@Riv2_yJ)T?aT{E(ab zP$b&+#OM&P=l$yL!$oj+<ve(noAFko_v0D>+PM#)1UYdvj)`2*N?b%f5rPq&j_uy6@xPC%ev5w>g@~CUrsSN z(Migm%!qF5h9BEw$6nfz2%+Nng2CL#2bwzh7W4k!@grB1E&Cr?%t=9wx>Rrc{GB0gT8^Ufovs8YlT|Z_DUq^_6;R^**E2s>4Z&p zQ!0ztG!7d^LLZfKz0bDPu^yVdZ&hNyS%~jY%5A_9&p-QRfLhRKjFi65_0>djT)>wc z9lIW7$CuUJQ5wy6+&7cm2K$#{cWP_<_yQ`6?Ito?J$|k2Kdw2q=+;Fs##?T)F{h-W z5H05cJm2g8xH-bvy27V@Qc!ad)H3CI&#*BDB=P+ntKX5gy!+QK`gWwYNn%Ud~K7PnXkI~*;>Gn#XJ5a~#7*t!3f z64Y>}+l{$fwIHDIwft3~DL0?ZgDs@2yK@%VMb@^`KypH%vi&}fqk*#H!+n)t!P%Nz zo3`_>OvwB78uUy?ZMtU0mJ+1TLH28n?<(+>IZQ{c4p45>Ks=M16a)^^mDKh(J_RQ% z5RS8R{Nx~YN0+6!?;}gnz%2Ul!0hM;Qqh;*k?nv9D%r6kYSFj=Oce78ll)Au*u8p< zIQVeTzOTEt8&v0kSU?lS`C@+;Da1n6($s0RQHB3ZnrHSTr28b8f=a(h9BiJBpmsDF z`C5Vp-o+G2wi9O2wXjUkk(P`+=dyk%8fJMKZ_(I1hb#S~@ML0#I=ez7p^cE5=f_lC zo7)zKTnd=%>kUL6@$%TRbL`y)<=HrLJZFLuht6=nfbE zX^$n$mJK`NHvoj`%RW9JJ;`mJ5HaDPM(SuMt%bU5oSMER-UaP_BSzR}UTTsG>&9_F zUyjzzd}8Ntp4ojz7jOy)HW<_kK{z>E1-6%n?n@3I|5DT&I@+64`X=mjG#20a*@diIVZbcXViFt@X--4b9kec5v#t!PTRb5U|WtzczL!#qEH9A zL3>4P6Ml*i$VfB>{Ifc|ewoiNNu~EqgfI=hLzIiGkLz zy$wm}*Ea>%k+TE>1y;i)_lqpxyFJ-M{n%;%f;aBu&+`H+w7wR-mc~5e;rV9VQHruS z$ zi6h)JnK@UKT|M=^`dxH%y+JIoGF~ATTER9ynql9QRm&-b!KlI|$a7>*LE=2+% zw?k2RURy)->8OcVE!l#|W~Y+s0NYzrWJM2A%7P=lGaB$Ta@7_-&>uLu`?TMkoujfB z$7-LR*a4Xgrt;_(ay%U8(1tp%2Ne@gZROlwtgjUUX;M+W#sv&GvWMf10hjam?o+0y z)Yo?m7;u&e386hmC9L3 z;e01KLr-y9bZvXl)*7Swh#O3I+Ou zf-Wr%zO!6aDRAstO(-yrV5Ejm_m>!hDfHvj2DL~g;DpZ6J-12rB(EfTD|ZB6EM_Vt zHSTTRRLb2ng|)-P@81h;7Q$y{NTq{R(rSc2d?$)P{S0JBJZ%hs!rhq~igx0#n~flz zbdx0KRDIPP#{`ZWIgYpH$E2Mx4aUL(tC`?;6x%OAn{xj$6m$M6JA%FeA1o_X0mtEK zk*4UaP@qkRZR$sE+?W#C3-$Q4u@>UClm2bN!%2#e5xeb*lBQ7ri$*!4|3{+yYFN*w z-$af&t)~!=X^U9>NVy+E$qVn)D_^UNIZ+i^&+OP?e7d8apzAo^t<#7qtTEUH^6C|3 z7pMEC+jbw7s=$_S^>H5h`#$x~KyE!xjS#3A7e&lrChxI8&x+HY(_s}R>rC7366#X1 z>vqvxNMT`NLZ!YH>OPj~{xO>yluXctR)Pf#EIt>+yZ zw7fgBIOO=FY;kmT_^tK{yZZ;VIQcY|e#Ehu==bENfNN_l6jo*X@zjpUwPW3*hL_%8 zgmW4;V2?XE))}amIO^wTx)WzG5(IbtrYqey);ns5j*iAL${e*W6eR{-(*gN@+?(l$ zn1Ss5eT}D>FzPf~YFsY_Opd6gzb^D!8$054=HW%XL<$k-Z=l`+*ZvlO8c8Or$=Xm; zt;i4{F+X49IS%hs%m+OT2Fj@2hY7iiXlerbwQ*g{=2R0&1HFYCeOR~M2(JvxbtZ%R zVG!^H+X;DirtbOk@T6Jbz)c7w%oqFq&Jf*O+gRJTpIDMRuw-ihG7lTAgksYF>KH(` z>u{taFSXr^Wk!+R4xHWX$Fqa45#*la7d+|i0}0z|Z}TYq%i4Fi$gOd>s8Lz5Z9IU} zd@rGMvUx$mNR)TR7P0F)D_4jmH$x1{dtj!%EzZo`Ir%=@^d!)&FwNdC29S z0E*)R%dUWdP`nWMc1d;JJ)-R=kee~-Nfd?l^yq6x$IJcevwaRBKUye-^PD%3c^%6| zuSuU(-rQl%M~t*SrxBS0Ds1cxPK7-u01Nnw2JSXwPGPm%F&F7T{Xp7TtkT&X^V-;T zX6j+cCCEeOWlTj`mi>TO40ND0Z7Scx@$I2cYT)NLG3x*P6;g&S(Jx@MQva!F0IUmv zd=iYE_?WaDswcSTb*Zl;$7QM*rnx=rQ7=T`Sz)1-XSN}WvBNnnX;!Kcl*3f7 z2+UmA^nghjx>1L9{7o^Z-@J%b#XR#ujL*x8=AEUpR^480mJ^1%Z$+i`)^L$}mLH%A zJ;GJpmip&i!C!nzyf;q?<_N~epzk_3l>@$XPS(#!*qP>vl_lTLd9mb z^-LLRH;WhcMw{V`N{Knlu>PiU&v)F`8iOuJW|Q)~(BtOS-jSn(tWkmaj|Rb}K{zrcy*UiqXY?ct1W(QquJ z;z!AJt|Kbw=liP(zr4Al6xkPIt4{eT*}K^AY@&25(r`bghhLvHkbgCfcE;!_3hg4Y zGBZQKLG&z-5Bx$#kAJn1j+HEJE(=J8P}%<;i*p1T=*Chc_rBQ?pI~OM*jX<%~x264qy!7E9tMILrcK?r3AE72P+$Lbl1Lxn(GZeSzsy`m5WCpIQ%d+=|zG!eLp3aL>4PPO!h;!`8?5V#u^!HbY z#^K(Y&(Y$jKwahjAAuE=3nYR1mnh#%Ipg#_u}-99NT3TT#8<_%k(GJsC1W>XP+(Km5+KmnZr9u z`G*7YYTSugRyoH|args7G!~U;YhcUVx4!PxI>QchcpV{K0}FgMB>`*|F$rsz;)-G|UclU)Yt=Rx_y#eU12$nAqb6*-S@ z6IINxZd z5|PgrydH8G-+v11Mmp2vy>?Lo=??cb@V~p>rkY<2wY*KEFL(%HV=n5ELj9I+A(j7c zuj3rp(0f_@QxRP$@C4|zi*4ce@6`8F^= zNp)+leYWXKoNvhQNQFr?;?oQqaDIAo$HgB0UFY{=32u>q&Wy0I;L%Z3&SW9(dyXU1 zt9Cm@xSDd|ut%IMoyrE)`@@atq2fwm=Z$pmFUV!}xtC!mN)Ut4X#nN;y^IRTfTecW za3?#$G~@85UZN`Sl+-X6iWX&M3_ERtaCLK#%RvLjx}Hhn@1v;8*M^E~gf4mJeKnN| zOR&XGP`_)c%*futVoL^FAUQWMsu7BI4vWpS_>XjAk-YrDeVqOMf$voFa^aQT@U+;2 zzQtpg53}&1k!rOYXB3Y4V&z zqAzyKW?w7)q+q%JfoYPvigOqy>ktZgU9cx`y*fCgK;-RcQE!om&~X)gQ}wizXv~Wbyhei1Ft_sXun8y^he4C?b<-R8_0x!I^Ui`GYuS7&*&z zv9|T1m403AxI5as4?Zi@KDomp$FAp;MPIzRS-c=g^=7E(^>yp+{l$9fyMNLy{1h3O zFQ7x0AFW)0kYp7HwJ1gM_R*sY`Bw<-{vOZ_hN_h1@~Qo$H_SRM@K1NG4KH@Oh)62l znl=MCc3^stEt6`p9Djs#+V%PDFT=jCxjQ6yJ*5#-Phxn4j>p^FE9@7|6Qb5Lu+UJz z@x=Rg&TkTYYI4W>L{DZiF}cHQzkPfC)k()$B>-9 z{LtH+&zP^g|01;O*z;yG_6o^zVzivBxv+2RO^Wsl2_8p(qZM^{_E%io53(5JUCp;w zD84*69L;9E{CD@<^+Y=!)&@}OOY_@#5o4sBT81qG?YQ895QC4nj(!sC;@ooHK2eeB zg0*AEH@=nR4Y2JzFsnQIES)y|o?6%90y1|OIkq3-SFh;w_Z^a6%`iVLVXFcg@`$>h zgIr*YXnFn!pN|9o|%by`~hVr;0G^rGT?ki z-3({1(kIG}2=!rNVNobRH401_L#VhP?HPzw?~EX0@NiR*Q;VQOit3-EDRmy{kIkb; zm$z>J21iMR2v!0XEKZYG{zn2^W(~qg@t?B7Jm;Z;Rf$*L{~9zGnGoo<-axK`sD}yd zwoqJ&T&)-3OMQLt%l#_k0=-JaDBA$lm>q;pLxdt`q%){Rz5ehWflH+lO{Dqf+bNfK z>MgLZg;>8@a8;tYF4l-5r<;I~!RdA3wZrdcb%*TAQ)0fjBMJ-ck5B^__UR$l!!5ee z_JCvPG!VMb`Y+SYu}uN)PVO`fMY7;z9Uf__vrsZArKxFGo?PyNTe&U@kh$;W?s9z&!_z85LI z*Jk;gM~A)!t!J~akPJCUC$O@IKJ)60O`);e-ox&M1$U!Ab-D^6nan}1?$6xdwLh?_ z^~l+qBolV*@S+a1p@XY3r{D3U2=fq@9Jn> zQ#tU*!78G()+WR(HQTWLw&>`EtcoYA$T3aSc))sQW?mCamk4-2&S<{Wl%n2V5Pf+% zZ4~A5Wg3;m>;3i5#oBr%ey|Z>9^;&yLw6P{-NBBrswkVQP0(`2i#q)AZu#nNlU|YF z-W&qJY@!Ikq403?7Hkk&^R1X2K{xbBP^8(#y^#lto-je5sT)V~{y~N{2NDlqtC0Zu zb+ZFq`)PY723Ed1qn!}Fsn{mCK1|JXXxbLvdxL^kXua7s|9H&MCggIW2Gs5^9U!qZ z+N%P9o1^H6aC-}BzT%goL9Hu6t!tO~ciwex2Au~{Rm1bN$-7|R3;4OtP=+GMvSg^lnkn$LFin=0e$wJ8TK?RLcX2{ zY)b(@3U>@rM0CR4SEMRMBnw^Tj0GaIAt}~LhN?I%h zCjfP*737u{G?`BeNoPDbgO0%ruC4W?N(@1V-1}eK&p(!3@cieOZyAaYgr8SW)-|JP z@nsk$ZWa>_OiwtO?#^qb2EYf=P@0B}#=8HRPx?(Zm#tXGR!zN9qo-g6nF2zkr7^Yu ze*E;}Fup0qwtOxG%kTaaG2086)KgXe{4y4@krg=#sXW?L;V9pz9I!~8s_XbBRr}h4-*hXEj`pST)zAxHA#GnjBRFqH< zky5$`EJOsPB?svkx@*7yR0L!wX+c6-x`qLyq>=6(hDL@OYUZ86pa1vX{lXXS+YZv?s>{v$(1&6+PAf|m!AFihAgb4pNtyA-;k%OanxT72Fk$o zAMx;XmKYBJVxE2nQq%Ptlgkc*e4r+8Xsl=KW{Zo37pWo+^7#@;EQv;}AW24i4&W$R zeuY>o$mcsMCX9_`<6A!phVQX^uo62SaX_DWj7Gbcm6XWeefb0y`rqih1EXWK7O(9P z3Nd6hDU6X)%_0S#ny1&r*0xP^d^jQmP;{g6r6~^JjUq@B;IvAK6kt$A6>cq zYv191C;3-cqD?B5l?~`w)2H9%hTI!U`86Qy2}Hz8T^O1--GVgorSj1XV z=2rq(2dQudpIx{CSLiu&TD7IgtfnK6xfWKDQAq4iGFo2 zWv9n^jgSo2sJpoWh3qMf0}5eXHwU3togbgAu>Bu@g~XX$W22YY4aawo&%h1_R&R3M+$k(+c&WPB2F02 z=$Ed`;L?ON(2lSFI*j0H0p*e`Vf#Zv+??V300SB2fEH=5piYcUKJKpbH&Wx*@!-e< zOJrRiRX|T{I7qKg>>rILO&%KA*zjE7v;V3vilh_+MuPl)9*|}_CZY$0vW<G#=o>AC#->P>TNGp3^0yeaGzCb`vH-7@b^h@

k@8Wyb=}gS6xt2S+Xn5K$+Er&zbyJQA_eDS8%)sedcdi zBDN0a8K4_o`kgaAB!ZcS;;XOOK-i^X(CzXx{!UWRwMwaxWfJqf(7E{#x%^(Wx* z|0UtF;Coru8|Z+raRxF$D>3_&a-0-KY7Lj&jGYDwfNPLzwRVxDe2>=`5!UsWQBD8& z|IVu2u;Sz=uagkFz(^$p)x-z}nVGFgObHLb7d|BV+8J{?nfV#JzCqO&oMxja{joh< zd0ve!J_)Hsn40$@`x0M4WE{6fF+8^LwFTTYkgxyTe0z_YrvArB70R_PI^tLz0<#F> zIT>W*sc8yH^Yd%i_$jkGY(ol@RE_i9Eto5f#Vonnl)~73@V4>MYLF;(V3|!lqQi z7$*?I!#N3%F2MLI=iec7b{=}@?iN3DToonB*Wh{!A{gl=7fs~q1s%xKctjN{CL*)P ziS&@{nWp(2Uc0;!MP&3$^xux6i|-h~og2SQve~prtc7xo{)C0G(*)02aj4QC(77D= z_a=0%A~I=d`{UooLzLcQ}07hzIKI*>2@tyBqaIT=QN#5WWj{K5~M6}3c zEZu+bAjqWOC(!{j1Y~?OhiG!uxj-2n}N@-K-pTyrPluKBZ9EVl190J^JM@l zX2g-?Pv2%u26rg^9kARGIWpv%JS^@q&O`o{IQ>88U{7kTGMY`JmbbC7`R^uPyAfgb z3jdH`QZI@>Ht?=kbXj+7xQVFiKjW(-6`{NjW{B+9*=ZnsOO{de;6h1T9IvZ~)ZnsY zorrh`!;6Col%`koU{@6~;`V=!qacgidvUT(6FmkNao3z@#-i`Q;=@2bV^=ADX z0YtC7Ll(d>99?W>I5rNFfjzybI#ITY=~v_$sBlmwgFK80b71oTFzjLz6)BQyMT?NK zC8|WW(R=-fSiY}2!5ue%gtyI>mc{ST`5*7Yz_~u!gR;b+_F%9wjx{lep#{|q1!T0b zv4EcmCsuFb6I~kWw-msRypli~(p`=Id`ui2%Us|sPF=;~*67@t2N*=8cWOV5`l203 zX;p2vdHM}`L`dTq2$KDohni11YVmv9vderOK(c`gMi%+FR!1p$B@N-GFw(~W&E^({ zXL8>civ8$y){V??>dImS8&nx^EZQlWwtd~Jio&J}tyPH&I3qp;OQf?$@EeYn7BFw5 zoBd9bY9CmHHJidN%~Sq0xA@?W#fZ!hpyx&d>{J(R5|hpb1>|)Y!#gCr2oMiD59DLAvi`3{ zMC{r)E-A$pnf%TPD91wllG~Ls*g4l5kImPy5~bZ76~T3>Owb7cK@XMaGAWEAy|?_Z z)qg_Y#dl5~ZP>nn8^2$Opz>@FKV&2#=40rdSPhapbOE!9)yF&~NxNs&2u)^X0+vF8DDG_C}dK2ob5$gK-{|m}s-9_2`99z%-!nk`L@Q5|K7(@v_M9u}Of=UdLBoVeQLF$RW&{78Z=K*l7!kO?VNNtv4$Y*Y#G5j73 zodLdU$H}9g>8#wwy{TyDV{dmi_0yOCEe(<%iu=ohSdg)3qka&10eF*d^=jO$v*+b| z27;nu@8^io-rJdAHIk_%RmYVPH=efn$vVRRW)SOWLf#x=u*pwR1j;(HUX$_{TF` z0UMY@8q(*#>d15QeFD(%in_{6-GQe02ZJC&*af|2+XG+7+0ubw`yV%P1x$_%oVs^Q zv7Ykh=NqXIWav$ z2Kmo!>@in4=3|Zrt#*nex;L~aXd_A6RFAQAb+m=0V?1nN?xyzDBhANchztv1is?TRET(7$aBc&l%*i1?M zdpLi8Nt-U9IOUO8Hv@Xjy6}k3zb*J+eH|Ok|1xdP)^*%v@Zwk;@NMjecQ7T?@~*5A z5t;u&o%Txk=_@?}Nj30}J%@9^?Z+PH)~=sP-&28lLR>F>p7C71;tocL8w7t}9#-g? zZ^0euSJP0hQ=bddZN5CV2Sa-jE7H)?na=JHQdgGyl%{s@PVrKc=7W>b_osVBuY`B=MXzJL*A#ozY8ER4DfKw1>3VIjx5yd$wNbN6cc$$*E z*3*hBH%j8Tmv0K$<*&=+|~X3Jd||vBcCyKF@1y4h&fMCumzS2 zsG%5*V$ICWRaC9xH%k0(62&LBXtrkGVh=kS84?-6^BY@D1dyr}j#Lo&Y5&(FYNKe= z>$0;E|1(!IOZ@R!0XwW=e6} z-wat(@Ysuf7Trik@lAMdT;)()#U~YYqTLBKP`r`T)lhH5Vp^}XD>mv#Tz~UnQlbN) zWZ4tnUZg0X9DCo~beFHjdV576{iu!Zz~wuRrU`lhf-)Y4Ya;axdBpuv--D-`!r`u} zQI#$p!Wb`sicP^Oa{@=)z|+}X4UQvBr{QJdfg zA+axJ3%#Ph5Yrwu-%4ayQ48=I+fTxk-9pqltUSUh{aDeTpLK8uyMUZ{>3%6_%#Ghe4fUz9W4_ zorIyEam=Gp(J4nQ%sMzZw?Xn~WvSUzU&8N@1#m`)^bhyC$Jlrwo2K?4Gm+e}AywR? zDumO)&rm&kLUE?KkNr+hiS9W1cCN%h*6^$dpKh_ELcZIg2i_&9GtskOS%-2tuVx`N z6APX<;S)7euM?K6M(bhmVykb`OMb8FCZYF&iaHY=2IK`g zYbG}FQ4tr7_59$kN?uGeQc~8gQ7-#xC>AZ>B6Ule# zjGJ_B%MHr=0_N{0MVpAiHNxw3<}qA>n>BuMFn7OBYA{Jk6=`5lVMx$oc3{MEAMT`x z2?W--Z?5c#*zunF-o+ccS)mJKa@#nxM*djZx z8w9*|S?>N!rcf-tAZ}f|#Jh9jnR23Qih(y=|I%_LW1`M_){p6eZIwG?sI@^xp~d2s zkU86z;#eGeoK;r>F_>KuR_WdzU`oXcD@M;=G2Zn*uygmu2NG>IY})3Ngj1ZO^sVFO zVFy3o<#X%0kDQT@LkrnWFGa~aUFIQ77gA&_ez3;!Om-W4hqx{lJN45?H%n2xC`jo& z>10C+ly4ZKstSe+Kmt4HR_zBQ#BRb9vWLjY`Dgq+O6~u$W(J}apB7Jt$6(l8DO|e@ z7cfdRZ^$fCib##t;yb7~AmmTr?0T))Eqgx9j@8t_8?!ph+imW6czdpR6fp=6Bsmx* zuz~6+LO{m62taCMpm}!7ig2$^1tRoq1 zeP()=yS|U_cXymC736)nQQ{P+&@;zL6T7|J_ACzVB_CRCGM!Vx3`1Yn3T@rtK7{r~%WC|bxKO8iR{&J9NV`}0^TCR7oS=u2 zac=Qua@_ieu*1YhI|I?%vG%z46uy(iTO8o0I9iZ)4AyAQxH={lu8vx%F|1yYr9GXtL&HCC!#fnH5Y14Ja-ABzjZ3`&bEli75X4NbxY&O|d zxcojR?3Q~JCE>l1-z{nkP8E&`MwaHl%A9`26m^Ne!tOVhJ{{Sb6L*{W#95+>7#9F` zixOydmW0oJ+GI?K9=xnj>$nt>z0S0O-dLI0gSngF$JiCIZil&n%3nlhf&&>ua=qcb z*&V8@csh>IRe~rGK3*F?YsC)Vg|J*mNiB`%%^!&t#!>>G50u~+tNIfxTAxi!-Mju0 z-oPbCyET0B81(T*-CFfF+34S0M72q~Kfffl=53R4&{R2Wewey^#Hgc_I?XOp41Za& zuv`YM_K1Gc7o5o`@}xSC%gIf+tb94@aJ7$J-`3SCHqF~9$f_yij-rGdbv~!@ruLCP zRUW=EhcQ-Da6-IjbHFi>@7l0v?yHurq_G?a#-w4#tzx=mjtV(GLQAEMqwf*CZ73$V zo?S>}UA1HAp#sPAbIdB)(XMMqD^CJd&5!+MzO?IZ`1yo9ae{si-8}DsmFHq>q@t6Z zg?z9mVn5AkUXQ;bFcV^EkLT1y0%}o)|56Gl92k(ziixP^z*bO9D#aa(EtGFwtYUEi zwh^E;=`YZBm{ImfxG<|6FDi=+N!)%dm!|`E>TL&WCsJJ^XW**q{LjZp;vJo>Y!Qd7%%iLHO&yXj!3S>~*h zgj>m$3$I;ZfdE6N2i{nr#&g*L>oTS}@h4#^JxQl*robic+CcS7-=)KcLh}u3%@c?C zeHxzSvXHo*mmKmXUdmr4ONz9GZh3~dvs>bem(ftUAgtbapWxm>P-i~ZM0{SH^zLMO zS7ep(=DwUQ%zG2%->I))KCrzn2>IcgW+U%^9Uy=Y-9T~6;kCOBcyljV#i-zpJAem{ zV&(kDnW{F{6jZ2rw&t{jI5EQtjEdMYZF@er@WhE^=ON(W97Gq-?X)$<(6};N>%17} z=?awwuGO((2kYd`-jLMJ?>p}@!>tTF9jt8*=mtV_Ej{)$v@AKLHd0UJ5?f{yx`>Bw zp_6*^bD*QAb>(dSM2Y+3X7W}>bi+_nX1xfs&}h3dwk5pzSyqx{rt2)Z2o#5V-_pDE z%{Q^7_qNs1QgfM$q*?PU)VJq`*T_cofPKP+W}&{|z1pAt3Y zu{_ARPw+2}E%7llYi*2W5qnw`en+(h>>f4%s9vn2+I?m0L?U?gLV@FcF*XE`K~fKf zN3@#!4;ogIb7CTCrQ8NQT!>Yk!w)6cEDzH*JMGtX{tQ3f&DSp@3^%V42M+g=tabL_ zgNW5%ALy3GIieWWH@{h9bMI8wzpuRCnU|r(?PIapWP`Noir>z3h|5c;{&V`A^wCOX z1~a;P5jU(TB3aJEm$|l5fu;3z{C&umud^BFq73yuc$1x^y0<#;kWcTPTZ*pZb^FPB zpcZHixewy{LnW)zD)4^BN(rh5f#w5Z;Yx9L=@OuMUdibjeP>sFV~Vf_l4i3h z6iGEc9d-j!M}M-?yM&~qX2!(Wo2hqGTzlvhqlHoS%l!%iA__f0=lFED_I&q#kGRAM z=jb|ZrbIGY-xgBhKFFtpkn<)W=Ro_3pNYjfE~=zJ3}``^YL-eU$PPhLiL|@|#xHtK z{hy-hK${bxwJ2Z2>lJ#?_Yt$KCtngwWveUb)G!}8*jY6LqJE-tI;<#X@$iB^bI-kH zMn&_%JYB^03YT=voC**k>EvsKxhjB-@xzyAYq%!UNT={DT{& zA|9b_XrhJ2`F$VgAgz@2e&Cyen$gY&DP0`~?we}H`4*MM$)B7&MuTH2><8wM<1Ie4 z(4C(Yn@YJJ`}67P>$%qF(n6C4MD>KiGZf*(3{e-yk^p6~ZG1?Ev(lHMttbz=SZ2LL ze-H4eJR6!KhVeo})xp)?>ccAG!&w(9C98`3#SuBz%(ax|D7}#%pyh0H9^p9A!y$AO ztIL4+8gEYKcT{h$3c#1PE{@Fbdk}KOXOy(lDmw}!WdR^vl6NfpM@d|-=fNX?-lP86 zy@}$whBp|icw zq;{+ow>A;UjXw%;ym6vOIs0diCilXiNAt@0N4-~Rf}2D3e|6b9aUX=#9L=#%e;^-z z*mX3iuYA~bFzGZTXZDHMA1OjT8kw(S|67Gr!l?%d2zY%IdFVfXL&S#AL5R5o`2q7z zpN{xuEr-}kbnLo&60%|!o#2XB`Ifb_$eIA{U(W#4!kzF0P;q6OJn3~phQeZUNN=EP z8lZZLB(UJ74ich2Yn)*-&H8UUz0abg{PBx6si=uWwY_0jt8bdmQG4$3tx4m2z=4}6 zHO22Hv$hB}pbo5!dV$g%aLG`R_V#ON2dQeyHc9I`^$^g%cd?xy>XGyjBxRomUDqZk zWj1|QNQF-Qr_#3^)7;v3>0C(rpRzqDcJY`L7WVr6@Z|_~rW7Wam$f-M6|NyX@gD;@ zMcQhkp*^$nSs^9KeIx_Ur*#=OlAanrdX-x4oE#ExF~d>6OEWZ7>*n45HtitaYXM+# zUm>Fx`8*n=q&MAPnO`V^T_u&(0Oev%4lpC%KxGlzV2BqB>1!b8Pm?Hx_MU!i`O;=u zRmg`Qc8qbWNK!uzwfqgnI39t)k=rc_8xnuF9FPZ%AYjZ)3pI{Q36aU56M!2uq_svw zaJhrxPIWK(EAsOcpsPX`@`caqZEV6X zk*1Jzkvb+IEC`CWd#QT5yriG63DV?^_5$Sr$OtD;z?FFveBudfQuL*CH3!mx3*a)6 zA@Tc3(fn+nyM)9athfPNF-=F6a&oRyAXWbgT=C9m=BI@`MSrz{F}hgC8u zsu$o?Kr+1Bd&5jo|GPfS1Pplf0E+GHKP~v;`oSqk1K$rtd0Q?}AgGS^Sprm4YK~rA z7d?=!-{S$}BN$xk!X9JEvGxJNHfW!*BtQcih$tW{Z{H@Y#M!36ysxaO%U7=S)q~ne z`RO6ER{otij~f2&>{l9g#PQMNx1z9AI7Toh++RiDqN>z55(*tDNC$FN0ewU^kENv* zeDC{?_s;$Aoi)bPAhqbLk)Y=N9sY(;EYXu(hW&U=@cm!K08}##>AAMXIpmb-MDCs# zB~_xX`zeV-v)<|k;3(uT18lIdK|qyw>~+l~o`AG!2rS#F$@PyPZBGL6_cM#H$hvz; zaW&yr6QC|>^==W(9(Zoa+N~D=0tQUlKXHNO%tLui4=gV0$YLU%ByEtWQN{mMh5v7! zVgD*o)yp3MQYq5sPJXI0Fpk|f3wI{JQ+{IG1QEsbnxl_==5ui{mZVFD`dHHw=nY|m zVo7q=3hbaVPg}JK2#@}t(dj1Qd;%!u%;O-{(2!cv!1bPt)Py=?{;#~0lEJii2klI% zKA-|>1Btok?iHj=Wa9uuMUainH-=l=MR{U2^QcVhmO~j7O=vA%hi&$T8VGIw`KDk8 zBdo;o5sfg*R8i~8#&%w7zX7HR6yS(Q9llNS4D|IsVq5nbl=kd$^WANGF>RcLZ#^6M zDcE*0!LEuhxC<@!7`NuBItR7DvvWL;^TKIM*&g6ANg{~VjRQjYZ2#My;d4p$t^ESL z3$A6%Ile0&18t+7mjk7JrXAGSj=C80g``~9!--XU#3HxJX_ZSljJ1<72{Am2{_g}m zIkpT^Z?Sy$dkG<<(tCWVK@8uU{1yq+)@90Mur0z~ASg^{lq}s;dj_%8!A){g~ zf3s1TGvT6CrhqI=%2!%OSAz9^v~rd~GW^JSOHt+m6{$HfqL zv*%rOoPm@Rsqp9hDi1R})pr{zz74GD-O-+-4PIaCCxji+H9bez?oJ1PONy~Eh#@Fc zA!(gGGku@RbPsgRw;=WYsO2kOgUF8qMd5EPz){D#TA-`%)Seg9UUnQg-nDKkEc^+_ z(T}B5TKmz?4~gCrbL$L*Sfnd&vU*O%t?l_cL0 zLb%+-fydAJhgF4+g>6roX%^fEk5;S5uiUq6AFNU4biNSSk0y??w_v*@4;n|~cGln1 z26?A-&6Ww5Hy-Bnu38=Ft>e<@5T1*(jIN=Xsm84ej~-2!7jQzTGnz;J&tDjSS;4tp zW6(-foBkA{$E436ILa75w6fm*p#%9iVoV&8{gy87!$SH6x=TB+G7$7XQy?o+Zc7uE z#-%h&6jM=!{n880z884$y*nBoRL*Yh*tOVWPHHQR!QV=mE7QgvHLewLP~I4%F|Pfz z(H6Q^`pnT;=2zWj#^g&vTgA$!vXM#Mg?5{a@crk+hHuvN_1~0D_3$RE-Wr1waJR+c zpw5*tt@bMJ{E>g~pLDAbG>!i_?kY2yKK z!NC}tG%d8GFVucal@i#sy)wGZ`UEu>m~!hP)2i4-zutuK2$bE%{$iU*hbN+zqrbJE zc)+-(ID)dpro0}9<*KFa`KnkXF1&vyI}YP7JK*PA!41}kp4E2AG%JyZy)$QN4mq_`T9kekL0Yb%K6z_3e1v`TU+l$ z6et4Aaz}HzEhl-u5cba{J-wW%=R7t&H><4dF2H>+)%YkXbJ21ab$?E8-(LrleOvv5 z{trt`5UeI+al|jg&HvP?X1S=&nm1Y28C^*w?{E5P)g0No^}J4k?K!XHe0bP|E}ibx zPJUenY3hu1-v3#_47|!Rf+tn8f`1!e8z@BK;;mfD0D_s6~-5T9G@n4D>h{;WSpcfPIyIPt! zm>=%r1R5PDNTet-9aGvpfmwSn*5 zKM*Clp2autgdeb(l)K*e`d+cToSK?fPc*Oj-TrVR<>w3`{F&46CAr*Zic~%koceo7 zb{;%dTDF=sI@v}QeRZ=EWy~*ceVmDVTSJ^1uBaY?QX1~3oYhKiClh&r03wT!#GLzgCI!h%7Fm)okDq| zKw3plvY|pdc8H={P0W!}WTA`hV9jjni3MnHxm7|;Hp3;!Lf5XS>sm^faz~=ieb68? zQscw74G4>*j-$GpA8S70;oHqM)XN($_Il1rgzvyS=F5k}A>Ps}xu(pAk|~ofAhYJa z=L{E1g|Iz*j{+ZedK@kD1yoCw>%t%cnnz?)nTh9ek4&Brnt@S)qtRSM>hDF_!g^E8 z-d56EZ^4JfnlXA+=2U*E5#h5~1o7$M1iew~rLNsKwn{4)_M11?!*ett_L&pB@7^yo zsRpMg!CkHAbKB#;97d%x&NrCJUos6nRm)Tx5&iyIJfH!#p9k5tTxCFvpzq4Lh$w%@ zE!v!mqCC@?REauVSlcDU)36+l2Toe~Cb8+@IE2CJVD2s(5vFo(FlV#I({j}C?zOOh z8+rR0h_Qk!$4Ae@@z2Jy`iLIbrGsTXtFyR;5ym#(m{Mz-O0En|^_aoY@o~{S;89{M z`FLVcbH8|lSc>mz%_i*ZHlFk+6OBud_TK1w9O!0Jksy?E@kwz-w#M+%yo&*Br>(u3 zvC}k7PV~)M&Va?ExT;G*TUyOj8bgxFt-pk;jo$oBjE5FXZS=fO4)>y=DWQls`{86a z8=BvbJ5)i0TID=tV#Pil0hvc(bbgz*zI((}AA^}!^cE#VS5a9T!*aoxV1!KB7!4b1+Ovk$NM z&1pNUJE8?*+eWRsH9kL%YIUL|IBplhcZJWDc8a5YDJ zZA{dau?gRG58DqNpQteoeI>-p zr^RY&TfR&i_=Tu%ebP*JMRfo1Vt@+y1e)1`wna2 zE5p7oV^j;u#|mw%$C;EjuhCr7$fTJXt~xE{wfmK8-B7i)r5D?Ew{Q$?O9e@|R>}mR z$^2UhC%w*3E6*V+$rq4~Cs=OZq?Ga0G)v}+7j@g8y*e3i@}yM%X7bj`^Ri~Txicrv zubeqyzcb?jspmkb-(@>&Svz-mF;E8mwi@;5(VP$RAsJ)`gp&MCJukleo4Szlp*95w zu1Sc>&*XwhC>aaO*FOq6j~*FtXmigF5CK*x1p$GJ=~@L3yJcV2Fop7!k<_+ZG!hLI zfz0l>*}$a|PJCwbJfd1`?^oG4^U>z?V3O^G4Iaq}089l=!6HD~1$(XNXbatN**b*z z=`)FF;&Ak3r9_lZ|LE#^+~98G$7z-7^iR^R8}V7oZpt?jB3yS45+5Q^%O7Sfv1>8H zO@7H&_s7+q*ok^9EK4x!6S{u|6kyh4#Lc>Z2bDIE@LlQ@N^Pnf4H@~PlMRnG-hbe(!v4AqS#|}w9+qKQqZ)I>kpUf84yLJ!_9iSp zg^Z8VULRW~LOywz?Wp-ki^fGA?njfe2OaKD$>-A?^0&oo%xe)hzw<&atAMqC5b}0; z;`-qcLq7Le$}>msefv$S;G~@q|1AL!(+=u>Eb7PZ?wJjY0x(5(&vN3xNlU4+s($KR zz|qKR6k)RKz2oC@>}7%cQ$zf|z5=dGugvMyQ$u&7#@nYu*YVD+ zZNXNhUf7KmKB(x#s)G-HR=^kbP+DUX1$N})P^E>A+HD;uE7|E4jc2GCOca}oL0WEN z$_o(&_gsIC+xdtXZS!nb`rMxl-dr@N^ntPmQP<8oV2*@#Y3_4+bd>M4=Z$^K*gblS3*Ar%{oO=Dxv57H>$nUsaI@u97S6}hGJ zVe?_GUcEbeQYE~hRqI~$Cssl@^FJjV%nvGN4fx>e8I+Qsx_@r+&@tK$m5m>6#!BfL z-AWl;9XBIv|5}_i@98Yb>UVFe(^vk)IGp)vd2(WZrdE{qCYqhLmXkN7{_znNEE_lyWrVCM5IiH77B!BdX7=uezAzF7c z$y9W!-ryRTi1#j@GG8q;3O7+Xe{FKYe z>uE9=lM}Q%06+Crqrz%~bz03emz2Fidi2GhaM+&a!GWi`9krn|mMq40aGJ_|C*$_I zxRX&wtw`3BrW03sO=|_iv~ctNdq*3rGmT|Kv|YKDs4ow0;bWeyEK z`oU6f#m$g*)cRGG^JItp8`k}6RfA=TN`-B$vx?%?eTDYqdI4MfFvda0bTmxOtFm-O>puFnU(W^8)@DsE`pa>v?Rv$w`w6+s@ZKpU z$o()=+N3cl^Tvjq;5B}030F_zQ9UEWU3>y7RO5aAFk3-=zs2!*u*_A8bP^t^ za5Ji5!m;y@{TnIYoS7=U>@yjMZ)j}aWPLrYm76>jS+;htIX8UEPEx$!*>ELfZBf*u z4Gr~$2~@~#4?rZds^sDVjTIuvyOSOA!6$`9p!g(3v!>`<8#PaVb|f@>6HeRT7jVJ9BbzUsVrMkJt~fE6u^Ddm zhRSeeY_|h?UA$oVWosRFKR8pTbZxDk(e1{BJ+A!~M5ApWL2%tC+i1N9)%9Kep&OHq zo!WJ`Qp6AIHUx3!m26{k)|~{#lEeznS6xvFWI00x2K{}mE^#%`RfWxyEjM}G%~hYu z{1{$2c%Cl{I~4Y)C#;r<*d+Oe>0V^47T&lu-u+k>0BMEL%L(WsV;vBc3x7LU@7e~R zq0LoEN9u0pFbPPZ)j#d|_MUUA*nPd5Bo&QdmI?3Eqf8ac7yL(N{nj!Gy$?f%_ zUX;i9N1=h0;rIwgTp3LpTTq&3%(J5jpDdTv+Z$o`6JSg~h;w0p4sl~fpgn?5HE!KX zi94%iKuR!&ZJo$d0)JCn*ef54*wryOQ~K=k7cUPADo8&#o1n&w7Zdr2Rf3DrPi{U( z?B?C%i{I#Q#Op>bdZ?NH!y064xR`fK1P#ZzG^}YnramQKay4T$+m=(eT3zP-9x>N# z&_Wzw00GRn%Y3=6+H!M*K$kjqPXkjZnY(ZQ^{SjN7x?@D@J267U#Z<4)q0i!fP0pQ z-lcbDXElW5B~N};z<7ps9n2@k&{b+#4`t~Ew_dnEFXroVsKfs5QDS?!y)c*0ex8fs zEZ3ywUg5n1RcoaQzJo&pSadqN(*0Sc-xSf>YgZ$moAN>9p9KN!MULJs-x`<4oA2&w z+%!5Rf_B*mOK?*{FxT2dEn07*ml?P8v% z_D$&YPPs`-*7AN>xR+;fbp*Qad-tzr}hGsR=AmU$3MA~J$e@rLK`~i z3y+JzMTOikeu9FWSdoPkI`-ri=Bfm{3Pd3y6T%JhM|c2vk{|Jcsy6XfoO(w%h|q*a zYfX!ClluIt!HTI{`zYqGS0>F_wGv^!41ub^t^BS zyK<3Mm&Fex6y%jslX)tkkC%P-5EG}Ji1B?TrcnLC?5JF>GY>M%s+TovDnRCAhecI6 z?Do`ixVhQ7;EtZX7954&_8IUI!fB()#f5*6>W-p8Ty?I-=Ie61Vya*b%`4G1!u+7EZ^yCrGMCE=4dr@rvci10FV{_#b ze`<59PuNt9dVr1j=E#{PM`tn(-msvYC#Pbv2~W}XJAn*x(8J$Ubs@Dr9H3a$C z-V6iz^9w%5o^tVS%~9VLpWN9>b>*bRq=r-eJS)U!dp|7XFI64>>5RK{e-ch4TxGY`Z7I!TH`WqfHgx&b+Ji%r~y|RO-<{+Co;$S``TG_dZ4R8M|Z^ z+h;2&4w`Wv@z+%KMMQ<^EZhd%(yff03Fu)@&kK#sFF}T6cM7*#`N*ci5^sS}t6SkR zfzp5uU6PBw?BiA9+qYuwvm7V4xyd@-O_pk&D57Qnc9Uq=qslVKL%e)3SE(N~`;9Aa zyy6ESEF<|{Al$?F<-W(WghAs+y*f8m2mEfF9z^eL-GZ*`T)rgk zHjebtb<_Rf(1@*{;KdIganM5dH@J?(xA1GjDrpaH3hMI>=9>Z!@=i|U6K4@(vUK5x zYG8P%P>!k>z|70Lw$*@^ckwEf9^RCNghzK03`ZE&X}mM7!%Jm%{30bpwh&$x1bW;p z14xXRwnXS!{=KQ5Ig`+=#42}mHv>(v1f)2tzg)hg62esVZ4#`uog~p5D=UH^?vTqI zTMbj}btzlAAL_d|+QsE&YoSs!9ib&nanHBDQ1%L%g533wMu12RAvgDtwjaRmVb8^H?|l)fk($JXJjANSva8!(*OI^3Xdo1) z1ePK;W>$=;OkeYn?DtCs*J_7ce6K&3s$QwP08w?~ZwrWeU?7+n8@|D}ekM$L#L2lA za68*srNynnL60kQJtj+oJugYJ3jX+mwh83sOV5Yl%UQ@dCnjgoSk3_OF<_(9Of8&uc<_(K*uFLYie$cwrZjFlsLrg*g zWMExKHCwf}l*Xy~C&Tkh5b>hteJCeN;O1cO-@QyHvz^C96+4sR>}d*{(m*CVHwD*m zj1s87snagjwdbr~^Vvc8mPD?e!F=q&ZLNNr#7wKKyycWTly3~z_9>=R^cna&En~0I zX%9#m6+8t{xcM;POIbpZ<4h*tp1h1G{kC$bRHiq6DNG6!_T(+1UpN%JpIKEL?b5Ge z0|+te4v&>EH-7lBuBNW3N5heFY#nwu$bVAjl~v4;#Vlbp?ZMA%c6Dmklfq!_;2T0g zUh1{7k_nJ0*_RpzkG6&@OLn}-VchQb{(LM`1*?yWrKWo5 zE@wH)d{7~gy^+}l@UutBG3HaK^?Gu4_lf)i!h8FPHtXhATH4&&&}%Ae0cxs zV1@QHq@@Ee#@_KUzYWy*@++bTSAVmuVc2DazHBl~in z$Ipd>mPua131bPhf%RvqCY&muUy9_7CjKt+oQ?4kDOXnpR0_9_CiA3SVh-bzGUmy+ zLMO%QFOIRv`4SGblIZoZOxMY3(w|cW82v0ckxwK*7^tW^^X4by(A6;LYR(87W+#h= zDQD2ktF@p;jKH@l>2w&`sAll;kFn~A7z79&4q3L4u#m5tVlm7)i3fE{6~jyne!>_l z$d@8JI=|oy+N9@D=I=wX4H{OLbTEmgTBAW!vWDZ}2q?~v|Jn~`1-3M51vfY!!m%d%H zIVqcSUTYRup4|c7e?W*yVF{pkOz2=}bu}YYxFm`} z#qO{a>$V~K+xnrNR(1fu6{e<|>;I}z|9neOl;t^ko{!*z{)3y*FiF1zVn}twny0adw@C8BF z$8y|adNd$_C^j+ChkQ3E`l2Ik&qnB(EdC` z`^e2{?EQONoyQ9pp^mb_us3|AN}e8gHvhgKXRheBrRVW4b79u zwl#8oqpx`zu7@{jlWsQHd-q8HtH_)D>V9)xeS*^q$i@4=kSr|(kH3qICk|@ ze}ER_Vcq!Y24^#l7`8c+(jxmY7Xja^qmc;F-)&B&;tWQ+bM{<_M|xb4Ir@Tgc@{0< zOxPObGDEbEcKxdbfGohUmjmHGDe_pr!uk|gZp_@0P)>(I?&S>IXv!mUJM<}Px>upW zIxg_Z?sR=mO*@nnW@zjvZZJ{w1tvV>dZ8n)1bOY-?U73>hD>OatcRs&X9ZhhSo6n{ znz3U1a)(0njd6C$2Z5CS3{DsK?qx`LflLH4mbE;zcvO>57|s=kA^r#mXjFgeCucsw zujF7RL9$neX^E*=$*z_w17vP#%!~Qu?zu$h!1Jq6A3UIGBG^Y`S8J4Y4~KQ%`hNd2 zX!)Jx46Mu3tGUhvXfP#QApnJ5mqZttj_0{r%N#VhDe4PK|GJ>b$-1%PuQu6nL*uUC zda57faig1bljXE5ky8OLGQJkyA z?rBJBdPX&Ll?viBGBN#QByijN&*E7-T7rpt#X>oVpxh~VlhD&-TQ-wNgBmr&3a8nG zTc;YIJmQ-uyjDA&YumQYIN^49-tS|y2rgESY1f)gj#PQzRIdqn78sqSQi_W&30l_7 z5wmGTmH%3>I!hn)=k3?H8-Gb0*-JtyKNbR#mw%QNmtVLruIH#`Fde&t(}9SNXT{Js z85Jc7Fh3}Kyk#Ph>t~CBF1%kba{&kuy86;(z4*Se;NtbD|3lVWheg$O|HA`_Ac%+( zDiRLe-DM0Q-CfcR(j9`50@4gEAPqw!Foe=20@5ikbjZNa@gBhYzMtRw-G6X-dCl2p z@715R*IAqIjO#l&f73=QRia!cQx&!Nhf zLDW-C?w_PAey|aCu{a(SIrh_w9n*hmQa!M}H!bA%L)+D4Y+~~x((p^YYU!cPp4|cw z6-5!GO}6f|J6a}hOTdfsJHh_*#!>~IhOM3E^6Ko~zKzrG4NT^?LTPa&^;Qz?Vv4o> z7%1(PjI#CdCIeSk%G=YHOn756TMe9xW^VyFsJ>H)s zv6`gf-NCk3t<=l-p`g!rbQbE?vFX% zOk;=hjOo>mkJ}LZuy)%ZK0RLji_J_^S_X5{_hqlIr%cg?(biaH?O`i9r(y`{ zEH>n$DQB{rs`qsmsE3Q!joz}>%r3Px?f7Dj;>)K6gR`u&7{UIjn>O|&FCoqtM5acS z;Ad`ZY+fFBlJ9|H=<_G+KyR*sp{o(yY;;v&M-#vp3QC<|y?F%sxWt(yd#$7byJc;# z&wZ>fwA&tv4+^JWW#t16b|`T`Zia8zRdy^MyRgnZ27n(+!^i`q{wp?^4FO9Q&;{aeiJJW zTFy6fZ1K9)cWxA-ayVslJ8!Nx8wkcwtelxG4GdYm-Lrvc3<~WB6<1*T z7ba`GVS^bAJA=wX*mdp7u1@r>MpqQa)na45F`_BzvD%Nl0LTh`Y^y}aOA7pcu6L%F zDJ(z+lX40uAG_J#F+(m;2%rkaHe-Xu0z^8lnAX?-J?ZIT8-x9P1aw0f9($w8{B;mv z@XY@uOIbIFn~sk6VKiHB%D8TvzJ6tB?8B7v)WXLg>Tm!qX#e*rrkhtKrC{PE-jql_ zFI0*P?O)c{kLn5Sza=+}rU@BbP(stRmGua{+0hx{l{;f3VCKd2-@b~Bk1OE%v(~BO z%;6yJe$c!j8_aLm8N*+kkU9#jh4`vk>3Vc2TvOt~i;4*lwp}g>WU05$qjzk&x9Bw} z)vg~L0^%-RMj02T3zcgjS3x$eDgTG~0VcKR>|X)WdTZOU!QR?7!qvOcTfSJC3HN>O zzv$B)VAg_Yji8NVV8HeM3JZY;*3EJW8;JZ@l^XT12?p_Uo-DU5TLYv=f9v6#3pdGy zS5Uqdy!%{<&|c$4Qh>ryhhtpXpu|E-zgEd71bQ#Zr$8aB@;0*-%^` zwW}oqrCBra7%e4#L>m4+eNoi1fqr*(wYja6lt543VH_=lk@QzcS0X~*h8X5zR5{UG zBoz<>4|;=CsJ8?8=c517yv3&R>hI&TP7Da5TWH?#{uiX^x86nZg6lu_+hI_8Jp%Gs zY)nQ#T?pFS0zoeiDIk3uFop5l^k1E%U^=Sze})~v94epKX^r>eSKtD~prx5pV$QC`elnXaA{sQ8+>1mhE z(~tokNMEa(GO3J6+=4??Kh4--QFJts^(QFR&!fVhU;ZT9kFI-;`KEn<|TZTj82Fz+7 z`xjpc$~Bo|04t*2Px}T?OLKtA?!utEAFj$|uEzz_r3>0C(5)AWgx!YmLtK?A!xh|V zY}G2|*zL6P;qh4TNrfaTBy?Zy4O80>eoD)^tOhl}sKtI7@EZS@BQTCx$v*S*uY ze=EEl+#55(*c*dsw!{ArfPSfrchvDKxGDfs6AkOxLJ*Y#{KjtC8VnFWK%NKzDiu7IoeSbyn#@_5xavieQZc2L^@fjv(6|;%DJ8`}9nKTndO>(=(5PG! z5>6Qgrci)56D5Pel1|GeS5`fXw0#p1Us|20ah>GEz4aE*z}~d+%>&T=;;_V`Xa86* z2H{1S`?qj!DOI$9p9G;{n+dTg5j?(s3yuBO3--%4a((a#Q=ti(aB1<4Y0OS)O@Mi@ z!I;s1I=6yfzvnz#ze)A0dOPL?w7%(*f%u7Q zKtQaCz1MZu^mPwYU>u0*kSw*DufoasTA=*fbiAi9xV}CgD7=3iVRd67Lb|+g^5FD8 zt-8}?818@TMgVBINj%6s^{S{c12M=0LRRO&d9~0fR{$JLm#GKMv?m4RC+W# z{f7?8-x*+!H=h8pz(;q?R(5`q#IPUil76H?(U)}WD>PX}l|3MCAnyjIP+M~72ib%{ zkzrRPRh7e{^mGP=UDtoz2=+!#+?XN{i^woE8sY54j~f{l0oDlsD(T+wb{iQAu@UIS zXLf;9^QNw;d%unWrWlvTpgw^PGV8Jaqg8*&Ng+-gh4Z}pifY#bpp3K!9tKeLTA1w3 zDnj3)PD|To7T>7(`1ny?uM@{G)ce3l)})MDDxf7lF$Cw~77j=x_{#gxI%Skn6Vo7o zY$0hOP?>hZCx-y?_>*Qe|211WxX=PM1{%VR4t z>)H6@D)3j2mw4)69Cu!BcbU~nE@qn5I{+qVYp@TC^wd2x|9-a}Ca89O>m^_lLZ%zx z;_Ha&9xzDHxMyQbRZfEk!+&WIH2$BuNEK{+#$@3E^kxu|(#R;%> zE-nR$Bff^HUOqsg`&$7QX=iXIB5}|O@j#o?|3)F5I87bYt2Vfqm+wnAo{q^vG?dXd zLCoZUGhRw5H8-jRaP!`Vm)o^uufys6Z!Ow#Gzjj_HjaNbu~nLYohh;?E!cguXl1*vxq!QjaF<~FOUw z+xN(Md;o7D;%PvIz+UJ3FvPyB-3GP){Pu6KuyYeOeJ7X)Wx9`NOF){sWzEC+%e9En z+*JWC^8j!;%NpeT;VO*08qo&V-+R!6bb_({xjNUb7#cQ*lC@E%#s#VIz*_b7ftLt^ zw8lV>fMD`pPseu?l|bS#K>`8-SGCvqN6@uR)IPFs6M?cXbOl^7;s1EXe}B&cN`-3O z{2sA|V3B5nsa1gfSlqswe_KUg%v9cn7f5CQCpSFTp;myq2|?<(EJT#i-pENQ{oNEH zE-0!H_r3@avckAqL6nwHK!9!gC)6Unj$K|jOWm6P0oX1u@@i977(9h$=VQu8jR3DdWrz6V1147m_m%Q z@vC_FdK~{<-)hCJmb68r>oWj63;+}#?Zs_j)B#}w!RqCZGnt2%2g`p#VSg1A=HDW) z!2!iz*@`S6QvFQd2nUSYt>-^)jR58?@9N{4LiA5$y#IHBugXD+Y1h=C2dF`i@ovh5 z0CX1@@C+<+e4y86lCb{uEysVvDCIhKzXR4L0woV`U9&gC$^x{s0cazjXqTLR`xS*~ zicekt?~A@MV*Jzv*4l-IKq2*ko2V_&y*$p(Q%&_y)7SOYa|Ns9Cq(Terk=>OB2ReEI!hL{btiS|0 zD{%oZreHd>KN+oM`K|kZ-h%c<9A00UFx4v{qIz}(VKmra*c_M2OZMDkT~oc*_}8H0 zO7)k<{%&7@@EU;~gGauWUI*%T9w39nVw;tC$o#X`Ku0kN7 z+5oZ?j`Z{ZlxSiT@qrekC{Q)QR#5+Jtsa!0MM;R-LjT8Jk{%5Ku}M5-#mw#J`|N;q zpfKT`mwpLwD8xeU5{N$estF7bGolV+IAu z&o-Wb^jH_XF#man`3>}IvpYc6L-p@R<0F$Eri3RWmr+PZKn9du^ai;>j9&j@6>FWpX1no)|=JwX#Yxxh>&iyqclwryAn$E5B?8;!I zfEh+9wXOl1Js>lH^`TPZ0-l~>^Z?-d%|LQqGql2;8tu86XVA6mn2iB(C6AW}-Zlbd zP#@ipIQHp3dmwc4`}{C$N;;uyM^3~A>_7StISB+FpE-a>3eD&N)cv2jd0nfUi4qNg zKi3rES_8DU+m^F(uMPJ`z#DA9ie#wDCF0@vTd2VGaQ_j5$Jb(@r8HF0h|(Do2nXhHIdb~w*#xB!K|9!R$v;t>FRqXWo+WT=zzfMrLM_{$}Lt~6VE z#My}rwovBve^`pm``CYZ>B{;t6go7@ctnr&GCc}_KE9%x-Y7Rn{fd*$MVx~E-0dog^$rs-KKAtT_yRluoGHcR zu7%}dlwn>8{r|IzXd7NoKuYWD(5^fHsC`FmA=Chi9$@t+F-J_<<<%$;h_|8t|4-r= z@d_QZM^|A;(-%!zUL6`-P&812BsJo!HcTXk@dp3y|Ab7Ye`Re`9h4=Bx@M#lPnaPP zU92eB0GWxo!MoV(%t3~ru&n>FYJZi0-jx(I*bWK|@s{Q|K)xgy@7)MSl6uVGToOqB zCDrxx@0Fgqg0gz9ei#Pr?HL>EwN_yU-AV)eT6FGOMJWb=ivN?z+0Gl8OaZLY0ecH2 zIKybUqJ5~BsU_>lQ}=l{)qZv_54C^6C&9JQTiU!s15x8++`Z!X!;}vjKzNtz<-v0; zBc;9dx1T4{{NGnJ%-nm9d~_}L{2pP(0Nze{R&HU|v82I0qX-059e@_yjGGi#M86#u zNbAaOh>G(79&ZdVd^Mo^z`hf&SB3WwF2U(jMX)x#!pzKkq{h#{D?KWIo-aoui_GtV0 zsTP=C$2U{lL{@`x7r&u3l>#W#E-LHRt@b!pojQri(KI_-HLB6|Eu7F0JI5O!c@=eg zOI{^a^p176_4Th=PzXpL8UP_{t^b9P#ywsvocDe_7PFg%+ZJs1-fNiADv%0Rj=g8A z&uy;zradxB1m!&NBwD{PI;0CLKL+#9*9u2CkabZiSBfxNMN}i?Y!31P*^V?@+C~r+ zSNzZ9i*3t(y)OHQiKqA;J`%q}YRmdw;Yy15UY4y1ab9G94+-&(Dh&bYvL@b80tiN6 zML7BoCtTy8&CUu~sWic%8~CPaNB^NVeNXRF4DS-ux@Dm+^Z}vyU3j&eTLd z-wJAPdylDa%b~u!>~MLwS5B(;m>}A|LK-A2e>LNdBFZRf{O=HHXTyS>#~AMQzTZ=Elc&D!>0qJuc2N}(dIeQgLS%oHCHq2}bT#hrh6 zy$OOsR<#)(fOxJ!S>#npu>J}RcPk4D7k0#r?c^svBV`0lnC-c;{9W;q&nDtrayxDB zLbmBl5mL0${FsZLZ2|MXW~o*Nev@amP9I{$wA7&NV5j!z0T9(|nu4AjUXeoya3J0@ zjc`C=fbjg%qW-gmAgKLYZS>z@@rtUho}CxCi4;;_cgla1YotH=<=)jIn22xxW3n0g z3J73Jp;r)0L&Z3hJ;9%<10O98*JlV8sYIQDh`;ry#brvvhIMC(g4Ttf@|9lKdE11sITH7}L7?O7qGG%_-?VOtA%0fxwafW%hbq zBb+z5^*^h72qc$w9k$Z>O$QLcSr0c7cjbZXHy_u3fHN$@%7Q*Uv>y!mR_5+p@~9^( zB^db9Q(s@`%6453qaGdaA24!M$G`_ckKURM=xQ2}EU~ky=-)(`0`{gU`>Ur1Q8)VY zpP2CsunZ+0y-^pC>s6ZJX5_-#shv7=eh>7^)SbQ2?CkW^K*@^$%iyDFx!1A)d|d*t zhYisWYXjt;~F`k&5%JJ-Jq=fnM7DdQB%IyX*GAvX z7KDVX(wbLm1KE_@k09XrSfKUFO<#Z|p}tWasju6i{fV9)$1+3B`SK*7sJ8gNzp{A? z6jO`)b;8u{$>FccIf@?mS-$dd>0xl~$9;JzV09wa{vuePRPRy!rE-5GoShjkc=lDP zPeJ6+%K)ms`vY9}*vftdU(nq~@PfGPRBgxI0#lSUFh^4h`F$W?F?7`o!a*)g?`ey| z%a@Ptcoq3$2VjRSfFPKJk~2EiX=(;VqlML0)fPHJRj+KBMn^+OwQ5J|=_14EISIAU z8NKK}ZXQMzaZ_UxJl6J`i}Gt*nqCn-T#9@jyHW?bWKsT-x^CQIw%i2IdD9)oFV&`Oh3F2A)MAY|NM7FpfkSAo>L^U zwK=I83F9u99Ij^#Y%<`R!_Rg{1FZ)_f}Ihn`ue3X*xWB4G*CWPpRKb%u|_G9lZ%&W zA|Ki0lEe8j{`yibV8--T9}j~_e$@DP%U&KC_*o5=@2vj=Hqi6NXa|>&e0UZ7dQD#rUANvP7k?UP?N#(~|-xFSkzW&j^3hu=L?c0zt-thl8f?5(?r zV9E{B0hFSDoG3@+=-}}6VOxml1&&BH$5+V*vSJIl$9TMU`oeNy~b~E6_ ziii>Q*@$Wi7SVJ{CBNBe^HGH&$$DgRmI4TLsprU=64E372x!uBNieX}t0QLYA@!s5 zQ;&Y5#-H1UG6+b{k`eDsTR=dnU&d<)#r%56v{DLBDA+}B-uj9N59|}i^mu~d&2*=) zUlIK_$X&}(j|?26nhA940p=`%qnr)&vmEaf!tF_FRHY#{KHjze@BpmpQ6237Hd*co zIa}9%(7ttSF`oV;(T>AXay)euZ-@ifGCL+93^5g9S9^MX?#^q>wJ~CDV^-<>nt`sI z@DSnCu-df*Xo#?|ilYag$YI#wUH-P=G^EB4Zx+>O?ZKfzBjfXUrrXssYcJ zYYN(cvv5>B<~VhssUhQ@N5J<@H{lceC(#Q8<@P?z-OV(C_ zADkZirYD5t1U^prhjAf_2uzUw*h85p8OV^Ml#1IefIaNPJWd84lx%?oNTZJBT0BWc zIxuVDO%EiXUk&6d8=xWZbj^BQuyTkJ0@MEz9jg2S#i7R)Xej}H6@R$(U9BtRwT1!g zN`9_JCJWiUaNA;gp)3{P74yw^)Mh6=e#|}OXf6;!lUtf@w@z%eUt2BfjCiuNzVPeU z44Qj*8S3kMV4?HPFLU1%!ckmN_cVg#a_-9zqK2Np8NNDV671f+T0JoQ`EG}|$H)vP z*OP!?LcG9t(gFEMbhx6r>-LP715?5e7FOb*i>AFw@yZF*ekYK_o@g&Q6)0B-(F}@S zTX{dFjlXWWquW2g%xX6SlO3p*X6mlyQsw14g!1>b{Cv)}`5o4vseokRl7^OL;&)hg z#KkAf+!ZR0P3~nQCgI^T;^V?k71ZWp7Ga?IePlXA_aO*uiD!tv(=J+f|MMYzR7uVd zG3{B6yeNjJWsrDko$k~4H%DKARF6*5Bd_Z1>AXC%@&1P^;)gMELpVK0^)bu2ECGTI zHHZ1Uq+xl-vmwO#e%`pv)C;TODlZ)c1 zoe10-&*{m+%E-48pue*85Kj1el9y3QCM3`}HMr+csa|NGfZqUTo@Q`dHEn-E@y8I( zd%C@^e-!inZ3qk_g{ppjRXnusA~!?eKbH6+T);(NozCPKXE{3N^=C!GJ50rWMaQvN z&waWX?n57~RZiFthqoJ*C(#)U%Y z4G2eoE^SF_w`<|a#Rkvlz@@U?1H`7C)G?J2<t2UX5xp@pB1f+s`wee z$y+8R@rUp_>uu;@F>5y*&Ov8b$wFL@;^l*gUIC2IVDE^3!^{q?IU}0>CjkA4TBY%)A zwMe4=c1fDHI4Fn1@U|&u>qpPmla*ygyG(RjsZv3&n{|IgKWxr~lgA`zbi~r{Q-_W5 zS+e02$qeZ~QV-4!s{5UktFTY)rCc5&3HO`4! zc%@6t!K_J{F_tJXAN3%yP>r`y*ges%6LLYt>j~0 zRe@O|l@00RlSvYlZLF#^H>Yb%`whi8);_q>^43(FWdD$AaN99NCI{Zr^6(B_8i{pX zAHbCehUt*tpiDSzV>-O;co~ZFuY^#$a1OQ<_A+`&UKzvrAt>|3s%OJ$63)W+%9MI4 zkUaq(1ru-l>u~!kXP|GOyU1!&Iw8ZNd|W_o?184AUsm=NwI}vVTQiA>keJWX4Kzy} z6m1DH;rk48Fs}{Et2@r4qG#mTaxGr}S(`KNzHus``|w?VLt}(c1CeB#`Ie}8I#Zvt zY_N;v|ruCE{qkOLlb)E`O)x~A% z^=q~3OeU84_5Chb#nLMNf@Jz*bpm~HkSpKzrUay&U{^r0bbVSSBRQ9P;hku-wx(1Y zMxo$+#hnboej5{UIwdy05%$2YU)r$=iLur`VtL7BAxVPNEKD3D!nL|0o4%2rc0~%> z$=XB6>{uIW>1y^yKV=JLy_gOY9Tw(OvrX${?tZe0`kcpBiQMN?>q1LK)N)+1mj_JL za(nc4t2r}D3fhxfn!{iR9~!w{cH0;U$cM!2U*Dy(9*CDmsRr-OVn%Gsarzz2T8Kljd6CLWw zspUh1cjcOZG0S`9j6NwB=6a;As}Pc|DKHz=IfzDqVF5+jdPyYr@F zcuipPQN6(ZXf4Ig>BX@x;@^wgQ!1@+xtJex$Q`Q}JTQ}kK!QqHk|sZXw#Ef>GR1Vr zA17GhR?0J~;u#a{hH_ULlBN|9n`!E4R!bE**^R`Q{lTdlkxgcaR;Kz0(*yoP0%FFT zpd3Ekq$R~=v6@3*8CzxL*2PC}ITB=C`phqCSWMS?VWaFbsDJaVgH6( z@!NgdZnLhTI_OT#8Ce5jr-wapz2X_mgD`a)jegr|L-dH8>S9*Q1XF~SR1t5nsp~uK zp<5%Stvqr?DjB_7w?@jw=q!`Hv{6z_u%EP+#F$w)9HN@&aBh)wI~BL9C}zGSS9Peg z^{{p;+#^n3SDUuHf_-yl=JznZ4`9^m_(qwm*7l}~rN~5&Gke3)Y5PQ!mK%;wKa9#<~{eqFLjcqXKbp}Zl-|%x;s+8F}Ukduj}gN zR)p9)hfiu-2E}8yKbs4t5KGa0mf%sZRjRu**S;|UON~{=O)RbV+>;M_`T6ep@*khq z{?#AQ2p9-^GHPe3~SRD93CV5?lYq0FkFG-S=cqW+)|x9E0fm*UooYO8xHg~j47Thd$KxwTcS z9(LsOSYG{GL)CUDZt?@iubAB9$68u|ByiZ<4{=xInv`?57H(aVrd1{4437{0s_YO} zQIHyD{J48N?Ii9=!;?LTar((4d*vZ+bj^{V-_}pBWgh;nN!RN<`_taH8M4bG)0R2E zkJ|i|d)<2s7_?76^$?<(N@0ontHZD@M&V+cGh@*PG9g~kqzT85vk0CuwCV_cRMSa$yKZ_>j6*=uYFC;-b zi&@035_QL>*1l0kK$Sd%aF6mZHa;;30(gTi_qG8>n&9{6)vo71r*cV5N-C( zs=u?+G-a|!3F8N+Kekgl`NKhgNLfEPa(Gc-g?4d{Hwbaa(n9nqbyqGD{STbCaUTs3Dr3W;f#oV=^MY;z@s zO1^FzYxeHaw;=q8PTp^kqu(Y6wM))ls!(Ex;KFj-KG`7)!N2tFLrA197byHWR+Yp` zNp5}bDLiLTlsX*AJhhbiIXyxbBd`VKWQ`|NQTgb^Wdyi=LW0Zk4$D>$8;mpJv|r1b zCu#vQSJP^C_hNvKrE?lPgXJ3V%tt&tFyH)Do-VWOYVnn{=x?fc~ z=h7%tCD)Jk&i4S-Afe`1=Qvk>B%mUgUKdlp(uH9=N<@^H?K3C)(Osp}Q&fkYH*fik zTyv0kC=JprAl0>mf6=dRNc{Y~Cfjll}x6uc7m2iHx}F1=trM_{91@8KuVN8 z<=BJ#-n(=-HanR8wz%Af$x!x5sMBr2O3} zQdiAKdE)aI?WA%IYtK)4#Acf#+AOj|BhVk6MP}IndB*DnzCf4A`4$+9<+A#+l5I)x zqN8dn5_q*ots34irzJ0IWH+x8u~xg<_et%74{90QY^Z^P-1Hwr4q8@*F{SG%1*SuB zWZFZ=?jvP5>5(3ZHCBc&nIZ1)g>u?jD5+jm+@hc3&o)x4tXdfb`LWmIs@9_xZp$Yx z|F+ygB>1v4HO1tbYPv`*7MKQx$ev9hp4JsU$sOy9DOguqpRV58ZT-zsiK|)}ZP`|9 zKUFbWCOHapm{Xsy*KxJed%F{@%^RbwiKkYe-bBxw9nYfHzWX-wF3N`Rs|8WVuA(0< zr}jjB#}{=0ltbNZ@^#5?Ds-gPW#|}z328-eOjJshx~MJZ;?O#irRVGqqPlie{LTGg z{$m-krHUyH<9XRLTg@4GW=9?yY4(0~P!Biay}6IfN-6#J5_{pFOGh@HJ_r? z%N5~X=Pl~K&1}#uExVgDZvLw7?P#J-rrbK!Ma(#f7~XaiM+Faf|;S3ok}L>z&A}e zLlzP%QB%#$N14^C6QtJUymg=g_N40y&2C*@t;9IrbR%o>TU%aCIG{B}D1)B}WbzOk zyIF2;S|rD5yCaqtQ{kLo&If;hb%Z3Q0`0=02epLoJA4kc{7o_XCeL|)-qC6b@W`Q7 zrY98tj>EJ!R*p>aFugPY&mox1@9m5=_=)+kHGEIOay=uMGkWv3H+k;(EQCrjgFoug zwx#kO&V!ed_i$NopDwG(=vIei-=k2l5PjoJ!c|SO#6Z%@Dt$(G;8da~~ zgK{b@d3{b1r$WieF=Spj!Au;E@+NN{b3Jr&bzCKyCmC<;9C~@)kLiDVsN&Vs*ML4C zud2gJ^u!@t8!9BXX}`0XL%h5+#!*UHDND;iD7{yL_ug()l%mnx(6oSjG+U)FR<-=4 znc@j^@!0pn5u=ZCa>d?LB7MG$#NjR`J!fVC6$kx+W(tbDsj~2%pC%?pJU4CeI7DOBZVELLL!5CQcc-_Si+QiY zuRTYEf#H+X7v>L~bKjC?R^nr6S-;>EB;~0r*%)$NxX4c8w(5f|i3eh6HHhJq#rLFQ z-vW>r$}L}~nxi*l)nl7Y*FWADms$cX(@;oGFw~~)|Jk3e$xIwf1whi`{##_aHk~M= z?bgDcYPY;14hGJ;7`6nH$GaK4m8&%tsoB|{dWu{&tJ0{PiE(YhNobA<;V0Q{b$U*@ zh{{x(Ahwizx$%$>i@&~Wd)3sd>Fd)!aH8f6y+_wN^mTm9c6I+5Ptcl)W-_6hlLnbe z@7u#Yc=CRZuDs_1%h09^6;hS+-xu$Ee5~;*$thMxUNi>iM@d!I@bc|BG{^3%K2v(D zFJSq@Ry!B^M7W#Ck%se*%nDKLZBXWylXK}(dP1pfYM$qOXrL$WOKZa;3n*EI8-V2B zA7Y2SawC<{sw3LHIjqoQK#tWyO#5vy&1l#8dX87@%mCkpYYu#S%S0&kvUZM)=jX`8 z;C^ErU6@Q;bICTBxwIrMSKtQ&{q;@LsiE1UuC*L%0)>9reODL-w{gH&H!eeptGEKi zTzYovg{6~;Iop(7TFMs@hBXnhW?1bEelNzkAkXRcn2wgfmv16Z@h{T=C*6r>OBLM{ z*tx~VTsVHDHy1T~n9xHg(^R)GGTQUyi>12!+QE5wtfbet_AXT4cKY$iWH)oyoMFE` zfuUc=`H5|YcxAowZiQaMnyXSdf6L*-K($6`gPnPQ25+ez6IN_SEkux;&uVOW!XQ>u z%VTYzncTOwcqLe+QDrEsN!QKz*YmN%pauhY`fQ0z6W`%_6?EQzo#p28K=A5Ia zpI3McZ+k@zg*W5hd85{t7h}y-d5?UQ*z5!nmts)kj8ZFyh&se!sZhf9&tU`rL4YtO zy)pUVl;UuEX28LL)6_2aba=Vzqs`#>XWOK$`a{Y??KTx_+}0+v$j?(d4+bx1tp^C5 zYj?uCS?CX)D}OCIe76^Y3XTr{(zI`lq!&s5acVpjk>T|H`}F(@n-^d!zEmVPd~C$~ z+Mzc-omli-&9~6cxC5wM+tu+nadj{uKRr2}43qexg~u*2@zCG!jl2ID;)3;wl{W7GK0&^YTB^7^B#{hDpf`*&umkIODt z&(Tw@O15Ugd!ZtAR9r=sv5isX*oXKv=Q_JVp*c)(A7GB< zqS24yuJRANgSM?qbQmnG1eZR~Ok4SULPG5Gg}z4ZrBmT|;5*S}J^1Xt^6sm>*cQiG z+9+gyxJN&W)6!8}DKkSPxOLgVrBAMiuvrp5?Aa3#`*;E@WGzZSCX%+gZ8Td0^zd!- zrhRS@m7UjVSQ(=A_IpT;n0=^jV=*09;nC_^PWh|J{D=&78pimK8G9O`iqn(b&YSm9 zuyPMfQwSl_#~s1q1;Fq+S7&${kAWuRGqBHWC75b26GC58y`ZD>$Ydq{{OELxjl@;R zWsP81?epuWOFPdYSPIm)4&Qnwsj~aNKLr#|$zg)dEmHU5)luoILj(?DeqLRy6nkiK z?bjy{Mbzzq=hnXmC!#BcI5W=qb~?7d>_p*i4)VPn-~V9EmJ?Q_N563r8L!guadkA? ze!gr%#%;QX3Y_)pr&JmpxooWPJu=c?b)5@b0|`X!PqojRIRfiZkGS2xpV=!=7ficr z$9M`jZ@(v)@jkg7sRcim|Hfn+%75NB*-kaLHZ_rF-^>v{Hg{CZ<6w4lB0hYI+Me1< za{zjtI-ehR45f{ndos^Dc?^FCrak_s>8S;Qc(^6qz2&kYV%O87f?qUnEmMF0JU8Zg z@TcZtTnuQ)k2iPQZD;aqp?bfZ;wc6D?sH3M)iNg5fgNhmzBZwx$@93w7zkMk8Y4#b z?)d8IKsDrpraRhGLmns>#@PVXWK~YJCem;Sw`<7MfWd(>UPxH)=%AsC-Q`ZBJA7)Q zt!-s=`iq-qb^Xb}V)vc`xk#F(D%ftzWPQ`32kt!I_KH;_&)z>%n2W*9e=gcSv=ar=Qk<;V<$i$rjw@g==B1QUCo+YG*mp$;h|!!($BoM8 zVu}-q*+x=>KfIKJ#J_saw6V`j>~r!NpTKtF;Y{BtaK(VAsd+0MnCza=&jH`*pS%X= z&e+hMRyH59KWr!0ZT9pnu{OuctlrWhf4br9 zQhzpKD?+&M4_ljbP6yr0{DPc48gs>N|0iPpwMo?38j)fE(@PDAFc*|;A)5qp@!t-<=NWG8$=DWl_AP2yN5e#n@CxjujZ71K6lv)q%FATUv5Tq3$hhfe!e4$x}G@?4GPI>-K;A=KYG5KHoUDk2euF_P&St23i zu@&4wEd#N4CJlLzn2@{I{54aNu~~EV@;GWNguZL;U9VxvlMOw1`o*`lN%KbZjubTn z3lT1jksdgdT8u^522~&%9F3v#Q0e3wULH+j^Yl@Cvwuie@6-!UEA8>w_n87EY9wQ} zA~pwy7}FTSzzT&^*W{1rH0%%&WH!&r9I6l->oFxI=ao9nhz#v!Sc}(gF2(Kf`vfkV zL&>>Ob8tGx79)H8p;^2!i;u^zLWRGshhht)!*AfZmlCxS>Jqx!H$=n zB~CeQhJbGtSf*(eYVTs9w0 zu8<_`2q5S8C}3JiYXhnC;*bwCmp`l-8RPFqf0mv}3^@v_2lSiAx$kug6G5n&J&um1 z?zd@`gfAS4&f@LOjq5-fP(h&+i8C?5Q~*FbZu|CQG2h2YpOhaxPOElMqZp}QtMMuK zifm&`o%mp%F9YE@l zi0+Nw`5{UU;J5yX&92ekHR?elL3LH!a<3VR-7h5mIA4-&PW22@FX)fPel&NQ&lO`a zT!3EQ+uRcV8igAR_h9<*FuEaJU@s;OZ!U6GUiRPzhJ&o0aC2EIfae^?Avv(lZZ_sI zT9y{~Y%?4A={^0oVwdUXXMtGw(1V%BI47PcY7KBtRDHDBy3llUMSk}l_C8NpH6bUr{agkoS~fAU@kl# zFM#=a1_o1t_VJBwI=IY({y}fgY+~G+$$-#PHG`QT z%xSN;gat38OS7fuey@om=AQEY`E*axdFSF6PD}!5%K89wXs}kLvPUD9oQPP2ZC|2u zg+Pha+-XG3dA}?yte3%0KW)Z~`y%ZQR??l|$7I6AOOA-G)#4uWi@KC<*}}e$nkB_l zrYrHLhy>0kg;WJY>68=C)Nekid6BkmJHD(0TY`k<#+LkMWja{+8$Eup64i3jEN~yT z-r$(E-uD&fGCW!h&Icoa{-8|ftYW#00MS& z;-$-aE`|jbba)KWqEV}$#RARkQk z!^_WSN4??cb_qb3{UG{F9ole+ZYeW!X?|)rY1OVo1j1$Y)TN732izmv#Jm)+Rkr5y z)Fm_oS-D5^!OaZwT#W}_{TibBWeDnKJe;@@IrExngs0Ngxr#53B(j+Z2bVeqtJm{3 zOA)fFKoX6hS@E^mvf7Ua-a5YVb3yRCzR$ZRfhwaQTYZmJA%?jcpO*J)xIqoLujAO_ za<@_kJMb}acec8e%0LGEYi*am+ftnL`}X>3S#IN0WQd@rCKF*#8rA}B1TsW{b-d3&zux(L7wcgoU=0qpS0EDR5x)96+&rTxjr*HJb)t??$F*9G&6LN-?o$P&Zata< zb8a&!HGh6d4#NQvO!V_}c~e%oe%9C6AXMYPn{j#kp*jN#3SHgezwajY%zh+KBqYBs ztpzw+8HmQx6CA%Iz94R(SHbS39yop9wHE%e2Kn%Exh9|!`u!E%!!yB&ZbT2jWvs)3 zAyER4+RAc!v#QgsKprOaIkM#@yS=StS9CX$y^>R-tOduH%{4UOhgAB2=&zpE_1hd5 z_O9{&9u=JBk6BTezNO`>?su&wzXq=Yhjm@-RkLbzwLm6X?IsHnbUAy~c#T?dYkWYG zk!4UPUhjz?a?u#XUV9<8a?$mM=Rb{b=@xFn>X+5*HCf4%~=VA1L)r zIz+n_8W1V8jE!u;-|X4!6b6Il67pMADH*y367yBHa5?vin%UT*U_~-nXWm(im2}~d zmkbl4VsQ5ZpJmuKSH^qjA=N-o$%)-ANq~sht-XFs-QaX4zemO@)#8)pZA**@krayw!J=KV{%))Iy0#-YLClVHTVrof9&-Gt~(+k+*oz;Tt&d`=*d5!8n( z`wPX1?4!X1%hCRJxB`AB2UnEoNPWIlPUp2krq(>Ng8Wa_4jgmUzKZx6#CU!{zazo)*1P=OYPZ7xEiETu~^bTUoJP>PFYQ(uR9; z6sYEGibengxN3l(5Kgam&Vgr1w=c2|v#N9@AVfwU5;gfqsZ(!MT_(z1u(MUd8_4EP z6cuElOOdcm5mC4qdlvPM2*6EO>6qB`j#us^_L7VBolhxvvCH(Qj7ou(&K&5s9fE#N z3_Aaaiv;o}sx^RL-fd5|ekf73HGQGAYyD1M?V%I!Xwls;Sp!JA=ZIjo+GrJIe z$+^L0`)B7NezBOa-IS(R1qxX+84p7<9q@And%6oq4^8GyqL$jz1yjt#y#0lu%$LU<{-lPEU1&q&D5*83 zQ~oKhyb{mk(xb zi{4#bzGS30b+K}F-La_lPZPt>_qH+bpKCfuvzpqO0s4X+-if~~d1`58Y4-^=Ky6Fz)}D>SCSRZaf9(BdSW{W|IDk4j>L>z(2uL45 zdJ}0+t4%)KYI6v<~{Tbz%Z_>(MLzHb%Bm$G${#rK?e zZkUT-bIaM)o9^PR;?(hPO#au`ULJlJF_>AN*cSd{|vl`Xv>LJ&jL+EDxoRj|3lNpV-5gqo?OM_WurU z{F@9l-(+B;GRCj<;7UAeOENmk!iHxewzQ|3Ye5STxx+T+^aO zrKdls*9?~L zw_AfCSJy*TRnR9B}_Rq@txxfxioPvl69(r+8;~o)LSxj z0f*<`*{Ka?JQ!Z5^KkPsisfX0v$tu>)VYK_H4CviV}EWYe6lsyK{7E3IFqWUx9T$` z)HgnjWVj+p8K4YR3Ye}pe@*ynsJ1jRHu9FZqxFuYx?pA9uJ~UuFQjG~qv%lJDt6m& zdsHhwFP@W(jFUoXMUNUs_eO!vGg+^A|kWJce}=S&G=-O&?q37?!LXU$|>zs#)RQonbHy6`7#ao};yS z{iUoHwwmH1$h^52Ppgz$X?{_Q|KKB{CPTCELO|p`55boH@Usq=!_ulG^zx4y`EeQ@ zu6Ra%eAm>AXL6LQc~w>_*6Wfwwy@}R_ZP5DXHBedowLv&Re~WudEs$Jy15P21_%(b3AWwK5))v){ryakz_Nk2m0$Ym7Z(904X**xeak+7S6=q_uq9H(6sq!9#6snn(|XKf7UK0$JY;n5rvx zwH_%JaQU0;4PSd~F8DR27u9R_8uN^~^08>VQm&lanrUhq*eWV2sv$X4mZ&LiyxU&H z=Q4?@u@T7Yvx8V_>6*rT#!Y1gr6nWogtTw$Or8(6Jgu=5rey;B66>oaP2Zj)qnpRK zd(i6_{w6KQ$HzxUUW|jO9Sa4~x(H8{y^WuREK_1zLDow-&s{X>_JXXOX}ZHGqZP-4 zyNV&Jv2*l;mQ{V+9pd&PiG2>kI*+Sor{3dz3=H7pF=-_=1=Tv48j}9->B06$7=RCR zp<3!MY9hx|KTQj=oq1sO+ZQ9VWhFcv`AL~=E$w(8#A~_l#))*t*`^@#iV6xkI$rE$ zL8?!kQiPYJWZSs{D;U`Fl2TIODaqp(x_Vo}FN0S3lxos!XG zj#m7pcGWi5s>S{^J$aqE>5&fShr@loAJ@_{LsKlEhYOIc2=v7dpq#sqX3MW-1u0V-AZTm=hYNoJoUy=a?J646fOTib<*W>@@fW-G+nZ6T^kI!vrXy7D6N5ITh#kqNSYK25C zOl!&?b93+jd&vBXFEus=tYd8EU}LJGZ~q3;)uC^gL_tYeBwRH82O0g-gVRs%zrnSM zS_{~r=RsNsHzYg~T#92Al+XjKm$lZJrimCC@=q8187^%{% zGH+-VA}lPxM;4aUJ>yAlj5{Z7xzV(-DWVXs*B9yT>B`28(D4vlEX{AS3)OgQX5Z0~ zl#={_DzO0Q{zb_h1au!aZOHqyrrJv3ds>@si@6VJ;ZEAi70L~W^qP%;;Vx4$ zMC@_d#l^-ct!Z{0g%m9!KgkE8R$KK3!brx{Ek|&(+0htqsAO3b0nAt}ikHUB+-~C8 z8u36HJAd1=zve@(T3tIQw@OW;3;N#@hd++i9?MwY+NW_Kx#mFfF;PmtpfPPNmk+Lm zI4Wx!BBdSAmll0R6BLDemdL_T>?0ghQv>f1n_mYhFRI}!H>npw6zysIuGSu zjrwZW8>^`kN|ix`H$4ZtbcR#Oc08kh(qLb_VF0&KF3jX+ug1$%eakXi80#-CYa=zO zv0PeWPd;uz^N;^S9|~JmMWVVczssOZ*x=LCv(f4g!jzQzdRcZlU~;*~wKadQd?bmW z$c^Udbj!EkdN;qT5bd9G+~?j;y}gPQ6pOqPCv6hmkAbRMxu10uO)5EIR_Pca1gevxB<|ENAXGl zSHi^&CGJa?X%(xyNHztBF`=q&D^8Xw3`^_7&CN2GeO-@@Xp0WQ?jnCLbPqlDy&2mb z{ZJqW1K7k3h3aZ*Dhe^g0b~yMW#pPp8IQM6BOM(D1qE`hIy;U=r*Gd{l8=1)?He43 zdzUet4e4^mTjuEVYz)tt9Om|V7Ot9a9-S9WIx5`P^obUEF6AdYhRimi0(P2i!s;YM z;i}^FM+9O?hkRzyA|lJts)MQ?E?E*tqpw_ZYe!>Zzp!uhM3T zJcoQ_34*Xq(fy{Qy%B$W8W_{30}$~P7^(&gY`6u5TJtI-rY%c^CAhw%JDpJ(Pk>ft=G zF7pEijQc!3G&|WD^iM!@#^J#MQ8EUoYZq1`akWi99LdR&45#U4ebwn7DmKdkeB zoOf12;~i{8Tn;DDIdMlop>qS~7+qMW!u4zgiigTVmna^+TJzP~3%kE&4(_&hSuZRAd7&hq^E8v(%!h^BMsv)B4M z#@{Wg00H4QOnF-VO!jzpr1lDujY-aJbC!ZHab~QIn~a)zpXhFQ(i+j-u!zV=*m{6= z_p93Eq}0L*fU;;FXGsf1bu5qXrNl4}!22)t4%3)n_j7e$Y9WO(>E$pA*@ z>gIOo+gyf@u>Z{E*pe!0D;3kb;zDJmC}G6Syos9TX5y>~_iTbwF=fp*f5^%*OVo`b zPQOWk0`Mf#*~6va{7EKsL!Cor#kP|R~OOm#c+<{ImMyw!Sz0R>yt7X#sw1k1K(5YulNA!=8S zy-(9i`3@siC305;ULjC!*tvl16ZAvoFrQD>4i=iOWnp2;>2KfGI4o&lQjB6J*(q$B ztV{CYx3nfd7IYWX8iah*(SgYZU^v=%CO99iNKAQ7>V2x$el(tlVIplV#4k4EeIii>`2+k!FSX-Ybj-BJJF zI8)!qNJUkJnu;207EEGfKuGI3jbm7DgMrefIYK8-hl`OdPaiI-pjkB%^&nRZy3wn; zI#&%BqHU(2ZaMu5mebMDH`dV55i|FYwJVQa=TH1o*tW<{DDosIsJd0<#iP;VHte6u zk1Q-!L>=X!&|1V0@!yUKYh#{J9W^Vm?flXBeu8bi$=?&j-T(d2s#^xaGcoc>4&ogo_64q%NSr=#}9I`o}+p zQVW{Bvoe~z*bluRNeA+EenU6ix_xd}TRib%`GgcX@`D__lu8SjaRY?W$l)Ri)~|Q%xl!LfMp(=Qtm;S zHWf2-wgHcB#$N@umHzbR=Z%`w&sDXSb0Gp@9$85HSEcPh*LhX`fmdTlbVfyO<=z&mB2yHMwEG-p>#4cAf7JCS z;(xIK;cCLfIgmReV@rt60%4;Nzong)3q|$RR~!!jNwGWP;a8m~QhF)u;Mf+x zPZ4PCjZE)VJ3BX52R*6|usD>h9%b5w$0a0`7__-hvsaDZ-6U2@xsge7JA9QyL9WJB zNci+4c|M<^k&)Zx{PbV6WtoG&h>`Fv19H`vC!v@a-T3xf|1DJ+R)?tT1HYKv`AvBV z55``8j>_7~BoPC@ZI>Fy-gvvZL2zTK4p&QyWbnOvkdO94sF?dcAf^LIf6hLO={R}K zEsDFH?^yysDk?F36y#kb4oLl2J<(ysBk@N$2lWLD@R?y6ERk|a;vHmF$8k!G72ijI zKQY}11YSvFIR>^nzKAzY_{=$br2Ff6E+yhpCz^|2NaSB56a06;0<|Y18&CCRAIRd?DAN0xc>Q0e?EizA z>Yo(pzXdqpzgO(f9QXgWJ+|lnmIV0w`n>7~An*LY?Q6>K|1Wm4=HDLO-)O~$R8_jb zfsDuhwc(?`M`!({j+q%`(Cj<^sRG@2>Sr~)uAb;eMo+JIZtHT8jS&rzM~5?I!Dc-D z^$+_>(HC3JSc{dFHb;_+i}7i1`>N+sF!l9q@}px>kkG#g^?>#LVLn3QXJ>l}sB-7N zT5OYjamjUWH$h>+fu5cg-xX9)xE^JHilF7uV`e2aXtj-NQfXPeZfNzk)s@wN$F8<@4ERgmriZk& z;Cio4G}?XPQVdgU7<<4`)6|CPeS&$Q)e4v8O!qMs}7N%$hLgph5&tu}Mtr6?7h!oV+nL(#~z9rlNFy)t$j8>1F)} z!azs&)U_*)0$eQaj+@QH_#fErQq$9)UPX}loNk_DC%I{MRe$C2|6D3-o}>!uUqH2= zxl%0BFQF*;02%0f0GTB zt2`SU3J+Ia?N6WUA6%V5+Lg>zaLKr%d(u+x(oxMir;EwA+kJxf`W@On8%EAWhe-cz69gdCEd9^!u|Ge*NxDdW>u9%%@HHkUXSqzz-(!7MExpdGMn8tY-^<6G6QjO{%ttrJoAX~#P6Zj@;?^UrPD7)LIji9r|nOou(YSx zX;hQvyZn3!GS>VY9L{ZZ--}EoUUZQpv2TBORh!ZAU*FqTyW4=S3P4GyHlm-0*~P_0 z(&gx*on4~zx94)>W#FtNdC?}{Fx1q|any#0VStnq8g z6BFte{8~S4; z^X6d=-~li{y}EHbIzBNmB{}&?3vz7ia09i`6=}rE`aLPBo-eHh5TYDEDUTFh3C#6c!Me*nXqy;ZYNrl9cr4NVXy( zfpRrkYb=RePEt1yF?U2nJIPjTdqg6S~*m zKT}j>7hk>V!qlo|h=g{U5h;HpBUtV3w8I+@6m|(3FYRgf_%s!H?q*x(E2;A`&~uQ$ z6z?epG5lU+?MG{|4U4{^#*Ktmh&WJ4P~>+%PNSU(tCcUBe`UJ5&}sBF`+Er~!d1>Y z^r`3<^8&bAT($Wk(GcTrzuyaU>|8%}g+ez52T|NUWi6+MTXmBt0!H*UNkUV7y&Hb* za<83qpD;uVx-cLRT)z}Mf{zdVS;ULKm>gaOFyhT1rtibU`_4W&Gcc%QQrj~KzUA#5 z-60V(7mTcS?zA$pUGdu>Yp^w=_$AsC6TbsGlkX~>hz|@n)*4Ee^7M^IW-CU20^fAU zvjaf?*#?77fBL#E$J3!*uJg}^E-zaa-~<6zg`)t5(y0bPyOFZBd(?}u$?@b59_(!v z>&d;XCJ@Dt5e`4}80+iI9(N#ZqoYMwPq9T;M^!`7^b)PFueOr~^NxWFuLB2LqAxNC z2O9`&LXGvpEDW)5H)w0CFHw5LsDb;?j_jrPlBZs&DSoMofd3wF*p%H6R=BF8qA=*Sc(Q+WdyFY zrGsW#_kswkROI-B{X%ja5YV2KWn(gpMh_4=36?d6iY$$)?O`n<8RygZ-r1M?|Yb z{#a3>Z5D0$4rzDSQ_JnBDf`+l^LuOl0=_d7(STj%^&8)neMjZ+!*t)p&O?FB~s_$!$qLYRN9Ep4d$O$vwZ&_Ip_v0$qV-aGi4m4&u9XGx^aM z2IlPxEWrT;ud!!CzoFA4^4*R%k(jm$TuL@U522$5KLRyM00NUFm8aEj*BT4E z$GFI-L3S@Zt$z2~mK3wL0WNz92_#T~guDLsi4OBxfBs2n2X_=oTAN(|6_2i6tG^-l zA4lrf%{Y$N{T}!>A`5(Wm6WjmK4`Q>MRnc)ok`THCp)kf@U6InL zx&U9kP78-thaYHVcB>;c5(s}w9Hf8z@3)%JgU0%Ln6l{V&1iBeXJ;Ed6o>z>=Pw`p zGr>W5V`F2~;MDB$;^HEzsM}&I9@0n7;GS5bXY6zAvos#_X;+hhqs3H`r z?%W8IoHlYEacMBB3Q?S9?OS2@ZbC7VLHsnlS zceg{>#DLHFZAdBd)b_lfN4}%8Q$BP3IHz)wwJ$m^;K~W>Jyvr6#*W+&17B&2w;c#fj9=6MIX-5tvED#V^ILgbTRTB_Woz1tef7QOoyl+d*~hS zAgl8Io|Y-wanvDR!r|~z(-zxiryeX~&QGVshufq{xbE)({`|jJUxg|)wZGI`ik|q* zw$8N0yP>{b2td=ad58M~__5I{#pnzKx>2I&|DJhgxz?WmP(DP4ZUgMd+F*V3kqaK@ z-bXqiT{wqM{-tRBefKjTpi5qmVHvn>Zk%St!C%i&I~Ln3%x3$4(WLJ}!n8*EJXYXR zg)_kX(tZj3|8%zJR2kytQ*E#ay#IKo=RfM|yhkaxjc?I~rFUk0eEIi4=umt>O-uQz zi>K8RyYoo7kI{2v=gy!)zW=7V^M=6WMdJ`J6XFogy!1+<4Yf zc-l=0wH*FrB}8j0C#U8xaSv*#5dvyEb9i5)0J3<|_nC<$fTH4ZEX;$f?>i=n?x6pS zxO?}}P&Ww5;*6{$RW89&C9<7ioVA$ONd1o228`~i1Lyaad%ft!JXxlWY>y)fkZ}3& z=Rk&?__7naES>sDMyAK1&h%_1W?+MW+iD9qw!PrR4H9q%$z^k<6;Dj{oOV2HXmklK z!=J#dCUd!rSPj)dOMFJ#6Jy)De*d$}M2fo5C5B0L-=70l;N#vo(wF>eBFue^nbHPh zda-k|G*L?}-IAM|baRu-|8w!bbH9e}k@t2#BVg%=`awXU$yY(=!rTeC#^{KMbZM;) z!&jg2SZEnojr8b#Ok#7K77#Q=ai3oNhxed{VfhwXkH0a||Na<(;fbWn!fj5|#7o(@ z(@zRThr#O7`kt1XKjdR?)$kqO^NNDIV$ z{_^1e0(sonsbWrcSFoR#ri1c39DJAg(JQ-PDxJ_HqDaE)u`W^(RyAz?gIq%KF)e7S zdOuK40i~xGk$Sa*b7%C!9V@yvFKgLAk^}F+hH_LH5Bh&}+RP*dofFJpgpQA8Y9^Fq z6%)QK-X~{N!Dm;CiSW*pzCq=~vk_5|#Bf+DpFTbLSvV65`;~|CtCam5tFXxd(nCV$ zrxZ^V8nGjm$#3%q=B(yi?L8J<4sM^zvV?T7Ds0+ z`(K8C+%V5Lq(4X{bb!mar991D2^^+W7kx2p4|9{-8u0r1WDQ=xT|dB5YZu{~OXiag zQX8NU^V~`Pwf~l%*fy z<@bsj7hTh^cVog=Z1%PN#awm`Wu^Ko)&-3}7+C55@E2HwSpJPk2~ZR{6phpxRzE|01-P4%#N} zG^LE_ifQLJ*SQE1x5UEjSw8j8zD;BqiAr_bl~EJFdzs)aN?#RK4fS+ZBC8Vp4J_&R zdyB{d2dPSoj=J<5J`}m&#yZaU`vy;mBJO?KjwXVGk+xE;kgMFq$XWY(}D`mtkdzLQ*2glezq;yYR&Ku=XCi%gw2dkT6EPNC>eEx@93D`7LOXo1Z zj-X88Nm)49WL8AMn~&W&%40IwpP&6oycvv4I6J2$u1lSr^0u7BiQZ3Wiz&a16m2VX zX;xdaNgui@{^AK^`+`Xx9ZD#k^&8wTt&eN7-JiLcsLajNzYTarT_wjAhZqgk9Ymd_H zN!M(JFPSox@uY5AfZ)CFkQl+^!6)EWF*AZ^IzU6^K;!*A_|W#dnk552`)!& zkCvQw{iG&N3bX90#M?X^`E(U82#NL2C(O2{^gPp^q&6;JK?kX!mNC-iC2hvz_Y4y8 zq&9-OC&n*hzHzb4&En)QHN;M5w-c)Y0*0|4x@vM?{{RZeqUY2lD7V2|xdjQv@3N2L z%dE3*i2CcA(c=!Xl1A#TkS#ZKR|!_luMpMgV*b*e${Qo_!o!0~7_45g7<2X9+ObHX ztF^J{Xv?wKxkQZTta7T!eRnqORXQrP-A4-m{y+=_$-M z2QLZbhr>8zb$v^tH&`%7)Ql~;LUr3&ddYz%WP+#dgu?-vBCTSp*7FO!rl@przfE5P zxGjqscT(DRN}5WMPmNkAxR)laY;e4DVzLrGtM0&G169qSu=T3j)Cw{7({(YuoV;8a zlb2mN;=i3s8G8I#s<>?2x7-MXh&Jwx9ui|2;xRl;e0AmG+>!e(S00STS;i1pi-6GL z?Oh2Qq@IAC{KnjxR?nJfnL&-)O7Szi73*3^Fh880%jLXj@X5V@H7jh zqYsyXbH|ugHilo~x3&v&S?D`hjMBL92RaB2bOyDU-|>tcWM9kl^lFDW%gxi1sv^u- z+;5OgsVoMlf$VoZph;RoF2{X+FIRc3Bx~>Z_&(VN$nBHgRrcRRTr4 z)!+-z?F~$fAS-9z9LD`n*i5VZP56^hTAs6WxR2*xIxsEYJ$JFNa1puo zU1BTy9sF!#HSH}`Z`RkcW+#b8aryTqn8NdJ*V94F2f`nDt~#z9lT> z2JO~DexO@2w609GU6q7bmS++0LuONEfB|_@IcFS)`cM2tMz&>9R7v=wr|oc{PWvQZ z6ePAOjbA!AWk2QypDd=%PN)OeR?@%|=xwB)A#P3~dMYjIZv!gxR}y2aXET5GMN5v) zsAN(4h#{ZKBXu=5o7v^+2oZi@#wg}`838-mB1B}H2vqOk#TvR>D7Ops_dh?eI$5W% zFqz7;RD)e)&AKD9eD@>uF5^Xa`~6MvaRjkB<4oor?oTxqTf5k-ZVKVaYJXm9Ca2q z!Pg^zEJko9?{*mv|0PZ&Rs=(T`gMcMbUJxvX$?GnBoUuxSAHv`6}q%^wUm!*B3K#p zE>2s?%to(ONAUYOp)rY7MZy#n&4m4#wRgo)B9His# z6Ei(?Ht5rzo7>shVeaajFe3fA#w@Y8sT5qcMrBTa{P+Bl1M%DJ6I55F=0`rF~E^~+48h$^Z9b|(3xl3 zlw=>+ARZ50*zkYDUFW;!GP99>dq8daDR(*MymDL1Zh4nEWvR4xgu5<}54!KtlfR|q zF?p2I2}AxFxl4!rUe~+X1b{QtesW@)cby4R^sO#caWlvG0rF&SFxql(TPf; z2OX&Rd&Ik2@AXFR2GYewBKGz=JIUT=!QaPe_u<&m-z@ z_lIu3RdFD|;&>Z3SUSqL`aUb0j$sIWsD1jtX}{|jyxC##vvbP}_MkOfP|0kiJEH6e zdX83~ySEjv8D2Meg;1d`2e?#jYt-cS`ow=Zo(&(M!^#1=+J?9G7_vyujYxjTa}atZwT<-0^m`?h0i`~N+2ZJx}9eRri3f3&ED z?*^*ebD$Mx$NIb(UGYLFbzlBa7)QvQWR2jz_wTL0`LA!$>3aXv|55*IYM~te@%%j{ z&-zbn{JaY6KZ@@=L8kvY5(hv2{~!E69sd6TI8f`X=Dch%gWI+x=rrPMYP~2Y4(_J! zQ|Rey@0w)g|L__v;QG0kUrlU^`-gZ6ZMJvpuhmcAfF0=OeY~ym2a>)uo1cCr;d1a6 zdez0KDHn}T;;KIyrF`c?T{91K*S-t#Q!T(|bpy9Dq>X$;3$0$FeV;iyf1d{NQ zn)9vut3kKbAClA2$9~e%wS&@i`&2?X;X6=2`rTQ?gxVYJlf`!vb}zOv&iZE(IKqhM ztLZS#J4Lhp8iRs#XagM=-d-_U6LO5UbL&t2eAXiCxUqZou2B+dq}zE=A9XC_0b*<5pBHf-8x;a#X}o!bum<`*S*??!fe4O~hB*`~?7aerNV& zovmoCvE1^$jiq>aQ&??v<12M9bJZx*rq>E?8halFzQOmXLyL|sAipc2;@g8~dd6JfXe=!QV_VX^ z33`sgC?AirG~da9IXDGB$8|-iPZ2e_4<-G>EWf~NPMk*ecabcC*Zp*u1AQSTBpf2| z4mY=>#-OZAe6t0AxFcxBw!>C32*^EtqgZ2UyM*@)_;fGpRcq)|bWdwbM(L%7Cr)cg zIOcHGd;j63V<}z!Z6z$|P2m8unY6B3j+#H^LlGt3th;;G+OG;YXOd$e_l`3pAoJKU zJNX+wm3z-MlBQQpMJvqALV}E9X~!Rp?5Z&Om5Bb!@x6KH3hi4670jzidfu5U$i@}R zZZ2D-o+n4hjXbu}KeKmpnzq#1+MCfJV7c_YJ|%8+`SpEZk9hf_?`0Gb>BL6`Rtq80 z?rJ1uE>Aic*@NOc8QEyt$KgLh9XPi{SqV+g<@!U8LSx8_6eohL-N$4Olbkhr;EqT z;ej_c%fIU6H5W@+lOxp97~?(#EOFNL23lBZ{?6_fQ+TnIR~=0*BYWBLcH8Ty1UX$q zsc`$IiZxmZTU$SQ&`Na<>CU=CJ1oleNoiA^j`S zS|1i&cC)h6htzN=hK^hObzJ`SK(NM-jn7%|)!fKe$wf=d?7+zA$QtCpW)CW&i;V8m z(n!AP@0hyTcxhM!WAeiWt8RJfOoL3C9*c84H9OhdF1Z5-obJ>L7cbJLY9v~XMOc_Q zo_arbIsAh`agwrPVzn%doc;lwfKgqUVQF<=?o5Hc!zhiz=mBS-e20(HBJh<4TRZ|G zX2saAIWHBfQXY=bq z;Z^<2#H^g50>FBI8>!OUm7d@ja8DAc>r4pKxS%z_CRW{G`<=I^^)F_#!I#4kcarKF zYQ?}M4vu6oTY9ZPond3fnpz~KFe7YF>}5({|4FVWx>rKyKAkR$e24Fgj0b|6f^1Kj zUEa7@)~MzjlYFjy+S_W0te}7Sv&+~ekp0~3KuEp39ZXMdxpAerA)Ty+G)Z0m^5?W1 zwyon~w&Rk&=DXW|t4@ca*EQjitwpUv_p<5T6zL4tFN^g3dCksSzXpawjdOzVwIYT5WbZw@q=6u@paWbL(SPZAK8=>+hA4;V>axt1^>^ zv^2$cBEyVomaMa@kLqjPM)LwA|9ihhUe z3GEv`_Wn#PW^%-C6_BZkIcuUwhgNbxn>Dz1q!OF;}NAY z)Q=(ctb*ua5rqqrg~32BLWO_fF8AppN4^?27YD>kWz;91(O-9Q3XToO_s^)U$Ieap zcZf(zdW4mg0DMW#PhJ`Gxbv11Bx?8RsD47FN}_fN4Q&(0?3n(Zn#@6F7g_9w0Jhp} zi+B+-SNU^J&4{E2S>l=M-sV>EXNq0&=OR1mCV2ynkOWLUZ|z((3iHFaD~Oof=r~5H z2v$>Ad=TapO>|gMW+R+zuPOyG*7t5O77QT3K+nwt-xecT%YOcCJW&$?&tWP0lsXG+ z1lhdcQ910a4khkh+@3n}+xn4lRR%yhFCzsZX(haiOO3KvT}fi1d4KorsSfeIhq<+B zd`fD*MK6TKUzdNs#73!7vv1d33klIL1wX+%8KCI$(#`Psoigo}5>orVI@N6AP3k#2rl?f^nJGF%x(?Qmg~ zpqps1J?!E<LM*J{!;3wcnT!!5THa)rO>TIVrsTQkZG2J!%ByeczIx zhAQ9F00rqJG6H9UvPbI}%F#bup8P!4U7oy=LnmxPf0XDkK|ZISo^Eie^Fm8&{w4aT zV8wBL&d+?LdBZial$Y^vHH*rAC0U-n@6Byb)UzF#Il5G$I&=b>R9=FlkX<3z%ZTfA zea@EHatzjPzVvNqs+fe(o_A)It3+1grfA|B@pNyk9G zi7}5KH29{LW2F0yto+}hc?<&Hx8&7nw^pC3V>yrv5a!5)1n2g<$f1C_mwUScmOxT5 z^NkiMNI!WN!{xTan%3UE07vCT>s;6re_7z7*3qG#T;Z6=obR*zdlU_buLX;F!T09s zPpeTNW|6l}DRJg=GjEMDJ{!OrGdW&8U>H(WRWW1`Im~5>ol#9DtgA#qr>5wNA$IJR1i8imlKx1WQ)hwJ5 znh(BZzE96CzACj?8Hg1z;t?U!EYP`uU&Gs|r^2$zl1gg1voz`vx6THTSi?tI8ZVU} znc9ZCs)t2HTv*HYKSO8^ovC`8Y>5~v@+y_2Mr_ex8P{Vw4w zT2$^N-g{T<@R;2(<)V-tnlDe$C@JRLJi6)_jyIWWHI}_xe-@-+f6Z#`ENV%!7Fe%z zqt@rNTbz;Ut4`SW#V#|9?OonG{RoaSvbNw#CC#&-;DVwfXnv;zu7!AiC=3fV+P3p? zQBpnGSTTZxGxJ8q{zeaZ`~J7UqnV=Ks6H<-vvSyJ+^|*3qz=j64ro3fLyPXUyflK$ zVNm>4ansxhhUi^wA(D5h6xR&r*?$Y&r&R#+=5f4!BYI#h|rJtP_t zzNK=kP~;U3tG~rJT5?DG0i1ab1$qtFmB8dHIA4lNL=Y<=xZIs!?b%4?(RROQ0Xx@7 zsr51*4;&gjAx`-AMzB4j&H1D!XtZA|-0lk>R5eK{?{a%PPF3Eg(0^A{>Eo@RYTeFU zN#iTzq4Z#Qd06j+em2h#pRkC|Bnix6hO1c3b(~u|ulz_t^Ja+(Qq`sE6^9vk=CDOb z&)VYbKK8=(c3*V{b+%StB}ppr$)7eeFYVHo^F?(S1oT-#XrpLW5D0R`nz!4|_Lky^ z_ayMr+LQ}r^z5xV>>WpUdxB=2^sbL5-0N_~wiDZ)-}tgK!| z%(NenEI~3g5IW3k*#gK> z3C6miO86!>@y!hcwSi$tiYIQ=v z>1NDAz|<$}0K#HCBcF(I^MrrieJau8HYkTlV}g*ld-3`^O*w~iqsA+vSXEY+#+(An z4JXWqD|!B_{NT=Nfr&-q8~JngX^qlj@7RZyLps)YBvO?a&O#Y!zi5|;|p-01C1N=dd)x1If2>Ch(D3s#NIIsW6`35D#dWhxtM&7zi z+zPM{0@u(Yj(LNFL4$S3%J0tr`RU#bNeV58^SMW(de$8a0taJ>Ht~j7u2BsWEApB} zndwAa^VpSZtRVxdW&;A^i?S|ulr}=%7-#Mc<-QV{)RXJ5tO^Z@t`0@d3fuWj47Q6v zz1^NE*V(8~vcqYHuBKLlC$t5g;p;s+Iq_YRWgL9my+2X~m{E#Mqo1-Pee#XJYdrxn zuHu*@DZ^jMO`oN$oP@f2JS*~W69ZXQ-4AHVo#U6rMr+@SCJEPmcoL7bDJZFWIkV#; zi^EA_xbm70kHefdT}-^RDgr+~xJ#DOX-}qU^4I{r3)W3Z37BQ{WJAzw_0{G#$0k-e zD|RUFw=yplI#FyzM>_0~N_m5(>!>Okee_<{6C}t4s9i>lEMJt)fPIwES^Hx@z& zp5X3IfZ!Tjf(F;%I{4t0kl^l4aCaEof_rdxcXzv!@9&;E=lo8+SMSxmQ&anoJxlgp zJ>9*!`_sL`$So~Oin)RcrijCBx7ck{k{doy)lS~(JVG|_I)}A)hGtxH%jWvYurZ>D zWyH~n_awDbxXXVZNq2APm3wM9?bh2}T%)rhQs;C%Fm!pV6~E#deJl1aPs0KBQqjfR z`%4GeK<9&GIzOu~hCVG9dEu%70_p?zBD`rg%l{8dp zA>Gf=5?n6SO1A|zckw;ic8kK0+0eTFg&?9jJ{;aFQ4q-Q7A>;zOD!kH)Won!x&$FH z!4mowN@((GLmR0TIE%?x7^GyM8+xW-{iL!+!l_pK^7SG=H-L#8is>s0B5v^5cnfsBEhr#T_jf}P{p)tsyMzkf?(G*_kPG2^iv~rN_A?Rp~$zszCE5n z9Zelg0gW{|g#||7JzVU&Qu%$h$=g`+nFkb@5pQ2?$HD`d`PAr`xb;>SS<%vWMVcp5$Fst%2xGinA_mDJUy znx!vVYeSS7ri`|S@hGT60*mK+v+pQoXb|0kQX5>)iUOq~mKEI54m<5qAKC?Vt9^dY z6h?W8i{Z0jkIcJ13M*YTx2H*$Z_Pbs8RokuGjU?n2INmaNO1M$K1rzhSaz`)~RvQ|7EfwNdpG3W%D@HxE2yw6XwPqQgE;xO&XSpPrZ0B(g#cWT=jxVWL#swak z-|sKkNVAqYx}v-ddi{Ax5yCz^!P!&VNa|?Y*-mAle_J5-F9!p$({iaLM_}Nvil(aR z@KE1_{3cx#YN-g6bv8s`(?^!Hn+26rc}g;kM_sOuE>VI|rM>E$LaxCRv~;88P}fm@ z7y+#+(ZvQ2r?EznAj^We2R)^=b&4CVg{fe(wSQ=B<2Ko6Z}#=S#>{mBu{WF~V&Le5Adl)Ax`j6grf zOe^{?F?vEgztvjH<#nEZ_i&8z%TS<3gb@opQ7^$_35{Dm#$EmNK*gOhTIZq^uW`#O zu+>=iaMU}knR*w`c{_}9W2488noYi=^jYs(ODFf<|U)|VUonGSJ8l%ZSbG{oLk-JkNz}Tg$rD-dT zgLzg$%CHGO!@vOFp8p`V{n?OJA|b%eSt0wB>Ea*^XOy5oSoDFof1tSWPval6>5OQc zpD15aIS3g!5|<=ib=!`2yF-NTDR!75+~qYJJiKHo$*px{HKWbUdK3umYWgc!X8x>V zW4AdBD8}XHl_=+p5Y6ad3K%UuRt9?I1-rd{)#Cl$1 za+Te_Us8HwzWIko*ZAg-3Ik=`Sbft8F~r42mL&tF%P?8_*93WN@g&@N!Rb3Iam%jV z)o1-ALwMOm%XQfW67SK^^kg0{K=};$v%pAk3}3kR*YRGhu(~^8iTz{Di`ByU&D`s6 zkmpP?VsdhCgKNp*ccV1aJ|8+~w9-ozhRZMB>b8=dQPqubxqRW+zKg81Y%q+;7yZr4 zzcRhi-%2c~&~$C*Rao= z>}4a)@5iRZp9_TR=?YhP`*%6Nf1;ms8nsW}YWOI~Zaohjt$d`0HoObg-hJ_}v3J zIrVbA(x=`V?@sGT+~@*K1p0)Krpx zoFx2j8F4~6xfIZH`{s!3S!|2Y#;pv3`~>;p`;l_b0-3fGdhx&ST4son@Rj~<^)qJ#RAj-au?PKt0^ z7GKGsz+5^8#>UHNrj+2#y)~FhTk0Nxg(Wvw-zLLCW2-CC@b@SfRV@F z*K>0=x1yud6B_l>&k3>dNk~?HS<4h;)EPox=DK}@#e zN&4nr{N&b(t}m~U6=%hEJ%Lo@e`Q-iO#tY}7t1`YGHLJXKe3np2iX71#v4j{1^g2M zjDHRO_v%`5i*nK2#IhVfd!lPg@Si`}<^L;t@PFU=zm`?-|CWw${xz$)$BTqH2nA*O z$Eeg}Ma|kbYgnP$POHDsjSv6CI6E*{WtC+@Z&Hm5Ii0!%4|Kg7OfN#~OKWdZ5&6j( zsfvxv4y=eTP3fbJaLkgLTD?Jg2|uSeF&gAhi?3K6TT5DQ9+!UZv*3tXAQO<>I^&~Q zgk+O{r?x~U=+JBVNGP=%`R`r)o& z%bD)O(!uF`{}~?0swj>w3L1KK()K@cEuv0h-d2)Qy}3BAg1?{_c~awkc!;`}m9V8b&txgM;hlBe zr?4AdrUm$FTTPVWLs!7pRCUj9RwhOEMqz5fFJqQW_wqZD%TlgsA(KqHKxJ*F!HDK~ zp2o-@l7mAJrpoj`c+lvG7K8V;=zUjWQ1Y*!%E3#n`6Zlz@%Z7u*KfiDtqBCpO9nJp z{{|=U-?tqTH^HA!ve!MUK_gTILPGUkSju80h-wHcvqG7Tox>r;)icbYs8IThNLk0g zJeZ*bT%Khr(G7cyYsF-Tv=y4Qt7*qpannPCNzmwv%vy`2hA$%4R_R=`h(1wdO>x1h z<5A+iF;ix}ZLS_Uq3A`7jJLr{7x>daOkUrbTEWG zB&Wcz-4v!4(edcz7%ERE5Bx49XZ_+zQJgnW2Zy4zoV5*lOnHfK@EJM31PM~m5@pphu2uT?o2%O_wY zztZ060+m5%Ec>OQ-~?*&agBzDE1t1TEQ;SdyAGB|Udj-og>|2_$I{WyN4}K8oA^=&PUHA1JOpE>YMuL7X6u0 zMylKU^`}rq>$fkiveX*!KcQD%?@Yn6M#m_WPa%p^9(ye0p&`4!%5rXDG?TpwF%yGF zknEz|O(6+qnDQ@^T4*F^cBpzvfG~dkV=I@4Bgjhb(0v?S#gZ@_gpxtnq~TMqB*qx< z;`K#d*Xp~{Fw(q>h`7Vy`ex0HnOFexW7YH;c5Wsm537TN*zP8QS#B+-&ymQ36RNZ} z3O0sz|Nd^>^^0Ny)$ejXnXdruw*ds!|GzWgTaoETInXU-6mmd3T>W zdm2<3auvW(<%FD-)k)L4bkON5ywjXd*-~eGD4a_x&?|SPJ~=HQ;TKPgNmN!)iZlMF z;I`In7-u{@!QJS(ifS(oJU2)^`cN@$u+^nxlC46J99iWiZN0mhlS+YF-idmQN>mpA zE-@gXlOWeG`YW>zM$1>pmO!bEZ>mc6DaA+cBQ`@p(yU5jYf7Nw)o_^&IhUH`QskJb z&=s3>td_6ZUMcU%fA5&HC)>K|7VOR!L8!a@Us?Uep{|=WBc!G>dXU3?e}u=T9^<@RA&~h*!)34;>xH4o)0a(`x{Snn_6@az+7C z8vn@^=vqXz4J^Od2%>}jI|7z<#-ZFhe^VM*`xys+k^i`%l9rC2tgSM4eD>@+BRTkC zdL#(-&9oSGj;a%FQyur7%{&bk+juSS8pyJt&PtzqR_HHFG?qd&KtbT2ey&%^8pYM> z!_ZFQftr;~WfunLpalw4=c-Q3h5H!WnOO{05*g{x)B>br!Zv0W&{=4#(Gj9@22`QN zC{yVc(DSw4fcZZYm1z-a^8&seW~I}k;WC2888k+co}0m5X|+y-mlU;WO}Sbm)u)5i zM9fP>?jDWfUhw(r1^CcY^wM3$YzG!wpf#Mi3|~;p{rMFeYqgm7A|XkxI=@$d9>-@64Cq=${aEq{P$iQ%Ie<9YhT ze6abYyy)M{m|-}$G+_{)wctFytZGVs#i}$f^2KbWDwQK>ej@wn)esMZq1i#PnAqq1 zFk(MmG4JkejQC&L#GJE#=N1cWT+`4UlpL@>dEwY#Is3%KH#=THe3NpEbe;aqq9b@e z28G-ZOmIPMhXJ;=p5r64oHUC#yDs>nXsJ!c7&0^e)XZ5Q_A zA>QOM#Tin6be&8r8o9S}dEvP5^G&`gcJ#NJsD4StX4p%)NfsZM z@L8VE81x)G#sV#_HgqGZQun!0kez1&q@;DWoI1KgFLPm8LOw0?G@pfW0+J3UHZAVE zcQ^?5dJo11Cmv@fZHLhz;`7lhFcEI`#)AlS$>&5?QbJxfc)vVFuktz*H+d%0!JY6kZ;Rb&=9WRwMm60w{fy7X@e$cfTC!IM#l4<2 zH2JO(oE6OZL$rpa^Qo~mX-TPVZL1eK9l6C|9_sE}7xokvam%5;4@YG=IFlWX>ur|3 z3=76kRc55@zVT7_`uY1P7QaL7z3B7^GZAE8CTJl#s?9Ndf%vGWaW~@H_}JY=tUE7M zekUI0IHd%g)7d=L#JR~@md7X=3cW1>|g=)q9I^f{h;Oa4g0PmVBN0@3B;%3TJf!iA^J z-u2MvHY%k2>))3bx|pCMZkUf14bv^!O_m9fbG+()a1=~8m6ny^GkxDH9W+ZHfuEnd zc{2KF9_)6J_lQgmHK#9Q{M2nm>6TMC71*XvEb8UtIy+F7TJy5!)y)_dir%2GG}q;? zu8xSEI4tqGnFiEWEu^cl`2TQM$5xrmcw~P^;Q5g(9km>8TO_Saim1)Xr(=fTJN-2w z_{03=HX{leQ8}-U;R;$9*HOTTWhU1o&JjtCgSP2&daOlW4Hsm}sjs;cKep37A^U0d zs|!zkaxDWD7pfvi$vwz@Io}PTn-6Qsjc#vv^wYFDuHW)Pl4dje$Wf0728L4j>oY6b z;u*CLSmliE+=xdc zoH{9lQgN8?y?qcCuf?9zc*LaAgRDz2-=5(2i-YDo7xtJrX#c(Y2e!k9UjNnmb&sWyBzmh$4>E_<4Mg?oJTFo z7{TY(yvBQo_%S4{#w7`FlywZtuUR$Ct2lGSym%QChj`JnFRZ{n;B(@>kg!;ZM0LN; z>2zq|uT`j0b>SNQdA$9g99W(b7IEzWn?z(#A2fD3*ACS4jhO@DoiHRXWs=@lr49+4TQ`?0KY_f!+(r&M<3c1eHUWss+jXlMkq z4OEjPb7?VU5fVn>9;wAnKvenM2WES+;A+VY`E|^R`TF(k$;*Ya*0TeO#rP#yl6UlV zt<7Vx+z?B?tY<;*sf@A&qcnqc(BvgKEG+{A0@v>V{htbozw!g$o)U1jD_dcoC0>?2 zKhgQcsa5x1*QAton4f4UhNW?uRGd%ub5oGY)H~}t3fs@Mi<>iWv8~` zbu+s~OK%t2%BALYO!2s>oG+ne)iPQh!Ynoh2)bWd#-B~~N_M*ErK}ulzgiGU4jQQ# ztNg(F0k^(_1sBm?@;yavv8G;gt)SaFWFc=kQ2v5azR4c)Td6Lu=^KPq32qm*43MM@ zHxDeRC|J+^Z9ug!)vZUj;l*0bVtTyX)P}?P_3PVBH0c;mp@ERErX#6%;iI0TJdPtn z73(G*Kh3>gW7gYI_Ix+a7`~H-zz&Rrm-4qs(9X<;+@_zK1*Okbjbsw_isHb-Yo-cMoh!pi1gF9ViA7=U#0l@V)gHwMzG_v>CB zQe-{BodP8QUh)ZZBWRx=lT^~GayP!mnY){l8zT~z4~6~>sifJ1YzWjv_GW)BMXA%ic5R^-}I4e{ee7T z^bq`bC;dV3J(v@Lh7=!~Gmr@~SIgf&9lo-IG<9l$8eox!A||&9a$ThrYn;@m+*8Xg zxGs1XCZ662ze`G1p#=J580E%&ZS|Tz1}~0Hn~_5wFNwGKLW?F}j2N0ovNpAgu{WD$wUXtMKVu*a$2Tg29Wm?lA$=cL&aoB5$j=l_r3$8F-Oz79O%4XnkZHebl*p2$k{TeGA8=i{>b^?C3H#Nx zUS>UGU^EPA;MC4Ys}+i@n!BU%&}8mkGV+b4BtKKh)+w{1?}q_2HN&X!f=nTkRNd~X zyVtO2l?{=Ti)!etE$|f|v7$--fD*SVj+2W}^5CHKZg%$z4x;A#VU(rMJI2j%och?jWXc1!w;R~8#(uTpU>eGWs2i3Ge%VS? zuS>cCt*|mJ+E3^ubr)${rHS1$JzTLoP1CT}C2Uz&GKlb9#OO*@w>xyWKMUNqxyMYV z^B#;v-|Et}BCKi(KNdO8f|T2{79J%o5z=6R=)wL?4fW2=ea>JB>|YgWocc~}K3$!C zZ;BR5Xf7AoXol5GRE*y=h}_2am;B9atCE;;yRk<24wT?&>dzs1Ct& zQaXYestu&vnB$Ag-Xf*ghENJy9&cxjf?ItA<)z}@^s~LzJ|w3e71K@%IbOM@c@0i# z=$!r){xi!VP3`x}^|GRNIWZG#!Ixf~MF4QK)O1LaW;2A!84Yh^uq~fA_llLRlW*1J ztc5MzJEkn1?_{~bar#lQAHCiL>z6oB_nqfj$HD<7Za;?v?Gew(pQ%7!q)pvF^KTpg z4z=Hr^Qec>#qLui9^d`&$?<9POE@T1i0q3hrL2xl-^Gw_xpG>3DqM2%kHe|cS{Bq2 zp^j-b^f{K{ZMajWPKKZLCMIaIk^E(>?29l~BpM%8Tw6_XhVtFKF7D}OxbVx+Z*;k~ zwY;{PqI4(kbR(VbYo<*oC`)@82vxjDidBV0`sz&9Z{*K$E591~$z7dBn{UDq>{9`Z zAB6N$Y+~1`zI|^g?ODuo91IX#s+-m)jVpcB&x<_&6pq6XX6RA_o;8j}Y4FkA(tOI9 zB|W74lWTk)7qQjwhIt4W45CC3GYz5y)Z*{J?$jr5VnxbU5fovq@hmFVxtz{+84h|# zhxIi#LRI>xK1X8&4RjH_t2nlzno=$1f7Wb`Jw?3OU&vj*0uqer?kr<-6{S8I-~Zlb z>{#As8@KnuIL~^flB+d(svX7rX-Y|}eN-L&B+}zO3Pdi5D;nCXe?H{3Zq@19p0{4o zr`$m6@-IubNAc$l5+MtqRNQOEVjw_g_-TZq+9=falJenVko29C+6(_IM;q=pbS0H? zV75X>&wnb0N<8}A%Xm<4Wuf&6H#Ph$^T1M(SJc*hq}Vp|cfdM&BlkRRnJefsBnD?a2lD@r6KTq7OL)MctC6SAxBpy0nwV3%oqi3yAL_3dt9MvH?kN z6;K%6?*J=BX=Si`n8b`$(J);cY;aHrs<`zyxiI>?0-4HQIx>XDrFCbI?oC5DL zWL9fjQI8(Y4i411o#tfabVS~l516xu6E%1v4qWF7{+XAsS(rV&#S1tJEjb}NQX{i4 z?z2C49@`6vOUiB-$WFHncZl-c$qCE5-@^|r`O`V~Q%O${&p?Gn@S+u(4C|s}+U@hT zcbeVAwwU!L(&dBlU6pb&LmbzHSKERe+%FZ0ra^N=PN%zJ)S1MdbOvev4Om(vz}J;r zzT_$j1`z(_RcLp;&4{<^1c3!2`*Zf4cl5Pp!rn3s!p3 zpkgul9m|5F_BM^W*`1Ubj3BGqi1T@tWtSdhG+$7vVOvObXnzqx+J`X zees4uX*+wh0MX^#V@E`eGF!UFt3Ct(Jw997auhp8Xj<{W89rVblWosg6;UJtA)_8^ z^Bu1$DnQ5Zfrx(pAWi?3>hZNl))HBia&*;1XE@5}kWJA()4-6v?OS;rd??RuB>w4f zcO7gJeS@7yqd=b-9mU-)LxWGCP!Ww&y(BEwDGz86;)a^*{VH>_B?9Lly3cj7Ar~Sg zf9C(BtgK8P7~7L{kaA+4)Rv!vDP#4pFQRK2k1e`@*vJ_3HPaUskYenmV#8DXA*GCt z&NIx{Qbxe`kgyX>>$?SWz~BP&wOGopF@wN8K8(lL_+$DpXl(;Y{#rJvPrcUQq5QqD zyxY&J8~0UC)&za4IG750+*_G$34?YSvqh=pnHB2S(u*%OMdLtNs^X&Mi*JMs@iG{5xm}#c{2O(26+d(TV z8uHB~7VmqJPOGgYT{o8`ch5GGaswmlxUQOU+Rj&(p8{YASTAA>3iaw@R52TP5=tdM z_?&<0A5hFK`XGe;772wH7P$T667{H0H!-K%IJp*#yBkrgz8(g>u`wfhC|gLQNzp;2 z*~*&z)^PzmE+}RSnP;#c%urOv$(?4SG}tKMCP+{B%YrNX*%}yUhMbhE9qN>!^#+J- z9ML%z;K70eO?Q-gz}ycrjE{s&Ptk17_Idtbq*Xx&FmsnxR&3LdK7}!B!@fT1vuRG? z;@qroc`#&rePg<~V_Wojif?~iQUOIXO*4b=)-xWlVVM-=Qm?fW5Ox>=@h!Ijk*SAl zZ9MNbU|u7^z@wAS5S*L3KWyUyf}H!r#>E7jPWp!&u@#-nEb7YH(oY)HZ<{1L34JRF z?TAirg8=An-$vPSw}E=T7C-iS)Y}U`QYqjY4p85n*^yK#f>Wp*)x4Hs_Nkt0gGh#H zt7kNw$GGX;Ht_m8o5u>?D8#B1>lilDV@?EPXP z{7F5iEi?Zl$hzVza1aiH?S4-TNK5ri@>p42Eq;v<>VaECzIHP`Prf2}7)BEL-J3vO zh=)5=G9y5|22)dezxg$S1==RXo``QfX``;37u}r^(`e_=ECBoXteqX%uk+$Z-q*o6 z%&{_!Vx__=)1&V@>xXP;?aXdXC1$4Fl|{t9RWh8NW#VK>WJx;f^yoMHSnp4yMs(0E$Yy zq2}68O%t#ts&OG=LA3jk@=Eud2jJ=1Jc@(m!E%zv2t8w~NOsMCf?&SdpkX^rEc5r! zj+cuD;M~8!CyqzY`8F_E0;=H?X2IwUI^?yQ*znRh56{Ox@0&Y_AZh1LS_UOP(z->k zeGJo-hyg}Fa|s?w#Y7e#D&+_t5)FS7>63s;nR#Y66i$H~)B9J>A4us%YP!m{Oco5| zU4Cid@3u7e!JbxjJQq&l=vGP+pD8d^wfE+~vY~c9=USd?VS%1Iqa|CC>xV9~n~CJu zk}lP7BpMLZxQ-uY7G@`QA9a4=Ac|##0W+K1@og>+_>jG?ch=Vw@n?euUck0_C&>t2 zP>|zVJxGfw0PzhRXD$IjPFnicXha+PKK55s93DX89JJ$=?)Tq@Z7qB%9`j0c8wi5B z&B|*@X5rG^Q`K)oi#pyD)bc%AF6`y;ul~G*sAyI@?@b_24Dwg34eoe}d42gLaS!z? z3!0m%H4%2-tbc#He1JoS^7{951+$#{bAG^JZ0Br*5(db^GP4*Bs|P%-$2oABN@?K% z=jo-j`gfmC0c%&!RqFidK6ca^R05|q`)}+#Am0A{Pv6k4Tb8$4F?N7@sdhf>(TR0+ zOo1BR#6el?G`r-HKM>yJ?CaP>iwBrg_p1`JYa-Tx`DP;!RgY;e-H6+@l)hLb?MHB0 zI4tm|4$t-vq!F30PX*EX8XqrmID8`YVkm09o>WymMaXjH7Q(MMLrnV0Hg+02&!@(7 z_E_-XLs}SIoW3zcI~MrG>0=BAyWox@kFRIv-9L`?dQ9*3XVUX6vlFH*>LP*d?1Fb--sN{Mlf34oz*>smKg`u=MqLe8H%dwH?YCDob; zA!uOMGWu$PAOPtK!<__)R1H!$5HWAgl-rbIi5E#*)ANN00rVC*{pS(=<0d|4faIcaT$S(=fSZy^)z zu)hi>ECgj24t6OEX)T}H$9~Pa(pF6xUyt=Bw|bb(YGS=O|G|l=ou)GpPh-B&oY&j= z{5`Ah@f*dJ`fT35@GdK92(NDZ#m=t2{%w=+qs|x59d5{aOr&NuaRnc4{=s`cKZL@( zc?TI9m|2}ExIX$}|AP|}HiWe0IxeVR0SlRvb50R$$Hv}8ssr|dqT;6Dg5vkmMn!5E zvY7WLxs;0^WDl=%rDl^-o!owkmc7D*0byS$)zKXCkikX9O)hGf;H=5>=z{Z#luE(*~{nbZ1hEKeg|-Pat!PuYBmA4tlNWWCV}~Cxdh|nj`^d@78IA}qk-Hb^*?^c3~3T8gF{MT#>t%3NePOXSqNpX zF%d!uR*sPuJ+vDi(euIpQ)Nz|1HYJ=NWD_MC-9vN$&R09dBdql6h7B)9Eip{@rIe1 zTTwC5$_!Jts8~ZDAziZ8^QicI18Ths_V=ZEg8qHQw#6zd?*Y=@uLAZd&!ru*7W8tt zMSOhyf##yxI;N#m2&~4)asCfObTFGuszk-?|q^?%E@k5;!jw1}elurytJ5 zWqAlmMavRxB|}32o)7Z#hy!m+oOv9wJPH|Wwiu5Jn))z;zq@( zf=t-&BvGKyAOuw{K1zDvA?&eCYUX!iy?_04za3+T&mHN98fp!*NEk}vt4@3F1uYkB z00=z4Y2#6kpE$e?bWHP^x>dt8_K?vMvirFDWo5RGk${?>S!yCoyK8~_-^KE@bEv~|Lf)QUHkhKjK6LFd7%G& z*)9B$-TZI&pv&^HLrL$ywfoz|J$aRu<=+Q*Eg)wXi}T+Hg*Hy77IM3#6mi)=%Xs}i zyQqKkc!vhrpupYoS~a5h9}_j|*Z*Cee;f4wX(H}{kpKEd|8!HpBHR-H_W?5Vk;2c( z|9!SU6Y!F5|8rd|zW@JNm%{;C+nkkiLkp98{e~%ml`y|wz1EN>%PZUYKjX)ZXQw{X zzS&t;!9MM23GS$x%;LnnXuG{Xo5rS2*NfE?>K2$W>-q7piH|DpPGh+urJj7|%xtYm z<~RvnXYL^I`4kQ+tLrtr{JIN#BH5B7#xyF@e+bP9w%hnLq7L zh>$G}NpQVlQ_^U#8d+a(T5P30W3Z`dO>K6`Vbfs~gW5I2W~^t%YcYmT@Gn`sYuK7p z!vgqpVxmg3duMk&;v3KBA8bqx+s}Q$r7Nv94lknq3fkTMyJJn_1Q95d#7?%%>n_A) zT1QF>;gIsUA2?_YC&mj3%~#3ITaa3nspE3CmSa6Dmz9*WX72(6A2(5>?NgYh)gw0b z*cr8tnxpW<+%M2-$?PXbAJm$;TFxD&R*ZgW92E%%H&-w<;5lQe)1PvGU^|W1n5bNFz*bWJaMEq88rck0z zo^;lI`cm!0g(<1<_N;ispiUa5oo2_Kh-MGts=H^ACXMd$vw>Of@wP=^P`}jR;6N#7 z=xvKpV-G&Z*=scBMWUmWsKiSLppS_IOuwnoj3EL*4YwSNw%^ZYK0%B;UXV_E!4(gg z8`=Ys8Z0#B3-$|9_2*1$=Ki@_9T>nj=e8h@^!(T?VK(=MUkOgYL8%*2z_w*4^>I;? zVxja=z$f0FS7(g+9@z}0n@O&b&{ikXXNwk^veW-KfJG#Jw=P`}O2p|sTCGK6?dE)E z5+6=}^`xWuw(c)?T&8LrshMCo3c9#7rM(PI{pzc-_jIRCyn&25u4anNmKgh2Z-hrn z#!Rc(v)wC6qdIFeE0Ss>AH^tbCrrbPPJ30%X_eo2UOs%9+G8j)Og!1kTDfr(lYa1^Aqdma>j|sFJQ@d} zJpXN(-B9?sA=4Z|H(-wn+-iK~*UeCqQuwq{;ZYtL6&6~J&DWb&+k1DHj*N^ce(%2Z zv8j#Y^&ZTk`3l2z4yRBH8G&8erS!_PrxQsOE_i2@}^Q!_sc7{MaecB z7lsGWPoJekpC80QONoPnOzfmzR?$zYLt?S(rneu9^N$Um6+AW3-NKJn7@q4;xes#Qb{w3hFMS@N{$mc%_%*oYhPSDsbD<;jY+f!Xo3 zhVC41IQXJqA6w(h-X}$E$c;2yqCwqeN7;-+JaS81 zFFYF`r@&z=aDcPHser7mDyaJt)U71T2nZjJW5~L+U1-EquK(Kl{M9=e0wJ{Sb9JD1 z8wA<%%ql9G@INm1k)xGlJl9_EZRcgLlY03fzD99IV>|`2#9g35;kfbfxHu2`D)D8- zA!xj0L}ZsWeO$8&bqSl%!t?|CwPKXP>?|a8B^*96wF`BzMgDVtrnn+-8H&^_A8z{& zj=VB=`wkF?eO|-B6TT-pmi=d4ddi9&*%S1I42$^8d5_cO#NQ2i&zy<&1Q+@DsHeq5 zUD{8KNx6y226#~6!vxCb68C`)PlqZ2V9mfqKT>wdYveM2Tr))Vw$JsZI4}6zzmWpf zHV_V2T0|6dDHd51WK|2B3+Us zR+a??Y&NKr+o^dQ$5F@Xa$$&JRtPMs1-o`vH7WF{^OAU#a2@kEhA)5Vuy^uPLoBU+ zt%ifxx`4Z0ONPs*%5v*45lYBQs=CtL!p!y60l3>m&lUf{s$*e-@~Lc;x_G$bjezkW zGe)+{8=i#PvLZ-U|8+o|CM*F%Kq!UjM+3uzaE->L%QZg~rn01d=8gH1r^w>7NHdHs zD`G+Z^J9#S=kvcLQwl};tCnh@P{+l6Zr!xY%TYLADGkg9&qFDFTArmP$s@C{!Q)ds^Q4mJ~E-;Ujeeq-zgzus)Mv;+cG!#_ABW_G_Pq&+uIn#x8ei)TKz`{ zA#-&M5D$g87ZtOc@QmU?m}CE#YvpYgPpplMq(X*p_HQcsW{0R>9?niz14TJD>_%cI z)Z2(3jle@oe1mYOnP;s{ZYQ3C?oY|RZrZW`o5cdkY=t7rJ08^oQ5 z*>PdMnzg_M!G*UT%)Am}r5w>uHH0B`xMSKGhnasEmOCjFKtAE?J;{wmdj2J}^VD;~ z+IgGwj3Qgmy}kaRppVz=-7Rvb<7EJNKR35T*n-1X2p=7roQBpKyI~^{s6958Cy9rw zNz3R*5HI@_#ix>g65sEaNhVpc)ym$8n`G;C zI&a@Fl^cK#v`;FzZQRS`o9^zKS-q$5d z$dXH6xFm%v?hOv9nP;H($m`5B(l^Djfq&{S#wx__#`WEYlOKB`%2CqCO~SM}A$-Ra z+jC+ywrV9oHL8n=RQy=qk&T-?HV-<4;(NxA7;8c}aY7FhDJi=Ac|X73ss)$xN>-PW zGcUXAHe#t-aO}C2}@i>AcCJM03V! z%2P6zy0%rP@}+voM1n?7i?5c<1N}vN5!x|3x)a**cp_hl-aJTPYXYXr2Rp%ossQQ4 z`+@tZ<#fB1xdntY5W?oRk%Ywkvz9SuN$GZ+Hb@{-cG&gZF+4V< zhsry^k&AllT?wNO<&1ft)H}Y&F`KzCCB6S1IVZY3pEUb%`gE5!fFsMGKUvp|rwHcN zav;ONmDw$c7r_H^*=pk|pXW>fSl=)fCU)3D>&FvECK)Msf5S#j$I7?9Lsk`dbT8(# z6l;c}NCz3=fUu`Co2GI$6}A`FA7hRpDqwt_vzpUWpzn8(C{xwo>`4NY!Zu(_WE<6BwX{O)Qe4;UnL_XNVr71XRzPMpLQ7ewf8D(vhwE7y-~%Z0@iemjWn%s?FeBR}lh$ z2k&g1h1vd^wx1yN z*ri73?b!5-WmWTDda!YZK?9v70^lovLR|_E(1y)5n|U8z&;QYlSBB;=bttuUxn}W3 z!1s-5F*fE_mMAn~QrfLag(CC|rd*`SeJafwP@#YW3~gfyx!G7d0RVm8-?WzU;M?q6 zWgOzBwD?w`_l(sYDZUaMdixW4xT7$3v*(CXHu{rT=zj%^n7uVOMOv!XF9s7+F3Ql9 z{U`27g(N){mw2!stNTYWWC?7sZ~ZnrYp0$01Y)#6Dt$}8ES*1 z(v_aDKYj~gH|H{MiVu`uvYoJtmp2=TJT%?(Pv}L3WEfZ?HJnmb0$YE5fyT9Xk_Znh z6Lpp(#`<92K_<3Cj&CAdaWy}IQ?7obYj5Y=F%-}GiIkzYny@jL%a!WcEd@5KI6m-d zTQa?>f3F}>ronKpUZ?opvHe58&e8xJM-D&EgJ=fR;B(Nbe%lM!!ggQsr}dgk^7kW` z4a~Px>Lu@9$&k?`LeV`H&j=1yE+$ZmE9uDoKLHY^vI2BkP9^|+RFdFw4u(5%?EeQS zhhbLfkob-51J;kmp+y6$*~eEarFyB!^=l4pHa)I|I&>TGWD$s8*YUm~qVq7EuxPa) zM8a3@VGEZm+Ksmv#Yl5*K7-@Tz#)cy7142Mo71i-_N}einNy!c1x*{9bXLhAE&3vHe4hhG|o(pi`!1_vw}Jt6#U>`|j3N zo^%9Tz#C3g)OEQ;Fc@A_xg3nLD9?G=ASkNhnFAjfGRglhw8kJ+RR1ZR%3tm{dVArb zcJ4?oJ8J1)Vn68bj3~T}YD6q^+0vYHZz`T5MIN=ej}+u@7Kt&AA%w6-g67%rXT+Kr zcTTAY&fjTN;!Me^Wt7zo=MBdkL~q5N3JI2*Q#Bp%-GYylQqx90{10db^}~OKW}y7i zprxO&pn3$IpwwRNkCFTGf;~G>fXMuKs)VGt?7;1TPlzAGU%-`=>Va~+M7DZ;594|@ z)7EqQgw>GVga94ApLe6YL48!A5gw*0@u*SM{3Pei-pmG0JU2>EQ&RjC4@EkDt)K*j z{0H&$-`%Lq9oGJS)}#|6rXBpIW_8_EqE8Q0Wl${m^LwR%7X79dRz#8RGXoNxHms>1Ez82{FeR~rWCGgbySU9glM#CPe$N+(bt z0q+4IL&FrH`63`{2-EhJDA8RL2>=c!Q$X2{o}XBO(@5`u;GNmwxF9k4%9Ut+qT{N3hvkq+JCBtl?x=omRGHgHRL#ea>LQwP|ia+ze(pP z>;TcVkTW^C?duPQvO88CWXt#%6eJX!+{cTJugz-mst+LhgbpZL2En()Q>y3H+*R9H zk4|to$8S0)X%cv}+n{t|f{%Uacj?Y+%;Qr^ghg>RgH z`vjJo5Wh53+@m6)mN4I@n8eD9g7f$HFuf0AnPJpWBv*Ct}k_+DeLW67)y-c=b?n&z8*%8 zwe`GCMhWy!*4BqLqC9K4M1tz9cY!HcND?Y0`O7vA-=CoZUv6fZ&ZfQZXuo&%!X7L8nHXLjGLa3|Ek5wbkh8Qh6PPDNOL(r zCkeAN)Qj?kCoXp$PXkQ6M&4g7_j_^IB+{xc>P|l! zy8QwX`s^1H5BE8BsAQC_5Xa7Nlwyn)3okY%Ut&?fLk%B>56Iro!D=T;I;Pi-t^X2G z6tg!yo(ZqJbNRJ3!`()okz?>=`yCR1Ch##fdh$3>p~MIXh@umk=Vom7oDzcLhW&4H z0ltP8t$p;7;)jvcdc@4|x)Ck_w0%;Wney8wi`#w>oWy`YgBC+OR{(%8qU7(y?fxOY zM54d5T7k|1(x)PM_hZXa5>G2@%5$3)F9Dg271|Hz%P^j+?mTE)5ch-kpsMLOBmge_ z<@Qwe#8jl<2hM%PLLdJf&2Q)FJx>X6%To%b!u@q`5Y2!-0@q&N`awv-tdC78Xh3f+ z7`cT+x;?`a{96A3qSH{+Zed|*Rw|jCKWy$I@cseYgmZi~y3KsFvl%0~Xn!AK9{Cp$ zJUkko1)jX&v!}ly%Kt@QQ*D8j5m9VERu9rok4V2cjz}#DI=`n8wqw?Q zzG4bnTs(i~Ch&<`YhoDNeiMi23=(z=!d|r4Bli;S&YjrG5Q7|)%98SMcRyTNQP@}~ z;MIJcG283?GsJ++FP@B)S8{WYClJX8&L>)8oSu59T~$auao`?dciu|Z?~iuT+%{C} zMl-%61TtjZy)6BYaE>!0Gd(yHzqkF1uxgrfc}4HyFU!te!t#jUX5e_zYk?58?0~XRH4vcr22)4@%~GKHCwGCi40B=$z7k$b&fvAv)(7&tCZlS;V()av=WvdU z-MXJ`kAzup;PMZ29`l;%f?Iu zt_lhoZ}hfLMkJ?Z2mK`Vr-ep#>0$^z>RguZKYm`ZDls9-M|3%<$!u5S@;0BD(|&9T z_w@fI7pVRrlnN|+@IH@axOvDNHk7kx+CaDiqZ*QT8OLveqG zE%+2|7-E=wofsYR>Rr9SpOxsDe}`F+BS zv<8`_j|Sj7{kjVw+LpA?Sew^d$>R7=B(!4{Ml7_o?fCnHn~7q51*51l>l}UW z1ejT$f$cNw1l3sY#HL(^UjZ76Iq+P7qv#rM#sU?n>8<#Gg*w#FY z6Cq4(<6a!<@PK=tz2lP(#PeHkl%j^0K*#Je!-79gXL7t}?kADL+zQJN?4h}bnjtjf z*)-0Z$he9;BDoLhQng<0TVHc{_|H~KEu-%)*>SfVUJCDEvAqhZnKKKI?10ZXp*3mz zp7szVZr~Iq^zY7lo!8d{l`AXK(Hm3-m=;oQP>A}PSLMP^)GHJo-Gf3$42#EQeMK_$ zp+jnmsd_qH4`$-`3MRL+un6cet!^vp#LvY`*?BJ-fy z{ooa&o4?-ub5c~Bn=8B5&EmJmdGYM#eTFudN%qFtA^f5P8*ilUq$p-~(k1ExuI|gY z;pvtrBM|Dca2>vz`ikI`j7YjiI7|EKR_zN5<2TNZ{xl>k!lpH!G--6g%76Hze}vGWjv40 z-1m4B$EVp~f(V$MoQ|zBgVK_JSk&qEp5cR@Lacqe*QR*9sc+s^NasGcO~r{ozK?+s_;@o1QZp1Z8Pf%bxHE$xmL|Aw+aUJlju2vz24q?MpOjs2zexE;D7^K%PvRf?>L}_@9V3paTcx~OK zXA8@46fKn(HTY$5o8R%5nbSyNgJZ0g4Lsn=IB(;go2)prQC{ozxZ>qivU&!_l;*Q~z5zY%t+GO?ykX zO+9Ss2dAMyU+*&uz$_9Blh<-cumK{cgOCEyhHLrIciTxj(yzQ?>gp&g23!OQU_nMB zo&^|_5_nk~#K6wWye&WA+t0|^Mz?oC1;Bt{v0Z?vT+Ti4-DrBVQ_LwQ&6hQ;&3ze1{g$vZY75p9V4a?*N;+EUotu{AOn5d-6#I^!PNL{g+?V_#yuzUT(@IG(x}OL?tW- zOK7~-xU<|2(@~=wI?PIoODjxjUq0arRbl5Ww+KW^;9_hi(blI$qEcThZ5qUUrEovq zE<`1?FtHu0Dj;-f#Ji-11Uhp^e!hvC3Dt1t})H3>q*of@YKd=A2=G1)h%1M+&UDxu&lS=-OTzLEJ zC;3K>tz2O7F3J#Ifm4I~q%aKJA%x4h{W85$6xxzt%V{bDEs&?NP6S zyj-FLWP#NI6P$hz;!)J6)q}?N&1bEp!~5+p@F~xCheBlp!W$OO>&stXOY1f9ow67P zRh)kWVSE(W(n8=?gTfN%gETNgjp?^0&)(U(y8 zMvgYuFljrp^W%JKYu}ue_v8TfWtcW&J8x%XwjvJj@KZLX{w%3o0@pxgcurU(CKb)!QY!YBBO(?&x)Kkmjs%xi5uP2DZ+#MK0%Xb z*JfR(&Z8-|;3ilj8L8dI&1ExXhm(x4Ln)j?*ckfhwyiKrzL55Sxhfqofy}Knwr1WeEKuish{@ad|SsS zL^>{}Zfx&{e0v|m_#LXYiKU(l=c}xwpR4Sj_Ja0mSpWJn`lG^I+e?U;xDvGF5;HzN znSZ+))=4n=p3q>(mB=iK+-HEFd8EyWORRT-em%N8OSA?VXArO`8~jHbc&cPP@95vB zUM1n2OIbn6O_w~|n*GBIykI$QaaIVGBx2(}vy{Ikd<1g6)s9+{1Q$LFrMAm_w7&u(WYkR zr3eN~<8seGh|N3=+mul{1M|e{l@oX%3#Q5Sew!pJs0)?c9w=b~;JT&r$3Vz60w829 zboi>deF2sExQc;*lNIs74#TGzH_ik>IW^cWA}B<##`?qG13TdeT%v4ot@1iW2U7f| z=7GZF_6WC;WnJn~^Yc>3b0iHysVI*G2g5ffVBCx%9zvEyi5|H{n2g;0%Clt<1_?J|OEr_X?f_6-r{8#`WllHp z$yYHx!(;^UQNFHr8!QmP1PWZgi4|WL$OC#+!a~Gx)If>rfecQ0AA@g%J+x47-MV-k zmL|XEnye^9wCf|K(lhOPD7qWZIek@L6t7;%P(wSF8y6UVW)Dxx#R@={lylmOGQ1N- zu1An$Y8Vxeu7CMr4$*AN%denbMdUL&W0F5S%|HTAL`A7goF@j9ZaZhOOMQf&AXSy; z?|thB{^7(B1HPe(O1fi1b^r)i*5Swof3}RZIN3z+#Sg_!Q$Y*`7#ucZ8WL6X`6b9_ zbXY$A#dmN{Rqbl;C54rZS`ow_TNVufB}-K(-tNJ{=O-jWrgD`|9gnAtx;{2GpE`b; z^pKE&Egi(clZ?7%EbiM%|6OcI0@{CJ!z@WVJr0TUgz{SUKWUXvWPV}=ywp*Pn)BGa zHGYcPj{9-WC@$K|{-+UONl-CZKbCPq*Os{H@LL*Y-5zPsf=~^Sd=P^yJV;EvS2|ce zkW0b$l^28Y8_MFthn!PpO*>LzJ`WaXp+4~oA2S63A^{scVcp~M#5jPRL!yl3ro_en zv;RI!Xs4{Cas6=|I$!CJ@pe>X+{9RnmGBIF#M03d5_TXz_p-i_3-a%Fq=jZQ(Vn(pWlwxG$nD3U&&w3VoFoOZ#14QXe}bK zscCE#%@hqVq5t~r13VGxE9+2hI)yeOTTz0wVn$mh;oew|b)iofdn&(+J5o>ke@29U z8lYo97gNE)~yeZ$OOR_cBr4@RiHG14Px@3Rrt&5BF!?!hQ`$>*gk8y&Facf}0 zBdhVkudH40N&P7|ckUVk93w3(-0=hgVW4ZIH`Bf%XL5dW-alI|Hs zFlZm8la=fD(Q?yUv1BQi#m!3Ci>{++gHoVFwD$@h$|?`(v`Naks`Wc1l+V2x7mtS; zZ$o=Tc_sw8iG4C{3$NM5WbAXQ@`xBSXgJK?uw+<+G~uFg{~AH9MDD7x}(3 zsd&XiN~Cy6@kv`4K*zpnt-mb=7RcUfNzbeSagoFgvk`2k+!EkWw_pH%q8q$_MmKiv z0A2%6%FT!{l4&Lri*TKN28XBdC9}+YFGN@b3Zm!Ki;>I^+4!{O3b($7-)R~B_Ie7m zNyZ%Ap#^sEBUkKr0KOC=m(O4<@l4eQq^RGb6C#m3Yx?#^vP(LAi+1I0xwTyWmO`*! z;30Y(X5z3%o%5GiBDwrHNTu(Tw_`z{bF+(ewmxW69A!~mQ2lzVvDAhn0aqM`vfW(M zfq7M~DYgN>wcoF8LEB2|2VQwntSQ@%_evc{9us=;Xd{NXO1~g{LI>DYm)uYxNyH)z zFK05Z^!Rh%k@yk)W>fttsrSI$CtY$RpFPft^IhZJnwrw#k+_~GYtsCp`p;=apc`VY zA&76>4YR*jRhn7~nK+zys1o@%jF4JBUDG#@1gyOrt|1HDC8 zPpH2`eE~sCR^_IN2oaB2HC5$|2QmZG3miNb<3!I~mr1^6QQF|-R<>yaA>64uaVm){opHZ6D?Rp@dExVn&mg zWB^1Pn=oECM!;AGVubzLk1#G`WReg&rwSz)%zM8RvGzWS!VKZv2)<}1dUVlPS6v$*2l{7+5ad>Cf%E2_9XOUE zm99q_vwsi*I=@}^57&&|4hs?&BopQ#5ql~5h4#N63I|C8O=~Bqv5W0b`O%QyPwHE} zSZ9JZ*TQJ|_dj%vgUU5q4@RQG8)+N_qB2A!Lx(4j7PXhTiUo$t)*tc@@pXD$B3bd* z{j5hXxzAz|n>hXHUJDi|$RPMLNnrsWV(xRmD`K~f`0kkqU7R{sasG_Xq;ZYAT9z9| zJ^`V>Ke*VXT{XtT)yo5O^TB#mAC2NWKj0J9Z{h>?=y75O=l*jgtr0@21mp0rHJJLv zy}sm#NH^=(Yd;||0Le#On|}e~)TDVebK5AsIa>jOl8|VWBaJ9i&DaC3343euF@j&E zv612gZDeZR6;Q@GYZH`xY+SK{ws#*D>% z61JZ>?-WkZq6`rfSf`CFqOv{x^OAZz#=CkcF=>}r#es8=%QqxXZQe#ny2!xZ!|C*s ziLPZM_ao*iBGy{8?VAE*pfGGh0)ZzWuEw*P&UltY~VKupsK%fU?5h_Z$?_MpS73GC!(WN(j5CeQp zM8U|^75tkyV>LR_NsU%3pZM=K<+y56H1};iWqoE|Me|eg$CpIg z-~KInMx8tQ;pPdUV07f;PTmW7UIwucdfWB2^P497J-6p4Y@fEZHP-Mt*i6#jDY^~S zikWU=SfwQ4J&0VQcH7l#cp*^Lja5ivMLZ5+#L5EbK~ULYxDubWHPh9%e8R^a97V(( z`#>U<(7-t!ATr_lGL)rA42O=RiDK=BGFz8uZXx+!jRB z;P(l^&wX7m$Oq0(7{0+PkDLRe%bs|R;#HB4vnKr?Fw}}sV_nnF`<*)b zfdXOMBi;L*a|t*oCkIxUT3!L-a6sp9v@usdMEO`tTTXWihFm{u^_X+yXtaHT7M&9$$87`cR_pf64;4L$s6W>RItfn3SCu2V&a!uy@ zh{z+J^aOu8)U9-f@%u1yRAAEHv&}wDz1^>3L6GS*rRd#Q3VTW=7cN+*ZcrCRRc`#z z&SxubMSdrubf=1TwA`*UfHv#yog?x=lr^Rt^h9-Z!Ki=dC_W1C+4lf$thSSSqp+Y^ z-7A>{KP4|-Cuk zIgHX{k7AI5|Ds})F(pFhX!FWR61E;5@b2S5h7p!H1z)5Z8FJIw6%*=c>={3yf_w=y zk&>HZ>sc%KA0fO2d0t#{U{&r2p>E6lxZF*_HyUcvRL}8VYR<1_j}5bwf>)3Y=ZsL5RFj^P zCq8oXJ3r_BD82mEkGq+Ra8d3Z>CazR!FI@$h+pFpDj-y1C2trm<~37j32H&e?O_4= zUOY<|O%dENj72)nf#`lxvKi56+O}!rJXk&zOQv|(z^dvo$q7_3FZNHvxH;3cz~vMX zaNE6ZPE2LBXje@omeubZmcDywdOm_*l)qY-%3N?vt%Z4t@71Bif>5@9(rgFyHTOTnQB9FTY>FU`M4QfBkCbAkbCMvz(c%yiW zVmW!CZXrSBOc%}_D6E(?sSq&8lcVY4zj@y#TS&|&m+EG;fEXMfeQRfIx+BsQ0H9H} z9TuK6Vx=b0^&asw;1@EqQ}~cuP`?~KA*a?F?TLq;@H*;cmvX4}^;A68nq564a2e`B za;h%=W{7!Vu?*bZL9A(sqB$sAERjD-NgZ?@_*H6?PW_&A&HR{{MoGeTDd#f+kWZNa zw{1v?z{i%2VFG7C6wa9rvtOgAw7-FO@0iE2r2Azydl54k-U__lAWMuAvWV&`2z^?W zE~#HJ&pl0|V(Q?2$t%@GRe<`t7LtI})>43{XB*dyB|-!KR-s_%{ojiYT!YADJOA8w zPE3gmJIJ*gvA-CB$M|gEU)}Q2L*1Gfj z`mRi`>jsosTKlmqcs||Mqz>5swSQhu!ZE{+kcEzm@Z*}M7XY@aJj}*E)O{E>8`b== ztDw%Fa4?&^)7dFVH0uAHAY=J}C~dD4TDZ;vJvJ`*g~~QzykURjBc49S70yW@aejM3 z+k7d)OIlmNkSRs?snNC0E9~2U9CrAPB$3vibS`FU$7 zZ}joO8JWIfRmyZhk2a@?mgUL-#x5Q1y?Q0=K zx5T9lUFk-r2I{6p1@g%od#`gC$e!Twkoccad1^lVmk)jlxP|ceC-u1}68{WSKK;|0 zTd#jsUHdcZpVb$ikWFyk)A~8*p|-#K)9(M&8n;4n)WK7_-vaM<+Rnfwm;d=)ez-NN zf7(*A|Dl%tUw@((+g2hWw z5)|=ECt2&83v*FhNAPBTZ~vG1vB7T$kef zQRaH!uHBQ(#+AAks*_gay&Y@41`6-}#ai&>&cerI{it>=BWy0RkJpBCxAZVglL2&S z?%S%LuhE3ac&r(fl}#wqEH&%yWZ|=e$t#4{7>!Jey{%5B@FoZZJqDPAGZk+leKI&I zcpaV(4+S=C-I`n8R`#d&#u`4s5N%sgiuEm$CkQ1eJN zgnN*{`o-Xv35=XzQo94F3GsS;8@FqB_4U>s_S?w;ok@cHxng%=x?An$n_n~2rxRu! zBLm_jGUU$CqpRm@cqE)0*j|h7(sU}QJ1nW@_qV&f6}=s%Nf3x*ukX@cjK~LhG8O*} zt>r4^O60L38mHfW0{T=krzVq(GMD$-0Gwhb1$giBY^8Ck# zt7kG@jdE-@22(dKruf%ED#GB*J_U9<;lmaHTn~yw3MH($doJIZ3LR%&E-P4{v_;gK?M?X0g^`5*uuGOD%CU3XUCF^O-!P>^V`ZVbWRrH#R zafBCK3G31v=RSGxku=V$x3p?keVzNgSmvi=vpf9zU0i;0T3|~1*miApd_#(PrJJ=H}7Ne4=cgaT?;dq^9ou0Yhw3RJQ%^+LkVKok1|G>wjSr*_HIIVu>He<1&W@eVH@QN{0!7Q|C6}a%4GPeau=mv)7i#|Pwab$ZkB9guyBYoC z2j1fx5z8}Q%z=_G&^n2aJYUVrm<>fn&u-|7+L67poK=4g;rD|JfihKaHAlg z7)GLqS2f0};xNzOy57~F%HJBF-je_mNjktU!l$ivZEnt}oJ$Y4h2%Rb;wpZ_Y~r8J z`#|;C-u)smk@Sz7rZ#7Ge@f&KUiH(MxdfLb91QBSXNW`_(#-@W+Yjg`lyM{uHSC5(#u-O(IH*<(Kl^~-h>w-w;{nGk}!_KOq?U8%r#)^Xw za9=ty{`!!Sv$aY<#ual#ILBqG0BvgcyV{8?uUx zXpJ4>v0!WS>U9e1!Fn4g^Aa&8I_t3(CaYpY5#c_&69#nJSD4expI(hBS68(KoA`%0Oo@p$U2CnEOBPCDus%hN8x$Ja7qaBwI1IdjV&eR%i7 z1t{X@UWIjb-U{nwgsR=x3=T{ezL$&6!I!;3wa=!}tWI}QUN2!9^hjTUg_&`xcA3&;Yxo-(FD#(ZM{nzp;70`q5qGVWPVM2JKVI z-d``g-DuIqsD?djVXvu|HS%f|q(yiQU*~x_HmB{^A}fjD6mM!D>1b2qn{TwAe|d^f zpr!lhRD)FuUt*mmwo#>DKKZ(_^{joWXn+PnqS)I!>V%@g8M2b^XI-AFD`mCv(AUyi z>t0#f-p8-Bf-vb30MkS0@R z9qs9Lm6V_XWMy$^IK-$~jXz!um#mn~DUQ7cHNq$3p!sQZzLdJF%`%*u?|!95H_yeG zIz8sWWGRKpGfrhReq#sOkZm@jn*}b)y@O09$Mn0{gkkddxar@^oHPe5a07$}bN>w`<@$ z&|Ev-mY2xgU$#LvUf^!%^w6kRj!AQrYEx zLWs==^iy2b_O{p}dD37?v7PYCgsdJQyV(2AL^pROO0@|~o~t9N)#;>SOwt8fJa=|h zc~1h^2cgF>@NzcSD3%a+Q_%xHWBTP&32==`itgVAOnIg^tjfzLO`#o%8Jc>a-1pQ(+X~* zz}548{a(_iK?IR~`J-ZI^nR5RfanxVQZdbpUwAu+BW3S}e2JM>Rsg&Bj!vl~&)&Z}-w(~4f7Ix~Uu>xqf#V2^hVkzX&JKy_v?~;T0|L>V zLEY#uf^@1GXGWCSqpLRHLNJQ5$LfI_VXI3GNs%jZK>T7@%+bSz12WpaNto$K8xq*v zH4rVJkUG+7+ala?z|P}`CgO0JmG6l}2?hYTf2M5OnwL}#>Tk~ywt@CnSZ zjrnaLg#sU4z>p@96nxjz>!iy>#Ne=hN$yiFf27?qCS*`p>L0zJh))bb{2Qu9K$zUPnITB=i93{Mx*pX zy5jc^4T%Ntkv+i03gz%{=T1L3t(H@V1Q?HA!&n@cHe372f-^rDQ66Cev85bKtLJX3 z6qFXTVq$=J0mbJpQ&RqJ{H)Ht?r}CjilM?-ndt=(I;O{k#llIjh1L(4RrG z9!$=*9y2~vF(mKE!bin7&g8+>6p7EDbaRX6sINer8Coq%rAgm{{>%vsUYzpHR+wj! z`31;*ssIs1l~R8X)pMbMW~0I)%%$+2_sVdcm{SCdI3}V9Yi44ilA9=YD;6Z&nuhYv zkA_`+U(Xw%Mi3n7Q|NQ9ZR|f&FR}mGjhvyi_CfyX!isz(SK=t)XO}fb#o10YqWqw~ z22^lBe;toraw9|~;7bm49^RXX7N`{IQOiFJduvx?in)*uV_>4MF~!DLd3|C5bwbv$ zjhJtcM@+!DhK&D}Q!R?Zht+XaKU0ipE1CXDNbtHU6e|i>ZliJv(XA9b^cxZGl1FB% zS`TnimWS&AA6-?uE&3i}id+|`q!i%5^9$Yt)VGR8Y;tr6>a=xEa1Qy|pt+%f$Nlcl zXkQz_T4aJ0qBxRa*;N3*H9D~oE~&90?^9ugmUNT%4^`E+?(6@WaP>xV$=qO`BS3!; zPJ75-V`Mnx%!_P(C*yAP_H6_IxJ})4cX)qL=nJ#X8QuUHOJ4A==7B_orj6Ivv2I43 zvRbDN?3d5z;MlP#f}v@PrLFB!uLKF$EW5ZrH+@-rWT|z7$<7|rZP|YG*_b` zn>(hY8c!%Vv`JCy-^iUgGAs}t0~K~x&90{#h*JvzthpEGSQ3U4kJzq4)RPWeAf`E8 zaq+sEKbwi}+eifrq8g{G$PLGKV|wwB9fm2&b53IPSbc}@`{Ado?s@^atFu;fRGVdvD^m_TUocG-pu*F?o>K ziOg3Kc}wE+bSV-bVnSTj_%K5M}o$x`sXu^|wN&}ArM z%W{_K_@P(9lX=*L_KS}O^K`i0uDsPR<+}PzoC_u3bKteF45aX~UDTC2O4Jsy)3+!2 zyZW(L4u2bV4Z=q+@#l~0Ch@M;3E%1cH|P%qL<_oYcUqg}Ag-q&g|jdXJ<2#7E7rRx_9H-%6OaJ8v}Q2 z>3;m_`J{>LC@F*pV7S#i#%zFi*XlMuhhrebkb=3%S8yhztRcv@*MklhCJ}|j=ym7u z^Q#A|h$WVxbd%RqKpMea$5n=3<2|@DU=`ISKC3}``%4lEa^ytmEcg*OsargOjq&+q zaC4h#x;?G9^w?nZp=`l*DjEk8uc4Voc5eNrm+_L6TQ1So;>!PDs2)H|vuoy>L6@dZ zkocZCvBdDiEpY9pNiI{i=I{DIKXIdP!S>5_<1pI|uO9Q8&GBO*-T*^@$v~&Q{RW&E zS|8?_3-(&1|-V|e8WszDci;bl;&(L zioHBy%1V~i-&puRa2Lw0*ZXYEV%ZJ|g`Zc$E~}srFmJOwJ$5T~B!$=YO$&=WLLGsR z*BxeD)PTYL+BH(Ntl1;3-at+ec1c7A0J$~fpAs!7;U64Ho|_NY89Ecyt|0h6qf;%X zd$YHg8tg|3wtkF+*oFXXYLq@=MqP7F(ZO=tt>c%yEE`8dbZYFOpGB%$Klcy0ozYNK zx$VW3I{P5sajrYKAhxsjRtNAyBaOw@8i=SL@{C>aMd#ZrWo}%!)JlwHC8YX>M|kRa zzUi%JSIGX_7nBcspdaSTW!O$;lL-NP=f6hm@=1d&eyME5Nx^RZDsy2L`gM#`3Elm% zQn~@eFGoO4Lb2#)2p1ob2g~(O9l}?t7;?MF^6Y+1`^7IEQIH}Nj`f`5JGY*s*l|;f zlzc1z(9wcXgko^|PDa2|91aPejCgac6eWNF*J<7GWK&ApOXEk}TqajcGDbqyhw6@> z%_Ki7N?Au{-ddU2Y$*c$kQbjt%PeosBb|c-eoZb8YcJ_5ozCLYsXRX){MC zj_G8xKFGLl1DlQ{hbmMETxobsjfVzUo%-DsBGK67imJGr4v$7m;wf!KL-~9cECELp zlk0mC;hE>s;o=D+Jl^@YCMXHI*6R9EEIHP&+{vF%eWMR_L$299Cl5a;hC|%f%mmd) zd5gxc;C#J<0kJhVp?JL>eHe-3hzoy8Fx09*zHvhCYpU2Dau~wO?w+ zYBLf1>8&){zvLok3bVfnEI#fgd__u~hzF>K?yQ|bg~SbKJQVqWvO7)H##(%se8Lc@ z3N>ydEX+gv!^mm-y2Lj(Bl6J-7iM|hVJ6N;lT&3aoSJoU{{tE+PLGu)-{C_^foqZ zj4}yU-T?XAG>gv-JR^QkofJ6xIWBlI7Dm{s*4jD|(&i;0d*`;PG7$ggWPUv5f1Aud zeRa>9q{ICd4R8%WRXaaE895_p_S&g>40j9y9V|yjGF*W{X`Cw-ZJ2rxe|y(s`GkCS z2@0e(B!D(LwE@uJB}GgU|1x@Dp&7$MOgzDlBHMPY?_&lZT@nBXM+66Ci|R3B>P{bV zmp0WHJd}kqn&a6_g^ugbS7Fd|bMCd(_5$FUKoi1NQ%J8STT$~1g2yIu2~#N96Ma`# zB?A;%2;@!H$SG^Xq#ftw;Opx=pWjzPDV2-~l)TX*-EYZzn03^U) z;(7UZo|i!2)OY^OHsp>TaRR9>u;6l5qEwbf6;ErC#s;&s8F4jjdSs3?UtHnmCMPRR zX$ANIC)tBJxs3J zh5d#xL|as!z0i0vOeKDq2j%~>Ru(0jdO!{yD?_CZp)+><12K#}Myvr{>Q{1HSA0Z*Xon?kW;SBv3)5+nP4Kl!I4`6c} zKhj=L75}H&1AquF_Kj=+$|j~JGt~0aArwr(K8~;UdFzX>aprFGJ~*uW9LSFV)Iv?4 z-}mCfH0=wXIatu;d~W>ZdGynrau~Auw~sYjYMwlC_riY`0z81Tfg0LptGn&ry4qs| zH!_SfVX|>REqewnmllA}VDuPIWp$?MAVj2$RT@QAJ~&6^%)!}(UVP)FC|{s5@HGDP z1@Bz9V+DtS8@Y<2@4cSEf^|9Tz2i8@}*S0fvx*p+~D9*G^>mbv(53exIqJqR8t$2Uj1+ zZG3!=15XXq$2KX0UTF>dSC@g`*9H=Mi>f8&d?)q!qS8C=?XQbY7tCX0Mnk=x*W$^D zDul7{8+U9TZD#+38tug z*f>fd#xM4u(MdG$AYMzG9-i9;I}}t)_swjI*Hb^#_Lvg8Su7(&%yS5`e4L9tX@=}9 z+}Pn()NRLvq21>8X6(pg&WfLNW~wGw=uQ2#4y}ipV;%f8C;H%b^t>vvM`Lq2|C`Z7 zRs3*;E^Y~>0;HTQ*qtxGR@xfD}$b0D`FPGSw4w1j^<4M+BFZTd)usD*n(||co!x2gJesQ@z zSJk}9&xRwrvM&#!`IE)Q91RqnLG3Ze!cX3%iJWQ7hGXMc2`7?ym_U=y-s)IKFwE=y zTS@(nnWby!fjpbNmKf-6-iVY7vVQ7+vG>+dZGG#$cPOQ_rG?_f+u&ZHxV0rf@!}4p zxCD18r7aNL-CEp(yA^keJHb5(65QVOxA#70?{m+&_uPBmf8H_PH8L{BT3IqPley+x z&-e3uXGHQj5T#SZg0ed$V93jX+<$?iBoqdMs_SOnEp};@ba*CyT~q~k1>B?c!6`4X z8`u@E+JLzx7P36?J&+SljlV|#09CtsQNexm^G0h<-iEB{yX2mdzdKv@J-FMtyVr&` zN=M$EA${-m4DTM_A$^(fZ1$q1(O3))&z|>5=J~ko@moqh&_Ao=0D#tBZ3|VkxB0Bt z)-rzklFoO8%z>@it@zzq{Z_gcx|^4J_|uU5pP2$j2RzbN!qDX`t$$Y9M~Z(d70cfI zu{QUz#z%X1$D>KN!PO4Gq9xX>W21O%fJ&_Hr_0|OaW~m`IR7l)r*qBdhWs`tfo^pD zCwAj=*at!Xqm6kL=gNO#LJt4GSM){BmK)Kih1j{`e}oL)Z6{@lyl8Cwj%O5m)^hyE z(dS=xafbeVfp#n~K4T5)a%f`0VhKkiSZ|g8QredB9qezk!;GuX?t=YugS}?t)MFZIw=|323F_N> z5slqbSEotzFiTZa|J;gSj;>p|ADmZ@`HcUp&Q9@CC^b|3Gfpta@IT-LVA>A@61W4n zH+*{T*_B-%G=7fO2n4hjwD?buS*Da^;7}@g=d;68=JyqG?cl$qiH=^!W&6$+DWZD( zVGE*e-%oe(LytJ>48SJ~50sDS`Hv00O;XU);fXV%-2ViF{skoXlk&}HW_xZM9!*7s zgRC%eU*PvXdl_+b5FLuV;sbkEleVGn9F^H#e^KXMtd)oT3*$j;g+J@ zKhn5o`cwY(4}(v7*6t1k>GDh8Wq&5}=rn63d(5!ewV{z_!(W&$9fdPj`z~FT)VNv^ z*;$1gPwu_IBN(umVa{ug;P&Mg6WT6*A`DN;qmbh8S=KIaeWDog*=``kO`yjD@P)T^ zEz7^j4H|0D`bm{dK>Vl&1F#(xK^el*cy@_CS@4YLMl}iL^>x+8q?xhmxAKCnxmg~< zrKQw)?t57FSDA|gWCS;S(HK2bpDAn$1~yH@8yIo}TSWT3Y!LI505-QY*FaetSOi)Z z5+@=MNI(AzCD={zLZbv_ax_ux-Y1*A@*hnYUUBn$E>%9Y_E%xM-bB>XR%xQWAT&*z zg_dtWFe{Y3>o^@VgUG5Fv+tyiTc_ zyzGB4F#G0{fs$h-8V|4@jF9Pov5%-}UIX`}(VZ`yq&?arbtYi{>@7%HFbrniM{3d_ncH%5Z(x z#(XZg@()ts!UAj}fQdf!%;%oEej2ZM=a@-u_El4<`Z-IHYPFB^K?$Foz3D*-ZSKgo zufKvml;M|Y)-*QEg~mzSNYsiz`RY{8ew=@3T$vDHeSR@09LAWMu8P*a*9zhq|Dn4} zWf6+<4LU-G?QD8SfPS&-JK*8F2^l}#{RIMhq0KsQmzlN53$^zIMr{QoSv7O+?V|iJ zq*uPIoH zPELB#`U<=-yi6Of&_PSx5~#S3%jeT0U3Mur{@NoqM}WaO@cRRpHCL?qc8a2*KK{en znhd*jm5>V?CE!`r>Agz#ovMP0cUfSEC&<@y9QGJk9A4de(bIYRkc;M9lji%^hJoU* zELmU24V|`3j6eL_z3*l3GqT4u&iC6xQPKh57ZiFpq3uUGYc;pqBl_$C)1JV#VILPG z3oHOZxpZYq@jKWALXo53$qcKK7e^Z3G~-o2^>G0@98KLmK@={83g|HV0Fik{Ra`I_ zc1!sHV3zCq5*c=SWJACtsTvqgLp^iK^uxq6UhO%1mkDp$aOw`KIlX_Zb zngchF(dPea0bj_fw|$Pl)my0C49HFKQO^3P?_fh*4>BR-GY$1v5-mHAGB$Y%c(-(> ze<+lPyyP8`Nu=yB#ZgN67j-wrqY;>b>&8+>E) zVwC53y@GYi^KFW%t)aQJO5*S$any~bLg%7r4~G3OeB@#(nk+yI^jv<(g*Tyv<-T@a z$|@^~*S|g|F7&cWjBb4Uu_6~zsJ_kDM5g>1oZRf|NBI73a zmAV4X>-#VAH2`#(>Z4XXXHz{V)*I_h!u;gwP8!0U7w|xKpx2FKH=TTK& z48Hcec$QWmC*!vObiP}+#6>kd5FJ7Pg7?4!ZJV(^4eiAMtQsqF!fZy@WS1DfvJ@+G zxCoXmq37)e{BSf-+4x}cc~Pp3EahpLWWzg0-SU?;otW+Z-|?`1Ex;-2KV_nOF3l%~ zPf$L04!74>u+5A-e5U;D_66mNZECFto|$`(jcPPZ9YVIi28etolLq7nc-5$J?*V2T zdwQ)$l2p$!YP%MW-gFhP99uEu@9pItGZTy}Ki0DlGcIAsS3#Y!<$77l?Ts@9_NJoy z3KIr+axvBV@V|O}?l9am?)44x#`lDaE`K$v2i>+u|2) z3+v@K>*G~26!2)7=V)ILOu-AUXGHftHs|vPsHq-aa{*Ydch&x2TuUFTSwHe9;Dz9{ z!KaJQo+w`*6+ZE@#GNES63357czv0wVqnDUn^|$8!)p8%2WNi*^XBJZ=P>y*pPwOa z`p>looQKN)Hsi(e?f48u2Uny6Z?vA2$l0+HyhQ@-!0 z9xr-a<-(u7Vo3B{0_GbBn!@C(x&z~>{+Ft_l~1}}oHP{leE>7bu4%Qzd_Ua44X%Ox?9&w(3f_;8*JCNYX zxT&cn6SfwTb$DEwL?u_SonsuYqkRNqV><}OQ~^XX@m5b>5CAT1LD_>!qSeZUY6L5B z&(U7|mYirQJt6+_w!o0|Wvyb;qAm@7?K(VYvP#1gevtbC@o*6vJq3_g_x~G;`73ab zBszb{o8bvyw7%Tkp(GgnlRUxHOJnK)EYMEZ&@whrcP(+?I0~-6dKp@r9US29ZHUnhCTwUKDks$Fvy>sTR8S z_rCsmfKE;D$pYe=tW%ca4_zhzzSIknsaVP~ub`XghwUel1>G$F(3@?(FiIA>HNezw zN?=A8;BObPUcf;Nz|Uf4lY34@fM;n*!K72okrpaQH5+asf_Db0E|K>m*GV^m<959t zfAL(A6eJAEO8)NMA+K0@oG0GPprw1X-y-#hrq0}lR4hRBk&dZIQ#)h$!h}XD z)|>vqC5zsdH3-WD943%JLTAH$6^#?4h`q3dPVGGf7OpS(Z!`-aw=VP@ygg>Pf8=VE zE>eTNKuFDq!uZV#ZlcgS?(bw?&OPG&J8V+^58pT+0Hec}>G!)EN7QrWLPlfP;EWRH8ine9k~YxFqIkg{4O623^sQoJJ|w?H6~bdO{)O@Ql-T^ z;|TEEDt3l4w?SKs1J&S@*~YD|k<;P6h@{6K3yK!Gx`XLEBMj4OT!t!Ug^WiRM`uM9 zq?YX(sl0;s-IT}3o&AVD&Ied^Z&L?&BFWNm8qR?WR}Nl zydR$bFO#hgL7X?aLwuJ~9sq!6>A((IJ=kvqja-}z%f$&X{RXSw-6n7yt-Z=Z#h^Q7U*WaGU# zM$g)ttH&|o{GCv4gCKs(DO&Vp(gRH%gZuG>a;iKqNrJwbD5aHSeR1lq@4s8vq{@U4 zn{snKtpEPl3}5)OUzKzPy5a|=D`^X zp=1)XFKRE1NuyN{RFoh8$r^W{Vf_9%s>Z)yzBj_7l*YINW8_K$dvYy5=iyi5>DqOH z_?IAIsjNe;z!D|1n+mQ!3B3K$5i4V zjXNnSTBX#i_kXiw%Gm|_E*ncZ@rpYY7l zcUi>je@v=AXvtb=!unriRa6*_XgeDYlq+ZHJA+dM z^Jvyf0@chT9?a7OJ~z9_qe3^a0#EE2`_?suz}jVsN|Bop-EV{mDoisoLf5p=LgLwO zGxJPV|1kRdU+mX;GH!tauWODpPqpHNPr3()#eId~0^YE#5Cn0vK-CK&y%=eX$mpgy z4IjgSh?l?3qR^wgL#SB-WJhbKe7#~3-omZ^9)@VS<{=_udb@zT&(D9YxOT6(T?8^?|=*+jcxfQ>{6m51)GevpJQGSp)GoOS!D0D znST*B1&;s3uC?pMT1fjvdN;Ng8v}T$6k~kmV_x?#vnu3SUY4$s2XrO%eJVApR2G@9 zmcD&pqrs^fM+#6SJm~nlJm?_jGRoEC>^-=IgB0*939XkIYwp&l0DOv0ew3^ zes=X(nltbs^;?iSlOFf$MeD@mfJdAGeb@KMFkVC#g}I2v&%T&o$w-i9{5HrM6cn)H zZz@yz(h0^WjI3}y%;gm4P<*PsNxUva^0lcY769NlHx@Ya@HnbV;H++J7wRG9E%?pv zw$-E+Ku-kxXb~Svzg4diy-t|u{-Sr0L7*6mGOrXO%%StRChg1q8(a!49sf>=6yskn zIPK!@k>ZVeFt(mH;{X7)`V6x;DcIIKUFDHl`pK2dTcRj@uC*nHpu>?u1w#GWmU?T% zLpT{arE5|6|6H>DdouOOU8UQZvaTB^#||YGCjnh zEQLJf)aT|3W>C=&XT?Yn*!0hJjozgzm|=6+Fted$cv{Dj_;`J#%YRkkUKch;!FQ(U zIKNHq^NA!+p7Cy;&5aAp50P(2Ee5k;BS&~!8~c?bD}%GGmA>XkRYZ{XbFORdUyZF* z4b!x%R5l#is_tzZ+`_bPt-x{3)c7Oi`f(+p8P^QuwG-~ZHB=U7b(Bm)X|f`8`yFab zeSDwbkaAvkk?T@=x={UFGp4O1h$4nc_@ICIbUc_TJf5oY!7BGBj*LL{Ac!Wuaw^<3 zOQ}Y);B|1;h?wnZ!~jhL;P%mzNfEmxok=Gh{H|Hm`c^q&{NXi?R!`&M>qoQ7qBUvo zZ^4j8sCSm7T#zOA=jip+a9!7#cTBtUR(b%!aDsV_;BmXQhHrMiVOEG`{ zvl5a+s*6xkP4E1Yo$Z5GQ9&N_l3PsXCFtCTtjUU!8e|nPxDx7VZfZBP@CqMa9i$U# z>?@=0JJ`Omlk7vqXT0WDKt&gG;PE54);M7(T?_TDT)D9}d+sGcT+%udY)a$@gz2<_ zk*4OgfMn(qnbLl$YRur?ovCQ`0WekY{h`NI{CsKlA*&XJ0^F|&2=xVeeFFJ`tMFp) zoN@Y9w0d3G^a#gXKYxwb<_B`#o#YGS)9ZR3W?ov>&toT|jdqy!)l(y0f)* zS0_eYj1BU8at~YhF6;d4XC08kMBF5l4qh&z?k-FZ}(USZUm%fNzY*IVbEg= zvE569*(L6LNaI-;xVo@Qdj$v_KJ5=a9baR0{1oBgRJ&5YN|d&$E)`z6(xR#xsM?oPr%ujg_cTICWMvlcH0L?J7d7EUU1GJu|#t-cjAQi0VV9HI$v*jh-!BCFqG7 zaSH!5Ze5pGL$&jK)CXgowwatx;SZMOb3*#T=x;k~MQ66cmXsY~v3)>2zY=xDc-eo7 z>MBvB5$F53n$j|jtA|z5RQI^>V!+9HXoDB`(J;qnhTX-Ifv1NBSh|VC!`p;uDJ! zuqIta8|7LV`5I|bzuIx8^ww^ORyx#Gx8XwkLX5#2cW!*oHg}D6|Wmy=J0sYHV~xRh=wXlUAyjcV7MF zRiDE!UTS$CZAATv%S>npcCKrre0z^yAu1khjRPwa(xa*}k%;fn7<1O4s{duB2ItCS zBp(YYoSf~ZTRgC2G}Jd$RC;}Fa`k)FT;X_cq~Gy>3SAL->2 zzz-ydHG8;ZEUP%Er~8wojA)R|>$c(RQ`AZ0u_Tpd*~`qE(I*n#@zu0!D&iNQA>;VN zdcse9T23Yr%=BDN@Y}}97!JfyqKy~hLoF@6)J>)vnaq_Q3RqZwGRpN$#-COwWC?U!-!gRg??WwXySEWCH$Z|9oR{DwhFdJ=vru+BZ3LjR(o zru9QHRt7Zmj#x&!SmTu;hVo9c)Wb=nDV44Xtnk@Y`LriAA43*vOf3VPkLNFe1HB?4 z%_lXq5^M2pQ{efFmbGSmyqp|Hx<9Yt0>_~D_O6E`S(kjAyq%oYr_xCo1Gq%^IkPp@ za5dzu!d+BsdSq<+vy|3(v5N+&`vF6g7Vy*eTDJk&SxOsZP6_jL9r;DPoZ3dm9J~f1 zGGhXmarAM`;aR%JQoAIr<&vP(#S>m^uT*Z&E@kD|=*0S(cX4*Sl0}jeQF|p)>XOQy zHk;ps14(p(Ni0kkRNl&^a|O~=uIJHhiWpGT{jy5VO3#kyU7T)eEto|R zXZke}!ctA(ZR+Qw$odh`dI)FB`E>}V*bPec%J+`_lg4jTQcQF@BcPRA?bbeOQSBBq z5mx%}&lYd}v{Dw&38UnLy4k&fMJxRpo@IZ1tjhXI>cp>z7~C5-WYb2x?(+fk$N;dM zqIj5&V1pjgu`zW0*#L;y^BEzGL#c~1Xi%8X5se<5H$(>@MuU2Yr-Kj}8)G3Dcc{M~ zOMyt7tg8`x(KvHiDU(Z%o(d5FSomPzb=*?Xd_v_Kp$VEuPAb0`NmTvH*+_XXvUROx zP|@^fufHwJ*ooz2|5yP4t_ida{(bF$(ZmBi@z>v%wv5OPtbeQk0KV_yN&kKAx{uwk z1%ikP=QRAQ2LATRwQ5izv9k+~!8bOfI+Wtycel^^*ULWoKfUaKD$JzVCO3|So^m4#CO+Qd1(AbaT6rEvPPwl_3Xs3*PTCG0! z*2n9Z;%T!1e!cutFFB`#R-?P4lg7u*cE$ZHw)Tc+Cw0PL>k95Q)ewq>OcY-ndPej! z^?TE}eqnc4!O1}d4$Z3SZu{Jf1|#LctEM4O(09ZlHW$|lU(MdVlVPqnD)*t+J+`_e z!sNfguX)f-Kk1X8@!a8~*i!ZomH1ecp8J+8aGp!S2;yMwu~_+NHLVPo1D(^UqMLk0 z>BT?8SkOnjeR-m?7O$AGp|=NnZ)b_v7K>0C^3ATgLGiL)Ry=U!u*ZD4j~Qot%mFC=Xyvf%fQh>sdUb_RgxZQ&i|{7SKS> zm%pZ;9s3+7$s&P_O^&XVl|qK39TDe`X@a?O7|B;jH^enYc|0NYOU&&33cQ_pU{EiL1-k1W#E8Xx8^YHko0^hAS}Rv^k+yh6%c6PRpK%Ul<@v!hDeko z@><;75IhVDKyAeDTHB8X`btf|9GKUxK+`CR7NtIYb>(Vj;2D^6RmqNp@hl+>Id3KS z%00{ae&`qo`YMV0U8!^V_#*b_=Fuvf0xtf6#KtCz<8+cM-mow5unk_uX2aZo>BYg= z6aQ`|xQpRPc_HRf@mTJ+cz>P4^kNQchMj8Bf3N_Qb%>(-rNsAA?7l)LW!&>ms&^4` zn`Dba^h%Qt5)FzzH`dVUGJDxfPt%FR15sG5cGg03Q>a${;mI6Z(YYyfA#Za+3vN?; zs@6zVh4zG<&n)M6p|*7gM9J@v!Xu>f3jw63(==c9UtTy;IxJ=iwWu_L0MAKH#kkCcdeD~_-M_gA-#TtOKAP?7b54~ zJK|c4Tnrb5&YJuvL$J2&K#aDeDQ=uCDy+cJk9uBPFL(XAw7g}f7OUYV9$aF8FQ{*Q zVQRij=(Pu1vc}!33J2W|HyG+PWCjl`iK*PaTm4;=clIY016>4-t zd~jD)DB&9#$Audg^>ShLataYzXU%Jg_WG_4hGDhFSG`zji`Kb6HiJlCBK zdITh$p22~@(s0qu1<8PQ$!^}M+^8mKrH{1HXHP3L$9PM*gM?NSWi#8AmX#WX9nrE2BV)(Hmx4vx(;e7x=)H?q4RsadRGiXn zPEiO>_B~W6P4h|t$DntGI;eB88Ckv|*jJEbj0irWo;UXFy=)PKo^Ld7T%9H$=PhNU zcYCI^r6c$adrp~XPVk}4Qxz<%Jc7K8Zfh-s!OmJ?DG}GrlUDLDEjJyLssJD&y+03U zO!etu$m8_lU5Xpt)Lka7oCqQTI^dYKZoK*!*HJ-H!>g_GZU;fXUz=mRay)B_*{BN=fkSPe2yw%Y zQ}6vcgnxEe=^0mx*1TrCSmECnn`V*-ERmEWF=gOvI4DxvcS)h)V?dAO5|Z8AJV8x? z8N(jCy|6~Nq|Z&ZFt4!q3@w-oHM63DiJ*v>Jz3?)Lqyab0Zm>wZjpmRA4LQ^f9{{! zuW?h;)-c`3=43gK<_Fx10hV0|)nN>EN_wXv9#F_lu?@*64(T10RsTXXt`f3L)m|An z#jV{?4LE7Q$)1;vK#OFj(fb&h=<&`i)HP$^OmB=#7l0_Dlc;tCXQgMHz+p84Njn1} z1JXLFA$Ogm)oW`W!nmj3OE`vcb_)-=UQbCsOHN=o9SycJ zhfXuENu%cu+!VX+{sHaBi%?;Q84nNj%Zv!o*wx`8t9XUF5q>yeMCTiN59MDm>K#2x z>UZ`a(8OCV@gW@XsfC<#7Von5STXMVM)}u99oq-nEmU&HzKdQLX_gt!zC6A2TS)6r zRv2cn9_YKu}c&Q&ip5Xd~Z8bH<>)n#0yVqSA ztxrGpYyP0F0N3-d9)n23$owC}Daf zbsu73W=__A2}7bsdUERK+e$cuUneu44lG8ll+41MMuisAa_~x6DMEXFjWlOl{xl3N zdF8zR$04qI&QMgB53eZi5V`Sa^sJ8Z-lwS)siIN+KucMvT9lk??jt> zKbDv}Ic@VmCu!!awU^68)wx~(sTyT<%#-iz%Nj~MmrKDFAy1}s(yefPR;w>-txINy zD|%c{^|q5gNOOdqyrw3j9(whAZa+v4M{^$L?tRtv&iY~=8>}?Adzq7isDhy4Mb%ez zY}kFTet?@PtnTK=V_sR0s0#*P~vUeITrY8Wt+L#$@Q4fLKYm3I3;&er@n+^dKy}*CCk;G z4trVpp8UM&a=4i+36Jvn9V=qJ7FD^_(MZY(!j!OJf`%nA?K5PW)2_er2UB%I6VF<`qEy<)mI_4CtFQbtw(qx0d6*& zXMtOs_v&;E!8{K5G-giacTs7-pm^Re8eS#ZlBWdvIxfGrb`J#V^eV2G=3$L(Jb=>YSkJ##RljI-!Qkzp zN7ngV2Qgaq1j<=JcW@0UDe7LZW@pvxWn!8|KU;klBV?&6p!i-dI=4PMyTPfA9Z2v> zn1kCrn)6CPOtN!!;ssVK%uu_w=uLC2`~1xCJwq^pX~d`~M=#~h6YR5ScU`^d%5csu9?~IBQCZFRdBK@A!6R!!7soI{*U^C{eNq^UBO@ zu!J(_mvl}ER_LqGeVw-6+mq#v(~qZGOeo&xeIi%7xiC3d!hiSK_r%X!La5jj$pn@iS(tK9Dl!yll# zc~6?+{_`bJbIRvCw7d-+m0G+?kwO~U6nb!qc)k8r;5;3d_QYeg8vR!VU#PUW+(mw; z=loqoLmlqENGL?in1~(+o83MhZ~w7!hv)3-*RxqAhx4S7Ek z&3FV1gnnE|llJOB;1EXL;yw7bDHR%D8u8fW6facxdVyV+P1KT}UVPx8Lk)bs*&MbK zBaxoeolty8r7=(6Q|~F+J*blnnLhNB0Daxu$nGAQ(6gHSrcNLC7K@@A0R+ES(U6Tc z;GLaPh)B%aE43^0k|YyqYSqsKe)FE(LH(-eeqoF@qcmC8@?Dl!nx#c|->Oa;qA(5~ z%t_#I3}!OqU>QBfyA&vY|K`c3U&OQnAh_~118A+_LR zxFU$cN-u5M)`o^iIjD}x=bIu_r*&O(WNX(nzuxMFt;^>sMG#fAc5D{7n0g*ckcPiz zYf~Nq$!h*ZT=`1YC9}q$LSE2_JnGB#fX&RUKzCJmq461gp4 zV1C#312{fD$eG+exr*+F&=5=pt*G#0_NVE9wB1EbzGSy5&#ye8ql|mHi!BjwWwE_1 zm5{t?v1O8>Yv3MX4Al?BY4RvV&%|5ik$vWioxvz@-w4iRutf*8R>pdvAomM`iWdsw zI`gzZM2$qVazGsy{#4MMCw+&>6Lj&-wvxs~PI#Mvz`}r1QRFkpFg;gO$iEONJUg}iC>jWKL4q_z)`D{<>L75e+4FA2gtn9q;m$F-kx_kg} zo~nJYVe=kGEkr(owKpWWYL!spZ3ZcNj?d*H*A`t~bRZ$K{uev2aC;K#ZFNpciRo~T zWYXJJ;ZI4$G?rGS`Bx7O&6BeSw{LgN0wKL0jeYFY%*M96{DoHi?iOr=r#u#MBV>yl zQFuY$bGr(4D5QmnX`|P2UFo?uSU(`kRpjbR+lcZAy7q|UPQ5R5!em9#%M;$CL-r$Q z?0U6yTA&5$2puOevLX%ZDua=kWfUr^ACd2!wR9DpW3h)nx|2O?_1Q!-LMJ0dys~Js zSx${vgnd}uz;XHee35{T>%NtPS936A`%`ExYIe6z6J9)jnatA4^i~+*$zcC0_$$_1 z?wu)rb}q>i@UUD)0;)|l?dP86c@z0A^E^*vm5^xz1TwI*&s=n{35I%mwYroy?jOSS zgCX;9^*s*MOKTVM+L-dDx=*zW+mG9P^AYo9trO4b7-f%X;29L?R$Tfvp~%eGtm6WC zpWPv3P}{r@rhPfE!I#G&0K()aoKYd7yLi13S0K`&AIQuSQfKSN)6F zdmg4GIkr_f$ml0W1e<=N`FrB{NJFhyGQQu7G|x$Ml;`^K0+UWlAVe~FPN>*m$oKC% zdfyZi#;40g`!#)>cT$4yD!>UIGUeOGPJD?@TjwGmQ3*wtH@`0g%xL^Q9#gwQTxT+h73e5i zd>rIa%3M3Jf#A52DTH4OkCGX<%yo(%nuwHy!JDO*(rew$H)`Yfkk{GALy^b>Ee@-u zTu_dZ=WrAU8v;PowwL zT}*4`=7pX`5tYXK4It%V7>S$j^j=*nj6{x)w+PZY9rre(3!9Tp=*`{{T_osM(9N-W z5Sz zuX+C(9`LBkyMEf4>h?<|9xH>znS?8!X@+~R+rW&fc~enV-|l@Qf^JKK%<|~-L-5if zBX7G~AXTdcAYawid)1o6;*%s73&XKHz)X#T&NbHvsYKfd&DY6XZc(Odk0BR;CBC_(T@=uiz)K5ljuj zEc$A-Xoi^7omT{l54fU> zJvgw3o^Zd}HB!+$pKeA~-yL%EWTXO1SoFL*74RS}OI1$rcJ=pzP(A%QJQ0HhY9nT@-TLmv?kWs&u-Yh1OqJ|w zqJ|rv5nkF4HAdKD4)t;855`g9tI!6J(t<9fm&9v|*2{*kueNBbf!~O80~LcI@3kCL z`{!nSV9R|6{#~kx1WxFvLS71c1pMht+4yUr7JBF5LBC;JJF`?-P%Od?&VwAs^UXxT zIoQh0wG3n_!X(X?^4utQUBzFCcn>Vi=A|U@oVvR1tK zWFyDP8JL-r1`hQqshYfPv$>f$IZ@vyf6uKuJkm|cr)o-bRj)%2d|UZWWJvTIw}|EO z2e(?y*5o=W%}}xwhYjbQ3z^d3={e#@^8F7jmQK34@*s6WvLRFZJNOQ~HiN#!R&U6} z9u0vma+R9qflbKf8@~R2poDtRy^Iy2+VDLmbGDPJPMk zn6Bu7&?6P=qJ6Z;9}X|HF+Kh2OU)9e(^=#$DZ*IDqRTl6CH{fuNL31V3^{YQ_Lw{v zT$a6x&yj5O5(T1n%!#%Ov8ZB!&eM+5zRRiK_znbO4oN>qrH-h(3KzsQe{e2R!>OHN zFki7jPi2c=ElXRt;zz4fZB^#hCh8hb0G4;Pfw2nfDzat@B=bR;JWT}{j;j*jaEFk( zM%c_KWto7(IT?$ejAioX)_`Z$lMYqphDN;o{9W`YVwgMM8ocobNeK!bBM&n=OlaIQ z`a><~3h6DEk7Z)Bv*-DEudMRoY7lMc=qQHdtCOD`@JW+Ji^K_&V-rPU4zxJuIXN3ItxC=369q}sA;S1(Nc)VuxDkf*bf>JlTy(`0i_ zZ}ks@nJ}MvC3`F7?lpd5sqUYg-y;W8HkCl*sGLITuKL}0EqS8NLm-tKGEVhoX{I-9 zahcB!^{kbXWWtZYLzuykPf)KTBe`$m(-|}7!W@nb^-I+FzAcmL(p`Zr)3pZA5uSa| zK26l++7sNUPvyDR%%mA8>-7}&lc)Z~e+%T1_}aKH-frmj(i7twj3?QwXjwr?fQ zo;kBu13#fN{T?xkNjSeS8d1eHTaF3cw-GOatXj;LTfg9-mGY_G>PKnZx)D6Ax`QD z3rZD`Vr{(o`DgMBJ2B2;G+HwKS(YhcO7VrA|t{mK#659VH`l2?+8-w?xN(zRZpQ<(x`nq-0# z0c$4zQ($D0!9@C`xuV(h1HK!QV%|zUq_Vvy9y%60zZUnS-Y8sR2p9h_-2&n0E@JC& za$1Dq;f&jWFPVNe@f!F649+s$8*bU&e_j&04peQD z2t1p?6=s-k0Nk)CY~5lqE&x{rm30>jzXxFHZ`YtBl*Za&9E{?--u@EN-1k!C&>6?* z-znA(>fFO14av{qj?s&ox56emoU@i2(0>$?RX0MR8Op|4`qk?8h*IClBTV9JWk^Pl zr`w*RgtyhN_?VRovK1hPOp%k?Rmd3O(;dmcuOY!CyL1AL=k?hw>}d9cY?B3i8?whB zuTJy73zcBpm0F+*Rh<`(UzIi&YfyKMM%UZsHOW8%(yd+kS2mk(tZSv)kND}Rd{{;j8y6VJr1VQX`W~ma6*#oaZI%1((0;PcJc+M;H?Zh(65Rkny8!$8P1Uf^`4%Gg5A zfXY+3VAvEXF~tcj3|CQhO0apfAgV*0%-qdq=ofV!WShqQ7p3EjO{mgqF&8@L@k+ey zje*fWn1pk7+gUq*(l}>&!PqqUH=f6i3pLnitwTHBSXq)HS}ikt;p32|X5u*EQ#_rk z=ydks)B_6%mtrnM-DZ}7g=G>4%93Kyi9LK}XtR%_JLKV|idKyCB7gTkx)Ln~vLr1vz?l=BWvFpB)gZbs-HU{03PkHd4Xf8(M&`4kL^8!8gYj0kozKIe2 z-NdI;l(WXNGJ|@JcZmILW`$Vp_P=%b!C^iecEu}EIuT>KH6`rc9lQ1}zoVaOQ|ro% zTf*=|pr7dsxmLd8JjJiaU6ihix<_K>-?+FUXt{VqFQcFcfe%IyKAKh=zGg{)Y^GF8$Vm_qM1^sCsTgpBu3FNB@I#*ePBc|BFkTIM2 zIoCqByWG3?vP$R|WC#XMSXuKZpRZvXinRT#YiOcfKvVm*3>k=WJ!RT`KHdGgcwkILg_~cFb+#%E z@P)$ct@C}#UFer7V)T@sYgVyXY;q9K!N$R{ge_z)Lu7i-|j zyqq!5&fjnkU@u{@nF8kIMY7IoS9Kr`gCRORJbZUakjUi$4zzsL(!EI(N5#@G8kbo3 zY;9O}Eet({5ZZdoF4AwY2&bQJBWR1T)U)BoMOV$mbcL)cajM4k?qEZOD1A{4o(B=W z@=iN}eEjd_A_YxMnET+&UuFGMUI5_p7qXPU!!`6WgkJyvQp!KR0O(KJIHUe2pv`}S zc=>aB^zt7Fo&W#9|L@f5f@2oz^2qJsT}_LvoiO9&3%~^vCqN?$1YtjA8>9D1$?xl^i*GJvRMdvfB>7vj7c2Pj?Zc$>n_6~=> z*`Zivo<;cFywMOWxBObH(R!#Gj|B8ooto^Z@E$1%2{Z!d8Gg=Lo0*)pb*rW@>(3u` zOsY_Vo)%tzWZ)3Fg-uM?{E&)@-r4~l8!sQ}tU)N)*G4jFNu@^Y(~%3zb3RL4ZuWBo z#M{ibmJxY!=Xp_jUfsaiEVDICEq>Ccy#*TyhV;%ViGXPqoqNE^UM{r;Z(r69ox@r$ z4RDmSS z1L!4Gnt|%yzUsNuB}+xqF68>8^0Dg#?v1(Hc=&MQQ?GYjlN)e5%ORGVo7-pQH118k zI?V&g1v_(QrD~+{Q}kE@6eZR}d^gnNl=#rBp32fH#4G?m3Z}E5y@Br)(DOKuW3Yb$ zOQD>Ee{X9k=4@&noM%#ku$ljvt`K-TcT#?T=_JiiM1Y_3;Fw=7rRHu~I?xxz9(6Zs zW$EFeQ7o#&=vbOrWqF1dz5DsK7|rEq-<7YZ{U_99fw)`GjkekKGA!cm_4z=UtLU`L z_RL&BEA<@+b$0)5_1D3b3;%%lt>YaJ%?@F9>BgF+c<9dKyAO9$CH@%Z2A}U}%x&+6 zPn$k^bsR3zF#olZA+@ms8on7p1S3j(PoMM+oh_X;CnUfKFC6Y}I8P~W*NlwvH;BkZ&l7O`+_54 zh0O-fC99CT)OHt8ENrpcjM0P>?73aM1rx1gwKLkWf5#!)P8`Qwn2xtO$5l4FatA{c zf(&&$-+@4tZ6<0+_SvRpF$?{-r~{LM= zQKpR!VaLzT-g2^C`sRE$hj(ejWV-_OS24@MLjgRTgPhmv->L&eGE*)#30H7zQ_8P2 z3+!&Ub;mdVpZ2aiD#t0ggf+%3k z9Enj&&3cSI^mOs_buq#|mXnh1D7L%Zx>*K(u8bgEURxQ+1)&dfL$Y+o zDtJ%j`c8)YEE8Lc!XF2Bg%`VEz5MncFh$LfUq04!O&!oV3p_bA#Q4b6rif!XF#BOd zs`wQKic@{?_f{GhOh+%8C3fQniUDJG*Qh&wk|Sz3%yFW&967r?P{-y^mWw%#jOxZ@ zbzju6heBds?3{VONY((IfeI%Q;r?MWxpcDhUA5$|5e_l}85h-kJ+XTNsP>deAbHQs zcHR}uu2)Y7OGHpvT^f^UGDTN9F{6GqLBu=>B#OqZITaQg#DO1L%uM{?l^?TT0B;lJ z?3=Y|NpT$sQKKBthz&n2EU6YX_i;(J=&kSc zKK6*=DXL`p(JEm14;u$H1ZUN%OS^Wa4aEBV(wf$JpZcW#Q#%+P|9&2x(Ay@#{G=1* zW5D(W0s$6HJPR4$DY%f^mqKT%#y_hg*_3DU~=$5xpca#L%`veqJnt2yUT6%DUxh3l z6Ox-s5(R^1Eup3r60AN0f4f!Zh^7>quah-~IfRiq6ovy=QsnT}if-NS5hR~70}+B- zGR?B8Zl4aq`fFVVgHwvTR_|J~)@iE40!*RJy0Guq3zK(~T@$9V=RjnlvUwpROn?4!N|eeE~A%F-O&UY{fCIUDPq;HDd> zg)V>xPZ!mib?Lh!HxwxcYqsOUvyj(5O_}MO^HGBTxSeoOk2T5DwPj+RNk6!Pt_9-MLKto z59UY~ShryFhPsk7De@xz2U$)vV=-&qTW2CdV%Kf6ud2sevOpqY9urcY|&qY(slz!?R8YnX-t0Hc`KNC7$Lz&h&@`GuYZyY(mB8`jJ$=D2UBC22rp!+ z9$M$Y&{FQGnuaGj+I`aM)fi)3Baxjudx6q$=G5X6?#6A5RGOu3xF`MMh1y#xT3_Fq1%%biuXRz_A6$|ePyka)3Ww}3x~IO3ZCh3SH*LkYiQj_rEpxt<$Ny1vNaSOr ze5Og3!JZ1CSA4cnpvH*2{CW1a#^1m>1tGz<>Gw4?vFR3S)}gjWfInNv-RwR`AzACB z0xoR#=PKk=n(1Aes;`ZY?1HyWC>+bTAV=%cmIUkJvn^0^@=yTcx8=UY?!P)w_>KIm z%nb_MrY&LZBVi{AZxq?SWCIF-uxcV2rZ#@-vuQHVh8iR)NbsyCm^)Y19a5z5Bj%(r z-m?J^eCAx2F9hEZ!9l!7S(SiF6z$YY4dp69Dm9u^lF*JavX6ueNdj#!;*~3Slni0I zn7`Lcfx(QZ4hJo$RJ%oj3u|K8mf<}W1Dw`4W*23ZD$9h!Ndo0aiCsTfTrjQ2BY$g zFqB#X21(9}^Vu@2`MlvlzSZhI0& z5x1*4P1IIV6N+?9;gE*@kHF7EF$0G6g(+@(a$-$skJtVTtpfo^|LJnFa{ \ No newline at end of file diff --git a/packages/microsoft/img/siem-alerts-cs.jpg b/packages/microsoft/img/siem-alerts-cs.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b74edfe2293f9339b63095c38f58f7692d52fdef GIT binary patch literal 399141 zcmeFZcT^PJ(l^?}kfY=z89|AXku)NbL?j9V!jNIeImo~$3J3@YC@IZDn^ za?S!GAOi{vFfh0A3Fmz0TlcQ_{qDQg{o_6xclWP%*REYvy?eTLRk!#F`~q<9hK9BV z0D%C&Q}7SKF9P?~gAk4YpsNcA0RTV>5JBhwD2O279{^zkh<;-LxB+4R8yi9{{z*ds z08t2l@J||ZaDP@n&S$;<+!MSe_=|#y`!)10OpG}r#V?ZaIQ#i|DTs@E_=?%sd)hjP z*?GE)2ibUuONd<-2b5qzUN&~F4u0IW4o(OUW!~-D23~H2y)v(DHByLtF31S#|WX08C@vu1H#?%yPSuFAZ3 zboIH_JbfIvWyGY#F7txDee4|-46kea*%v%g=KWL1z`#JUKq)a#A185%D_5?FUzQY? zloSOiM16xj{A_|mJ$(88;&9!;*Uksw<%jU};6CGMW9#Yfr_9SM4vrxH=MZP`Z&_8i z|0(}i;2#V8V}XAx@Q(%lvB3ZTEbuRH$H4=1aRNbK2EcCt^7_u6exAP0o?hHiVwVB= zYudVmXHFMbe&Y+j;kglxCzA<43E}#EvKO1!Yhm~$nvdFQYH)o+Jq_)f>c9OynpZYn zUTy^E0KnbD&&N>n8uuMDb8eEapu=`gYA5QeqLwzE{GX?KmkGQ zb%ve(z>m(b?H~BXZyIAmHIU{b=)qFj*!VaB0Cg4E&K+Rq1oEMt0P$rHdxQr7(2#;y z#m?Er9>iK87IAm?Ji{OzaMAYP_&EI=wz0AOo2QM9)8F_HUBI5;z}FGJUT!wQzYqQ= zH|}o!puK(<0dPy{?4xA}?ioP4O}KjMoMB23Z+h6?(gQIah_MJzqdzbKxwF64Z4iU> z1n2F1)y|xBCJKqZ5uPi+4=4ka|DLnjS^IAqAAiF$`T4k$K_5FKw9op2azfMnoQ=<}@fn|wb~eA|X901QgNN#$Hi23>_})2_?YCa`4%gK| z4C)U3;^1-nPko^aUVhik#yab}>*e(d$sOD@&)RuGeBL*}=+C}{Dt^v`Sv%1LPJVsqnc-h=WG1_3t#HQ+kH4fuoA7VrdI07U<0nEpQF0d9?ed%zap0n+&X-S67(vkpK2*naYN>mPkZ0mt8G1Ag~#1y;ck z+yNcH4LtS-u>;uWuhC3^uV4$}@8iElw*zH$1MAtj|GiBW)aoWU>KT>)UwpY~{-PvS zC%#UsMXW)5iI9y@g;0_3Cb+!{R!Ks6!YhAC`!9N;RiZ(nC8ANH1)@nfBHZUMiof^) zy1)WB&L6gN0PXm1IuiDj^IUTLx@Z`%{}U?fYT z2*4hcQ|C`v|E7dKhL%D*piR&&XdSc?;D$CptDwEm&u940@il&5MW??a`xj^1%LS+xV1g(#6-9y zFH2qqfV1bw84UpZWcvMlfG~Cct1Y|(0F?FcczoTz+HM8`Ksk8tk?;PiO)wPzs2l*G z6J_V`6YvK=!m}L_Kn~D=cN8nY3Ge|IL470vSwIoE3aA4&06oAMFaxZ>S?3JSXCELC zKmredNFWvrLOci30W|Oy$O8(15}*>O1Db$#pa=K@i~`f(>{$Ue01U7X977-w5(pK9 z9>NOYf?R+ILnI;c5EY0zI6*uh{tzVOAtV-(1WAWvLEb}(A=Qv3NEc)f zG6`9PtV4DoM+8s;N&*G~4gvuJaRPY)RRSFXV**P8CjxJRdjyXN;t5_5ydn5VP(jc{ z&_ggvut2auum=U86i_B84^$K?4^@NeLCv9#P#Rv_iB`Oiau~EJ!Q|-i>C&F2o_kPlz*!i-;SE2Z@)7_ee-cSV@FQ zlu7hRY)Je_B1zInK9V$$43VsmU`Z)Rxkx2RHAu}#JxIezQ%FCM){_pAu8|&-og=$I zra-1gW=|GOmOz$GRzo&GwnBDHPD?IGu1s!B?n3^6`~`U-c^ml*`A-T83SNpU6b2Ls ziu)8VC_YhiQY=y&QqoZhQL0hirSzwar_7~nq@1MuNkv5^Ky{VMoXU?Xp6WeS3)LJI zmYSYgj9Q!8o*G5{lDdL=i24T&8O;S6RT?Xrdo(FDr8EOHo9D>R37k_qXLBy>+{<&- z=f=|g7K-)$8jgEv)fKHvxp6(IdTe=pyWqK$*AH5pA9sNW4Z2C6( z6$WAkK?ZFG7lv4d0)~DD3?m(*G@}V)5aUb6&x{L9P$mH;Z6-IS1f~+EF{UGC4rWzm z2j*zzLgpdn0~U6ct1J#IF)T$aqbx_P+^p)XuB?fym8`RDgls}=25fU=dhZQdLqr(!$aX(wWi|GW0UKGEp+kGAFWfvOcnfvg>mEa@KOMPp>}Lj_p{KZO#7ZADQZ1Bl^~bf#*L<#(Upr7!PzzOSybistc|GQOzdD`zZS{2Z zISpP7Cyjg!jHZlch-RY}k(Q2DqSm-Jhqj&edu_}Oxf`K3T6HLOjC9gYy;*%heQ*6*17ZVxgO>)Yh7yKI!ww^QBe>BAqkZFR z#tFvLw=drIzujy?V{+Hzy~%;;b<-r%g*)PRLhtmLv6&&vs?15uP0Vx5_bk*co?EQk zmAM;vcg#}IGRU&aip|Q+>NA`MZUZm1CbBlQ{$P!>(X)ADvuCSq`^pw$r)HOGw_$(P z{+a!{gR(=C!bd5+;@wQ$irh)v zt=+3V=sa9KT0J>EgFFYlguNoY7Q7X_pL=6`bbNArA-d`kS(G{{4sZ z9}@Bj^8NGIKi>WLrQmu&RiS8MRuNNC>?h!p|EKT8*2QBbIwj4e@}-4k7s_6h)0f9o zKq`VOFqO`g3sq)SgVi^xn`;zn%4@}HbL)8OUVdi$oKR0*|EM0{aIayn(W`N@$*F0% z8QwhIa;Iga)u6S%O{cB1U8B9FL$#x!Q@OLQOQEZ}TfV!pN4BS;SEjeTPo}TDU$(zu zKyIMw%at!RgGz(-L$INy;p@ZgBibW9qqjx}$8L{JjNct!n6RJtHt9CGGZip(JbizL zXeMU%+-%C+`MEdqm*$HWWEVa!USI58GFqBmwp-r#>iZS9@@SQ6HD!%!?fo~&Z*}V$ z>tDWGd|%n{+Bn{f+@jrj_2c4?vhAzey_h?gl^vfQ{O*&VtUq&qN&jlz)8Cuhci%rg zh{3XA^A6VrCi3E@1Ay08&(J7~{r$83zZZNXKub!Dq2h)@cmV=h2$U9rZw0tO*@-~M1T23MLkOUR zM8qVdWaJbeLHRj=00M;)5JHKF&VmAvQ1CoJNJ~V=BcV!6Z(u{h>&+nfATf)S?^_Bgh=Kz2 zaQ-ZKkO>6j0d^(^|51^Vko|S)zrM%Mf_b(f{1iY51p_;@P+9;6oZ#L(^?Uc4Am-vf z^&cDjGY9@p=fKln@3N&K_%A2N9G9Hm+$V3|5s&uMBl(u9!neaQFe$yEo9Q=a(No#$ z9~X9K^wr7)HDn{X&0{I!+T0c)*SRJ(CMzqY5>YzZsF4|zv-V2_%nc>o zn%*d~#siVhv4VI&jq6lv4iD_az_AE;IO>-K9{3u!h6h-Rx{idu9KBL(*!YT4#RIKu zU8uD!IF6hP_u!}r4^Umg7@bCf)b~x%INJm)LN6TsOCkYBP=^PW84qDr>lnF(m9;kI zpuT&YR8T!HPbVwNxDi#>(_@-CR7CLit5PDO^7$40lmpFk96gxQcH8_B{g~Q=tOIf1 zz!J^%@kcnD#qIM5_;eUcRY)y8pGK)P{nf&*gNnn>i2F(os;r&;s?eMd<^dUY*>^0~ z@7a^NBV5_qC?(?Z9zO(wl|oxyig2|9$DBKV(JuMLH;MNR)ENK+ zb)?R*2J+T8-wqT@alJaJdu-_9+~J~ak}iKYhyJIp+}EffhtXI1i9DmSgoeLHFRdM} zQ05Zv_>bn!1tr%l%U--Jd^hZ z^SWz8=6u?bwtATRgo}CRbM91~&()>gotJNP;T{)xU_8O`Zao*NvsRgP)`FL}XF0{r zKC@Oxux78nv!h|LL`_~ds&t)0aqshZ-(;BT3ojwSGsX$;Vsjxhk3VO`^-0^Ce)xGkAc$cqPI2 z?pjL%0oHY~FpBxnFAa@qV~f~omb}cx=@rSEH6CpuV?V%}&POk6Jj1H=Wyu7tG9Eh? zyec?37?4Hsqj38WjdmCeu3#`w_eB$cTfkR^8V@A;44+Qnfp6`F>D6cwRA)5;54fX# z*_rB^-^R|rzl_y4T}|j1I27UJ!2^}zC;X8OI{7~}m)CG9H0SWZbn0o6n&qMC4m$Uc z>t)b;Jiz-HHQt5?vO9O#b_dQQ-LMvz`P)%yI}MMyhl+A5Evgn%u2`m%1YSLiW3euC zQ&@}HQ^4{qg(YThG*pVWoQU5osT^_3!IaH8l+S1@i5L5uSavQxTfEQ57Y-?M`K*0S zI5l7h#@gv~#8NXHf1&5|X)DG2<~(T-T5rTtOQa%SFx9KO zE~!|HaRM?9EPuWiij+Av#8G0zk}<14m*5Yi^Wl`(gytc&Jd2ri2~qTmH^$T)w&W3! zf%#iAtlqEaXhu<#N_yVQdQmE@I}QsJzWE4~RNn{|1L@*R$I zKAS?#EgTP?RkM4$nA9X`|0qM`PI8QfC4~*ZcQt>}93#P*S-tVoqd^G( zTEDy3@e)OL4-cg6b28w8&atAC5Y&;eo-_EATN{{2v_d@B#l{$xII3*JHC1*!4wrFX1lY1GNCi27Qn#MzsA6{M` z$QCm1j}I`xE8tBVFDJHs44VyaIeHblFq646K zTiQggI{Pn&%RUX(FqXe)7r=9$FMaNEf>5&Q3FS=2W(dubFkY-vlNE6lHahR-_&w3O zfSuGZ^ro6vaEhmg73U+IwixRa*#L1h^7&2B~vn=!nuDY2Ggb} zcbZ*2B!S5h*SRitg!`eR;3Z+z3$xS~X&*@`BVnWWIR=N*?$aXZ}|+TwHSuxV*M)(CS<{xZT<-ku-2 zY#Gvm2Z*FEk%}{RJeCQtN}M)V=hI+`SNVQp+9E$V>`iLP$(p#{mn$dJ=({+Tow?{8 z;pPADj z5zNefY3L8LCsDf9wf&R^#qfjTj*XaDwaO4nfiYHXC)!K49fH0-!76EOj@Xwc7u?FS z2Btmq>r!D z`9Z65;{n{jv>jDigiED~o8M=t!~=ul&(_;T<-{Hc{LiXp@wL$AGBwetEpo1B8Oj}3QVSu@$enikS?FOfxI1nfAXN}eA zETirh2aPw&?SH~vJMHe@Ff6Nja#CWaJX$%~eA$HD_US3cgSDyM+1UTa(PiI3wA zOSY)n$KG#}ec`l`y`{v4k{V>Y2{b`H`_{7IDkk4FoPrd|17=3n3&i8I+{GsaBN);+&voJf z)bmC$$lV_;QHspk9M?|5mf}w4&~gVC^$%%JiXivg z6lJk#gV^4xx_ANM&(qy6D4!ZXzbHolaC`7&|2X0{{BnFR=5SzPzCF&UV@mL`UjoB~ zSn{$s87t4IC<85-O@n=6cyB<`qsudm=g$R{j7K5Gu~EkcI0Pnm1S#yFwN5+H$4~E) zx)Zj$>lOGYhCk-|^*GksFLL=`Nn9cS{H(m;>YCk4&U!$~Vj1W)1EI@3zojxC&AT`}0^CXR^a^MAKa0(qcTiB{Fw(r(n~u zB2hGPNHBD$iKQ{vKnr|Q-gK-F#T0FE?2s&uZ^;!QsZU-PeN0s!5zTJE6jpHS$j{AP z-pxykq+gA;WQ~`QR@6{?sNKAMof)R;8b5f-6U5%i$v=YQ$l90+J*|Fg|D7%LbF;Ru zYdFJU@p}=p1oY{ZqG%N;&K;CU6Z>!p7K`Ijj!#_Bl@*>JSb#8tL#fTnjBm5)l9RnUgf7 zt^j7^L*wUNJ=9AL^7cCiI0oOlnE2eCdmM5tr_4is-+p+KL>6sMDPPlZ)dhWie@W@- zimb+9Tc_`_;pHPi4a+Z2zcgU<23WDDyZxdtLkqd#J>if5QF6=anX7j?s#3^!7359$ z^W5LPWRKl<6ARtOtaVJ$v~dxxtH3ZF=#$ifs~)2DL*Z8fi0u!bF##)jzLo{ZhGS+_ zS0Pdf4}7vfeLHm3+)u-1>{u-3hHp7xuPoFyuwY}2YM6>27pzoQ6yK7PUMHiTQl-QHxH(XM5%^M=EuCOXD5e5G3=M(xohH&sGCs=lSx)dV~G_oAqv<vXNW*Zt$n{o_{kPH9J-7i1M z2@^xIVFwoUh>)@+6=OC#jG4>t>TV3p&FLyO5xR=csf(A&w`&A*XgVz_OYQ%x!9>O8 z?wAxUDvHxtioH5zzpug8Kay5@ue8it@%&ZU9OO)`lNab=y5VLVvoC64mZ z?Far_FnDFj%gqD2^#d}mM4h;4mMm^rYVUQ+xG(`!liV*nkU+1OHyZ>q9JIzLsc;)C z>A1Gpp`^nh$!;c0`lM4={MTfD3C7?7XZV!j(tJk)Bl6tIE7&6Emn@7+XKGDOg-(z3 zry6x(A(oY?HzpUeY{Hm*oTV zU|$$|jjERJ>PQoLb!cEuNwvMZWs30|Y_Q+*Y&tS+g-xj~TfJRA?hAkfSfdTADkCrZ zuBuZf+oWv`n%$6Gpz65~SxVM~lWf3CJlh+l)Rs7(Q-2O#KG8HxhXz1sTRgq@sRS-& zcbB}Y`|57*;0BNg32zily6&4}m>cII2*aLt7FO8${VDbg)7#Y%_Ei?q%-)f7$8~v2 zv!4j38$4FKl>8738U<)U+2musZ>Mx4r#z?qDAql$s7eK@hN-$(-CL`xtP-aM0z>}v zYcu&$grxE_SGhBVXHa%}(_-WM;pM4KnNl$vitST=0`OU?l%sbwq3c;jXfdr_rHPVz zQEHVwxuM5KVLd8P?DB%LNsx5DD~x$^TF3X@_mn}>HN-M|s}#fZYKNHYxx?v zaW3Md&ghbaCh;lQ;%YMW!;l3IP2F@~#O}wZmUlxRn#4HqmtJUHSb0?nv^uT2NIz3E z9vBCsDb+pT=KhucH7Is>;9EZ!x6D_1M%N2q z$Bi(ljoT4XZR>Wc+Jxg_0>y()brta%Pi9m-eOV>dt8d*) zpbBF@L>3aqB$W2YiX-Di`&FDAM5I1REPa+*65N6;>9JrxpdNCS@|zs3MK8DB8;IsV z`4PL=InP~|MEUXHDzt>Llk)O(Obrd?$-8IwoNxZS2L=qOY-p62Y=h=TJaM=Yrk8==vn@>YBd4(xO z(Y|&HHP+uElsl?_4mBsJ^Z;&Qx;pm`C6NDq?t9X!&nvy9NvQR=^zh7}hiSJW$yx4s z%njBaiHYwUcxg}_iP}k6)@xnEzO%uwFNmRY?*_fmfqwX2 zlTuu}Y3`rKE!Z99?Q`SnmYb(OV=Nu|>B6Vm61SBz6omz*J-RN`x}CsTpX5g74j3Ml zCEeJnEYUh9h{0|wqS_l`%=OwMk)U!AAZ zxV@R&&Q)%rY^O@-g;}0)X-y4cR{AJMgi|t8fZFfJ$IaovoEoXQdg7pNOGOhEn$JG& z;+5J6aH@UC&@j_{Q$>ge>WHrh)K?VseU?4d6*ejv<&_Une346t8kQw)&=%gCrzyQO z-lRukFh5!Dsab+!J=Eh|!DKy&=Ov$6pC9$d=^JuBD~qhhVb$>Fh|IIp3%5ROm)md5 z_JG!>dR||sHXgRQspp)7~pF;-c|%IbYr(hXMfX4^_f@51b9#(a{UBQ||Hydj zoY7M|Xk0FLeDwzW^*s6Mg*!N{FDesR)*}T09ieWyk9-G*l@2|_HM2Uq+VxgB0vo81 zuKo++Op_bMQlV(C$XzfmEh_pdZkeO|WCe7F$bU(^kROSvDYrl+9&(X+yCZAak=Lhl z<+kCL@TtA+S!BTxT3wTJ@U9w1D>Z-oZR+@3p68LOBwu2Z>g`VxZykZpnTxEwSjAKI z9=&65>H3zf#^paBQ3%uJuP}J#6!>=T^6S1N`t_1Y%9VIZ1>H$B} zrV3nvw}+v>hPf~0;$pxQ0i5|XnXl9JCwh54{ufsyszNSY$$jaeBqALZF>~{a=4!o@ z!Ykp3&Vl|7v}#}269cPRms<$_t%89zAGdxMq2UZI-*$s%=AX-wO2-CvVOQ!e;ygwh z5bmTnek|8wpUD!3V~~;2nCI(r<`&bMyj=$mygu9r?`^XHKIBVLhHfluQ<-Dsn$6`N zeSFnL9B1Qh8{b0IR_DsO{9~f)KxW85UE!9bZ*r};L?2=-i&B6MU7E`@Thu#~@qD`E z+sBVjP1glC_wWEe>MEG<7&sBmY>?gfmAnrI=aXQsQPXRu&j;>asl=of9ikD7dbl_j zJTMN18sA;tkGc4!9(jWOPh0*!KJMwUZ+9xSv3g5fRO?}U!>gx#JCp+yE?Lb@&Yj&f z>7;^yyseLlzE(d~@OXzO&1wJ9_yd1W`k+VOiszKGhs|7M>8@3l&bSGPi)Qf@lDQ!Z zs=c)3S^2(gGX|-(sK^h#!{C8fzi%>%WLkEV8yO!VkikgS^8{YqYLu_oc68htIOdomTbPwW2)gCnq+Z0_)>8K?COO@dIhVebF34x{MR$bxV_wMKE zZfPfO*^S!V(H@W|CCEL7cz4JI?t>xLWHpT7i4QpH=~J1|rX@5n*0nv8tqOyR7D?IA zthtk9aXawAjm8arYiW`AEHj4t*?t|jgy~!19)pids^H25}z zGnJUEaJHJmJ69bR{w_PEyXUFpO`iLpqTl{vq-omFDdL<)-adIP6EtaIRnai)7xC2Q z?Wf8|YZG5Zv=ea#4F#bui-N>kR0J_)_2lDjCfn-iEU!aM0`=`4y?^3qLQVe6kkr~o zDqY%>2y54J%8<}_Boj0BEzzROr6T6X)fo5b_I*1Z5wmF9=@Q>pgIlJeHK*ZU$JQR7 zcEWc(Pr;B=VS3bQ$^cx)RA!Ne1nb*q#Ra}O`)Et0<=tc&<>lZc-Lmd2KHP3;bx*NU zal4m%VM^(%>g*{oq3({$4eRy7cB9f8)+$N51E&uym3_n5_vTJs(QAhwoK$R(&RDkS#X4b&Y@8oST?^p0z+H#3+N%1T0_XTFucJ@n3#itcj z2{)B*PbM!!MVIH#pWDb}KfaZf*MA@<6mK~hg02r;;&E%0uHKQoTg z^jI6`fhkxEFRW+7lAq4EhVk!c^eG63N~-$t#+y_2`^-N<0vzxl~lHXd2Ie;@1X zyU+m6M-n5W%pcP?G1==*1#m>`;eLXjd&XMyGmdvwmy{~_w%s|jipr4m7^g*4OFrlw zZc|U)u{>vdH{<7w(5EH}=|27#((h0pWIQwF0o9iNir(_x(6xu z=!Xxo1{0~o2P%v^fz5az;-26`#~s1PDiT2-wy)Pjc}(oR_|dkc6R|sVLE~p2ag#o2 zyN)%1Yc}@X8)pU0O`E`XSlRDC4F`t?^fJ4bb|q8kEPC>qWgRI63ym2vE)UH7klgjSoM!I$<9k=fzxdaab(wf z$k@B>Cp5Mu?>g4O7S>wOghAtr?Jo;8cT8K4Zl+hE!znn{nL8@8Ml84`Rhn9P+v&S}%tLth=}KA=*4EQ8a=IN*V%IHobnTm8*z zE&FJ@5$ozSo{)e?&*v5=Z0uRAXRq+(afhr$;4Uo=5IKLrhBVh86+F)I8ErQ+o{UBBJ7O;_odkH&Zdh>`h5GZPtQ7nZtkBMgH_PBnWcKAWyHAwBpR7Id zq%iw@flJ&x6laW?Z#yBe`i${2O)_8K?XwmWe5}dQ`bKH>yp)9H$J|wNuNK}qi+!PS z>EJM0wXAoWTvL}_l&##rALbDBreuAVel$94|ITV|Gr^Z2H`Nj#hQjT%~Sr}FbBKF zoAy82f4Bs{b&PWI8%PRc|8_4SI*c6`^5xf~U{8Sh^^o@Hl_t|H%) zG!-7KrXg11t=UQaST|_I_5p*+%-a!Lb9AVn#m;60+;NS4;;V3yiXgp46*`PkdUici z@iD!tX#xs~TzB~CVc+F+vQa;?_GSz2@)OP&*4sdYbSTtY5_N6a*xz_hSxMvWtz6Rk zbtP@+5~G~N$_wDmuC~%>ceaCH>zlDW@CowJ)Ehg$bkH^*Jw+#n<2zt#xm8g$Wulm7 z7pLkcSVZfo+?c2h^$$cB2SFDc;uXI$&mT$F$9<_2TpXYb3KJ*ChBXUQ39(G^S40VA z!4*qPkuC}SAYFZ|TqY8S&SVO5&_XNTmt-LKVz4dHO;7f> zOS#Q7nBlPWI*gdO?$!y>3OpYMFI=VGAMhb>?#n^H!rc3Q-i# z$$65YLcczi9`#sB)IB)#{r9Be>lKn3@$TvRq{jO18@L}zKSp1oLf40Jgn`Mv((z^# z<8;vcBKX4&D=E*HPLcO$DD$U?i&bFx%4ylwTb$9^>Ql|}$+Z+4h~Zn*YtHb!yCe5N z8urO$jz76?RNSGq=5yxCLEWR&nsnRRj2_v(tau71D3z|DpRgqt=-@Xgp9*}-JWWoj-l*R~rcwQ&Wki?SPtU-)Ql~_rq^p!~>hu=$V(Y{gJf}OB9V(yf zxr&nQ=}EZtzf~~*_+z+*_l@+&5B;4@&sBTGvz3NGKy21YY}?UC zPsS}AbD&l#*~P1iTaV@)73<1vksnjp2L}3lx#$}lQ1|Cql+?Ill|mPti~JuMtA%*_ z`r1k7bCF(fHM9Lmejjk`xd{Fj2n6v#vxgBG3B3bT6pcrgsasot{yTzg3LW?Bl$Ui? z#&qRc%`H17DzvGdF|}V3yThP`n_z_>*Di}jTq)p+X&{CX)@lANKC|ZG^ZS;|0@TX|A zCE)h4?CZQI-hly4Wn1Ow@lgv}vjX`W~Qy6`WsMYxw;^Jb0pHm1_S);b- zw2CXp*b~*Pm%*E-q{;^^fHUCQDQ$>&{WF0|4(=>-?|=(?5spg_jKu>R^@(^Om)+%v z*%&L188*kF-{BlbexVfG6-0|mi%055ed=!#IU3eq>lU3}$y7~wf__;9Wk;Vo0CvUz3w)!z7Le(r>5HJF+r8r9rP zSik@Pmb@pSFtZxB@v~>&9DE4?6~Tqkn}2+&f^pLkD9s5F*_$~zFb9v^aAa?%LeXl&zp%e*L*SB{lL!Xe3kkge2o8NI&CIc;+hVWnE&G)khmLE=sOsL3PQWadOC_th@B=bTFu^HOzj zU4kO5V_dBRkLIaQC4x|=w5YS0IrplB?5(y=2ft*zT$}XGr1pu0XEsl@t`NrbY5Q6} z8%u%FqTIwIz?aWeIB_aN9(rvjflKf>8H#UpRpK(v+XZjScV}~|C7@F6WD|Mjwie!v z)+`AjCxxhy(=PPh)cB$E-o8oNG5KlFJ*%kD#a|e6J@>piJ#YT;@d7Voay6q9{m0_h zO3yX)Td5is?8cCm82UxIcrXV|$0_`!enyG1dy3@9as*~~>FX9AxGfo6b*zNi2t1kh z%~1aECDUkkVE-+~hsL6dl;K|In+w^@` zFPwhw{y1TjDA!K&u%To>LM(O>&4u&dX^6=l^)Q}7?5966|EbBtZfF{LG3Qck?>TEqcK)>NhHHM$%h<6>k3PB?ZC<|keg^qXgiuT;GPi5K>|KfZ z>GXW*)|*m=7REZ8?3MVQG(dDXQ!;d8PqMC|jf+?X%!hT{BWZ1*`vykdcLXCZOXts* z&9vMn|t==Hvb0ktjO9E3+~b85_AxzJUO7x z?dt+%`W{=qkM1lL_nR0Y;++R{+=j}soJTgAj-yKkwsaO?@hZ@v z*XY|7r8}V+WhPTOslFHE12QGb`bb0T-F%jVE@f0tP4HIHOiS&{l%KqI=iSK-Uy0S* zsmLIWrOQY;DyZ@K)H`$N(~-QQ6Mp3)9uOPTgD4bjroF{#YGFfqdRsrubP(>kzSZWHxp}m`pL6oQjs&CFc(43(eSvH6GJB7i z`>z6_IRpN6rPpuzBy*5?OZ~fWkF8o${+(U14@jQ;)2?|iwC}hbRa2(0x1CU~ta7C- zx3{>-)5o96+$^!)K?gDM!<4-BlKi38d-&axeIXs2h+{VM(}9W->_EFu3mADfc+_(IwtilxGR&Oi z&T?5YSa37ADRq&{`MwjP2?<%`rnF+#>1>>4y92LJTPMiKIX^Ee|ffg zMrM*=OBX{DNRX;S)}z1j!@0Usg?6;6r}+&p(J;g&LEl2dHLs~2+NqzUsE8vK;x|;W zf;%PK%_q!af$2hQ*=Te$>GiE!k&s4&{qSletZ|uv}Lz-boO@lf5(VmQs+i9nAG_^w89dim}bol ze*GZJ3ubk`qT|D;Qg4k$JrQ~OQfI4pc8lwKu0e#|w?cqx8=9$AG@zu~;{+$7RF^?H z&Yo~?V>IV5Og7{!T{f#*{m(y}>a}H3z@Nd&##_*kAiMo!&**vfUmR*C*ubR%Sqi86 z;v_HWty{Ca5jVq$P08&Z+uW1g?Ph%%b7GZK!~fVWQB9bV(dMaURZ;iulc6B;{*RuH zuPie%&`yK1Voy#KWqSDH-n{P~*Ol@2_n-AQal^HryevzY9JazPQfFa=8`)|ng2JW{ z4U1yc4Rtzq3I$@c%xT@P@bqNAH1#E3d1+0~a+)#XtU zy1R2Kw8ih;(%VM8(dqnHB!1_{t<3a_lZm{d>ac!OU@mYH;Y|rHXY~Qt`dbJ* z`}wY3;{b6_-uI4n<~;Rx@!z)OX!c4!wOrmaCQLYZ+`&CQHhNSUHR<-vI`?s2!4_NP zo5@oVTtk8{scE|=4N2Jb?e9lnq~NtX{<%nlAO7oOm3+%dv-#Ffa8<@$R}rHRHy(`W zKtC4CQ<74he_R;#p(OnBRT;+^0Nb%N|EOLXr#aT(o2A62{F2tm%~KSj{GW_dPyXpx!DJY0)f@c&Pq-VkwxU-L!#!A=r*Ny&e21mKF@(JB z;a<+p(pSopc%j$3nD*RYsrb?7w}nAPs&8U`I*B2!1j5vsZBjTNT~x1llTo{3k$xim)3K1wH1}Rey;Daa}MekEV$!IxxX3)58gYCY_NAO(mS@q1A^dk z3&4$^^00y7j3OME0k43u*M0kpQq#;}F8b!WuMq<)pWh9GVW9s;QwifkDlhhhv{mk` zhn+7;-w(bcW^k)@U`G-CoFS0^0X#2^08@e$ZaRWTjHwFWX{pd=jzCz(c4`DS1;`J$ zY+hATBlqy*~~n z>t*~#-@)UKl4&A{7!1sQC&d3J9jd@rmV`y@Tk0?m)@S+FX|y>U=a1M?{3ubkw! zE^XWV=*6K~O*Ks!TtwS2?5`}O#`NC7*Ks*qFgp400X+MeY2&IDmvw&MNK4;vgN`Ng z`S@z+7`&sZ`<#BO`mI?{r=Rn?FxgG%S-sm&|1b95JFcmAT@#K9g3_dk)Tn?+myS{* zB3(dwFVcIJY9NXSx^xJ=C>;_?2&6FU-Fx=g@1Aq^ne)w@`OeJm z=O0TUtgP~^XWh?rx9d{Mn>L@nyGVZ1k$8WyHc$#U-Iw09<~xulRU}f=oYtd#+x?=n z+U0^XmxIbmzT^s`aHJ1hKHv1nt2gcYReA=x(=UC@Y)O4B@QYQ+F3~Jh$&8<0^WF$Q z>$PNxz$;wdAKD5No?ot3Vmuy>iK&>vnyA$VeEUm<2he0W_P6>DpeE{%x~M;I|1nDr ztbqN0lpcWov|acg4BP)ul`vA)MNo@s3yZm3-23Mf{{HzNAHeVN_pwcx|l5F7@nCN zKk02?>&D+`21+8}fI|ke18xL}_=QWg!wxopKIlJw-^$NPbd}$}Yh>HK-6+i7OLiG1 zW`tOx(%yylPuhR@g5#UO44dBD*Y;uHoZ3GFVHNdo`3K^#HWv6Cb<} z_R2r`>+REyhN#L!TOgtM*P{*tm+k_4N_1#abjo$g-J;v&7?evC2Chp2QV$bT!QUt# zjGm+)QRT$vBo=FYdnS#MMG&uy5jXGyz+mSeYyWZ`lZ=s!kuMio`hD8JJc8eY{Ci6M zet~|Qi{Hla-&mi18^_2NC{t9OpMq{*9A= z;C5y&jmz(GwvD5&xuR&x>f5P-liEmvT40k_w2=WF z{Fr=q-Gg>{YLkn)eM+P6Iu0IQlHsm@jd&LvcZbY1$w~$4mCXu!DKC>8bX7v0b^Ni| z*TV^77D$p{52=4Jp*nx6^x39N-cX*;cb7Exm!1x z$&^SDX`8e*M+{78OH3iNTouX+9gC!cl5aYn?X@N*aL{2VbLY+1%jcYf2jlNlO^OSu zi(SmkoAZ&a%at>Tsp)3BL*mujTMxgmd%X@TwrEtF#BG3@Phq~@`aE#Q#!y$q&su?9 z;hMxj?G9_c5-Mt0CF~63jG+Ef?OlKjwC&;tYFm-FKDBYBTa#09fBH!2SkN2h|A9e9 za+!he?nu1K_^psyB?d#~C7=@KBK6BN5J!>O_{$GxpzgwnBmG*sDPR^SMKI{xXDf+y zIj$-2#q4Ap?4R8B4pXs|<6D?Mf}N5Bg@7cVonZSEFNtJlppPsQC9B&=F=fYp`D5<( zDS|)(+dprZ#ZdRWA17aS22udypT7-(8v!+QiNyQrqd5uIV)8>pKvR#(8R$AU*l`@F zMdUmKy{4;L&wWQZRJjSzfY1W0#+Ow7<+vsHZvVO<_P2xUU_z{jVUUw^{8}-0|8$lV z5;!txfRgMn_h-SxSsqqp?Oc>9{SScI{}jl4@ud10zfm2|pYZMk`j)xpLYaK^xRFdL?7I*QOGXUm&nd|6 zNx4#L*jfE-MjzO3-~`xDx|OqxBL&zGsKop(M1utr!<`}r!lMZP0^|+m9B%^QJaagf{OgyW;}l-yIC@1$=lhY^RnO#;==U{m;O;#{ZV*@t^Xr{-^%U z@3Z`W^$35D*zXbhKOJ@We`t>V2bY6Ch^502e4+Bh8KO`%+Wt5q^hytDL}Z%Sj7Fix zd2>x)al4{-sgH*R6kc3bFL(3!PR4lpW$m&i?9O)owndMFZL&7k8><}bvo}w?s|&|F z6*Q73v<*s*TuZy#&|R*t+H~`@X@o3Y=SmK1t==E*;U%qhfYN)#D59SD9#JWm$SRBh zIs!hnpMiMO0iKzgll=@vTM&Q>h;RWY#s?*yfYV{_4v<4y2>!CwuMmI-i7E{Tup$2d zNSEFY$N=^EPJqg19|7piUiUf!^*R8=$=|CFNEu+(_OL@L8vJ?4DtN{ukwBt-20EX1 z0tfzUwy15bw@`9a}fxE-3NLOS~!Ucgld2q z%Z_>4q+ckZ<(F^@vnSWdKJw4?TGN{*ahi$JvXM)97A7I7Yi1!lAupfU$oi6-c3m9l5l$RicuU-Y8hb@uS^=@WUqNy8lT%1;p`~29qE8*gR_MzMR zAiRvxS9}20z5s84vTu&cwJ>dcmcQwrUVLYhe8kvNqQLX;S@nIB4_?#O=T@ot+vT~O zEX4?Lc|I2ixS8GQSpFs|>Q!z$)Ng4=PN5;p)w@Q{bWn&Sfg$N0wON{Nq%hMkgqkRc z=f#%f18mYX9jE^JzY5>DRTf%4FpIC4xoeW^hK|(9o-Q$SKImv`A~*cJJ~q7`XcPvq zm(x%kHjzjKW8sQT4fWp|Gqh2WpO7B$ZliTDAtc$WDZVvOrk%C5ZMGh!`3HSFtdbkv z<|JXEXFi4p$Pif-M}_@d6RS6U=geI+{Ke$y1zxeR>+~vES^Hm0D zw){Z(*Su&EnF65FVNkMJ;KBVBU{&G#qtEc}91T&y3)TX}^f^t(-~8R9a5b%gcl7_z zF_yoLR(`qIbn&2r$kV7nCDcli#zc3~UdiFI^y7Xt2N38I*K^W9CcGqM8?f$*0Yp6s zFj1+rQPM27LurUcU00*Z44>2!-M!?bk=mr%c~XTC+ov@A|!W6U)+Z8Tb3#2FZBNR~Nlm*-#iOdf>wE zzdVB5cGQq))lZJNH|&0>t4VbH&TQ;rr`U zgB`bfuKNV1m#SItduWSR1_hliBowSD}+$mGlgKj63T)mvwvqG|X| z`1qP5VRB?nFtlDSyJkAu3iHdNe`#mMkMMJC0<%%8)sPEVk5w>9C~|?cQSpQELSUJm z6_qQ~Ed}{^Xp6a$=4oahr4XRM=^Lb^|Ah*`B^2n53`cXSoOrj)5PMQTrAz@G*g_eDP%MsEVhjC##0|$XC^s_;U^p4%hj< zFmq*|yH7u?U$vv5H6f5Qb{P9bxOn&Cda2+i6PqO8xT22$#U>j|!@s@6|Ffn4KkIYG zJ{OL=D6OQ>bi<-$D!yKfVzqmz@RJw^&aWz79Yn^FkQ^G$9ZQ=a8QCE*ujxwWxrWao zgTXeX`uPl*Z;Ym*$Ko>7wl$P=MyutdjH@&i0V9o>cod$ER7$;tRF!_ptwnzQptWdR zP<*>rQ{pMWiE-nPEc##ZjGiCZgwW;Bp7+%Uhmyz^LLROg|_zP#C2aLo25U|U!y3BV2NaWko_7RIG4`{4LI}n=# zuscVm3lTFmu$>`7BYvpE>Ldz~BS2t&0F&zI&B0%V@2jffS&b%-$e+ev?p@Jo{^tI5 z#`NK+=8Z%B`^LocOgn?=k_DN}y0zR6kh-GLct*&^1!GxKGn$>Vs($=zcfXGKJ z13tZBPlv1~x9NRAXU6hmIf8Kv%h|?Kme^?VDNyVo1!m4>SH}4LL51AfuOv*EzjB>J z3y+iZ#pWvPG!F1uu?kCa>K%cbTe|3@aQ}Ys^3_7sQQ4rm%ek_Oy}s9}BzL|^-(^1V zHmL#AL`Pl?@XhYIb=Xw8Q-LrHzUEfZ6fD-E+)F!GlUmc1avZACp|7J9tdjj#MivXE za9MexAll*8lJT#rL&ckt>B0SdjSoHYj9;dF|86ner5xhoC_!G=XQzMtC-=48LI0Se zy+4rS8dh*+8c*Y0aI4s+ChVt&Ek3x8{TDJYXGX5pvj1f2waHO7lV^$|LP)eJg+%-O@wz+FIJ9k%`}GxT>F7qY*rxc{+kH zReeP#ed3dbn;5bFL7xGx)I^H!Yq)-mXOjpWP05-IYiFPfp}h;0L+v3C*v;BFNJnk#y2b(4W$M-5=G zKRp31mF!Q^a#z!er;roUR^T+i${6ozIEsCrE^kKwaN_E$EWjk?HAIj`j+Y^Kdk-EH zvKp;CZ7I{}qPOjNSyJ6!FPQakTKk4833PuY8Mm4N6E)jA7mg_bMz;8p5GhLxm;p6q zE_8!`e>|i18Q&u`{}QqMRmWqG*|Fv3V;!(4tlgG42tJeoA{oGduA1(9hQmk}u@N{C zEO;;o4_R(vv$9-I?{KlLt4!9|dS%0tD=u1K$p52&@@{Ks56qRB(zY|dWglUzG}KR?XPX2zVEOMgSr$&}t0h)8$S5KIbow^ZDF+Wa_$tJJo!qmCRO--%Q#K z4@HKH9I!}NxJkS}@l$q;USUNU6sFZ~*G9^}Pzgi%N-dzdt5KkZynUmN0uBoI> z1PLPVOH=&1R=dL{v`tO=j1<~~V}td43sfO4!%n^H%RX;?ALM4SDQ8WH!BP3lY61ZKOEsq4QdS znS_3Fve$~1$P$>bwD&3>JC2f{lKij|5RI3Fb2nFed`eB`)(LMgPbO#fO+IJSC;SA6 zF7cvjiHuQrLGaE6jO+<`8V_>{X#k_wR@dbHVT&@M(Cw2Vmua&vxkeX)+O#HcI%)e2 zp)?K+GI=Qi-ATRKqQl8X2<3(%BER2;13{)MTMh+lZ{qeFVsUxB;jb-f_9;2iA=!kc zH#(Ym_E<)L@w^s@%kO9(-tHMWe;a)qBM7*g?zOa=BJuNVs1^H?Lk<7y#mT%E{ARq= zIB$EYQZm|{R@9YG1&g!fUGmk0YC@&98)k~8o2rbSEpCk$XQ_3k3NKl>&tVWs^;@OU zf3Ax%%(I^Z5R!T~aR#=2^IL8mazGuJ)#nk?&F2D*TENVJjDo8b^D1!?jljJ93NXws zm^UiVBkw@QAC$(mvNhTV(MDWwSra@J_V%XAYpgY*s<^H5$zOKIfSD&D@O-n=MCcVf z3E`vQCv^(|M0 z-oko+5rQw`wj4E$9;Q3z2}*X;Hp;xDmlts!85Jtl8LZo z1pS=K8kMky#U4Z8chMB;USnwM0}-T@LMR#3>qjX4CdaLBXqCuDZFhmx z9;n8g34@8Gb*jw=@n?ZIC3QP)KQX6yLBGN{)U6$J45J3bL#gvQ3V+N>HmwD<4Gq1! ze|^8ppW)#`wsb<(YC~hz;VlB~5x8AD5vh`ZSCM*gG{E#21%I^^Jt#h>DfvG40#`@J z4I8q7uo!iG-)m|_i^F5Z|M4 zsh_C(G$&Y6lK1=|`{449z&rh0;)yOV+eK!{uTiSJcJhL%RuIadx8d}D?4rkp@P~ER zoiF!!GS;R9>fV}x^>@0lRT>1u?y9k*xN2X8~$S0 zP^7!M>a|yPl@YPBs(17&oBKUU_2WC(KY$-$>6f#t7GVkYg!jao8ui2T8j0karIOu# zo??|JB!|@fW=?Wka~!H7Ylktf<7K%-jE$fV@>qp`Ce$YH3HMmQNiV5?z7+_4P)(+5 z1RD?(WI{qRepKTW%(qyMW1);VLA(r{NQ)D6nVQ{9o-RvUb-qGo5Fxop!cY0$Jig=R zo9bw}Tq3~h4q|QZRL_F(x%Ff@YlYcBCuF(G zlnCbB0T%9Na-0~C`5%!MAiYFGAU9Gn->n0pP{6hbKD|;J^9p+VON4Jd7$3HH26_R^ zLFIbBwLb$^TCB0^L|Hn-jn^&;tNtCDNB+zXQ8GfGs%!T+m6tcg{cr z#m2pp%iDl+0dG13J!&eN4!1DBS9BEUgY>DzDI$B#)VlUG8m3KrC30ln_vn>w;DUTD zMG(7Jk6m+uUGqx!cJm9m13mSyh$UgN&P8@IOh^KlrkxEf7}tEKyzW7o(7t-HqY3*< z**H}PIWOs!(n*Y5y2%;HQJ7q|*dlC`{1S1~YPK-31w^WXyNlf-(pzCwVatFY()Jw( zo@_>8D<*e=f>Vj_iNj@%JtT3$NI1)4QYpG&%O z8!(9(D5HbnNaHsh!v&XWnJ#^T-+HA^q3uwDZ3uD!JOy49Vnqv%zMwx2Xm}Bz2{QHfeA=!~T_L1D6*Zp_Af^R!m z0gpE_0}aDS;jhC{QS-32*@MtlLeeT?N_G(Lc|cs77C8t3!eKLzAj?ivz~VNH#je+qdiT<&Chnf1X4 z*(`-tezOR_xYaB&nF81Raky3TV24&wrrn)hb+b^FvcK>?$-WlgJR4s-Cf+p@@bl=^1kFrs*JtJ&jnxTk6V~NA95Qd!71<)JU5_^42gqN zO)f`8>~g(Si+faC5SVkfIIrgMfyy1--peQV0 zJdd11hnJ<@@frS+7jLTNC>zelR;A9aKc>m#kzPbtH<8L}qF%1hyo8zrrx_yQuc}?C zlz)wfdwmz$;f!2%3VmEyDyqK&qV(?Kqq&S##B>tgL0OQ(&ml|9*b>y9CjG3bnaCX% z3VTl3ifGjLd~XN$hTY)TFLPpks#S4LBb>lUl1+FeV|OBvZX><4As<_$(rhp;Ub}Di zqb1^{w$FDBRmCLqA;k9BOx+ z_jXH)u6m*cA?Z7$Ql&l9_Y6eG58G1PU^RAZ*h+G#T(1vjp+wKP_?Y&m>h(9|#{7I8 zoi$0uR~DvBt>S`@pO9yQYN5b8Q7E$x2$QS_)ODGL)?#7zY0cG|n#U%c;V~q-47{S1 z?B!izgO|7yw`!BdY2pt4lr-OzDMS}eti6-}UG=RE_$ zGB&Jte^(~G-Uyin4JOCRf_Ku#uGz^ z@AxTSa9tS^a6d9Kc(Ti@bnA$@+!+^y)q6O(@BrJr2&aciiubCfTq7SpS8c0MnLK+x?gWnuE?19fCImoeGPu00W@S)Wb#dY-|& zrcQ1s+mi_SY^z=t8ILJ~;&O;HUdGrrD#P+3P-(PqyDRw0Bf-NRD`TJ}q<4j{vVlvP z?HD&BO0i@9btP1y+ZixDr01}L_RA?o!#2ahJfjm{lspDH!F|WysM!U3ZGRn{e`Zt? zI&YZGUQbBH+YxU7O-I8MgJxH~DDu|pU)hMPz3%qbOYj%-2jWq$j%cT$A%r|AH%@jI ztBP$N3@Vn@c_vXbf8VD@r-f5k?1Nzth|Z2LF4HK+oH&0~o@4xJ0r4hO1PyzM=P&7h zJ-u~W{WU@MyJ(4kaa-xayNIM22V>szjgaL-Cew*{+%<*ecl`%*3+oS#gf5ys*!b*8 zS46D=yT(~?vpEY`mtV{%K(@11?m8$1)V@(ozNxH!cdX=b(z<^G%}4Pu!&fhU0^s5C zLd?843f`^?$i6w(&y`f;Of12S8);OeC6z(_q?H=9RLusDm03xE2Du3$S0H>@d%GH~ z{TK}itA>#dI4-d}kS~pY7quuD<+c^Irb**rmfQLcbH8Mlfw?;DkP_SYI?(xjqHdRT z56`CSmQ}(-@O19-IkuOJ?!fA;IWnC0dMFa+Sca@v0pdEKM*b!E1>kXMCt9@!duzHJ zt5@4sRHfu48-}av^e2CEEAB0NehoV3eLU2%5KpAS5*Cf2ev6gjUMEAY0nR>*9)d!- zmj@VLXz-qxm>APB8*@xtX7jA?MT$11=o00Gz`ue-7aPpZ=M@6Xt}t z5}473AeA*K3zYkmXi#0L$50L{j+9CjPdDKF7;`m%4C}vE{mj6Jcn5710cHQFU5p*v zr=Ysc80lQ9;DiX-kFdVrHQmigmgi?}-}fq?o7z?UlIwCIg?C z(0mbko{%LALp5lQ|Eh}WK-T0svmrZICzGpJjYe-fCx!dGq~J^jb*X}qr)NWWme$(f zSD`mhkOaKgm#thQRG-RVb@q|(j0H>Pjz@b<%DTK!D(kbYUo(PmKo_8NKDIj1*wdk!fiFPJ zt7XBl>Y(&j675gqbV}}xw!+M?yMy;}ii>MqR+La@)b{CG)bh8=>@Htd*c1Qrvu2Mj zdbO&N8i!1pU!?d}pM0l#Y+K3d1LK+%xzaow z&4Wo!e4xkPrp<=w0fRS$(sr5e6K}mNM(Tx#niFss6>|D@>+D&$%Ljnt}~74tJbuVYf!og z?cg>eDY@(l`_={`{ISz(JRj=qz4P6KEJCc!lc|f$ri@&f-gWPi34Qe0zE+&Xo?v)n zqwr^_-GsZOaMWRz|L&$R*ZHuvX$QY4u`t=Zl}wwaGK|S$`P;8m=B8d|wJ=x-Civ-S zpJFedvz;JJp+{?=Cc#r-cpPlzw^jCjb_i$QUA!3psP0hUFD!#uHtOvX8N2drY0Yeg z_vdvk-P$GRV|BfAmm-dS14-5$&)k%9Ex;HrR*9dg$N@GFlnGJCTM=(2rQDHK_}WH)aP9(u((>KC~&Fg z8uuBf{Qg)Dgx=lH^;?<8GWt=@@-y$6OZg`q$z2~nj8k@A(%lT`X-n!sIuE1@jd57hH_#wyQ1p@0@|^QHXm_jq5lI`9rA zp=xI`IwnOnyDf2Qjg+_Ebusm@DP>{FzR9Od#sni+(G$cr zW$th*fs96r&VBIoQ-&JE5}p99sS*P<>B*Ojcw$UQl)>3v7_s2k%`u zPRf?LJzLjXu*zl~=7kTyshVH|y3zohMfxQR$1Wr>JNg*4k(5N5|Ly``53gY>Qh~?g zht}Lo1z83b2E@0s^j6j)<$3TAzoFjxIMt+Gt)+DundR=7@Kq7zb@~~XHp7)k*FqUQ z4yT3Q!Xg&;V&u87DJUBA;oYHV4qk~Y3d2F!Ly}VFyQ``8eI3fnqDnz$pvS!vytv`Y zh>>5=!hlLGHOq-{_j=7Ngn7Rucqu@)5?YjzI$0k(ay*Pjs??k~a}%ihUfgg$9N=f^@d7GZ3GrZg0RTgt}y zW4X1rHv%r{8@vhRPWbU1B(P%3Yjn5eG_)Be)y{XVKtVCZX#^oUZn<%!ou9Px^If8Q zl%CJ8;3DLVd{M3iv_H$2r~tSoEs(<-7L302YxpoA;P4!_{-B=kz#f%53}kN^-#_#L z>SQGF?URRS;nPa1e!0-vCI2Zn4)~%cL=4SD1kzzUdxR=Okba3N z#mh15i_}f}Yd@1~W_&0AJ@e7ecce=dV%g(6i0aP9`m~M)?dXYi|D+XnrbpxACq@Lz zvFeyhH^FmGNXYwprAyh>`{RKo669m8e0$gw#?`~7`7M1SQ;w#IneFsIk@~e-CFm9Z zn28B9IY@^8UO>puk3{OgnI&+z{EZFxHM|Ns8@GJ1Y^h0pd7`%!FZawSS<%$!3>6q%9Fvt;qGEbH?kBywLWgX=9=I4k{>{;u z^{MOYj?XIUC%xGwk@<@BhM9J&BVq3QpVAt~bmMHQ8a%bDBHk_Y8McoW-2U=;b;Nvt z@OH+>Cm1<%_{0){14`L@ynsk>97_N(QGNgN(HUs^3`Eq30%FD6)}x5SV53k+;+hd& z6#u?E?F`hU2l$%!Aq_$m?E>aCTJ&bBL*gUQxn#BS+6^leJjJN29$@JymS3Q^^^Bd4 zC0Sk!FOAXW$o#6}W081$p3Vd*!f}x@Bf5txJ8|WBCl(D}67D1zwbToxX@^pnd~gTZ%qIh65h+6_jG~Wv3F{*>NGWF5But1+Z5U6Bp z6`wh0qx-1+WC^#}y{8gG_>IyWb`x2DTfc`LArYd*WlNNqCa zxqo~oo=!Mh?b5k45Ab*+|6=0Q%*xK(!V7t}DHkFYn&<8Q#xav_@A7&_v6+pApHDL1 zi@F~tx{N(~?X>GKsz$w~M4Hf!dqUM^SQ}wx=X8s?kW`sJFQsCS7+Dg=UA{EpZL`xj*#pU@7Hf<@hpFGi`Z&m9?}po{49bRMZ+2421Sf zSkW}npwqR_2Lg4jjqqjC)N)_vyalt~&~6v^r4$Eh5_A+bV@>(1eR5eHoUJR+x{!~C zys8QjYp?%gMa$V#jWaCcDt5~$_Yh>y7htp67)t!`t^4 zHuc2o-6x>9AkMFWvubbSA{}%)7_SY=4ZR7Sfb4q_fja84Z;-=umZLjUY6e43Op8B# z+Ta!cv=eF{xW3c(vobh41p3H%bu>?1#M{7J&)cY0DA6-^=$TUp9L=;iw4I3ZRsDf? zTxk+LT0xW>mmHeO6usweu4|L6jGrWL@1s0N*!HHHy7B(4(M!BMRsvPKGTE_58yMU6 z)glnG6cD*1xGOZ!KlM#$_^O|%HW#3DpvFG)tng++Myur{=9Fg}PN^KoVzJacW;$t) zyS9ncL~I|RuU@LEMpI5m1sDYc-&^bna^-&e#Ac?tf_p#D;F?S{C*!J4S?tGTfgZ!m zLe2dx{xA757Cd>|Rh~t1d{tiKm9Q`O9>+_Ux^p@p_hOS{`#k@!oBK-bh(m4q^1iL7!2Wwm zeg=FI(u#jymYTr z?3`N)&QH#))0Agh0hQaCy9A4sl_>>^F_Xer2`2g9Xxm0|YEEQ}-ibwc4g9>XOw)U5 zxe;Q50>5YmhmJO19%*L7#>{jCvk%tg%qa>s^&7dn4Ftzv_IoZN2lE0hJom3yd#!fN zu8oPsGNCC9LTE4vSR15e14*p?GnhyC07d71ZFljCupxP<%C?)lsrQt}ptCCty*>iuD z{V16-6RU}wnKskzc5}aHU{u}Kl@ad9Zj))xFqfRX6;d{P%7aOX#Wu2?zk z4&+3+vzy@4lDqRF&dwk^`nzVa*3g~{H0g?&Ao@t#gS4GyM?%VF0Y4%)UpU$PW5*pZNR(|%DbKOd@W}yG!Zu^ico z20>|4-KWp0FMP2BbSX#|2{gyManPKL%{SE?d>k7ax+jp@E5rZP;T^K7+_>0-u={E9zh^~)Q3W}5Q~|RE&1y}hJy)MmWz%qBZOi9>Z9zyEuxAa zVrPMHlV{hQ9cZJ9fnbh_Z`)#SmnF%+`)3gfUK({%#rxp1k^eP9w0}q>xf*Ik0hy<7 zkVV)jZHWsKMlYt)53hj$iH%sqF7qFW4bxMPuZ@~ZS!7+NRBMs4+KwC_^EPQu0iAy% z;#^mslieUcXPb{PDZ#XHZ*v)oGu?YvPnC@jQmNf{5EW0uM3y*L;veE=SQ0Ub_?rv% zvCIe1B^u1Uk0gqj~w16+#(kGbjhq7+u-l*;(n)*VW)KPPH*k?pNbV zR^yu33A&qlOFGWN{Gq|yJf7p4A?y5lG))^;<#7cGg;1$r3 zh@cf3hWd9)h(LKGq7kN6DAljD(gqnfp}%fSBH*l zvS&`{=phfApS%(Iz{4$Nw)6hwLgSi|sT)rnr&41lleC`Z)1|1+Ec*1SWb*%BdV-pM{4kgeqC{cgPUd&0niETo`9%5^AXH4g2HS#u*b~!5=Ls^+~n0a=6)|gH9?g z{d6~mQH|S4q(E0t z!8M>@@{gj)-`jt|82q{K1ZYc|K&-M#;mQ7}CfAv}AOV>E*RlrkG}~B!YmEg_eSlCV zekbeC|1iXzwCr z>Cs78jZaR~=a{_&$C!9izZDtvOShZEHSE_8nocu)`cV7%_e2vLBxg)F7k=)~d|crW zz)IxdHL$MEi^4HdQD%+RK)h&MGfW_&js=?@65k+FL9yY6f-m1xZKP2 z{?*U;#U7oA!HeEMjAq^%G+*z;1y?WGZMt&ze#&ah8`vTkrz9_h#NQKbcsxD#x!JpX z2}Tjhj8{i#RR(+soLp8~h}+?*xzp+BZCz7D*)ZPtqbu@)kvoH;8+Q$e+oBShTsJfv1*7V=`&D_HZdY`I~I0wypLEp0|mf|h~qiP z6t4PLa%eZa@@?seR5(b$$A9x)SV9P>4iw5Tgtbisy8R-+_<~I!?rK@=y2wf6P^doP ziWQ%!JXmYO$xUi-xP4hMKbezwmX9~d%TMDjnR7dxJ=DJ76e^2S$}al?)j{J!`D*r; zQ z2zU44)=lhvx_nOm+%I=l##obSR;(Uw1Y2h1I8PvzliV4zQZhBDni~1&q;nM_40KvR zhQ`|-Ec!g^vF^P(p0jauKXui61xtdeXFSCoanLooD(C4Z$JwPd@z(Y)ANisOaU9IIUu@&F?Xko(J)f{MHJHuB4usMfF$oP)FFn+pUGV&vaXJ4sk0+t=|0`v zr0BNijiewD{~*NCb9x2HET0oDJ$z5(w7|k!U%7HOzxg(~B|mU%~QFS1c_MzmDnzQ$sZfb%Z1U_5q3TJFfHE)AFO3gSq7r-fcvWP`QI}EE2rf8Hy z&EQmUX1I&fCB&K4kc`3p1YBd8s0IAlwfVVwlk6xJ;Cb^l`7U3qB-9cBzu?kjbg9G{ zNO&9WfCFdmL*6tDrVY&evJIt|#^uU}Tu@@N20CGYPQU*j)k=Rt-4_QgEYn0(gUJH3 zX{wy-GcEOdsV8;G?Vidm4Y$}!OIu4zjO!R_eJU8xq8@O8zZVO4WV%$8Uk9|C<3#aK zP~-1V-Qn_LF8&;>k3L=9H-6(gsPaz2EM)Z0F`Z1Ipx|hhD>4Ee_bW-xKUV zHcgDa`PL=4b74PrL9+RrMTt@#Ij~=Tv z-+}hkDRt4caEp0q z3`{V8a!|repCVojQ~1?bi=YPQ!sb+5!aHjxCA~P?JV=z$=hTyRAUQ;)LwMh)y|h5L zS-;mx!(krCF=YN`uxTVB+0s;?yQr;nQ6*cIRn2_K`1WNv$l_2d73UIrP3|*p{OK9! zl|)b6X=!cXx9p!igX5%`IUd~Qb+2rbwLlyTN>6RX8tq+#;?>r7Lg+kZEb;<8CHtLz zN}C$Ul}K-vxm%Bsu++=qAbgnB&JGBTX|9aJlSb$|UOQcZNPll8Sy z8CH_rW7W#z`&v*U;k1)8so8is%V#gG)|PiyQLUjb#Okn~ww=Kc&2{CA>dNEj!aI!m z)*v}h@c`_>NTYU+RbYU5tyu{~w>BC1>*_kX_wv{8t85(Ps~jp4WlBLwnYrAzo3tP3 zX!=xtL<^+>i0eM;=O^M76r!`lObcbcyMhxp<)7^)`Sku~!b<;nQCx;VbS@7!&D|sI zmx#)VSExh{v}e>3;@;<^;@F+lkS#x(kQ%Ft-eZP$>mtGyfZV zZypbI-}a49QA&#v$~t9@E5AMaxe!fWw1^GiZR z@nTY5e`ZO91Aq)3N#Ek-%z7D?jVM`6h&FN%n*Ko4j-^N<)d^Ka)vN?~W0j6N;Zeag zBOMNPp)ZF%H71xJ~`L6i+_&4|a!k8Q+6Zx<$L2{sh%O^g&IuntD3;xJqtduE{ zbi+WvmK7FPd#w$BJv=`79L6UpT1=&B;*>_HiKK}sDa2r?AD{BZ#|zC8X(^%~YU=DB zHq<&qV|8rxgi3kHkUaY7yh!yjqMC1|y{qlG!&SP&RZ9KM;k_p!Ou}FJy}I`Pf;e-c z)C1;s(M|TFFk1W%UcIIjss`C$q7A*1>`ywwm-5*x_>CF$k-ep4Fg8tn|6T}wBpRmE ztx0j=#(P)9R5==@xSFTr+9Q{mY3S!9pH?+ZoO|+$d!>&dKyCJcsbW$oJQ?UC0{nK> zflwt=%d@0)_rrTm6a~IY-jlqaETk!NJnKn^U+c+yq$)+09M{~;)f`rR&|_())`c8) z`E0f==}JXu++D#~Hkpi@Ch_?OFYYRuTx|4qQH9|b-HTn{E)7i=>N*z;J{*p2OY@~S z)p^OOt6f?4su)??z<6QxYO4<-_m_~(y>mR?7!5cn=}p8V-+htu>igQogL0EayF}?e zeOvM9#%Tz{s9jPe)lf3;WOA;_sLooqU6Hz*nj`lCO%|=2DLFAe=Kn4rHWO19_8Nd8 zCa=_f4}+m}SpN|iTktvR5D3V`Fw*KO>@ey(ls*cW$d>@B*00kJz_oWQ@2mNc7KCpW z;0`|nBI;VA1>r?}p15tHD_XBRE%Kzg1Sj3lNLb>?p_HlB7R6^Z(1KnVDUm8+Zs4G@ zPBI~^0aUMfUF9?PBBjEX+XXJ!ZK1!C+I8x4rijbEFAjGpLmGxo*@oE6xy#bXAok2A zw{DAd&Ej4o&D16Dy+oFYb^q^#M5<`lb1tP(C?WWIB(B3_;bdlx4hOTk$6S=bCFu_* zM7YDlAR9|TVugF3rw0TG!3;-ptMOI1A0OHR8}%_Nj}rnVSj{75eap8X0dz5N0v~PW zVhN$Qk#LJzm%uYGj@m}ec*oZ-;)+R2O)^E3p9fB;IvBpacd<9FI~x`or4aG_%VhbN zA3CA1Bd~ENs#>4QaTLgV0L7E-B?@SfT@;-dl7~P5%{GPuKP>Ov9Wt3vJP&2Y+Uo%( zE7x)zjKkxBM|S-tHts|yCiKmaL|wSZrQ2_WclW1;xWVGv6@?O0I`vu3B zuJ#)}eu%gAnj4+5QR+IPb68y8X8F^)n<>sK+YEkrw(AM52o@Y9$YgeF6e&p7OS4m$o{~6Xk?${rc4o5Y zASAc(O*7pk*B&H0B!B!H(XiOCcVdt;$gKa`ATM{v^@SUV4hZY*gUE+ZOGeht52K%taEdnsJ08 zl@kjV%4cDNi9@S`SnE}Q%!par^C@+NFLk!h*ezJNt3KAP`5fvR7~-H}VYUTvTQ4rb zwTwqg7iG{aZmv6ZtQKRuNvkSB1PPtk_NO|fG( z#@8%WlHOBtAGv!~{21^?38;TJj=kgaafZ?%H*Dh=ci$)QBE_1@--FQ!E@F8$-{ktT>1yC{KdS~8zxSiFcg{+n0b{cn7}5Y4~6M!?yZmY z;kxzZeQsP|>!3;yet1ghr;WmA8VREPLT=?1La5k96t9m2s&1Z09X$`2I!&t%w@WBe zLn?jf%B-^ZJ{MdssIPV(iVU8&H}{<|9Uw1)yH8HN;t8iRK*E7 zS&YQ1x&jWGrFW<(Pc{DRTZ7RsMc0bb_)a)pT&FnG?9FK0JyQuiTw3CBkn!Jr4(vwn zSb8yJVV2FV7qInRV1t^cUBa~C{`$^Lf&x%W8*!qzZ$YjFQev1;ElFrv)fOZbXa7@Og`3c+VrG0gfX%KHnD=y;0*@R5~NCT}Tqv_938>gV;0S$$leH69nb$(CX_Fwk4x`^BgxJ8kw(-%tcLZ=!K2hb*r*H`NO^6{`vQ%MgC9s z&#$?9hN-sqT2|~=nvaRM-+(Am>)yIw=-?7bdimEO=T!KWYBTdE(Hwovan&ng@jw=E z>L?SH1t7F?K=0%IKZSSEb#+&Z*>o?S_&3R#yMKjy3iHA{-`gB#%!<9J5^DjAvg`e+ z67#RE`D^R`Z}|H^?LjaP+LO+s`r_!83!5G>ujHsh1DsZk`65bP0PlHu$QXB5o|=Fkoj+80ww%_OV(8VR^mXyd za0=W&>dXzVD7np3@Xl`zhH^4lE6>Wiy}Q-vBD8_$nV&ed*oADfDN{q#oxs?9rSiWm zK=nrm_sg##T+ve}!%nQewSBjAPpU`*H$Q#{Hgv*nXCJ!}o)xp%V$4Fib}#yT@+)M( zxp~DPNc2x(4efyRjK2^qV(+3WL!Pe*|ZV z0&JW+7`K{N7o?n1;TI0ToI3fV*cmmdfU_6f^{cL0am<4P0Q-`!POMXBfuZRrh3c$e z79kZZai{?o_4iMO5<(l7HwG+K`TEW4S|)*?|MNqW|M3-zBFRH-A5C~rzkTQ<)NkKl z?#Je3;=WG+{g2N?|Mm?F`AKMm}$n5MCG2 zqciHP%Ju4AvF@+w>--m!69Y`WZAEmDIqqTK-?@GL)y%!X}W1yVN!%Ns-%>Mm3`5l%e=uSIV{pwxo^E|^?H z)w5HN0jc91AX{w#M~A`h-PV1ow%Hg9px)n$X1qpO+Td0vpk%;*5tzV|?_i%n*B~%5 zFHjn71`vY382Jn+x4{57egjylPxY6Ylg2$`wD|5X;SMc`+#s#;vw*WMjKEde)E?n zR{L|0{2-<6I>v^|F-iQRWJv&t!+Z;(asp)VVOCT?bnY)tjQ(?%Ea0y*pBCAI7#G4e z_axGHNdX?Dcm*AK8L*w;Q%Iw~J}~sp9WpTVn(ekO{li_Gr>xyGHlV~;dw6UJtj+zwwKZR5r$X!8VlMmAS^SiK;qsZ-Yfn66cr?2W9T+sMBOM2-&mjdA(nC#P`NiM z8ey$`sjA2i4r%nh(erRT_lV17vV((s$AQq?hy|nW6SKk*cMlzfu5~edVNiDlSJ8Ka ztCXECks}c-9de<45woQ|@9+$D*LSpRK@#2`tQkn9MRKorJw}e?0VSzC3ms})GZX1e zsr-jTDKDu{RNRI{SC$Ayf^0@a)F-k(s>lwNJikWM(~MahDnTRt#YR*n!wdA!jhDpd zoI5Arzd!j)b_XUP^HOrEfvM(u+|?q{TK%-8*C4Go5XdwC%EY%BLBvUf(yF7pGE9d@ zN5Gz0RaD5YCGQk|%-^Yo%Q^V5ps--^-BdQ+YnH0EsQdQNA=KAIhZ1`C3U#@_Gn0fC z1Cc%{Mbb?58B^JBrr*@l^L0%I9ydi=x+5&Ty&N1|knJV;ZK8sa1(W=8cQ{*GIzKzd zb-!;+b=#Ys#4Hv=bPBB$8dE-vP?7G-mG$DEkc(c@J?4HqK7&Q_E93aZbL?m!&U=}oAK)Y*ogPbKcH;;QzMj*LiWZ#%($Obh z*|eS#TrckHx{y?uXw+l%WwP74s?_|daeMcWY=$J?iI?V9ohxNbFVEEGay2&QcIfHc z{?FFKU)RU>-~ZnV%x#aye|?7gniist&PUEeXBrzL`V;SznQM=jj(cV%Q^5-s7y-M@0!p<0GrEEbeBhE49ecxm*HTf;3_K#41{v#;)hv{fm^n@7*lHUBS zhyo_4n!CDUlJ}%$+cox84 z-G_<6T61#rj?H^$SOo+6HbS8~+$ViGx6Zuv6mGf10E3W9ET|pGWq0>b1&py(`QrFD zLE0U5cyAqHZWjBXWDV_4Jt)#jf!SP=LpDwyM(0S!11XU!@>>u|yy6xl6xgf#^hgmv z+6V9@V%*{ZVPYYNSo(x6yHL%ac$47NC`G<1o5^v8;|+*){YZE}Ee$k1ke$4x`4Yb8 zI+@r!glkY-kE9M?%=BoRh@lE@>LZTFfCQQ6kGphMOGlXObysk@OL2 zgFi1aIxr2CRMhUbw7i3U_F{^iVpOrH+@;00aYjz6h*{UM_lrb> zOw|!nDf+0pj)R=KymhhrJe%R&WKh(lG=}z`<;}F?;Hvbbo6P#PHFn@m>~Rl(&GdrY z*jA9}VD$2pLpBvQmXPiAzE}5F7xly_4=~bosKLN!XE&ESC9<~5=e;WXG?YD;E`7_M z#4t9}8SL=*q|0O1_a{Q?OQ#QS*v+^tl{K@c@u7<|GFL@#+1<$Yg+9^)mubflj_;TN zpOYSlMm{;B@RLVfMW}loMvH*!w<@sj=;qBB9f?xjZwEb&VJ=}l0nQxg+m4Q3$usn2jI#rsrgn?B!{^Qh@CA_}DgdG3{;fy*72(Xv#23 zF9Msua3O7Z4JV(-LG z>S?m>1ngMy^YY>%yPU#KC&@iQ2NnIo>krdDBgWy+4^iC-sM<0lgFV4x!PM!+c-hCw zsy7C{qnZt0l84KZ?-v~2-B|CkGBrj}PGCzHS3Wg4ATfO7R!@kYkv8gxCPIqhvGOq@ z1@Xmy?`Z3J75$NfEGV;+7dCuTZCr|VjxJ58j-2QaDm9rWJ+P=xcyD`wqLVE7K<&;R zOdL{+Vr*PHLAzXwJ5b4;=Rume`m!UoO-qy^pi)j}^a`VT9#NT-CRI@fZJ(w+-|MK^vm_|1V( z@3Xlcu1AkabJm(a?b4&fKertiEz6odhur@`P7G+zys~0N|cTYO$`Xrww!zVCh*!+2tYIrjt_@0%dp{jR*Q`B`dFd12LydKY_l#xc$P zS&yZm+RX#Uy|4|-L-4Bv`QU-^0l!M+ERTUkF|H2h^tn?X%>*E7abt?RPekP(`YGWP zo+t|B3MXh)#h68mxCWhr1$l(Woc-DIj_wc(6WFcwY*;~osTR?8(seY20kJS)!tZjN zHZi!du3~)2$4NX2U(1}}TeaVZd#@C!{MGPtk=}dqbXyy@;sR{c+PMb?#52`gM>K#I z`n1!uk(-(M@O0+)YB6$^6;X3?rnbUU)?2MUZZseprS z=a|A?*TPc!2rNJ@!rcZ!8(34tRao_{ z+Kw`%E<5>{d%>Lq`dSTC;jCG0v8xhp*fMA{Hg>~>a@nIzpJ;?<8tXXP0Aq1A*VFzi z>3R-d6l-t`5tKrw?-IRy<;u0G)5kMvF^|Xru7oUJrk{z^*aJh2#k_8c4#MhJIbdJc z<@HXv2tM$%Yw0Q;Rjx4p!L}R>UvY;s!4`Uf{%|*IH^mIq(oArnH+w;8oa|mj3zu^8 z&v~def;6pDQX3mH{R2)uZ|po)Q$-P+7B{~miKb0b8%pK(qetA2G~iaeeE>W7!$~-e z*W2P!B5$?eMauPg`PMPak#9}1EXO^}?>a053N+3J(=7U%ImA-Tbnl-FSX?uD-gr%Y(5aTqo7`7&AFOdAZvpN++7^PRcDtvD*7^lcUCRy=olt zu6?jCeVlW}v_s$}JMW-?NW)7O#!~`r-5nmldvGQG7{GgvwV`&QtmAL89IPDDSg3aT zio~z`IPX-sUc1|f_iW~(=z1g8A6{(Rh~5h*AVQO#l{*f+in-Cjmfz~h)~djIw9WHy z&0WUKnpVcJA05wIS7y7DK1hlUN#6Z7c zjVxijB}&kGvrZw2Me_dD%!u;c;S-wsvR@Z}#Rwf4whX!2XS7FPep&3aD&)!DsizV0 zKCB?wkEsERw|7lsTu@>0Z5V!|*4Lek_>$P(Y9R9Fy4UWpecnI5S9_DYtOUVXFI=Ok zIMW~i!n!%&X z6G{%|oh*^Y$l~|NmfbIJRJNdC=YTZpu``tbR#=;zwD7Evk zNSb#7*mF%}4%1uq-E7|P%<|GoS;ytV0bl-D&x6)J>EIK8C)gfSV4*(Fbuv8o3^+8| zW_>rmX#&q)^eQ0YLfBVOp=)S1BsHcw-|m$t z9E?nD<{$c6)pqOFOY`{XbAu@#qe?%FISMHI$v1-1RJCxP(bi0lm^uaIx(jR1w+nnd z_9nm_sJPOJ!=DizMem_^!FC}Jc=4r#_i-f{+av45C z6`nFCy;szOtcDej=&ITq7R{^N3tMVM42nsW*{LerNGrRYQ;hP#EZh1coyn3oZt+LF z2iHv%?xNG~InT?Jf*oew{0MP4?6hjN;@|Hak7;8-$0RymG5*32$$AHY)Ic6V^fGcq z@630;5>cmosEWy>V`a`+X4d6ot9tbm1cU1<7 zgVE#N`r>s?vWx<4A(NjRL%TYir^{m&ODB|>nz+(~RG2;Jt2Ly}wKVU`+GeViC9B2} zrb70I^>?-#Xhg)GFqUKk1y|f}cAY62`Leu}F__Y;Y2B-(_{ia`^Osgaq@nZtbh3Tg zx_!E9_7BIJkG_c7Fo+H`u^@Fz z$n};C^Bz;$wO=&iJ-7MD{K)7){}!Y_J(yfN&O#M}9Yt~z^(bbGSVEwx`_Zo|9p6Dd z%C)&f#SXZX<07r8Q&E@b1g?}&R;wKfAeEAAsr;tjxH`KEy_4}Onqr44eB@9F zPt@RJ0U+s@cz5KxqbIIomD*j(=XQ3(cIn4V*yRb_;(CV1LQ_AKm3m-e0lV8Hp|ky~ zx~tQkk6{zT;+G1XLj1Wq)y4PhTk(B2(934f-9dbmbu~pO$Ldp&*29HlEtA~G--62S za-|6ERZ~~7&Bm3xmk+-mhq3$Yw#TtoDks-x%oom8i+sNF(4Nj;pdz7H zNJS76BhR6lki-*_BqL&asH^fhsslOFbAonMGuAd(Bdp_oQrwj>P7~|?iw%g0~x zSPu-nGW>Xdo%>Q;x`vwusYfDv`O{FPj~3@ZYkpKZUi2z{XtP4m!PN^E-^EVE)=m=x z8n6t=%Ub%z7~i4U;KL5z_q~6Z^=_|H!%7LBJ~=Z~l@%oBTOyike2Ja+i$P381?r7g zd{O?|+$TNXe(mM{Rv&d>#oYQ{yKS&+8*KlR=fJhcH+#4sf2u+M*OaK!zvF~Czn4MJ zO8poOR)zlmmYx5{k+}WyzYbY%_tpR0zWQ@5*MFp){7gOh&(cr+x(>Jh{y(S`@_$m5 zWc$0G{I}-z<(}x5pPBxmz=v+L2BQES41f z;vH};3bZPa9k@p`$0pBXw}36>N8{EFadXM$0vQ_cws3d|P48 zwtBgT5gjMzGz6t{!AWO{GhqN#2Pt3AT^6}I(!xpb5?Tc+(mAc`yJv!GwG1h=!tJd? zr)Ld$cuX?eJ(+4x&>D$+6`}R;Q{M}~sxW$(TbWD@y9y2UiK<5mKW~31e)VKhvE3&_ zcl@!UxS;{3)UKypmC9IdW(1;-4c~xe)?w6dmjx{sbA#Te; z<6%&yx;t^f41VWlelm8&5Jt>R)q=Z{V>9PI0D)}u*Ge_O48u^P&{R9hQP7fEpzIUz z0eF*Acd@ZPuqhRkKweTA^n(Y;jfQWCLCM`DDFEMoMu5a+E0DOX97neygPMIV8@#UU zEwo^e`pgAVpN&Bz5BYePmF)t$K3WYw|&g1?FiG)NZxi( zZaa?oAA#KeN8^}pqkT^7mtWuxa3&cyp-e40+xa@nw*Xtqs0-T0tBI*TepHi^xPgg);5+deG6t%OL$jpR;OiqnKgNm z;}+!AW9oH~^Ylq-CTSoZ$q54FwPSD!=OZ*tEU4<}e|81-&KS$ap$Tjw4Ae6vCW1uQ zmSq+?P>Gp)2zw_gl7!s@yYrJJabALjuI%U7&jE-Ee08M=d&j$gik=Bc3KH3VZTG?U z9Qd0#kjiU+N=+9O|NT`tTE(4=p(uDDCLA-6mk%tKtK{;FYAHDfCcQq+oOZ44ggDzS z#&cu)pFM>i_86e=^#qlz0s=8gAeDU|sBMKipyDhNH)%Nh@@T=g`YxRB;ZJZMC0d0QTBK<2BU(6cPGFL zLYtVwDMl2T)|Iog;B}NOMQ<4hHo>aCV{mgTtDR&S5(l_St%>VsFl=0&0w+nP+Gfxa zDZ*{5K5f#Pg{YxnNBqZ;qRI2MbMSYvMujoNvo^lXKgB;bU=L*=?;6qoaFX+9ar3i@wNGC_J>w^C(pow+N_vs_+`1Ew4L= zqlRAqmDD_*(9*DXCoVwQsfW~OVdDb5*bV+FhKppsF(~_euz6TDl&gIB?%kCSuXU+V zNzf~?%jflG`=x}(fBL%-%cM>q_Mi%PBSOAGifwk3Q*+?d{h=x<2mjq$j(cYm9EZaz zc$rKgOCnjM7`HgT9Qpnu%`OhkTy6V5e~dUU;2dRbBPgAJo{{IU;kMbbZMyyU=0KiT zV}eMJ68m_rW@8*RO#-G-;uSl1_508>MSbUJD?i1 z*>I!1w&Sic-$QkD~^wQP0BgfDe4xovtUlOjpIk zie%Gk+hDU?P%%Z%bnU8w>={T1owuTM*dHZ<>r3~+~!(}&t&GgQFkK81>1!~LbBlIh$~5_${rzG4eP=qmj;HO@_^f4LfT;{h}UAfBIrI^3%cMNlOQ@m)jYm%fLU6taM} z!>G*g@7_R)=&zT9Zuf7dB?B%r@clmB1)@YP#j8SWsN2(tYX?}UJ7H7MVUqyR{@>&% zRo?vT15G?;;*XHg3`VQy{%l7DRkN)=B-(LIMJO3|7nIQkUH{{W}b>nXjcuH)0%8dH=gA5e<4_WZ~P z;tpxIXUT^Yclr!RZZgx(VrtJNN~QX?&yQzNPh}%}+%|5}k^_jvXFR=?RN;Z6Tac3j zvp`kEL%86lw#dJICFcr>%!@E={UNg`+V&`%_no8iJhT)AtP(WpN7hrpw+U-erJ@3_ zKU3T(Q1bc~#1#F!q9$>) zdvRhZukZr)coW%oFCQxEetPyA2a=gsJO9p$+9)M8Y(XN;$l!p!(+RAZqz;q{_Cw;L z6BK`cRLY2GPbj7GCu<3CIgtW}P(>!+G; zLEP(6U3$4k)-U9v#zJ3?O-@YOmLSir1NADmM=V|IOa|1lv8 zdA(2S+}Q$|(p)Gi&z1U?>Eq)dnf3iP^ul$2UqP<|A9EZpO{p_9P7|Gq^i81 z;fbbAh1?^iiMRWI3u z99(Zi+DwbdxKub~VX9GhQC6qL+EvIHY6U+^AJ~GF0JXUIEDzi3WrUD~lPUtG6>k;p z@i(_n#IAlkKHPSiEYSkdZ_2J7sQp+-W6+d${Q1$61fj8{X6%Z8dLuYsH_Z zyU4Tv`neNU#Ddo&c##mjC(6jdnJq(6iw;6zXiMmj+`d%ped3<_p)$>}Vo9uf7{i0w zS&}m_^`Qv*K5jQBX0rSEqdR@@fU5q$=qp>0hl&?IM9!7f{E%CMF=5Am91auJDeK~U z>h;eUrM=EB{EfWJLq~7+>VJT6rWub#A5x#UwAPL2gmf5*G5jzM%C+&b%`~aauV5Q%)6Mpip_j}$e7-|f1}^p9 z(D4?u#+yLJKh$#GzF=?eZdtNh^aAy3A8hPHd89dd5$=~SR8R`L*FQMr3Oo^$jLTaP zZv&AMrX?Hp4I2WS&Ws_rG;gL>KP8H(l@kt(^xh96nfYORo*nUH{U-jPjbrhL9kO`F z<%tYD^N`N2FNa4=TOuz@i-)&z?^e6YX=upFc(_Ht_mph^n8ysBeG>0JZVO-(F63px zr<$R>r>RCcXfw~Of= zrCzRL41!A1YcVad2+d~iu5u`{0Y?bGHFQfnFe4Z$u$ajo1?FW1n3q#l z?8x#Rv`a>l%~Uo;k_>r|J`>N%6ASL?YW!awCqj(k`2OeMD z_?%m(&mXJByX0?uA&31i(|_PLguHHQ6vMh z(FEKV1yMRdXlq<=&A7KIS2Qti9G?=%^?kzZ>HhmQ9M?E>4=L?D`eZj`ll5a)0H2i3 z3pfi>YH}8@6-17?+WW(=SlTmf2g-?OLYiXasYP*j;B0!JV5H~mZIe29>z-*;gJE>^ z2c_OF#TOGnBDJ>eZYK=%cd83RTr+Q*CSgyhNTF(t>4(TN`jJ=3mhUV)maZL3DQ%jh zNa+aj_{@!Rro}M2u7qE!H9Y>kQs*id(x#E%n(7l|bIxMh>BZtCp-|XJ#OIt4*ysiC ztTJQh$2BAHkcG>56M{P_sy97xd^DYZ-c2{BbV!bR2X~{yaMJmLiQsjDh43TBC)Wg- zH!p#iPbK~I44pz@BzJO08j`<)aBFCWlkA*mG#nP+KbbuF0Cy5!1#Q zo%i!*hU3Z5$C~apZ%)Y3`9Hdj6^I;MI$~S|k*NN^_j+1p_8z%_Rdi%Wl0h<-^a6L26 zH?#$h6R}2w_-yy_bt(r#ooPbuE}+W;8JRVdK2&f|!JPaBS)eU1S6J&<%XHIF?f#>i z9$C}3ecE(ymHJi!an%>q9KDr@v3Lz$vnze?j|`dDsH-0$Tx8sBbd$OK^!^a$e8$7( zTECYdX7B9E8nL*g9OfS^aMf7?thB6tq3Mk z4LAZ&3(E(zgMwyI<3~QjX22=L55}lb_s>lTzKs2`?w_uz>H>tLW}&MK0G0sij1w7u zX@cr|+$N=7FDa=EM^=?R@o6|pB}uJ|?swgRkKVQ(r@HvoW$Ig^w9F!l0aau=c+hXK zr`veQEk`mHA(qimJY^+ugvTE`dik4Sho+WY6R_`o*3$j&W#Mn%_kVA{Z3L5AfR*e_ zbQ%CYX0Knaw<7$E&meTgQAJ{N4!ilF7y~~J=3oLh^}!aTC;a;id_@XF-;0_Pr~WLU zzG+SOW){h-sK>HUT_-4t0OVr!@Y3&hSRAoR&{F9{q=vp`W$@JaI%fOT`<|%2-?>$- zLC+ZGhi|5RD^|{Pi7gyBTFb{w)*~dqc#+lwWcg_6goHuPngiF${IW&_x1ub}t_&p< zPPga0v0INS_@F7qjG*T0BZd@?Y=-ZqLeB>0dAJ*xY1v*aEU)OZj_V{c4KC?*+C%s8 z7aYn`_@E>rH?;+E=$RqIh2^DS6>Z+wI1;wP%XB7{7OodFaf|eQdLRzxTGBsIg^tX~ zt7x!*5WAjBNMI^W#_@WprImLzJ>~YDces-Cg!O2LK^G&}6rw-&P*)h|%qhxfE4&XU5X1X= zoZuWnl%Cc~DILL=QqOchs~KoiuV>*ddgJqAgFgt=zSx1>-$z&S$Xlo{Ia;q#l3$3Z z$ewx98BYBa-drSYGj(^211kDq=2)(?N0#wDX^e$oi0l2X1OC}Bvbkgprbudj-4+2v zcnvF6g6x+=W=8aVfnSS0*U{5t$?6#{_-;{r_yP3Tx5q{a2A^}8zf2mwskDx?K)np_R%X%||RzvkY? z!5?sYbq{@WMJ$FpB=vc+xT?Ed?wXUkL)2jR^SZuo=q_RM;Yl&r9-Zv80>`zM;u8;|zkd~pwoe+&Z#{YK^vwC?-k_NT z$yZ{RS%jB0@RC0*C|Rfda_T)%b{My_6+f!50`+!DL9?fs#k!G-gf|mRK~&xx4*-St z(EHxaDmJ}$C%q6@K^C#fFHMEpAO#p!#2&k16ml{L(&a_!)IZKHlDreG)VnhoQ_mG8 zWNXnBLBIc_^VvtgQcn|`QVClSU2>{T+D5{$9!JB@6-w7rWZ6j4jcUDXC+`;#L$VI9 zx{gielNkuf>g3kR5<*xZrg?nUunAEd+h;!G5qq>XMDg9|<(PRNeMiMGg+YJ5s8ju~ zs=gu(`}=2mDzM>wn!7AguiXrBO&I8*KOWYRX~@V6Xe<{h^{+I@@o?*;OBf!Iq<`-e zo88S{c1_Tl_1!N20fqP}cmpWV;5ETSt3{DE zvD#uAt6``qcQg73*uw7k;Od|&B0r5Y)ZBH@#tnhFKezIi*zO;(+&@HK5BdPn&u6DG z(a6gbP1Nm$%>+Qg+B1_#i}zGce?!72*oF(7#A9vm+d4W&qV+5WCs2VtdkGHI$F_lT z&=23*_QW4)iM!R*{^_7qXn=tLXBRucD5zS(ry0pMEz}dZ5XW<$0srNxk55-gwP%o}fk8U6u_f z1`z95AOi-=u`6{KMWBYA1=ks#;vM4D&g>etC2MouD%BoE+Vq8C#o*JDSwmn&@ z9SUF=%R2rx5dLoDd@kp>@}`s!yYQC@E3LSLpMk;_Oh(Ijh<`P zs(gf*Q^39f#p5S{$HTr`3~};cp~r9?hhk)5JzqTI+pzhTn$0_T5Y!c)b3~s|0;RTm zCam((cV(Fiy-TiQB{%kMoc&M~!p17yAj#$~$V_*tK1SX*Aw^{iAie5G>P%1;LKQC* z^DpQnoLs#cl@@JjpFSAC&4~7A)|lj1k2NXC-2~C8UGhYsE-<~Us~-3C-}Ni5QoG)3 zoLOr(7bQ8zRmpS zA)IG7GJ#vg=5!hqcPQ~`2Z74n#2EU%MeK$On(Sq}2;!I*oH$Wq)osA$m@~bA^a5km zN5)M6>lVl5$})&*Zqh^?FkK=Ii77^N7j-;tfW6^*d2Ofjk*o82cdK6dC{*gROb)2^ zIY@MWi8Oj|A2%@Q?gGkD7_1kJ!NL?(ZvJe10|BDJqM z)i^H%>0-%5dQcK#vT^+bYl1dT%D(jzz7cgP8ot+u-G1QZJucKUB^bgLA*#hlm~;Ek z#`fW5%k07-8=KpEj{ELu!PGb%2Ju0|JAfKW(FXBGOU&$i;L~XoceUs&c>ZcOa^ytx z#{}1sr+00yF)+#>WtDDp+GF*(O(w~fiL>(n3WhBJ;Zzn*`e-7j(nX@q1S$Q|C|^;< zQLc_})&b=oUo8b|7mHu>mqq7&+tA&0V~4Bd<_<7{oQXpHu>_|21m5Dee462<>5I!01?1iyA6~>JEKqPjwGU6qbx!{}R8_eye?&g| zQ|twuriG1K$P1Mj|?B;7x5+$dfU78`AEFdc<< z3;&w%z4{C-4^$gL9Z(VV(7Oo`JS~pidcN}oL7K1mdy~x&5(Y0hC`z9tzur_=5d6fp z4678clE#kX6ANLq9hEk~H>XI^b&~0PgA^IiaokOCvJ~iwsZGO|P#ExhMNxL%p04ql zBs=2s&i>D4-|ksJk8+wgr1~`vEk1E{d)XnKx4SN4W*GvzxdpL@hq}QEXKK-hkvipm zj(LyBhP(=WVY?b>ZF_P*uNnrM^^7gsuJ?bKp!6b44?tl(eL$_iO|s0 z=+1p9#_6GQk%HPe;gv7S?7vzXho<8~*BA-O~O+2t~yblk#Y(JmI} zDZ9yMn`_|(0rd--vco4c(|PZXx74ejO~E@y(&rW4Z9!~Qy}k5=GoTT$QurbZVbzrE zor^RhpHDXPaA`<@md4z~_O6ks*%BI^Bl|j8N6!?9J-=YS{~qIW_S+`UBv{CT>&@PX zM*2Y_Q?1SsbGa`Gtkz4-oxt~dd#c;2RWgGp71cJ$6d|ACH`_4~MK{-xovl9_X@&3f=a9Kjg3 z0koR|K%nfj1-WW6uvF~B_7jRhO~DAI^vWMt8mH|Qd4?Z_Bybc(x{?8Oc*iIJyN284 za}8Ci2eYHO8xqYii)~|>>6&J$CFR7O!!n*RrS75yrh`%1Cah;oG!Q6X}>HC-SL~a{rItS4Lr+3*{|RtCq5nE^-lQlJ2;l8bx4L zpsI!@M2kR;CBXMrvwIk66Jd>29Bqv%=PLspC6C+)x%G9<|H7Wqppn&mtx)3i`3|fi zGX`EzX+=??9wL&0r2?oXV-CAXoyOGn!N=am0fuUt%#}=WaYfntIf`5)E>XuC`d!pL zsVAdnXwRz8&O#5Xu-$Xlopmpj@_J`+#!9FtUph8N^7U;EKjZyp89#quWW~TgJJn!= zxpbPL&quk)>B(wSmoX-RHl-t#!`~V@*c%ipHe3WU&T&F`_7Ait5^g5$8YGvJG>OV< z-2vr*NbNYJd3OxogepND)dxCpr{i*8N2k^Q-%RtmI9Y=xsrGE#aMA_<6+v)buI{k3$+R0~>$$wss?=L&@w?|I4oHR0`PO6NFM<>cZJlxmnY4ky1h5gz5nQt zD1Bv)?Y>YGhk-+bK5pHEB(y zpsr}aeAQtt>*oeMMv3$u?1z9l9rWmaY+=Ba-ZdD98be7`p7C&MW%oBp6IPVCR3by^ zr}^>xV+HI;F0$Demdf6yMsF|brYn-~;H8ob!nABJ42tW8H^&OS&E3|<~ zW3K6T{M4MGLy1?9e*SzoOEvD+12LbnVci*WG|6ygF<+IH;+c3p%YS|GZ{Zyls}dea`QspYv$Bg*FyCjTnuZ;003&+?QZi9Y7uFzNx9nOa`Lfs2|2DQ>gIqa%Jq zVnKiJ<2g6F0HcbfUZo39Z->w}S=p8B>^k$#Rz=FLdeA8A&)l(8me+{A!hd&_Y!wAP z^TYCoDkxvv4SaT))uON~)|=)Uy%+jBknXCGMrtO<_f|3&a?SeM?=G8z9<$F7JM^49 z$_Y|5#a9d{?|=UDd0Sn5o@@s&7SK4`X-bzxU|KW=;F*+n@5Z5(hQ^AweFlCTb$MSO z>$rtnbnBpNoeJ@2cz7tuY0wAT(W(gE-h8x5ESxGoW(9!oNWts>p-SO@q+a;XpZ~|I zj{lF13-b{x23R6|t1GBd0DLZ>HaYihvAnDRuPp?co{Ynf(NOc2XFv~i1!)5MFIhhK z&@gfh0wFR0P>?afLYc|%xQ}?wj34PjF#1-a;T`bMG{bgHlLHNG#(v^uHXkDIU7yoj za=E}?G7Zzv=%UXzuNd%e$;i%!5Yk#22$7Zmc1`!3@a(tdWj@09r@exqd-RfXOQJIu zCRk)9u*Inr^yFK7Ovl$3AUdfpHV`_N`sU63=CsNtBnG8~U(B5u;8|5^N?boRY^v2d z7rh8LZt45c9gl`H6D`L^I$fhP738GDglzzhd9pe=jpSh0^Zn24`~wu{MZVA3nmC{^ z4uRbxi0zLm7%rz@>ZHGFsE-{z5i-+K{;o}~ZXoTO8d#AZOg-Y30-d{yB!}Jb%|#zX z?-!%GGNq8?oSp%u;rn^xBA$KhRuTt{684AXGfYo-{rcK^QcqGaL1AJ@uxLe^#y}p4@@!6<8^Qj?WN?^6+wb+8rmPdqK?DUFx63)t?VS*@R zl~4Oz#LB2HVZCb6mYWn_CK0lbde}Q!!1Lh=k`|{QNZP#4n)8y0`=wu_soh>F8Lh;L*^sDP^D6vkFjRb2kqis@O^d%2vN6EagT*6lN@MK z#9A-StW8>R1WtLjMGy~ZZ0@!HDMn{SgvE5;SxO$G-oAJsYE5ryTAVz!W0N$p_>$5C z^b9~m6@~EZgcl+OA(D->dOZyhA-weyRlD5@l1F4V1J8V*bobZw$-mYube^CAmIn-C zLOPr2wQ9RNb5DA4c%^xfRlK16;-UWbp0tw+b*6Z1_4YkQ9DJ_?OWEnuLNN+si(}q7 z*NK%Mh%tDBl_-wfq?4&T`)JYV^ss(dXe`4)E0m5}ZNeR|lOiIOo1f5>H&?M2dqek4 zNo4258y$R%ho-ETOTU!=S*G-bb|5X*r{fab0ih?cE(}S3X)?W$aKp~lyVfVhHV&%9 zBOvVjwUj#hMSbj3&)qreNPi%Lg%j(ot zcJ=aE?Z+J?bKD*A+BQ=t{%p}G7%h>EP=wVmA(UVlrjDL9V;hDf@fm&+r6w{=8iM^5 z18&t#Kbo|eLfF<#f9&B7W~b3vZ3z19G*oPhI3am%;Psz+O&0m;(8E2hP`^8r2XkCz zx=-ka4;jQBll#N>at2{niT=7;qv-7$oWWAkXQbzquM393Jdtdnqix)_#PlkN?;yKfU%S)FJ z&?r1%eoXkK`>BanfIm-hYFb5zJb2K80P*l zPUdL%mJlW01X-m$r?F}tdsp?B8Ol-5^a&>et%}Xp^ABU)Zh%k#0lqNg{1hrio#Eat z7Ww1bTDrH(DXhjdd;T*0bJqYhfB#uN&jQyh@z95}3%awpBTo(LA#?M~(jBPJ<}}#1nYU{_;NC~3C{)!L za{jfB%FCb9@vG653^UOWH#wigMM-Mk+D(%}x}lxb`|Z7;rpcAb;|>llcjl$8-4WLK z@Z<+BdIPC~gqq210u;i{mYds30?}3HuMMWoqXTLa@KZH?a{HS;f*p#xlfT1$2lp(m zYBS3It~Zl~q>Z}l4h%TQNoDw2VvT;k&1S1J8B&>QO3rKv*!M^VQ;@C%Qev+suE6Jj zjRM+fLVRv7AuqraQ!;%e@>--3wL-whq_uB+tJTlCH@a}OZLXidi~vZ6Vg=j5Ya9}N z9oRJuU$i7;B(nu4sJP0h8NX9bWllDXnWPGCx*Mc;p+|g8a99S@Z+ZBhqDyL{Ehjt= zr%dujSX#N`qgoqR;SHRi`^yp6e34;D`vXeEC!!(1TcehP7Hg7%Z1HJbQ^{9q-ab)h z#fUPOQ~fI46jr&SRK4=PJhjCC@!;Yn=RpoVu#FPu1r>K77vJKV2-2#;rI zV-2vrcK-;%Z#V(2^yx%Jf^S$)E103d)Qi4x9duNs4LLVqgHcX*CWpqji$&RcJNId% zp78pMU6KOJMad<?-m2t2| zRwQ!Hoas-A7u^*{dQ*j(wBaKE(WjU@7<^RUic4dpjEeQ}l-_v6Ws(v#fqaFpd=(?w z!&1Jh@sCNtOsR;=&sdOnV82aFjxVvx`D5wwGtQzJ;se&b{0rS3)_W{v*qEMAO~xX5 zi5(&d#kcph-gV!1<w>p4j3y#KuctQ}CKyI10`0Cx5FKcNscwtShkD;Q5}KG3t4ynM zregd-Qlvo;nde`!=(O&lVnWNwG3qA4kvARa82fUp@w!d4`l_{kVe}!A_wAK#>;Oi} z-);|#1Dn7@GjEN1#nJ4X?mK&ycpLKvIFv>?hYMyTOHbXY?YpyUERPtZ~P*1`3(;=`f>QjcXI&)4sJ+ zDN==Z@8cP`^8syUVmX$}6R+T2BpPsn>3(D3+n$`E9|FE zUO3d58rGT`_j9om<^-1rzZPgy9*agvx3P*mN@yk~cbOgljA3PM_d!StKQ5&;idLh; z1oh>8Kw~=ftaZvrjFsQ>iay2OdybteQfk-lz-+n&!LxQG&5qTS%iw(g^YwtdAkq+0 z06iPn zpScG}z%)-KJM`$oeP3&_BPFwSlfLEU^ZKyb@djL;J9+D6KeH?&L@Lz&5H#zODX^X# z3xG9dWlo+*@3mp6wFv{oI}JTi2#6*&D|E%U`c8Z@U($lOu%+QOZsoUjNoRup+>#E3 zBtwrA@s^)fA(!8jgnc0$XXz%kE%3^A=^-AyneOs`p7n{H>E^8d9u~sLWZf~O3wFEDv2Pw@ub6 zwD99*E?0TqrtRpyEcwXtDp&Z{pWbySHJ()2Frg$%@Ne(t%iP%PNPg47KvUVrd$Lpb zYhUd?6=A+r&b*|Au-S30^@(jq+CL-DAYZPyL=fZpz97M$Ow1SYCvGltXKDc7MKJRV z+~sVd_k|go4KwRV27DS++av44Bd(XyFN-@WRNKfu&#lT5*BU6rd(RKNm@9}d8mvG_ z%CsMSYSK@t-mb~|9bZJ`z5EWgQzX|YBWwaha#Wz%@77vzV~6oqpBB{w1FK>K-gD6= z(Fup-2@V!s*Y^cQgD8}kcHuWuR!3TI?puwP*uIi9|~pViAc zXlwrI;xPgvjx$9=KEk+4GjQZ+v)YLLec|_MDE&HLWY8^RZ(5w}J=0JMJ5;mZy`qcf zTkK(NVCJoss|4wQTwf2PPa9LKIu#%QY2AM{Nm0?{eIfnRN=Eo*>mBBGo0%VDZrL$$ zRqo#sorjf%ex9gHk84&nkEnuPJo-{(!Q1;yuR@n^zfy5p_X1^6K|cheh3sg3xTCZUN0LPgkSOSqLHpiv-sW z#;1uR_(R*Y;T!bIoq2aQgiW3^vku;`EcK3FT|(N~*j>iKL@6kKpnlLjv!dt6GDiVW z=}|*@)Jj3Ph%K3!_CNK(aUiaDt=2j_T5m6zrjF0B^n>M|y!;R4g=(e><*H7hjoaBt zTCbhT*i1$vqmvdBv{jBZow8ic)6dtDd(6w=+kp78dGa{O%BZ0tWiMrJ!G~4s1yjFw z<135$FHc@%EGakAM3ZSVA8lf|u`G0-TON)f(JW1ghS<%BWodSW^#tSZr9(K|#}wZg zRC;&*5vwETVaE@7tO5r(C#x}XOmZYx>hX@0q1gOlkMLJlwH5b@>w}yx$kQr;R`4Ro zh!fNoZ#h)QJmA-JxCfe+xF}LPxji~xlNRT4=RPfsqm|L*O~F@h$htgjjs`yvB0biB zt&DGM{;^)?>!vR?VPq9j6OCMd3eKBKVBq^lzy zb_GVgUw8Z^7h;6JCdXTWgVqvct;7Uu9&L?&-FXU@Rr;~*S%#tD zjlP~YP{hM*gBtcwJ3Urj*{V6$1t0j;m@%_NlZEvmA>DlQ8i+Q{56d)7Q9o0RtjR&+ zw$%w^dnV6idfsIcQM+iySI;P_^^IehYSFf)c=|vTO04rHH@t@7w)}J7R2h{szmC8n ztUPehzXp3k8ukAf_j8L?$Cvkb)}>ftpfNQ!lRx6ViYSjE-GjkU74jjAPl}J_z*kgx zkY%7wn<^U@DVLC&D23sfG-7J{65uKOP z1dQ#Y3nFA`X^!*c2{mI>t4@)YLPfOcsiB_`JZu2^L$w3>@x@A3PjdizDoJR2jwR~X z4z14zWK#k)hiM`M7i+J>yCh|iAMR_9b?KVT;T_~#nS$V3rN^2E8?X2-C`eqaKG%or zAn|#2rd7R$!)79bers2MOb1;&Tu>J6Lc})k7H{7w@$+-z&4gi%N)PB4ZlTSMDo>ct zpgskV8AnD3)|#=lAXjly4OcGaBtDggqZRaD(ZLi}vMbGkk4wIS^ z_|0VvW$HY$TqI~j!z(wjt)k_gah9}~vzOE8vmYdiTg3-LK7$yl%-E?TBt>a`L*E7| zt>{wxd?Lv6r&rHjl+8y*N zhpEK*+W7sPAVfXAem=S2ync&iJ*aArVGDk%<*F~l{CV0*p0|UX>_E4335F}f=xF5o zTRVj$a9BFL?fFeGyQkYWI$irxs0krY8PR1c-ZoZbq9&=A+I4sY+#`;O(;2n$L) zuvr%B<+F?z*zm&4t>;Zh<{1%6(nLlA_;(;%CE*Oqk71E}>)u66%J2|QaAMF{V~j{M zX7JsxF@QYDwU+<7dW}SfKq{~d!k4pJ6e$u|J0D-k?7)~HhETrJ^Mm@M*<*pD(Go2x1+1n*ZU(@sN3MO<`~#`3}SKmqK}0tYvrl@h6b z(&1r1NaU_&GUSoI=CpgASc)!Np36UXt@3@4>5sN-i6PID>`s}Y2c2)7Se!-gEb&U|%7ukze3db33P!q0eNKF}v1 zB3FoWDc*)hSoK!XhRUmRF?#dd6%7BIQRH%#`Q7RXG}JGDf?->yo1?$Jxh|QnC%3!5 zVxJG70Xf$}A0&%MGmeeG{twOH%pXo|VV(-+SjV?=ot zUIK~+A6kK^0VUfLI#T2WbPE-Wq9?KYYNJsdNCw}6*4w`G$`ek^o);0`H;MxXe0g48 zTm3+Tiw?0nRU;;-tfJ#QSm~{Rj9YS;0IF$=2&nqq*(ZsY*H{ zuTc2e?e$@W+CjIEfp5MdqVU_bf30nHZ{b8^va&5Z%-h-}S%5t&1e;Ya>N zosGsyxJ}C@t@a+O7`>}0Af%C=ET%J#4y-W^%4@vWoVSH41N;p|W~LpPcOy^H8wF6O z@j1u2u3c4%5UtT*H$Md}^4lij>%9Y~H`;{Ga9)(Nr8YH33=n}?h2C^e*Q!4)jcavyng z&M{AiG^rI5Y|oNPJ)?HhZ>B13C(NltgyVU&gr?E`yK|Er{rXHvSt6?5O%tX2S*2kq zSvs)c4Bzfsk9O0j`p#swZKKs6=CqWZ<^JEVFjXdl|E~>rWzPY5E6oVN+c}J!ft95Jp0(3lC=u;Qf73()2L zveI3=d3ghz%`q*ZTeC_I`t;B$n5Xh(fBgxU6gb2`G#G2Aic@Vr2=!Mg2?EbHNuuXD zAPa@L@8CJ}d}{JFbc^m}{F%9TFM7g=vN^t{nsKlGh;Ua{$7O`e+A11i8vFPIn#xa^VqMqKFo5UBLW}dynuDUT?nNdYh$YO@ z6CeaV((Wb$BFcY*5~*MO*UY7=TJdK<|Kg8;!2HUQD<%S9k7{wMq^=C$edRRbA3z-> z1ur2qk`6+Fj*A75e84cuPfSB~fi76Q=q_2HhXJIU;y70H=|^h<@a9ca#IftGpyog@ z9)fXxzSJ{vsFl0n2MhRlnLh2kfLRcq&_{fsL&*ts^ZsiJv-|$0Pr8flI#+Cd)3X8q zyv*J0Z3?;wAoWA&iZfSsd%We=TUG2!BxvXIDw0UIvDbrd?pY_XF8v&&%LBOLgN`hk zK>Cuvr#R>SIR`oBAGIlBjD1Eu{o&w9HI5sRvUcw&`H-2SGuqE^l$e_r&OsMAj>t^@G~MJfQ8H@A(g9rV)7Uow5%!RO)=1cQUz$xzZ_=h1?2C`;s>_wrV$Z~3Ne*mM#~ zPQYbIdLnIJpeB|s9CmMamgOGTxQplZ;!{!f1(i3iQda}5!yqbGkv~u$k<3lb{}vsW zxn6(C$cd`unL$)LFUzLy2m56%N!eCSlt^2_CcSMaVtV((Ze7upH@^i*dWogTUU6#t~jIi)y2t&?49Q(ymrhN~i z+^E!Mg`XyndC6`={(wT1l!#2Ynix9-!LEm$b}|1n8QAeV+i$EN@jlR%j#M>f(Cu+e z?&najlGJ?)gTdR(s%{>%T=O;TyxloQE80chCG@a2R=!aqxW1XG$-e&NzE5!+@ON8W zrohBVL+0!_pU6OZt0LcEK4isYsdeU>{JUpfd_!$~`V_6BQeazYQgS0E(^*I-j6SMLnPPw@ep#)Ik;j53&ihX(pil)>fUtn7lK+y?SstkEM8RiV zafJ7XSw>Ps4d4t6X3ZkTLtYTXS5!YLacw`@ZMlYHNktg-2X{`f>I^f{|B%r&X7e$) z@(ue`av5A@h)Kk{;{CCU>%;lQCQv0_dPWQM1@)KYeLvF&G;P#DnRlbB60AOYQ#uJ4 zzIPzl;U8V55II&jrMqD4*lQuNC3)|<{A}D4-&MYFqrM)~>X)i!KoB$7N4A4=d{0fl0FzdCwwnQt@p zopMiz(52p59iB-1o>8WrTTafEIr2sp*mt_7l*9lWiF0YTuek~%?7;Z@VszkVqbaje z>RSWQUYX=c7hD=%)`PKdyWl5Gn-X5&l9!IOvEA7)1FRZHYL%j{=%Sj?bEZbs`})S8 zK6O}DeE!67&J2ihKvxMPDsi3W47ls5#SRHQ8zqYw3wp|x6BXsupW7%Y?$Jr)Rg)ur z3dh&CiCC%`ZGq%TKmH{Pf{V zv0IU=fqc6C8;$|^asr&98cs(5!1%k8y9PDd^uqos5gP)A3B!wnDdLa(yLj3q^cLC| z%k0<3_UM}7&Z1|M+Q3Lg(&gk;2&GK9RJvV@cr%d zNMe3>+Q?~YXK*l%CZU{~L%mYq`3z(+{%hAWD4P771JRyE5OyVokyrqpDYF(hSA=)* zJuh(upPMw@M6yCp7RB{5Z;UxumN$j2kICMo+AD9oUHptJ^Og*v^WeY#>Q?A7tOhoe zb?Abm2Jfk3Pf6*^h&JTx(VHkVU}b1<7Bad%yrj+M8}{N#_abWU`VNPJT~$I8ul9!y z=8L`yDR^H4Q5ZNRggQ{?uAh+iz{|f-WC|~qQQio_a&&Ta$(rsYy4pltk8b$;28=m5m(al|i5 zjKDMj-G*t735q8{`2JzxUy_!iQuKybvLy^kPA9g_0#&UETHsp6ji-PgjE8?5G`u`EuUD{!e2ppv0ab;oq zO7j^Y-~r}?s7T1p=~w}UwLBO<*}XaK-e)7%`*xMr`t?CfH_Y10zc?BsQcMwLU|GOdmW-;ViwRUK zMZrc|6p&d4HPz!LKq}v*w{>e3S8ftC%;+ zf){7-2c?l^k^>IYeUnbpp7@vLI+H8lAXwd+UMPN_&vjJ4_(0?UGqy8ZtFp>H5deBF zIP}8cj|C(ciG4G|<^ZOHyP!fza?{1AH{+hPpl1`M81A=rnbgi&cvWSF+h59b$tK7Y(^_Q$R`bhsYLfA8}HbKZoY|}V=H|`Lo)o9sOEf;7fBmU zvK|Wzj<|LmgL(>YGr8X|rrLTDa}(&tLrwF^f!ZYbaOZh>Ut9 zEy!xmWuPXY?h@DqPTWu7J0=KVvd*QWr}wIXdQfyv%d zWO}@LwVg(}nN+vXQy=C#-lU^UBNAVU14ze90x%^8|Hr1=|0@}-|M}T#|DkdD|Hb1H z*mYqI@2ex!?*0UJ;P$DO48(V&Q{0&}h~?4~btz*qjra=h9ib)3z_(u=c_7YMr-8i@ zd7KPm(@|!=6oV^;1Zn05Y7pdC!C~k8p)grv-{2GQjnK+5SE7RRmuYqn;()8Wi`HV< z<96mdR4Px7T+VDGSG(V5hwE%O%QXJXNZUrHjb<3Vd$%RspQvg4vo!1YL@Ab#g*`wM zvu+*3qu@8-)z`xmkI$8g915G<7mUrjDdHJM$r|~hH~-wFSudjt1<@&ida%33gj$@Z zW7x}35-mu*YHUfSRMge_p7mhKLqP+!(4dvUMUY?43OnBnC0#crgesbL71o%P{3Q$5EKfseLQ*l9nDXw~8T6sp+q*}# zAR!%Pe_sV=1-TR<=f1_7eUv6KIs6D`R6h+(YeGk%2pZusXEbnjnR#87Q3WKR)k z*CY*}Lqdo578JWtm1hb;m-R>5uUD%BamwcWl&bW7n4~k41e8jRzyCR7SeJhG&|XG; zV$^X!?k?Rd3STg(bk%;Y`{UgG={+x@@crfRrJ%2-?zHJh*WMp|Z#{!}gr>d64=Bx9IH9;Pe$@`#bJ01FuZ?LHT|*%!3ty>=}-c?2`t` z=S8M1SwfJY;jlEz9|C$FW9d!aqf0>YX~u{>4&I$%XGWL=cQ;?1u%C-EpGTR_r^3d{ zC7axOs{g2$gwD9|QrXd3)tuN_{ zNb;nKxv(DB>-HqJNd+)Vs?X1*%Nl6iqv-fSl4(!%1N-0@SYUMTW~|!oyMpeKILcMl zFd}ny2HnMdf>O6BSQ-O&xG+rRY;c`l>snvkJL`rVc&%n-Zk0Tqy+=v6cNrt^F11=T zI-oj@$XvY9X~))2Bu)8jswuJ*%9UnK>!Dywf$o69)M6P7^5wr^ywD&q#>f^cP2!Q< zdjbE{g~3zS`ZfS)Y%!+q)GgCp&NUcPm6vss2>wl=>m=Q+!nuAqacCKRl;x@a+T*dZ z_dRR(yzl|`M2<(&WNj%Mi-+sXM$svhW^eT^VBYDI`$>r=TVrOznl$sQ%5CEr^^6+I zm6Ija$c&LuT5#bhu`f2;=M4M1>uNlA&iZcSndm`tA~(8kwPrJIj^zz6G7^=Yi6BPXLGeg z(UrK{1X1%!95@8AG47>7d33-23;NqC5a|WvdKC#>EzS$2U=T{U3l8njE5v?ycNBx* z7vLueH5$Wp}!V$V@U22EQOQY%{{>Ba@yDi)L3$sAgafPQ1w-DGw?Wh%D@K*US zPD8j`ul3M^J~e}*aIfzDK=cy|b~{W@P>E=VYlxg(^gHQ@yz1mtJ#sr%HCLxvN_yhQ zJ3oS}oMmK|4b!?VU_`grHm9ZOr^)(He{L6V9DNTy4L1#m;z!U2V;};AgB8js5-;JC zDWrBW*xvoa_4^4uW8V^AhLOU5Mmdy3mLhU(bPD@MkXA%P2 zWsX-Y?oldG;8mwD5{&h(UdhQx)HV&&)_8Xwhn~jx+)7`L(gx5$)+TPd)eJ^$`W`#p zHf=e!oNHDFYF6<)PZ0glRFBPXN(8E3mX@5vk(&of5H!%#U(%C~Fr z1~R#^GJ}y)y*&Y9xcI3S!JOv5WG8kacoJ%M7X~#uL?K1aTn`l>C!axkL2*jS)q4n+ zg(>6;^D(3qJSX&y0FugoKj#Fv8N;fRu3l)=!9|SQla^u)p630YTh0|Ky>j=el4nly zYg?+=M^V|~F)QcyTv%BRY4r`Vh15VWBqnYde4``C3mbqoPeBjalE~>NjM`faR&MGr zJ!CT%h$*n8L}%?OE|Znef;oBmK?F7>sp-AxgvaKq=$$J7te1 zxU&HfL83B#^v|4Grk5%7)6c0DmW9#wUb8#v-qB~~#&lo(sEk0l#Xtcaz9fND!`gMA zLX*w!;WA4EXHkw<`O*%__F2@dUr@aMB)l*3#Os|+NZJ> zxX#A#LgD3FkFXO}LzY{T!f%SJO8+1)TS&6z#*!t?HJ`171g>r@4I3nB|6+WnaZj~@ z9%HWJm1x*$xoD3@>qsQHXobGlw3<;ak-MQ(AlYkOjaf< zS^hFIGC49bHZrO{gq=X2fQ5jL-c-KKA<8Thp;>!azi#W-{950nso}Z%Moor<$vH?_ z19#kaq3{CBctL$nf3}`9d1333o?JhVhx5lZ*DATT$Q%A7N?#Tqn@P8t_;i4yNK}=$ z%=kPDVg8hUu{I`01IZ_v9Jz8rOvcQ)?|9rGCwSZ>$z89R>diG_jS0N>|8$8J2}fJauJfvk^2)<66F zyZ5dR0$cC+olWk|20?r5hMD@0-_J7>9GY#4Vt+54q7HV<-d%9&y8RZ|Wf~i`&x`?( zVA?-Ivn@A>E;#L06ti@Apwe$2sP`w@7uu`-Z0z!K6FHirVgvxUXMpDqfq`c0~g^rE_{GU!x? zvq2)iqI3N#tg$CO`;K`}=4Rh&&%*^Vg?Zyp`G4nt7Nui<&-Ifjwk~aIzP6_I}rBSd; z(&|2nhBV8rRfLApQ3ZNnm9t{6r(K=jVPuHzy^3|J^ z&-dxi^5U2Ur(}D{dTu;*cIDnk~B#qSU278)MJzV5l} z#+BFW-Ed_@q>-Py&AzlY5q*!#H-*mMacpw7q}o(bA=W0%QlHJ@ta+xfgn1m`Wcat7 zP&MFoIQ{DuZrn&at+*~u*#6^UqO0KG78ym;6oxA}?i=XwuPx{XI2L(NK@W%OG&rxR zr}1WC_gC=u&Y))1@cQ;?Z}_PwH^yuzgyP{96`_t_rGa#}mLDhSJ3c;5j>I(b&tc}* zT%$+a>e5`2jJHm_)y&Rjg|a*dV0_p3eiMh)GCYPvQ-vEUO=EUO*gdI2TbYGhtL1w6 zJx^$Htat)xu8(@MOcIApNFx~nd7)TTI}j6qb^YS}U3_~g8nOA!gX^m9!}#0ak#fV7 zvnXk{Gu_Cyb$}Ms%<_Tu+x?`)#Qod={=;L=*T9^P$`;s~%#8eZ^r0I;&#;X6Z}otm ze}{BystN485=R4dv8gZ1=(JYfDu3lZ+MmGPooz1tTI%{8zd;hiWsZX4vS@4?q6oHR-S*}j zeI}|k=^P5Zy-tiFvR6`|WU5n`3!6Z`#tFmjw3K#QC0ADNyqwd)TArbMQUjaSzXkL|f17MqVP3ACR87%4}Dk|ODr7dbHorTx8M~2CZ&9l zUXF`wp#{_qL6sy1XoMYU^a7HEhl|N@_r$N&5dCCFzBdQepW*NPtVxrP@?#gUe807& zUQzMm(~Y&;eiU!t>Slk+Rng0knH^d@D5^&C{t>d=nT+PvSyVRm6B+qq4|WmZF#qFu z0f~grdLjWEjR|b!&?jub!S}jyEYzVX^nIaG?rozFOz-LB36&RSyI|H9wt;0@pQn*a z`({tgIiGVN7K_z{n%3M2)c+R%=^$M2IDZyYolnV(xg|D1?t0(c8%?cNqZ^D zD0fAF##m9ncW^B>3=biw955VQXkcJ=b5bJh zm_vmmU=Iax26kUG%dXZFUR)TO`GVTQ&{>@z+BqPpr_jyS+54@UOGxeB<(hk5c@eR< zIQ#2yQ1;U^s>tmkU=Hi}`gJV2yDy?r8yDpl!73iW9R6BZqyjrsmlq9jur0A|)@}^c zyRdeU^Z9}xg0SE=7TAqAJ>3*m?DvE~F^ugibPQRF>s13EK{>JystLqvm$@hKPc`QS zVFwcFa0Xv1lfI_0{dX$V6@D)LT|Bz?6okXK`j@YCi@}_7DhoPN10NrC1ju)rG}g>R z?Ys{PG(9CU17efxr#Gu|b1Kw$P7SK7ce76?0P^TNllC- zevf$n>UI~^flhQ`>ecIQ51+OXl+MqO^qT7?s&8hl?Ccw6`sK+3?Sd?a2LqBV)s(6Y zBDV()qaRVHqF0M+oog0rCTmD4Yl5_4=z+^2e;m;t-Hp-#)lVoGgCRC zhy0|w01l%MEK!jx(zzk#glQc59(+56bYrUitVNVTu}ShX0A9W@k3d5RJap~p)O8!U zxLCx~1LzUoYA+NyDny*esf zl3HG)%R1bfX zue;6#;FSqB7dl&0Wdy|V*a_yz9SMv}uRvYM-L)>R+5rjP`k784=bF!RwT7wvQg>u>r@w=_=-}lqyA7f3OZ>7?Bt?RSvT>iDph}3&hU!b)sOqE z_O|2+to&q|voeTeq&>ir94#MUBwcAoVnp}=en2K#s$t`MAM=jtkMQ+{;>1plucdjV zrdAIuwI?Os7Q6>jcpVV9N8h~3^XPT`teLdm6`7cIs=FUz-Lh+9sJ<6)m2$fac@6_ zTTM&+`J~3ILhq7eQGwR`r_Y$|>_u=F%zh^etBQbbrgx`)os_NF&|&N!I>@ zAAm*15gD{qsB2HxEBYCXRfAk5SQ*q#!=4b5wOKARIzPWE4=#3k7yHTYb&Nt0%F)mK zOZ->(J5P+f_L#(lGrxLGSh`LG!;a`CjR$e z3AiO{M!Oqafr>kUa6ru^Dkd=}ntYmKnsUR#FAZ$d1az&06KL3o6=XB+cMs*yL72D; zW_X8*<2@Fj^7=ABq6ZF&?B*y}JOm#%r!@1Y#slBzoUTy%-D$H%_M$XWHe;Xi4tBL| z7ki4{3?W`kQ8^2g%-KGdX?Sv`;%4D`_nw93NF{7&-bYG2I9p;k7D4AN~T_#(a%tWTE*!SYUO>T!t{ z<1f<(iWH1RJ!1Ed6Ng=3r;a!?5b4GVjse=-a-R^AGdu4BYO1WLYxs)rs8FdTyKn)U z04z*VM(`ngZ~lTK5OkS(Kl!wszbwFP0DShyWNk`i?_V;g z_x{Z0zRAPaw?OE)&tUYsKqm!ej>DYvyaIw71A1Q@ivnVk`u@vk)-0^L z?F2^QV=ljum|){+k|l9*B?UDTRe)n~N&;_$aQ=L#=OL6A&)63;5q;RGHWVbJEEG)O zUlAp6PsiQQ)F!+nJ=kU~J5Yk)W4_^C7!_O&)7BU$e_p|tRj!EC6OyLv_Z%1AsvSWh^f|c%WKXG7JOtqtbVCQEO z=$dSNHzh%}b>Im<*_DrE_d2r-2vd7+sRYPy(oF5@Ukqh zAwLfvE0@t?4gV|(>2Ht|JUhTWFfAVj2ErJ~fSxA3Nc>9{kxOD2A}7I+hj+7xnx1cU ze7#96%M(Bbv@nnX4G07t^Z|;QQ9wgx3+TYWkh5FbB)$g0hfVTu$OlIt13K9rbaVo= z{{R@H6=00NR6Ye_s1d|4fYD_%V`ehvL?Y@WWl;nT3A(d$AWp;`j+21@Zy%sEGE(#w zYI=eF#{rQyjgoi?Uy}tB(!l?_2bfk?W({-Q-KW*^Au%-Hz}8-i`zHp_JN+}xVT5eH z1O&YN3Vzev1JMD&lSry<``k1kYZhCnjJzmg6a3B#55M~z>K#{9Pv3YmS1L1$)D{7B z1k*==#v=RA*Z;r9KxjjBo|~lE(}gsX{!6CCQhki^^}%p2UmEtnDTsRL7zU}d^OZS) z$>!5iJbGrfu#xrmZ8t7Fx_fFgG7p)A6qzi zRjzNIyv9cFKgryW?bL&wdy)cx4AK9`v$w&T;Quae_Gq4T^J00(N*S9Kp#b^y9BV@O zv@#|nvU<ZISZMf;X5K)%6v`iQaMp^b!TVQuzO96$z-CsOwC;q5L~`dBG`QpYu_0z%e1C6$7;30e1Y_zhpq=d9wRF zveZ`S4p27!mj=UtZew>855faXIEvJ4ucInX%?;iIWB!t@A}{@wI!GvzJRl4yp?bJs zVQqIAc8MhV0NjS2vSU1F=e}a$B$LPEGN4M}{?9(-|8q?%|66eJfA;DAKk3u`KQl%@ z8^Ux8n&l$N&UU+zmD=qfPRFrbe?YK{*=Wg#8c-0^bUZBI8NvH;FZI+rrLBU|F-qis zCaMCCwSWUkUO<${yfZd@MCJCTz}(?cq&9Ix>8D=sj~|;V{|kHX9oF==tqY@|sDOy{ z8kOFqtCWa}fCz{R2nbP7dJ&Kwh=71}0Rbrz0ciq8y3|N-0s_)|m!42UAR*rAI=i^m zUgw;B_r3Rf?zb<0 z86e6PK@wR&AiD-^$<)G@(?Iq zGl1gHqX9Q6SYAV*zr4Smzzkl5JOv(RMp6Yn+#j$16FV><@>r4k6xskO9lsld69WxX zItv6vn*Vtt2>c+sCk5R*h9psnZ_=*ZN0Z=Je~=xD+=Xz1)6yTU23(s!X*}%@vMazJ zstx#QNuGfL1|8BzbHo-Mlz0+04;d^+5b;4Ia>#~~>YrQ=oG5B541^Q_+%A6*v>>UY zJ_w}mKLAPi@8=MB4)hmj0m$O+V!@djIt!2dhs)DREWMM^eJU_)N11<+5o2KYbyW9i z6TlR?2CQ}w@fu+|_k(P68iJ=rwCqCuc)98yMz-ctTI9CB6!4;g!R!F9K7TM14rao^ zOgLB*4%USK_jU*Ut%)J3Nxe62oTENW!Q+z04Awq;;D+9tOXv;*^L3#dj!mgLbk`4OvydJ7O#V!0l|esx#IvYJ z4IB|J|EK(yKb1O{FGGIx?ho2&H=KQ;$^2xSaMx__4x&T>?4_5riAj+};S5ee>)nA3 zR5P)4&b!lsaHj#WMFAY6PavcbxvEVEHbT%mz8S#jv6!9JiH`Mw&U2v3!3JyX9!YwJ z1TaOs&VJ4`bnh_WEW&WJ8 z$+nE8N|EflHF#n7mG=y(PP30AoU}rOU4?Oq15@HZ8#j}MLlK2Kya)~i`jy{8idQR( zH+%->J)qcaYWXq`@g3(d=ddsWCtMRth4a8Sdt+6bOa$=yGm6l9Pq~Kg(xC`?O_9^3 zDD#S&d_!7^-{Bv7>Kd4wGSu5%UgoC7`Cuu7eOQTBpjP*BhZ1SI+2_<(k=wW~1Lun6 zdeh4{tP-EU<8hijG`s8JLP3*CF2Wr$c7%ZR1UdcJb-<4QrKr?@7E3+&{{O8^#ld+0 z`FQ^=r_le)&JUG^ns-sa@9w9=`7!G=sHVsl8_UB!Njal7hKQiFZd==HY=Lhaoh=w5 zJ#4c##9QYXHoiIgCqLR}$I22Km89{N@8B%mL}iaDO?$ znz07I)y#>_;>#~eQ?yzSdza5>pCAh3Ti=5cf3Pl{b4S*#trUH~lz267(fqz};KmRD zmem^2L&6=NW*`C9$T_idL9==y*l>oX@PwF@nSyWBLX1Ow9_ScmIos-)JV z7I*fN^2%_j3maU+(~qg<<9IGbAEH`u-|fOhV^kZphnfNC)aMeB1s^3FkhNr(QB#ub z?rF@_gxAcrmSgI7YKf0OvCamcs`IeD&d^k41>K0UD5B1EyuMAi*B$ke zH@fLSvi90nLw#CkD z0Uyf)d!{8UAC7EDzdi0oO;>S#ZLtj$=Tg(Kz52fKZG3HbygdzVg!l}-{XH#YLEi6R zh5YlGf3PAP*yW#@1HY}1{m-C3{;CT4(|4mig`dKR*H5r*Y233HTa$*+eec=NRmO6q z+<+~*U4;O}tg!CVqxc=N&xcQZ)Po4(b8)U%{?AAbq7XJ~Wo(judJ!(?fU2K%jnOUc z6?ZZJb|&xwPgP~bgU1ds8LyA1>IxTA9C6%}Q@NdFcszYGz7Ac~9PD!mKQoOE`&kzO zawc`${K0laC~csDjFIAPf|{Mu@$?i8;Yw3Orp-7(HGz=1(wCF6KDmG;4K($Lv_`hw z+M3Kd-Lm9W?8{2Q2d$Q!Q*Wa+B+Qj2R8HD`KmHRL2~>^+$fLi4 zRPmtR>cjsCu9U{jTLP=S{M`Xjc!3rqSO7&3pyu7^>7hNfpRS8Nn&Y2kY50WJ<4Im4 z#dG=>GovR06^ahi-SeaD$N^AaiarH-HydZH&E!C+0`uFkn+0O|PBE8g76Juj^0OaM z@^BYDfTu<>-Z*VN<-8Rbf<VZ~obR1-u~JR%DnA(~bYv7=qmdw(9w6LsgwgAZ*5 zf#Uov2D&VEqY{P_N8yO~fMeJq6~AftRSYiSm3x&ZdeQAs!dZzntbd%^;5*-IFK*-r z)kn-33{QG`Gw7)O9NGW)U?(D>%qu=e;F8~Jc$Y3ctte)*EiI7AlN8Yc#!om)A$648 z3Z5dbkC7d1!4;)ijiQ;l+%_k-IMq22X_y+MyL{f10)$ zgG)8{kszMI>Ob4k7>Z-rHu^LlEm4UN(X_I?cc_)FsFdhuSzcT30*Mx(n9P6)A&1}rWdriiN$!Hwk@zB>( z+c~9P5F$IoUHaHA??f`!G45=XGoF{A{ksZEkiR)t@i;=?TMqLRkG_xI~k z^uE@Av0^&gy4$kayJ8rZIC?l_Hw*WAKNBuRkjA^I^}AFn*_o~zR(aVNv3uNRrFP`o zH5Zu-kBSa?A{EaFPCK+!#*~r7<5LryMn=`iN@siWw$)b0{HruPPJE$zP4;tmPg)k0 zd|v+ko-Kc4(ev?q=J!WNYP`vBFNkp89_+H6M$0{g-~}>vLh>NGnC4m(lQmAKrCYHh za5-B~`kSkSl+mtNpIJAmB3>z zgK+}9v7{B#$7ThC7>f74!DOe^7m9@7#*^%S<<(fRG5(% z%zcxr;0D{xi!mp=KYWAA@kV7=4$@|VMdO!Xllp0CR}w-pJ%bh>%5ucK{+cnT0P_a4jVTKo*`JI{{)i^G{klI-Cq227l-4e z$(S_0T=uh{P6zQcm($D3ZVqIl%s)_Tv1M}QrW+V)bU@p$meIb*GD*x;AA`ovGw9ss zMK_=+#_+i1seqdF%7%Wuv<)xFxrc>EkJVQ7vOLG0!*HZ{KCu?;&bdvDvTs`(V|JUp zzf{MxU}ZeyQ8S+9roy22_;)N3jL2NrhuDm9>xe*=qO!P2Fy+qO9;7UFG;zSdrc2_R z94J(0jA)dMWd+5|OE>tU9zA$?hQ9nV%f+qynSfj&$q(@riJH5WBOB(D4R^wIRnQ)p zJsUdtZj)EA(b2YH-HfLbs0y7#S2aLqn+&?>w8?iKy>LMcpQj0-seMNrD`vsB3;A- zW!WN=rj5@HIf#o?1;@AfKIf53?0#VsJTrA4nUqDzIc9Y`{Dz%Sl=Y&Fiyc>2_ZHxd z)mo#Gm$w?Tuf7GEnDFq=iVY6F`^N%|1DpKsvB__RENQ?K{QApT`FD;Gz$g9_QF8JP zH(XesSPeO8n2TfoEzvo3%!cb&Mepf4`N6Xw=Vmc_?A`O{V*v&_NndU?FspheJib6s zy@^K?E|7Xsn9&%%H`C$bhNaje?@D79o!W6mI}y6If({oVo_tpmT0#qxeO@?P!GQ0> zBsD@ATpWhhaIj+c=>EZWx6BEHg0d8P4re>PsGGOv1$A+ou@pF&O~fiAfsxeZ8T5>( zGGoVnGwAbPO?cM*rSnT{M(j3sz3vU`o*p5eea`y?UaY#Mc*N%Esv}p*P-|t(}{HR%B-Fdow+LAvm4&6^Pqe#sXrg^Oz;scxVN@DJid3>n6P(?OEl#n{Kc`=v zZ+o@tsWj=y@8^QX3%E7GXqBdKC;Yx-~UV!oH}_*1Vv&{M-}jyl|<`w!Ag6 z2a>LSJ`;HPX>nTj+$sI%+Y=|+IVy~sA|K-rBD2>|^IoOfvK+c0nWF1^6s-V88A)fU z1i)i{q44|tRWc&ZgV3P02L`4WBh>BerL*}SE3!y;ms4L*R6a8wI=)BtlJpf(q8(0B zfZxQkV#-Y(*N{cG>>#IL{`R-xEO1&X(30j= z# z{+O$^118*9$`@;-Hu2$pjc};u?JI$=Q+4%S9b(@-JRM*Te|BisVVW`o?SL4XsP~_q zh*Z#=Lb2jK+iVQyDco3N^{La%L329<7xN^3MDG>TxT|U_ZO&BHX0MN7!8+ z=Za^seG0t9iar!lA04I^_tie(dgIe*i4waxH(s6#WJg*T<`Kh5lh7t4HIW)i8LlJ_ zfAUR1g|WQo_}fNHJ6o}}$K}DgEFw#VwyjaBF&nSOMgoqM)FM@UhD}6!iCzRcWBi1= zzJ{U?4f$OALUq_X%5r@6;pwe`O11H=aT2!{;KZ)cty2qE1J^J1AWJ2ahTjN8y zJA=Z3uTUKYr}<6OkG!CY?VOr|0zB>{7|@(8|DavK0Jr@G~E3{f}8 zwiCGhG-O;JhY5cZ=0>k>-^TI&b$*;WFWDxCKF>!8x6}j3SBJnF{(iW{q#}JI*SW82 zRWk3bWrIcMW85?NijlET&-#_h9lraKB8TFcJF1hGj>xnB5%G9}(gdGAg=#zoHv*bO z!x|p4QF$YCGrg;~Dn)Drla4dkyeZJ8`@E})85jekHxrF5q>IFJUwwE(C9<@0-gS=- z=Q7{>Ae!OMbE4s}PJ*2Hle|N-YzeDRk8Lk6e|ky~4kd)W$WQY?a=JEUM1B|Ev>+WX zvy%(n5)X#4Zrhfkrq>x-8S5oPeGgNm7pF9?-{Wu@R=luJht*9UjttliR~n@k?F;xO zz?@@s?lH?wE6Nu!`Pwr~A5qkwW&TVgPD!9T9NSkmVyMRQgKXj+i1qcrsL0!WoXLD=&A_%U9Y4AYy%tQZ_9T-h6xrRCu`T8y`huTk^+)v3^au;_ zVL);h^b8zu>8(7sGb^nznwbeT9f*>^s~J^O{QBX~9zQ_}li7Io&dAk4xrk~5HDsd~ zssU%E{f0H0N$R7f@q7C1B8Ot(IoF4DO2g)yK0i3E1n9caX5!D(G0P2r*H$L0dD7dt ze$S;d*TExGtsj?ZbIr;ue6?0W!1a)F!0pQoW*1IaFAgbw-iC!iXozx{7@QootbY9% zRX~q4iq;xoZj=+Yk^Lsc{74H$_=YUy!$uEC-TLlz@Ads)B|ZS>ShtY^sMS+dIzR~h zc=NP4oqLmqgN#}+jcJ`mYq{6E;;5O3>(GXg!|4)p2^w7L`OtugjWEIl;q*^7w$$<7 z8|@}D!afavUztSZE{wCn#0SESXYA-z`)nufY_6<}a|gN;$F9s@8x8v$-qKe8jSl93 z7oOe$Zw+R4ljS;$)rv)p8UV!?QKdzG_jI#jDGE@hCj~p=(*!MoeMY^276k<;7|m!O zUEC`zfDga?REhku$+O|GW_ok=iPBvaon~d26QKKpfVi>B+;}Qxxn9tS@ZrT%&M-o;C#wgj#zG&?hQ^Xcm>ktr?%I#gFCLllt# z2)@N<*Of8Fr_lS2yWfAz6LRlqtjohu$!Hq)_4jY5(q%mx+ zRpLG|I=bienv6WOFjorRyd(eU%m$Y#ss}YxPtx3+LhgrL;wMF2y@8;4$=#!11ei-d z6#XE3KtSy?^kE!`^z0UIUr{#I2G!HojN@%cs6w)HMgFm(w_k$KQ<|9|E(usC>e}$Mg^fwaO z7shJ5a#qB++Rm0&bU3v_`0=x|+cH@MTjG7pLcKWPdhB&rn_+7XdAj_DS+nr8z^7N^ zseuMp7Tn^g?Z0${kq5Mh2+u+QtmveI`eY=YPb>DVi87Dd$C5ZycHOOaQH_Xf_5k%$ z#J29^(peF}1u+O#kSq zp^-+;iHfb4#mZe@va>%Al=*ZbilG}BqJ&|wpVCGzrlwNeq=ulTvS%)a|YwEO6y{kW?~8C8f{L#D&)=6IGtTKhVzX% zs*u@2!FUF&$g2CvHHVGy^fMD7K4+KF%(e=MX`66~t$gby7PAl>KdrTySAa&s4VHe2 z%WN_V+skpQ=9EpOV;I!x9q1}@W|jF0HpSlo%QaDtY0a}aJ$&?Id7)sYU4%eQTkZX$ zWvm! z*`neX>GtX{8obF88goZGRH)%FiLUGft@G^nAaV@F00531InuN3K?2Gg6=nThfe%vF zjEs!!(l@z#9gg%BFjG?r?8eLJip#T#j(>&@El|KI3KT@$crhz zuv6YhoLc`=O=p}P-orUnEs~}t$ma3+t2_3q%&njFIFmZB^Dn17XWQoFpLVF<_iDNn zU%$_6Qdo^;iev?mF)csM&5?7jZa*Rqs8@R%HcKB-o)a^6kG5IcpNnxn7lp8*4H z6x|nxH)M)$?`QIs_nMwHye0~1cN7=6yPRNuedE(Iyd{yULG}-L8RXeiXfo53o zBT$C9f_U%q6+)Fs>a4l+)cG^twKsWdaZBj%R7s%2NS+KK8HRBNa5nuEf$(VQUBeu*}{C1a)-t5rE>aSG3!w*cuUet*Av?G|}>qxwbixJf}nfG~D6RKV( zaGDbo-ZsxGJ#wEjP=>#xylnZJD+xmj{xwQYzQIcA<2A5AoWa<%r~j+*B1y7mm0Fgb z-hWPQnd4UU=a*z^W30y>KYsjh23ATA34)bCKO;gbT))rPRNI}{j|m$V!E%!?84523 zO-c<{K>Q$_J__zvXNa&O{#9l^WWKdwY*>8a^|Gw@O^@%T#W^Iaa;UXn>(3lX5AW-x zbe+6TOJoqzE_1J+gaxb)xQu5^$6J<$eHxK@bq}&GUB9GSa@^~)PZEehy{P+J#sK7m zK)l-?wR=_)F=zskxYqiqc)6L0S{v^G{A3!e5y^!-Q6+5H5C)cg!9cqZEVZ#R^X&o4T0XiyHU5r>$xZ z7g^;!74{G{n{akwpoo3`UHPY_^A+*1m9d9htq% zT9z`e=O8UH=kNE#i82K59gA>qpg($s3G+?ad30CSBJwla_LJ9Wv(TpAtm_iDGJCWH z(JmP%uQdYtn#W+WTuJ>yA+6k)SG{(!H9X^Q@(WitE%M)kd5?S+ty4|2I^>S zKl-Ncoswbt-qglSs5?kLT!x{Xmt_s*=9)w-mPef=Is^E25aANuf4VI2o7G-veEJef zgy*>4!0m!ktIOiNI6y5SH=9^N(oZ>ar13?pZMEg zqq`LboM<=5P?oORjOC2Hj`Cx(@(5k8E^?x5uM!)n1HvG(1!Eq>H?`mCDaq}t?CqnF zXn8uXdjDOopjk0}OLK-Nbj6ZvKba_Ud1)_72~gGSFv_IRQU*5Y*Y$?=ynl5ckZCck zT3BQb@2wg0hBWG@s?y!ou}^ZEbFI9s;o`E8mDwCme2DMEMovvMMIM98V+LYSt?%7k zX=NK~8Eo8gwFX?5FUDB9PaBv;sNQNzWemJ~T2+3gi<6hsN;(DBRwhHgXFks_~29ht9M2srpH3ogv^8U{bEhBsE=MMyVK=Yf2XcDc}d7IG&%ZJZ<4hl!)=6I z`nL(@7b$#>VH~67^wu;g!rM-E@VKlr;#qvNToc-NZ{Wo?`?bP8+Xpqh+sD#cUUYGO zLP(x(D9p|EFOI%D`)GzgaX%0`>km#XgL;JBd=KrFdj(ma(Jut4cBAsQzw2|`&oN0% z&Llr_Md|(SN~`24!H3yqmO6SNIaK1W5>j-7b6(^>&(|H-N?zY-ARM+*c%5=PkHAp+ zjs5kc1(_TFN7VC`Diy*5BCM~(XyUkNR=x4*y1CWWw0;qEFaJo(Xp!=hdz0Z`-bZZ) zh$ze8B11~>3W8JKW{u1`#UH=pnB_LEqdj_t`CesDZd{psVlxE|YQ`n+r%PX*DaMYK z`6(!RDRd7RTJ?uYk34j}esP!Q^MkugNj!e8zG1rtG`wswj#9UD^zQf3M{AA^sqniF z#06y}_s!>O(^AUuyR{#UvC+Jrq^B`(=bI8a$eah~z^`B_YawCh4a}TqrrP@Gm%6nQE$!KC| z=|q)(dsFFYk))xNFp~%E+U7@^W=rGh+#VlBP)D)?zYW4&*C1_8)hi}!;jGif6w$HA z+JQv#EBhYLcROWQo9a!4`T{xi>^}87_Kgh*+V`)ziQ<=M z^;2a*Q0r{ewx;T|MaWYtJCt;#Z`R;YEvu|&*y|0A!r@G_7Z%W}csKN&1qf$U(CSr; zG4HwSdNIystPjsDaF);4ETi5un+i@95~T%uf~2QMVnQ6ItsF{6)_1tpPKGVd*mP#7 z8=h9@8HSx8?8`!Vs|2UkhuL7mkxiHMqNd+)(Q?$MU)xK`;{7P=JpAh8a8xtSiSe1G z$Hu_VBP5Qt85K4zhKEi;PgoinSC{6_z!)xBVLHT4ciWrYi?%8yK3j{^J@zgwd`Lm8 zcfo}0F>IuF`hw{p2b#}Ey^!MS3Ou{?(HX#VVZL zpWtWJ(xQA5V9#2rqK_Usqo4EI^!wfBDJIE8oKGjsu;SEQZiu(MWu*L(zZ-YN6l z-Pzc=VG~b5nSt`D;l72{63qDcNE6$e@t7H}tB!2O-!DB*S&ZU&fUcAFuM16W{J%%gBZ6ltoViQOaEqgVcnx!jU28noh+Uq#4RiwTEe{2of^p^7nWb; z2vCk{W|d{%%%E0u?dKYv7p=cK{Dpz>%||s}H4g8YNfiAsexQy`JalEo@?pQN=z28Y zMau?k(4f}Q8!>*K9Qsj6o$3?rFNEwxOFA^2CM>M3w{>{hecRfwF3rCr<$SvkUgWm^ zK6b2kdzVuYsGW&;pE@XE`F#n?fj$1u+2gnJpnRZO_*V+QzXPTI3YhvQVfee`xS;(= zqA0fAxB$BroFOSE5g{&W|CGo z)_*3m1m*6;tQVslBB-2v_K1c@8SSZ;Tvw}{UfOK+hm^?rH9rSV3K>z{5px>U;8XhF zcXv}Q@0rjnd#!?tp?y6vZgB;hU_2V{WUL`YpV(G_2?9YIUqq3qJNI;EmP3xacKx3G zJ?pY~y$%L_*^PqR3eP=~r4kMcqHlRCdc$syS>CzMG6M_0P-1 zv8KIbeEO3l%(s@}LC?JRWg;5GzhZ?!Hl=VP=!u;8#_3R6vSpziIkv~)8}HAxD7j}| zyd2K5YhV$ad?<*=4-kiPy1Uh~xvi#RMTk5q@wJAKz!=ri^58GsRdt#dS*yk)%;SdL z#!o`xOoYcvwDElFD+Ad}>p3IJ`HLUb8WZb!Z-FCo?U~j66{j!Eiexc+`h7?$Kq)AX z7oVEItB^RpW3BY;Nsrd3)Eyo9p$feht#}?L(=?yBaEp>LJtb0y%Nc{jc|xd2qQvX? zcQQaxRUEIq7QL_nG22jTELGYvB@NmGo^JK0+>NmETI!In7 zs%!;eL(uC9YU_GK8~+CBwXob%6O~pp@Aj!H4yXbr0fM+3a^aH2`ru~jP~?Xfvb)&I3YUkE#qjHj+GXII9fIK^kLsEwh1J#>jN9|xm*{z z79T${are6XO-5eR`Ujb2QTaFN{fS4FiN|JBCfvq1-aQseST7Fy`sTy4T{)cZeuRP? zHmOk$eVQmSO|?$$J`YHX`k&5;@Sei5-w45=6GJyda)i#`KRU{I8LI)jXYJ{M23EVR ziEt=~42sU(b6mx>H#J0Mv(&o>J~Ynzl6q=b@EEH1hG0%{9+QGm1A?OJq8CQ$7M^a3 z4@PUnd`TfuF)x&^oFJ)oOj45hs&E`{a{Q4&K*cZ9;SR(3fE0lP&LRotLK-J%ze%(9 zgyNb9ab|>To$!ewj}8*5lThQ(QI_2WQPsKg-Sv010;I~SPww(@MttbwR9!U7hGq^`0};m5`|Rl7BNS`T*|>XA9d zuXZzf#8rBR00UrGOuPK9(hN$ z6Xaf%hN4%MoIMf)ICkx2AjQ=p_5s!|Tdw-4=I78U7+eX{<*PIR=$!DXPeVC{S506s3;PiiL0>j@ zlsX7fWzJ?7T9=J87(T2%klOa5UDXuYxj8ZCT{wPEZpL*&=EMRkYm;+W2(c5BMWo-H zM)^L?`dYbjSeL_+H?o?q$&d-$huq^qt!_4}j31Gl3jW zRS%%9*!6~Wx+QShbQ!s>=ewQR@xG8FS3#?%D&Ssp>YQLqTTF*{*)$EMDpo59F@-)g ztm>U$e1lkY^EvP1EVGozLI zJcHP845~K-oNYyX9I{pfXCe>TTnhE+0~g5vpA7cjuTrjw=I${XqNz% z(hK1jp@N(sKG+Z27H5Uusl+#9vZk4`FzXGTd4fl?`*o_KMgy)z3Yn&i#W*zue2dq6 zOcP+QodGx7PyV1Jj<1~34_$|A;;4{;6)(SKC_h}F(Ik!tCOG4s6O?AG!lv&#e0Sa4 zKEmMqv0xMIFjRz#cy3$>rn)9*+AXpER_`OLt!l$wh*eP(wu)?2!O70}yJIqd&{M!s zE`*bCL+m@I6lQ!mw%rg5d2YuOj?{`6n~9qJdJZ5|ge&jSCe^U`bRjSw zl%(Lw_{x3sPsQKkqfuxaVvrbFVCyuvS+%Gzx&T?~sSG|1K>lV^{%s3CWs_vU>nhfGIZ>j>OJ2lD#Fy$+fc^=nvSnuGXZ+5j!%AcpQ4HI--iYLM z&%FgQB)JWi@%rEHHk5X^RC1`W#+i@anH{|!5ILu!oQ(gF4!AraBh#Hmr|m&D*`!X& zLvkwhQoU3~Q+`Y^#h27T=v-fOwNIR$Qq0r@?f0W|#iEj3T5^R6YnmBVPgpY)O*BK~ z%DcvG6XENwOtJuY`#at}1&0|_oi^Usgu($ZMu45i%)ZiZc@=6-(BFGAAs#>9IN)YH z>Z#v_nJxeRhO)`Bi6!oe&$KFODcf>Bbx7BhSb;r=aobBXEiGJpi5!V_* z8Ges@K|2URhM3YPY6C=(0zZl!LF*nW?l@I%LHINem8^0O4jhYsS?}IEHYa~rf+Rue zKw;^dWMOnf>9}#M2)VPf z+U_N)n{Sbk@@B0iPUrbk6VCdv>Q%S&@nvHrJq52u2<6kr7ceT@8V3CE;~YcPchs{SqAnyS9XHOo8v$ewtx5p-KCz3r z+vk|OSsj|PMEf}xW7JB%jPa$tHlv}tno?cfR9AK+$!^J0`xi5^+)5{-wuQ6d9RPhu zo5>bolb!*Lt@;uTeOW>-{4Rpd z(2Le6?>#hkX3Eiki%sviEg0LX;v)J-(iHd`U`LKtV`u7N?1)mh|J16?7D&Q%6|QgY zkUTb1YbeWUE==+2$fM=q0*(VcsCp23xn60%aifM23}Wz}_kv_!|%!SzG2Pu#`a z*-w``Za5AZUGEP~FY5C|ULvyM4>8x#Qs5(NpDbJ4jx;I%^v0YZ9))vBWPHxoD_w~T z=yVhFrZikqIzj}Xp8(Ox3q-p8-2H;NF>PlYs%Sr6$&u0_eqN)O)6IF&q*29r+Syj` z>|Na~AJ^n!!{WS@ac`RJ$DgdlPQJ2hNi?jc@7vxGHW?bRmUUj-DG0V(OLI35uTXG0 zoR>8S{B)=tfd|mE)af&Oy46jD?4g1b2_AbB%h;J# zw1~10Eg5Ccik>zPpZnw$DLq@6Di1FR+i399_LzeCp)p}ZTda1|*}VNM(rKd$tI(pF z_M#O61-Tn?zLdDjsZc@~b6*$}$QNF4AMSaz)VZcJ=P7FDHDbT)-ID%lO7QymEGmKa z1nZp=6gp)DB0|*LPY_kGncl+3Ols4Oy9+laUFq_Alrd9&;;`R$6#G%3!_n;2WTRR6 zPAMGw(c6kwn`F79@!d0_>l~WzS_+2@G}u*aqXntu?Bi}`PUh(_lGAP4vr?|I30uQe zUf)T}ZpsWckQaMYDQJ`+o)CL8^2ntRd8xT>)@vO*j@3!KT&yz_eiN7^;%$sY1CVVh zK-8VMbC*kr}EB74|Q%smh|DFYq7w!39+vZ6`S!R zrsG#Ovxo)&j8Tj{wXA;%A7B6Sx+q-PfosTc@|;Mag35-TewcdM7wWvDkPkkgX_cud zW@anp762_aWGpsNGQ8oY%2NpEsm_?f5^t<^bq*BzSbxF0!iMCUYebnmVU3X?!>AWq zR2TKGX1)`p`!wh-d84<+sB~WcVN4)pB0)pFr+Ag>Mp3u)3#R_2x?`*PZ?!8q&SziK zNqO>~EdPYCh^t+2lR#5du@TQJy~;|SSYpR{4|~Xo(d>Ma)za}4yHY@nvikUBJ)Z|B2dw1D@Fb%{;Mb2haPrm{Wgc(CPh^LFX6r&CihZ zf6WB*!HqjSbuC`=Ekk zq@|Tl;ID1b?gCc-mS_a_E~1Vf$OWKC*J6HDIZwPCVyHNd#E3S#>D> zJ@of2uyiBUV7`6N{;xWaT`d2D4CZeA^sYYm;nx;N{_g#TfDjy2C38tg_{|?$topkq zi2h~|wl|E7oxr*KrOoNT8j&dovAj-mV6?xC+kw%3nd$#FGi|O$azDf81RRRxU3d;R zo`!z3?&s1U7A4ht$#z|miB)oc`}Csfoq7%n%H)uF=oA29SN!+@kO_GL-UePhG!{@w z^aAKxro|63R?7X00KQRAVu$>8S>+Eh!9;M`xo#kN842nSzJi*cR~_K)D1a9Zys)1P z{SFq%wiFQgYQ2l7=kV!-YzcsRCvEWU?0e`8sC~);Ox!o2GiSh0(A^7&dNUHZMh-D2 z_45+Le=r#Y(+mL}Isx6i13DxGNYj5ciz?9!3J(0BSwX}{kgbIuWc;*$?6NHMXP2+K zk?zPqNGku>W$<2V$De%xjgD0WeTfER6=p#~f_9$=KlziALCe4+{-npvKYMHsdTb7E zZYlo99#2I;!31DHY-IhM0J@OBSr>wRiReWVlmDc{e;mR;^!SfMD1qDq1&^=lNs_dC z0DKn{MEqlq|77(3vB&=~dQDP4$h1MDUn8270eT#<0VYb|KXmwy!}o{&{&Do05Q~7I z{SGa@1-jTp()wSXuVC<4y7r-91Rfqt*MsT$|M7IK?yaqn#7s2M(hT7%>*SCQJr2Z) zqEV0ASJACeX^3cDRhFj@+rnnJ!`LwB->+OIWmAy>H53^8AiF6v%_7pQH;>rG2PxJT zn~)j4zWXjJd2TR8ec883*k1yakl8G8^(KOffw=yG(z0qaec7S?+*QbcH&V2wOJ;p@ zvHUy3f9dS$P7nX)?QL%#xO+dH`~x5P;9zlZ8ap_`9voqRjZ_?*`+o`V90W`L(-7Ig z?s>3#9_*e6yXV2~d9ZsPq#AzB5FO-aeoYV^B()AQfd}c+gY@a&bKd_pnZWVIHP)&cCvfBpQF3tSQ)KhXXGo&7 zvU1|h&l53|s&KGy9I#F~uV~$j%b9Fhz?2OvLCpA5IIkE^gU2JZ)b0K}>` z07P?#Xi2IcKz#p?>!b~#9lJlsUT&}0&FVzmLk@bb?;k~P=t7$!R}|ey{;*vk zaRRw}v^u;hL{gZZKx+&Xa|cK_vhdx%du%ZxY4Zo!nSp|`sOu`Gh=XG0TRN-4JNW)BgKQRB>DY!J~{K#%g2Jx=9XQM1PZ}f2!>^ zgCi~J=L&v#2juVF2vyxhLpNx=*gY5?>GA*aj`Uyq0RTdB3nXQfnZvoTkcMCF^Sf?{ zLgtA8N+WY%tOH{;9n7rXFChp2h6iib!2qYeBrJYrkPcjjzqk(ER$S+TH5%W)`*MjVZYjh&__kWce?(!f3=~wVJX-V&HECLw zHfMjq(JXC&zvt=cKU|U{V_|;&H>LKUYS@4B`5V#pz`w$BB6K{-I_6HF5pvrO->Y`Q z2Vl^mT)*xpSwVNOxtSj+}kihWzfihW2=B}jnmvrBhG?3dafWZX*mTctn9x?Ort##Zflinp{YJbmYwnfl`f$Xbt7SDlUz=T;kajO;yJ z%^}7Vnl7Tnr>QJmtZ!HC`8`@ge=)T_xS>zi?8@^yG5Q0K&~k2t+uv|dyfN}9`nxx# znRHSFutKjwFqKL)h_8gHNFoOi%EJy<0|rjjN%a0PC1#)0<*W$rw66Moa)qf%@DRXgQ#hU_eZ{!U4!2b*CPJzfkmpY^E4dw}J;-;Z;C{jB&L1 zLDp=&LllJg{UF;qgNFg_?S2H&Iud^y3fObMD`U{4RXpq|e+`|r>_e}P0LhGjo0s&j{dJw!Gy91fQ)r)o5u;E*u6?i|53$Hm;x!pb zj6wj)p+QtS_+3}^zxn%8J4porNcu^`9$4Un1?_`HwTug?!k{1K>8rwU>(DPB%70B& zMJT^(uQXRzZ(-j^_lzK3o}|*QO#nc&bhZlXc{t$xI5(HIUjp{AaAO%wSomHnZNL!* z9fMa4dOoOJtBRAcULThAC5Ei_T&l|4+@#K{rTS5b^F%a1%YLt}_zZ;v97WK_$UPyS zpSwmFY)0#|H@^ye2rwcA6Tn8(eFv=Z)TUrFsmvtxBZ`zz*~5#MU=3X~VXRj zULimZFzv6v?y7-iC<}>^DD_QxRd|{kOV!cbCz7)`Qd57KL*6za>V}TE7%TYHD z{NIB!!2d7jz{zv8yKFKJ1lPZKu)leaaQ7Wj zW4PH5GPSwf2@1q)D4vqk=*NN4D@okNKVZFenAzS;#VjH?=YU*4@ryG-UE_`MoPbSTfx{(_W2ztOTuZg83B`u&j zp?GdIF&f5&7;L5`MFV{z%gW22s-&1F!NCcR9(%$ zBX9VdFjuIoR__T89N2hwp+0OgCAd<#}sB_a3RspHs% zS~R`Q9v^zLKxVZuB0T&4FpY-Rg)gv?D~mmI%xcRz7!LtXNH?8}s!*$ZTnvvWO@-m5A;mWW!wZfdR3<%c{e zN@90EP11m|yLTJh_A;P$yW|>|Wm|Tvb(5#){Dvtv<-VC94NETi7*HlcMHKlo@1dS6 zsAJh14BZ+gI7Cy@hBH%h#z#9+^X@cCyE@7x^SpSi6Ycc;^oHb{wh)22o)vwCGMqnt z8;bzWG3Hie5afgcblR&Da@;!F-P=Jr`?)D=Hh2?&Tt6OoyWaW!m^s(^!wZPX z&fdSa?sczwt<}T$WLag#(_cn_LZ833^P{Ey)iNmr6&zT?PNVbI*a(~qM#P&f*a+A9 zW-W);Kw@?H)lls4-B;Gpwl{U_76&mK7jKWq{C=_g-PmlA;hak|B#^X}TbE0aF-vqn zj$Z7bE5cmrHmXTa?pNtQMm$=!S{%Bzsh!*<#z35Ldgc+a02HCaSz~V#n@GyrU42lt zHZeCfmWHX$C5^8(wl*yoFAf{5-{{raT!)R~pT)|_77V)D`ac@+m6}lS!eJcTOA;rP z8(o7q1noW|+{3+r`m9GbHD{d<+H0ukjXwXn*}3&pEcWLE4L&`VN_-T$dDSo?L=s1S zA1Fy*np^8~zW<})?fb5Ri;r{)$#Sah-Kg=BemMDM|`l z>e^xG3X2-8Yak>pSZ~2AKHs9PO#DRoebIDJ#6(%uVnmvmYw>;MxOWF)FJI^u1S=Ao z;a)C@J>u5Ap6IUj^Hh#k1`@QT*{@QD8?^O<9wjOvp%sn3&H^=V{7)~gPn^=`HrAN` zuEvOVLF&!-sNa0W9f5gl0!lk?`qoLDW++9bZtAA+HCHx09m~9!Q>C4#nfBx@q<*D( ztM?848c@p?Oiy?;Ho3R^z1{3!D#f6DkD~7d-9uW6^N?6O)~xw(8Rnda4@T=6|wDqo|96r@?@o#et|Dc`%FBqwu}0!vW2wN;`?`Pp1B03 zVk~@S&wjSW6tj5%y0*7`Ln+}~&_*SR$#0?{?9PBi|LB7R{q;#RHn3OeCKMq_GO%9F zAjX=noKuE84dx;igI&Gn&DTh&c;%3(^LJUKsP6`z?o@fc3JV)y%CkrNhn|O@#HtY- zYL=`XRb+EC{l;*hWTOZCOwKz7f)$5Ae=)zD|I!xq6NJ`oB0);+aVBSz|@aK1dP^O&t;kY)%Q@KGLOUE5Vxrhwll!(N_y-B}4AudXk6 zuw~Ruj$C7X!7ZaN%VyAb-Y5nCLiwY3cLgUjyB}UonpkF;0eYBG+d()3%m>_K-!s@H z8dra+DkMEZJu>kX6)B+}WFdcH>ZN2uIhqVcmV=JWLg=8gqHv;U9c=NO0MzyjtAP$! z;uQaoJpocTjw=@6UUI}BZFF5!NkB%o!V3%6K+~GpjEu+fbIAI)v;+LS9VU#fLn!rn zxnHpMB?n*$?fc?`2%1v_4!pt>8ytUomP1MUk#gjZTdZpv!*AZuWOk=MO{)t{uIDR_ za25SF1Ai)sutpJMac~r@H@4N;7ND1Of|#dZdxZ^-9CIo9qFplF7wSCUcU@1kZ&U`( zh*ZrGb5a)wcwY=j2$z3|g#x`W$bR4=zEZE%G^H@ON_@cv#SgdkG?-c(piCwFL`w7P z2g@=6tKVU+;c2#>rZTba z{{!;vya+gvJ~K2E>)_rlb`Wx0%vL*`j-cx4{*`vXTSA=me06~@WkBo))#vj~Ew1%P z%MV@~C;cIlA-+Xl!io^Tw6XrmWjuy52U|9_dNT#Q^aOQP&F^rA_t^!#WUoC=8hkvM z#cI)Q$W*=Ws%R^{_-H9&#G8>As+1}#-G zKJ18&wR(Zs-886JZmsto5fg<{=t(5U>92yjt#dhc)%X%Xd;5=8H;?=)&6d}o40vW2#D&6Cin@mx zjy947xZZX=NqAu@Tq>>s`dVYY5k+7o$9Cbu(Z$_L^zD$h$+&TC@xN@OKg zI!`YKq*>5ij<(U(6!3YJSA?L=t)DVS(Ra}=uwm1Pv2DuRP;$7NxD}KUr)`zOzJFrf z9NBVB)AwdiTU~4B{lhEXN5fZ&g}>~Z@_7@Ni-hO=X@p@>V9!GYtsyZzn9bcgzk{xL z&6`22v~d2X&(#`Z^l1i7p;SD3#QnicF1~9l?{y*fFDmNS>7Y2wn0`uSc-dq8^{~tNAU($c&!DE5W`vNM7(G zbe_weZ}!VWigz5IUi|i{9XIbRF~o@d@n zXVyROnM@}?2z7qiy0i((4(;Vr##jM}Okw{UrT_)$6(DB9Jp_}M418E~9m;L@th247 z145rX$Q7I}?+{^J6a4V0x+=x^$j{CPTNQJ*f~}oC@g&E(;8M$7%kDu|D;E3YY!2 z%?Be04SV$wD#LPvnugJFE5PFHo3BE;y>UTL!1R4FzR9RpSxZzg^}pj4+yh*_F3aZ; zQZqje3=;p4WtZRSMTU%xL(<@A(@}05qCJ;Jg#(I&UUO^XZEVEQcF8W7?#(>XWv@-E zQ&#_F`SL=?ol&{pkax9UgfsSFa$ma(&hR8y73cW{VeJZCkX|-$S1a~)r4g7I5^vkh zZY+dmX1r|AeN~ynIDB_!wGlt82~`8LK%FHKxmfLS$SOQsO=u@XaQsyi-mC!2b9cLK zl=J9W)8s)W>N6S8*ztV0VAF|)mVOF0my69cT!=zR5(KPjZd>At?>FG7n%zChew-D0 zMFxbk-cVfIqR6SJXbGi$C~vOeGYBB)uMoC20ib`BAnNd1u+*%V3b--`63KGm>)^(7#5k}K#p5c}Zc0=V$Ud``YStkpCTrr;=39RswZBiA>4I=g5aqo7-yZNEMz~^JvtUkQ5b{4848It0 z-VQ$i;{U^<`ulvB))>2BY5#K|(Eq;;MAq^uSBY5w*DKFY+zg+%U#Xn1$T}~(b>~cyuUHI#rjIUdH#+oe2U;d&X|NK)eeg4__N5Jep#~-qrrx-A) zd*vE*yDgCP8tMRv0N2rXgD&p^M{%`(JU_ZO)%}}*QXGBBkkjT8ds-T{?@Hc}cUMwG z&pC+&;Pqva5D*N?UZp20j6yy^(b~{6fi@Mur%nJ71@tB)#_fYXfeA8(1QswUW)X~2 zYxt|t1$K0P76}C=6$#KIpyxwi-6@zegK^$Ij zQ0qI9k9p|u4b$0KbO$hs;`;_pXpz0!WE2*g{_>(c_5+6=qY7Ilct@-!fTbz}eu9p@WY|%s>k!Z`wa(+fQoo1&|1MEkhrHMH2N8 zx>X)0FE#WX|epj~jV!|3_V8KA8Tu#E;x zA8kymmwqP4Ylh6jE5W_sFg0nMFF0Yfxna5{JMD+o_{oEcJVp+29{qXBNA)yO0*NoF z+%tiR)WB8XO>jc1qtr_y6FqqW@AN(5N7GmcmwU{|A0#U~Oh+F=j0W&zA$?N(`jTC- z6!$5r<@V8JbcLzD?Xc%KL$nY|p&g-mw+m$$^%PCuEUO$2NE(uD^XaC^yXh*x@8S@8 znR~+1sy{F{0faUL(Qh|p?2lr+ty`m=8phW!`a|Zs01qrh zcaf-jfW9iZ7&xiX9dsU$0QcE8S!C@)0yE;S9or455$c4}k8JQy9sk-}iZZp1zc(cC zhTQyMKR*6*rjz&A?J;dncUMLY3MpZo)fhRN_uuc(d?zD&P8kA(COZs(-LS1j1D#bi zBr3)bM~WpQE-s$Iu^nT3D);c>gvXUr4wm*&olQAMkw)zXcH}m9+j(~d^fY!Z_rsE) z$YiVd>8-uliun;lK_w>s*ogk1VBTU-n~2?ma^fM_LV)6O!Bzetvp0MXJ`M}Sxs#~L zfnC45nv3W00@l(>@dSjH{MfpC8=cX<5Kb_`q~LDfDO_|k!UfA1m!~cxjx(QSP##tBUHIY8 zd(YUcnPs#r*c4#1wTLM#V2UbN&fd~hU5CeY;tKkoZ|o_N&E`*Q83wPmT>`HD1eXqG z4w-{6oZxAF?3~JR{+3f~)k_U`tKG2DTA6)nR{iFxyC*}P@JjezEwX?)3)Ce^&lXOl z=)JF1bR+E-;_$(612jnS6gKFM6Ot$@+y&Ps_6$2{NbyMH^)TYY$x#<2s|_kFTCC+U z^>*xi?BC6*fAFvoSPDpbqaCB?8~%UDiu|Tepn$3AVGh-4UHU!d?dwWp_QGXie=Us0fKX~1h$INRSg#E;@~rFUY1CccKnD>k=Dw69ki zst2$#PwuOI&BEU}cn#Zg!kdNkLdf9GD_3!%#+Vv2UcS%rQ?(dk@;8UcAxrVpXc!mM&D+>SaF$42UY|}t>jj25t-a230L62`SCsT<%)4> zZW6R6suvcXb+})P{=Jsie)Wy_jD9PpftQQNfyW=RiT#6?Oa8nt>WYeT zSVICUh@^A+7QW|{`d7>oR#66hIyz6)N#bgjjPj%QbrtaG4Ve$@;jk9&F&JPU#3X6- z1jhnvA_}Miq>A*$b2tK*R&@QEZN@Z5yh6-U0e{6ou&;5R`L0r8@@Sm3&P!&>6|tGh zA+dM#t10Hr-ewNAE4JonNs>-t*9xBH6@+*rvh`8569_PE=*RFgB~TdrWDxM-9@@iS zi2~vZ8ow8KqhMAc(rduvZ~rtuh%jkm7Hq@;qe;ny?n@xihfIcCB9_+hi0uT5XJ8$4 z_A1btC9aRtuRXag8&ic#N|evA&Lg~SjmEG{0S@$B!)!hLjNZE2nj}hPrfCN+Od7L$&K5;h6I1} z>;#DH(FKB50G;Nf@0~UPgmhRPBD&Qr=K@NN(k~Y$hZR7*=1Q%92!(O(l{tUrQtcJV zo8rJvKT+t0MX534YLPY&)NK5|!De)MJ6}_@MFGmjQA>-vwBUPH{WG#z9}8O{3^;?u5Mx# zTlMZkUmH_sTTSjcv8IGw}tyC-{c}*&RSke9sA^c8JodbYG1Xb*C0^E#vObe{)kuj+*}$ z-AO!4-I@SHLVimwiCT57RiPVF?Kv9mkgS!5QuR8xg<7PI4I(`0l332OSuo+)ad4Zo zHIpdbCWa_LJ0K)>S93T$fgcmLKw)F9KMnrj^~^Xbeemd(bDZMA^>kLmuV>y?#AMij zBu;cTp=Mta35y_ssLk>EwwQ}6@2eEvBt8r?=65I|?qSFRd0p?VUaAD}^0gLMD29zh z-TDo;VwR*|;trx?+{9{(AH;u;MzqQBImBU}DEw>tV_FfQY=VXpm?U;PXZ?n+5;MA( zC1C7#1Q1F92QZh12jbNLYb+Bp=s*?}A)zBxzK7-Cx(i ziNBJ<*sw$fkeDHV01{a3maBir9K>?ZwZ%iiLWY((Ckgy`MS|SetGTrp;TFjv1EKUh zmIDdTl-KL+hXNDIpVupevIxLx3F`tdCNEln7+3X|7VX^d9}kgKoRRpb*0d}_+}WUc zLQXh6NcopQT|;!cQ_8Im1*POk_ipipL!wsD+5=v)hpfRi=$(GsCH@Kat+>{f`pQUh z6-UKU)HbB?1mhoktfn!bPj=fw=bny)i>{~-fhgRzA=cP?O~9bK*m!lrE&AHcyBDrme|b$`!w0MpW!wHrXDfZ?Rly>bPE$>TR_D|!>&j(cnF!|VKGk8`)L3IRvr2*8+tAP zAh`&D_}lPw*#@C4O5d29RZRf&{$mx0M?=gCK$~mSomH^iA&qeK`ozT$Vfi_0b7G?- zP@M4LzJ^eH;=8qu5avdgV28E$Uu$a8rSHvc?_6B6p#u5cW!I$czy1**oy;^f0TYKL zX24Negj>8S7}MgkH858f%W!9ZLrR|k9y`;ZQt(5~ql@f7Bu<81?p#?@!c#1)Zv#wV zKEyiZ_K_}yudTfO;)^kVi&`pqle>|%s}mm=sjjW&l*%NMq;d2!M@Pe!h`$^%>5A74 z=8jym{-_WaEWW!@S zMG>8Cf;P#bDlhMO#d#uk;f4Fw0%G7r?X}JXidd$nGQq{<;xlmL-J6pdV`UNs`w2O& z-p|{^WsPp=+J1E?5K^muw@8>M_CU!~U zZZ*{tiF5sblC91*Ag$uIvFAxp_Du&jC2u$wS^w~E4UsklcaQa|F)%N&)r|QPa zrtFb~8T|-t*4gyYh(|-eLv_r|_}&PWLOY%k7}P%Sp}o6uyzt#@T=w;~&5e=D4l+sK z6}qL4AFNkR57?x z$IAJgniJEycoY9_>}>did`bj z6DcGo;Uh5z>b=528dwHFLZP5w`tJ`ubGhEAa_p%na-~(YqevQIx%pnofjeLG>^ap& z2WZUmse2nU8XjY>qhe4n=Z5LaiH5qf3|0gp^~$K+KGamRB=(H*hAcza{*bwwWFVn? z1;{u02D!F|Rc=Zfi*Ji-sy|5&>b_(5NPtP#Zv+jVE7sjf5{ywD|e zN;l)tq7+&XkVj?~;f=EfQ6Vl-DYw&m#Fhg7x)L!57mhTf3x0@xSc}H@%m5a6M9YP&9dk_8!1;bxt9i`O<^P7pvh?%5 znA?POLIcA$)xTDfoS3m8*F9;m!tr_tIeAXIQ5Z0{3k*Y`K+TIBNG3De1gndHa3%}rWCo6?6uuBp5z4lrDk>?-BTc?7*I*i%>R?ZlD3BkKGri>pwR zGV{9ci<@J5kyqpM`eArgXvgC`Tk722Wpl*&Q;I4@IJ38jwsl+Guoc#S(W`xV^%x#+DBR+Wk@QIhi~_gKr-8un#8p zZe8%=ORBz?k{4c;n)8t;ouA_8e-C^`jSU!ff*pFu0C2@>;BRZKbFcmCuRB_~OPQW0 zG2XYZcVKqAYK_C!>FVrLm0T&@Jl=xfO>7g4MH;q4DV8k)0*_YNrqrQo?rHJiy|eWf z%xLvp)@^WN{?f3Khm7zqfQ7N;p6!hH*Q=Tedk%N62P}-|&RnV0v(zG&y8J$^s`?-G zkCU&~=wEqyzOPORkzTrPfrib)ki3a#a%4gxIwLsnL$an=Q)>rgY1ww!se*0>v~zYe z#*iy+uCfW|C0!>7;7$NIv5T9AV#1LLIr6P&#ADYhXc2uM&#STWznx3oouO`nPS`B_ z9#o18IG%ZV6JCic1lLiRQ)QoD>bL2){v&c44c2uGQe!J{_D^izZjoh`!TW9&2cMsJF zP1ErsIsTkEMdb$tE`>%xPV6zH7qao%*f;7Xg>&Jpqt)RGI_8a6;I9TKJo{{uR-`AOK%N zE|Z#+=q*Zz9~2C6pqeH0o842T80NApa?~hJ*swj3i4aWuTp?>nsqQUzNbhELev+1g zRNb0i&El{F03An+zawPTmv(A)v%VdIyVcf=2BBth(Eh95p%S&Cht&6F5w9n9@oF1S z-=X*#>(i-3&|k0J=KDb|LT3RKDNjrF|MJWH^ad9Hu%@xWh%DWOVV#USl;gwa%foVl zz#-G<5ajvI0}Grrd`2G+>n5s44gu)`eB_Njx|M|?M}Y1J2roNmuY&hQ z4fith6I>2kj`5;B5-RnU{vIOu$O$?+Ev4yQ{UL+93(5%UwZ{6)d)l%R0`XJFB7-{o zi=2eF#KJaC_gosNog=!wW0YwD2SZh6de^GnCFyK5xhps06~!4lkj6|x3qvwnIc4fw zF{j|UttYq>l=u7xTvYeDR_>~*$WRwnCIF;2u4|yRZwiEUCUxXRWnS~$9vN>zA}>A> z3yCp?B(*6J3xHnq-jN~Hka&_R`tV&1^eVCPI+Wf9_LT$`9R0v>fd^l6BtdGIN8oXcoPwmk-q+ zQ9rLdJ$YS`hzUp4!7=ovIOBrdq$jxQ`=LvaZMT%@r|({?S3c9=0JS9^RDy4x_I0W8 z;(p^DgT-)}C_~ziF%sRRoHt!Sol`w&61~Vccz0*I+@+gQ?+C zF^^He3}2;^WFqLy*o_@G9;6H^XQpVIH6-(DKDeJSFUrOHajiUf5-$iqp)YNUn%{yS z;Ub)h1N_@(kMvX&ih2Ne>)r4kKBSV`{F_mDf&E5iuGqydT!d^A4GaiQZvbdw4rTX; ztkC@UiTJm3LuY@_5-Sa;Ghh1hrfk-&OWFzQ92U+~+|yZvpc$}hF5(_4u?v98&!<{I zs2ZHJTw4yem5-lY0aA)}Y1ReD0z9f1U8;CO| ze)bB!&v^JG{a|rXR{o`4_eb;&%W8f7=SOreX^vS=bEJSgV|AVlX5%N%-fFU(ficik z-dM~KHWI_u34IS{G)L8U*rI82JS z(~o6|{+{izN+`!fVfTPIRhaA$;ypnTU7)AbTb9(n&AbplGH@e)FsVG!{n^4iN`SZF z>C zlYPI(Pj=aJ5lFd-{4D&JFrM%V-PX8f1Jyx$#jZ+;Pe-N(%>1?)70Y;m=-ay1BffS& zsYTr``d+BXwKL_n=WDi-o|xvYQ!tNL+l8Wd# zJ4B8ouY%_h*rsgkn<~uBVpxD=cN?dt|HHcJX9|q-`dm$f@}m-PL)yb>qru0|1vOxt zQP`(w`2xJB+aEI8tr-=aCVQMd-o@tT*C8l2DogOz*4}7p)SU-`K0P$FC7>!Nq?g*AjFUedXBOtcUUv;)IXf(?*<$Xk_15s1CNnJ zm|!#$qRZ!Z&4Gj}eO!g<(h$mFk>~pJjxM{HDi#ruMz-f*D;HQO*!7SVciIO)9s(C$ zm;j!UP?2GK?}4z!uvR|X=UH&AlLDsw(m%7DMR=NY9 zRr+Q4Eu`gim&EgFaNFICo`0esK%fa6z4S0&)-=O={ z{mqdNnREvWYXyAD-Rx}1P!Pkx-bR2>ROdo-pO}a7c>2s;4vVK@^mlLFdHa(z4dV2L zg+iz$LazT}Wo=4ZWSdFPr|n$5QGdlGbtBCq?#1w%tFBUwwUNj;4hM5Szr_o%{=|55 ze_%e*2K1L~AqIloM}Np1Yf=U`mJp+<>CXgGPhj4}A8NOE1I1@U)u;lX-RJYbK#|tlSq`vfg{r*MHj;>K?{Cd>DnD(y-7F-dAwGU<94x-b<=wm%`yYjHr zc-GBj>tW7Q+xjVonJ+0Oy2j4p^kI5*u5#iw#Kgu zZpOl%?ShM<(s4-V3r%ZTnOX~R+b;PrN&f<9Q7Yybh4v7tSrss9l+FFNYhYANar&%I z0#d1bYV4g@nEF>)?`1xtz2?lY3f&%m-z^YJ2y=kYnq>F^fn}|frMaqsD?jadJ!@*H zpP~0n>I9QLZ3-s~=@eSCol6Dd5ITYwu5?W@Y+1UR_!*dnpp}~JvOeS?$52}RO!-u3 zUH!xE_lFJ?l0RQ=k)`zTK3>i3fp7%7V$!zuPVp+X#E%QBV0PSySZ!OZS9fG>tuLQ$ z5Fcg8;}42}TpMG~-vD}ydklC01fPn4@UG7cGf$`G=xIh-DquVfe%6*>=}fOg-1k~( ze%`@RSC!^*`>$t!(2!VgGRT#1F#g+^f5!6!kD!gdUOjc4PB5$E?)$5~nAAJ#Qj`t7mf2!&?#Ap` z47PQkvRk~N+8YbRpzXP>0ILwhE_KjM{rBI8UOBY~K!VE4oWE+4T>A4*HL3e&wYdM8 z81uI_oc{q6Vg65>UzQFx=n-4fAF?{=Iavj^LEMmZ_Y{I1{X?eC(n=qltQzydSo2jT zuPFZR4xIIsIGF9#A?_wLA^3X5wnBl~w4_#T(Kh4V&LbWr zu2PPr2X~e^NTVu)@4T+R?Hi6k;2?N)cQqMec#Af2}ztTcQ% zAd5BN%6MjN@zpEl*Nf1HGI;U_I%{#2nx+!|Qsf+J#Z%)?8wowTlOZDuhkGYJ-&~b| z+{MS3&<;=e>QXoQ7lL1tD1X|!TBdayFomycZeFsVxcI#N!ijk|^isgkJ=}G?6lo%a zb;4;@tc`olV$of`l5r$SQ-$sJzz_2GbA{0Y;RjCCYsvUz=4*GKbaD1=%AYQL@p4#P z`*!-x<;OvYs|%#Q7ltWb^?yeo$KS!p@0!-MX31lC^U4u5u3s0Lzn-z}{Z8XG2^x}( zk9za{ZS>ZFmjAvG-jCpj=GiQe&+u_A(Esi_*;mtt{be_adiRi~^7iJ-ClXu< z^sqzj+ZtX);%hn|Qo3(MP<$>XZv?)%BE*%{0SC!#rvr?eHLe}zum-yjRa3>LqPm>x ze)L-X*uU*%OyTQ`HQsn`G4OE=3I0Ghzayj=wbDnwFaeH+R2OCJ z^%Vxl*w*2aOEd~yts*~S`3Ix+Bq@sa+n@Pc{?xJWcDRhM?o2WMUEoF02YZ(oSa zA}eh!=U-5aAH&w?9k(n;ENSuO#h0oob#>Jlq>K|wtncx3CvP28_0Xh%w^2=>-LW(+ z+SmXbe;#Qxm!<|5c`ml%o`Uf0%?mWQYiY}+a;;n6e;iuUC}?cLs3U;)z5G{InQnhz zAHB$;4ABkNLyv|+oevkxdp;}S_K~sP%mhVTjD2&}jML=fN2LBKhrVp?lAQymNQNZCG_B&G33|~z!R@m2Yj?WJlb4qx+Y$= z=b(7CZ=zt5O)raz@t%MHqMC!bM3~E=It>w8)-?tA+>*3AFM`3qXL?tzXg5P}mgNh( zM#(wD&yITQ889OgyG(H7N-lnuQ^D5S+QPfE7Afp~_v7!D5U3~(4707js9ht52P=F7 ziVy(40#Az}>#)!2=Vsqh`Iis;ZV%niU>{Y!A20QgOzJ~>JIhgTd|@yrF(c$A0P;XJ zTW`gDRWI30f1L@IT>Wt{&q`Ty4f;c~_@ShLR{UzcX1MsK z=m$QXvTHK(7fclZcndze173iTdb1^o93`{An2oisxHAh^=EsSYkX_ijr1yr-`t8}- z>fxC#C=9yy84w~AoN%H@Qn;foAm_SvpL9D|y%NsLfT0inLsoTT%2RwHV69pA-bX}o zI)VTdsc^`!SxrN>NenD({eT5&;v zPy&_+(*QF5qKKJ^#0RG<=L!bj;K+P(FntIQAkfid(gyhJpg|&eepdRjdWb)1@*EnY zMo)N+_TG0cboJS_<(YW3Ii_Oh{!HPC^?d&%!%McNl24yfm}OnqOFX+q+SEuBO7#2Y zD0Zkbe132N-_2PcTj8ly6eL$RMj(@7dtwFtZ(jPJQoXS0d6yzwF9mcOI-g zxJLUz`uj0N{HvM6QGqnmQ9A!ypxB3pHzmOp2ZG_akmU)bWlJmbMI*H@#Iq4yg+SC$ zpsM9y%hg|m->B%r!5vS8DcstvwY9uFzsjnMTV&7jof|W&s%|@n&`gBf^cBJ|ZX8L^ z6s!(V7_V`3h)zErH_piTFE|Ht*1BJgSvuu=;{tP`j2n!1@!A5ndJQjS;J)Es1O%-~ zw&yYiD4^hxC#AVeJGP)^(n5?5i`a3jY(&<%tMlSLk=}~R=d|g@U3P}MELzE$TryfQ zMI#oW7aVrp7|^(XXTY6d!b!%-NZ3~(mRYb4b0k)VaNG2((no=67|=Dg3S+?_>MD%< zJGA)Z(APyWiUIO(mMW3-;&xi0st z7sOtCe}Ch;5&LRy&voXfbeA;pDAUqv62)s40*TUZ^j72vQ*K9s<&LPl0pB>5b->>T>kBF z%Kxm9@INIi`_GE3|3(#b073kl)zSa+_5b~GF{k_nu zK2`+C%bjriUwLl-FTewiv%ikC|J{H8_aBMDaJ&scZno`aFeq!N6Qep(n!ln^W^Jt{ zBd|%4qHv#QWhgDvJf-Juf)1=iGz|lbS5ZKpb}6(;V4N1_UDIheEp^0n?OBXXHN^J1 zDal?M_&a^fnv#08Yd5`_RkeIrKkATpJ5R5Uvq)rQ+;s{2`wWx;Wr4e{Tn^SxL`BRL zU!6%T3vlS3sc#|{j#XN)E=>*x%xj2A7w)ycnDmAf?k=lSD542K$Sc3-0FiS=A~H?a$;HSdt*T9*H&(1BlJicmJg9_m&%B<%zI zV07j2l5I2+v;gnQ2%L#U=Fp?Q*5@JI%&{|4A8He5t$loM^leJ#mt1bHn&Y7iiM5Jw zV|GwcqcQ%(T>iSJ1Shen%@EK9OYu8%4c=5 zR9oj_(zsPc=IT{tO+oipF<0s$Ck}J8tU4O3RC`I`J6-5c|9k6emBnaZQ zgO!!I+3KaVy-Ob4m^$`r-g02Qo^nI6<0`-8M-AKt;pk}W8 z6{qaGN^@<$wZC-m$M?#()EbS+pY)@m@x?wasAu>S5SnI_u%hs_k*&Q*nvr4bR zxaw;42L@tpJ%8Y|KF1NI{8EW22SmNi3F|mq0O{j`irkyNmZIRyzfKjPPSX-shpcU^ z5ADY*$vGI-_+GL{jxfKSG&2jFb9;c7j==?WwlM=}KNz8vx8s$${d}joyp?tCAXK28|?@lOd8^w;*#%95HoYL}&(b$QUXzbbk zQphZ~q44$0AK!QZWvMvLmJ7S>P*K+>{6q`^jVr*=_kb8l*9h`s!E8ZF?#ui&O;cX$ zb!qv@2~qBRjdzX0D5@h7sYAjnQvtDkO&L9Jgpj!ruY$Jo8!-%EI$Kn~Y_R_jxDSDEMMjZgYjUjov+% zv5ndyVA2ND7tKGtJhOeAR^R5bU)DA%@QuR}BpbI^lyge8a5qdo{NC4kFT^FOb9&9- zTSC2tJWC-%B!=ldi9Uj0i0IVgt``smx)j;pokIOU9&+RzE$b4$Ma7Ic5VU{c@TC*X^t1F`rN$4zI@JBiVfpPd=r^JUE*L z9AaMI%PKY{I3W}~97b?2ad``_b*#@67caLtx*y^Z(^1$C7A6sCZ1~l)%h*2RuL7*(O+9gAwY6u_JiEW|)oh9c{xySC_YKBXO50 z)aI%Ae%E{L$*Yf-94+1OI&|0;5p4(7CODciqYD%YlyC6yb%vSPjYmf$zJ=+GtAZO@8Cl#=~#V-nN&MMCW8tZz|EjdHKukfBM zm;)19)z@WnV+DfokIpcfwp!~ViA}#k1Xy9>YsSm$!P2WL_Le$HDO(MfxXn{FF)}Dv zk2v%RMyO}y{ldswZvP2{OQ2dJwj{58jq)l z8u{@5!rpfWG?nH12Wg@dk={X2P^xqhiHLL&K>?{z5orP%=(=pEXni>e`h)rsHSuDkH+1cc$lA6bh#ye(`dajSKaHwkcF#{vmSL%xv6ubKZ6BQ|lA_!Jxb~=F7|+a;DH6sAV)kXrUqcgiqxaLw1O) z6iv;V3&-8F@Sn^>i)Hmd^+e-hoz?aE{qR}rHe~{rHyb7Wh1=H}_-PjV~>7@r_6-sO$Reey{UTUsGI^ z?LKb)Z3;@0!>JUVRyKYQg4QHAd zH_BWVP_&yp$I+~jygMmNV$QI{fMp6TTSn63;&&Xe!UToEy!hHwtA^c@F{6vq)V_|g zMdYoiCxOOdM2Oj$kM#n$d0h{{47 z^JFxphB7x(Gn@??kVIa5&2A_fHoVM7yp9`cisqBGU7l59EathHGAF}nztLN&b`hui zWQjwIh~8+rrLxBRt;^3oX}3OUG@*9>Tx7SP`l+gWw=Ird z_sQxj+kG*BDBdm%XriHBQji-Ua2U(C-tMzIRabSBh4yInScUC82_Ai_#s-haR5VZ> za~KV1mJ?j6{uH3uUr;7H%d~bT+Q7=BRp`Yy_Q<0XJLobA)LPA5a4W~nMnLSoRvAS@ z2~`$a?Fk5v>r=9Hm>Ng%fO^ul#VPtq?0zK(bSd~vbV;$bAE1!`ZR-EEDfi>& z#~l1(4VYXnw0=_k?8{jS=IT?vCaNEQD0~KQl($};2dhng774{!9_{~E5jx(5(jquecd9PU3YFAXE9+M())V%KX--R|G#EKplqvArHFD806(`*T(L z=MoP4)n6*lCHN9l!i)(M$SqUn#w=&;oOFC>WGUb!1^5^W5O>u}0onwt*!6=D)>cAP zr$PNu;CChr%|Y;<3?Zudme+s%x>*5o7Jz0s0Gir4sa(6v@Uhf=$HgrjWoYYb1^}P7 zS~uhA)HFq^WL12r!&bg4DuQ-2;=rd_dUDqkK z2KSySaT!^`VcyX?Sa|6h-01D>RH6GteaOz?IroIR(-4ZA)QPp}dt-a5meZo_F!3Q6 zf3^vZ>t?@!Dr0Y9>4{EuxMipai58<`SWKEO5s8y&=99S~$q;%Yzxl#!Db!)~>*bK3TWeq;#8Y_2l zuei~HIOcAXmg?j!9d7&zVL%)E8IkxX|7QMB>fA1pjnj^@m20iRd2wqL9{m|F;<*S| z4Yj9g&h}4anybyLddcTcQypt<2 zDf~EX#B(3lRfjX!ln`vs&eH&GjAamv!(kduSvYGTmkj9M8+;KDq#5_S_o?&c%afJ- zT(ThleWTz$DdCUtY$@c9(+E27>RDU#R>_B_OwX>z4SPL=nI7cMZs6+(4&&TwBNgRN z&8jFk2{cvbAPvuk&c7%sq15M`v~SyqkUqVUm2moKy`dxT{WqU)Jxx(Vyb{P-#0H|u`;EbJnHK>v&2I5KbG9+4b)XAZ`*8*6GBT5#sm({1bG>+~@_spz^ zp2EdqeIYU0%>lvA`GR(59OSsR67Cj@Rj*D}%d5BCKSp!Iu^ZU4NaT4@fG9G3FN_x@ z2#`RB00ym=!<_1w;W+DL72HVV=i8jj+lYthF|S99HKY{;`syic-+FcKX+N#ibE5I9 zRem+unP+5TqD`l02d!|DCsQ}Kyj&E$+EIM&Hv38G6jgNd`YKHxo_DAK?|C}!Ql`HJp26Hlus&b2K) zE(*P1aI=kf;V}injF?x48AbG558)*E1R(tU8#{PHdSXM|svRzuoNJ_&8v= z=YsGhkYf=I2qviSds@S?;l}+0Hl2^_UcD@~6c*g=4|*kbo5j`jj~NJ7zO1p^1N4J4 zDnu`THmKTYZJ46M-@w@drI~up)JCig047kV@hr@)Vwlw!O0`nC%QjZL$sTtbEekrL zd89E%Dii94T7S1{VDb^qG2Q9Fj)UAnCh7JkJKQag3bW`G&a8(Ni2Ui6W1}>j8`pMlXHzRpS@Zh8Lx7i)3cN9&HLG!M`R|^ zjw?^#0ozao>M^Lkv1fIr7fXb;l}uW5$4FqX169d7w#IdGw^eG<`BqiMt6gn69M25b z37pb&cE}7Dt&wMperZ`vuq|Btf^==kwI!LBu7GpzFs+5KP5yVOffcDG{QmMMMm?)> z5slSNiKU5J1HJMxHYMY4o@T0Ag>Sv!G!eb0xcDWOK_mbAA?W<$jA?jaHCO9;@Tf@8 zt5Mj6QcQM4hD~{V^q5GNEni8galG^0YdV=aXYX}9?$TKOK;`i{-ltZJW>pZ5J)$XZ zMTb*&Zd=2D`e5HYpzH2sb_kM$1z$%cd05ID)axkat={*2J`F4-jW4ZmYP{kMmGrdH zgbiRDL|LTqDsm&OjpW%q>2jir>eIumJ!xJaWw?&c;V!1(CHuD+O(kznEam4Kt<j(~ zv5=mv``FD~qvQRrC4zs(C;WH}2K|_Wf2}$Am(fI0O2)dzq}fg~4sJQnlM-6%iYtBg zonE{vcRr<5d&1y&OeLq>a4UAys|AiJv{RrP$K`8QeH0eG{wnuOfxcz+#ef$ZDs9@- zDr8K|=-~Z(dmY0!i!1vbGER<}Hes|__{hVR&viKZw(&VaE}43Df=fKZN-HYrY2Q>- zJY`k4h(pcrhS6IjBxDoaqE?qDGF#ILOVglcSh^LSTcl}Uy);x;03As=S*Cur_ZerH zg2(EZa)r};1Wupp4b1^rDH6{)4#zGn;5jhMJKV)UF5oe9$@qG_NyUKO>3&+N+|RCc z>bKr8P-b2bCvAvSl)qOwRY7<+%z5@LCOjrhHP38nN-3vlCu*_`nJnpZTEVs>xV7KSx5cAVwDz+x&uRh^;vSZb#*+>*j+Yj^#k`RTSe=^G`@d=|6k+uEe7bfU>9 znCI&AnSyh#C+VHL7mJ!KAG57<9W>b;7vZE!eB{qDl9l7RQaYtYQ?LMZYp3_$d`$s{n|DFPw`W{L=8VS0N>2L;OmwGQ*1oKu(WF z90#G3|in74@&YDA;f;=$-IqZ`2{1NrfNNvbJZ=l(b1Gq+`POOT9qIV47ku! z#83~E_Omh|i^`@`NX}J#s}=At>TP5@pPg@6?>h@wUfxI*#jUq6Q+W}&xKnwx=6qAz zvyUFUuttfw2;6jiti?Oi6Aq@SC7mY0@#f%Yu9uaSDv0zux||eEcFsyarEWp&49ItQ z@EwSWkwvU3r(30P;3hCJE%mHwtMYoeIG^LT2;R@pI};Wafh?Do%WgN&q>b;JK2|576O%BIxp8%NiacL;!Yc+S;3#u^H|<%)@T$+-26R@)(YB=t<*(cAK zZ)7lQZSO%5x%qRVqhE{w82}7eACR8w*S5RPHgd1DxI!J4K)SzXb>C1-#;}kCY?a}!7J5$&hok@kztDoB6j)H#wGBMz)(>^S|wJsnTxh3Pc3*@ zn54-3B<&`txY~zzoW$&O!^BxGW{d|ByqMOYt%#E}fo6Plgmz?k{l4VJ+*v~Rx%SVM z6JNOOhjygqQjR6<><2XLIa}Lhb)I-CpFP-(9D@~5rPvSOtg)AD4%vg6f_TaGs&At#~3ZV^qQ^GPH5EW zOy!F^nf?TDAK-%SYXIQw9vZ-LD%~6Wea&S4Q$vs+=l!2e-2GPyLEE{?3(Lb?F#2lS zw?(sF+PL=QD5M_i;giXWe(t7!zsZ6)Lp-_B_3|abMQvu=3I%3NN-^r9u!5;RTC=#a zCb)(AbQP4>l2(M6y^49}_TCXF_@W`9*X(T4bV@STfWWYm-J(H)b$!GA9=A6nY)Vh7KsDZ$JU1SxlXlQH zt&n#BaCjBotiq*U;uw*#gM4mH+N;CjLU+dl_)f)jn!hQa!9CRGg7?w^PF6r0arWFK2C-^@ zhSTCw)i4Lc4K%ciZ*1Ilh8|D$%)9I7%IC9P+bz|3E7qJOL`JSNRG&omyfNytKy)ESHkA*G z))g47-MA>WS2)8w`j)vx#$=A0rp}w{T{0gV_|MHrE7z_(6c3HxMo2K!N7G|MJ# zkD)d2e$uL36Xw$Jj!Pz+n_A?lVt4j(Iv;U>weflHaWH7tcv`vyb4vK$x)z2jP()r8 zRj6^MYQRPKieQF^b8%E5?16qZ-|{NB#Pky3p}P@;@CDputh$xEVvm%~dgUOZ5M z7rp90XfS~9N#!Fb=*OzTm$1ZafsK9Xm~D3ZiIvgSPumcjH3HyVZ;8Wa{Q#U7Z|@<9 zN(yjQ^w-8m0+rR-CzvOKH6u!I!QzDRF66=~IF26K^(EpT|CPYbjTPU0Cvm_+B?zz> z(me!8OoC^!>tz5hlXgHXoDqVLP{m6Q12D5a7VyTEPN0mt{C*(=I2O%nS0}-TAMiQR z#PGWJ*d=Bud@p&?AS9EJKb{Yt6t9F`(+_+v9^*So2thu8(+)Q_LB!6P$SwSM&b#Y zZvFtA4?xJO6$x&q)Z%aHCP#w}r{zsyDv%4qNip*_tL3X!Uw|CGD&i{v{-3l2Lc{{h zM4Hhf=$X1EGe%6Qj#gp!i4^N>HdI;AW+`dg1n-@c>-2Xbothh{ueZ%~m7HT{rJ)UU z4aP(6d+I2A-NBjfAaJQ!OU2{RV5n675%h-&=&1_NWPF7m9o52Zv2BJu&6x?f7WR68 zIZBvQ>2ylk5$)r&{-fv&>aHB0izjUIbe_w|s8&Zqr^T$r*BhpI*eJW zBe9}EFotP(K#DNdzHY|u!M+Bvtgle_HY&UY!oMnhjX95Rjs40qCUZ9X<1Mz)SE_cl z88%XzB1RD^7|SsDj1g3|L4h0lC3v+kdi`cU{?d_gkpwnxJ^L(5J-$1N$B5WNBMlXk z8mGzvd|)>LA;77VlF9t~nunkxs)9J*MwzJ7MaB2-kfwG8jaiunuQ0zn5lYQrcxBeL z(qu0&c(<_?Svvd_Pm1BXhC6U`aBp2$c*@tTF&{|iRV8UJR9qePi726{0UyGE=B&xFqa!Gw~zS+M#h% zj7YoHBOZbr=8c<+DP;9;21|wSF_u@otq)(E9piHs7)y`h;7}hAm1FlFlpbuDU$kSu z&WC_)4@9-FmVxqTr)h|wC9SJ7XA{Rv>pm7V#l^)_MDY^0?S^2fmlaEK*82h#jkCyp=i@yb&|4#86XPr*%9-=faJQQQ zvi6sEJwRlno}LK8M^4USTuly)4pX1tfr>cU!!;_U+}{O%&}(;nT+>tH4ehM-Rdc7P zaPbA^N1jLK>vbUf(Dj`+eez&*ozhH?w>%pP99Z4r|9W&7&s)AMRsOOk`c$0mr%g=G zEb(i>g)sB4K9TuTB=Fe~966!c6WAfuPi2THglk=CnH%KTEHi?R5XsJiUM6ljcta?+xt>8NC3}dL zDk32!pE{jaFIC=UqnLMBA@+t+`L3IFDm%9_>D>M7uRUQWvlOGbX?d~nrb`?T!u?GB z^=^V1fRmY%`+DX_erhLuKV1twVbvRN`y}_14RjOiR)tXR^RXWoWzo7_O?x1U{4z9{ z9nfyR*~)orzyYRdd%COoOfuZbq8w$VcY4Fk|9;ru{YI5c2TC$(xtHEgApUseOkBwo zK$X_-d}aUk(Pu*&&#gLn&=*a}IOJ$=E6CwurV;)_Vh~)Xt|m#f6Gt_Pdv?Mw3kAEz zhfi(oEo3TcZACYCo&fhn!5Nx;vK+#*!P!&}QK=X85-_;0uoqfAca`rP{vD#bki>|Jk_V?sz z?Jf|+Ye0RbCuI$F){wW%o!*@C=zEm6q@bV%V3ggnw;#W!v$K!f#l{o%=({;Wviiki z&&*x9wM~MKXz-T)frI+j!a@DJT@OL*@fPrgj4gcUWX&O{w-8cMhVw&n?Xs02_bE() z7;&g*oO1;az#C_7Y{xG+J=aloOO5gSMiGQ_b03IM+wCz^2T1rLL$g=O@NDY}5R0C! zX@u_p316lG!(NY>s|4CCV1>W|Z!3qR;d|Gv06u?8>%hN%+PD9-gZ-Z8NHI8|L``W^ zZP2ufS9WAeqOv*4Ir$Klw2D$QlRpGOA5yAj5JPeX!w@((CG7R2GZ833W~t*BjtWyQ zaJW&2Ui9Y(e9u`{$oew6Y8uO_d644^brFU3>b zMXO|laHGm(?)=4Pyu~K8W?4qVMcD-rY<{x3*#^2U%iR~G?4--qhbH1LBc6GQ*|1vr z!|fo?yiQ>=i;WlDo-h_>TN}u53!ShPk9pZPb*{FzTE*Ar_S4DwwIVu{Orz)#m=R{6 z{sb;4<9)%RZguBumm$mP8&}%dqu#c&d8<)|Qd6+JKUIZV*;W{NIUIy{!aV6m#rwf% zP}0TK*zOHe?X=4e!zMo0TC-SZ8tU`!pL)x)n}DXKfBKRgwz{Bzq)ohgf06wRN&#i3IHG(p zU($Q`_|B~X=Q=jDc54p>5T&PM{aQnF29I=*IGI@W9~n})^o}W<&-@*~)g$dml75^6 zS3o_t*9e4p4R&D`0= z#iS873ORFXtxw|}S+qKzWwa_cQProHAPH|!jucYoHa-%kXzqqyXN3~)$YXEOcvxcM zn>o)6xHKoL8?KaYs3dTsDI=u%vn3iBRxV2`P*Xu#rs%ww2_1V4o$?S;c`cOi&D++` zQC5<}r9|9Hl=xsuB#| zwyo(@7E&?hPqfdYzWJHvS#@~AE3Ywt{=DVD(9JG475ET#$>mk;6i;P;;i~JkNXGp! zlNJ`mPRWOk8_{A0W|)>Lz<`FYBBZfI(a|v*dd!$ZZWU>tBF5WPU!EBoP zHYH@wV<(~sqv@Jg`Aqgx&!h<^K%ECL^bPTy3Fbk9(6l`jEET5){CWutgGjBvaUc*fYsO8-0* zvJ!UBIm^$h!*1&0$LtH^>O$IGx8wLKB*%wBg%+xj+#>=IMg+wm*Ca^fBK@(VkFKwtQ)RnV-ZLU$1qas|upw~l8jH1^C; z8CW^fFS1(Osx96J?Gjh5W4UkITg(>gOa02XTU)%B=Mz2+S7?D)f|RJPWaU70cO|>+ zmm!!^IlGmhxzmNSabtH9p8Hc4x9J7GZ)1LsFgu7`o567bvMrDjc+;5G9qfk;59um% zl*JUT8B@UuoFiJC?YeCaf)FulxTk8Q|;tU8J0jmbQ zD+Y3pnoHK`$dfvWGh37$P-I2WFF?B3hzJ_>_sho(t1(pv_}lxf#keyxHz#*z?%sT! zIC?wt{khECdzr8KPLi>`PJC0~W#{!lfets52Uz_f0$?my`_}hH%>m(39?9mam6+A+ z3>S%O%jNrBDaw)WrNv${u&I;JweQ{B(ZG1d`JqLFQ+OajbQS2xTGuC# zB}nIN_EX*(05x{X=cilbzgC*_>sk)@`${@7M4*KE_u-9uDSmUiT%*!%j4AdL1V}2| znbj)OF*i#VmTiV&WsrMC0F3-K6f)z2Y@FaXvT}I1HUG9^Fm9YIT$fp>;pD7^`iDL| zy6{oTS)2sQRClw{Oyr}y@tIUKm}apvyE|XqDn|Krvu~}IeV3lwMF~pAvC3^8L$7D) z-tv|+Jq@eIjS8m*VJ>JbC=Q^Rl+un$b&M5eGVVliG%%-MQ8^AWj4+{=sH`aY3DnFG zn+5NjKk)245Y&HLir9r6f)G{kEWix$2Ttuj5vTUu&e;IP6bhfU9|E)tPP+k0u0}`) z+h3&trj?gQc2k4E4Qb1wALoIjXC2J{?brO${Eh{XX-~``_q_m(Ucul4%ik;luUNL! z(Tw2bfXXyrjr5fd{Q}4xOadmq%^?2Bw($RYOZ3PT86FC1S6~?e5ff@Z=cf{n7*8X; zH6m5G(%l)sPDB8?Mo9bH zx;O&*hI<^;JY1|}D4#V}+}xe?12O4z=fW8QzhNXxV0tEORR?TuF>jj!krgSHtollY3(aPH>hNq z&Dby^IVfv9f10VHW9~BGO0x*VT)m=1LMCM`!IwZ)rasoA%)Q6oP%#K&!LTVO0@b(r zm>Yeiu2EY}Pvf>{10~!A=|Gd_&c{?9+jh%)I^-!~iQj=aXEF5|o;i(KbwxQjsx}V> zO8e#Hqtx!S+4Yuoy}e^0<`H!nsN{h}o%g$MHi0og&{1@=88d{ptz?idd0R_*)`!Em z=c>b*YaF%af~`D3d-nCFI8%!}C<3h-L=bLHpIngRn2dGEGA_y>Dyu>!8_C%E(!t*A zm>*@vbf{dQBp!% zOaS%pPa1%%jY^r<r{Z8^cO;uiNW$E_fI`xPq<2Ofb762K!+CSk1n47+WDiY`}Q{SM?RMg1kYLxB3FT= zR(bfEoPoqI6t)*qwUu{Sc&yTcyY2$LW>Suu*Gq>aJL^sz$afkq@RcXX*@x>1G-64H z+b2(8xd0Kwk@f3bG%)2ED$5oEYd?h+ogrrBtee};sV-f%B$Jk_QAfz8AE^?{c6-8= z-Db|`JwL6INk6@^vQ}m+Ih4DEPrc=cdK8|C)_?i(L232Mp5zzEU{4YtJ=jkO(gw!I z^Mm)(fv)h@At?PO7JLYz=pig1GOY^h%K$C>S8#lCf+vLK5CpukaSJv9G?^7rw=}$f z9`DSBL(l|0yiq&n;AAS$DaKuge^K`2Rpv4Rgb+W13D+B!a6P++AmE0bF}MD!BV-U* zJ;4jl@!Ejf5Fo!%O&%x;ei(N;vwj24hl}7OFig? zsP(E2y#a609D-ur?A1#U;6PjD^={3t20zz~SQUxCS-^$K_d4BN1D3Dn9Q7rZPc3!q z-$bNas~TxD{P|oH!tP>IH}`=eqU!f%9GX;w)Y{I#iLJ$#IRysnR=C5@^64esQa`id zuW_|NF{%f2ZZ`Vz`ehC+hEAMlv#WwE29SxJkUo2-Y>=C-nSJJJaAuVMF+-=;d$wuS z)#Y!?<2E*K`5dLqiZf(BcZ&OTLeMmbO#KomNL$$*0U$<$<;a_pxo!;CO3^P`nCEKc zkXPRDH$SP$pO{C%!*ZXQ%76Pv-MK$^%l`tCiOn}OGQiivhsTk9-crCa{=u03F$aIx z8u-7~CHOs^gx`42KUr4!&4f)iy!3g-Ye0~x@4Fcc7{udEF$jN{^0eoJb+f*LZI-PG z!5eWOj9;I$tZ*Vaoo-2zcA9?HJeJd^?n;SEvdEN4?|P|bxwG$$^28ziQ16*DS3++^ zUcN)aLSk74a(7tS2Kb`}4O}}^+6NT*Kr6=z%x2h*(&C!&sva)qWUCEw5q`2UH0nM% zH)8tC_52Ik5!mn*3x{}$P`c=xiLI%CYW*0@su$}gGl)`7>z%zPrhIu7xokc%1;J0R z`noDoczYOVzp}zY;Yx2lrd3u}M`)J^k62bao^HxN=|{usot9i2C(Cl_HSuSM5r-B| z#@bqJkAJC-kd`AV8KPhE%&3!6J*TQ7{Csq9)SGGds{uNAZiC_N7O2d-QElKBQb8Rf z)rG`F+R8ln+%w9;X3;%2vCP?YO+}h2twLX<7-%MeZB)gU=S~-1fgHs}!N646sc_-F5UHxTweyVALA-J=s2QGGkk;Q( zIkrKx61aFO;0lX2w{Ik1vqxWYf}S!O3Oa`E8CfQ%A)bL(SX1}t^tgiIlykTc)Fo29 zmfJBLmum3R^37t~ggdtR(UpFgpBP}Ty@g{=MMaC1LBI=r_kd!@W3DIPmOTE*=l>MX z@;6~J&s{RJIFtcPtAXzqaY~^tDXi;bylS$nvAY!piFTiBX=g=tE&K+Vgsy}Z6Z3gr z9M)6@LFXImc$+7W;`p-`i8T%Js#(@TxjB+pzvx9``oJ#c7Gid)u{RP!wE<}A04%)K zO@Y?Ofvhv%iq`P-8Zv!sS$gPv_v?B`JHGBS^WkJSMsDbpyl-pUCkqB)*Zqwu!bY`M zsBCAt%#QZ1tOk{NcwX;Y&r3pnF{qn~P%jF!L-UOGbb&yuV0U$WHa3L~ zd6rr%MYmjbTaqa4uLZt{w>EHqPYAe3>L+CQ->NpSTM@ZWS{#}p?l>k%RQw}m`Vlkz zk!#>bJhl%&1$$lksbha7z4l+nW8aU8p`&cRoWk=FCUMUNOuHnVX!`0-z2|H@iARL; z`0SDEvK(5VhdPFdDrFfspJpj7vb{0glE}z-#uz^AdG-?=6gPc`6MfCF`~i4j^Mf3e zsYbtM={Vho+63;<;#mPpZbsQ@YAw+1K1oxq#+|cS3)0e~cF&cAjg78EUdd{Iz{7hi zgD?8g1%9cl+to~gcrYr2HW%lhTRJFwoPKjMU3jYr?0D~KoIzfL0YFAfsmvlUPW!W42V7=<)k{?G!m{dkbth}dQ9!8;s+ z)B}M=dYk9McZz`jS;@2C?8EB}ML%}|8X4c!pOazZOVC#L#a3|XhuE2jlb7T73eCQMaS_urteWUBUQ}wMW(ZM{^^WeMTbxls zlpW$BM`&;jnl!dgsnVHbI>vAG9eYkA8=Lk~m>2HpboUXy(q8+A&Z~w(X>4~Ysw{5B zbSiG-B-A*9sJ)$Ukc;lCnv9OZv~e!ZqiWb^AAvRq@yuPeYn!b?caFzui>P5)Oj0HG zy`Oq_)yGax1;9^8>S5!gZ)HKIc z%(OONkXM~?2=-#B0o201Vl$~k^-F6u4YX?v#@Fsx=$xYEtupaz8%y!KO&oTR#9xw% z0yh~)tVB)khs5`HKySBvtSddQqF59zto+;|2>Bo(qcTb)lZB}0KCe8dqw!xcs{+LOztKVa%^Tv6_x*Dmryuk6 z=lS}Zoq6BmZ$i=4_iH^}cy$5;jiFb-1;7%=eOLCIO_pdK{A*;A*EO#$X{kFhgcGT|Icg!3W>7{Ti=!w|H$Y6q`3NT-dhEh)ivY*H|3At ztq7>23_HNGH4$V6>v^pXK}YdKxo3OLHoO=7-r)cQ|W?4^J(ytEHv-*%^JIUR-C!D?ymShRQ*$@%%I$o%zNe`@FH>jT0PqN&?o zM7Ii!{(`UhAw%;EKf*sUz5Gud`)~HLA8n4G6wQA#iuhBT!|FR55HM^YBFgeb{SHB; z)UjB$X0}!Qg+kn8ts|NT5q$a;QRALjSCfbtPM-6weeA{=+~ldJ(@AMSD=CrQ&K4>z zOIbj3kA}=!;TncKsI<dMskp3J>>u z$VIWHwM@Byn~odSw|OVk0mGS*SxR-Oi$=Jt_H97o$QsY+l#u@&(B06`)S8~Lyu4sq zke-e=If&?!t~$FDukyJ76=sXOk%}vd%a^%$@Jw37`nV}H4Lx4G!Wd4f5N~TO6!$U7 zLoiv#kjD^h!TH9aNjTD{ShSs zfbr#Q4#9NKOH8x({eVvRdB49`Mf*8Q{Epy61~fb{g$n0%mpTK@p)Pc)Dze$WhSTst zB;{(jY;1CIR5Tf&-O}w^wy8C%V}mRU3#(60Lig4(oL&t^@`#+N+c3LIp27Sn_tGN) z;!$}PG?D^#r7yf<`atE9N-v*S&AD0!_7EREbd+B28^uO}whQbAMrxqwN8~pl5>Qsj zex!9oV4U3Jz*U5Ep~%kSiMw6{^a2lQP!cZElmOtY+Ml-iK3=0~egPZO;Yj$_yT>bXbEmdsApGVPQz^(}66<#qT& z^;pUoiJ#02_?zVRkkzp6a_#63*0R{qgyH#TI`>s>}g!REK%B+*H1dPE_4W_*YvbEd~*+^asPFFbi@2_`J)$Eun46cI5l$C7>q?8oZ$ho zd7dw6-zhyHr~L&#XzmVxK*|8LUn?9Am`ueMP3aaFki2}t^g4#2f3Fk(U=THQhQ7B! z0RtLBThF*;CV-`mK_keP0~%BKd(-1aFJ{kn$ znhkIY7YC|Ev$M5HO>ZY~tRxrpAA576e)ss%6UR%(5OL z2>J9h$t5ReO7}0xxH_`fvr088Fe`L-$Bi<3s~5EdgEkQU$YWcG02xl6>T+9;gtBg% zFSo+gR!>f>+O2iaS{1N_sIpuOwYz!nK6u;cC*hxOKsPo+e@(?-Q2`ol|D;0XkN5v( z9skEX{`NZh^(MBu`m5eh1$hlv0?UuPb;)9n{WHCe>HO@>H@gveE#cRN#NG3MqlJ|m ziW^Sb2M0hlgi~=-gqRaRd=|O?RRj7rq0Ilw|4$tF3v+iTv0wO#1#N9XqM{jt1qxdJ z?u|a9@U*}Z;QRL-!G+y$T6?KO5IfAYPvOL3;^2;NmQs2rVriJwWXiHOS$@5w`A7$m zKpMsvv_`dZbWgY592ZzU+_)Y(3TYm*W8F9E6_vaoNu}f5M%CS&W*FAw^ddkg^s?>~ z0doG+N+465I-ms8I7M3v!GxF$u1k$+of6d2RIeMjzll)jew@)2ZU_~B`1nY)#Bedu z6Rx01X6%EtfvP!qu#k4LZ$oQZh&YP!FrTIXc<1_H6p6 z1qHFUm^nmFQ3e8NMOyc1=DvE)5qIX=xu)q{IuWHip+2(QtW#tz9LB1+IuxMkI|>g( z)auP7i*!uRUCiGlj7Wtoi)R=mV2Ii#UAIhMyt}iz*HB9{U0ytM5t@mCKa(d#fyqaW z8|;nj%r&JQO=K;uv5cy-8V26+x_5n0e)?YBhWD|%aZ<9DH#{lm_i{v1E#&yckR7EB2Eh_ubJ<$|-c4q|iQJ){RVR6LB5)mNGIsv?ON$OMSZzPb7T zW-;f->)$Uy{&$?~A4&f|oAd+jF5ewINv~sOij_ba;fN%Y!PoodhRY5?CrsJ2L^XYs z{c`RTWxB?`zl{#1tqPPKr$F<8o`f-=Q)%kYPT`W85>ubb-+k3SlS*eDhn-B4cohF= z+_3FRP+9_m5~xX#5|;TiT8VT=?oW9CZ^Tsf3%|{qL4*IxH`MQO)BbUc?-LyTugvq` zGE;tNYW!JK<2M_K8ghNQ;a^Ssz9%@69%KOcO3`K;(~Jtv*sW!vE?%(PPBM0Td_;Ks z4e3}6UYATyXCUS&_fJwQ za(hDyLK7oaZE4>Cb%GJI%6^ROW@L!D{qqh1Dxc1TF>Mk05|m@!H_U;X@Etp%KuW zA@HYeEgym+04s{0{(Ml(M7bY=t|M^=Tv$Lr zHwS|ED*Hbw~f2nyQ@`G+8GK(1sW{}KFk#K9op z7E$V7W@h0pv$CE4)u`sDnF0SiD>l8CSs*{pOvF#qZB%-L%;4uK&-i(|hYA7k)c?1E zgWb!LpuqWO-8kupl-D2B82~g`xEu*HuZ|Vhmz@#{*)b6#v4lT?|NOc0hmhD+ru`7S zpZ5QeQ~bvlMY3=C#??*mh(>yx?9@wYt6(h~t7yG_0qQh=w|SBW2pcXe+VK!%lDf<4 z5|4L(4?K<8Jq7}pu0MTI{%w}S{kOI{DjO9ekAiQby&jR--peAn4gsDvlGZdMk6y)u9ppx86^vhr zc~y1{&3kdvC?1Sm72OZR=hY_w+r&Qn3n@tP-)}km;?LK0iGciRu?P2v57 z;Hwn`9|3^U_3wN~K5Oq1m>o>U*qklI#D+?K@?i9a6g2(g;3b9FlhdlGtS#81=OuyBMbjMxB0s655+cl8^`alG*CJ$ z4b~VMA@^Rumuul4ylMW=CTI`_z-gtpnNXN-wiM8Oqsc+!bftihVfk*6G0SF)<4a41 zFM14*as^=g2?_Uc^6yn-E1d*Z^Nsf;VaEZB79CH(aL^fo6Lt8Sot{_zazND!pRNP) zOwVm)>+Qtk9{vN3cI12yK}(dNhCiq}2(>RXKdFxT)F#CAx&Oms_$sOZ-bfFDf1F?< z93KPH+2Qf(R{RshflI{hP$8FL?l^d$Ac+9zrqA{PKM_yiGr^+B1^W=dnPL@4nSoH= zUjT4*NvjscGXeB2E=2w7jAf~d0ei7A@SaqBA_O0W5&gwSM~lhOIt3K%Tt) zWsu(ULC&K?knUTDT_8t~(F8;^6%=r``=T~r>RQ_zXbYHD(Q6c*8sb`F<-7Z_on~s& zn0YECK(^V_@GqMlkbQq}dY(M%Vd!e$|L&&qqo~gzZWDFRrp7D3m2lp0OZfkkaprw7 zkZaC7V@+Co1Y1at8Q4uNzeRuIg_XuZ`83%YFbKOJKTp&hp}A zmc5&=e_v7@im%KMA4&avQg1|5O=hr@O3C&2 zVtY*P--|nne_Oa!s~dRL*G#9ASgj2J-q|tSvkK z(p;873J`Dkrsw|mo)e$e7MF>T9nZ8})){@jV+)<0sJZtP7yvl2|49S#*juCBct=zF z*5}N2t)`Q^`L}*2ZB{RCxVzeC-c=q@J{FN%XI@S@um3x*46xjfl^E>~pU|%1R5TB@ zyyy=;R`&ZY2uRO31fpPddZMEJ-lrC)sECHb-}!j~z$k;guvagiXpKYkJ~niI48dUY zJInBS75YePvE(sWg8ub{4;NkXZ~d-o_Vrql8s|ewcOlYK=k(&UohmAH^k4r@6i>dJ z?M~*^iHiHdyDd%?Wk$dA&j2vYxk;mgA|A%o7cLLcVCT8Q-}$9u(BBzejbxU2*nab+ zWm?ZabHv{Z%lW4ytAF#W@R#!X_oRXSRn+Di=G{M*N;HFDJ2ysrx~bdnK!x;`p%q;6$T#b*>I zL*Z_D=eA7pMKA3A=PmC@Wl0|0;*?uPu;Q=bGUZt;F>8h}i5%N%#ldYmhZV4$<^wM7 zlAzBz6fs>?FC+IKHG)pOvy+Nmy4pzu6Twop^kXjGpItHI%#JYv!HOY|Kwok%}k_)VTwf%?pFCY{f-%FZ% z1ggEC2%AiJ_?mp!S$o_WIv{y%__y3CS4^f2=50oX9}sm2*hU8BK4PULw$z& zT13G&DljFtmHC9TjXRWtDonKImk*OuH!e zz?SH$%E08((P2&XyC=!T+BdH)6jll_x6NOoDa6YTif;D=q%aMY8D9HR?H`geVbXE= zCSSjC%i5pG@6;f zgE3atkudG<%QBpqDx;g&7<(lDMfv#jZQ-jJj-%4jHj*C;R3 zJMnz4&X=b;q@%vGrF8!N-kJVUyJ`An7flzce^j}a&*v6PIBTzMbMLPf6m)!Hi-ZCb+@6wO!E7X z?L?)v7hi^XiMLJbqr=!~>(uOqo`*+e)&7m;891b9vFzR{(z9oOiVlhEl*oF;-pMdp zmJ-cMP}n5J{pPvl%Zdt+1!Drd za2Y%_9nOdCcb4NAssQ}^4BWznGN(4#f--!b+P$!Fdh<9F!udS?+RQxM9^XrxfQt)) zrXz3S`H)SuPM_RV5$NA@m{=`SEzGq)N{Hio*&LRMn=M=Kp|42~xo_l{@>;gd%3B#o ze-0-n6}_^?yCKq$8ZZRsLbCw7i8Sp%IBHYfoGPBcp2^93AgjTYZwwZcuuxXPFZLk|Z6d>`TKOA@J8{Ck?(L zc}DSj4%;<+)yrky=~gw}YH3XU_TxB3Vvz0=VSIi@x!=8swL}Dee*-Psj`_7TH^wdV zV=S@u0?y?4)7D?K#tmk1m@i#NGR2EF{95NnvDjuiMiiVe0DhB)Pe%qR#RqX%M2Nhf zZEM3F#>)jOWp@>b5xTGsyI0@R4C)v}2A4y;7Q^|=JP~V6S9Nra3hPe7l=%?}dZI6d zV_3DeVnC!ilB5p*)(J_)0%aHhM!rAnknxb?@uiHDh(ES*v`A~a! zK!JO^6SFJW#tbs@YzfTkk1TH}uRUXP39Xbu8&IKP9iE z1bNbz7Y)9Ra2KGd0T{5t38a+chzmKI?qZGRe9Y3-+%0-rEw{B#Ca8?pUXx4GlLk$| z2L)_rpknrL3!oUUJLF6XCXL^{NJ`o6O|xHE{J6H_Xd~Ks z2!Z5vO~4jg#t0~(ie_QsD0AExD#fRHtj#7=A@WW3Ss0l;w2YJXyT<=43dE05dP&Sp z1TozCJz&2Xmbzp)*GyMJ?DrFM%~K^S=Z;Hk6xas;o)=Z#(N((@^<+qX!*fJAl(A;i ztVe@Yv-92ikGgpvQv>*8cg#QrQXBWY6JI>MF4{S(T&&h#X8aXmo`{x{KA^dNTIahi zo%8w|s1B4#9fztSuI1fGZw9k?mg?X*5~dnt8>-DB{3Vt#i83@OP4mDdcSU42@BxzY}20`0hx3KmD0jx1IK5{2~?|2#+#nU5ff4sh0$d!+b=?H)T0d$~9lz}TO+O88%A6L777L%-^Wh^I5wiVx%;p!Zf z;qdF<@tmXks9A&q4iy_589EXk)YH-6{oJhNjeOs+^wBMeBg~)gRvp_kQ(wdQytj3k zy`el;%n%r4oM=*jI}2sm&Nnuy$WZ;-m5Jr4c{03ij60awtlxA+zh=rSXK39;}d;W=nbTK&naU+eM=rQwDT_&Ue zps&s4^S2POUzC0k(*Cxl*lES{)?l`BjUDGg4bNTaB(j{C9a<2$yAr7*zyy!LC82r> z;^D!~i1c6cxP^^m!LoxEdndiK(#I!n46-}SrR$$g*%xpQQHcNVM%|#mGfT^V1zt6- zWaeYV{6zz8+#g%iS(F$shZiv*-jo@*4&=}=n9Lseip;bH){O*o;_Yaa%(Mu5Pu&E` zFYD@>K#?g1@Kd$14bHs{s-S2AfM>YQp?5)Aya-LcYJ>Y`N_q2O-IMO7bm}+jt%R-g z)IB5_EY|@aIt-;J9wD?9Keg;nv?&dEmoPCcOxn(7_1KCYRLXj|3-4JbcYVIPZIwIejz^(Tjem7bZmYjxui z^J;xC3&|2~!z4*MHR$3f71%ci`thWg;H((95?U%5uF(h--|t>fi8MOc50LR`+=>Wz z9P9Y@^v5k*e=U99QsZCHM6e7#uP&?aHm(@893Q@LmgnR9_UFYrNKM0<{dB@(QAs8jKMv!Xw2b8{?l`=OHuuOIAf@@#TV>aSzRAghElpcC|Dr!Bk^;|24+!Q`w z56D4t$DA3y63nG_pGHFOwEG9sg&4GbtLm%ql+>hX|l#-(R^ctV-4ZW8X}OL|~7VKbYn) z^itc2s+s#X_wt=N21$8Gjpb01vU`jS5tT^sIBaxQ9|!t4Ih-Q7*{9DG0o*+sF`rZ6 z#2B+5Ia&0KilyqlRMs+aqY#aa-(uH+6MK*81n^B<5<$XQJZa3qC{2a(S47uXyv@_$ zi!BDRa#)NU*CYLntXC}QZ|W%)tZXOL((pUu0Wid92UyJa+RtT~!?lj=$AL9>3|85_ zvxAj8Z*m&Q@9MenzNCZ}Q``l<;3+UhNmqQk{2WCax9}8c*nu+3`M!iMQ&S&>t(2`) zD#e;Q*NH^+hbQN&An@l(WCY-kDdYL6%N$%5?+l*LbuL{oOLLf0aqBQO5pQ$1b2WLA zwMCo5dxQ54v$-IB0T!AWj39;G{Z3F|4cPBFs`IS$j0#l{TR{6XW4o+v1jDg{>0c=j zGf=r@?+q3tC&2(Wkk}WBF(yE&fPq8RPkzsYTZ+an$mlEXXln=LQ(_rif5>>FfXyy6b z1NjY;$SBsfUcyEy;9P*YR{8fc@L8ea*BZXkQjn05rz$$Xq zXDVf%OMLgg?2lEkeMEF1lkjr?E{p#Fq&=8F3YIEMJp=2`VO~^5Xz6H9tb8o|e%JT} zVmt-5e#9EX6B1!T(LeK_ET1zI{(5vO@f2cK(D5}G_X(8FQ}_D^FNdsT@SyB`=j$h? z#zmG}Ddrm@TEitHF}K6WqPYp7xKmRguN>$&VPN%&qG2b!KVS7iW^A;mlv%k*J@f06 zr)2eil5M#}N%aK0EurG;`_Y_NEPGc>3&d~1JDT~Yv)KIMugJTf?QVPjEenQKkDr~4 zk{Tyl$N7>9MIG%->^j}XFQJO2Q``BJMzc0`ByJ;%P$r#SvsJl=!{6MRw{o^fw@k|N z3Idp>6p3hf-pY0?Ty1#&C}L z=W8*MECyi|;{&|=&ew5yt-uq>A4|b&_vh}+5{{mjHVm&gq5R%8>ir(q=R)YVE=5Ve z6@d)2FD-C9nhkUs>re28bO#>@g4pXvpx9Fir?qZDAgw(d_p*JRUbRZcij+=e~HxY<$i>8b$S~ksg zp(8AHo>pYPVDZaFWmJ>q9{2u88tPdZGf#`6Ha|FKH9#{k0)aODGwt1v=LF}4d%N1d zsR`e=GL#=I>9;Edfj|uP9*7)mwlI8ZbhHa9XQGdQF z=DSIk-)I8@6cF{^8{A-4BCR2VIpzcM>7wr~{^oJgvYWeJMu#{HbdF1k^%y^A%#Q2j z=~w)2!O*;mDD?HYQiolRIg4xRCcELplPXrzWE9+HAB4>Ft9&kyJ_oT-xg^|p^?2o` zsUNohN+21jj5CUDAZCfDUvs{x?l>{x_~=LSXwC1s$y&m}l?v?i z0T8(vrlND5wQDh$rXf=9o(Xto`Dn#Ui5{&dlezT>Uj+L7PU=Vd68Hvj>D6@nuW3G@ zNRDmyO13Lf)9{ka#@r>!inFhkVZYX8GCvk$-cm zojff`RGM;fS{+RTD(3G|I4UBfuggo4?)ON2xncxn&oLY$J{04cc|9vmd#VTS86;HO z1|oMpm*?E-Hk+VQC!;NG-{v0g#!Fx%h&Klr0g=H{p{(I>+jyUYu^)Ti4Wf0{4)?e$ zuYEab^r)iC45;Q!H3ID6ik9O%aYF!(6h$oU`L#5hFsPv!~bngHoDnRB*Yj67{XZCl# zC!%b@88I?%S{#{TDJhn$Y)6-zWr5==xLODBI}$?!DZXKVtWZlxh&Q2}d+us&U|Ml` zEN{4XnRWlN1Kls-)CVB&EaNA;NUDV$Ty(-gTd(&}Ly5w3h(%YQrEs;GI@7BRg@MUu z4Q>z(;{WSqC6ccdz~aT1Mz|4iKT4+`;^X<{l7=;-nuYBSYrJE>b>)aoJWn?qicOc@ zTBYX+t@d;{A4MeTvTAE>X7K^3y6m1&^05aF&MN6PO3TjQC0_4$2;^1y4bpCH#mKWB zfiApKF^j2Waa$C#j{Tb25TZYwVv&IDU zb}nl>$`9akY+R30HCE!5uIthRlj8`S?+93GuFVq;Y2Ns`81UtJ0i#_Zzg?$x;}Myc zS}=9@&I>*MB?B18!9LcU9d^oAoXJMURp#xct_rusVkjq`-mi8arByrXs~$y z*?%HCHlVH^ZrZa1SJ@m$@)dv8GqPs#c7J>FFxwLc5p;7@mp^`!^Nus_r9%1^D8l;x z7vfB6`^$ZX3}-ODGr6&iFWi?D7JbV@=GPy{UDL$*?HfHNovS3Tvym1qT6Qj7qJNr` z@N*c66gWBhkj6Y`R+q~=O1KM$Td+~dnKy7{HbFd)eg-$(lfOP3%1A+@C-8g*ss^(i zjb_wl!#m8Old^(G@jA8rwUd!Gdxle5H?XDOa;52C64HA~9-&I(miW`~NvHsV3J}-` zLoTv)^|ocIA3pKzS>j-pR@kCtemBJxBbY~ajSdv<#&+U!)QQhRgAr&x2(gLk#LMPk zobGQJ%{Pw4s}6iWw@tn0>np9NoSa~%ic{n`I)XPR%-`*N{&8Y58p0v!?#i4R5T zQo(iRz?%D|!tL`x`*H3O(dg)w3o-c=?rCH5y`*GGNYM-bwLgu zekN{e>Brg-iFly}YqloNTTENXllf;p_1}gw`Z;Og?Ymb3#L57p!8B*#_EF&{FoZeY zI&XeC_|J#b@ra0CHbpZQQC%rRmo1ju9MB+zpupW3=LkFmC4g(X;`feHW=u;_-enzO z;gvE|YE-y>-1#|pEz|#vZJZbP`FK`>E-nq$i;5D9gU+e+8!p{nR354u@&5Z}sT{po zq|iSq`sir<_+E$Azslt{WF! zko@GBdk*k5>*g@y7Wg&!4GmR#{E#31DX{bT`ZuCD^-G2Alw!mi!R`$fY1_cJn&KTC zvQ*EFTIYg(ggtyt$vhrek zqf)siVU9gwEAj5?%{j8wFWLxtv>4(Rv zJgJ6;AT7C8e-_3(y^4tBoV>>$+>y|9YB1%!bI5#mRMgA-(bNPLFD6DSTnbzAzg1EX zej9^TVCUmkA|Jj6|LmhH_b?;xD3kIu@w<34re>mg8KcCkHbLv|O&j`2P{3ryS>RF^ zuD65~hEe?%VELoy75=;;ux8Z>0ut)=_Nl)2BFa(TkACCTOJfi(jV_P2H+Fy=ctD(0 z8v^tDSkDfhg#9KBq*eIYKpWAwooZh6q)M8}NXsvLGbTcZ4Rgg4%?mr;oKBK!LooAk zK#BQ)=WY8#H#)TR$0ms*0oQ2V4ux;F8D1N>{$FLuMHDg0(clWndfAVZ)fOuY?Ob!VOJpHeYs}|nd8c5@TMUM#3%^dowtYF#J-#`086j!RH z`nMkGCu_NqG5f8)n4&z1&=r84qRmH%rjzTiQz*Z}EGqGcaGURAd+OBD(!moW*Wl!r z){Cm3j({;gLrOsbCrc=c6Ra1D%)qU$U>DAlWu8B)VZVr9XJ=;;6*241wq}z}I_?|d zX*kl+I$BBmRT6TF85lL^nXCjPY|DnOI6llCBCa#=sJii0!_>-A-B7VU8{2A>gR^?=|3NxLt!9d`tB)H*i zlMjFUC?1*KXpd%SE@Nd{w%=gn_*4=d?wZ__u120E7E2fu@R)(B@B71_;y1F||MH9! zt*%qzj^g+lLkf~iP4gFIC9)!VR0gdThDTh&eB#CfOI48|*y(7L7A~_AZY#>6SsK^q zdReLQlU-7Z+2<1#$FzW*fouON?p0($v|KaUsvOUt42X`$RJqi%+D` zis3QRvtzp${!b()4D>b-^xHnn1j!}hwZrqf-x_(U)}7t{ms}h>yQ;Z4PPr*pcv5QQ z$Vjr^X8Vb~R0Vi}Yrv%QQ{$IXIL0mvYbu@hCjESbT6;gJ-jGIgKT%ic8MR{H8zt%V zT$}17j$LFWqOcohf9pRGkMShq5Z{F5qn{RrB&bF2cm9b6ADd6afWKEFpDhMQr|L4p z?cJ&Yng?aW&YYTj$OiGYWv|ut)$`Y`ohh~awx76YSN~)AQGaPqJ&`x%uXsn7i*@zt9tRg#9gN2rCZ|Gpqs`iH!Nvtmh_D~aqa0# z6VS!ee-mIO{~wJO{=Yi5I`fxM`7)^HzkMV0rniZ8@iC-5p@KLJ{k~~=8B$nYnR-+2 zX4CXVM}xJ^&R>YN;0-|Q%3#v`()%A!6?c!G?S)X@lPLFjd}9uwLmJ!UQFqUUL%o$KDX2p zAb}}iG81sqo6Rk_=+VlEXs+FnhqFy>Lu3epi9PVaj*1u6WTfOLjJPg;Hf?(5{HVHp z^IC(Dh5hYd&~MQB+j`PX86#7`0COC>u7J}Woc!Lt1{?EjfKDpgieLS0YGyVJ6D^V? zpafOt^)tQ<|47l{$chpNys_(ro5$AxW)oi(GjrSb0}FzTJteBMOLBg5N|F|q$)se7 zD6$`+k)0MOUott-Y{TS}l3B%i@{d?)qlZ}zAl#wR=5}YqJFkmkU(>B< z&YQ9O`Z+W@nMN&-ynN|l4=%@bN&A>;JTK0w(BEwhX13MB9b+}V+k7EO&tdo&>U#OY z`Op9a_s6@S!Uu+QXhxzL%JI*(&z-t@A`mRzOzpqNGTykEJZAM8HxfHTz0_OQAHOXF zO)8ZIOwfl?qbzX#`C5EumfQPci>_kJRNT6kuKS2)p=b(-m(Wr%$yc>4qH>nOO7dqC zuQm>)0*iPo@=N1xI?9dhpTECk4TtrZcKHf>)|B-B zSSVSw7!n)$Ce)fd*rFHTv4-NiubL>_N+88+jSvyg6*1+Y&C?tpzAU>B_f!{E!FL)j zl6#&;xW~U^lad0HNF)pqRns39{r!D8H6!C0(qWW8^xf!|DC(!-78E;Yb=VB(Ch7%P zfWXzg=z`1maaAI7*4pst`FWt{*Hu&LSjmbE$3pu_RBvV8W>%kEiQ49II+z()8WbRJ z*C2Ml-ut2pzRj|gJwCVoHXaEV$Vtx_aup)24N#x|jGMBYkFk>A5Sd7ESSU8>g|-R~ zHG~jb9B6j-+^_$h>}oSt(Jpl4{A7Zave19%Pm+kr@lrJ9?_vbA^Zp0e&M1Q?>|Ew= z>70t1eqhMm?n#HFy=`T7RL;AtuM9Duda?SW&T_cFRwV=@Y8oOi!S!lozP0gx%ic zufqjGOq1b(Zoc)qOuLi5BIY_{`xEcAAyy4S_Hpjon^>)a(7t^nZ!fOkpgS7ffMY+t zkBk56D5(|uxufngD3g-mB}4cHioq;qIA7B60E4zJd1rca=`s(U@cQEIcMi}L zs|oH+)VAs%FUQkAgQS@oRe4T6G7my}j9u*CJg%lDeb1NXA|7+oXSP@{#ridEwQ&` zcWzQjb8vBe{L_n0N{^y+gbkSC<4g`1T{fqJfI#&5m;gPT26vnW<_Et2XkAi{d~k&|>yZEW<*j}|C`4QOo&G6LrtzR) zDe$8f-`tNgLWhoQBs|>nhuJ<@Ebr}K2!^DE_7s@57r7VSf>gG6mPJh&O%Sv5dRh6j zFIkR}a(2}xc6g^7d9F5J^@*a+O)n6jd;dM4f;mp&SH=kp%RIr3M#(Px`lLcL+57D% zRIGM_d5=DViD<+J6v z)72klLy_i{=PD)tZ08NHd%)3O(t5ML>%rX$6@^xnAFX_;!(+lXFDxkH*MX4ZVQ8yt z#s3-TPOBW$^qZ|RX@6pvhDc6Gj!ie^=$(LuO^Wz72;Y-S{URrU`;Q~))HBi7gcYb! z+N$!A4ePt*3@@W3VIvNI%LrUGK!5=2nwKUbMMZ;2r9X(LbMDYugypVC2IoiNi9EBW z$=tZv5}cMZK*y2lAV3e)V#lI1mPGsm-|n%W-`Yk$F;|#Xk~Za402NZw`;{}V*a|ok zi?k9<_e$y?&@#=K^UWS%2m`4;dtA*8F6-Vd@?$anoEz7LjjSGN+0H5dhg%^mY1}+n z0v$cl1R0kfE>N>+;0<{{VQf?yYBv``DP|jT28y*dCgb;>BYuq7C|+P?v*bKgd76W` z+wpU$G`{bc*CrMs_3=RYPp!}$o0oq}TpSfpuh)z>5;RnLHw99V902pW2F`qxO1x!W zrhW1dVwOH4676ZfPA>o2-uhK5>(D0<%cnmO-xU?weB539q_oE|lMIhytVMSETOE4h zP~PdH95;}*nKUd%3gg~B6QJGaznOn=X))hi9+5xW#P5Vo=#f&o_ft5gCd!7kn)Fo8 z4889gi(sN;tRBfw4{FN8l5bxk7YsmA z(LgRHF$GVtX_Jc!9P!p(SDmk%3o>cTk2U_$UNmlu{Cdi6@s>N;WC}(h!2|J~eMt~n zc#P+Dm<6z-0*^E1GX(Efq9(1WemolwVblypJcYoR-MfsxnhH{%kdwTY(=&fS;Z+m^ zzJ_xjU#JU=YXDpR7(Tf{Ls|h^ca1o4gFnb z&VHQl!R9*m{L*A!E3W@rcb4FvKoeil9C3ZYgQrq2{rtxwsvv`NVv~l6R^&Ff%0DFT zk?fHiKeV8j+Mo`iL9kp+m2!VQXoq}Z_Ab%f@VP2Q%RV{zu^yuEvrBgF>XQnJa1VdK z^HK+PeZ?$p^gMj32_s{tf4u>b8xRE0dWpRf_4*=wyN&UM`R6|)F5Z!WMA+emiyIZV zW;^i{?2!Q$@WQDf%311a#wJ*ur85mFz2 z9m;xAj)r_qR()*58EO9&jy9QU~a*8c$Dr+ms;$V{~ITD76);SEo6WR1o}L1sCb(oiBAzXV%r3 zH8m$p_N7i)T-H)UqKaF*QSqj}WM6o`a2wC4?oLXI@zmPtFm(M37xz;WpF;^8B28Na zcRp$hzKK6iX-lh+t*XBrBzw#+dP?@hq|z9h{y~zOK~If+S;2g?j8)k@S@&97SzIZP z{WiX%hP}Abth$ZaNTzX7(cmoU^@jxG`CIn`2Q}1}SEBW9vUR=?kBHA8`v5`+T5!ew zBKs{EQqI5+jbHAIy4jAWC4SRnsv#d%)MrHs4bsGVDqp9%Xo;?zG6X_3VHB9qq$@gt zGM-_$jJ>U6UE*uqyiemZc#8dRrl8Mf)5K=M#s+@PoF?vT>g7a5L`0aFX;KEa-3ik~ z>;z9UgJmgD&cFb8qs?v)>9+nYNNo4`Y}>Icvs%C;(9c^SY`?6u^h(hOjOpHZvCKD} zOoYz^47>T^CF>a~3yl@Njdo(6wVrQ1u}l_xPU?9kj(kmo2p&r+x{OiNJ>q3=y&Ov4 zV(GYvDv1o#Vt%cz>|T5JtrSK>s*{mx_w~18G#)!!5+6&zmYD#w(ah5pVa4w8+qtv^PrK0>`~lD;qs2Q_Ez(ovz(i^0y|VF6(crD z^aL~r#K6qi!TDYxRsI3}6-z|Es!aVK8}Ui#~4@Cu{|&p^0&cpJ@2hvNxp^4*kU{8=hIkItld z5eS}Ea5nP98fH)YNa4L%u?ZrNJS9H6p%^({m@iRsmP;y98|h74kZIE~gB!eCZG2$F z_r|82Gv~H2Vp=4p*U(sfnoqm*63a2NkrsYb86^W7cM=%Rw?)t;B_0U&jQz5BFXbQR zPj=59TAyL(BO>C-TsV!ze4W5v{&gn!e7sN6lC+rG75^8DE|V*eaVHp1I7Q6G$9X>vu&!gGTJ(I z-Zqa$lxI=Op-O$^gX%Ws(m5J*L%%Ms*;N&(rn=fQ4be7|JRshMA$w3MYTPnj!K6q1 zP9DSu;;Sdc>ZXE8m!kMRz})z}srDw=Far%xI%hlJz0Iv0F$-N|1NR2w5!gfyn`d54a>GDRN}vT!SZ(z^=*Nc9S4!f z^WnZzDAUd=`AI{9v|Go6^fbv7K;R}ZHOoYS7?oB;qu%Ub%0TI`;vAVumXVxsw3W(o zR!I2=d3HVGx&mU+cAcyMwNwVAP@b^3*W-}ZOWI}|jUE`l*uEH5dCE>j^e zagTM6S;Lf0LwkM6HO21T$T6@nHjn#;m8SfN6m6`|P&q>ik^!~Zf}i?vMNWl^BYN5k zgJ;V;E=i#&=D9!q{B;ARyZoSp_>wmqP9&}`ug?mRH=59T&xlyO1IPG3{C6)Slp7ul zeC&zNI=o{4gvkPKD<^z_^h51psh-Qdp13~=@n_aZD3l*}bajtaJ&gW9#3e6OR(unB zHinA-YHji$Th-#*&9tENET6hKZ0|J>l^T^QD|Q=%2nB#1T+1Xm=(ESujOg<9S>jGd zbm{AIA96=^dt=NV=+kC5<+aD?ijK{LjvUKDWySnex~}sIkRg&lGEafmV;fHrR#9)& z_ab*mPbZy#kxk!J@QuZw<5Xvb0)1RmVYFCHXiHN?+@M~n=lm+}x(0$h1zgT8;Qz3nYsCdw_j?OvL2gK6H>YDx9!c+^sDk7zw{ zqpb9J0$$bjPpcy5mY>zmaiw8$S$LwS4RYF3aq79 z@rIK5>Ax#u1M>lCgGk0%xYfmWCzjYl5dyeh-P4CM1Tu?1I7sB-rdtQPY~@{YA?pKW{-HKah@=x zrzS;wcxe?tp^okV{??66CvLDKs+Yj(L`r~9SgO`XcbGl@{K+>Xo~R?!?-dDs=Q@5o zr1gT#algWOU^1_2`aGFi*@ajorB`!NfvfZLB%4cD*UeL?YGDIIQJPCZI?NF~{_dXD z1K*ptS*I46G^K9b)Elyl0gZ)4C%~i8h!^WxKpN38libNrQ`^+|1*4;guE@F57yFC2 z7N@eqL6yXR?E}SasO!Aq%F2|*G`F$KBjRYC&*QJ@zrdInFxl58f-V}G)I*U1mWSOn zT@x5By)m#5YdULJqM&-{Q znNerK{`WB}_V-VpGv3m>WB5uH^^xp7^o$-n9c02P)pI z;*J4z)$Vn2klBA2o+wZo0$_!X6s(UfIu(`;7pPmc``c@?h>e95x0`Tf%QWSS2J)tJ z_`l40B`+8&zsleG7*{vCK~6k$S{BpEykAtCr&8JucTL<{ckX+5ZCdIJ>r>mCyb1d0 z={IA;F3*UtrFDFR2wU)br-RN6K!kKp!qC#Q_AeG;_v6eze4uq>A(CW&A{%1$AIC(w zO*3Jp)A{Lv46Iqi$N+Pni(DdsuWG}@g+8lJKVXjNk92>6kohvIV3O>V#1us*vCs4G7s&jNxUb{ogPrw>*w*`Xr=9jxC)B3Y;MP>Ehlk#7?=f%5Diw_Qk zV?zu_6;Kp>g(jCwc}{nUm%!xpxybm(i&+))xks)^`;@0I^R-_*nlJ+S~vE)i~94OfjD zr9w;j7=GRG3g7I^*~8F;xZg=#S6`U;B$V-C%T1q*G5oJT5toqH|BR;WbHYK!!4v>j zglaE>v+1|@pQou?8yoHI!^YF1xdsBSx2`WID|B}`wn$Xsk4HD?;1P4$e4Ef~CNkS^ z-|n4pTvT7uFGawKQ?ANCkpgSvU$lK1@g zi7Yp;gQZA-hhe7~VOki9bTJ$v?w3~Qd(DtC@{!ej=38UpN{$As#e%CfA+*mQ?vdIW z5UpWwotfq<4uTyJUg{e|5DR((L#~ z%l{Gn6z_Sd^NBBp=g8Dn!%q`u7r*eJ*G9bZm-%av!VAxBZir+~Nm`a>;s+522%v(TneONk>RA&gE>E+p;Py860e#ibGRhK;J(*=^~a zyKSmxXXu1JPsR}0Ay!$t-x7Q#zlp8N&QCaBE&Rbu8^1FoabBI>9e z2=B0`<2;A_Qx6P~Rl^!Q;K#&)NH-C!gl8}cy|3C2@yE9o2@)6`m+_8u?v~!J1(lNf zF4|OLqfdDtb_@mFZ=Jr}peY&6ee;&|nB6*9a#QjB5XDRVdY>krXP6Top-jq?`yc0p zw|=XGs6nOwAzv{R>v{~Nb(YZ`w8^mC9f&jP!}E={fE)a2R-4PbuTQH!rk3Io{fjvu zV+_M~olH~84GA#q5*-Re2aAb6CYm4CU@(yAV{V!H^LcaGrzaeri$pWkoetJ_A%T;YkUNtHd0EovTV+`(@2UJTMWD!;W`n5VRJv~^IV%w-w}CfjOZEb zqtS9~^bmKWo+am*$c!niX1GhFG02vV!R-2*Wi+sY&3E9c3W5$^r?jR?tiKNvEo=eb zPdc69wjHMJ6fz37#`X>14U_OASh-m9k;}JozYtXV^?Tfw-mpUxuq?pi8x$utY~eD;^`rMnr0PBnK;?SU&wJ+vOm0;y4V(Jyy9F8oMq%PtYj$cxdjS+XA12s@mAC z?boPY&bEH6SKYVU&BQ zemg+uACPGDP}vz-3sE;Tb*>?%%7sg!d+%cz271X89Q~JC^MZIV{NLr2{AiD|bT#Me z^U4h5o<*blyt&TIlaWoPq-z~z?))HPrECck^O>mQc%^ap^^zs4L@_dI0`~r)_5+@+p~F}=fkR?MYrD7Q~vl6IB5k|1WGF45Wt`kE`%%0 zk7oDIsQr0f6rC-s^Wp<+t2>7%R2cCXENKi)sjFWuSD3;?@^*}8+zNPBC23c}U4N?| z7J&c>i~!NkOGg|oyVw~y=7J4FDFH40f&(RpC(c}K8=>g-)TmUl`lP~;ocbRS=N^4P z&$`GWlJDmklnyBYmosmJNeveDZV|toP@F?ulk_LeNB4h?GRpG_>rEx{XPz1Rk;$bPIcyrr$rf<+sPoyXggBU7f z_aw#}LH|sbWgjWum(qA#-a22+f;|YN$epm}l6H~yQ-pYc+}X}p8TEabM|`*qxc|=o z3*u3*$$;SYSl{F;4&Zm#rW^%9C*SGT=6;96cD;6;e%*Kb>xwCbuO#8fg(1QBgSv`4 z$$0m11`4<#zP2B|kwR=MMxy9vj;mXejONO_J=>#OTWs^UF`U(-vLneuWN}~F=r_u< zAwx9Axbf_^CgiPmBq2ZZQ4f!ZCHv3%%J4cjP=R)0K1Zvis}S|r2(wIYQ`j%Fvux9r z7_C`XTj?5eQP-UN_X8b>0-AKqToef`_kPhfGHpQ%F|^Jr_alN??!O2VqhB8l%pDZ(Q{@>*)I^LA zQ0|qrVohZcq0!P;V)>sPn~FVi(A$@K#gtr`cN0LqP z*@+48Z||7IGhmQ$?|}UWfHlUKbCSp&QNThZrJK#-Stg?!J~L9eoK~hng(asyjsV?L zn;R1A4Zhdzol|jBxso{Rl`E0&Qtjy-64{Yqq}V)?7Xr8sMl*t$41KjFaQ}ct#bwNV ze0FSOd0u~=R+66hU~IuAjS|i0{f)AhOAac_6yPQ(gl$T7KM#tg_}Nq4+0)3>=gBwK zK#|Sr-&_q#BzY(LhL!8bnW~#F=3i=JTKXdJY9mnoU&KW*9D_NgVeh=c z`xCC-f)eI`cI00mAn(1KMBSM#)Cz!Lp~<>*O-Qn3hmNMYy|3#V zPM$Uy9{D}mcBiwO$ym-{b?Vhj+cj&tr_J8KsjQXY1NcvuamKV;^*1>XQxjYD_e5R*JTIwDN41ns)>|G>@P_$ z6;L*elqMR!HkcfVCfRlIS=soW%nG`%y?wCU&rB)eDI%GQAIl|mK&udsG2*b4#SB=G zKs_5p5A$&^9$)@H*n97|rnYTuIBY?>NS7Lw-W6#o5R|i@`t||nX=XzYtAvp9M2ff z^UA~}TrTdrCU<3-aX0%o@1rlQe7e+^`#^KEj?RamkA~Ca$?HrqOkF?K1zxwI{mwiT zIQ~?L1t1@=)J*G40x;)3_U@TJ8auYik=-h}3tE!tpYHVM+UXf*CUr%zta(JnQSAji z1X@AT=-Hc6nQ*SnVdF=jRseL>arFJv=}f*N+SK}F>%u$6xyN#Goo7!BiM|a$18yb| zfr(<64efxEr-kn7L6&uuiX-!R!H|BHN5IG)b$BAweqfdQD@hfnsk;(hchCI z0rh}*k`$6?;NhDiG`8v~aK~r;_27JleodJ-7f*8 zgNzLqeOx;rrz`EO@RVabxg0K;x^R7q2LH|F3 z-sSC5d9dnjedP9DjTCkFa|s^Tzkf*mj(D_}*x;03QY+qQry4uv?K0_6{h2@ByfJ$F z^R`alw9tU0YoY9AXT^)TZM#WMoW5ViZ*O&}8(v!(0Rlo%f*Ai}A}1C$P<&I1raSrd z48`eO{sS_LfCGhgsqj^zDlSIP9N8c}^h0j76(B-jyI|UOO)lYq+ir2zrr46h-v$wY z3qJ9q4{*C{3$6YVv^NKeX8Jc2)!oE(K256Zisg(qmwkJ!649Xv@u?*v=k-}vENh_! z9?Fj)qKKdaGWRmIV2NnfRoQE%r0$b(8? zEWVz7s@>`@Bvs!M0H3jwGxM&Nng|Ag#JJS41q7nndiIN7`H@qAdFQ%D+kAyYqeb2 z5BX0rUEe8tcrOsxF@ZButj6uLkkdY?m|e|8F-Q7aZv0v@?&?=qK@8IuUp(51dHbVo zq65lYF7*OIRj%_~iCMZ2^UbY%N@+`HlV819PKP^5`p$iouvxpB1%=C*#JxT;Qj|WZP7-JU#(-Hv zbn4_R%k5|PEbEt#)L10jh6=CDtFhf56=j0Ez7jdX2gzhLneOc!M2ww{24Ad#BnHaM z=QeT3+WeiP9R%o2s=TqCssrLr-qZ$My^EutF!_+~!KK3!Rre6Kk|x6XHHvqqWsNU2 zG<{zZ$e4LF#lh%t6h&b$3A7HY4kiZd)2Y!|l4LOSzV`kPX;Y>78$ZMG!W{nr$Dg6Z zG(>qGC~ z#@kIB70P>d0A0#0ybwYXLx^kvct$%NGdMHFb^ZJ5xe-}M1;Nz)9|j>8BnrOjc0KrN z1xb$FTC2$XFNS`uK$(cAaF=}a+u3jgWE=0fH+KhI&sGjra10lWdvnb;fgY^ieZS37 z^xV!DsS3N> zbOd5?-~|tqo3<|KWKkDuSFL39M6QB z_~wxd^h^bB6s4Ej^N%tq#J6e zzqy_M8`Vi0hCNPM*8?x$py)YxDxqH~^~I*NO1~=W>z2REPyFnN6 zjBf7xNp*G8s16qA`K$4T9d4xMtxvmScL{fORaujj{|>nNPl-~G$NVj>eQb~a z;r3u<8NA`jb^9tn+aU0IhN0~{CD$*4_5*)fxMEqiq;|A!7(_DCw`O!`bj*i)t?zR# zhu&Jut&esaaWG+b?(Bv_cve@Ux?H7D``rM zcl}8=^S_3eeSY{@M}91oG<$Kf`{te)YUut=Q))=a=-9x)yM^r4Cs&c9Fj+?h8cqt-DjEo!m{l5-y z9H@+ti?~)^8!Ec$TSPq1huX>f<>$z3XBKA`e|zs!2BTZhUmj8Ymme418W$cH{zngb z{5;3+$DedO-}aB!&o3VF*dHAGgJXXH?6=4M;MgDh9N`_uZ$QL)93LF}gI`Zf$ML~& zd~oa!j^l$rWl)a&!T)N1;Lyg)6s904&*1L(y)xp0$d!S0NrTZGTZhE{u}Gf3X!y6}@&D8*c>MX#byObP>3^S{MAS`g=?>kcJQ_JX z;1RL=&ovA$OE8eG1-p!}g#t`lEme;8E;i31gmZt*&PNVd-TkRwGgeI%B*Bu*a{T4k z2FLT@crE;4{K4N5!u-7|knoD;tt;Otf17->2z9%J@+D_IyAw2*E6g42)soJejJI@L zy7~d{&Eu6jdtxLX@o=S+WC`69O`FyC0f_P@ZcOfF9f43lDZ(cYxA+LEc3CfX#HioK z;mO8L14u{A>NRgt&@bc7ty${J8?zd_3UB`75&rfFO~gxgzIakA60rzika4*r8Q`Lg z+nhi#*1aPT=ZY`@Uhdx}2E}rx;dyJ1K*~kL1RY%F0RteG^BzgMl|w+@2jEEP0CbK! zYz`>i+ClBpBj!FKqQHN-ubM9a%1DYk0-c>x7di|r1jM`nR8v5oX!lnamL1Urz|ifa zJ<9W!A%A%g^}o7oVJU!b{`^pv8M}`_e|?{jzg*Yz6>#!66d);gMeF?4ZTA25bsh5o zbX96eYV*{wb$)q?$JY5}&K}R5v%^$j(3iu!Q)u@I95K6 zm5w0CBKfG|KLd-Oj- zG43Be#oz11AAkQ{7+Q|){rjxaKiTnrBIAv2THf-wOHj7OO3meb>~+Q;?a| zw35!|zHyzVX;GY1Tl+A7%|L~nlXGIns;OGZ8S>|`^CjZ2+CY^dXTwykN{JBYEMmg#c?M4fEqBHF3*_-WE;cdm=FZ21dO z7pSn6i*D?su3h9IEue_`tKvyfSK~OtED|7kr3K`aRg}14!T`Tz`1&eL;FBhLr*0sF zG0c|TTQ7g2TV=uTDIl5d1}%IwUi=SBs7vZ@V0ai>`~)__VYdTLCTH6hSF}&f_k^LJ z@z1{-#j<$ImO(F(#t@qhD3-=mlLjECCG!4SS`+GY9Ru#tO@MD89*zHOiQy5yga5Ii zlWhB3>kP%q(l~kH2O7JqqsSlXL?%a)mdgsMqu}-t=%xvBsh-Ku3#beg`I(D`>_@|8 zLMOHeotmCw4?PVt$oBEuGU^+BI3%e@Sv~$Gw1-Y@^%5xHo1X#v45HZtGM7)}J^~dQ zA@+@&p`UlO?h69kDfgcKnFRS@Z(15D5Yk!6rRb)bY-+=Nz~`9$ZiyF}`vO z5D0X<3`O@vTEAJ7V{4)s;Yc<)(B^0nQ=4#+AQM$Em{a@l*3&G*b_|8pLyX65&E&Mc zK!i+_H^w15rezH8rH3x@-J0Z~`4eJ*Fs`xsr`3PkE<%XK*Mhj#tZ#ExQLdruk zFab2#Z0~ULowT+eD|0_OcvoGrb7aA3@x0Yqpgu3iV)Ztiye=}wJtJa|84n@&V;~a{ zd=l~qvXGJ1`-rqZz`L&QGpbNRLh8ole@>YFLjLfr?T^`dnD>D$ z;)@=M@-3@+(PgU`CYz6ZNxOe1p!n zeH}f-ZzS`o(-o`l-cLv_Wp^Z6qFqN@@hgOl90neu1)=04!Ejce*7Ibtr?1ymd$qOq z*o30oNI*EA}=HRN-TdC6ErtGk|yA6B3O91RKiV zBowRl@7yU&XX23HxjjaqS49)bALD+~5r}!7DH940?g9MrebiIE1MTTP&u=?L^(C+p zsoIVD@5ElU91h>Ob!&Nz9!zEjt;kv9m`RI7FcW!ZuIZcM)We8c`A|D0p31tKG`$yE z9tfcg31>m?nBIGLW20(Wn2cG?bCwv7K;-*}pB3*rG+e+zIs__lvaP;=EM4_T#br7= zVuJkXOmU}rxwibEjJJ=<5HqPt;6YERi8Rb~l|NIDTV^MQvP_(8GrM}&GCWIvtS)1T zv{C`z(SMb{&13|j1D5^!G$vR8mJ5^9>@0N~7ZYx()n9&_eK@!w$Bm_?y12$5(e!2M zr*ATgp>8kVwMT1<$hd|=s=U{}F%q)#e7-fD@d4{uN`_}QdwRIU-LIlra&^#MFk{$3 zO6JccM%{D*0U_D50y~_~3;c6}4tj4g%P;jE&zs`qJhzX&Rx$4#4yQ^=$_4@Hj;SkD zYX#2dHO__zP;=|5rR%b)lNnqGodTuT@^=oAd`JR5j`-!nK&f&Rulj6W5v$M5-pcmr z&4s%Iux{y_>|XMBIGNAtS8CuEOY>fe;ScaILSH%&0W2**!Q6y1;GL&2&D40DW<~we z*X!rHn;*o9jE{1~J6fj9AAy{BPPMi{N>S}sdDLVRg<)d3C}C?l@{!ZBL*iuXr8l#9 z-$zF5QIe=xKTcV|zxl1bU8}hYK7&#Pk(RF|L}npSE}ginov5Zw=r|JJPZ*q)iqeDk zAWHqdq-57mEP3z0i_1irp*k4G&puP%lSr>K`nzB|!6D>>nVXsN&oNMSHTfMF*S}QiqI=&<{JzQ?FvK5UK$AZNy197a<6P zcwwG&8+({(_9Zt)+E$z|>Z;-f*7;MZUjdFIy??k` z^ou(c-$&V*)boU@16g>l7hmg@&M-x(86Qh~Nh9@2JBe)is~o(_)-H;D)0f!9`S!y5 z^lzG1s@TpWA{rl}CLCu*V&!9$ScngY6g59CJ)PG2(Cq8)tcWJFWo(rxQ+_gu$cyLN z2bt2q>wy;;03W@AT9ZJVTec!jC$i#lf?PpOc(?8IY=u_w z9$585a)YfQj^mcEzDm!TaEw<#fsj}SeCRMm5%Pfm#rqPRGwd&l%V7zo8tyC-rP-zTb&*{H*%Wl1) z-(Hb%UQ*C5CP_T}?Bpq$Igg0FcoL2G5lH9;)`;}k1c;8l8m$N4%i6mukh}Nr2t)xo zECwV1L~y5quK%F%uJ;mbm7lWXr77Dvao$+!}P zLe~(O11h2}j$t-xJqg3nnTFR5_~<}STZOG}N)<3X@$9^jZoek?h!l~UipeolxcJm8M=FCfrjePtPEV}n2|4}#ppF6&Xej{o+ zUSMFFw&Q&7Y0k{X9=il&t%wxqu#}gK^(MYZOv3{wNHy6f!?JMs<$FpjKt9?=cNSW1 zOMHU@Hk1QqnDPsjH@OjNmE8L6+4IhM@E_2kM7SvUWv zPE*kW0kSiCdA66y zhsym>piv#W_Xe@guX6+nK6?b3ceYysV~z6yj0{T$jzDOAMW|DC1PVdqSFYSEWLF^d za&&k^Mp*PJKY=5WTYCrkgazPst76t}XTraw(MVlHOVOM6uppN|m|D7>0xYigQsgeq z6rl9yAe*=f-E9SX0x4T{gafq_IZTL`7MtC3V;0P$FZ1WzZ}t@VzI_C=fmMF(7R|Wkn+@GUU3tl65?@=u73zukSRJ zEe;Q;;Dh!DnlSE=S<~0@kuZt5rJ8*#UGKd;_NS*nH8&qkf&?@{T-UoLj4nuaHXVT~ z7(0oqQfO_&LRIh)XuHtlaGhw(`x}(AI z1$9YWx^%)b8YOZkTL-+O}4HBUbtd1hhKkEr1Ea@~a-0 zjqsY(HwV{Y3~Ibru*)}H#n&c!J~u>vd!9Hro=Q2s7N%f97seto8Bu^nF+gVWQw6XF z&j?rXAy^7xgTO$eo3F2xVGBmx%(AbzI{G4Ab#p)=OZ>|)g%9h)7>Srh{==sb%h$2l zN$B=x=YP7Nf+v6|^)zc{jH+Qm1ZM1;8Ryh=K)SZI*auE;X#As2!#V|e8AEY5UM7yQ z{9+UNDM#F;S);WyTorz@Dt^Xj6*m*0)~PYfDKl&#cc3-@l_HSVP5M)_wSzGnTlQ|| zLA72Nsu)_D)+})w4=0FZz^)=aeLV|Icy>*Kd-}w`3$%@Xm7BKzV%qZQ<5LPc<$zCS z5y^sy`F6xQAntNQbT1HHfxNs)Cn=S$XmXzjBsQM8i%G4e2SN=(P6CR=$*lDiDJ&|BGX9U4B07!HoE zTn|X-BZHbWAcxv)Tz46ZYMMSzaGZ$=-RF%(&)VlWBq8Pew6f$J=cjteAJ=9HKTUM> zy>8jvyjwKNFd;?KGQ}hvzA!@VQy?y(Ealxjath>wIX09;O>=`WPH+Q5UW$4 ze1e+2wH_8a%8%6Wyj!(pGI^8EAJ@ad!+*N{tlCW8>DHHGKxXcMM2(z*M4%YT8>7MC z3Lc#{`Dt;Zp$CJOwQ*;N;bv=z%V@-ab&47Lm#(KLn%p?3(BxZS4xtZsB= zoS5JplV!t~Wr?RX>Ck$1L2MVl@I#Y8E@q5wjZ!tYCl5WbMXRm{588QD@EST< zTj~mq6ank$*#nIy(Ot_@(E&d|gd}9@}pEU3OkiIUY@F8Av z^2$3Dku{TatFO6le;zm+WP1&77ZF*LT6R-5R-5e$?zfr4E@J|e_LoAjrhTmKsX8So zm~%U_TTmivx+#gRv$?XlIU0Ln;{5Uiq_@!)ewM)8n#NqmTmVzTc{Yxh2l(}xid8p{ zPw;a~%VTTgIJgMLC&m+2<2m-S56;5Bq?Lj@(#DX@saJ;T7#`-XFpUMo7^SUwe_GHj zv!wfR(=?cB{hsF2_pFbvkE;d%yVfb&h0Nm0tEhR@%e*aaP{TCr)SY#lH!Kmj(`?S?pT~3%s`~=_{VMKr_zQjlsNK^unDRN`2+&{`>oIrcS!|kAY z&eSW^Z?B9MD)sfMcff3O zaQkNL3X~lNAji*~Nr1^t^ZI{OyeJ=Ba=0!O>6bdyjp0}e-F@3=;# za^j3yQOte$K9+4ZnsL+mbMz|H9U2Y8*8Vi>Q4#swrPiQl2QS4$SP#MWyCeJA!Ie37 z6Ypz7E@NEp#oiDhDidiBt08mDNRP}j3;f%5~e@3>C#cTcu z;x&JyXZT%(czzRspJ+kfe&z2_qRSd@|9;VsT@c@?U0zlFKsiO2k^kK1%hsSxzb%uY zyJW_GRUwM9MK3+41UvOaFDN0Mxe2^Meibgd*I8uN#BL8rw10@VrFeBB%Md570htj7 zfr3d*Md@5kzStX?xyu~d%9P)c7qbW_no=mxLo!mQ>^VILc{==W zpE>&~O>Z%OW-iyNc8hcplC5i!M^YbDb4TO zT0c#!ny{rgewbKL(#jGc2VgW$5NqzQ&V!7*L{-t5uB#LXr^G;Cn($|_svceqR9N%i z1$=OHVD`k6=N6_cSYRcs;UibkHOG&CMfcXNMX3_8d!T*oO1~8CrNi_G%91}0I^ptG zv+=2pCJ`X9xH>Flpe$GO$7Npb0m;JVu2jb}{I8fv6X#qvKS2+Ir-)b!$+vC55Jru(JR$lDV-(=Vp({xn#IL_H+M11}K?nC%3 z9Ev~pA^gi3H9%#I<&U)096!tP`}}9-!0#H8Ab$&|@NW)Dj1pmbgpv%RWJ$5SSCU_4 zUcR<-dA(?}V$Yk;MlLh;PtAMcyXQdEvOoL~YpkD^QqK;SLnGki!-^ayiykK?nnadK z%qOQpckIQ(IjP3#m7MFfS=iWeyYn*4;=b?0Bepo;{H^Tmi*V*QC#Aoo^Eg3$Gwpuz z3jMN)Uw}w@yWl(hwwDuACi8;-Ot`!?McED)86tWV5ghff?H%v3?CoidR~RnX6@7im zM)O8ZZf@JAL&-TS&>~nXkD?_)IO|t%47P$n#9VpKD>(#X#-f^$B-tUE>uKYqre6~i zM+*1OL*!H+3_Jk8B8#IUe>u9L#75NXZxC7BHNvx1U9l!5Kf#+MzVUk_>9nr@NnxGA za)9gBPQsiv@&S^tx9a@)p(I^LzVwW48W{>|2 ze;71fd&^li^H0^rzzp(@YHa)Hq9kPw6J(<+ov^!MDnD&E{>4@URwU)3yth^B?POUm z^JY}?=c@p;)0;;iF5;b_X1EmA_4$0Ue-18Ss{NC8>2tPemGsGbxu|!uPt`73q-%Xh zXnzb8HPZLp{Mf4v13)sh0Wna;JIT z9~X=|21@@p@Amfu7Jq9y=D!>U>27Uw^o77L;I#A5X<*ou`id%`EmE}c?! z|5U2h=AISYwDhu#O+SPiC?Dk#h}hM^Cav*cR~H{!Ot$khq+fWU-#@t1bYGv=7Lpc_wAzDYVa zve=5DR2af7ScizV2S)aO6d`5)>B{m!tVM-SmdNFu9g^bXS@dRJ_jDIuI^{L@MCghV z^MEWg2vx3>gx$S`^wctHg^TpByO4T5nQKWmXFfV9&DU{#?jrqL5#DsSnIdM$ znuz1oNfh+Wm#_Zq81}AbhxVA2T~1m;}Fq?G8qnHB$l8#jj9 z3Z)jRJP*v=6yJx~v}F1A5zEEiy|*kW{oWuAJB5=Emmr=%`@rncu8hmf4)}hFRYT^b zU2jEAF5hJFx58)0o$tEm8-tYzd_dN}eP00Rlxa8*Q@@ZCPPBHTt73c1>XYwWU=Vla zMDDpTHL@`NhemPkw_n8}bCmgE^Eh=3I6_H)c#h!wo*;>Tf~-@w_xw23?JTCs$8%~# z+5LGsIkhc)l~Cecv5z?R7*DB)eVt|q&EoE$ss|={c4#MA!p6>O^U23AQ|VS`*Swi6 z4?ng$!Kew0m>3Yz7{^;%q+Hgz?_^}CbcS9=FSoMpvwinHHQUIHsDe5XfnI4!$|gjh zk}wwBj$m{ooeS#uzFl4T1n6vWNfA*ltF4KfNw{a@^F`$B294&+*|Toica5rakozj- zH7RnO4f${hqF04{)k!WMc5Q!SB6946+*{*v$G7Jsy2YY>i{uFASbsA@0`^vGN6JRD zq9$)4zDg&npngl;*&6RFpwV-7FU!_ie4|=!fQ7M~6W;>~ZMg6PW7I(p*MhL|iVWlz zlqc6M0$@u>Tgyrnd=V$a@lyDja;Gekcp4iM20MqL;-|sf^_iMQaXt<_^QN)V+-<^%(ZuOQ`DlUz)XF`atK7d`>E!3m1tY; zgU1@Y`6ZYLx(-44&#w7Z*_L@!elpWh#r8KRgbVgdA675g;J2Dv$= z^ap7AJC5#iwzj}!aN5b(#Nis22@VocC^Rn zgj-y!yaF$n?b#WMPMaR+KN0Zm%xS8CQYPgEm#I;wz}bdNSX5`@Y2qW-Gb?Ef@onR$ z0u}oS{@TtqUq*(#8kp8^`f{Xd{uJ6Ons8P5;Jwih;#8d$PQHx^CDjH#DHO~^5jI}x z@Yn%tXCqPf2>iL2Vg;%Aq=3JGXLsw|)v{NIStNc3C>@;L-0=#3w{tFPvh~BbnMU>q zwWK^-k{zXZY-TAI{@@hD4V+*t2I#R%rTwnoo<^@ENeD8;)yLnEiAB9YmJLm~hiArJ zeqcbOY;$*0?&34eR))p~IhcGBChe&tQP$eM(l64z-9N`nLppY9f~UJSm!?%%gZ!h@ z%q(TQ3rzJu*D;Z8nxh1JG8sK}uTIkw!%^hy;xv3OYE#|mL@`68rSxfr6N)dg2Ewx5 zwPHeQ3kmL0l%zo=u9W%hqLQ(quqVL@DI8DMl<(%}ay)2o(mKo0p*gC}YAUb9WVes( z5W+#)i&&?Z+5Dgp=c)(F>6K_hpN}m?+);bX8d1;|tj)!t|2f2bbD|T<0@FvQ zop50LAw_0SvPdsP<@ew86bn=Db}Hr%F;G#{zOGyS(mlKe2~ z>h9Epd_wYqaW;7$CR&h@&L5&I8TXPHXPLg-e4cczNdZ%rA{CxS4;OLVUkF!{B&v-( zp_*+-oVd}yji^wiuYYT%{`ea=GhdIOyAI{q1yKY2rJ~>lEJIWhbuG zHL4#RlM`ucU(kkMq}4DJe}m()s`?fb^ww&>DiF?Qwv@(@K`1En$*~wFs=A@=3qdJ6 z!Eb;1@wGJT@l%HNS5K*3j9r@)IzHr}rJ^h(2pqHYLLG*9Da{ma3<@!^ShF@>$`#7f|q9!VLdoO={ zHC(d*5NWHqJDouW8$5Rn;QbUs+pL*2K|;Zt;!De2S2dti*UlwJ|P( z$pL$VsbDPqFg}c!PN~C4VwIbg>koB7WTO2$HNx1-d1Kx)J4LBh1ZEuD7TyZm`HV}a z3d%_EHjX!p*Q`kq3RyGsPdqIXw#GOef1)RNRpT00ob!kM;QR*lm&>U#1b^%n6gyIa zMPQ`D>QwU(PNt?Sa>#)`f$XWb!F2;9r;8oNZ$+O%LF;F%r=SK)jhjCEMTcRI0G#|C zIL@km2U;)<`=4l?97KQ136=@qGAOT09P<>rFYqp7vNn_EQPlbH+id!YkBnR%JEFwv zSTS}8d($IO7}NdP>uD{wKd5{E=GMU7thFZ$x@Zg~Bvh5YjNk1 zySP5mi(u`%zdI} z5aoWVp~mO*Fl&uFJe+Rz5aK_gA z;pgy2pSx1n%vI9+eR?cvaXR4$TQC!9cFiQ$zZ)MZ_2ybdW&>zZo;hL$=8KbRwoo8c zV4P_&G0~nyZ?H72dWyb(`dDr9VbuXeUkiXPcO8Mq zzSt-8(go_99TLHdkrD-&o%?;$u>Ru15mM@N8*|H+G-fy}Q3J;i*#P!&nCM7hc#(Rw zcItBBqtcqPhRD;saktJ$YgU)E#A!CuR(a^Tk?K`#+z@1N{&sH+0~b;LJ5kpggJKx9 zcm8CTl7M|>p~}lD5IlZQ-8trbu)>MRLb4{Eu{?CZMpPXm8W9e^h_h)7kj$YbynbNo@`tqBY=K0T$jIF7(pVgP4SHT>fA7NT~FxBFceu*6_6CS=Bl^1$st4EdX zT`bX6Zy&HJ#yx&YW|CG`^&EC%Mkgp0j4g^NP-^{Td|1^N^flT%)pKq$r;qsxcV;d+ z`chD@>YW9vwK+Xgv%Rzy6qSrfqXU>_vFOvvBOWR3(xKUx(CQRT^K=jHQcI6E>ZThL z(L;SNYSx|uM)cHSAUfdK!xS%~S<0%Ec(0gh(!Xnq;^eR}ijWuY5piP5u|FfuLO)%L zfzZLUvEH3|G2yB7SR!0-0H*q3!oI4XwyQv}%+BJ16|X%P@{twU+c;&hr&@iS4q%>b z9kvxVoR3;3Mkr`UHf+@7%?neZ(g)Q~Uf&7*M%T7^gAU{^@?}_LDrbJu@cTN6%6`B; zmF`0G?77(hiNYVwQg1&jRjs`^)2G))ub_6p88n* zVzRhJh&KpOkzngk7N~s3*kwFasINFnbt~AQd6}|*r%!LPx4rWL&`wSRv^@W}NUk5> z$MJjkf13lp6Zle2_WwVtjQg|<78eHJtbh2>t$SibdKm^Yl5fZGo{e8 zu@=mftJyQjl0fY#nh!@APE`M3-&^FEwLG4bW_d<;vna77cl;`-$ucPR?IA?f%vK=d zk(-Vihz4{5KvT0bA_9Tr?J@jlr&mfn7v@yRc z5BMPiQ`+m0FA{uj=H-;ojS-_|*Jyt^Lnu79+h^PhR1-*tEW_m^H9U7Uq*5M0r_ zAsdQN%t2qVy&SL6xTIpP;Mju3%baee+PAeI(b|{dJG9(^mYvUVE<{Tu(5PE~SORcP zBps3~^>`eCAP}n~kp4VS;=DrA*?}K{yi*o)o)_tfJ`S>PxHsVCzP2*|`8n?1Lm}#K zf=QRO3fK`k*J5-s8Xf{DQ_tZW#3InL_{Apk2-H0K zE+TYV&;K{>}FpPAYv}dzEY4v1W}#0Vop!ZHj2o0eJZ2i3W|^ zVgN7S1fs7m0ifeKfW_>98<$9((}kHGen#Q4jr7y@si%<$H0SV#&4#{D0dYX%aM@}s z&>P)9e-7+-Qd_5|_VFCeJdk!|CBy@q0}~|17=kte1K2J-^Wgjh2@XRMuv2r0kB6O5 zJZZ;I0b#kC+1CyC^xvAEhSj)xS2a%D2x+Xq$Ibt!5}SxaZZ_0S6|H*@Z7~o`(#n$# zPos#nyCy<&9!2Q7xY?S>a-$uJ(2>N_!sjd>qg=3EW;{^t&Tar`SiV?NcSW#Z>;XAtDrKN@6k>1k0~+LWz8phG07s z*C#~Q&G|vg1UTilD*Ks~of5DvUT+RBUslmjf=H4}S_`9 ziTaAQ-1Q+{Rao=(IjA6f1gHVY#!9uMs3p(TQViF5%!;8_`xwTglUaIR86~_t4RzEA z3uE}kR|voBxN?O!beK68g2FEnD3vN%mZIp}ybeek6Zhxu@hMu}`fl0awq~RyxWhcU zhwSj;<;A8Jry$n!4>WxW6rB|!9H+o71&>E+Zfm3u^KUYu$xqUUVIpVdM9x^2p1B+i z)e*>!fqn@&@-oV`olU)U|6Uw<5O;4aO>BNnPxi@5Mv8VR?iJt7+lRvneP31i`(*Qpjy{TbKw@iZ&YLl7bI}a6u7qfMSaN2F(brA%6sW& zx7P(ayRcSja#%TCI6H$?W@WrRRgBVK+K6nd1e*PyB2I5NhD=KhdaBFU2oDe7hxq&R z5lhtESMRsQ$iz68_`7)aki{wXDFY3wu`u>VEf-YV6{)atdLvB(#{kJ6{k&UuZDTDp z9^8z7@yuK^TIIc@#v`)MB;w=J^2VS450U#BULZvld-%55%!>MK(!E5v{mf6r+h^}h zUmDEk2Zm%5`0MMey5HBg&Z~cuF>!g%*q0})+N>Cr`CadBRK?okTBW4Jv__{Q5G(*^ zlQVNwLdXES5cXuz>hl5Hr?3xpj~>UAXEO1t^fbtUp1RY5Mi&~+lctnFSnn8FaA*S) z78$1K|8dcmgp6+;S#hICz7ft+{OEp$qUPpv!@b+nKt@ap|WVS7rcfjcbMJ447*E!ek7WFuMn!}FW0b5Gm5~;nJ=|W(M1bI zToSr^a(>iI0j+uY#1AmRSE#i%T1@u1Hr=yf6e0kwJrHsf=9a# zvI$H{@YZUd_wxPaY5uj&lC6{O}-AxXW#pStGIH9lWwJT z&K0g<2#^wOJErJ4guPA-M~i-Dj*+5YF}zsNQ&)9aR9sRwN3S$q>{AcN3F+WY8Bw=d zWv>9f17Ffmswg%ogeYK-1=y(vAB|wjkPmU!UOli!8p^v(elp1~%-QX9xT6nx-dvQE zk8p&ZT!NgKBlO|8)JKRy_O8B%$-M7!O`V2{T%J2DOJD?U?7c71yMK@Tkp?J*P=;T{ zdB9W-qm@_*i}p9v%xw(@*S|$tGMXlrA5>Cqi?)h%7U{bC(VoQtDTuxKNSw-iIPZ#u zaKGZUSq3V?o94=Cfmpr)&ufNbs@a{dzkF;DvQoSMR5GyNo%Zx+zWxR|_!#&U=>+W7 zAc@Feyd3M}w=ZFjJ9)%hle4AzXFF_cC!n7G*k`U3X zpXix)+l?QeA{XrFN?-Zr1l6u~nQ2&0-i3RS-2jxHpeP&Qiktp2a0DXJ=wqMJjwae6 zRVrSKMF#RSJCt^y?s*#WKBs~AUfmD9bWQ4CTzwx%eW*&Kr%FnMGJPyhV*Dq9N86Pr z(q@M*3~uVnTvSjW*9~VnXN}?lUB686)Ctxx9stYjVj&&J^_`Mj1L0^mRNq|5?_? zNKb!yE`uSdz~VQ$)zRaZB?{JEzJ1}3V>NFozti*frSwVGD9^?c&$XBcgi~5nsx(%F z9!>ka?k9}~JKNMBhrArIp-@@xBN>mQD^>0sy5>9TFxs*2e*;RHohrm`M;YBV zw%G3wiCuS2oM8*k4&zzm*G&*Vi5{qQoJU22$z`WpP0I=2ur})w3>cSSwyrEhVxL)= zg{e-X+0(9>N0(30aJyf~f6bpd{}$O%w0AXTtdX=(bSTpfHCkyn_gzscN2vtkd}~m% zI0_(N=xm*3=Qm`sOp~YWnkEXI^;eChL4TiM{7v6-Z>p6peedn|OC1A`_XG;8X+i>=v|G z>#iS`00rERmhKhB!pk9i2?p1O;w9svBj!E?d{bpHRQ*>7!0Ej;`mZDRoQu9?{QaUIn;s_oANJles_D0D7eo;0T{;q^h)R<##Y9D# zh*9YvMUW<7L|TAAklw3+fPezhA<{dM-b8u}HK8d*63`GJ)D9Xk=Jx<@^hp1PH$7M}b*M8lTCY6Vfm;6x;Fo zuRD_~#d6g7&EP@prnuwb!XrmMUw6CYVW=k|jhKXobfLmek$ub0)czXEnFWeZeXhHH zt@X^?$z>Sk_?+J4BhaCVk-t`>I*2@hsb?{EEJroWiNL7nI)hOo^cvzSTOaMK)m}L zI3o1dy+7=DnwAax=3Y3RASe>s@oe2mG$fBR_xjN7Lw!Yge#lPz z;I@#m$Gx?=8T6~9C_f|z#DztyAFML*+he1qW(omm)USHFV%8X#d)uEQH&&}rFzk_&jNu=wNJ#35sDL$B{15ZKwRl(h!2FWs6@!20dH${7UZWC6 zhCS)F7*(EBImz(M4NkMp7D~3jL70AK4-m(~_OefRd$yEPPq#!^Sx_0@B}Q1n5tUW( zA^iF$W5h>Od&TF?!QfYKyHP%FUdYP|92pOCo_r4pczrl0i2_+d7q(_s9|J{462hsr zCc!S$P=JVCzZaos;8U#kTlY9?!&h=9L6x4!>E3;wfOdmMugH-qa7hd#%t&viSlyg5 zTy)Cu7F`qmkJaym)cthb^k(;`ss8b&X1h7Jv}FUXOCF+z07dK7=szr=b>0C8%MK>J zDx;!|6v|d(@%&NBb8ErCT!T^e{$8cXJG;%-#a}w1_5MI((X8zjxP-uO!9sI;f7#gK zKIX4{*;^E??DjkssIFAr@0|3l!OUwK&)5*7J?BYIY@{1w-EnAE{mOYbv^Uf24ODc@ zf%!>GQ$zfN;3=g7!x+K(2(B{eDBp=tKV?9U^@eI!;1xRPELpJ-9@cB<>E7grU$hcO zF5H|{va#MsxccCIZR%$ODdsC{x5j{z)TOFarGi}8#eJMw)D~M=d2YGH^8_)^1*LUB z{C(mW%m$MGTTJO`eVy-h#)hy`M#Ct&E;Gow|?TLKQ8I`Ioq4U{umzN``<8 zx|>9s9`!+itEBGsh?MuTvmUtvt;91 zJbS39q|iU_!%B#x6Z(oVr`Be}C>qSRE8_i##xucJyOd6O(%lP9np_qhd8*ZBT}^rX z_{b@OIwkpO^N!RMWUUy&70d~r!ybnMyATX+7^k+X>Z0TE#vCv1xwPV;*CSWGI6Oiv zG;=?HwQ{gSl(2r}bP)va&!T}(pB2u8GwVTzS|(-&`IN&)4C}L3h+?1xEGI1KIOl_! zT69`SK`a&BhSlx;hl-jkGgDu&yLcdMt?laS_1b}bvA&68F-(@oeAo4Y#=SMO zF5CL!XzwxV;8`SEZa<62ke7B$`Eb)QG%ewq@Y|avN_$|3sZQosmhpht zKQzt~(PVU|GFUhz^-@awLoHX$a7h=fP@LweXIJ{@N{7$Cl<^jQ#8 zXgBu*RMUX!wSv*Y^Pzxb&?pFNj0vug+G$m(`C>lu)>m5~=yOp=@4E}8@g;f-tas%` zZf4W3>pdek|&REoInS9aE_8@t%JgvL}W~O!ax#2F&XYNyw zxuN)8tkr+$u>R)`XzX=hz4L$mRoqtOGO5>Pa!V$b!I!CSK6n_2n&t>v&xdH z?1pCBNjB%c*n}x+NU{GWwC&G#{P_am_}{$DClScAmt-}(U)M6*dSZ+N5{G2j^{cS6 zf*#JgX+-JCI`4W?hRh(V<~3i+@{WHop45aP3-ihCgMf+egRe*CXFiSP+s^6xp4Wv2xdd zwuNiCELr!I=N1bUb&LXUuHCQP&I@gU#N;<@hXh{+G>P*h2r4;coh|E9R&G^_Jv=c& znBv8BQ{h(!jPDFCYNpz5KIs(-HX!}W_qxs5nZ-OQ?eTeQJ4fjNuFaPE%a5pwmU7Xk zN?dErS9l)|u$}N1&-xIb|5xXwSE4}D%d|RHhu@GeP$MWLSQg$7jl@KzRFb6nezE2A zq~PdzFb3(2*5P!%TR!*ND{jg^s*PmqeFMG@Tydd@TlkXrcC$5&Rkq#ZfVs#9-pRFw znn};=xP==V-EAfg5NM z%vS5Ri(>mQX|VetH{jDPV_$5D#eR)k8Q)xW)BVP_&S5A+2yU6J>*Tg2kd?VYc zN&A7zPcy(5`pB+7ruVJ~G z6!4pofuFy4{c>)yb$%5$UM>c?_8HCaCy9Rt%!B{^4kyQL;qq4DRcn8en-J0W7k|%i z)c0j^y?eBS+P5W`n7RH6kRRjC5`5Tr5bAi<=)LN8>(3bIm6?x^A2p_>%a^%_uw~w0 zJk!UlO4$)?v(b1%bPR~86GT=f{D@f3wSA1=YVoLS*xcEv8*r7H|I+SR9{#>UHSOj@ z{<{(eA-dlcKZ;f^YPqkRhqMP3uaHKF5rpc(iaK}z%l$dy#NRu*>^=5QGfoQF6KxKv zUORR=vDiOuDAEnx9`C>e2SdDW914K*Z)Kba%%+}IrEl+tMJ8Wg{#f2tn5<*W6?+0D z$`ObWz~V_4pyP(_m7#fLt))M?_O)%Q{$xsighszC&Smqtr!fD6ytwRsf^#fI2BCAF z?vn%pswHFuLI!K7_fV#t<6az2y<>ap_qjkNL5A$3vY=CWlkYD#thQ6K7`59Dr z=0KU6>%2muEg+Swk+XpTSNJU7fzkn|>o{%|8p*JqmGLXri|a?N(!!iJt zvu6u#ASx%qai75*2d${C)5p2zB~`ER+=ez5g&600jN+~AyVMaNMZHfxsMNnm6WqjI3{eoxzL>|Z~Kt^_Pn@L5OE3LpM-;OG^~_TL_J!S6VnAoJrPtoa>82==nEc5 z#J&7|L5nMv9DQDZ3ckLZUx$p+d`jTLp`&2l=QajRRiJODveF{;D|XVUH_ z(-j3R3~dtnr@HIN$W9J;&)UJ>iR(HfniBybG@zrDV%k+phn&4UJ;V$=UV?sPD|7VJ zn#6>oZuMmUp#&K|=JuylPMw%x0j`st)aU}{Op<7q#OZ3_>- zdXCepI-(uClikt1{VOvZ?KT#LW(QvemTI_4rDxt5Y%N%>F~WAz<5J{@u_ zDWJa(5BIXi-*$8ai3NWHBzjeQVZyt-!WT(VbkT^X;3}k))$Trh+T$tv(21=>=X8_% z`~sTSfB)!gn5Fb}a^v?)2H2ukq^H0)7Z6&rFb~Wff2DH)5A`MMjzPy3uIoH+qi%>? z5{g8~`KJu~H&j>jl~2xaY^3W+zbj<`X{%fZ&_RQX}g zpD|H?$~ZI5sFgOS`FJ2E{Fl^mCYdCZ6b3XOn+9@euq!zZ{(iD`pLPP2BYGz?v`w>h zT7}(*lpdDf;&XiDkS^L#a(T)$x<(ZAa?FuyDccuyuO|^ZT z+}ARG)r$&74%(~mzba?8I+53dDv1NJl-WSi{%h%LD znv{EdK-zb*}axwMGhJVNSEf=j_^Z4rZwq{h8%D*0&!HpTsuWkU- znwya#ICNLiBHK3zucm`!kB64tEP@;NCu%HCk8qL6Lt;2WwwtESOa0S|NjhJ#g%+(n zSm?ZR520TYylg{1?Le?by?eH;6)MBqYc}g?Z9cDQPheDd3>avA*MXiEDyR*xSUrI& z|Ak=+vCFHyPz;S8At|9gFvnlo-Fua7Kh@3HFMU66`?2r?$7DTEMMv&92e-E!AN^lz zwB>7)3Mq^X_@3@O1%hqJ0Rn(OL?d)1-EB+)wyt5^mCd_TKj^S<33y_qQgUF?4!CvQS zN@q9FuR%%KAHP;CTQ05kF^4;*T$@%D5zc9E7}_0}O(Xg@G);5(sVkS z;o~nJO)k5pYNVWR`Cp0o>tNV@Cp_mC+5v`{!l}klZjuVSgH>t?a?yK#M{Vfq7am>M zC*R>YYkb+}_;mBN;N_Qj4&e0DU0dK8;Gt-ap8}A6xx`?>nFc8<88aioMUZ`MbCzgx ztIDx@X7<&DXjkUIxi?Sr21kRVQN0JWq`9XA+a44(JaKrp55rwaSi(Hm7;#oJ5~zD~ z;c!y~Jn7ps4B&8+{|$$q_zmRapCBW_+yvhWER2cdXGi=@x_~q?tF1?tZpN zZ@R>6{2LX4Ui+BO0f=^kNzipDEBwfGs$CUjzMHoE>dDUJfUDv{RlB^%qP(f+<(QlG zcAW7`@y&Dv1kgSQ-k{62_BaMCLis_VX^eW@O1Lbby5M82Yy?evlFA|W7%!bDq)Sir z67|Cb`o;JY>g79diC;0YOD|YR-@n8fp4k;FjX#cT@Ndt#6HJ_7DLfjy?Bzz`qT}7~$x8vd9`(WMt~Dx=`wezYNNYFQ2{$yf`Fc_40kirId$JBEBMXL-`Gt z(Of=qAr#KJU~z;6p4b8_Te7frp)ljm(~F*9bUgBpLk&Cy_Zkz(wTudpZ$7s=ub^S) z+e8PF{M)nG$f@I&q0Rbne{c!iVa1c!RQt9%Fd>Xsgm=otTOt!WA(IU-I#>LXflIbc z6;+&3p7(7%Y)Jab;oAERs!w(7<$8x8!0!T(TNZT76Pfq}<0m=v=F!&^xFRNff?h3% zPE~W)G+=-k(9If0!D&smWQ%lv6d)oS`hLeWPlaTJKkMtfJhSg3$57oNy1Z(h-q~m& z5yw9G$T209HvM7Vm&U)i_JQ@eD43?%nl^n8zIN~JGn=gV&(}RAPOTle%pj#7NN`q@*m7U>0ni8w+M^T8jR*37+jR}NxbeTtrPGRUzPG)dGG<zv4n0g7XzCo=tn@!`q@(-0T(rqrNxo z#rIO9KYx7J98$#Pw??<`fInJ4Cw{?>$^v@9JuBBHF9ddQnQ6!Fj?lU3^UP|@@I}12 zU(2cRi5=Px=A3KSzym%-ChLm;Iym-ib)8j8&F1-B${o6j7+>JKZ*Yx6zbV$7<~LPs zy~CEfajQ<((Zd-l`0C zA{+^5qgz+otbJE#Ka|SW@S{F_di~jeO7Dsu|4%71;`-M#EMQa@j&6|s7;$yd=XSld z=QyY3bY_YUZ&{#U>-~W9t}*H;zN5EA8g0){hoKm=?g3w#w*^58%@zb2<`^uC<* z!a`D=^0-AX>=tL9`9)dPhlR79NvQ8~^HTaPq%;B@4z;gask2BntQh_B>yk;2u9FZ{ zG|9yHOzCdY$ySeK_W7O4tyEvFdw|g_^Z!ojiv3SZ-h%(@_Z!u}1e8*5nLII&zfHwj zlyrDRHDs7A!yiC?ptZ*=^mQo^`Q_XPy|#(}7Yc|8nJG)=8Q51&dFi zU!yL*k|$NqeJk_&+{F`zliIyqUFj|?50BuN6xP4yBqn+OG)rhbvT#9sujj*A(%Qg& z)EX!*Pd*LX__@dp%t#2(+U_fYhtf8tZr;y)abdY7_X+IgaJ-T9=g=AX=LO<2n{`Yise;a8#}c-fd^KLAR$3 z9i3l)DPd|6SOEkTY4b1c<0AQ&FB%4WSrBm6i@%`cG-VjP$cSAd~E~A z|GR?&Gos3Q6<7?8#-U<0CD+~LI7x|P&u7-+4BvkfUhSEHwK*9ynh2X>YjpIt6n|Nv z>qe_O0U{2qFlp4$L7?kmw(@>Ye;A`v#_pq(rKAJJ!98e&z!-3Q1d)>NPEh0#Uig)& zGRuWmt@+U+XWZ$%L)?86O)b;y6U^>fdJZdXp`kiDuFZXtFL|AJwSxoP^6^h?qf|~4 z0sav^G7MpY8)dqeTwGZFtI>_fmmV<4pA&xjw!(=;zb>ET?mh%J2kgRgx^;@cAbI_|0H-ea|sZ&djJ5 zf6BYunn1_EWpK0bhPZ!8*taU%Sao2i5lvxo<;mwny8^9kYmzX@A}F+fvB!6El>Z&l zyMiS&r}?{x2jW8AdxZ0)8Rcm+=byhj&K{G@dXS)cP>5x9deD{a7!QZGsfLgV)ut~+Z)a}jUsYNG>F`T_pvZ;Vr^`smp4$=BJ>tQ|YtxU*6!-Y9 z(KdeyFpc)nYY=Mq=>ZlM(XNJqA6renZ!FCdZnBErYh)MKvFppijU7-~mkzkyvis({ z!UY^`Uij|XTr@?2WVN5EvU0g0Z{1{4!W=hUmCfx;PdIofY+rUAJFG(gW77^I3vrf_ z!v!VvvBhG9lL&zZBwL)z-z+PWIFl(ES@G#`qa~gU)%HzO6(=W?J6Fs%?B+bzV2mUO zD9Pu{0G@x3lH$N#*I$RZG=aIwQVw--BHRaqhB-^R@UOkt$YsN_m`4!D5? zP?u?`@REH%(y;AXVFtvKP^gAqlY(;`-B%~uhl&y&{RRwiJWocOlB7eJZr{{wTWjit zhC^6okuJ6Z2pRl9yz&(*{aG2EI+sK3K#ATt)h6Gc?hetH4hxb;q_PZdYaKT$|3>1W z8iE?o1xU9l&v?PXXoI60#$)F&7aGZHR1dAzs1=P!3xtwEuHO+v%L>zpL}V^)@w9W;Wo9n z!ul<6um#t-aGnQo1;wrblNrkU-{37iilB>3NpT@vBEH>`{R zJPR(O2#_dIk|PerU{Hp+)+8DIvOVdsYs%}QCKcb^t)d49FTcApP`wMwKH0^g;$V=M zkT|4pJ4;DXGH~)a|9~2Q+B^{vKMnt)C3{=@-D^1$Xyrroln0+aX5W82c>eet$W^X# zY{3)6ysI;sQiZS7gL6Ku=)P>qTroEo5>fP*v%tcA*~UKAjEpQj@|K#T}B5}!8<(r~Wbtct~wNcrXdME^=cS~Q0+ z&j0zvm99oAzBhi{!`nnD9E6-Ub{RR(`vfq6@RwR+BVF^2Dq0F2wYjRwQ!{j4fn&MP zG};69zCXD@ty&)8#P{n6WMp-JDRHA?3`OA&o&Yg--ay>QS!YcvMLPdfq4q4x)pCF4 zdT4ds-{GT_LZq?di~7b*N3m+DO#lke0tOqzv{F=pZH zgv@FpDfS^W@UMHUXCP~Nw)`IT5P1xUePQ{zE}uj~<)vLTE`sGWe`cN%9&}BT`{^}Zx z8@{WHXNzl>#M#oUz*8pg2&_ME;ILY*FOt416e;Y+UfN~B#LmPVOB&S_#E+SshjsFi z0@u;8zco2Leac>`t_XCh`-~o5PsP0z%e|^2Y+PfoRpy+udDA$#lC?dbkD^LuBh}%L zx5z-uF1*OOfITGuZx7N@dOP-p@hnFPwW~zBtCPGk}A&Z z5jyzQ{RoGmU)g4{Xe{ppc&5afWW)5vY1Xk(H6^GPqsf!XPp{AMZqwl!+N%9d#TDe; zDW54f&X?YL>tNPQS4q?*~ zZ);C^@lJDd=IZ@PHO9|Hb}f?p%BQM0wm39%yA%qJ>=70rNJM0m;Tp9ks#cyi{7R01 zN>`h)e&=Qo(O|!v)@P_)P%8xeNVx$xR5MdJ5Km^ofM(IdnT?J~_q7)N%JoE8qv6{W zP1AAR4)fs^7m&)#+R>CM;HHT|vQqBAyU(zHtJBNjKmeo|X!=@~>lAxO)QEo85jWuL zg3r^$CtJBWZ0&l0hXK6uIY?$nO3K1T-}AzYT%eiZsLl7{H}^bSb-*ONV0LAI!dQZ3 za9=mKeKNk4@$*wx)|?*t?&!|_-mssAllkHvFsax*;#f4K2^E64vF>5@EsqV~6y5F< zh$VW@luXEkXUtYHNL^n}9o@Wjb-uhD-JXqzu53-$8;!{)#{RRFxr zC;74~w`^u!$MoyxHej<9{Ff6I=RK!l({OoNB>=7PVhesP7NdOV{>SPAzHl=ya8p6= z4nKKdDIj-XHc`)a*RBmvr6bjy=^Nu>7q&VB5~vJJ6X z>P{;JO-M%1 zw)sc95N$sQzvh)vQb}*#rKwI?%9H>Px-{XwMiOgZ3EWpBCj7Ad-kZ}W&IwL-?;eFq zaik9!g_reXq7)&nKMP{FrT-Ot_kaE!sa!%Z04qpPtJ%uNoCL_@w$>>4@JVv-kG4o1 zox6jh-X{GBUBEuhAD47Sy#qRhN+>sj(mL7CQAiKA=vDf^Nikq1{AyIm6ymBxZ|h2l zG+a@dKCS+iRn|0)p7jJO-PJ!y-?iL+{uS*8yF$K}xo*~DOXm^*i$JJd^xQR5wP?=X zIb>&9${4R79B~!?yUx5jb|C0R+j0h!ltb?jzzyNmXM6f8HW$xEd78TpJ-YXhzJ|*_cu4dh;d4KhwUs3macOYXWHgT_xDYl3$dM3K{*>HEF9qQxl1y%C%hgH~V%`hxfI`f_&^{v3WD+)zx~~ zzVmt#3t10u+jS87)WyMw5Si;yeyssV=d$Mz`e#_gUB!=S#Qylpti< zb8r$<=c%@Ac0=5iv9_v@%WBMwUr^lOkOd@KIR3BieII^z+R6|??*O(Pmcp(l621_5ghVL@QIc>PsdAxiHsW*4 z^BMkJ@|cj(jrsw%!A*`gR9$wD!N;V1w{^CKDdKqJd9iL}1BjiZYW>wJ=&_*!sNUf9 zkW{vQm>G%VOu@BP-2iKD@plwv!)#~q zzP#RZ-=5p#qvZ8NjmYlus}6_gXz)#2vg3JcCp&4gU9ODepr34salKJ_zwx*!V|?`O z=o>+x2>5$%G%_-CS#hmUi z=_B@)&qc`moDE-xKFEwqFpszXvg$B82>|u}Fb|D8TP}VZ_lHmkTv* z&VrE_#8{{?dR2T5U)#8|$Y09^X+u!c!~F#hEiX3$GEe{Gt*igSui^qrUtdRVdz0T= z@mqHj#8dU|7l<;~$!k(k4M~1N{W!OxFlymf1gq{J^awK(Y@^$ii$*tA+=#x>jjn?y zk;i^`VEQ!Uk~d7v1vlrHFBU$eV<*9Pt!2#-~i0s!w)Cxth{uZUZcSZ z$Zmgv7jABEdmS3Bj_O6xBf$7@{439930b)m&nLj56nW%T(~Og<;SVPF>$f>=24fk&EG#I`>uqhHM)3+gNI;`Fz4)_ zk&3ijaiVfoe)SRN=EFVKLe@TeMpnlAecKmY zN5v+LCT5{9R!hH5T^O!?_LS&8Fc&k#@^^34EOFcw|B8|!`Jed#j(@Ot@BEAKo*u9$ z{>nkL{CSEe%1WBYFL00}BJ+)%qxeM)My_{gahj8}vj_8l$!8(N(b~xXTkPUX-LL8t``3iS-0c)8fLUvfEvGGkgC#@{CiBP{=AVQh6$c&B_I6+ z-$LVyd_(y(d09%`cKvx)mJPeYUawVRztBN^?*`88od+9WfNmN-iOdb~t)gNZ1g(W9 z544&>1>=6DuJESRw_Pb0zF(0s|IKTNPl#Y!bPVF|ykbed*GMw*#4+6_Tlv49d*UiF zh7p!9eS5cmd6E00tRFXR$hT|h+6|d^V+aR(`+j&w$Sbx4!?iP+fU(}>rN@~4A7y^b z*{)LFE3OUNJq7ij&<6${HoUJkj9`$pLR)&XJ~PbYxKHpj%Wh-FX zHU`BqAdKu^&1DZnfJLpXtw-S{w&A^pgJa*>o~rLSLa+~Vl}Ehh4tqxq+y#A8{Exoq$lS)3FJmO^Mwf<jp8*9bu+Nk06X{^A7g@F!g!h$PJfE*;=+ zwNl?69!TGLk~XCLt08RZE8r6H|EPS!|GPFdfH01iup-_$k|IKSebg;1S9cbihTIG) zSRGBhLU|OUfFLN`?kULQbLP{0X(k8k?z&-{$WkzpF=YN9DuO<89I|f)IXWVu|E|FD zDd_Egs4Vu6;V5W9>kZuQRBZUQNobb%^82>alix2iW%!4FyfJJTUNkUSoEmWe)&m`& z3r&;=Hgeexgq#lS5<{Gjp|))8`py7Xk{<50C(sa;Lkvu6vKg)Wk$^>}S}e0Zoqt=x zKe&CV0~5Pjmg}S}iq(982~gUUQa=9pb@3vt8^U`2i5U?WZ#IFZ>SQKCajNkR zwlQeVf2f?>Kv8~;*Lr^zxD_`iI^FFWG2gl_2KRknGFravxh*pHGl;vebpNGc5*U!} zufQJnv#|pGLcIyQ**{~-&U#;*6L4Ago{B%~9TJB%L@&iNTny_HZ67`&J|tZzC2LG} zUfvPrb4z0S*;Kp3V`^Bs8pb`nc#O_&lDe_n(fMps2Tt9YSWx%O&B-K5YBrdGEDz{m zRDp05RAEqIABMJe;TI+eQ*AW(4uRtx(l@31hsst`P7suXqG4?($>4wdLxsyt>aXY! z{0>m4+-Ead^D))BnKZi6+K6}8n_#KV{4PV=YJ(R8(l2}6s@aUgn_;sNM#uz%LWh2s z2T^C5GUN3fY#s$m**ecZH>UyH1a522F%cj{1JVUx83%A9(!^K#1@zo3YRWiP<$3$4 zlp2*o^mpK7|3vkjiHeGjhWn4l<>~BMtiulkH$Dkl(u1ZOS_54o`Hnmum*siTT+6Wa zWiZ`Wt=ZL}eRG`FDdj^tpQMmkgcYS5RQsi|<-9YG_FXaONjHNW%w`kw1U+r7Cv+8mONm7g&^>Y&fW}>T9yOsj#-q%IQ`$xP17E5`;&}}|^l1W*0 zf3z>Z&%TnBD)SH33)=E0tDOWX*0od~ylWwp^#VKX@_l zS`+XwW=2!4xq|q7as~H=<;Fewit|g)%QrPY7=OQia^ohz@Y~(kTz5F~S#y~FSu!e% ztJQ2gT5Iaj04M~$5P|AHFvb1=k2*`s9ptMP;pZ$uHQa|63zj?eKROmle%uye{}&%s z*@Qt>JUR9}6Y0ppJ79+72ByDB6zYyd43b0JuMk?=XP? z-*nVyL$Dy?CLlN-)&sDX;>fBKGJgz}ixf4VWcp=1`|LL&9e=2IX3X-VckO~rn6~lO zhIr-Wr`mVN1POk7CwSX|JjEJP1dsw4Tu)1)l@8>F+OuqBHa-q)>r{&7JL6BvNmLiU zQFo-q-e~-fD8CE5_+J(|<31cnK-;4iN^ra})d*W0j85k?_fMo-iwsP5FBPYw<_zE8 zN>Hs4ucKuiNYzJ`{VXn;?Q+P)mxQ+~u31x0b+52Z$w0K~vD6WZxghaj&Bw{! zKz_(xUp&>&zvLYd{E*Ops94Be@ z{d2bWFWyQmx)kiODFgERVOVs(2ZN?6K}svkvL+I$&LO7xtmm41>y3h!849{|Zp?|S zZgC`|GdVId=|-7B6s+*9qgT3VQe>2es+ z6a!9G{yR-K94I=Ed!n-k$HuLpU$GKYzGYiqH|XfFX&}`n{CxY^r8D<-;a$=V!1El$ z>60Ia5l$ci2{UxL%IAvizL|nQzU@IDA~XHdqYq+gdeh_%f3?5r*SB6cd@DK6q+Bv2 zfI;zY*yw$-746(&#NUR|(bk4Jwe+=ElXuIt2Aom;lD<1TnlgA@Kn9@Q2M0Lf@Qq)s zAxOshv6!BSr)MMOdsAOr!Q3VfQTb~&SnpkMPs#pkd3`IWdmxppOyb4YVF5cXIR>)E z1fF*YNMacAm3{elJ1lbV7sXD=*M4YJ69Wd@^Uc5gjxG&u$sLxH^Yzf+tU=^jh{ zV!Uy5r(I2&j#Wn{d%N&*qdyF0rz^<+AD<}JlrW+S!JV0c{eH2UN}kH%3_ zG`ePcZQ8+NzrT*lTgw- zGTqui-mPe7R3gfet$w_%3JqGCknhHfui$nuXAmrT&3Ubl{Zq?vy=*~YPxA7uo| zE*pU)LxOOvtoG(wOY8gFZSSGC^c=IWao(|PzbD>+pGFK;C*h*H*&+cEka}_aYHt-Q z%d38V&7TkA2?op``hOP3q?!*2U8z*Kt%iD7kmwv30i2zGIrIU?n=aeP;EM!Qbg(Gg zOy`U(TGM#{8p@wokrg~Sb~QaIT^e=S-z$H);M5z}@i>&d-kP4?mBVSRp&LBFFmHMP@+v52w2*nxPG z95IljivL3@g&Xv!5Iy0G2?2B&fjNOQ-&e0j;`BumA%9{n4bJeg#M@D6wn5J$kd7WI zxKkV(b@%p@SaWd;6wJ|lJ@;XAxN_HF&PD7LE4tgXv#B7_-;YUbR0$Tg%HquyS%F7B z9{&U&F*UpF#j~5(&DQ8XPbotYIgKGPCtatDEjK;ul3K-Y`h)dtx$gL%XIl<6hcZ!nVrMs9Pknx8 zg5DKmT+y=2Dn@tuhZe?gJG@`=PhlBWta<+x8zW>^1xK%exE`Y?O-MU>N_UGM8YqR> zDb+n3lMZLSM7%A;%!pIUUkF^Y2_xJImj4;dn*=3T8s7QV-q_j_E2qAr8tZ(fFf4QU zODytyg~8slE&F)qhL`;O|9|)Yf9~!_{9ExK@Z~?C#Sx@eZvL3)L;8Y?K{&5N=(W8n zmcF{>#06GVK0vyNoYR4)^QUV24egjER-MqmgLk!;h_1fbqbysnlcv{O9qO@a`JUz{JR?Mo^K|L@imEFJmdjsP)HQ1jkcc@@n@0LG zSUrQo^S{Q9EbrQGquvmrfCaM16);{2#M1uab5|M3clNeuQ(gMTB@Xwz=Y~SVxR>70 z_v+0EPKJ%`$x0V?mf;15r}1SY8bc14M$l!&y*c#0>g zJ?UXq`MT7sIhRd>5U-tQX|munklZeS>(tr(A5WF*Y^;}8`Yy(5NfnuK=?ia)a63IS zjt^xCGSL<~Xf`KV5eH$>x@Q+;!0f;Bc@XUJldm#5ji=mHrgBGeY{fI96}Ux>6SaDz zXleCNKwbItnhu1_by!b=Z8wNc7R*Ls!cq!(suW*6ZRh2!9q?r7;o;J~TstJ0oFd2R z@x;9IRv|Gmwsg9-_EM4{so@NQ5G8H06xnhi?yy!#guHNjE0KZO;tsYjbrDv*uJ@z+ z;r2(TDug6Zu~n=^=6V&A<;Sm1OrE4ye_<0p=A~6^`kw8as$;U`TfJYA7NX!bTUxs1 z`*qLXxd$1F2G|JCcQfrKB0XaaSy1mbJH94}cw>G>hon%;;_mLT4bmk50 z9`Jy#E<(?4BOoN}3b%1Lu}7`o>*h{pEbT*T>4j#uqS;Fyuu1)(GV{5~%5Z+8pj@G@ zjmw%%l*EFso?1h7Ls`hmjVY38di8xvgixNqp{y^>$+tE)~Q6e(H{x%vCO%;c0G(HMX!xpu@ze7NqU znQ9osgoQG|oxioxmPE9JimhA)3`5^H)z`=Ca#9<}f7|)qo8ge!o2oCK{j;=qVWN%vdb69oL;iR01e^{UlJq#35utz|=*@M;5u*x&a{4+&n%t~)pPrd~&qK&g z$lFS6x^P{i|M5&2B4_j1-vYqi|4_Y4LqMa}1xWT9NS-bqA~wjw%jK)5ZR?vxkS1D;9hkHK7daF>n1fOzz$BvNeBdXjolPtHxwY z1-~}Zg~nI!D{1hxD-um>)SrFJf2s1D-dld%l_k|mGgV*n3AnP8#Uy6d(ZE<1dJo)Y<2A zh1Vo}aT!ymX|Fd#ccJj5k4T7?)TN8m^vYuhIg&2^U=1DRh%f26b4AHo)~%!?l{?!l z^qBLen1;TmcrB-?vQQ%x6|-64#KYgS{6}Mb&;_G4)&3w4O#=d5H(_OGM4)%>>+|Op zqoR_G5-NxN;+WgCT_SJjh0F{-kpa|#MMec=cIUH^USWEA1imZWE4AnmACbTew+W5B z5kJ#vdD`Tk_C|@++>RGHX|-bx$h}ib`=LLgjQ+t1d)OYo#9gaL;FH%?F z$K0!z%b(8O)M73Z6A9HYW5N$$0Xk1uus|Ac$FTfC?Inm>WyuMz?(_1h<(WM2UG6_*MSfu1%7*Mn}jYDq{6wCm(`u{GeSKzxcpf(r~((WoD-B`I3!vZLRdnG#}~j z7qn?yt_HOzua^+H&(m{yA^21f_2LNymP_>X@s)1ch7fkQ{WT!J^2X#Em&|7W7;ObE znclX&f>6Zs_Kq<@LfgFxEO#(c?u)KB-^&8Wsk6s^eyXZtuc2D(Eg26IqMS`wAsw~`PxbZpG=yacZbX059m2>S zl%Ua5^Xll==ZsmbQ{F62$ssk*qdi6As^*@(vGCn7rPlw(-g`zh8Fl-F&4^b!H-0@6VOQIHNsKtMnV9h4>|^j;Mdr1z2_QUeJ{h!Em=-u>a8anFAD zx$ho(-!twVLm&NMMj#o_v(}n(t^b_=U)kOw2-nF1Ap}JzQyDC8@a|M-Ze&mM1Wv-#3YaU^ zpwY7PL;F(<@kfIJ?{Z}Su>y4w%A9f42YN^99;J)OlIk*iMe0WHxDhQx;EwdDbN1|2 z`N$`m0?a#sW?y@UMivhCoX-?P(+2|xN7h*5%G0VTOwd!Rfv>^!CPM*+q95;kl5u1KOu}T=Yx3wRT*E1^NofI zGpKgdE_(-s1Oz;r!JKbp{dF~b@848XVkP?`{OYlLiFu%7tOXZkc(jgRu|aKr0ka<4!$)LlWa7W>QOf%I zihNKTOc4p2+t6|uv*Rx;5x6eVCxF#DFw!N{XEoE}9-xzQZiE83!FI}{r_cnNOM zPf&L*Cf*{@;zZlk0?PV+jOFjZh22l6e_njRJ*282-#AgHGbbP~fBjnoOjmJl{}KoR zxde7GO=_(f#3-yEV8qt>z(9Q-jrw~rlW|A61s%C-xAwpH9O}5Z(Os^;N%ihU>^WHu zjgPRLonBqRPBjGufnUN#eAswjq*BS;?6v^i$LnOAWOPBS50n4bDzyL1|6|cBEBh<9 zw&fGQ{J8gdYn`F8EQ;oa09F@T+>)bftg(|iZ46)P?vEaS!wJKpNgZ=^N%_<{}jglo5 zo!kttJ0h@hu}(Pb_9rSm+6!IRiH0Z`D^V9~yx9kiMbs^yM5&vhRT`qLW_<*jV<)JZ zniGTBC+vHZ818>z$-Hon?Z)}$B}iL?`C!S*anuS6K@9boL_r8yL-ZR-nqIcrK9zoj zfUzdtmH+0=y&pO@yqiGoKF1cc7In!V!t{sC88Y98%1RKxg}fw!Sf5oD{myLS2(h&6 za(n8}t=N*IWBK3&;&Z&`wY?(|1|$MsBI$?<2=qHJcgc8D=;+Gag8ql|k3YO$4t~!# zqy$bF+Wh66$8L^3b)Wu644RD;^MG(E+4GFyViUaaMtnvXOYt9l33{u7F6@~8L;vyG z->q1=oxp$W)7KDeFjvqE1ov@x1PrYogPuB;w0cP!!Z+~k-8Z_l+Xgce{g3Y%4iYoI zEGEwytMtgm%z~~|lH^VE`$=-O$TME?&0K!!>(0rPxj_w!e@kM< zXozeCw>494LL6EwCeZg2A$q`M!t(^-*^-5kI^?qYeSa9IpLO$mLAK09auf-lJHS7g zZTDQgtOTK$H?A~%>a(Hg-D~sh>9_VT(uKp)#Zvv5%UlemUoS<->1w(yS*SOm;(B~z zVHc~AYNoNRDtL9(fzRz7W&r^KKS#;Q>;0rkLNz$t@iq4g6OC8@Q@QZJ%b5$Bo0{61 zGG}%ab7)fm1~99<>Ww~0@wF&M8g=Fe0L@8sp411f8_28*snlLG3eLn`O({y-$6?kv z=!Sn@vkBmJV+dv=8+_`#a7);92y{uNlLcr~RA)L<4V5&QVUd%AFnZk|3-buMG=6o% zbU|!cQh6_aGbJ5N;WEz7rq9L1N1bVx&|E8D@5Vk_6g3Q zxKC`X^1C79J^SHT0N|Zhu_5gM8lEfCO+1KrGvECc3J<0HMX1+8n z0JLy54XyR_?wGKvAtw=-ih*nk^Z3PHaC1+u<~#5Q}b z13m=ixSQ$xBnj4SH@WxBh3zK{TivxI_=oH@>`WDmvWHD+{~;3qB2{3xDr}5Et$4krx97LbGo{UI}BB1Zoqn;+lX25<#yynnyf-~07>+0V)^fx~KFWJlA zeBy8Z^*3Mrn@9iMcl_O_{oOzQ``!KD`1m(I{*8}+_%}ZOjgNoh;wBs0!_;biOH`U%yeDQzJN)A9##=`6(u`lXyvD8Bp8>XNo(r$yJiyuE#lJyMlAPg^m}?H;x6i9u^dj&3 zt+Lfcrp1uF~0w=zsC02(?K0untEP)UJ$VXdlZp%rhg*el#2fv1`c98{|yQV zRzv3`h0``Psh$E4=pSnHzmw_z%dh=VlI0J5U_hE9eeXQ%`lLB>UUZgi`}xdO9nl&W zNrbnw@!{+vRM?x?z5{k4vH$*d|LZM%|NLj|VoTP?=sZA+paqTFtN|7v83uYX zlzwvWU^Vqb#ko_wyy;V}Q9upQ#r-dt0sm*pa{leT)!O%Qn=y)T3>-s$AbCcy*R=p{ z$!Lc+I)6DU4>|aJmRq~ZHaqF(OPaj!}nc$g)wgrBX{`D4mE%7g$yXMtFu&FWutS zQy*y`Nnl0#p92jIlrN+fS^Obu@;&FUzrJnv_5Z$57Di}r{CFHwm?$atAAav^yM}jE z6UqKe{GTiE&}AjFOn`b4>^~B9Rm^JTTXX&qR!7C6t?JJ$9u?!H zCAsymuBma{p3~0wu7!ypH^(LAt@gl?9zeGWakPx_24!5084=!=aoFi!4Fc2PZLqVNyd zho03gHC4Yhjf$FT?V+43ync)<5`g6GF-d;;LzV!akDUMElfiLr0<5$1lPU8UbEX73 z+lwh5BFY9Lg(d-`63s=t?596u{cU@lmUvh$v+wa7(AkMNIeq_j0NQj0K=}w=`A}nm z5q1_O)8T>oO$^dRQcX{9B!_%19aOUxQnO>Z&Nnoy=dUo)Sv-!EZ6MV2+raQci;)9( z5FslfYnU{4!{rbE*g?FD(2ya2q4Q{iiM`$(q-;Y#I}&zWTzPFTUVw zZ(?5~Zly)PaZ*+BJg(s-J|$>jC(WV_a0f}hQW!}noz#WpWg*jz+U@{;BMBBpuICS; z$1b*ypoaQP7rgpb2)AHR zQp!@$Ss4gVk7Gxo!ShLdEM5U4p{LNM)1Z!}N~buYRs^1G(0`4o~8OXQB}_ls$?tr&^3Dopma zuT2mQw2QehdP_rcpjydvvCD`M{)dcy;-sIS`~9O&r1=)C#P*AORv&+lCIu^i7btIv zs`tuY=Ymt$VwqmFE8!&ZG}x0DMEegth1)qbF;zm|dK;-u$n3|KO&Q6_6^EncPpy2^ zFVM1W+N_i2x3O+!gb;KRjLsv6Ei+n?8xBWLssABU&`-R0s)u4vPx zxS!l2)#o~6?Vaq<+Y_3SM78glLR)vn=XYn!mZePmu`R(;tNJx7*{O zP)>rRXidzMhI7FnW4D3UjD*gIX~BzZRmC!tvezipd_*20+L{)MZ6n74B7 zhPpoyrhKO|oFaR6Cx4@_-g17L{=;S?j2W;tSr8k{1DfJuxX_n`do*dW!DUwy7|X&Q zwPp;~m)jg^vfr{$i?sZCk5lpjJVFTj;Gj)gg@e z87{>H9tlrKqZ@|)qen9TASY4IO+i*-*3bHhUtVr%QL5FmX+vrAM#=yi#-=lGq7l~a zAN|tCzFOFz_KKj8l2D01WOt78Y^|(c0^L;t)t)kEl$`kKh)G>Tyuic zCoG=>+>v&d!8a#NrST$t6GeXEmw81>?t?@C9ux;-;#glzIEFBJ;+0?Pe)Qs}Nit>s z=26D0UMShq3Q@f_3h{F>E`}>``gTEi&>dn!4lLvC9{DZlCbLrB$Mmk?@Zn}Hp;*4R z6tR5qLd}Sjh0auOtiq7Zz+P?VJE-i(&yc6$BK|gp4dMq~0y3&;a(1SBFt0G6ffjl* z@l4a%{q=AQr{=?w;w0?hyx)$5OQnxuAec8&H59g%nNl_q`9+J%QALdZ^}1F^1T+&%uKPg$W-sk z>;KVGGh@Vav=xDwjVSm0l-sukkG=1yDqS!bIUW#r-=mP4kj>j`+RV1rd5J)Q0;PcJ zBmR(KL~-=?)4rO5JEuOiRn;AgMH;OhHJ(0{!PwicgbaiZp9e0c#?n1}L}zB`DT#0= ziW1I05Q+vZ5j33=p`H+`P}1Q1LE7hGnI}qWY!L{LPc39&Nr?8BJ`T?^o^~0ru(Ftt z{YZzr!QYHVmF>M)Hvos%$j1M|Tr=s<&KY_T`>>trw^Q3g7AAh=X-rK|P*DDk#f-jp z|4jN2?XT3-D8$#q>;bX-ajbr9qyT9O)KD@OukMSr?6(n%f-;qODr_%Y?)+r?8#(EI zr+rebg46MJYBc9kR|vzy`tUNq2w~EKPzKB$+csQY2A+wNaFukRhhxuvTqUm3s4ZIc z-N)%_4^4j4C|y+dg-{qlY+xf}Xs-yxW9y{8OMC1U-axvxN&4QL?iE5=96zTKUkRFz zyH^Ly-|;g8!aI9i_SihJhL@vzEHs;+VuRX)U!!hOru4sKc>HgZh(#gL3%*!^){m3X z6tnSM5bOK?^QX5$kIkzz*Y~LSy1}ejg^%AD;7tPgWKo*O%Tzu`kZ3r7%*y3t%moVj06!Q&ofq0kOXx}et3y{ zQ#!%RVnW)-MNWD@S25(OmD`GoTFK*F(YXUDTE{OYqbiJLt;8Tg%sNmTuh}@Q$rKtv zv`1g^Kb$q4q?G&O=jJ2RcfF&3Zu9HSHfxE`nJx;hoJBBOfM>v;Ni!Q)I+j3ttT$DmQ^!N(BM2rE@xIPuWW&A8fAHs9y?Vi#CbcF}RHJ zuwYqn7EouWAj9PlfXv|9d5NYp^dSxst$D>W7{UaVT^nj@hzKy702rMzL0isXcCEXzXpBtHuSMHc)q5W(5?D!FDw(!V>aIDp zEc6F+q5-4=JQz&%i^qsh=o|8Yhw#d@Hq`6ZbB>(D?N0^EmOrh8ML2vEdZTDRzdgub z%^o3*t#T2aYaF1r2;sQ&GgZJxSFZJil7^AVQl@3FrJtcXhahL<-fzF!Aj}Y*zvKW^ za2>V)Jb~}WfaN+J@*7i6C%ac}F?J>iR#vsN(4bs7?%Ue@)P`Inv72>}MwsW8>j9Jt zE8E|72{`2(OK9r6+C`cnq_1OyEvJq#TAGgd?aH5*ZEsUsRV8KIeQKoqox}6h5ngsm z5o3gRAcQNw9UdPj$qiF}hYr1(c2n!*h^^jY!O~sd@Jt2jp1z*dcLVz1gH?4#_4Y{? zw`N;efv9(oq&(%vwideK5dq4yg2uG|$A^dp#2^3+W7+KmU(&o{W4%H+8#o6BA< zF=W8HXcFe*8+Fo}OWD}@9jfK>7(luAFeG>L=VtRgWV%o7XOt0eeap3`AGW}=M%@pi zc8BpHmx08C2{%m`FPy2|v%K3pacuoNO2uGsC}wP!cGKNWs_puD*AOTPapfnW0(CII zyJk3vftr4tGpzDF9WCN&jy9NBcjj)6;|zQ3_nb!nnqLii7656g93NR@BHwy_oisH? z64;XS7`_R+!4>JkXY&1N#2h0Ue#w|00pJg)aS@HhJ#N#QAghrwpY_1&OZ{~pPl-F< z{*aMt#^%)9_585LG7T`L0Oq4A9*_&2U{6)w1ZkqJv&L*J)Y#cmia$J8bXlWnpp{8V zbL=hKAme!E>dUx60BEj4v?ffVLD4X>AbXYGR^KRT%ve0sINZJUCBg?t7i|`M1mreu zJsNniVVlt#=Z29}41qO->}?iVUsui9U8vfh-k2HX6jESOll+(mo7ap@$KTD6j+7yN zKNa1L{;0nm+YzJ=p4;zF@$@_Y{_&QghmRL^>MWFk(1GJWLdzz0l0$uMY1N%kxuHlS zX;TyJOPw{vqdhuk;a>G8pKFpC8ka7-Y??L4HXN1~0e6G7iQD<2s%7sHe^Jx>s;h3#bju?*qkkvuYyY>(b=Vh8C zhlq;ViqBA>k-8Sv>-dL^Ee`JsTyDfZAVJ?lfPK%zFkp|dt}KM-Oj;YM?G(Jbe>I%H z!vTzjEl{t;MGIdSpGTxrc&oA#(a zlbo;&=hoI%s)EF;qkP45ch<|fDw$}Y&IHT#-$-|LHguJwjVepUj;xD++JMh1&NvU& zy}4kOubeg1d6H{23pHy8G3snsl{Fw4u2Md_Hw9JK6x}-YM;>=){;+kZ!V~&yD?`m$ z^B>G^XYmK7^*vyee zRacr&U?z`Fj%g^HH)BbmXRAxAjl-hd;++^dKkfvp;Uzg&krt-+Yu7i3meuy53hR(= z&;rPw!ZdCuk`LaSch!SNi}xgRB*dK;p5@mPkbXW_yB+g6r?H?D%(F`8&b_UARbF8g1lSkSRDJBN ziTU#aBi&8%6Z&!yw`!)6NL?t;w68iJ&aGz^Sr)(lxN$;LewQRUQM0hNXKO2Nr<}ph zYoK{hTT@_p$`b@ALr*gex_U^eJHn63=aN0cJe-9k=N_pGdk=6kOo_JcQE12 zaWWajga9KXKR@={Oo?NKwl6nCX(Q!B=FNqThj$JX1Xx^N9XoZ}OT-o5 z>cB3t&?duKU+>Fbl#uU-4dn-E?w=_%=ZjoeWBbB;DB0c4apnqGT3HSrun^_5Y{mu0 z_qys(-<5RQmKKm3hhn)GC=N4USsZphcz0YQNeD+D#8R)rqZPXnAs6>MnV~vXGF3#4 zAXjt6ildE}ndBPqbhg1M6pK#km0*<%BW)olvFLW8uEx#5ilFbm#@Tbr2u|T5?5W<3 z8C635xJ%6`BbNrUDD$3;f6nOLoZ-Jp*ucVinpBZliS3TX9+s+C7WK=uf&x=Vd_{k_ zx--9iKd_NtJ^qkgf_9MV=`+iuATSFtctWOK4JT~ShK(&liB3xsC0Us}FcTw^5}xA9 zs|sJl=om5WZ1ZV0oq<@UK2wU&P5d?iRY@4qtDhZa_)-p5lGnowH5MN=(Ri- zSv-{!?L8B@bo+$5dVu+wf2xNl>tU;^s_B(uxO_Y6Mq#4HeO(=$du-+p$$&rC#r;dl zUfcbG%?F?nNt#!;V3(0hJoW=>p&>)9D>1IyEVpVs@Zvt>l27P3Yu?TW|2R>%M1}^S zL;A)z+*MX2u(R13Od!VhU`ASBDJGv`k*r3BI0Fp)#ghsVd1WA*J^xXrbpeho*W z#u|d#ePOipMebf^ll!D<*^2w5z~`ctyDuD&kknPSc6uCQkXsq(nxk9CyG3_v3S&D< zJjy+|N3*LvXz;+4i1>CzM2JGfpYh|^^Hmk~=+l*$Y_{y+G;)cso?qztclYN!UI8-R z#ec5x{Kpzm7*jk^A1_O|3r2q;eFHAwsQ9fL;yis5&>@?p!OIxiAI1f|jyPi}Zz zTz?11#G3pnZVndbt z)}5O2j*MX=w$>X?e8msy9p_fBJGJwNR{AnTe($1a_dv5@%VN|63U+cDl1JF8kb6Ey z@=*qH@9x~9B*rvT{sJIePXLb_uWkf&J9y2M+`}S|b)4vd#?bfKEDypdgLORov$J2O zutbey41Ig8ef{Q=w(WTZi5v>TcI~ZK?M7a~;&V|EmOU2VcWka!l-ib*V36M$${%nr zmuDnb^|3n{z5cyIL9Pc5-H#~pUWd>+gw`E(XSO0MI|U~(Y4}}ZYx0)Fh1&%#k9RI- zn&rJqj5EQVL>W8@5Uo~kcQW7{T7uTb zQeb2-_lUqtnjk(xFqkehyI7DiV8vE?Ip1H?esE*d^u%eXRGofpr6O$YAW4()yh>d^ zK(sLxmj%H&WJJzVJ1xxLK{b?P!@0ao6sFny@~%Dn)m$Cfy6vEXebrL4%g;8Ur|zZyZ5@$ z&-PlR{E(X6#{~PIk1yP?#{cE&j%~byS>WKu4BOp;q(Ugw_xQ@SI7l22NPgH#GX)HuCm6)}N zoffrdNIlG_mZvz9|F9UP)x!g3g4$!diGEnuES%BW@@%hcd=k}kS6p@FaA`&)^ix{5 zSnZ)x^TInJgES$Z!8Pj;M*4d#J9+fy^?*HS#d=6WB$rW@`|B+{Wd7+EccJ~hx6R@2 zE8kv_|2EQ>40|L#`fRqHkh`7*q(T>$c4izTaIvW+c3Y<2`~_6g6Z+EaS*h9idbdM3 zGDY2V?^%_Lak3r4dQGWAbz$CPDHgj0+lA69rr3VGfwa(~x1^2E2Aao@CzB^hhF1N! z5>7@`#Hzf4`5<0#k0l3sX?WT*PWCwssu3*EG$f^22U-yck!l_s4t#{vVta!218mw(CW$SPW(B|Pl98drn(LeWBRz&Xc!h57i?lVO zZgT+44mJKx67=L(Zc7Zt9>9Y-=)O&eyl|S_yT4p$F~=$gk*mXe*$=I`p=|Ligvbgq znEXW$LL!j_J;5lNdw`pU{zrrI_{0kzKRyTI+C{3!&_%-PAbW760wJPGrUrgARYQ6zFSwIcKP|ut1ZAihlUa4a7qQdviS(J46fND_m)~O46Zs4PhM7D74nVASv zqZ;**RhoTBnyJ{gPDucV2~Jk@rY5ls?Tt}Chw7su?o8gBPS>W$0>`w7S;W?IwU^p?cE8&rTTkSc6e+ee$R%{Z?9h#js|F zBbUBE?aQp!&Eyxa>ELhD49*R2TayPZ7*KxLq{Oc$5>E++Yh%ATU&IS z=axD9X@efj$CI66y;2FQIP+iN`PBgs8;N5FZ&~9}((yC9d{NOdv$|(G1Q5QSGHUUz zCG+b-;eg%rfdioiM|ZYX(`{6f#J%X5=0OsiRT^mvZRiQ75m#id-+{T)CB3gq{V0B~ zKtE$62Uin^SO^Byu3{un?{5!kh`5ukPNR%vXk+@h!+%nxEpSmY@!rjSn0&Fv=lD*} zc;e;`B9<6lI!_e&t|=ILW?nxjfY6ydIHo^qVVPNWX^B#HGGfzRI*6fYA$vfi#-*bm z1GF*%KrUG&>5w-aGDej#Y^dn*zHLG3fX0-(HhLFA1Ayv25mMGy=c7@e+xrz!5P`Z$tvmZJdwlKtGm!{YA{b4~Um@6+56 z>b!EE-A)UvYe|vngb|z?IvDPT23_u3e{b5CiQT=d|4b31Vq$LPm~hq7>ab2;&g_VC zsQe~~sUaK`yUGc6AA8x!@PPWIGZxd?b`fy}RJWZq+j!SCQDmF*t>)TCGMe}f)(1aq zsm7|6m=&nll};vB4p z(|c5o$D}bT{w8N{wp>ZpKqJP}4HcD?1!OfE)=v z*fiy}z53`e{IiZ3f3I@J()IrIUDzkRl8BFyUq}~oNUnJX56l|%1JZ<=revHGA``ej zmha`$JxH|tbTuMIm({}gpSkq@U#}g4mtow;KUvV?QhYkU3a_PNgdjXYqjqVQjtK`HLVB^R6cEpMBct{t(eZ$=p+Y(yw_HyZN%ggQ$&8F_|=+z+?r^ zX4Q*a7SNF2zkT$b;YS`-q$2^mw%TV@LlAR0h)05$<{Wk(gg!8zwSCy!^vVbqK{qBM zPaoC!=rBskodQ;2UncPG7fBW;*4u`dA6aA1!rAsc>*~K0Za&$N1ZN_^Ow#ny?{zfP zy)+aZ4ohOKmH1q!eJvmkEHm-5A{C-#cNX0Z?Qk&6u7bbV2(~T4-m6bk`Z9zt&X^L#xN=JRJ7RU<&}m(>st({ z_YbHNhCF{$Si?B1B7uqt3aBCAByU2voyA>(&*qq`sq_(>!u*I*bjgtvN!I%`xbg6Y zh_A2!xx*rMq*oON?^KPP$)lNutxr0@`xXMrxFniXBYuR(weBx5-2=GPB3;#}0L-~B znkfpZf?~trJF4cb2!80M_dz#H&5`caiSbt8+afY;2D_RCZy4%_`_?a*iDfX`iM;@LV=R3usCSDTu#@-32h2NGxB`hJ8B5lv4O1<}o1o?=M$ zHCyG<$a?w{Y|-wGGeV8^d8@8k;0^$}>f+2nQgCOpfsNBegA~pKfATMMjB3+0lz;(~ zSpR!b4EJ%ek5if#?Sv!ibGOGYOw2xMEp+o<_Ddvmt;e=t8xQa=n6I~l_;sA0NOI3Z{~yOrcOFhxb4;DNf)`ZQbSAbwX{~oK zT0^z3B^kX^YY3CcF7@)OeVDo6s+TNBZWKlSxytunEh6cZ2LLuffXW1PoYPV3;V`pt zzs|-k?{H^q^zEovjE@Cev0iF;O7l3?x{&#|j+D;i!P7Rxdy!&^U6;5{+H^!0cqy_p6Wvq$j4 zX52y5v9u~)P8zvfT%mqNZ<$Nvw)vaWC@+&vq4Ojn6HXR&UIPz=aT4@kRH4sK?6}Kf ze}y4=A`HC++n6?cSYN9-3O~M0Zhp4(cwY>&FnVXSPfPc|;Q#gCyGYj9g&3q3r$z}~ z`1antPx3ISn}ifW){mCEFYf`o@JkD@&?;^a%%w3rZSe+!c2>M5f{U zTz?CWM(SI$u8UB-W|WXk?xZKAY?9~Nb1=|zR#+nm+w>5O%6_zeGWH>DK zn#~4UKdIe%Xqg?^r`lixdrs8H#vbWL>(55=?KY`8e8Q)H3Ak7gASmOjlYZsucDAjA z2^oD#{!6p@{s_~i^1{T=|E+bF|Jo5kjpb{=))M9fl&$rVB$@VBfotq{EHJm`H6vH? zrVEji2$-zqbd_kxdB`u=?9yGlM&P>(5fwkcQLqMh+(G9RcLxzdAG%7W&vsh0oyXN3 zlV^ZxP7`rt3B1R_^Xa12rqc0x#N@A<=U^v942%&8kHVlY`RYs_=bqc(cX-OWnqF-U zu}aqpmR^ev=_u&t)e3{D`Kz1G6i0dV6~u##dvY8 zoHV}Tp7%M0&Y$GH|KM>t@RGYUJ?IkV{gjs!2m7H^tr3qu7oVZUgSqI$qc;Q;Hqsax zY6Irn`u344a#VWYN0@?}Zzhi#{r>OZ&ES2xJW14BWEBL})nf{eWW_$26*k6p#b0`r zDs-oRzNg%j*OFQ9_fqFASCLmCa!&xgUe6O;zuGfLx-gc1HK9z(&)wL+wYe$TA)-K< z*c0rd{5yB#($G7$-+oOS)j8QRR~Q%jM@{6jq@HAuIEOJ{acK_Q-GVVw<^EZV0@fV3 zV)b&9U)}G4-R*)I(s$TpbtCMV3D$lrwpzH!+ig(Q0Ur7|LG+SaU_IAEUuq9E>aREX zDjLT-<%kkErg)~91~9va%0lB$U1aQzN{Gwo2ArC)k6O@B9dw5vhITnVfdfvpOwqpR z#e_6_(*bUmjOnSG?BqLHGiawxk$Sy?6W;W9d0tCERSM!|7o+-3teV+u`^};`0_*`c zXTg4(JLaXNZvf@EDR=%A0T$)+x!-R$KEv9{`FyYSUNh^p^nUnelYT(b-cV%KqGmks z=8Q*ze?>xJdQ`HD>+&9Y(Wt)3a_UUE-3uRu%j^K^4b~14)E!X?X_rimW2u|c3}(zN z!sCl>>QR{v4^=tsb_x@Y{fa{a?i0fDw?f8Ox0PpAxF72ET|MTUXjOkGch?vguLSZDqrLz)G-u)jm+ zwEChAm-$~gzJ=9WJe*3umu~V+Huel*r1DA;#1txNjI&HZdTB_|Vx)^Rf9^kwQqHuR zj<@f>(4QW|drAk3?i3+VqghNyw6l9kh`RMLBkPPG@hZ2sPu}qIvRr@aH__=pDEmNE zb|ZKcdaW>Z;ZBk`jEp*jbsC+#+l%Nb)0Xvx!+7M|+4VMV_P&Aw{gz_=!C+*~OJAfZ zxi$2rx0m)*)sIhg?M+*E(l=27J`el@ehOk!g zY!yYiRwCLn($7Y1vcKI4S~s>H#3j|GM;;@6mMScf`(yP;STc-Wk)}p;2Ku06K1CB# zDWlUwSH-u$(4ZEH3*yZnOI>N)Bf{3+YxhnNR{HE}TfRTiPqWt(AIGd)kw}~OZ)cDM z!uWRAYo4z%LD|r-6fhT58?B)_Y0>csCoDH;>kK z?!PSFq#5+V*PCW;2N?&r>(digwkzhlq?PQ|-k)>>1QOXk2>Xwz zhPI>*%}J|h^A2QfZIu7vvelwQojsM0!Bg8ZUd!UpvUR53Rmz>D!qEBwRfnwd%az{M zGHfooeiR01!9eSCK66cul2=C+dbZgvO(L&C|Y0lA-$>!%JT-C*1uwa9PT8Q9l52*XylI zGhNW`bVJ6C8-v5M?djniX@(~u3f=3t`Xase=p94D<&_y@ncOzyAu+OT3Tlf=5$j7q zpKCvCh|{r33n=G$vlw>&HFN*-42gkQnj1Gct8c?nU^JMZIigYk`kY_d#6ri`tu0yk zw;YmIj1H3;BO*6;haiIkX`kn5suMM8bF6=X=?E#6ztV-XDX(iRQB}QZ0=GJ*?|d~4 zfaqHjX$ZPOXKH<=#zh|c^`U`~#_I2SzM50`6~DGKJ%-#9zWGsQV)NpF@!c${IJmNq ze+WXN&eng>u3LquyFYPn-QsFgSwj50BSwchVyY{~W85(! zh?Q#KlszE#KP)!?XGQT>SH5cI^HKH&pKDUl^xw$@pJqUkb12dk5n_#abp~cX?mR zLC_RzNL{i>N1_dm8k37Hvd8krh2hk+r+9`U1)H!$d0iAin7z(UzC5Fc`dP}-i)aXh zC_he8BwX`S?HYoB+)qgvY;|84UVGrS&E{#E6eqsP+hZkdr%w_KOx(a^u!)NV`hQI}IHC)`f1-)ZA>A3ueF zMuqoYTUvzC+87*sQB!c233Wh8nADpIQe;?tjBL}(p4L3l%f6_~H~g4x4yQkWh;^Wy zDjO$4&=InF9gUNN6;dj*X5C+$Cd26ER`fqlGIQtc2PfwczZ0s~Ajzcb;|(B!C8%DV zpBx8@IhHimHkb+g7GR(c6s+&NXA55D5`G8_W57VSPqzL-zg{aiBFqi9y0%QpE!t%#$xUeX z)s+0o@$S!(WDOB7755sn0M5f(qaKTq>t9XRA{+zNYNrkrRqhTqzWeMcDzSK4(!yw7 zO~@~rZ%FkyDLk!?v{1j`wGPbn5L8zb@?e1;?~A2cN%a85xpd&vzLaXw^?B~HS~Tf0 z7_iY93XyPraST26>F+>^2ucz=Ad~nK#U`cOZ;R5?o*;5_r7}gdcHAHwQ6B;NBPh?&;!XEXv`o>cwQMK6e#AKkP-Ll35`urA1V5LU*e;j-Yze-*ah~5v-Gg?A@~OOPV4bPv6E;$axSakqoyQrh z%&zwt5d93-EW^=boCMSE9K}u{TxqRK!S?IAisjYOOl+KQYr(tc)@|2*;MuVHgRtja zv<s4)XzH|y;+Kx~FOTF~uFT0qRIP!M zA@q^rJZ}hL==Tbcw67PNV~0@=?r+{*3_au(SHCFip-utObcZ!U`XWr%tJ|=x2R7r6 z#-Dh5U(EfO)Q;RQQLFT~xds*wbkZXq)rIz3J$F z)zBVsXJuj7nlg+2acUu}Bd2|z-@-)$Ew~5vANuZU6Qn=M_4}{MOEobKUgg5dsZSDv z-M?g9T#`)x;uvN644MjgYIjCI)WxRB3zcbT>Hy4cjn(>a_Vv&(1eQY5N#=p6dHSva(dOlG{zs zY@rsjxhN*0bauPcscUMf?aEH0MdPVx#qCjUweaac*ESdVit=G7k@&MsHb#@5@CAE> z78`&hu&>esS!xUtLTwKjD(d+#53yB=SKPQnKfqUiEqOTh?hDR)^CE|2COMz%&fM$> z0PW7G&q0EpW|rt%Fz40j)I0NFWw1_Pc-_-*R5&0t#=rQ-v&5sW`3Got5=jEke!1bm zF1WJW^pA-@;_~(y<^EM{K4#6H`%c1YcH4 zau;*r9N|^Q8&n&tW!__S_e(VCj=+4}S#XFcv-9F!-snU)0>vWeogMR78fS;f!<%#; zH4HDbkMtlw0Df6}Cbut-7FU{5>G@nix&%3)I3dAMn?if>R{rBROJqN0-;(CI$9nD6 zP~O$=ap8v3P+gabU1f_LpM=6M@(!LhsZ!s2DevodXx_KB%lORm@XJObL3>>?v~;8& zOanCsb$lso|Re z`19Z>P2R@#wpple;k>?M`H}|*zxM*Q(V2Z`1Ry8L>$ZeEXIx5NSK2fGoqi??1x^gm ztBDAHpi;Dhzt4WEiX`A=6Ugj&T|bDgs?BahxWR9@^5bOY!nfp%WU^bMuHuS|JZ@XT zG3zjD0-{fQ(1Ca6NstD^kjUx+dpZCG6dHSL^g-ZB&k~b_7WKtuFH@j`DT7o|xMjhw zG+qrH1wJ8-AY->hGB>}9-uw7Lgjyg*I%TNTYu)$4R;zEHZwjJ8zqgBW2oIrcidmb@ zGI@!fG@g>FV#?+%Vrv1$+7_HXQ81IF@f~DyH1Mf`1LxxvwWwa=y~u69D${M`v(8ncg@Yuki?128 z`!W;8EbGPw#br!!Ez5O*d|I zthDW;^Ym5_YH73WO-5US<-{Z&?k(1D)Vu`-m#sHYknVmE3!%fP^Mv4RwXrqPT}bZ+ zW9wMc_Xh^Z=lcvkF<*L8IpN$JmvWABK!2`(cFNEZn8*fDgn$`z25^9lWKND!R3>?shiIz=3bLy9zug~O+ev=4B9;qK*al4x_?jN*KL*W`W?U0xvjip5<9 zl?!ay@sNEPjsbw7BMdM&cX8C{$Rcc7-?~aH^a=KE6Wz>_XRF=iezU5y8I*{;IH!HB zAY**)JLXSd*BU^KPMIf^^{K++9t_~Qkr{(=qAhLqchuq+zAl!FjBH*!#FNoVzhmH? zr2>=;ID`tALRBa@Rp_MdOprN4@5IFZP0`eQF3HZ|cDkFQDr7fnQXXMdUUa#G=hpjS zKzqNdVk>sZf2Z1Y9GUH^-#8_`FVxyx``X}$hM8ocoBZ1`UgUy9%kmZA&4FNUAoo83 za=RD)Q0dtxN=9D3jJv18V)zF;6q2m6A&M6sWYw2_Z#iVIk6NzR^sA$QYR}>700$Z(8U{? z)VB~^RS8ev-p^$lIBy8i;|UL77_Ox?fBCrmt5r38D-qI zvIWEV044kEXB2d*KURm+yPsl&9n;A};6THo6=4fZ_huqNhS<%XNKtIZ&w|peqWcY9 zjmRmX+DtXLi0$>ctJHqvY`4tKddoTXCfLSmNp#Q$sqnqU{W_-7_IxM9*J^p%feA5$jR zMHLB)r9vn!IivV$_9C!G+JpksvgM$qO?JI1b(~_>Yol^Vw`~IRV}q5;Ag?&4K4L|B zY9HZSyR8ducMX!TugT!iMdQdXo@CgVH+nkgRdsveU?c^dNq=qqaNuKmYp=hDnSO8B{vYhUXHb)UxAqNUqf75ZrAhA~#YE+ziGZLqDG>nyDUsen zf*`#_K|nwOr8kk@2_2Oty|;uSJrRk4g!rD<-us#7em=bOUi+E*-JcwXVFnlzPR{>2 z*ILIqe#=tWf@?fqQu5OR=Z$`u9-q2f*U$bO0ye<{QU1;^3LWixt0k9AUz{yjt*JFz z+~cZm+Ik&rXU0Sc;}rp$^|qZsgp3`rtY^7Cso)Wq8x)sjM~55A0%r853f!EWp8hHj zP9tmiSF)E|9^X(X;Ak%8P-CkL-#rxoY=eN(Z!qpSNdXZfjHmamc=1#_a>62o;>B!@6IXs6R`1 z(m(>6-LLnZ7GU--CqVf$-EcK4eQgCqK5b%f{iW@PZR_FN0S)O5_zW|l z@OwgfVY;Tl_G%th>Sp9*=WsLwT2Eh+xw3y`%5cl!JoTPpCkyz$9Y?`an)ZRz-ezxHh z#UL2X-BK30JRc^nw!H#3x|7T$9%2OP9%3vVd>N1KgtE9~)8YWvz(|qH?UPQ}#AHPZ#7(hjx(XAuc=1TyPLRARckqHNGe?Z?$aOA8~EmL*I#Hl)`rB z;No$NRrtF+=_m&3N7UCrIOF&MNz|-vmr8w4&=lMD)Gt@E$;jz@FVU%eT78yJAuM(` za6A1EA%B;z)0oipPm}N)MNdby3CjKHetxcJaSK|F;qt;sG5r^)HZL^0YLvOtHz9TK zu)X(K<473kFP9~8TwjL0bYfqf!^-CP*-`zX-ezrmSS%ZDrqXq~+sQhZj4L6?_~qKl zxV+PZJ&21jm4r)kUmjD2M8A@o?@P^J`saEc-Ff48A<$exL9UzQ5cUG%R5@qd16;s(PTvdf`LXIHabWqI|I%zRg;ETV`Y?}cq(Y`V5OKG)7aNG&#{T8q|Y$c1> z7gv_BC1j9$IyHu+fQU==N`_iw7RV$peI1;Qb|{ z-I(bEA)QaSDV*Dx*+uWQ10N-6mDz4_7P>WkNPX^?D4Zs8JKF8qu)Z+!w@MCTcUSh= z(IZ{t^GH!9d zeZub|?O}C_y-Ru_fsAKw+S^gt$AHZ9|? z&$l)lt9 zaSdS=(iiB_(=p31seTuDfxhJ_(K(FlKzd9L!13qslNm86ra)`G){t3W2>noz^!KLl zF^d<{i#yMSy%l@9#lsMII;OLr8s>O=B1azFmFR;%(<`H?k6Yis>$H^38%uW+!}(gw zo2{c&83t==_1>pn@x~_3fBAuogw&+((c@`W+I~~Tv{K`lWTPko_-dQ&hZf=GSF<<1 z(p$HtqV|#p$LC_B2QeJ>hitXZk6MK1>2sU{`7mNVBXe4Wzh~TlDJXxti+Irz$jhz#Q*+&$-@Wfte$`j2eAli)Od<3Tc~<$1FWJFOMwKgc%_b^*--+qf z;&#QoLW6vX7hi;*pJbR7;-L=yRGEi-Ji_fNC_!W_*lMGwLsKKD20;|B~UiAl=Np+Rb9_PC1q_0;t zYcEl8>L#0o=HjUCJvhIR3d~${VWYc|Nhe$#=)~Z@EUYAqd#fQJQ?$+AQEBIOjqr{50U!MkAsqQOjX&8haQ#P@ioeCrHOk<0o%8t_k@ zf`Q9YFRtw>rgR9y+knZQC&YgI;{yz1df#7B)Azo~)*dxf#VuY|aSdUw;m&d%?0s?2oyz2=p=1MlUpZBz2B>J1S90_h-KVDn@qVLSEnec%`sJQn- zjdMpga(aW&dnR~UOms}^72MYlSkw|L?sGUho~fch`DnPtM~7(mF=DZBYwSS;nv1gw+Y4p>=>8(JFfCEw<9pW5@fE%0>>jK3*BkEdynmDucRK>skq~&s=u$8oM?3xK%y3^xXrWW}mLwFuZ zNUIz!N$ke+tr+)Q#7x2+l=Go)&x*zHkDMz7P%f1f<6mO5tgNVm(ZAy>t8NYncr=Uio5rF=H z7)JBMweW1KfRmj$#{bfMU`hvXUqS9pgdw9y+fZLx>49|fk7p~`C;AHta@^ES_<*jQ zOJF%7(l~1+x>t{U_Ix@5Zv&_OO z_tcgB%UOzS+%tsd7NsPRwbPA0@1rtn=+aBve1xR6)(jbAlM)1Kr2XT;ILeevixO*KrS=-{kz z1@WPPntN|s+d?dhwe`dx>S}AL!ZA%T!+E}~gIIOdep%j+@#SO=eEqvsLv=TKKeCDl2T%E!J zL!{b^Uy>Ks&z9!VUF4xQ-Xg@}CA-zryIPpz16YyHE?nyD56LJnb$xA!*Ry$ip9vF_ zM$)x+wJt2Uwu1!VX?`AX129o8Jq1HX$yQ=9V!UZJuC5=tUEF^fSW#!|3wLuUUcK{* z1@-Rcu-?cVLWQ`4^I7ey;Ecdl^0=Ic7D$xE8?@x>PlEPa3JtC{Jb6UD>$ZWO`Av0u zlI&9)h$ei*r73ExsnL_o3%Z;{rQ*TO_?&#@b^|-*mJdPq?xgP! z%&1}Vr(2`!t|!*YW8Wj+>V2BZnu0oOdA{%ES9T^vh*8LyIv5-3{8qN+HyOXQ^v?#C z2OpjURqLiDwm7uwsFX-&%V&}oCZ*by$c(3n6uFu0Y{531;kzj`A2Imzwj30kQQ*dP zuV0f^xh0uJi~Gmzs0pkU&62`aMKJ%e& zs;6{(H0XfxP}t!n*_i3ogSekuBNa1Nk-Z;7e5pPa{PrFWh<(F6M^Y zS*eVKxPZ>>fNu~}q~va(qNIurDU&5u)_n~=PzeKqmBTPS7wfZ;=j+FXt*Ox7=77CW zoQ2&)JDV$z;sNp3sII7-lWQu#^l2J?j>@pdU!PZZEtdWAGi$NR&vL0s-)v630kYNA z@c#nMG5<4j=_nwB3ov&DOK--I4MLc*3TAYkG`BQ*ywc*n%=zTT1?5d3F$K+_SLJ?F z#dVWZfq#k=`)nk^IH%z>g^*LbxjZmZ7yRxhGO5H>CZ}XxJHSnSFO7E8F?M?N)pOGu zG5>qwNvP?#f}{p_z+dQxCIHM&GabMn31nPW6=6uw1zJ*%)X^{blFC zqhtp-hv}Kq^pBKLGt1Xv%}mW!n%`3d#+dTG7*N1sc%yxQ-$EvFcVi`PKX2j;B&iYaeD zhZssMA?ljdO#nH>i-w+G1pjnxFL9C$%x}~7>t**had+ubSE7dQ$9W5k%v>*s3ru#g zbxhJ`NXl2J{`C2B(nX>7Mblq@Q&q_n1eH<-K+K+%`3j#i;ZtAxYt0+(-(vku)#0FR z^0Ts3lCyl*^xw;H9RHtYI0DlXyzSSv(ab+j75~CTrHD3Qep9g`5fUz}{;M9nK1MzX#jh88Yd0B6t@|8?o#T|vg{tLT=W14{m6yT3o4AY~MC~7v*<}Nq0 z(YAP4(}J8#cWjmk@3t@bR#;+cZgA4Fzij@Wy1Tca<^;N0Q#`a7>5hC9WM@piix?n` z2>BMHx1R+Z3=hBc9C^C)y@<=%>qe56&P4k-2F(JTw|S5UiE9Rlu_ZtyNsytKhLc@j zhwBLG)M)T=D;A^MX-u?)av*r&hLl;-1+rvIq7kwxG<}#9KuEaPk5U~n7903c^DfzQ z_WeGh-dp`FpOHDt{?yx9QMjaM`C0dHN(vYx!iQ1fud z%^!Y`@`Qg=UAo5}`d(W^v|a%9ntX#Kr~97Ff=}-%tK{5P@2kQVS7w>xIX^@Ns0MsC zDM*?gqI*>$(pn{|FDCoB|J6fEADWX4S@{m;ASz-J1qFe;*4ho|aX!6p*8#mSyU@(_ zg2UXX^?}A1H5QnVg17N^LykN7k&a%#YI5q;oXB>%F-__f60CZQS4mL2nXPFiO;$K* zxmP$@Q6pPn(CFMl{B#s@RT-xn1LyTb^q;mB*lp#w&Tbq-+#^>HRXhzzs+*qc!}71D znoA{M6VB0rJ}c1ZT?F+koEmS|IjvOeYoBLpBZYKw{l+Bn*Rt5_?PmjrDpP>+HB^tR zLiSkIN+P2KMTz6(+eiiv1{1O9yz%$-&1qjb`J{!>Rt!-hX7ph#UZZSh&^Nyq7Je&- z`;e@j0{W$F7hu(9UKLqe5}5pZ%7?itQ*mo8Z~pcgxmf2;-z%-!?B~JLGcheJ_eJW% z6#9j+6DQ-s;j|gNE~A5nZS>bftS6k`|KgAq{rPDmnxcsK(hdeBn(TfoQ!L()tf3Oi z;N_CW<|4QKX{-Datz-O1lVw7(eunCshLSlNcs$COXp5`C_P>CeHluqW3CTpP9_Nof z-$LA8;Twj^#N=b#*MlFA$c>#Nb)iDq78-St4p_ijG9V~h0}M}N55j&^u^xc=hA^{d zPmbcYK5f?rsQy(?dV|gQrY-3yrT0ZjpP{KY7}|vj<3)C&qnf89T16_BATgRZr_&oK zVr?c~K`IpiJkWY2_ZhIYecFwg>l$xr6hXP)^Ec)`S(4X@AtX+KF=qxVu_iKO*D_tF zWadcsGFnAkeS8AE7acQ0;+vklTuV7rqe>G>Q#73JKTUTse&+2bH=^K^Zlj@L5(^e=BUJ13s7z|mglBZ2w>tlsc&2IOi zIMS}`fBnKPGapSaDvz4p?wn|qUQK-B+dTO*o_;G&O<%_2L&gM2vE*ur(ZIbbAdlXi z#xbuV3Ya4)LV>y%K{R%RmZ-C7g6c9?kBjk8I(|1N{Pv~`Q+n^Y-rgNp&i%$V z!*qpV-5~aJ9p7^q-a3+O+0`0y%i&ywh|j;NxX5fyvJveZWZx-Gjg<_Bc%~F^Dh%o8 z#E>xP(9jmdsdwxUbu-dfGm~%;;>;(@0H3&{?Q*@Bo_tuc&7whr9}4nFpn80f%6%7d!- z0qZeu?_qss)1G8+?&}tU5XdeHFVqjS|3D5R_Lc;0cB%Uf1_<4bHi*!-9%mj5{}Jfu zDtd3`vwOAzkM-HmNo^68@ct2q0K|Dn11l7Wv>iK||4ns)*wE!YAQSy@D@-Y^>sgtU z_g{BtAN$>-+qc7NSWUJrcQ03uB>JIvh{!%92qCr%{|k8T8?D1?ZRM4|D}`{wu3ql- zQu5#L3S#3q7pAt7W)nqHk7J)Rrx%nhCd=W?4*CToF|~qflhS~1SU<%mt4oiW5IQmJ z*xQ{WCj*RfpL`(YL6^>bogT^-IYqTgY$N%UE0YBIh=V68RV6%+s@VcPmrXp>J5gWU zXclZaw6%{7gk6Tx#M0eQe`(WsxN~ZXt#Wmv6To!s6P{o(vPlYtv28-WprYlw|D0Z( z-(#y^w}diO!_PBO^#+Rc?*?FV7;JWeA)TQ3%$%@R9t>Zsr_9fbKW8cWg~{dscP02+-#W19ex}0s04pb0?j`c79k-`sg!l@`*-9{-H?Y z6Z4q#SJiwDqLUi;a_JMGf`}m%G)p@N@qQ;*2yb3Y5y!dI#AO@!BVq;C03Cx+O&%brkDY|*{Uq6fCu3#O z2vv$#)4!aHI!|wZ>xn3H9JI!$4g-oA!p8%x#3UJtKw#hgsJoxW8}|jK*WBCOPde)+oJXIT+lx>(`!F)OqnpWNwWNqEf(%*CG_f! zy4=_5Pn~B4bAee83J*QT`Ngz3uCf!A@Gv?;^FsNE=3eeQ8G+jdEZ+KQ8j?*SR`xny z=0BB~2CxpLL4rnar&!bIem+6(zFJMejjZ-}9bDWV`+gG8z03ya-&REpTq)bEvl-bB zUYEZ-8?@xz+wtg4$K6NFp2QYhSyv7(oVpaQfq!jug2<0>uM()SHs)Dm$IG9+koZaG z*8Q)aB=o?k+Wdo3aMtB&uAbji+>EMS%e?LK+k%QX(Nr%6>}_5f71m{XpEr3eElK8S zW@j1a;}!kRS)UE*-{Zou>7V9;*@tjnt=GSOU6`}AT&gH;w$_)n21$V(H6m`0a4|J9 zXM05)Ox)iLXtV-}lTA)jTOoKpg5M~>J|KnOCrR8mFCZ_atmPte*T;2R$n~zEyOnF6 z!uivc&X;fBK01jbbNx*`Jhw+Vw+;B&JaD@YrQ74L0wPZk>&3~xI>P-2+WvZ9{fvBQ z*Pt!)gcAaW5|oJ*r9`lCBv_odSh5YKidvYT-IC0|#W?(VnzL%bPO9DaQ%5Jg_Df;< z+8{W`kpPTfMVTOiRz@Pt1?A9V%4q5=tDh(q%kFiS02ij|~pStHIZC>AM5i`Q?~wLEe!rrq-NT> zxg96&^QmfeiJqtkRF%lSoERk6-w54lfI+ky{1|62?UUdHbkxy=(*`*~ovHMh6 zff##9((uQ4^Rf?G_#CWJ9;TA?a{JN|h z`bC>vO|^0NZ)q1GG5vEgHSn{7|A=oZm3xG1`E z=Y%w-+nIy=3}w?4ZElD}Fu)&AX!5MwcoMYfadzw3HmhYkVBw#&{UR|yr((1ic_*bY z&An>>2sta%Ew-A|jfz}inJgInc@W($Hcq}%W9%s_HX%}@s97Rzb@}39>w0`xr+nC( z4v>wB@tmF%O8FljUWj$ zsvewYc(I1Pu>JMgeHST|Ff^P(pR>}2?r5`H-fI_#*KQbfgdV}J-r_BObIE8np!l_l z5h&YjUH3E*A^EhOIc3#24x#!q7!`Jq_u>^mtrx!a?Tv}g7N zq34jdir*XNR{bzs=QcR{oS9%)%?WpUE5&krID*$LmTZ>_FXSK z_+QFH9Y&3TM`9}3f}~DNh9!yP`&TQIoN=l91pZkhlnDpBhHqZ8T(UU;|ES=f^j8 zfTJkm{K*oxMPWEzt~EsWFYhG;39^B?0I#o1z>~fG_E7>#71h=-@T0{!;OQn<05OCR z#G%49kw9A88{kDO(gRL!tg>zJHjf8l@Cxd_rNw9NG}9rL7Yc)P0y9@06f6HMVE2)$ z!e^(Dt^hgI*$tuq7RGHC7;$$T*8A(lk#ZeLv?NzaBe79GE$D0?V~_Z}AV&rj{U=dP zX!UfTEXUJkVF(XJX&WqoTY4VAxT|g(mCl5cUI2y>w}*xXS$X&!t~_7pS7WF+v{-n3 zf79MEussjg-D`p7_pOZk7P$GK{+sWqsG&NH_A+Gl*L}4VE+%+KOVkl$JAOYA8OSAR zMi#+223ljIlPHQv_s}8=o13A;G)Z-L2|5d@xojB_L~#phf3kobFlxcJ1cb?me14Q+tIUp79~9{z<8XJr29E z+tpxuVj@Y&wfzP$bY+=o-fdbP6xR;weA*7eYrnS4o(c(ch@I(jr2g>suL8`W26I+K zwp%BtMl4|&V-%0SkFD%+L&XF)M6o)3tFX8mai^*}&2Q$AJNJo|umtr5`Y5V*^A;fc zQG<7Loeo$OFJ%y{5P=b_!Yi(Tdh{v$+u&;#=T3_VzUl>uM_rz0*0eRw#ktE1N2)#6 zn=^2(BASs@x6q7m0nCufflU+sLcFGLO+$>PVF;&KbEf55B3&2%i#U*coDQhzxGD^s z24rGx=TKLOYPd2AhivC5*Qzd|h)_w;&L^N@B*<**vbw(T;@WZYUVlacOs(JUY31%Q zE}Fuw+hxnO3L`WSHVGPbs`Kqb1Y^}b3kAT_ReJbjzF}zo*RWT%;`2RrQ*U>`ZD>mM zA@17$>&HKwz?m*CO-K%oEqh%j3E2}+-!WcZKP{xavYfDY$o|pm)m!I6w@w5X`5b_Q z^&n}8b;$0G>vY z+};Zaja+02fQ$MUUZgEkk5=z-6ij7w?Q(vXh=yht*ZZX=Mgj->@k}{f+MXm#{%Z;$ zLR7^p_d?@U?Ifo)g%F-s8z`TnhWmGcM*n>VxjXUf3FI#-Q!;17q3L2vU;#2WQ1D#9 zRQ8}_(eofr;Ma=M>#2G&laNisZ-`?EIC?>2&(hCdUqAQkT$eR2Hr^dJf11%d?- z8^X{oXl}$emCT$RvA9Qpt7Gk-g{;Lt-j(%J&Dm(k9M@-4J*k}&woltOjz(9bquW80 zZxjXMscXq;A&f)&>aD`i*E&*8O)mM(>BEQCL$3J=pHAmIn7XAWPR+FWccoCTD53yh zN@0>BVTjLJ8R_9^rNP)57{wb*PX3%xHqiKfMRL6aQL`{} zqAeb3LquaBf=k5yhj`HhrA6%n_vG^-IV$1|qqW}E{g*7$uCLI(FzJ3tRaxnh2OJB> z!06pQ9E`#a>PnPdMG?@11A=>l_i4-Svcn;GQey}uIh5tONJ1PBEB4>P?}ZSc#OJwz z19o_e-CuYWWOQ1)M3dW|gKo;52=nTYt@FZ74OTN31&zwt9dj^rXHd1*^4=}2I`p)k zgL4Dqx+s`$OC_M_h)*fUZ~5J@HlMIOXl%(k;KnTMFa&*><4MvNL2(o2uH`Qt{b#lC z-^@_{S4Q*CGL?@nxjF1#23{T;{olz+S6WWBY7a8{S2_VgMUmUKJCFNV;3M7ba(~PG zq}4nTqCl@N_Uf({#P=M7MwOb_cgS<}S-1vHu`6BuJSr%t47%Mgw%t5jS*(_PU@{>_ zGnlEB%ypgHWIWkG{t3+GL$u0I`$qtUOb5uosQz6a9BV*L`u{Ce9C4T=8=EM5UHmKr zXyv%*-4Z5g$ zk81Afa4HmOf3$kIRs2Q6ZchKkM*w}9q-h7$V!Jk68j!dv%9C1dQ>{CMg|s zADDM5cfWJuW-ARG0{IX_c`(DQz#sVD&^&Dq1I@niw}nLkVgbI{ZIk0QhvxDnDXU`K zoqb;==2U8TcPFP)nhp9X1gJPRpqGM`jrze0Q|VwoH=|iXpWpy8)RowA_H&3?+*`#u1AB$>A_uMREq3 zcau~Ew55fbqc$cA$N4|$b+9DgS$`vg{gD#h*v@+T4sKXTelXfD7dYMD02Z58+6gIh z9kaf;mm9bli%q<2nLmFArG%nTyou81ozVLFPo{hx?r1? zG~>urAqxhS>ICzUI|I%5#rU&?pp`l=wYWHXFfnumo|^DVYJLflE$unb+- z$3LB=&~aEy{XAvX9usSA8mlE)i`UU6_O7Mj@{PUZcZ3V5WHw1dDGyUeGn^;!szm~q zC(OU@3D6W8OWL`;X!C^6+6#$E-cdY0| z-2kc0{IJ`{N(Z~w;1-Tw^kj-FXOE=)^+0?9Vc&0y7`D5Po2n>-bRuIK1nIvW4Mevz zjTyb;Am1~-Cg?D)lvF4^^Sx0h*PZIZ)K7DI%|7wwB>np2fP{zsb6aI9Ew#%THDBdE z($OlVcsw*UgoY^Xr|j1L0E-bjaV!1&UVfgfzc_{xz- zF7@n9{`V9LLdXM$rU!`{X_8b?tz9gR#G|Ekqv3Nt8rN zbodaG%JR1!?&qkaRLstAbE;C&R($+mwfgc5_xZ$5bE>c)0d1Qo?h1^a^r%Ce^2L}i ziPGW@DkdtLuycO*F`9R;d226udV16rl<7;_YAAc~&Ykd&fBtk>F*up~;X|^AOO_|$ z>DKat!Ad3~QV&-cX}?-=e&ONPoKvg+)VFY>&sc66G2t9jBmK2QYb6uAv+LseUyb&% zCmw%z{kZ(4i8hDG|BBZC^s^uv9<`E7tiv!zH*ZZLtI?}8c#(z}cxClz-X7W+*wqw} z1xjs!Eq7x{g$)QLfLA!u2ju1kE6XfjZsh4|2F&^Axy;Md?%ifMR+X#Q5m05>FW2Sy ze3U7EC|8AB`0r=tO(Qtx;nNQu6!32=zZJnPe<3iBhNYJ*xs_u8SU^BOG{ zjiZJ`asAQoTYtA7XqN%!=Q2C89t?B{=m>@njX$0KhlG~T(*0i&+TkzZ#kcS_S4|U~ z1BDfu1gx)_Jgp+Yh+4bKlAzt?>I0Gm;RQ_aHx*O+@<81c>NDcv|t@Q5XQW47N$hV zX$e7gkC8(Oxd*B_Zc*tg**FG2cHZBFy@4!M^5ds>Yf9WQExO+sbhIls;))U}ysjp$ zyoffAgaCP)`FO{M)F-v6Usnmqxh-dzI-)-d?b2N{b$e8W7mI{A{-)x)h0p1N3Lu2x z_ge4)G4SgRqlOHbHs)!`xBNVWS+qU)6(Z|dc-}46Lo&U(1dW}r2eZ>XndrU{HhYjD;pOcl68 zOFVNT_zH0tSQ)q^f&a^79%^U%SG~W!2X|L5<7@ZP%a^J8-_xv{4S1fI#@Xyo(Sy#< zP(FiLTKPmvR-rG@+=k%aoMday-0z)={XK;l;kjyf6v2 zJ5Pel0O5#fN|U2td!%f3Tm5LM%5&tx%c*Y*+Gq7Wks-2g94vJlzwV3e$DMG-d3uz| zRjndH?H6XqzPNW$iKmrbtBVd=6MIJ$Y?gJ2PRU;>)6WtI9V_4D$bUVsyZtu7Vz_y8 zHxv)W0PpNw2xhs@t@6@RpvA-LNhuG^x4qq6c-fO>2_-p0Zr2ToH}7J9OennYn1!N? z^9#qS&xfOhDStykqcI}_WDk6Q7c?fo?#y%wMmI*OY;Z=a)N*Myf5S3je)x9zsOCpg zlg6;YT!s{AMQVH=5!T%<7_z0rC^K-^!)V)JXWSXae|~!#dXzHgV0I{i#P|;gZoGAJ z?9AI7c>#<++opHJ=mOivO{ez(QuuEw!SYQzy!4v2Q?|ZCAeNTOoAnyJPm&w4=1JoM z)gxZP4N%ypyU@&V1jVIn?ry5HR9%%Lrrr;&P~0aS_fS5h?ji<;?S40LcVc zlMbTo&Jk~g;ym@70Ef1hC&;#`?XjnyMp+%ba?eL5v*F2^2kU1((%LtYPTAG!B|$lc zBwqOa7Th3`)(?_+QrF+j9ez{Eq`+F{!<76dNtd~#L($%Q?C=7W#CE&o*CEEepxG>K zd{o9N4+XTtB}ju;4ZC6hW!y1mi5;r=&~rs)tYf!Ki6QJvxh~>POhRk&#FQek8F3V^PU=^$kB2F@r#Qo$1W`rvw0*OJdeSrbgSw@aSM(R_{MQ1b3C_fl z!oZ!LY#E|B-k;RzkC1I5d6pI0Zas68D;PM#YklAA>ap6F;|FK1^VOG@p1%LPmVt-3 zkpzej=U4m-aL?iT<&3%(lh!?4?V`FY%LC2BZ)+??{y3?&{OjcG1Af z9y`7X@D1|AX8cm(>J1%63**t%(Y@Nng0{Mm6zRcN8X5jkmrG3bgkkG7gd=vJ&r%$# z%V#JI$gZ^UR%@U>bw|1bk?B6B&7g+_jH*LxkSKMqF zHB}NFp|N)2_{|8g2;7R;;)h9e=*;YG&vWx^R^s$Ov&3a3$R0&|Pq?~SX6v&?dIAFLaSnmBN~I_s`AarZF*eXh#LNHD!6c{RCw_d#-Z zPRrX%08B8aro9B4!v^?r*Z@;e7q(;h($9Fv?#9%f2kSQdj*3PmeU_Sy&UcVhhOoG1 z)LaW9=R>*%JxH1?behu&U6lpd0WVg8KM#b!Z1Kiw%5cNgS*0QH*t9>U#Ff5Uar3(S zHNLF%g#Zh!6<7p91y}eSdkQiqrc}74gXLP<8^>k$sSj(}TN1~V>z1V=g;Eg}> z++Bwe5g(#OIl<5-A|w6`Y<7b=!i4-_3WMj@HVEvI%7HzTxl6G+vu0Rh|0DVYFm^k| zt-F2Spi=P4Tb-=^hjVElTC<;NLB*oS18 zeKtLSSkTGBml=-9c+|P&Fa(x$bLo(}DVM8l4`+<#1HvO;>a#z$2==s{*VViPpZ~vT zdKntdbyeY~BZrE{xehciA%g*9P^)c-K#EyrGNVhMg@vxur~1^dHkW zrX|xZFUs-$!^IRRzL5fq)5A~O3GgRy)U(ea_ zCrr1EYGnnV129xb$C1Qf(dR(owAl?3Jc?&NBPHv~^!7x#d@h00dEHWI0^XZ(yXb4d znR7IBxzBD0^+T%DBkO=y>yn*q={!lu795ivs?iRS0>NI_s$Si;c%}JSwROx>O6!{G z0s~dukrVrAet3UJbLDOTUeb0vm*`qfelq#7oqfJluU)`H{T$kj8^G;*KfTjs#d4-J z%IWeo8s{_Z!}HTHxJxACeVq2ZNb4uXs|GYl#d`fhsm|snGI45eERV%j zD|aU`9+DW3hCbs&L2wf>5@3D}TMO{N0}Ch&7{xsskkp0IIw>^E+pdT)cysSbMwC## zQZ#V=@qR!UK#VMN$hHg45lfGcq%HKa3>v1&6L&WijXfKrG?P#DsIt#QUF5LXyCZ)1 zsp=5b1(|K>&S9*Da&%$@Ob`2lH&OHexw!mkj#TCgC*j1$EM+Y0lKe^UwOCbI-kzh! zo&@Z^!=pMgeTb5)0sXet-AfmxuSML+(XB(b)2@IPro#HEXBfRx})r|n~MKzf1`UIg6} zDhVV@2Qe0C7C1nmc@nR!Qx$z@{3oH&H2HJd)UL^z6E@(hIxD>d$H{gae1D1~34!gh z<7mk?C~M<0&UCe``65zowA)|uL^9d9q*4F?>eJ{D|DGCc*NobjJ0d$3cOpGJ>uEiG z>!MT>KP24}I$%a8mw^fyL(lz3^VI{$fo5U7Q_Gk9Dr2E%z#>q%`h=#T#Dbf-u5q;a z_<@YY<>AZkCQY>(ll72q-gwYa*XUpxCthzxpe}5AMpY6!`29+ z@}OBhjqWe00I85qK?^;}#@}Aw+W`89hv};ayVm&bRkQX2*a`%d>{?{m;84s?Vu}reu{9bW?<=jCJbNDorwp}%_db7_WT~WDXI=3cXzbWcL zDB*xzuJ%=#*0|V}J}m~`liP8gdG>(gSeIZ#{DPHM)&%&e*pC$$=Cd@cBL$s#b2D~! zx7g0J7$cH3KQd80Uj5~FU3m}93qFSgs9VOaI9T`GDlRDuZ`0&9`>^=X_v=vm%-&=jaoha#gW=5=Gr=%9Gc#!Y zwGvYof3PP`c6Ve|mJxnss+~2k#&kl{;X<5nW79P3NG)rmrK#z1>#M|}H4i7I=aw(A zL63V{ulIXm81KQDkW>izCa_5)bwF#v%vxdeg*;`y(NwgXZT(6q>8Hb0$ z6b8MG{j@ox04?U;g?~n3+?n_n0emEf7EHDEn~D+6hLxpxI+sHh<^(HD9fdyJR9SYS zW%?M)pEh&ov|RTf@z{2jl*dmd6(N8|2B+@`odGUs9E&L8>Q+g@EGoSi-P8FXE#~at zJ{JWnEgcxJCxn$Z-Ha=u`N!^%G;|dV$fymV`;Kr&)e)<5YGNC!U?E&vJ zQ#QXIip-)EVax8=8@L;uaT3-oE!@Bg^{{{EKIw`7xqZ@>0qG|bs zqPtgmDE{kL z2}Lo#slL>;Y_zj8Np4YhqB z|N3R*zr66D_w(oa{OgVN=l=O~zW&6YKk@m`^Wr}rw148^pLqBu9{!1kf8ybvc=)IO z`ct3&sh9uM%YW)+piA|Cww?a;qyF^k{`52dtL^%yzxt>D{HH(vN5A+NndM)Vod1@- zV^+T2lsPNX60tj0AE4a|USPd2cwLQuGIQwl-!>1gOUTcoWytvkO8mz+z8{}3AM+~1 zNdCX6M*YT_Qb)nr@jn!9k7{$g`48aof03-t{Ojk}e)$CgE;PR<|EIA>|1Ouxpa19I z=lJ<^E&u<$mj9;Xs!fIbJ@r4Qe`~W-S;Uf`PEaHRVaDT{_PDX@M+TvsuA);vg?KZL zBt_|8osG0gwtP0o5d^HS#a zKk~#2#0(6!TVtXlE8w=PeDA%Sy;Yi32b5a}5^;kW8p3yfsI!FAn$qs=V2}x!P_p7? zTm?lH4$juF^jp+f>h1yaiCx;>)3_vBf9sd$xJazYh*WSRvR<-Mu5-MI`?1{q&&?31 z@8rjv5ZkAJs z&QoA1e-oqXLQy005~?S=iCOaKN)4~2=94wephCc`N;D-IQ~D{(hwvO?dT7}$0x@fX zo_2JfO*{>nPdd6sd|B|xWezsmYJri~B7t_H9wcUfl{UEnpf`g|0FT4{oP{8ePww*D z={Pd{^nE3TArRGxU>(&I2*651`$md&o!p!Q1j@>`c4*{IF>)RQD!~aJH+<|S^IXwS z@X(k#=3M}h*02k~%abg!PT#NpWpQeR^jZrYjzIW8=_s?A)3KTw_(MX-RO^*o)i~vN zYcy+H;mZbnN6&?BM>^Uyb3I&sz1|J^r3%Rb=*}&7lp7A!k4oePJnBD(xNL}gAHS=I z?hQU$coPzeG z1&7abV*(QR0^jQ*6|^mhuylW8s_D&g5HEs(?2dPigG2F$SgsgNagO#fANy6n>l19f zW9?=LUf7G<*A1U@Ov5-FI%{6?NtJl@HXS+6|DF1qtN zPyZeAXB=1W4!}!*R-^hy&My%&jd|vYqW$-3$69YaOBR`=r24?b>qAg#<~px~jOgVS z0>4~e2!;XHfNE51D-uWFg;1CPixL|Q@u4HprNhzBG+vchSOuecvG&-TTW^0XmvPTp;wAowkb_grVMa&o)! z(KX&Mq8>U;K}hW6@PN+&KqavF>}hl1rtu_$+ou~tuSaNK7OyD9ls)V?z3RRK>8w=EBB$eVk!!*}|{O~2wL%5Sw;1M*E<1gxwmh zlgE!LnGJx#VgS62v=-$6VGXH+59VaFv#vNpk0#Lr#! z0=<*Y$1lVLsIb$*D`k@}41J-=TsvZ(TQ;7iTwEky8`q@4K!}#;^Wu0KR-&8P14o}IQZjo`ntuad-9@71L00_Qo+tpJO= zH7`GhYpo9HcG@Z7wsmh%B1=+VwGXMBF+PhAOZm(4c_Z}%|Dy=I`0}k~Cd~_>AK~^> ztJPzkec2_YJNMz01W9)eUBq@iW9fN=M^yS8Khk%XFT{Wq;7{Dc`) z3QO%fe;Zp@6Qdga5Cy`a2PB z!(dDwMnlqo$MW4bS|^J`=X*tKR8G(D>6`a|gmV$sSD6#r>9YFNSr=R@ifjy>%C_d> zf>a-RtT&#wEV|$S_2QN2vwq#@O%4ypY#YLjM3K_KxK;Vmop#Bo$~qN?W-VW*2Uli( z=$V1CgHs+*7`EyGq$g#xoh9j9iuObp~K<_urX3>i4*zVBbVuD`;IZ%3{@QKt&1a#n52ik zWRTECgQM)Cc#MZH&SS^OPO`Zn12+57vL0~HOlnopn0zp#p(QR(XBxWKw2<`4zk=SJ=7b|v@=uKYCT>Pl1F$V#uN!V&OK*N z+n?1ksYV-pnPy_uY~lQRCH6GXi_6|A9mB!}lOm}k5@#%PIAZ&5bw1=s4xJM?u+uLy z#QVh53bw9a{*ujfoLaa5;Ic2Cy{XpvI_#-*>%)AyK=iGKjLEAybe+hR(AbX)luIOR z;_mx2EoGQOB}S~DO*~=zZoGlNY=z8k?ONTVyQr^|2si&kRqoT2>JQzQ=7V5g81%S7 zMfUPqRf75Ld|J8vMXJQyUNo~4xwZeKrX{t+PTI4!7U^{!YW3jO_igB-2X^UKE)!7C z5|6$UYd^lKAcx^+Fg3xth&<)5;NDvUcq2Vij3XZ&7;k5TE?qB-`7E$APUsF*VRY|N{vFS}u!9Dw4 zye#*~$;jn;%t`-qZ||+^kFu`^`ij_z-LX6;=Gon?ro7qwH@JMuKEAf{^bU1GcC4FV z{?f*Jk)7m#(-mOdtoQo1MxU=XdH%=1)yFIEZo~w?GQo%Nnca z-jgsO=-n@Ne?I}z1>~L~RZh@G2oYG*67rWY-r&oQ%|&fhwj+WyO{%QxBMEcE2Huro zVi#>_4;^c#{b6K1QdTz-7>Akzk%Ma zWOlR6kX($#5NA13u;pGR&fd7pA&!={+w!I^O;^Rq1ilpmW`x-gL0Ke*?uq99j88q! zUX(axUf1{dl{(Xi6>Ydln>rX^*bP>PMUrf==J7&8{!H-ih%29(o!A5=78E|Mx5j9x z;}@Msx}^pUM#;6a^f@Yxpqqw(HHAh~upA&=%S=!hh+_T65n9`yM_4H0=YMvGdsY;n zo1FTIml^J1gYR82G)&DNOQ%h{F~fkgfVq;^GIvzTzBUb;Ip@Jn;!YreiQD#2seBBg2a5_ zjjz>rmSz0JG6Smm;BUt%m!E;-D5~!%+FYoclg}@G`lX&z>duiaU+l@F8}Sm4d3f9J z@nD!dK~<>yAo1uOX}u4^>Wva0qOs{0(a|7w2WS;8a_Or55Lb)e__X!u&9`&k&`%Nq zhq$am#2>4Sf4Y19w@TCuX=tT2flBYu?mJ!jEV5?H{*173BAHZHo)=!>r1-$<-13cG z{sVvR^#1o@}2QVbyc3kq>r1}buR zbD1;2+9atR{^Old*!EIJYv`iP`rgl5Ji9Q4l|44c+7KsK0$qp7`|V(`~kPT<3j+pr`U|EnRIgzv5)%{>j_=wt=r-W7q8)_F~0a6Z+5_9Y(^pR*f42 z`NWTfxX!8&9`*Rrr|e`^v#DQ(Ne`5HKK-K!4FIPe-*%tOTKwvI#5$pLrg~&eyfZNs z9L}^e)tlB}F8AwnNa)vNg)!}&M}(Y@T3EbPpZ{f;7g4AXcyofjokWqJd6b*WM}`wL zo+Uh5XWqGCQ>6SQo5^S+ zsc1Sn+bU!c+Vz|3cxMRdpf|#6d;Akz#A(DQ84)IsOY^s)`iJk&;H2Y z%uuD}^O^b%F<~vaGWPLi5V(7UP0_Il)!{gKVUL0AH9U+Nr}ng z8A_=aOfHP(iSlOJi9fcM&h5BrZb>&43K9566BBzc2UyOU(5!Q1Ax;c^5pqX>TH~91 z+^1+UW}O?@{m}>4VH%7PbrcTazA*dzz1(|b#53l6f%T_h+=@-Lv8}_~AS1OqBKRx_(v;e85;&S$k9g%F~Uvq8Ki_$XJQRCsRD4h3UOyDP5ohdzyjiU<95e2 zL)-3&-!P5VWqvzeRD4~6rXFL24e+Pv$+ds7o$EkGL^79LU4a3NK_#;l^e~`c8ry&b zPnycd>gaJiN|E^nGr*4m2kagffc1?y$^|~|6bvPO$6w6w_}ie;igXrLCSTa6ka${Q-|<-h4gFb zs#4(%-!LOjE?&xHC)b{mPks1XA-fzEr%d%seHMN&7fhiVKDflV4rT%(VkUoJ?0{Xl zMy#jhq&z8vev*+p%sF)HZI*}alG|>;&ui){OwOaj^6*y{kUR({*nNoy5PC50f>dEj zG0Q?@NsgwY)??!2QJQt1h4w&?})V-di} z*`@S;1Rc+{#>}utLuCzU@z*rHyP;x6my?xyV)_bd&6rI#-#VUdCR5&%xk(VfdAs8p zxKb1Rur0T1iDQpq@}3;JupZWAPBuV&e_Z$gDX)^FHcL0}_v9>Md_$PO(*=)?6&6Hz zz2g5{TSB5wLNvgHFAk?Gf8w$}kbB48%b=JdaDTXqQKR>pSoP8UJLwY$esVteBKbCi zl=4G)GJ-2Nyt3)a9G_KV{F*dR49DmD?)1DHwo6w!qv-n-5&`3HqOaQt%>FDTtkP@$ zvOTL5G54G<>(&d%Ig0+-8%>+#^cT)jq*XL#iE9bEInz5c(>}4}B^O-g#Tu18a`>S+ z1l-|~62oTO0Gb}9VMMc&(+LU*h{xs$+(qXK9yPS&%Sp1ZZt{t8Px>?&7@1;zxH6{j zh%A*^?#>VDb+QQt%-U%}Y&6XYo$0)OF}uG60C8q3tg!Vqn57wi z{;qD*hiD8fBsM-Ezbb>KFSGP7I51S<(hb(bVh>N8j>o#vkf@MGJ-7y&e9b$A6exwAjuWlHK zPOr3`R69RZNYnH~^1LUWhsv)~jU+1UtOAj_AM!H^UySf_C#b=-Ggql=I$suTR%JO;rl z2fDpMy^d}g|22+{r&v^wpG_OZEkC366=tf@utfYJDG*9#syKu%(ail&aYRVt+OyLEb zhm80@{!V3b?~nMU9$L4eWo`0mYtBR5a%P4kzy4e?wOSx>KiTNv8f)fu6uW^X<{^DAF2hVYNP?QDZ2mJeDQxUy?2h5$oIj7bbypFP6ei5-Xb&3YJT|w z>vL4W_RpgO#UC=tzu4Bvi=7$S(VSH3KW6H!`W#*RYV?G{VGs;YrhEsYL-u}flY4IkTn(m2 z&LWIR^}%KBnwcc!=q)3)H1t~KdvMZ^X>y$2bN_wwI^};?Y!auc@^f9Y2vdC?|}@ANtQa z;NPv|Tazg|HRL6NTXPB2dg&2K{{6{|nBA@K3&Cu@4E);*-}z~!99=$xZoo%@u&NL) zI1lq9dy-`O+L6f=$@)$868qhcGx?#7ezjx^cUpZEc?K6vK}(QFqrjYB-5E zpj(#XXs@~ixM~`8i^?jTLS?+E>n^@~^x7+wWDqHk9Jj5X$NzkyBl{ohnpg1NV*)7^U3H_w8F zR7py32BI5!h4;O8#UDBOgNGiRElSny48so;X|F$i`-(ORTF4DMwA(uiu{(J(Vfg()HRzgpTpjiq}7lswtvjnJqbd(ssPwQzxuLGQp1~ zqOQ%^p^#i?SHVsD&KT=BBZ@@V15CuS&3l_wL=we-#N7-2EY-^}N;6Vr=U~c}MgQ`U ziIrhf#a^tWjNqY|pwD>K-}1_O<~i}urT>Lhthc;_0qNy|;GjqV5bQ+>vR&DbhW8>z z%;1V806jI%B_+AcN*PGlx(mvTRqt2hxx0iJrFL>jss_|~()Gk1MX0}JQ*iaLTU(B; z=)2Ni$OwW+uZOMyom>y2BWdfhH^I{N?@9nlwd#M3TX%g#Vai+XiVY{TYOQcGKs3 z0KLX>@NsDBR36cMMWVbv3f!l9l<$~tOGGCt3p2J4+$Mp_vv z^2d7=F>$93KbnAp*Hq4X*h6{@r_~e`#E~O8O!|iLnC`Th!fgEwm0y3B10h1N+h-q? z)9H``Fj}&!Tr(PDE(EhCowr-slohQXuaO6hUTSv>Y%$7P2}uy)$#K>dOcHyv+r)ru z;jmd-$1YeOA6b&Q@#%>t!YO;p(=hj1-EuGL?Ww0D)*4#2=_er|FN)p$f~x6WAOrs7gAc8f;ZK1q8fQ0*=f zwN$`soE3Q?i<4s>5K4es=RqA>iiD(K(cHT-IHUpO9 z^BiY5ucBd_-|$+f2_(I*h+_=)kVA4oxezq-z}Bvnr*G0k`fe9v_Cm_CTRR_Rl>|tH z%(*s@=Kw$r5HWbS0-HE5)N9Fd<}i{@ajCm>WBMjK+h61#jr9zppb4`M!@J7IQ4ZaR z#>6z#Rf_Rg$X-GbXzEay{(hq#L5sdmbsw^KQITU>R#fzkZsAU0TfeHW??*?Q!1+_Q zWXe2oG`4wZjs*({U0~+GU^)*uR+s1=OVJI(J6$j&t{!-9$hOdgx8^c6Q?Lj{Ugleu zu?tS+!Fcl|SlF`D!xgFR4Z;$D9(oDAeNP>ma9BOddnh$g=UYf=EBo$Lvyfp$)@XIT z!fLf29zXgcLS{d4IdS`pfJ{L*T4#`0`q1pKXDlz>Cw71R=*y`V=gJRg&UqT$E$x@$QcGr7JshsKK+>@M{3C2)VtnyvIv!2o9;9?+)<|34s6EaSc(f`u1~kH$&#m zE@u3V+$1~b&HvYi`X3zQe`8auvjK*Ody&9~8rMse2Bho?JHY(*-=x37xJCV?qr_R% zNV@-R!2|p8P{a(v>MZKlsOwC{Cj_eo7Jp`D__JEBu-lrRmX-f;>=xuT5O{!?p%Vni zb|R2tE^r`!SdrG$DcfkD+DjZCwa#I1(3_C#=*rW7nqyRIq&n!Rmh$oXIhxx%3r_Vd z@NX87OkrZ3W+VWVw<$P!Pcp!uIeS++e7W{8Dz0XeOtrcGLhpnJU-*jNvsml9}`sxHhdAG{*Xa*WBZ*H0euBbfVKf_-IlWo=@5cHTe!Z57QH|NYXp zZ+qsmbAgU$H$I{zI?YMmSYa;oQ{YT-o@iYj?7M;#^a>z{uHoIGek*)*z%;el{xvo_ zNuH-!uZ_P2&u}6z!d#suB=4gjGAr>|cgo+V(}F~A-#Di1{Z!Tx}6$RMgtCv1vGA7SmjI!C>AoO??=Xh`8DkbNNx&@+(%%!qUT>V{}bvBFuQV2 zrg0PItr|}{GL~ENB)+_*%#P9utQwd2&w7n>1BFjLm<+J4Iitz(@5!UxttiQ?{!r@W zX|4%l(#0ObT$>ZC!M6XgjtAeYc;mC(UkJ3sRQ_iyo#ubxI`_Z#U3C7kn^9~ecF~Hq zkv*Db)96o)+aJh`-ufB*ifh{nM2M;i$m9{^u&@;%a29ji&eU+=zw}OgW+rI;sbc0O zVQF{Q*k;Z&W*T*1yQ50Z!Jd*`-c#;3eU7>%7|JW@U?k42>FhYl#Ss5s_Igol4a|rS zyaOBxxM6;1I!Gdf`T35G3DHp=99*&ak)GTBJ$=GG5m~8>*8q7YAnN!?5EwguM2`AL z<7@*tu?sY|Fb28aKWR^v{?z|J8v^{l-T(jV3Rkhp#`Es(V5YBz-AqumYmBzcYZi+P zqy;1gu3Ugm%X?O{NUmNf`dUM|`;W#rr|%E%?!`B%in}-U1XKoO1Iz9v(Z72i#8Jr$ zDzbQU7GZY7)P7FiGU9OJX?x2VyXO4pt&?|;^39GHjb+T8=6+|MrlaB4DdsI?h%bKV zRRR4Z{mV|BXYWOfXyGP{NtfQNIs`Z&!(xJ`>+}etTwu&bCm)roP*Y1NUx6K?AF}WK z>$9*stMB&!bB#vqLiY$DW>w(XTm+F>h*EtKe-eE4kFn~a^Ml%ScD}e>uGjH2=hw8b zG>k>rJFmTSrs*4P)Hi^=o(2AMy5Cx5OLXZTBg#2+Z!V*Q7t32`7Ov!J5%}g| zzLf%slxgpU9%|PluQgO!8O!afGWa%qTx!s`u8TqOQZ#13p2AEcq;xDufyA6G z*%};jmgw>kqFji|^Y)eLdVBw-CxiZ6L27T-z_)pF!3sDT0tj8^yoI^RY2(M3hylzIeCsLCH{RzEMy)dUy-i*C z^w_boL0uKap0XuvKt?E3AZm-ShokRVWQe+hO>XCYWzBl z+FT|oPUsJ*Q#Gl0U^^>UdAdF@!u|x5|NAVGJ#LhE7=Bi4k~3#y z;=`hq(}m_|Q6IQ61cH>C{6sx92P|dju0?ml{%Fa39#_6N)l?v7b+x}WhvY~rC2_BU zpLZ{XfYKwclGu&Nd8cyFb?33|5SdGlZ`v!_*HqhmcaoQLY$#?kW)(U2RY$PuxbK^6 zIZ-Nx9fM{wkJeN^QZp;&EDq;O`$&7qO609#z}2%=+qYL|eU`6Wf4ceT8eh@&{3>^` z-=LzWo%5c}Nr%s-Tbi=FbmWf*uk1^!-(>IZl)d@``uY*AO1%s{?&X8*TrLAhNd_s( zKvqZcbYOsa0sEN#QeV+cAjzm& zOvYNbHh!M)FIvdQmpwLVV}w<>+F~ry-zd7i_~u(pT>2awvKiE;e`{J!!>HNMX`&rR z4ZBs0jC{tak5qd1?s;bO_}9Pf)nGFH@9aRKbL3e3Xp*`t?l^wYPEMq=sBd`eZNc}} zYmPLLPl=H;K+1qoR{1x@0$2-Y3;La}O&gS<)e>J|Rq6ajj6v@p*lF{fz4%W^ucbq+mo6Di?zm zcSRJF;l5_Gi@dvBxXlI2pydR{<%UdVTgD=z55&!osCf0t0b|9?#$(6AS|rZs_t9xw zV}IqT-GrCCyv3APChBW}ea+~P6B)b$`2k3AlFH{m(MP-lNty#N=x1d$9Q6>6iIul^ zB^-48xP=U9uC1?u6=~TLH_~H-wA#ppfJ+&!hGMM&vTX24(TlF9_t-RVbJD)MAnv0* z&=;^01b7g4DkdKqJJ#ucI`od3Xl$JDO&gYUxzVhZZ4axdeO49b6vfxxelUM%Fa5DI zb^>7DMgO<2K9Xc9q8J+XXzEXmx~cO?{~%#)&MbcVj)G)@%JUb3C@W7}T3X`efto7m z3kRot!YyH#rHjtL^TU$i7rom1C#*hto`t`!dQ%^$WJmYf{Ct=VpJ(B;R=x zRP*k|G2F*}Q#b`KL~_UM%{??EdzX?Y9EsROe~=&+QCXWBI=w&27?Ij<&9(X@(}0!! z&2`tSPk&<`Y%sh%6aI)+1X5WVGZbzTAWI`l5NG;}M8{;C9nv{k2XT)UqrtgeTUi#P;pUYR8XnTX2W=a$hXh zYux;({Nh2j)c~Wu<4p-~99(rvW(64sX3;b!EF}*S%X=eMON)wY86;0tN-G%(Y}dGs z!p`5_XlnG+OLpptnPq6sm2%TS2H6yPA~|4E)i9H35WC&L9THuhkP*C@A=aL}vb@yg&kKtpGPPpsUV_;=?aH9NeW1|NlCoD7$}I)Ox@$L^ z(_}0!J@1Lxw55C4M42n`!%{C#whzK&N#oEos{(7t%ZMN744O;FcNd4gKckVRK^b;k z`1xQt(CitxZoC=7woRU4oy47gi_gmI5-l&*CAw# zDpNuG3j@iXjkzkj->Q0fH0tAVl`l?3VIp5iHod~Mln8R+$|%QX>(O=Pom8NeA*swB zhcmr(W9aI|a`!7wv-40sad#LFY$USh7?7oJY}OQdSmLN+XSEcmK++z;J&j`ZvGt|D z0(URYCNYHF#l2+K-fa5!y=MYSa|EAO{zNI+pjOK5Q+>)^vgfG=%ptvhX3QINme?g ze4+ms!rjSo%Dp)w%%~YCg(-AnR@!6ptdROj{T7+cd@o6SjX<~*R()TkJuQGw3p-3b zXHStJai?ltuY)m@cLMY(j{A1INnP(HtmGOtW~{f7P@-}X&J=C?oaDJ7k= z;1Z~l_j2Xm>~1`?Z$tA!)4=p(T}P7759Q$q$%3$o|0*>$#g_u5#&eIqd}o%~55of9 zC@z>Kd2S_2VFlS|>fPks;wH+yUj(@$RW=Y(=q4-BnuTxQJO%z zBa^5y0M42qXzKx&{ybgQ-q!HiaXXDSV^?n3TutM4me5KU&dNka==CH!}H%mPNQNrGVJR5FTU@uyK=< zD#?JP!&!1%UVeu#ojTcSuV3y~Bc{hOqj+zGp_gCqy{lA_KIBmSW8i8iUl?#4EBOyo z@SHOs+GCDtrLwb-i~rFyp_|Z+;5DgV2=8!y1WwrPR7I1@V{B4tC4a)3p<3& zEZ#rTV#nlXQ&aH^4{d-34duu!ewkMVzUthzzdG}IX2)qm|5}wkzRKPuC5h7RJS(H# z**MBtT7r+}Q@EzbIwwpd>z`H%1jY;x8!um^$&8ZO$tS-$8X@_$e%dG!I4jV+3>syp zSaqJ#j!O;u{82-BZzWzJ-+x>w;Fn^Orgxvsuh+c|fXecUk`IZ4Sb`HO6%V!wq=~>Rdt;9pq=4zfR11_ZfhBlGHpMVfF>f3G{`2^^H5#GX<5IgQz07k*DJb< zH(2F=F24zCaLf+a50Q%rD(wv|VmN!J8A41XSih=+DUpuqD#+^3@)cNrgRY}9|It9N zzbvbFVPzc@*z?)>uGr!2%hcybSB_D@1wR-=iEavCrm~Y6tjMnjzHE#9g-&g_?x7%p1dE+bKN%ujv zTkxk+f^FV8me(aa8WHKUx)}AeQo>#;RgN@&YXicy_cX>A(mU?J|NL`feQTzMaO0g! z^CtaGo9CVGtC|Tm5dn@LQRU_2*rWC-`A)k!a@g{Euc<#l85vh=Kk7Io>y|c+<9~Uu z*6X__);yV!5mOx#QETI^+76Q^FDye|2{UmMie3aA;qEJb525XV$oqmE^cDg+Hg6}q z3<@y3p?hA36AvMp7x0@PW^H9@AfYsykz&~MmRG5Mv1qen0Fc>hLUi074}VUEd4o|2Ew1Ex88y~r`A z_u9y*_|aIZhbbwPVaBHRZo6c!gx)X6xKj1xK=bH<;ON zT9e(sY~iOTT((fObrPZ*^;;g?0Qxa*BodvOlHw}nsnKuOv6RM2mJ}vS=H&Sj4=j9b zbYqtE)A(D{2Quw)sER?(awDr~oMzWRTg$s>Ltd4Q>beJQC+&B5ftVe14L*Xnswqsw zJ|It&Q7lM4NcKNW>X55WBa-hOjDcZ6&_tj|%eA|5ZB|f1x`sNPC0Z^5nF{t|sJVUQ zO+;c$>Bcqc1Sq=o4GqMj44OrW>AhmBfC{W6e>emCmu38;*N%KcnWxNa-%C%Opm&#! zvL?W8XJV!W4^bU%2?vkTLL4GBN@GkCV%^4{KGSm|yEGSgt{T?WZ0&ylF*#7!$YZC9 z(9ku+4$D<9zQhz|^Q)UaCIeAb3wF4s{oBaAZ1Zn%`&K$&Me)-*?1%|qYvVv^Kpl>r z5@%l4!Q_e^JsP3qn3uPvUuxgkPV_yhMwCnT2oNK3my~ zMY8YsQ@8=Fx*a(z(p@&9C7$3gt5EB^8|}(C%@*$P$ge9z;+85K^*BlxNw*s< zK$V}P4xyNVv+JEoZ}X^6UnlxX9ezSzv_@6Qcn`QSJTGnd-l2P58n)j`{yFnSH+CZ8Rme@Aqfx+a2ht;3e#}7l-tWyauDiN24>HI-V6k zk1VpsoR!?#74fK*b%Y@8mOL|R;(rJ<`5KlvyzHib{V2sH`my#J+O@_(2Sq&YXF?FH zhHRnVPwm=Kq{X~2A0Kw3*umEZe6iy3H5hLh**4mg7|?@}1He53`01KvV&NAzi}-jD&c)Mp?niZzQpYGXyxl6CJfMBuC>UQ z@KH5X_@c?19Kq4m2E$eD`QFEtmucBo5gg_eCI1~=JkX*D^v`VwF_9sw(1Jeb8h@b$ z_Jpb6NJD47_k(q|;ozf^+6mp?kwAkR&bk**EnFVrhcIlm|D#Evg!$z1*~D*ab8BD9 zu}j(ia+yuH!&{Mexv;}(aE9!3YBUe+z+&;L805uG1Pkn$M8>4gwtrdL5$CyV}vw_I4+Y=bGj2cI3qe zMs+|K=Z3%~-a9KLkhG@bKRW(CS`=(=eIc~@EMwQTjjh3``BAvLPq<9Z)=U~~bmgcx z>QtNZXaeyJd}ZE9DE^5EAaa8^)C*Z9-};Km7l@kmbMU^o$?eS;A81J(w2w;5AT=Jv zjyHV~Yi?{H(PjDj(;Bm>eMrVx-P04eXhlP#e(vF5o8PhEp+>qee3BbygOM}A+w_>9 z^IBr17=6%X#0}1l2*#%&kD`UtRy*?SG^cf6zkj?OZ6XuD2fqY^j=`0>Yi(<@5O_2j z)P6(u@V_=e6-$#Zn7Q0l=<2089#;)>o^BPYIFf^+{$mejLNvfnBMIqj-h6Ssm2TgXl>%i~Dpc#SmQ%(_AXB60W z%C}Z@Vtb`M5%gST=T?1Nre@Ss_Z`}2c6MJomY4d`|LG@|fv#&iq-x3TN&&i?X4-wf z=Ua0R_&lTpFNij@==6`@j(rWZs3y0kV~}wXOwH)+bz+?<=_)GoX#GI~Zga*kVLV9e z`fZ)l#-M}DxfVdIAu{mGCJo+eg#U`br>DvtdaibmoLdP_W_wt5-_>H^q*X3eq1UCc1{?R zt0~KW`=5y70#u1+cj~0cTO^rYWaD~ojRxMoXF*6NoeP?9T?u)K?A1rlX5MyxH;>w>L(2kaZqh_J|a?1WcSH97nlWIpFu2ob36r?WV*i>rjY0U((~0 z%rD~gcmC>#U)V)+fo{O=66MwkSfZ(Xo6g`C)Qhs5EwisNvvS`=ZXlHe=ep-Ft#JPB zBV`f%cXWWpg6MYl1fa`XGq;<1X>!i=6{bkK!FI3CwK2{1mz`O@l%21M;Y-Ny#$Y^c zeBDes^XP{G{MTDsy$1&JY11nEwj=z0sXL5bPeNR$?n6aREYwPCUff=}c=ow7uoR|E z^pDmICWhG&r?9CZYE4_b?vpj^*Y0POOoRvO+m11wM#m z*VND7hj!Qyxf;(B-+RwksAX9;f6W$aXfKqwG9oIY@p?t}D*b$r14g-ypTb3)iC!b2 zfoRZUiE~q!Yr6)BFlcAkyjaRNxhpyrN4LjuFXPw*N}d?pD2c(;TIV*n48zyPAeSkY zq;PUE@dAE5Eo3SADnBQ4 zQF89G!X@g&A}tZw1%6p1NlK4{S?8ywp`XoKLk=+7L7RnEI@(`J#0= z0%~&SG3Ld$E^HD-_X}C0cwh+xeaDV@eMgIP8Qidx9x|G=)Cg?4oxTJ+)BfrT&+Xi-*Hv!$)1GoT zOOA_lx?C&Kbmqp#n*-Gv96*&Rqc*R80E&kTA}D+Vjt z|Mw3`^Jalli^p8aW*(z8G(i!{WRH3O`SR43(N5c5BpjGzfB4xs$?*XEbi^`99h_QU`s?!o^mXeYH)=0)j=G_;JLb7al`-P3-f3K};bF&DPF3O`eA{E59<)$aSC zRn=r?Yky~^eg5w$zOEO-0fhX0DuA?(syg@bP`ZDQiR{}jeIn5z@G0|p|5nR#rv8KF z*E~1+4nsJs-_AcL-CoN{^2nT(A3EuX_DN^XimugT0LJi3Y1y+-`64+w0T+Tf^xfiZ9u7#h)97APcYfGjE{1$6&(Y zwL>*d;Y94wqt2LxYaqu=*-U?rpYR>Wl;D))6R%O7@#kj_7Bg}p`+Fh&Vmq08p$G8c zc+tNmoK97N`!95%|gu z?qhYIprP>R)y-}l?b+*ZDz@tFj;?9Gu_y|5a_>uJe@Ig88Rdog-%H%#ORK@3S@w?$ zZWcZ38~K#cU+}J~b{&}eIXC%Q2K}*Y_n3EoDH_g2(P=!(`U8pAeSqvsR7Yw`ufEJ35I*w*XNqO3HWe~~aM!Z?v z(Q(7Z=dBj?2Qv!i>4E+Y&(ec?H@}5mqI~9OoNE|-_c@-T^ z(YRQAY41IWDeYs1l8&`B7w#wB6$6^|Z0))->9X}wK(1EQ4v9s3jLsJHQ571zNH5SEy_ z6A)?Zxi)PRJ8rCV`qN|JpU;2g{d|9A_|ZUN6%XTQ)19M>fUS=UEJ@||5N_d))kM@$ z97))29*XBmYT$6-W)`{HxapNyeLvUu;L`BhyRokw!rh!%B!}7 z;dk^aCc2&_^H#azJh_!iykG6=bF>DOr!0&uQ7>GV5vl5_$ZmgJRxgBC)Bct43z#>) zO_S-Cn3RWouJeC8r7wszqhLg#RV{vHXG74jaM)-(5T!rxWV5$A+y z)VU#4^?SKe*a9Mh{28{aRecK@B!}p2X}GP_l5h4Eaj~-?Nu0wINs~1eaAR_+nKNC4 zY(=DB`Evl1Bf9q)c51of!ErYGUR=lazLUAC>R%_XY&^Z^lYGrKEOV7OlHPuK&Jada-JreB-IuS7Y=7CW`<=9gh`~U4J=>T zt&)(bFM$U^!9557;L#!ZmAHq8yx0bbl0{D~zMzQQ<-_ee8V_7_(z}vI5Cpw7I#lzp1*9k-R5MOs&^O%G)c4 zLGW~_(T|B>k@^GSK67U3k0M#J9o{LpD>7wCoTe};qbFM-(vYv=IXG@%>ine zb>@7WAwGohg0$NFmw?l(J)HEzPzE9SlhJ-WX;6z*Nl=!epstvA7^_OTPgnkh`rBY_ z-A@sl)heu-hs;Dhebo(VlGQ>WPRgR=P3jxNR z^4fTvzgGGWJ>^d5^&}KT>i2E7@kICjB7t^ND^Q+F`A73Kw||LEzBtRGvB_Tr*VD7W zCljd*dwpv08N+sy!_T)P{S{QE7t-v%jV<>=U#9Xxh0V!{c(KTkKzx*?le3`KpKrDE zgDxEjZY($Yw{5p&zT{k^KCV8|(gS;(#HXjDSSjMKbC z|pnK|4mpDMe6jgGuyMO6#1TTzUZAvfkt%G@C z`GeL_(Bq7lPu=WD#WyZlaQugM zLU2shOxEkRUz-Thx!dcPnN7~~lWkuQcLy%Pg2+xJpfjT5J#`Fy{*$kA4ZPPh>+Xya zLq~k0lg<6GTjjYL8GI)E2RUN9AAVi8KE0KE=cg^%wF}7tSB5!~*FRDM$s71n2%TpU zLql6^uQPx0iIy>s8!X$%#G@b}ggd1Ym{2O(8AK34jKqE&!k>PLm@((wEDJz^KKePcHvp?z&5Utdq zv*ObYo6%DtO=SCu+b~O8tJZ;ynPcs*0mp^u=ha$~2B;s0oJ*b+bEcj^Z)n8zAI0f? zwlnK>F)nAH(e8VI`RQQ~g5?t|s%#@QkR<{35O@eA!T_4IZ5iAYuTP{U^{O4NU*DcHo zb1k3w&3`Eo-`V zb@)Q~N)j+9(P%8;0mi8Mrj#m#uNFX?aH1f zdS()g%+`CiFJuNp`I*lq%vqhK?||L@uBDrG@X7rj?R^JSQ|p>`6cqs}3L?^?0wTSG zNFXYQCek|ys3B##(*AwGXd8c(FTiQ?G?JL|J$wg!Y8p=?_m#Rh8B= z9g>*$)9Sb=Jy3=+cz|p<4Q`$8#)Il%UoXBIx;=Z}&3v2ciN5xWSC2INzIZ(2n_Lb+ zmw8s`RX2D5^c+PD>5YfBqF9ikgGy(x2uX|h-0=>K5NuV)^qCE9kwn=qpYD}N3F0I6 zEJVt-t26zSq{*`TIhgv8Bx-ybw>Z9{MaYS}+4$km-IA&S`k)Bv_y?n#(f5rX2S>Hc zl+4(zu?x5s6>n5DGX_wk@$0LKgcuxmai&*tGeyX+IXlhj8NMEC-qfM;7*ZCQjo#cl$Ng$tPT4$ z6aCSj;m5o?m=T4us8%s*r0&4$o5PSBbNkjU+}vMM5d1Y2!BJvGlftjmKe0gLPHA_I zo00SzbBKW62r-P5k2g^+A*@Chpb0v&0Uw=m?adQLSht^}g6MtjacInU^fFcILmDq# z6wPV5Vr#fhmy(MW|Ek0o+KMVyL%UltHxp5(q|pISfff34MWMB$ta-~5i*`!65X?RR z|9~^Q+lE84a0-ghQ@Ne);?JU||98&p-#WK{Gyd7~?N6{atYY()jGq(HULTf)>IU`7 z;|AO*KMX#ofkTS(L^K<`S%4^IIkZd|IlT&qRRQ4`%C6BSr5(+`RykHmwdT}|9I-aP zWum#ex{oryWemMaW@cRV--9CbtzRTDle}!^R^@KPf{;?U2qsOvFWI3%>&$K5VnFR1+6~2oh#<0-l>`W>(|1Ov>Wf4U z9FJr=t|NKdnXZ#+UGNGqZmPL>bA43`?`c5#f^XAdL_FD-?mg`wN5n4pdk6+ZDBfx) z4n@)XKmO!j^mJ_!LwPFxN!AsNLD;08t+K0B!p-EkYPn~w~6C;b`$IC z+{Kre8gx9kw&}bNT$n-o$R;!dT1p-9em@FHHKXHC93`y#qz_^g3@egOo-a&ikO7t6 zUSb&JYl%wi4IHKBouP#F-^}VW-8u1RO+hFrWF6qY`s0%gNdmb@`N6W9z5L5gV!8yI z?@vo^csXCZf}>Np_!icBoJuOFuS%E)?C~Qmgaug9l5gXaSNZVkLl%XRPT?UfJInh3^@kkPV6rlU03ab$S~1uspec`3f;i7^#?pkebtJhGTOrNZB(e z+8c9>bjX|K{VOuIma23@i5EtLW}cO60Sak+b|+(nwdq7pc%lQq^kj$GX{_g*Sc{^K z_8v5lY(gDqpkBKtTzY3Xo=D?%L-9EP+R8w7`CbOl*;#zYY9bNF}je!+-20eBZ zewHjoN}pK|Vb`}eZx4c?a!G#8*fO1C+fNCSDnyR-D4O#x0yl32k6FN=w5BrNVf|_f z-&moFKPx-S>{{V3s<~p&kMiA6A*fS;5}?J+p@qtdnnCjQM^q=VI+s-u{!Nh!G^c6Y zjV~%oW=vQK?Uz72bG{{kOG)?AkWv)^Yv*M?KHt+T8Rm(af^HRCSo|XAcj2qH1sm4V zo3PguqL}&0l;EXiMw$e-a|!)2=*A^#9dKqzQZoz2s3da|!}MT`U2WloAx;9#TQF=Z z`QTWg66qO!ye;nBsvf}(r=6R*!_7&MO@4nP{Z|{xTY^zvQ{CMi%m%q{rO)B=!mWHebrVG(bc-%EXB_7IQ!U)7Kx785a9(m zy6^_}eWl-QA{!|bZ-Gm%4+OY-+N6hYC;k>j|6M~_gKr+LYMktenASAo?WY-D6!VUF zQ`J`D!%*iA^KZzr1(f0BGv0jmafKmdIqIfDs&7luac>jgD_ilC&bD{d*di}oJ{j4j zaa2|)$$|$yI;6iic(-`x00hW46arsRj;u<^NXMfaUm?};)@T{C+MAD5(@#Wuq&rra z?OmS~zsIZ3REf=`eUD5#Gbz@D@=InhAIHVC7KRjA+?cBmmZi5l5$quRL^*wI+@g~{ zzaojF+kr!9LEI_%iqn_~y8Ii^7!;jQZ(Dc-QP==3MFjxbbl<^6uxjr_cety=qKaG$ z@9W#kkPb_nya}~ni>o2jrZ6x`oMf^GLD)3ZDFR`%lC2*3EoN8PqO!}^;Pryb=5@uw*6NC!tvqN3?K=;Dl+0$itXWqy^{R= z^2qCkPQ~x@$w2KKEz)bIceD-qlEODYX~(7aBUS7lDfJ(#jHBR)n(mt^k+VC)59Bw+ zt9F7e%&p`I2$-3s&Y?~LrNnEAdrVsR7n_=(ix6 z>JeLJ7bRbKf#kafB^$qHCoFC^=eH*0iC}7|Eh8sFh*(CDi;#(Ts%QMsx#eZi^vKTl zi#wPpzq01^%>vtCn=p;jQy~m}CKsY~{7}Fm0y)2DMoMju+bV}pr}yMKTAj9moDrNx z__R2`)DwzLF`e7Iq|kq(LFknRH06f@F-%^k7s$>tP(%^T#CP?it(oM&VJJ&kkE=@g zU|qY+{>SjONLQy~kA`i*E}lpe-jvcaJyAZ$5hZE_716hHKb>qu$eg1NeDp&|j0vHy zsMIypMWJgcd5}cK75@e$@zpRqN#p1A=F2Hfsim9X^%l)rUMi zx391#W>Hc(#O-OV#1S5sF?BI=(s$%2*dH+I8Lhb8V_ur#zyXkN*mlBnyQ-5+`3i(Kz~$?|5x#CuBotMNmM#Ggo2^@EUdh zn#2PAC7JdA^tf1H>+-%dCAVoLYFh>m-LXtW~^ct}Nls^Tg_LO-^8@53n=Ud3G7j zdN6r735Qha?J}!8H$63saD0;9d0wS#Wj)oTv_E&fw0h&JMC>D%vuCY5SYMl4*unA* zR;x=lmFUqk^(`0@Gv2Q;6Y#Br0X-J$hdGYJ(~ji_Al0%E&x&VqJ9T&7ndz>E$3`GH zIX$&1e8}2RM=oU?3lT(eo@-QAw4gJOuD%D$*tk5dE;yw;KN%dLq7y1nPTUg%YCz-}f(i_Df=+aT`Ic4tl@Z_IKD5q(KVY&`MfjozpH+O0SumY@Bg z|7H2HsbZRm=mYVIc7g7dr~Ewjya{p_#H7-N^SB{S8>1ML=p#pZNYni%Y;q_d52}M-3=o0XBBfHoMS;@2Z4dE=&dbfgGtZP&KAHvbFF*xX z4HCPF>1X?WKf~_b&2AD%o8PLd?bm~;CUt9??Yy&*%rOnFj&hPs#gu(@%FOYywn)Xn z8A*0?g<(*8v6DyxLWRFmt=xMDbMFtfZ*`ZMEW2&_0#uCOmp<^6>Kc*tfIXMuLQnl4I_mawGMI&nS)D z-dbw>_zjW=G$^z0Yjt$3PTnLeCfUL5ag5x9bEf5&oWg8;JWfxBKi9>v-3nJXO6Pde zCMX*t@+JX;oERDLoF-i5kJ2!DnLQM}lg=+9=D|{9j&*_$Oqt;2fY5uyDntuc7+TMQ zd(qyKBmzU&46G*FYF%sUf7*IFTEqA$+hkefhF?N4RXpkZ3~;vt0Z|!C)T~D^Qiguf zZyiIgql+P&k}GEFw_FuE_BQj(+PzmjK1XIwSjW{>rPMCRelbt#*A^VqurN&R%ICIF z3RUsknOMtwGZRJrIHv}r`6qQ6cF8fP9d>hgT@`Z$Zy$Ri><7D6?N>!@ z1Tk@ExcIu|X1cnnT*5=y*R@raYiroGl_;$Q_Y&zWZI=1znk%ic`5d_pDc&YdW8e$p zj>#CqWco)G)+HpOr*esg1v`K!){%CD>(uxAcy`#}JcgzV!BMoX}OC7n1X= zLTCKXUpSJ$fH?cKmfS3Z2&&e7X~VIpU~MuvSzl!)^pRnL)jUfRd&^lL6TOLfcj{e&d!`4%ztVV)XaE$aLI^70_~ zi5p!BKsLa8G)LWGoiguIzaLQsS1O%F=+op5IAA?UvKmcaM!f zMHJ@P{|s9x8IxM^(``wD`yc8~k``|a)&ZfNn<%EbQUIxe$BcJ}*=BxA4ZGdj!+2G8 z-@P9{Hytn~JzNiD1^od&$B!O`&wwDdTe$Ox{>RN(>r1doUUic$hhx1T-9C{LD!nA4c~xTjadi(AojLpFYc70KD=_YI27#QfQ9xDDojmj!+1Q&QX|1+JiW5-??wA;5&T}YW=ipOX`ZyU7DfK zGEaqbhL~2b+6uQ{0Hr;rZn9uRTS1ars{`9bm^JY+0b4aZK%A4U3?U{aG8av&CA|GA zyzrx||Ki)P2KMw@MlAAx>wcBOWlkAI9YIPTfT(I^X1L_qs%_&%TDUm~kE&}~W%1@( zJP<8U`>|MZ)O^WB^uB^$Y#F`jSTQ9>?N*tSnwz9>-xi zytpko3t0>vw^?{vB*!F3M0{b_mN;iU~4@U!kv8D#x8$ZiJ8C^6U5-3)e(tx z?6(jOA%1?)^6W8bXUy=!W1UNN?xfh+UTp4MJQ-RBe@Rq2fggEEwgi0BYlz{z0_XHS z`MV*=9dUJ}(W{Wn21#5ibMLm!AaZ>2qx^LY@vtqcETUJ|0(Ujr>L`dWXAavEVbYt$aHhLl%a z>74^JSs?&Y!fF(+ub5bnq_6@H`jIkNuzZ1QwEw)BxcyH3tXLyZYq%{$_$i;$8VbZn zILIo4<2t2%`IjS1e{^%eJVLM&pV`_5O9_)v%Ze$l*RofGB*hM#?0_z#` zDVGs96}sb-Pc18(R197&30eJ=F|{lZvA8jB%jc`x5(PdcNSvbEf3uaZIdcw;WF}}D z0)UO6y}Nj4xL`Gv@pv>jFRGE#h6nj{LpAUEg$E_sZG+aXddgWqy1=U<7zO_YZ&}#n z2?i|z!CjGif!cr$&JHHtEbo}aSshI1In~HC`!@9pi7gdTN;9hz5%MKcRVt~lVVcvM z!wZnrmc*BbL7;^WSahV#e*OKKnvSU1i!biUJDh#Y#5(5>2+&0G6rDjiDZSlU-C%8k$ad$q4P_sV&Xc6g}OZjq* zF@&u5-VuE22P#a7?#tS#Y6kctx9OsW8FZ;->yxm{S{c4DRz5jGr=bgY{ zB`&i2ehLINqh-))eey@W|6)`1RuU!~5x-|Vu%}n0DLXMd4ActiT^?g#dlvsjGJCRd zau)_92G<`KnRL~cpqt_BNa=p>OXi4iZOZ2uOOjvy_qgXf_})c_ZHGq}fq=@sm=MZY#HB%;$xDcr*FMHI!>f8)vu5WC0==Ier!7)_#hUF|)7jUTd4y3oklHc0jF@!$5i7od!aTCfte4{ZDA+}jykfyS zR@tXJ25K(TJQA4D(7jnW3e=y3v@hs{9DwX}LZ6UnNSuImU@-ljbctjQ@i5PP=`NJ( z0?*=cVg$!mt;YQ_D*N`yJ6ov45q3B;$&Q#x>L>8bss+2F1KxU5N$8R#Z|W^ zew}J{a}b@r=YLEug+)E`c9pGyDU%woGViA{7~pgwyibz4XV=k5Z2Rvir%Csx+uFLD zN4PnL%FJX=mW{oHOTTWH1`>oeZtvi=-glfDg&9Loj1*Cl!rUov85FpV4CaV(OB>Zd zHG-JGnCOR+*x{qx9HE}sQfyI5r+p_k3cJ7_oy19&s!`J&%^6DSo(8D~cYHBKiI-$^ zo8&b!`lzng?!EBv?%PzCrxs9q&n(bMUybA1Qz1v)UB4hWTEJyaYrb=PXfA|}O3{}U z(e;?da^kjppsp{EtD|#*mcaEjCaGkBB5j-7r}n8;_=SE@ecelD_8$7a2WiC7!D;N# z1gDT-H-pFZcMbP6^c(Ajm{DUzU%dy*B%l&)UAqb@F-Gxf#qpK_LQc0d?aepXIBWGL zSWXzKLP~Py1=i&A1qI}Orb7N}(wpDE13V5W9mE4g=x(nEQ$&}N$Ks;L!>OC%JST3r z4L?6y$I&x+EGp$=_q~v{Q~3)hx{$pSA#YanHsGsZd?FcaGk5$~0 zj;~^6lW|hoKjy)@U@Vw@K^Ixlaz$7}p3cmhb_4~}35K32(=uuG=J1;}@%`Zzr=_Va zM||G1Rv{(I6Q&-?d`x|g*O%jLuSjIYile}$1B|wPaSNcB+gp!yacx z^SA1B3OZ9Q&6Jd(=#5nrZ-%kGI6q(fxK!d~&aJO>;2FJ!E<*iE_FOnMky8f{ z3?gfbIyob)s(k5Nr_5v%@iM{Wi=n`q|v5l~Gf&bmIa0#?RVOQ!i8zM+@LKYjChmG%k|on^WMo-NPaGX$!% zlO1r$;BRk%iv*!dAL|OA?SJNwYqdP`;E=r1^xeA0VUY=C|(-(6BD zG$W!$>>`QH#54L~;Z6BGt=%6Qu-?%)3$N!>T|KLFyf?R5qkJUAm7WX*jcbKYpw$>SST&x3q=H zruNo)Hg9&a6~4FKQjQow5=l2j6s&v`nf++jTv4HEBTP)Oxz-JH71&7iYP>PoCw8Qw zT)s!H5z0+bAlu^QTF{|MXG%!!vxR{rme!_Auxyo_Wx4H71qZv}vf}NI}xZuBN5&!X$5OC+|wQ59rKe1>4$8 z;*)*!BMKYP@u)BY<0PkBS~9q$9^bfGm%W(ZlUBZ|qR`8JYi0htlC`4p(I?c;_Zd^r z4nn5F=%6j2Bo_5D`7}f=o1}ar6gT~Xe8Zgxuxi7tM1Vl4s@>=BZk}P;J`y`ObII?$ zrd$gFHEwvT5IR)pr{^SXX8O&1J4kv|S`m6Fi2AUwV)Y`#pPz2`o3bEX}(0k$$pZUu|^d3IocP-^h$nETNK5yGL z_p`Kd=Qz5v-XBZ7>Oa#92Kp|YgSg;Tq3npcJFcA1(Q&QDmE`Oy`N{D zGK=x+d~yJ~O*SIA5)6p1Nk`*6g58ARffV_{EqhG3oOTjLME{Gk^fsJVOR@5b{sUV! z>^RLazmPrA5P+jzWJ)Fw7Si_~0@qme10JPEGD<_J!^-D$z92PS3N5V0_-ZSe6+fn# zy<@$zdOS^NI^p#9WH!hVg4~V$xI85~Btw~#j?ruFB7AXu)B=Z|T_*1(y7&sITQ6Uq zIZJoi&fu~k7iKG(r3#o;)cEGvwLpCCEX5zc*_<27#qe3d@X>LH1mwV{8J9W-I`!#Q ziNaur5Fj$ZL9~8tMncUn1`MN^YtOo7O)PVRt3wSi0|jOCwN9%Jk6-7))h813-cxl> zNS=nOd`nBeTTDnLvy(7{RH7>Z+PseTsJ2SPi7|f~k#$+p<&R7g)^Ar#la#h&em9S1 zXbhG}tQq}^PU^%>k4K>BmGPABS=C@0+ynJhUP4|qCIM^9^UtJCAutr6DmO5g4a z@Y<>v3mXP?1qj}l2R9{`jkH>0=>W#uG#gT>4Da!h40g#bBqGf*`Kw>zCK_@EKkKEQ zDlH1oH4VjQBxdY2|41= zsBfR4syz1Uyiey^R!VvpP$3W60G}qguGZtA+9y0Z0PMvuDvUPU+i|8!KL2 zu&INMjiq6e%;biVHn z=ob?*SN8F+c5V)U@&s+5NK`nT*lex4Oc3b_>x4*^j4i)vXE`T$_u0{e7dML;B)UR& zHfPuUQI6|@U>awr9iXv*ywJCTIf40DgyLw;Gfz+GzjGcs5H}%)<$agxq_x7Zn%9v- ziym4Q*i##Ns^qc%noNT$3_z7GzJxH&!NgWp;hHa&L|2icnHyM(s;_zrH#bzr)C@L? zzeiLRrd&z+Q1e@98pEYOwiNvYU{@YhAcW*Ry(?OMZ=jlgu-{u%9Z-KN{ij-r0EgpE zYSw$kgTDQp&sQ_vX2mwF>z#j_(_lWSI&1i;`@6;>?bD-c%W_6y(s~Oa^1A0d^s2L; zrJ$wtx_oLXf9^NExm{OgO6Qy1nDZ{y(de;*DFaNovHa}E6`sHb6m=e#e0xL-zF1B05dA%_C>~9ZrM=j zCtbx>SI^WViMQWvFQ%-fa^owSBgQ7-!BKfyHDx2ztOS0MybmZv2|!747;U&=@B-R3 zBc&>tbQ>vu0D_`+Xmu!;(SH~vmn7SA64rk91qVb_(Sgv#^#jmF4FF;E|Lu4sb1V?z znJ9A>&^BwbneE-#I{_rT@^~K6JMa-R;A0=&vyFugLE(TzeSqK1>%J zrZa%_&>=oJ#0UTL@PSd@x(J5uK}{J-Qa}n*r21GL!o;X&43o`Iz49~Jj=KN|@TD39 zGIa3$bC%*ucRqnPq#dV;fQ~`R_Y5wf6febd^AG$}LWCs#DM8}Oca2-u`lt{3_m`u( z?BvY|2Ov-{rAIeW5+K8LcN~D~pnHNNTmlZ8;u6r30_fsAY8t#BeR1Ho-Fiw_#g)uY zO>JP}F9)E_4e0tb&__w__XCSJdVk_|wtxSJF?)h@6mPYC;84blCs|y@izB4FeGfol zJQP6FZzadDI9B`i4j?v)+WM{?a_18RV{-`{W3Vigd7^Uql-w@6mr#*`MUSIxaE+g) z)~a@1gJ6E|Zh5ZJuWE)D1V{=Lm2RCq*a0Y&z1ndB`A1npE$i^zXhwg4O=9*2NOFS? zw?BCf^qpDaKVCU9De!XPg{#J2s5lSwB7wdCe;)x#(N*rYcomR_inNTV3P|K%AQ=I- z(4QtG{ZD=`=P!RWOR;_w)o=^SWc?3Ix8`&=oy-(+*sHSNY0Ul|EjOLZK|oFKI{08< ze~(MR{vS6?gY-5n?$awpkL9~qu>#^M(z~>)XR0%+;)EFj5(NA{LfrD+9XF~1dMbZ$ z%$WcvsgCxv-hY%ZtxBdwbyPVVfSgc2Y)rHaOy<1Pm1l3Luoyr5pL~J-^S+xta|p=l zO_S>l`7}VO;hKSmE>$*7tK8)%pL3U^US9xA1ZY{HCTqg}$dG{tyBs^non^8uyv>J8 zMb0JFd34ziNpvCMaDZ zOYMJvXy9rRtsB7S4?wf@{SVdOa`8}3J3$RM%$S5Kuy&CTP!f%gPH!wy`QCw&1+1}i zlnCVmkgyYgyCX(i2E5`bQ>zx6VhlWLl{K@nh9#}d-C^`H~b zOO80z#iitQ%TVkR@6-N@*BsH~?BNY(B-J|$;4}4Y_0&igd?_NdsYe9UlaMiJGyp%> zRX-@k^r~+{<%{+W>?9l2ggCdbHyvfTiw0U20h)h3^V^XF<#VNQKcFvGJ*Ez5v#CO; zCtsf87!=_jAZy{&-C$0%?Iv{_V>Xx<3TlY8DVkGH6x*n2!lECD?igrIhQ2y>ZPi;ewCR{U6x$2g8{Sb)#Nig*<%!}Uu zs=D@-BhL+JdX6nb`Osd|8+fN}58{`8!{YyWLs?Ipr-Dz z_>W7Hf+9n3@O6$bzSuQLQv))gnW9|(#(PnYXYOA6Uz}k7N3Q;f4-0G--y2aN5x|PfBn1v zB%S>fALzl*?+~fdV?gMum-v#vAF}3-0wL`HBCVWC^d(a_G)bjw-=Oos^@3@KB$Y^V z`|%>R?gWP8j}JijbQBD|E6+$SE=#5;Sljd)eLeuC3318=)QaS*&0MLyNZ>KIW}DW6 zDQ0A5VG^D{ndbf4Y&&&AfN5j&BJH!b=W(O>On->n42sc|WYBcYjommhqvax|tirOm zt*UcdxFzb7hV6X~-YD3Il<0pG2ZA&MMtb2lBkkh-JHT8crQ)m2^&4RJ`JKTwxNh*r zO7KsAbfn|zIkp7Bw7@-4`fGIJXN2N#`^V?t8eplZ^Z7t5ZYgnEpo{WpODf_CeMgyZ zUw+{z`O|PWO}!a*48wpR7;%iM`8z8gJ`s)T_hMSp*I9u||6F*g7szZPiciRJY!Sz`Ud^wFxN`{qbwE` z7LeZI_D|12^KjIg4Tmd7Xc{sM;s@fd)AM6g+c8&@wwT#L4)R&C*`FLwID%9igD^ZY z*L$uri0Hk|8p}B|bVUBSU93^}AhHWov7onLWcdUBp3dqa_d}y;)m;$g@Tq@06Z(NU z@k`2m$7jA=!syZK=k^`na(pABZ=C%l>nIL$i$O3aE>R1lO@E8gu^?g0`MEKtKQh z_rZSvejd1~73zK!01ONOVE_Qg0Ad0L00Ke;;6H$X10enh1Hc6W&OcyN0-@h=2mv6* z9U%H0#~QpI9U$eS+`nH5pA-JVpyquJ`2~}pj!^OQ`ICr_6^UPl*KcOO;0A9amXo>2KolL`TFrni%S9u=kyGS zj*Kqw_z9o-3DOO5-y2T?%7|8Ol0RBQpNqgR(7x8w)PxzE8foiY)cR@n(LQzX^YbF4 z0|0NIKz~!6bG(27&3IH^3!F1kWCs&XT%@_zv`Z&A$001o+2&*}{ zIXHu`E(nWyd;1>2ARZv(_!l~^e}Nqw9RHx{;NbcP{F^LbPO#wf?g4&Y4q-oU{wIID zy@Eh}{X9;Czf^Aix~AZj3Dnz|r?37IOa;PgK8}V)Aj|;5Xm?Pe-(W%tw;)|}5C-uH zxtsztkBoE{5SDayIIj=FTp+CN<7IeM-$&_=SKYPsKp1QxgrV+%dY3@>DDPdD04*~R z2I&(%_4hUXy)43~SN%0Le$QL%;15E-;kN{NnjfVf(I0bj(fdVz`?}jDOE4Ye8A1{4 zZea+*G$70p;AwWm56A;V;JTaUQTk6D{~*&N{sq8vB^Mu^b07@z1F^g6uYDx@5x&27 z00{l$4RY7bUGFF_$R{Kt(CyMu9Uswo?d0&2e>M<)>*AyFyG|f>E&-R1c>5`rv&(rc z5C&z3d~)$I|6N|loL}I%qq2_jZu)usd^bRRA_^BTouhO<5atR9Hv2sII%h&;E6q1}N1gYV z|5d6#WB~ru`tNw;lH`QstmNwCLVwRmBTOUv2Zu*G{Y@XgY3(;&9skhlFAn~7`F}of z2b@7Z^?&E}4@}5iNI9e(@*dI&sfSbpypTr7TSzzL-4XnI`Px5g(e;ngOn=s~Cs;G? zf8hL**8xm9D)Xov1V|Q2u1I2jqY~&68VI&qK-1SR%-`MBEs$3O?D<`I^?aPfMR}zp zr6d91XdF4h0e~%*pW_1oOV^)ik?jDWYJ|t*>;Fu<7zzND;JZh$`DdD7Isj0+06+)A zDab$gH+n=z7h-?{patJ3cHjiS4+w$sNC9$yGN2A<0T%!x;1Xa3*nzFi4Q$W;KnMT_ zZUNCiJm`dY2xI_AAP2|?ihwep8mI@}18u-Z;1e(mOoFZF3$O~HfL-8_fPjFMfSQ1j zfSrJc;1q!fffRuPff|7p!9@a70xJT00#^bbf*=Ao!EJ(gf)s)bf-Hgpf>MGSg7*ZS z1pNf#1oH$d1e*j0gb+e1LMB3P!qbEjgbIWjg!+V+2yF>n39k`eC%i+LNce~_oA5PZ z72$irkA%a7bA+peI}iXu31NYpgor^DAes;(h&ALY#2*p?iG!p;vLVHgTCko6A#;#5 z$UYGX5hD>Vkr>#5b&1T0oQSRwMG)O1${@-osv>G38YG%0LJ{GJsfoFWMTnJ%^@uMM zyAp>GM-!(Jza*|CZUx__FT}efBqS^(f+X_b+h|4NL2`rS9!Vxi2}u)4KglA=4k;-q zJE;h%Dyb2v18E>>H0fi~*QAZ41EgO_(PWflJY-U2+GN&bK4g((X=Ja+8psC7mdFmt z>Bvu!E0G(KJClczCz0op*OK>*ly4|IDCa5nsTin)sWhpsPz6yXQsq%KQH@h=QBzZ&rdFr6rVgY|q%NRt zrkfOoVJg4jgFk|G@T}$16>5& z6S^9@QMw&^M*6e#M)cnF_vl~IchWC2kTRTR&|+|AxWkac(9E#N2w~)B)MRvGyv>-) z*vj~YiG)dzNsq~cDW0i_sh0`G%)l(eY{4AL{Dk=(^BfC=Pix*20OBu@u%Kj3K>8z-AOn+sbUTM64R+W|W-yB51Adop`9`!oj;hcJf;M+nC=j#iE} zP9{!ePAASd&N9vkEo@>Tsd6bTszz+xOKSwxF2&jbFZCXIiY^SgB(5ik&d3ls`WoFYG^aLVme`l0&%SX5EeM>Jb>RE$bY zLo8UVP;6eDMf{?8qey&S*)DAoWESL+={$_yuJKW`B4QX1!IMK z3LT2Xisuv&iuH>7N^(kpN@Yqvl*N=im0u|@s|c#NsN||Fs`9BisAj3osqw1Wt36kn zgPw#sK(nC>>ip`?>MzxoG|p&vXuQ_=eope7|GCO@dzwm`;hIh7A?J0@$DQxhV$d?z z%Fvq8=F@i7F4RWp$m-nCY0@Ru)z?kd9o6I3bJ8o&LtT)+5PqRWpGx0MKSO`vqVPrk zi?s%X1{Vxc4WA#)8JzjO$EDOpHyQn0z%oYYI1QH)Aw|nY}XG zy>#wU(xpjrA@d;f4;Hi*S1bxF_AJj^rdZBhmbe^#`J)wwmAlnjYf@_q>zCF$Hd;0h zZN6NQy%K$8#8%KY)V9-(!_Ld@9gG&{04ujAwzsr@Wsh+%a>#brany5s>WFgEbV_$x zbyjzN;Jo6Z>XPEJbXE0g%GG68Ro7J46*s6`n%kPYrhA6_hKH^P(qqrl$TQCq?`7## z;!Wml?_J}=;N$7j;(Nk3)VJSH#4p-!?wZoIhu2X4`u;Bi2m)*a-Uc#(277mqP*7CR ze6U*ZlVEg+MM!xleW*`pcbITkY}nFu?dvaY5Z!RP@d17kehWSyt`VLUK@i~>@d3e) zxP$m|Q|D&>Es9&7w|XKaBU2)`Z(H83y~BOy=AFeTov6ZSnrQ#%(HP|z?st1* zrDGq*;^Lg+y5c3{)8aArobGicoK1L?fKR-d*qbDm^z1&#eV_Xy$N}qdl@zLAI0*~)M#$>o<3_m&dq~s~r)7Ynbna-I5 z&(xn4Be{|B$b;wZ&&RTKvZ}IAXQ$ZfF;-=}Q(`LA4vS-iCmdwe`y_-Kj-@RbAFuCZoxcWKZGv>>kuhd`DmUxy5 zmZg^KSF~3?eY5%YWz}!>a4mYBe*Nipq3;zx)PHoNE~CC|_;27h?`^Sf?Vf(sU# zd7zzO1pthnK>NYww|U-AjGqe^zeC_u=qL2s^)K*mbHSg_aE zf+jk6Ju=lVsRM-4(tn&_%Fz*URa)vNKtSaWnkHyGev2CbNNWKA>yO7DX5#VKTyU;1 z4ggKpew$w&VUy4Sz;pE@Xqe6U=F#=92fhiQCnG^o^Fj#t077~K2t5J51>gaBCk71@ z@c4yHKnNisCLtvwr=SE8D(L`10tkeV2trJJDl4z3tg3!n zQ~RO0rM0cSqqA#ZaAXTw~;ux<$rxE;+08JvqO$DT>+Azn_9d zKxY2b#*t`0CHrTBMgEs0`$Mol<(dS|XTqNcgb=JH2n4JtBJdz4B|bVx$w0FTJji}O zD1IKG8AM45S~$NSc#sGINCV7F0{*8aCnf*&=$~Kl)8IPW0Dc0Xf`E=4dI&uL1+bXx z`++Z>6UGT0pT{~lZUg_-HgJFYMXn41{uB0)`;1%mO^Od260w0sq|51Q{2SbT<1(uT z&jM#`K2~=JB}7~ve)?sMhF~?d)n_y+VqkXjJVpl(_&^VAh%YgJPE}P&C#JgUph<30 z$=-W5cxE8QaB{W89uGu6L<`~pO&*-?3?A5sgQ4AFk%;ZHc;Iuw5*}bH={ykmbnsNU zarHAo0}r%tbRw44VHgS?%&mj>c!2s0$_y6`V&AkxVjPpu?naTw?XyW3!g@Tg$h;4= zTS3XseOYQ%4ehypf*NAv=j&=ml`y2ijyt5SM?{5vQNsnfDwG!G5e_FR^b- zmhj-`*oCG2FI0IX8$rW6W%`BTv{m^fZCeayMaKm;^#o6+cE%6x$gbc4XXp|JI)}^v zwRQ!zO^F9m@xX50S^_hA`g7~bL59kscTh8(T}>RK8Apcr3r-A(v(GvIgMM{}p)u(a z>dV@QSD`P2?g8!kS6%l^)unqO1#LGh zStN*s$(5&hoIcdMYAQWg5mGP|-hKDI>fKr+e@S+n$lXK9>^LFd_&nCZ|JiMz@Wu`I zJZt^%aA6H!Le>-=1#^?3)C;C2mN#h5dXM{9XE*3=q_-Q`m^@soKcUv_Mh>g&$jVEf zzVw+7>1We$X~T{mQQ&d?b+oPN?$?bzfj$xF*69XPsSQ%%b3V^b(7dRf`S^Ja5Ac64 z!x6SwMn2=az`Eku_-yv^fu2@`_n3$EvxmIt`tNGWuXRXX=)~MD@j>~5pKdf?|TY2Z*XwP_r#v?x#sXJV#O|xo!D@-+} zuPFajm1R{%LaybARPOH9^U%+l4_#ErWIY-Vq)aVscqoM`*7m^O?@MVAmLoQdS5i#7z?m0-<1e64WJpaQ+> z07ug5sIV0GQ|1%=vHsmwda4ASz`;y^5cIi!3A4)et{7O)=Wsz*Eh#YY|(?T6h*3 zHiZWmOTQ!qTv=*PB1C)67ss&P+1A#sxnvVx!G$Fv`$(iqe^?chiBQB1T*BKyJq-$7UZF+zV}knl+En+-SVZJ5Z8WZS!_MP0==k zG(>$rfz7_cOKB-?M+wcp5Rsg_+E^{ojFq@jRz2kP5>+wdQaPokB2gM-VcRkPVE!gQ zeWWqs3a0yY)u)u|GLI3A0*mjihr?wLO)*p`@l@2;tp(UEnL-#9I_blJX1>kT%2_ew zqwGsG+>R7c(IJKFQ|#BCGSChqs8o!uEgHqBv2VD{Q3e#cTcig>v6;w}o=JraMqFFJ zkf|3?8!#JA+3mk3{Gplq)`J?(YaSN0DSF>4-1Ek{ha*xV`e2(n+q8#puw~Y)ZuvCo zL0wDs`43334TzO1JMB*pA4^KtYXmh65KtHmBI^+oI9s^D8P52Tl4*m3ULomK%VQ`Ii5&l^8 zyZ<@u+oIq7{9cjIJ-a#D#{#Q@ytsBYxV^D;X(wKTP|Qf{;`2$(#HcGm=Tdsg_u(sm!$-wD%(T(5~<8 zNZz7j^DmBG7po863L8;&m1+;*)8f?GBDTL67f{Fc^^FQ_s*IU4a2eqn@o(w(Dh zLiSB0?^bdceVS^AmHIv@RGy^XbFn=#5E%n2i>R5Krm=baT4w(0NzWRhaz|T3c3n|s z4WNdysi|q*&ihak4|Has8F4kC2t1(6@$^jVA_sp~+YMEX$oxG(rV(`A|s}vd!T$bKz_@OqO;CpBQC$|ZGSa0h_rbQGM zu+xt9FP7dd7zym7!}Zjr)nreJ4JT~5mrwRSo)qv6ptoQLHdVFVJ{#)!kBP5M_hn(2 z7pWQBajb(F*!(z$0o3$fC;hd`p+cr0KXQWPp+c%>I@Z1k7}qR}8mbZx+*8rvZ_iul zD3M63%XM6%XJ$%HyJ`<~d>-vUmRS^r&rSQbAcHz^->^MB!mj5^f5x$0Fu*@d z?Q!c>^b_nUuZpa`NgrbcJn-@wrUxsM_i{Uu)wo0nmDEa09Xi^AJB><<6OWjj*S}NM zD6P#PEs(&MBzBvjiS3ENt%-LmjcRJln2RWhW@N%F+mp75dL`o_**h$4=D}N3(zd>B zt-f{dt}hnR#Yj1vvC8=lV?iSgP_XDq3FcKoGnW^WmE8->v?tH6R_X!B7SmA8RwdVj zdg;8-a&3lqF;n8VH!o%hkWI@A2|&;p`@V}t>kw2x3z7nElI0d5SXtNDF!&;RhA7c~ zKzFQ({T@wt4-D1VN-Z+ax>h=$#QM#I^D(Po z&ilb53rm)2Z?hYCk>=R4*KnCx2G?|r6sGD!_%jZcqTQ(5oLx@#somzE^Pbt<^Pd&F z{%~}iK1UD5vbboM>O9Eir2E7u8RgXAZUJF@%X7`P*{4bLkpj`2px*WneEC4`4MuCh zmo`-2K&d^pk}_PX)z(R#)s$=z90>w_6xdY@7bm?#cHhCMFT)M0o~VzCmhe@*gVBti zvv#elp=frxGj&D8dEqKRl`u_Xw4SDNBOfDIIx=us2AoA*s1m!8JJm+>JbhF8&BuJ_ z7W*iB9?n~BS_=JpDPD%x?b>H_SNKGe?{_uP>71k0G%U#s?4yTkqpeVRb{pxfo`=-e zz2(MzL>&inB+nSc6)+`yDW>dbVwng|3|q0&$_q{1ts8~&_-@!})uGm>A9hnBeCJm~ zIjpW$`vl*vzLx5XBHs%>!~=YTfiz=z%P2flGbK?X`= z$lO%Ws(3zXWNmalStPidmKmLDfbxy1M6!9Rx$Z{9|~%|TrK5se23MeD^j zB}9sjt1S*^kCsJe8!)5);DS9<(vH zO{kw2l}}?E#_ic^rO0+2W})AnsGe;NXNH|^-|+kZS`ccCp?xigGF+h(qS&1!1^Z0* zH89jDc1bS8piqUPZ@j5C@_wB)HL}21Ay{WzJ$m zAyp%NqSB(K3=8ruyzM7NUnl0iAxMgWOQS~*LoskP%zL3RI@s<+X_DdLc}wer1A%~5 z)@wcdYZbA#&n4%c7K-(I-odv2xWjC`AuC|#+1nrF@N+2nB!dIAh~3~$^NVh=9}(~U zQnAmRkSPXt)_otK!bKL4H=z~KHlqpUIYhiST#@Br7RDUa^W|OAlQ7Pg&t{zCW}Hiz zA1(%P1>~F_faLQ7^AQ*EKqO+Nv4X4N?1st=-Eg1~T+w&I#$f?nLZ2|)NiFesSM|*s z&h$`r=g)}`uxW`{;_irP6W9|qC^oCn4H^rr5N|wGi|B=pafm)+sgj!Yn3xyeEDPha zIDh8!aH8HFdr>LI$d;SxC*B__V$`uOeN~)FF!I&EzGGM6f1?f1{8LjG&9nOvTec2$J=Ddp z&b^%vUy~o zAN4jlgv~*st}9V&5-_OS{qB|8uAO||V|+8f9a^TAG%sefz_Yfrfiywi2zWk;E$pZm z`tIY9%JXf&ThK%;ysKPN{dPhNA^F0)_FWlJW`vuF6`XxhA#1SSJMWwe_S3lUE1SHT z3}(g6&q@3}@q+n*$|1rbvz78|<#W(PHOR2*?F&`q8{wH1)k<~+-gJq<&(79so;7Ij z@?UhI&8(Sv%h#Ygl8uUvJru$)U~_OM+$ERg8wiF1$MfWn!kxs!?PIcTFa7nUt{Bo- zeUzjEEy*0c^RnRV7@VLyeFJ)5AdgWYnD{j0?kFD6mJJ;4Ml0jAJ{lc*;(;8FT91K} zHmqLEhsZdg*IiJhdey^V^pgeOgdiw6oCbXvZkML!eBU5s!IPWi#z(i$Zapn5duLMx zY#w~hDYcW25@cSPMb$QXCLPG(0Zc<65+`fNdMJw_Lglp~#+K%LrdtM=?L_($OXZ># zY!&veM?dkaeYbkjl8E(g_3YiJbcO>((I*yBOS?BWByOvik-qnx2ol?dG3h<%hwI+d z$_Y&oXrku2BdihVFW)k$;Yb)Injf5E=^^wmA_ou52StqXYI7p?9B8I1K^tG9OQ+k66Pfd1rs?vX#hxJ;MdKGR?K#E-m=wRNd zjPU+ux#>}x`Mu!G$C)c16$Nn_XJz-7?kYZ5w$F-rxxUWXm^~dKbT~u!aURAldVYAH zp}KGtEtSb+*$%qiaWWV~M4SZ=K?C8+K~Q^~z#FCF!U9juhSof*6he4@2&+J`;YiyK z!R693`!tlqX3S>egJosjRck3WRei%7kGeuV;5!n9dIH6hHw2R22$du@uwp#XFLE(< zu$xF8ufW{VN=iun^7X2iuawGYM@x75G*dQRB2%uYi(b4h<;uh3jW{CYVGn7lV~fbBCj+2Mz<%o+KR<47ohGE^^c8u*oUK zbJYVgIq3U&pi)`Pls~4tCeBX>D{b$&oziHFI+V(UGog04u}>_vZ%DjHKG^sUqhRY; z;4SLS#9G2yiBGQR>w5m^y931!{8|7(FYe+2(2=gQv4jOzAGX(BU{0g$jnyrT(-ECB z3RP7JUou?#oe~v>%Im61oC))}Qj7o^y~3E5JG;;)cz`A}?F6B>h?YTQoYz>1gj@FXEOFROr_1|Qgg9(BkUSX%`0bAT{R*)}a=$+-#8P(iDD-St_bJgWjUZ*9*vQ8G0d%=rp{PYyq`Imn% zhiW#fDfGWU;eq(TWm#o%T_>v5%+~}2{n6}PgnnI`R8KiJ4CHq&qA6d(DA5?%-Dpdi zjVj$98;LXKgsF%F%H0*F$ zuTO!DFz=AyTDxq>ZVdS5YoY|P{$Q!N`?BHh7my@q&$eeAZ&8R?(X>^a+RG_6<{`H( zG_4BQ%ZMgsSux$r4Qw|QVQhg>V2BqQ$u5V|!Uk}|S?-b3-rj2cDiN0}@3pf2;7@k; z&cC*Gw$CiJ$MjVRLOJ&RL_3e~JYu|ivc*OZrFV)|v1$+toi0(s7PLh-mirX4Mz=m6 ze_g~4BgDhM{Js3=Y(^k{bvAJR8OvJ zGudQo(u9wKufmjT&ldd0PHy$=?ns<-v&~HVepSEZ#3bAt`&>43+{Uh|aWF9IzC+HN>N`tgpGEbO zF(!>g;ZI6JC7RU)Q56joqh1z2v@+P9->?WVcDhq=&)0&6;(;ldy}xvZj4v_TsTs$V z)N~*lH?f>-)9Fza_gy{Cd$MiU>7=Mttm9-^z|;P9OR-v9-?C_@|usODy40H3dL#VPit}~ z#D%-sB^y^7M4X0YR_)bN4Ek`lZB+vzI1^@+-)XxD@1;vAP)VLUIgvy9Owuzq&+JAp zQ}A2M4^Uzi{&^@f#uweIVv@Zw(NsCYCrNpzTU=iv<@s(>W!Sr}>fR!IQ{RQd+P8f) za8*>yot+-vmS;R~4#jg86w?;Xp7drIsht;pU)8Y|dz;_ymX2C8kziNGcWT?5)(9nx zB-%3+X=sZnd|BiBIJT3Gai zkVFMIAj0U_VdZx+q`FD%dtZe^7-3lvCsDZMg(8N%=8T=jiHh}erz5{||2To3%%A2I zNy_IP;*gJmL!XEG(2}{Q>1L=_)>I@8oEyx$uR+Y#W&4y)S2?z0)tsa10=8v7Ah8bJ zj`}v+B(}kN=s04_HG$0{OI8^tzjF7y^Y^XTeU&nKlDTc!P1t*71VyOyuEkJEgrrqB zTycTh&@+iwL!?|oAzJ7%5oc=P{U3?vE)kmFb}kP83LRIT6TSX?*s_`TO=>rt?C?jM z@4bj&_TYzoC}cX96PIP3$90y3*UMX>H_Xc-S1-Pe??@RqPr?$te!YCFy|sa|0xdg-KwriKL^u&!4RC1sI;c}uo47Eu)#K8o!!~hmPVPd5=oslW zJA>=2>zu_N5mML(GL6jNSQ=exhFEnPYZC~_ISom4iAu?=+NM(c)Kx|cS7ys%nrx*_ zZB2QoUiWdnPHw#x6re)U70_*T#`46g`3DD*6~zMlO-a zY22d*VQ}Vyaj@G~5`F04{Od+?U)dk@Q_ZhJZ7a}@jfdhsw{`sU zZ|TN}=B9I@EEPN2blNA{L2oZ@D5QxIV~S?ou-MajbD7il_Ql#dJ+bf3ll3Xrm2{O zXIy?xfFphP5vn7YitF57hyh?9fP4Kh5<0GU<=Q>dJBue?pJM4dhgMv`+O#)P)k7Ds z!PDNpJ0dWtK&^=v569*6J3n+VDc#$4uuC_doSYn=Y;|{M&>#{jZD;bJr)P37zhn;v z210HMN7wl6)*1};6ZZ1iXK5RLo%2(b&S(#Fv-@Z!-wa(5x$){*#H9ZhTC8-^7uc$; zs_Tjc(qYiM=(I#<<#~uX}GxIx~6z2i5_f`KOr~*=ZL)#CSu?( z`a^teK11i!<9o&zlM5XEFA#Tr-ZGSxalakAvG)N= zo!9l$b7Ig#3C+Ro9&gVjgKKa4_zeVq2!;uG4=D3IPL#fN6L@jvWd>1F?<`vIW_t^A zf{ONlT@10EXZD&0Er^J(mzeKkhFhXwcY{2|q;21AD8<{VZ3aeu{qpcTze}{d{XkhG zRX#bJG znwPVWtdLCbODOp@fq;+DdRAJ)x(Ylxp z+_id_+l|h?akES^jT6uoSb1;BVk^2}K0)3f?K^cSbi!Kjj{0QUT&D=rw0tTb`zcCZ z&dUzvyU14GamzVqTc$1isDV(nh7=NA?!i`UjZf*u0Ve!5oowlDz?u7JO`3QuZBgZO zz8{hz)8tursOpuyvy0}<0;DQZr~0bD#|mbCe)z!uT-pS=070rw#g!^bkL#^WCYK)^ zt$H7y$2$0byAAw(e)I1{T9{}tKi2td_Yho&j!rr}h4H{XY2f|#X_>VF7}_CwerVN{ zLjFBE>xDj(lXz!<0)aV1j*Sc6WI2i~>s#0V>FFDIjx_(x(`Pa9GCe@($kSKRLl%DI z=?guRSu-)l_m*~2dRMj*``nvvBQNqxywOHgCRsc~X4*kft^b?useS+U)Gzvxib9~{ zbi{~2sbuYO4q8VS9S%BLnT9X~Vb9Nrsq6nsH} zHpO4TPZr`jXNf>R#E+QT3ZrG>iEMrI@>74IxZbS`PUoU&1W%u|!(C$kl(itfvc>zVc3XkT+b z-tM`?mN-KO;q#&)-NQg=-Ah4{sMn@^qyOZ|K%c z3YeauWr|OMn+ zim^lA6_bG`AUVF*!{!x==j!YF#o+QzIpL*6PjzEYwbtLm*?r+mckeUS1k_)@2!6lr zw0>|DmhzubVoA@t3m*(b%-#)rVY{LH*q#>*+mhpJ)D!uPOpKsTHyn<+Cwl*h{(9;3 zI?uN}lPIUTyP^aBg-`H8sZEj5qbjU)H9HnbRX^NlBy5Tfm)Wt{=OA4pE4%g*2yV&o? zVeMYl3fy%{))b*)cDS$ewxnzG-asft?`z+yPi-?Zk*@vI;`gx1vLE>qvJ1LK4P=9Y zf~JEkyfAIpClyKKgLde7nk>ySiRh=}BBSH2Q(a*6(;-B60bG;j@e? z>{xzDO+-F8t z{-#-S=MquU-raWI(UIYU>X>n_W&6Cl`9Y^KKIC<&0u>oG*WKcnS7nis>athk0CfAp z?41S~jLt}7K$Z%J>JxfbFJCbN)q7Z`h{Jmny^!bG>LN1p~U}Y-xLZ|CTT5Z}%XbLflBvcm(t- zxMbfV(uG+1V$=Y|+*+EY^s3i+fo8lg05|vXuHZZqSY%9SatK4P9e;FrtrSEp*=PMO>psMlUY~jly zVT|w4Be;;r0&GHhKCwpdE>C;ysfzTf>TBBRofPRQ>?e)mzUZ8y0HjE}GW!5M zuCk2Xu*>2mhAn*?%E*UIAp*Bx`4NPuGPKD116b6EhREgSDm~UHciZ?5?XdU33Vj}{ z%f+I0a^?dTWoqqFp;FQMXNJuJo<1z`wDR?|#W`p(S<>&i{-bpVCKIb;W9--%{r`nA z{+}@Jjuz$!{&N1aMY@0MW%-ANn%hi@7-$dJa4x6Z2>XdU9|C>^@o%`s;@#|B2=9zZZIZ z|F0|JSSSDc>*RmQ%ktkS6hDj|Ly)1bYm4tb7A*N8fCm-|kf>-dKsg+`DT>6{1~$JC zgH2Vd7b|XG; z&NuFFL-%%#aNaFgI`Kg3sFBu*k?=A9;&yQ1n#>oB`ds>i2WH2i=vwGJ zHEI@fz;k#A&bnA_Rhe#B?KyPSakXPkHh?QtNN_@ia0Ufg#shccn-N>!2YSgz_p5o? zNuFwJik438YxNS`U8EEUY0JiWYNPMS?opTL`G>+IyZzQmn@0Xj{9~JV0Ig|un71W^ z_`rdjhCVJao)DTi6Ygl+zP9-9JQX@e6Uw`cU#b4V^u zE>5jfeEzuDpH*nzj@nqz9>UBKP zJf2n`I}!f1ALrOkKDLvO?c`%S`PfeW-_K6&CcSOE3w?|SIQq*_;ZOZzGNjb|HsrTu zXT6!;=C1ba(7K*z$B+C6E0&UhJm?+knb+K;I8}@4S1;bCz1L#8bnhs@>i9g?!Eqb- zkJ|u#^j8!cxJ3aiJGyV9`2&nt=7w^nhjNjb)yP%3j1y5W+gyi&^ovQ;shqM4TxOP{ zh-j=H+B5~RL%ot1-9l#Mzzs|>@~8mK@`{Z8we`Tk1y#d|kyGy6#rN_$-JR|+R?%rX zaR#*NAIh&J!)?*Yi$)V6Eh4*l-lkj4YBW|PrXRHiAGK_qCs#gId%y9~^?Q<}p2;vB zxZg8Q#BDX@lrR=qHO^sU={Lr9`c}-Af^}yBn$I^Ci_B9^Buh*_Ja{D@TmE%g%4m|O z*;*_n0WQDbOO0{*RN`&_&PKUN9!LMq@Y{g76@8I4bV{I1Tcc%;xK}Q<^~R6)Nr@*I z(4#psSC&hs-LLm1NLGx>h+U8-$$2sDuTqnvY93eB&Lv6Y*VR>vgnZ|%K}*kBRwth_ zN6kEB7kYm)bluUyR42$@gIj}5cB^`wGfxW@v!D}+2izNJ@++?uOoTeMiGZ=K6Q^@O z2xQokQJ>1qqH-=*jtAOb zjqF^iW*7roadH%si8@zNyvJTuLBQ_%lda8tp=*&kcB;a&<2#50GB6O3=%pKClkzr> z6c1!^j1+xdn~>Ia{o`TI+Cd|h2(d|Mk;znZv-?o31P^HNU~WDLM_Ph0b4fV$3xnB- z_R?y7g?QkT4j$k=#p5~*#v=0Lf%^;<%Q=sz`pUn7UuV;U+p&@B{6V)!N$4v?`WJDN z-EbH#61q3Rmr@=QAt#c1s7Q@Zy%bBD66Dl2x<2u`u5q6n{HAQu7fWPzk@(-{ zC|!~r`6nAme{x_QXwpscZ;KZ|@c0)SLVr+wn5V_nboEbR|01V*zs_+f#~S;+sUNqo zpZ&t|`*PgF9QT%g40C@SK99$j;}Q9%k#lTa{O@Ux2~#51^)Fk8$r76D_VOBjriFpl z<~vWEMmeGhv3=4&xejRjcbc&2KQLzhM@(jt{mL66mNkdL*hl;D2kf1Y61B=;JcA9{(ei^?y6RIWFZtJ0m>S*s;d`pY}TZf2fW9!{Oj)1F*0?!(}fj zg07P|Dmq(dHTZ!Ssa@t+<`%bkTM-?D6&wj2vto487Nk z!I{bYz-i^+I3;$$F9Ncf@xYmk5O4#y(QYQoRp=Ny3=08+@qwg$o(zQdRp>T76hi^~ z8V&{b!A?Ka16@kgG8mul2L5@Xk67^A>}5Z22binihA;FG!{~q5n z4?QFL(=4w|O`#Jh(VxB)eV3V(O=!4FEe-y83}l1+3W8gOPDRt#cbD6+OT)8ZJbJ3ss6x`M^K&cT)8a5vVSh`(Y0oVP zj=X6d{BDLs%5WB)a$lJ+ViMU$*l4thIwACN#XjJ|TMr%zk6D?_21}^N{8Z3IJ6nBv zn}v|Z&dLK~CKEe?b?{gH-#m}D@pOay`A5va4++&|v3EYR@DL*ANo%^kJ)_#7smu0o zTip8?#JyII1UJNI^m-hIQMP=82|>FQfSZE5G{ofCTED-M_boW%wd6Olfy;KX1-{!i zD%Gu?`;FTZe5Mg;Rugculg1*|ggu}<4cu;fYJ8}e*qj7-(EPfpMqQ-mwJKHXUU8yC zreq}=n{=mW3D$ln4NeYo23?c~Zt_XnauA&N^;N1@`766~HVI{uidH#Z8__1u#*1v+ zw^}~DBeQt9JT$%>Y8eT2QPtP&w~|fbK_fNa)z!YOe`17+&Ykc{@EWW^h)Y2(=Bh%olery{U3f)9<|S)H`mR(tzLfo-kKPQ)kK32F~RZ zGT5vJVQ@!u(iZO%i_HymsM@XuBGk_2!lt_`r}MC{Q!jt8vC5+kYhJ$@1^QLfLPW!M%l_Q~kCsT1cva2a?Q-z7_bKdIRpN!hiIAq2e?xPQwq; z1p4&(t%p1Brsw)oA?wnZD2t4L3DEh{}5Sx~t5 zME#>zFR375Wnt>#ipEgkIS-NGg@MC0SAE&{mr|mX`n|VJ4REeUl6}oQT1EN!O|ex7 zVw0g1+zDXzfUM}k$2zcQewc)<0{dyLOCcm4ATlqw2a?ik9Q^G311q>*;h4KF9tbKa zcB~>@c6R9jd`&LNOq*RC5wkedt&2PuM_U!Wu*!jIpVPp6!~V-pwJic`+fqqhkR++D z*N5y04QP67X7>q;>p9=c>;^~$sHiylk9R@;Z|s6j_&<@iY^P+Oqz4ZWfK4FE!@{l- zT;v*WoP!?Fy-HkWF972PZkkxlPI4ISB6kHRy&Egwjmm4!Ji>E6t~7q^#WtW@_47TH zB2wK?XT7@8?CQxvl{%$cdj2slb#IGMC$InYjAA`o5g#L|@(^*8OKY;+Q1gl;aC*pbx_Z#j#e!b1s!~~4==D1E@<0$m`A~RwVsCAL?dqXQfy6_;9i1`55$^Y2 zv$QG$Z9H~m+_K{|rGonQiTgl<>`2x?b8ze2O-dvVlst=KIY0eF+}*#r5Ip}c_TD?L zscu~tMFl|-kS;|c(z_r{DN&IwBE5rB1*CTfM3LSiNRh4-5ot=58tENGdZ-B?(i2Ju zq@2Im>RxxbgX07PQ^Pz;`Op z7M%!+qvJ>!8I1VnXLgsJW0@BU=G~KxFy7b-hV6T!Oa2RmDI$dc{Ocv=fPcFGMt{Jk zzPhbnWM#AY*YhXWoru%l7sSGvl=A9l^K7s`tcH*~D}Kba^(pK|!^7r6Kzgi#$iomz z6fG)mO_u_z3~XpzS^4iOzrk27RJ6^q8ORB_e3m`DNUYyQ1f6fI9zUYKYTmPCFfM+* zxu!XmKRnP<(Yt5GyGbgA&6G3z_O!U1X!r8kVBGtaaihWpr0c zTpx*3TR$uT*d4L`kDP3&T>ymg0T9y-en@YgmI0t(ZV?dP4e+AIO?(Wwc2TfAm&f`W z;V#oOJ8hwJsj7#_T@l2?*X2Hf6oqzdk1NlRm#*3yzNq+zp!(Z8b6Qa4&n!P;UfKs2 zmipF=L3 zRua!RIyznx{=mkYbLI}?m|^XX_QNUBf{DZU4-)0O=YLj;6`9#4`y`aT6Yk{UWN-d& ztN4FQ_5Xi0&OGSCbqoD4IV{V#3`HY6fK{n;tCV;W=g9L(-Ls3t{5`aQj%UZ(Hb_Bn z^rq)*4ckKVd&!Yt+e*U{rkvL%Gcgkh*_zwhs(RyfN^+*PIx2vW#!fwm$U~^6^CL9m zeSx+$*ACjtCdH(;2Xth7fg)$zzrE;x$1}!$NuP^0Q!KmRThA@D=0tHsh8w26OSNZu zC8TiWvNtV_49n!VY|WXmf;gc|e+(n(p9Zh8f(hq-k=V zW;8oBC$D7cS{ld|MeRJ^sK4mj%5&{2Gqn{OanG?rXcBU_N&b#L@APjN@s?-1{;2TV zZ@MU0+3?kx8On*9yN7-jaDBM0_1@xFOQr*Io2Q=HScd?&5wGNYJrn&R=k|&0F_*rQ zhXyGT0l}PU%%@kO_=`{3t+t%A^1E}nzGM7%8}g>)i#fiEq`H3VycRCM%8r31f~o^x zVRS!Vc6aQKcPU?;k2}UHq`f_$q8h(Hi%1%-GrKx1PhKia7afU$)X?ioml{o3SZUgf z)h2JD+7?c?NJMLagw2G9JDvQ zw#Ij5cf>#LXzw?2T*ry6%o6ClO8Lue>%-UF^%=>Y++L@kR;IcJYw?*zv_w^R+6tkB z)LK~s`>nt{T8F}VrNS~sMY;JO0I1U#12n}wbLt0_@CBfn8HSRy49ADsd@wozs=fZx z5aFQLW?!KKDA)drY=a)`4RqII()+z<58nfK0f{|q|5sw@U&^>p{!9DG-#WX6vKJ`E zw|#<NqJxX#`%YEGKrO2YHQyn+`ta#$b5JgbSj^qJ_4A_OyZU3G28j^R>zC=wKjLK` z{{&+;>spP(y6OReUGxOFRLVcF<*w${zTgvzcHlICW=wQ79>-;7DcchPoVYr#2vm~t z93{#lCaVy;0|$?Yxh*yxc9$|3VzwQG*wfu!Em`#QJobrD747{*K4~)tBI$H?FCAY3 zDzYV3gvwcCK}_fwOL1NqrKL)ZMZT3@y47CU4|Qd` zWY=Bt^)v?O?+4o6!)b+0vd9IsX=HC_2fPWuz=7KNkUA{0FKW|p(D}oo5@EM~g~p!X zZcXo5Rg0D5*VFc6qfrr(N1R)R23lff_w>H&C@l0ZA&<=uY80W%tgt%W*d;2+t(8!B z=_C?~EoFW1ihBA~kQm~QJoS$&4Lh9T+q4uR6p(&AC$#@dpgIW!J@sm;dcV~-B6KfZ zxmDO@%pgU(U(Rk~;N!sii;0@e4ObdAzu%&x2s{SnoL)M8T9Ngm%11NaQTP4(Z05J@ zz*4v6O;qOH^2Klry%25>NittGa>298C}d?VQ6Zo`7Zv(5IozAk6yey0SlXSs@IveNyH!Yw@Ab zQROrc5LPI-S`TR!NU0!YY z>q=P^r9?TVn9&Wy#IVgDD;O@HeMrXZceJ11=@GRkh&hfE1I$gg2Kr6O#6?c@ibKVr zw*R&A6rpo|bDo+!f}R?em~Bt18$ZtkOS2bW@X>+jK;*WY=gMYVYfVCywwL2PwZjIK6p ztE6cR9Gm*-7n#G7WsBM(;s$u~US&c%XNyA+edIZpb+JbXta`19>&d-^+SZDdb7b^vZX;J~V!i z$-PL2qYOe1qH4qVab6$9^Ox~kPC6#{vz&{?WP9mb6kc8u*?w%*ATe?VF{cKU_Mn3` zfjf7C=i0MmVNevDaY22ZMncohqw7XEj`lL*wAfm}w``?nosxdI@;~Ocs^(#xDXvd= zPMwqIYGaPeT^VJ77)`f`pw&CFM4O@_N}bELPCv~hcA-SO^zVJ#yhGlm^}6;DmQ@zgvz5~AZkhp>4#VUo$+H>iexl;f_iBD{Lp#FIP;Y)ve! zUEt|P9KVp>qjqVUYAjk1tEeb`evo%?aYyuxA-^=taU)9LNuz0RS>~^ zM!&04$Hw{h8?QNE9Q0srNDI{GUySK~S*C2t*tbq*Hx_mtF$dqF#w1}14HQj`lX)W` z11ZwQ6CgFgA|izxRRtu{KiIksv!w+*H&zP0d5U9uzDg>FPH{_jAj)s|%c>(Ub|})k zRk%rkC_lpySGwX0LnKl8?I`N$*9UrpJ7SXuuwX z3JItilu2uz9gVuEqIEC2{qYT-@X$^3xVot|7f2$ex%<@S`7bgT8}h(1Q_Z#dYBX_r zx1vyLRJyw2P*0WplEZ59BrETwJPkIPpTW92s%HZm9-@0;5RM9*l1%CS+o6j^k#@;5 zkv5WMJc3eRCH3(aI6g_K-&&b-wWyi{AzQo)v>AQ|NWHzryucK&o1irL{Bg)-8eROe zk0qT-7kBP3s-P@XIA89GKW-GDoPTjbr`4>w-(49#Z5#>%N(M^)R#|8Mdi}4N1GC_1 z!b`_rWWW~rd9O}H!W=M*pDm$5L@Fb7-%Aq(al&_SVLwQNTEqs4BPFfC9XByWhH+iR zAqM%C#I(#z*cro1DXwq)rlHS9*&m0NJOI$-U?p5yYAZwU)R!A-`VE`h_E3EV+(`|K zU#i>03A%W1_}|2ZA>6byuEg5cM8+#>+%T+Z8}gtqOzgV)7W4qeh|0BDh9)@>GfCIA zo5mKkVN{!yvb}yDH)~GF4{3)io+|M!aA`=cAI7~(ROFR3HG$kK=8#xRYDn3W=(ozJ zxS;i(KM-=Sj#A$QIxHr}iU4PStHa;5++shDhcM&C2nzWmdc2s+%=~7`Y*ogp^JPk- zNZDm_kxQADiCx!U*TpCml7Jr8WE`EnDps_<`GW`}33 z7Z{YZ3~%_kpoCXa{8Qq7ASA2ns_OPajub&y2Mk?Yiv((ql{Bg>(-x|~(s5oP_xirR zxu$e~{f@CfwP-Rkn?gV;rAvh|F#+gnJdH9TCYiwdjGfwB?}50&rj{5;*PeQdjl{p- z@Oqn+Hsy!PMu@Np`DYtosFD*{7(m(I69Mmuq~P_792}WpL#vHF>V#+ByJ_U z^#ql>!e*owimEjyfp~TR#ob1QzbRn(n`r^uOLRmk6IILIMu3F^Udy1<%aw7l5Wx?T zK20D(`0_8Z7r-7=YZ6}nBVeV+nQBZ`Wr3dw*+*l&F(F;uS1NOgUcRh5qIP(4ckv!y?&p0DT}-TJ}yZZUe?ee(Nu?2d!nZ5muJB%Z>uQ5#9}W6~usrX3w5>^Q@VV zOo3u%zd_{&KFG&f628lF>{<})T3oreTT z8}DU^?`xGinO%LUn4saPH=xgX8t4WD;b44{uXYF z#At)lfT939q@xcHnt}hYA$8y>vw_c_@&a;emYgz3lc3MNgzV@D=&ryovJ#GuH=Xz* zs~&plrIhN_x4y6FDQw2Vve707V^OBByT(c{G_YPM%IA;OqSke+z%>WC0G5If8ou%{ zA9K!d62e!$@fv5>-6WbIA+0@4Cy|_=5@;zLTk!a<=9t}g|NMbl+^@M~Oq*}(h!u7k(9v!A}ZrweHBNUVjqehdw+n0DG( zQU1*I@zK;=Z_|D#`^MNdzRIhL1(%D->-=h7{~Afd_#nHBBtEsK=TumWn-XNIl{Gkbo3&$WBwqlotV4|pHUpi_c$P}&q^MI0(96M zILNvi9k9F&rL$|n$i-ICwyq=w#`@(tT5B`DT)q2Bu{jV;Mn*G3{`~C6W1zCRI(e>T zFnqro96z$P9aI(XFj)!SxnPSZ35TLy+t8)uBlb6%f98J~Q)OPx>;E&+_GgrAFiU2# z4kIu|lQc_U@a-^wCppae4p%8V=p|j~1X^>A_by?!1komk0h*-bpWkYeoKDNv`F6Nfac_rSMWNG;QDgI?#-*W;cgXi2 ziY)6!Eh-Q{DT@ahFLl|RhX^c#qq(Rj?6cgYU95dGq}29hPtp|}B-fUFAm8}0gWgoO zs$w&sCj>s+$}%`1pJo~r9l6W8;Q)1PVNG4jV(syAiVeqt0K~EKoCEjIT|f|M`e6M?iiV{!1=s;$|Z!(Yj$AC zEl{~0m~HrK@O&j6yPG)U;rLkF{`J>#q6MlXQdugj(^?AC@Ur&ZJ2P!$t|LN6%vi=k zAwDqIJ`wWv^7}CRYeIrw)AY4qR>b5!aE*Frj?XVL1`+6%<_3qUQ}b4`OU=)w2=+^u zITvs9p>%_x=EAtOS24NMl)_cvYP9Mugv2RjR>(s%XeSzN(FJBzbceX2=;*DMc75wv z>gykwbw|XJ>oW;S)m;7Db93YZA8cDD3`!aU#BTt+riuu0wK)|ReiS_OfJj!APP!E~ zX-$u#Ua_J3-ALVth{A;r?C&bXU*q))@$(QSkKWT1>w0Hp6&fxy^(mh=7ay}zO{-)V* zXo+^Y`Dgqy&&uVv7e-Si?M9E-0+8D0ud(^=&875A_cVc`+IS#x7@HTqqYR_W^%-Sb z#w0_1&0A*_C%Et1@wy}SnaEkrc&jVmJYbZQWdUzHc(Gd2ZhZ; zx%Nj^=Ds%*?hk=_&YWSM~15P6J5rz`041F^#$ z8&e=8WMDCU;2l%Mi zBl=lLD6tsAhgY1(Y2eyMg31;3LS)Jo?|9eiedUq3`PMjyjKN+wA;%=nlC;R8%r)s- zO1ch_#6VvXL@I_}&2F96eM(a7ld2Fk?WkOO6PY~cXex9TX!LZ*YCe^Szj7D#X6RsH z>F2#8@$=^QHr{(Ml+kKKuke&!Z_5Sr@{75<;O*R%TaKy$4X-s)uB&O?ny7e`{L{ag z?w$06aqJ7Arz85&Qrx06I=@rn5JctNv`|rpH?syYZ)DI=RMZ3wQPgPD)3g~qQsW>8 z66B^xyn*>B-R(Mz?jsC1ybek+?1a4PNQIp2ld>uu=d+V~OqU_RrnJ=ub-Q4njb#~g zOp9-M73iD^)9;b*7ua;&vPrrRnk__~;e5I5254`c?_p}Rp(G$n^v4+9HFH*lv4Dpe4y<47080u@#xp3L=p{-xNHjXTdtAz zJQ;NjaQ0?)7ZWeMIL!1yTj<2h%#?x6l#BMxfz3=@$EYqby@fp8OZ1+r&@M0HhP9dd zdndb1O>oB5vVQ234~4ZDlimv1+57(W@XK`+QGCeD7aT3m%&k2FpV2Z7ICsbnwAlUn zM*{zU^xq=g(5LXrf!Q5!3PrQ3K&2v>QC*Dz(`RUTlw7)WmJ!dpIF;xPM{RT$qQ20X6Vbgool>`IGA`(x9O3T?l}0xtO{SgdzL@Jx7!DLz9nF#tQCwZ z=>UT^<5AR0y~pMf#2LMPx*m=CQj^!? z;|hJ^e|FyD!FkViO$yV{sjHrM$-*hq!@610rp4JV)Pit2cM3w2b5b_bM3k)t9I>&9H~ zVq&iUi>#niz}M_-f9nf!U$R&CUWdEZp+UV%G!Qkkbt}q-c4i^bqSJF;_8k&m@oA}B zk!t9=NQxx)y$`*(7v$&3>24FFcMeV4&N$aN$6smAJ0;dJJa?C)zA5a%lM_R3I{M7N z(x>zDtVP)TB2RQ@`~3he7BiWMcn;-n=JVmpUM(=el%PS7br6Ovj1qymk-Aa)^ZiLB zao6~D)2xthUB&w!hmv1Lom3ca$9}93w~z?Plr2B@-wHjNIb}s20~R734ycD~OE8X- z`!xQ2aX;jZqk~fe%LCM%F0W$)Pwe&2Byx!Fn6g43^wHE|_J!Jh>ABJBVK>Ei9%Ql= z@4$1}dQ&<-8MJH_iW(jX7>Vt8#TiIO1Btt~;hWgOfu?Ikax0Tl$*kSoUXCIHJ|5o; zo|WreyfIdO)$NcN^3{LZ+%9x7)aD^!FqP91R7s) z3UsYb%c(s$9WY!o!hbd{B}oK@c>$g1lCc>b(0D9}WgT<#=c(`16c^Vd@Atx%6jk5W zl$ds8y7#SuttiBK6{da`VsVyL9jr7WGIx3d^&R6XOqRJg%gUu6fZ`Vy<;n!aIaqS6lEv6@$h!`Y(T7|=~{ur}QqF3UXQ{M*!i3O2` z<;Ec4vm=33d1c|9lf!K#(f%*9;-CsP>y10(-P6VCp)PGTdfu*UA&`3c81S>FeiF5= zS(Ke{CYLb!+5pC_Z*#BNd)c_xsF+HP+6AP}7Vc3f0v?K)WAkyDTm#g4Ozp{(jxxSG zgZ0zHSyk7dEHnC%ZDtB8#g(gD8}NunPhSy)(W$r3_7Zc6@wQK9&a;^_^X7OpzDXet zGUoZ%@R0h0^P^fM-b3uC++-!94|Dx@Hzjz_hIh<5`pw)7S1ex1v2Crwnk|1${Zwmd z?rG5gg;rpLea8n?27vabNfOis^hTO80@cRH!4`g7Rhjdnc+1}M%>bb54mIH%3dFwA zWDjHRDY2usupQf9)VsjHOC`+VdgB�^C#)qT4KT)?)zHVVwtMQ8O zbp9l{tmn>r#o;56WJxxIRKNJ3 zSB>cMYORXsh5jpizsNq{nJ54=y7{?&sd7hQ9u%NLyy`EMoOGr1yd`6vvGr%0;>C;!3S^mHk)rv__Lv#l&+w%1##774TdHQ_M(( zTL7}v=FYTVyzAa&8^tVQ*RV`|9!1MDu_9-wucbCkRBW%j`l|wQX?XPw<%<{>f)ctU z`UuPs`0fegyz}Y3J(kZocB7u0g_j4sK1J$N)2EG|!P8z2W5>OvUA!?-^NTD@%(b)a zLP>8X!3U!SJcG&ThPmvnY01rAYrJO5CH^-(to@v-xj4!%%4yRHU!RElkpEZ{u2Byf%N%xS!ZRE5lTT^6Kysc^o4?==_cg~^0K7R<*+S8g)ltd+p zDbD4Bj9`QL11rbLd2)jDjRU2toR7mj2?2NwGh9GVh7Fw}Bht#L2SLhoZsy=%0R{=j)pCQI`^W zx|WbJ$D70O^-}O;K0SmV2VdTcQ|85`q3JBgc1L5lgk*B5jYkv@$t&4zt)@E+cB!GH zRD*tzJsOx2!jIKNe*Xda7*O+2(|T&stw|>rZaHKPLI&v9K+3Yyr<>xxACD0b>J1QX z-1IwwMYLgURL8-+Y3W;C?0K*cAGFK-J(^}VAH7o3(7$r|&T_s})f?sWkSEQUl6Z*r zGL$pWoQ^thOU<-oqOd`5BjAFe(d$6Iq;Gv>qAPYnCbzzxhP6TEI)$&4-c?C^`W-Gc zX}xizTavu9_6Ft_ZQ%VQxC}9;TvliW8Orq`-33gOui!&&D`uajbwW5mI6Q~`yw@ar z;D9b11H8A)nfJYcI2jp2=ky^);80>#`IoR!_ zp+hctlO$aYxL@Kb2}(@+l8w{;x*boVRx{Vh(7<3daMX?ERhq6P&;vK!R!QUp)FnHVd?@){X|a;_b)d z@WWt}FelQw2|?@4a^>jzr1F|zInx7jsY}5(Vv8A6il{H5%ee%?IT%JEJ-285L8CYpS0 z5>G3zb~g8{emt#b$&q2UgUW1A7H2*)_^M=Z+3wo$D6#ekL?4Jpf+E}a0|iVP^V?Ym z8C}>RA@@XUINPP?&e-Zd=)B&Xrg@LTsyi{vj~&;dMtA0UmCn7K6ES7ir8NGu@s>h3}iUU8PV`h=etJ z&%Tw_1DgbI9w^?uoUX0AT_vvlIc9E1GNuBcBg+y zt*CA=Djg2%pR%EAp~Gb9o(%-zTwC%{6zQLRoQsz%2Euw>+>mLGwB(p*TITxCvHMht zdU!imAa$Vx1CFf?z1i7RWJAx>T8B5T;w^ucYb-xVq2fC@WMLSF3wfxTgrA-6rCbuaFK8WX2;JjvPLX@L^7xR@7rP0@6Q{a715)emS^#y#G#eQ^S zM$>5YiFtWZ(T0$8(N35{;Ln}GwVL3(P{;%4)$w92NiQQy122;XahON^Xvovhd<^UI z=r#=Pqw$U4w9+bdv;zNZT5)KhP?pKp*4Uv~lQ>P)Ie6&|aodY#hC4IWYA0^6Hy74$761Ndkh|LVU)Uonk zWRLeiftg_(Kh0%piWXhyunIKKM!jDRdajCw+2s1jvdtvs`F*iOd%dC?$%@`aR+)x< z^9NSPvGu;|+&gUO{r5)OZ0sK3!M?$m1I3wjN|?bJVzFAwMsJ>^X9mWJ&0O1A%%UMIIzRC=(p)m9 z(Sc8fAU_}%zwj&#@26zZZ7#5V7hTw0h=j%~DpUf&n91QBM6;4F^c~*|>Q5BQ-rS7z z9A3MlMmKN))dDs{gI=_O!p7S!esAN%#m#jEUma;ISWppb9WrryHXIy>-S5AE7%2`o z_uRjF{gvkNRb6a6&;Xm-D3lJHgtJ9hHO0xAxp*DK+^mIe?=!dCMkaL~J=qaXS8a0~m=;n}wnD4sPX(}P@mNQ6 zewPzQq9=jgIja>y8?><%(^&Y)G0S`eWz zk^+I&HAb4FUw?78Cx|yy?P`|N@{qM*%B|Gi>lqHb;YDZC+lkFr=T_DRKJ)UYJ!WG3 z=4ST-m*V<;TN8}drMbhH+w}3p4v?iFUnbg?_>7D0OniyC&d8(q_^>_E^Z^ACU&l9y z+Rvut?(Dt=sdl&cGg<>%_u5)vBTa$@@CRV<@Ay#gL-=wIcuV;j;Nf5e)NjJx$SAjIDI575@l-dy|Se2~&=HFr{gy^))RqlX(egDrDMEjE? z$<_E_G~jvq0$zrm(pR`3po}-whw|&efMX*bzRUL8v0;Ad{;5R=nM>JYPO~1RsO!Y_ zu6UFFB!Fe#UgQIJw6KcMr8CClm+xE)7x@ZBCINj%Pnn?mC4fb~ZxlS?`a~ci2}CcX z+M^$=szn$ODKB*OKG_ZObGCgKmljN)kXp!Gp5r#Kda7mumrL)x0k8HAmqhZcB;F?| zu*0x0!u2JGc(wxwk`8g~ad~guaTKz9QnoF8@|tvI1q<7)~jxVoT^iRqSjH106y4H>pGC>Qw!=D;KL82O~OAp3_+A$5p?`ba}C} zt~3lk(__GPuoF2tz#}yezkGs~<$a^nVu9oOQQb4qX_v%qGX(btg$}e^11R940#c5^ zzl8n_MX~{@YZ1}I2c&5L`sSRp8Se=Uk19J3;~PhUs*DRh6~>flkp^_E%w`c=HT$w< z_j0vEG)mlzCb#iG?5b&2O{o%NcW7v*f}8IjahI0?=kEV=P69>xu|6JFD=yw z#43uEFS!8zhM*v%!c{dD(I$&_Y_`3>V(Li;Qk}Yy?fI1@8=EmBwlCZKua$jp&UhsR zPOjUVa2FE=4_cvPYI=i&w-~U`6$+`*_t?K$EfqM#+Dsyx>$KvIFM*kJg$q94$Z zJl0yc5fjzwz?Rh2PZhp6%^h{m{aM<4_nnI$P3ynUaOd5?ok87d@%sR|hqGEy$fw$5 zA9y=aK^hTv+r3Km2(SHtk`tNMW~(8RBC@e5h)rqjOalqwc(6__=&G(AIn?`#6_M5u z!-goYQ0$;b)~0ho%H@86oCg}oP0u53cF|uivyMZk(IuqIRUjaO2ZYFf2CPq0AU|GW zmQYoFqU^-w^oHaZaD;f%8@32nr7g-^E`VLfwW6W-aSerY<_q)M#hVEGf)(vawGd0pSegT~wJ2Z$@FxAFub;Ad@!)NI%P+E9;;hizA2e?c z4q#$64ONODjy6VU#|pY4KMGn0tyb!5{NZfV8A3_$r4Sf%11Wx!%G#89?;EQZ!Pg+r|O4 z*4W{72XHk~A880Lr~3vZH+m4-wwHnXPVm496%bs|^Xyg&;~Tf@b8iF1>uM!WUYiY2 zEj;Iv8d$zmd2|w9?_JRPK5j3`DK636Z$&}tf?%t(w!`{C>uHYnAbP*#wiK*ccFufr zX>EV*-3pf|PNtZkjdOKgmWY#!wrHsXLeIQBsH$@;doISujQf5}G9+xJtML-vUZxx| zU)m1Aoa<`3Z+#g9>TV|LcKTOeaH|ln#YlhXyP~Gp+bFPV+!Ji~{H-tkd)!8c6K-3o zj&0U@YazZS)M$L|#B{xD^^2lPtLXw_uFh|EcI%+=fNuNqGKdu-j@AK!A6l&5S~#c7 zY%*%nmbfbFzpvmd_qs{ppKNtD@~o=O!Zw-x4Nlrjyf8!qJyKY{5GaD$S$yeM;lj9i z)52oo;s9@E>{{Y-zh30Xd9QCKbE!sc*Shh+bx8Y7SH6Lw+?L|uEuv{!3NkeDwp8<@ z*@gFQUZ0Ur>M%Bf7W!dLz=yzTlY}{o9!Wl|c}}jsGwO=Oi23rT!Z0 zg$eE{j$!wCd?`o#-80QoGO5tAjjVScoz2}FODun$c9)yf%Oy+8u^hY&Tuba>GkbWK z+{Do)*7TW?sEWy23e@MpO7D{eh>X^Sxh%2J&E9O>x(a4Jar-b)1sMPXghxY$XpIg_ znp;`%{sW#H)wM%s$a`k))rv~ z`NF%AMtWb#j7_)Q*$oA>;@t-HJmwP^*7UUo#43X7<~(jb;9_WTRVy}3NwCjo6>1nl z9eHbR46fr?e-^}{M<4$Kz5OZU(8bv555-POx1Wm~M0Ws`BWn*GS)%?la<8`xV9%XT zD+`rN#EL7!ixp4M)C|*v+>d2>QcPYpg%kSvu8)<%VvZK7J0 z4?b%j{{08@%RX_wSIr;A?-xE<=zF9ZxSNk>g*c%Xqa`}4&JzMBYpc$}-y}P)KhP9M zhU;s0WKb(UJLmo^b$?nwLFCXj?$(Sc21-FVk7j*Ay43J>SXSr<`VhP^!mX#?nWf04n=gJoHs${cj-UEWn38CfMNoFs573$H0a@t39jSj@4Dzfj={} z3|jOKvXEWhRrW!&JuisZK4Sw8oLe>_@Pn_mP-3d^9^3io2#ck=#7wNN+)nkxBG=p0P~erE+}*1 z%gR;Sz|)IyOmDa-Fu%yK5OhQD5}lcuOMt=8rrlUi32CL^KInVrX|ghgXkoJ}1?f72 z17&B~3}I*Ev9~bCNixIiHV7V6-Fg>@_NN@RpT|3zTcTpS{C6W<(={!IuJFnle%9{{ zyySB{$uyBQBMLddL@)C~nOm&T<6Y=2kwSI!x`oaYG2@|!4e^|>&+4iV)AWbIid0EEU#$%(Gu|-*y>-3GaWM#uwm|g@n+d&!K4J z(LOykR4sm(>nq)#aq(J>V}}d(estP5In;F*A}*CS`Y127qpdWrCC;ygny7M)K30S; z!#klkLlAX~5_%4=j<>*{pRFLxt%hcg3?<=Ps-&#)L#`|?+@8LQRtMHwsMQB`zJ}O9 z1nhzf(=nAYzsMxE^BwV^ynXQN=8=ryxgU06jPm$G#n5xAtdD_A7$DQ{e`1%?HHh2t z@HrG+WF3eyFpsX*xhcomaDaANpUU1>5jpnNL0E?JT!V~o58+31k@=X_iE{+F9Ec>Rh?qcr%TPkCO{IOT+{@3lo;t(KA{(0CH zoXzsEUFU7Fp<{Dc%=J{4;O?b8adC%aE0s@u90o(SAL+a`MYTbG1+A73LldhgFZ7$$ zE)+8R*Sq)ItosaiuFhyltw&gWuWokl$2R+)nC_2;111{q96lo49)|!72(f~gb1a61 z^K8$N#%>Ois)jN+0#^1oR}_8A;nDe2aO7FcF-*~iSb^Qc=~Px!h7Dpp0BXtUpv~sy zFjOued)mbgcrdWRA}K*h*S*Vxw9WHb;;n+3oje#-B25J^DuI_r+i7@^ zSL+Ky_z0)J$YN#s6HY4|0>9*~^^Z(aBc%%Y%_=vmwBzd5G(z%$QzF!n$l3$tXi>tXhiY%{6o@tEKg8d7 zWi|YC1g+(G!1_eLKlyX@W!l>l`5*ws>xirj<#A;l8@llw-YORF_gK%)b{=xnsQJ4#(;$*ob*$3}fjRdJ8wVX^S1(h8ZUI|b7^EvNIs4)U5E#kW*6n+HQ}4x8vZnT#>K zmp^E%Jc{{vgW2#gnG#v~F!bK{7Tp4yzyQkziwdxQLki*t%TLU}#ZP^!oLp3^Te0I?{a!ubGNP!?ZCT(Mb61_sOV`MqX_*Zb=STb&~{(noRqf^c-#y5dv&q zheK&pgK;^($gW!FluqQO)NL13PL|wcOZKbZ|OYvV=OchJT3LY8pI5B{;+BF7u9wg@$%2$OIq>Cu`poFv%&BV>ju?a?q zshy(iun-vC>nDPSiRNAbNr-*~k-@z`2qY1B6B{^1x(d;3#Hfe2IQuyv-PA~KYWPn5 zxeMGWX343MsT%L@h+fQ>@Vxjoy~lYGOw2vHYS6P!(83v^24QD$QCLZ?qHh-Q*%ky} z=O^Ov@b{XRE|Bdkq=R+GwDCS1JE6@Pt?nj8epW>l&XC<+A}j(M)~~L;6i~Py&=O`0 zur}1dRxxW4Scwf21nhRz=|n~IC$iY%0D3C!+St@Ws=`Y+K5fBkAD<6L_Va&&sN$t@ zS-rjNy-97ffxGMNKDZTy<~<$>8I(;kWjs9ea~ z37L?|nNd!tzckDzP47icv+tuDWak#27PJtI#Vh#>E6f&k567O?YWl0YbI@qh>F5`g zXB=(*dk(SnjEpw zg_mDJ)#G4nK0(aN$W8eeYlc1qSiRn3C@_+}>#9~<#8Ys3BGQK4_8f<7)2ZjN|_ zma#{fF}!p`MG6wfT-xJ5W__$(H*TU`yc>D}Lx(z!`hm_T2#-dvD=vc2@ef`v4F_)V zmzL|YT+|HQNHe-8^_g3cBRPreWH(Nv=0ZeCbTl8>c(I~wr*-M*^I&YZVU==lUaS~{ zRm#usre9>yBoROZv-YynC6ETOOWQj4fP3CvbV^$f&F$P?s>AN~+^k*sHqEW-W}M@4 zcRXvX44j#EJ0)UbrD@_wHxbMTMtTs`CzY>3fxHKxd9t%uHSzT*UN-|9$P-O;%3#@< zlM5Y7Sjnr~1YLwX8vv24?0X$xmO#(Ivd&X@7I$J*Vm3moBU$j?;~cxNS;jM3nvIQO zy@S3c6qbb-3}`O#B6roMOoF|4oI*Ah*Bul`8FlGJ4ITCdj{VJ-Ldq;`RDO;=U#f-1 zDpSc|)9Y_+Epkk1x-MK_!}4gDJV}v5AlXtWAcZ0y$db-*o#xlubmmi9SS~_%aR%?7 z-dJh#Rv1EbY?*p4sxwgI^x=|aZR4=sCwJUdq{Lm`jx4ev}SA0HR%W(UzG;} z)vrbumFnlkyA~l1-DF|rXu9qSlMXQJGm?a>r)=v7)exUhKaK&h;h_eh>y3*%o;iIF z&t8^%PPXwHW7oTcu2tsVvR0A>&*mczc;WU305c^-F!obg9}8L~H$HkKu#5s!;5Kavbgib4+4Qu)Y%W(`E*aPBPbV z%dZbD+u?c|17zPCunYxRDZ94@uBYL|FlF8OSn z);PV3k_Xa_F{dI|985KyC>OlLSNH~mG#^ceLU}ZQm}c6BeObp3%gi~rXFUsxy^FUe zT>oCB8(&NJ65&@BXO*X0S2oA3X-_U4?px2m;x_yxQvd5KU77v5(caOR3>#JyZdPo_ zW)A(3H%=*f`}5b!-B<^h|9yUbLC?7n)LcW#Bx=G$oH5$-ijx49Rlj$0gG4}m#m1^H z%4goqkNMWDfS-MO>!G&6q4+Vj2d7hEBM{$m7wx0dhS8FCcVA6Ezr_2*$m+eT@vF3p zvhKzr&(C>folN&E)yl<%T_aeHDGT9}5VEk&2hta9AW+^XVljKXF98u0e>`8PH5K{L0ZSHr}h9h(@! z;w>Ojr{}=!aXnrFp*#t@M&CTNkJ`%14m^?>zl%BOBj$-K0|vwsryW+?ExgIjo4NSZ zFLPL^Kz?(BvIk_P4zi=_2gIN~2~8B{Y}=8|Fi_f5h z_7%X0t-r{Mftmp#tGe(1J@^U!HBOvyyV)h$^}eo_Ysn#D<>)Pvfv{IA9Td^8omH9)Qc*_)v%dOEgjn-^%~~gJ0p}}Zc6|D-royB{G%WQ@cw6R{q_duCW}6qR%t5ZM%v1WLDKTm zF;%AL|1j_WdjI!Zi~P@?pFig685cXb^zA$E_g)bldPJr`=*S7UGt4en@amtJobC1> zLv7aoR5Zs>8>xC%wN;1ONETraR-XbfPM(DSR9rU^5Ub&U`>-7M5-9gzLu{*>5GHH^V+Y>Xr%ABCjJoC?{D%)1%O-2AxzvS}=IOp_!?oQ^0R zVAEmdb1K8HA_!*zu$ij-Z#JO%hYNS&k1kwcA^s%pgB+)~yDk#7T1%TqTQGwA>DftU zlO2Yt(>_x=tcFYat-@4DwEU(*99jDB!WzKq-!1Nz4Wl(<#HR`Yu?_+!Spd06HE;ck zEZ3jOIB&|Tdmsr+qW=QulG|V;NBq)3Wk;M+d2?hkK<0GFvBKBY2|QjQB)=Iw^|}nt zYJm2|siBSuKLMcWE&&~Bz9@*T-epk-Ow_;sDhQp}y>~MG#IkrjNm1m9H#Wm$v${v? zlVQpos!gdlHT5tT2diG=VWDqn>QB{3G4X#o`3E@i2~L3&4mvsSLAnmZnT7#5{cod5 zce4TduJjZ^^5~l01n8LcIeh*J0Nnq0g{%ZoFeUVx3gF5f2Iw|DfP$lIUpl-DJf%0G z7^YA+s2mEU2T(f7OY^{3#()2b3%6WP;FnJmp(j|7tWW@dqXhqU zzsiL+q)>Pxp#LTQwi3S3zumOnpHGASL;zw3?$Qxn$^o@C)TgEo!nlvve~}&R5Jw5I z(7&y0;eWm3_~PE2@4FRQ_7q-;dm1Yx~!8``2@O@b4;v zzhp9?!v9Z^$rWa}m5zpEA!paH3egDRC`}&nyqDr{?Xf>1<8&W-bm>x=Q#m5(SrB-9-dn5mczZ#qOrsQCLr*QkudB#p~oikNyg`2skkyguXq>! ztKq*i-+wPd@t1V?OFH~-Djoh`vv2>m>}^^@A6XJ-HRW-i4T)TRUuIlS^+D0%a$5NB z(Dn#>+ZL1m!rprZMb)kAq9`aT8Of=YEKvmn0cjOUA|NO^v`P|Ma)yQ$kesuE(2_)A zO9nxj93|&W1A-E}iH#k+^IP9uYp-vgRqO0?YuBk;b@@S26g_9p@s2Uac*FBP&oZPL zfC|ENZuBho^H7~UKWF)_7HB8FJtGj4dbfU^vpoIii|8vQ-qMRj$yO@@;|fwDW7j5v z3kO zbV=nl@c&SW0Zkcu5pZFov#4$ylEj8w>LQZSktl(DE%p}}9Z8~w50L>3aUQ$B$w0{J z>%z^s#1}x(?guX%$AtO@{#>zpf~6yzgC}4igd32SxL;%-0xgi-T{(caF%#H;Wa=59 zw|H}r1cul@(+yPn)$tA}%>5~G^cMcydU1algagoue9Nf6jum)QLPc>m0C6Pp|1d_= zSaa^#xWgzZ;HCi5VoC2e*>zHDA8NfFjA16Jb-@2RR3Hlbt10{o169v~Hd$={q0sc4 z7?K7b42Lg?65=9(K!`BM_Y$|($|yqTW%g}dDPJqa=d73Q$Ha%-KygX= z-RqwP42>vy8s7JS;!M{FfPdrDa!9)f6wkVZVV(%-u3YnE$ zfk!k^!K6Mrg>`UtDhZ8myJxa<@W0=+SromnD6%LL-l;|-lJ26_a7F3MCxJk#leF(H z!y&L@JSWU?vPllcCtna_3`UC$Rf~QVGEoUPCH)fI=X1K|eEEiaVRMVSVEj5Q(TZ~6s> zse~uEO7voguX)L@_ih^;WrdQ{RWUq0kJ8dZy2z~_o@wR`U00O2`#rL7CX^@NH!?-Q zM=4al_ano@4>JOnr8+umI!65k< zxrPhyDbji1Q+J&1K04F=n=I=+ZS!P4F^O}}&lfgd2GH)6 zS?CbbyC{z`YGun2l75oCgvAr_!6IR#IL;IcZ9_1-Hx$Q6+&&;a(M;Q#sfmMyiq0#o zBvd?=L)T=M$jR}AQs<5p_anm!@8{<0n`mY)s#b}#JpH)y7T`dL_+)qnLo_5YXx_dq zt3E1K>!}2dMmz~LCpv@afI_YA=fCOw$ZUYWFCW0Ohfwq1H$lB>)_^L*`hT;=ATX7RtO0O_jyuYW(K zpPMz4j&c%t_}q;vknM&V8Fy)H7zG!Py)T*YCkY9MQhH4fk^3PjkEGX#P-5}{mHJYudNK+as00SJQ^S=4&sf|(>eQ*f+3+>`rkHk8M0%~{9&=4>$0jt z6|x>m_SA98!RDDRD0=X!E($Oh_?L{R$YNVsuKZ`nE)&sk&1+0oMT-7EpPWo;SC_%Ar!dT~#{~ zXtF#mpqeG%d?_uOyZ6GC=)m_AF|sVRjCNa0e~2a}(B{)d$sAVshP1N3sIq&k!zxadd7PIW&2G$L!yOLMP*J)Wt4n(+-)pY)HQkhY z?UImHWd!gfu@nf#ol6Us{wav15L|iqW{$VthjCq!`jv7W+Z{^FA5iO%lBFVHCBun< z87E{yQv1l0BS+1Q>cg>Z;gTO7{(>vI2({X;wTYy0{q<@M-GT_Sv-vBOu0a>B#7iZZ z$V5e%rhm+8QDM^iZ?31)F1yoC!~e52pvRM375WRK6OB0) zI`5H#goPfuKHQGTMaNA$EiWMQNYfTKhqn&2psgexTv=S9kr8wP@uJ>bd)@>+CAh8? z+waa)?3Qei%Zxto*%Ur#Y%@*>*g!`}?NF1FW-lKY|6923&yit#h`@zxbHSaKm zx6j`?oW%IcsAve;1oD>d68vh*RKYh4it>JwH73eYmaYA|RBQYYqsLD%h zEBq#l0o-7!Cr60@zZ(FWOY_VGP;;9l*xJ`5>CGlygdWDJLlUPdUC45S1%NzUILyla zeiI;ef(>xjeijds8=z$J7HWobxJxqJEA;MLP9yODdJ4Ug26Rcj@g3CJH;#Yfq{J%G zz!uufwL%%WbyNqk-o7ooF!>#z+d_RjLJcg~3RQOcX>0q|Gy#;*wPlmFy(G0*n0k^q z#<6q>F{5<+fQNO0zbRN58=9J?yTJD|t%A+cM=+csW$7yWrD#HL9{L8vezFf$y%pt! z2_rGc`HU$(DgDWz6@>iNS)aIbTP@Y^)>H+y8EuH2sKS6KK{TawXX|~s zp_2;qhsRR(7FNGdW!^-RwBV)VAfq8`RqeIGWMGpED0|hW5wqzszB^9u-(2yOI#xem z2BMS;USZ(%Q2LM$N&S!In*?t#COq$>>qbE{6ZlY>fJ7ZXlYGZeR^`%l% zQ(v3xsPQ6IRK@-I9KE{C>bms$ld0DCB_~w@uo67ax%S~UqGt_n`g>;a7rzSRgnn!t z__MnmO<>Ja8}PC}vqUf-KUh_aRhujMK{LFrHC=o0Hdgh*@sn;o3M+%!?K@c3uIoBW zh#)vMQu`ee_q|o?Q!!KG#IWZ_-7&}ez(I^0C}yYXvx3Ru@7raG;Xohk5tTbR0!^6A zqe2!G+Hacn(e=0+Hnl?8SGr{bqvaN(HM=GdRrBqDatcWtCV>0tLs9wC#K67(p?Z=} zpcVDKE>~>dHHhBZ4HX}m8*ZOA9~wrPMOv6NL1ABxlqP8s(HLy=lLGs4CkA=L8K*?r zbSUa(rOvh}RarngW!o1f52B;Xhtv}dls)(HLiHa-^JQbB1wLReMe7j@NHY4bzA$7c44yHuUwjsomc~g zAs1kxOT}>Z$!y^?3`@9m?l|W1NS<(9^(60uH3piJzn!#eNS@Aur<9atm#ru z3Dl)Z4~HxUwrmQ3bEzy@|dqpbW&!XyR1G99eiN#*l#bzZbS|Q$ zqL*8G(WHd~k_AF2ER@uI1pXz`*|bqw@k(6y+E}#5TH=Y@D<6Ve#){}bC{L;C($A5U zFK%+8C_}H~tTWirqiBpybCkcttZ_}#q|CM_MCjpARd`5ew!2$U>&>we?l4RPdZba7-C_fUy>A*n7jAvuP%Jye2-&q* zm6;YT4(LC@FId=RNmpa2XAmJFAH$G~b{L4M+RYw!fts_M$D(2(-8AuP>5;cxGG`%V z8~da&2%UtIFu`YpV7Q`1-KUh9H-ifhHH|1`w~~4=I+eg-P5$|^Rmj}k7JecfZ~4i| z5u}A~hP-W&v#ilH@8^ueT1*j6@~MO9lg~{z-s#;nCyx_<>mbP#DK+qT0`eMehobO4 zHpWFjX})&8%OS|r`8nvAfAt>eG>FJIym9?S$J6`YG`N9GhPPn{hzn*byA^@g!R0Q? z)M7Wc8>cV1& zd@c2;;^leMZ!HlgftqY%Jz41e=p;4XIXdTH(j~ejyUQfT+l`bfMlkA0-f5VL`_~yq z*r2H2^;Z=0Q&JkUee-*hRfHGB!X|D4$0&?-ncK2|tP0F&R^s_3Gnl^yGkX)*MC={C z6z|_ACj`C?Y#tCrbIU%!9#!IR&OkOnRk0xjgxmEPg1rAg)&l$J>aCjXORW=Xy}!vc zq}p}T_UPp5=1{k2^l^n~bH2M6x-A6S^o~84`KQKmon^2d%b)}EcHVKk{0nwX`GQn5 znPoTo54%0pCI9DWek&?# z7-Qj#3{F^CtSZ=+#fmngs*pjALg;?-4olV1G6B;*PKEn@%YppP-RHt*9+9+{W2!LI z%mDp*i?a9fU{t<`U0W2 zK{Z90?V}DlK`N9x9C;SkkAI32MN>wW1n{)wZU#tVL-Q$To((JBv6m=g;cI|u?n}(K z7`@J(6P|l|jRLRz6$@%sVyzq6R#aK$R?yC9ucY$lmXOe;If$t}ON~G%3|YCP>AwFw z2(W7^iNj2>@NF$03@6$k8x3Uk2D5))=jXhW3@T!GexZe8FIp(vyDr>I(XIIT_KgOX z)};sfQ-j$`=K@Bv7;!5_P$lLt^>KpuGJ>wC=hMsd@2KgW+=%Y8D(w89#Il1ao*BXF zt{`q>yS4$6LptwKLyTdNBHyx8_+@YBz|sY8*CBJ0srT`{<{JFj1_t~hjuhwlxnOO0 zY31U3cpvXyle*YO3&ru#)+fq7$POrTiIiFH&mv3u=4~GF-tgFw+xIU}a2)91gug3dd>!fF2&a#emSeyWx~DlVzU_Ycc06Gy>DXA?rOxKP-k4f8L7!ME z-48!{Hr6BxW38N&xh6wVKT3UctG*6%I5S&SdI!Tf!5{p6Zm9ycp-g|T>mB{hw3C^ z(Cp(B$7+B#(#Pn2gSxR`qSkkP&m812gN6m96;&G-bO>g6`3oG|$hjPM){ev%ua>td zfA}F-r%v*i>Y@6j5_Qf=U+SQ5to$%r>_wKzqr1e6MwPM$j*3Eg-k~!No*?1gkC&zM zSjlAjzLyjR(P{>cEfE1k?m0^AWE-4;G;lN{m{e#4^{r_r{5j$sz{#$+VaE;;7t`cf zn|UtDgMO_UGN6627rDXrLox6-)!S|Rk_hV238vD|Z#E(IpI$RU&JxtArlOWFsn z;om+K8eF>j!kI1v_FxprdNfJQ1bW;Uw(FZ}F~EClZ^KUG<>cVm(Y&4@vcvP{(hsm5 z)cY#20%co_ix>Dd3Tfld4STsFqOY-YCIJJUQL0KdX!h4dFUFB5uxg!g46uu%PagB| zVfqsx<~`zdnzAvCnSERteJnakiaRP#5Xm((Ucbrc6)mkX$IUap$zl)L1nR3Xq)d-O zEox5KG~>jrgcMo&hHx|L_xg9FIu>aq8-0qspJ6_pZ0gXuwcN=n<-N4S`qL#6ax62!7mG zhCb63Xi8tZwiftY#egBrjr_B~`2FZ|HkmzC8zcr!?GDr=h4L3Ne3rSDxV0x+X9mK5 zLFYOp1LmD2UIg7ZzjAe7v-n!qoI)&_+%iD{y&JqB_6G``Ad5Nflw<-2Zx@V9=8ec$ z2bqS1Juz2){B$9qkUCT-$=T*!bj|nK1XvW(#q3vQ3#6tt)MJ&IBIek|cR_`Ei$Z3wr?^8v8uKyEZ3*aw<`KcHca&0g_$G6B zL}QgXpaxOW3HOB{;%BzctZ2ZTY>!4Ast{j(gq8SjkrWM zkRJpA^yju+;4`qZm~`*jE;lo_9a~dV1qI>u$uzgm;uZWhD(HIx?^4vr-pA9G8@3~A zY&#K5u$xiM0Sp+2(D+}dn8PG%ry}U^#aGguAxruxwXh=mx&iInuR$NKM~k5 zhNdHpY|>v1JDMaWl6&kvyu2QjF(_;m!Eg3mzourW=-aFYRTU#xK0v_^!Qk!`2RU0x z5{5mg!0yz+^q))ndW2>=Sn{M$r`14|ey~YJOy7ONdyV(zy`{;aCawu-_<6uasxW8Z z6?VK@k=CxnQK>^?ZowQWc#rvmcaH59N}JHf7r-~vxJ@b5&eg@a#BA<_SrD0vHz>}z#$>s5t@*nh=k8gf=?$sFph*Ea9Ww4T62zuBP zv<}-#9+C0VYC8IPD(Fe6lr?&a!8+b}L7n-*O`7bpSzgZ!Cjz)}VHirlotzSYeJMxCv@b zE*?zVE@Fn4OA?I>pA}O3<)_ppUA4&Deymg$w^AFNhXbHPIkqIbEaga8aE*xb?LvHxS%*Z}KYD{b=+cEK;Vp>9X!E{PEG7@5p zbwIr?0Co#_UJ~39)owj%`L=Tba&%d9{p7t%?KYX&A*kVw!svIcz@x=&KCCR7u7hqm zss(XbNyHo4?t+7xVQH$;0}z&OG+%#dexDD|Pl%GXVSgSoK-phC7F3WBjMonsfio&` z6Z~=hON$qOWL*nWAFZaBd{I>+$r_oHB9_l`B&MH^URuDaGp(xQ?%1yrn4tGZ6(xc8 za>+ImG2TU;5tweC(aeLdd_fDXM{;BS%y&z{v#P%a)rlYAHeW5Dz7v1t(5T_JZr1Cm zOfU7bu>p~y=BhzPrm@7qn~Jz0wXh4f7Y8Y0b=q_;;VN5aCIZ3jQjwr;5Ec=SmZ_oMrbPD_*# zmc$~sJsuUipezx%BuQ;|#PQ0JjbiMOP4m%pZ}H0-?r)+GVk%>*MMNga4>_7%;wJHW z-k>E^xbz@}=0_-x2-dOkV%Fe&4DnM#!ws5Q^A_vYny%)@yCFi3=b=A+346F6EOfc% zD_(mBMu9W*0sKo!^O={+Bnac?tq2d#&6}YwOWHr=Iyb)}OTF6jj4ASMae3BvjKWb4 z2GNONfbyL4XEg#Gx+-Cn{++Ng(-T(Svya(X6P-UknB&%M^0-3pW^UL5iTy&?iC#|1 z{yFLEjVY_X73FeN5jK#@Q+? zf0ZL8T-*Pp!*Q2&hfH4%>6q!*l=5+Z7u= zb|sq&z2wa&VQ85Hk^)W=Z@Otg<&`3n`EXyiTI5Y*jqBI3owJ91vpZ~?{r;L5r{%O3 zD0s?#Y+)na%EU7R4b4JZWf$*@Lq8l6rN6qlqp^eG%CGP z2!Ew?7DhfU$)#*(SLW@hvF6AqZF;u7e0#4DeAk{d`AzKyvQ3iHf}o6XNQ;srC=`3^ zL2KS=r<683AhQ|NhlBZTQ)pRT*NftzO+}s@p@^axwNG|l*B4BBFUI=$uo%sqy*IO= zE_WrC&ZGzHUsLFZzGFYA442eJXg5Rx%~TD}*z4gWT9s!~D~k*P^Ao;BPi+YCCen_@}Ne~_E4o0 zXsB}#G6jiCyvj0fj(U?a#>XFMY29;@soonuj-lKN$s?FG;uI7u&g0heaAzk~zc!M_ zhn(EG<^7`Ay%I+TWhMly6YgHk2x*B1#Rnd+ZmnPxS}a5XQA9o%7_%Nzs_2rBYkU0F z1BeKE+`GkP_?&3xlqJ3M)vY<73X_pt7d2KDR-1&g1}FeD#&oToxUYpJUs97dttJwT zllL7-bKQJ<#}&vq%d0*3NSCAz7ZfAhKJGk00uvVEQR=5L?g-?`Mg4pZP?x4u(>N;G zhs}yRORHfOEo?y=0raUtK!cG($wWHoO?70d`J-IhbUuNLE zYxczlh1Q>sW*^7RJnZUZS*(?PBXNLYpTV7V&}?lTRh~pv;Ur6QQmpD3P0!WyJnXyb zN^ZrlmJ@4cwW={4GWa=wK43h60Z3|`G;waq)7CFJv2{2deL8?Jnh+DApPY@;7lkCN z@4aAuoYE(3Z6Lbto3=f@goiWZkj*BbAcFofm=R~G|7GMiS*1JlhM#!vbPxX%b2{;e z*m-Uy#^xp~vum7@I3n`3hY#TXONOO^m;w}k28d!mhFT-EM;u^a=F;|w=nD26yDjyY zn}JgoEAH=Hd6wu4pDJ4*$KMSYHMC~>rudAHF7EBsuj3cVjwoL1lu>@jTVejhgT+i9 zea3`!#D(z)Vo|~F;*PuenE2UGxaZ<+8zj5=?|Hha-$37{(7s%`XU{P2!?$$t4+$E$ z;N?3`troY22)ZTtBviojNx|xY%$$2P^(n8)@-O9FlNB5)$Q;Q1>JF~>TKY9?+ZL}n zGu`>QbtWddgZ}xW#2z=knmfkx5yyf>fV-k36C<(!ip=7uYYY`P@?Il3l`BTpp1&FB zb)jcY)zaBnZpKY3FNyphv@v&itq`lwHp7gJ2w*odg(m(qyub2vSm2zahq$8X#TS)n zaT;P8751*A; zFdgjq5RYX@#01L>*O$`ax{(9*KxmAtj!2F$Qec3;{uOJy@EIzH?GRisiK(^&g42Yf zOMzMs+h@`|9)5%*h$6)t@pLKQ{d4;V2Dj%Cjq{b9O**I!|4q#9vQUW9HE+GqP9@p~ zyne{UszOZQ`6ZdKwpyQzO=jA-S1?~JR6JF&laQ;ycTS(8^73o44Gm-$jj07zDIbs@IO_ZC zV>KcTXP>o8#gN_e7nJ)Zu_D*nsKuqm<&@B{22@{&B>`8!ZGh+IJ67Xps5ePA{OW!p zSC8+dZbPmeqX*G>aC+vwrgwP(LoA@PkfoP6*)=1r=Q5QGw@P2}%U-_y*6eK$zUKxl zQ!VG+LFNN4QI(;#K4uBir-{L9$(B1#3T`s~BSTp4SY%Dv=V4Ucd*ZmzE-`9a!NV8v zk)?Jbt>*fMK}AVwErS@gm#%wQKGcA6sIVUv=z)jKY^3)S5pCczxTwxw7HOg?UPV9S zlbn+Ao#KUpBw9n4`)%>Jma-JkpxEj-dQ#Vd#E{iKFP1gvz~53iOX9(B6x5EIjXYkD zmk+e93Y`X9u}K@jZBdtQMbclitn(e>QJ8SAtkpHY zMwei}QY0N{C6J6+6n?xYvE3ZFjv{|PyhJP|-B8O8@2E{7zaGUIFw)Oyc0iI;>}epD zjK@uBh_7P6QM1pVN0RCZD2nRP1_hPz$6Otd2@^8^**=GZsPl(z5N-gwvOt17~^ zPLU#W{l-7iG|jU-A>r+NZB*KJ58aC95>ahJenKBh51YbhJ`f&{1c;EPlqe>|#GI-! z8fYkWKaaW3KfHWyJabONx1X~R;O0mPZ z^gBYvxE^jDp2)XJP=N0I!q%mXI#K^rOO;4|l~r?`Ke@Me=T)GV*!@pC#N0{f&&zvZ zU4V8L%ohLHZYD00#A-h?V<*qq=7i4pG-CVCK%?C2yF8P3gxhiQ9_0t*r^9z7mJVzb zS|YR9o4tgf;g=_6$0(Ndz*pK}s4-`HdqtGLow z0N{A5yG?ZP$y8t$$`L~PR=+ez;dmSs`BXq$K=ON14IUDJSI83Q(90_tOImZRGANJR zSAjS+)GEui99RBCRquBCtIkYl{w#&vDbV3A0dLxRZ*5JfBDQaHs?{UqardyOWoZK7cInW-u4>7*t_|#)PadXSD|q?k#YM;UE<@4rCt%?#ES9Z>ZI+Q3@U}t$APZW7 zp^SrFE5Thh8xM7#I(*q3w6*8SpKp0J_WI2_@x67=GbfuJP^`h`(Kz-Z&W9N45v4TbS~?&)NQ*ntd%)vaC-Nv|DcFdD0>`s9h%%R4v(_fuNC$E>pbtYDTd9e7>dl z`&#F@ciF3*rTk7Q&t#d&73>*e^4{y=x5lzJLA@dpdtWU`X#*Hu!p$nFY}wCoA(MnrJEM6 zCwFjH>C$Ru=2xh*Q5H5UrD2M@vaaAlvdy79yqMJ7rJo-fpx#@DiV^wIymHBB6XFXz z<^7jbwMEyVcvEQHY^`>p_k?N<#!~a*^TfEdhZ$)@+n($Pf=yG%%hLI8vcqz8<2_(tNYY6C<3t0y?YH{EzW+J0jz^kRf9*aqK5i9bq7a_p8%sOlGN~_YBd4a(KN>I}b)7g<(AGa*%k^`s%%n@+ah+v8Be5VwF zM$i=l8|KxV1&P^r)^8pBRkv??mh0k^@5ntLQbZW(s`%jMEZen=T{}gFHLXwsziP)T z8!m=C*7!&w3zT|j>8^$~ozmsZ zc7>|%)AbBIJ-;jre)*!kpq52Y!RZ62mgRvor(D9lk;?|vRT zKT9XtV7GE*$+Bod5uD>4251J&Y)5m1X1IZpWJ-H4zHsM0W6&+veC3eB%FUGNDPGvT zFU5R!eFHLigDbvZ;N;nCWJ8tdd|Cgr#e7`4^x_o$$bF>RW5R&|qE5^`iD2#@AMg0= z2mhcPFp#-0ll45TceyYb}OO} zJ!jLkW=FQr(n!D>!-_7&F!fRCMWJ?+t!qx7EKc^pnOrZf7k`%y7v)pb zYm>ME0A;KaZ{BN}Y2yn{Fmq~+n@(GbYf(6625oGjT()U>Vs$7lPt^^-6j%l7j>4Z0DwU^m@+BR9a6x+my~hOk0`k zW?qUMCHvX0cN`oNr;Pd4#m6b`U&(zIP3L}Os=;?u89f-dVPetlu++1(hT6#&* z36YyEou8R@8i21%J-T`kkhE{z>f&^<7+>BEM$t5S$c74Gl_I!%Fb;EuGmIV56Xnx7 zXO!6=)Fw(>L&UGgvR}UuZTL}F=Uw1BoSwwwO}<>hp(8L{Tp2I&lB5BRt zeUo%ugZV0x*|BU5;aT;H<^1c8}?`jJ>lRWAZ5yuXe1b<$|iU_+xz?DW}4<( z6U}q9=X^t$%mbGJA*4-=lfh? zaEADvLUst)0nZ;W z2#C@?T#&?ey;*J;Uz?GTDBUT0mA-W4Qj>E{>h&$AGj%aIGFvjk5hmSl$K>&t_1B8b zXvvFeOJLfUHJ(a5v6MBWf!He!3)k*3ibYQED}KxTe$3h}xpk;}7883KLDh#I}R!rNNOVohe6gOx}*{4hMYz zU{M=k8|mTUv6rY4vd8a|rpl-2&IU-d=Qi`)z=nmv{Fd)XZl~|QSuh;lAq^|SZS2Y$ zPh7goH8O#Qpc;i2Ul}7Mn)kK%mX6yTD3@;`u~7A4-de0pgJVtYugIQjb}!7|Uzq-; zZrZE$Ej+&_I;r1RGv{FpS0pzVv-R`%drLtI!P+_TpzBisosde2w30>Wgwnan$j!&G z-g#&JlBl7sF1f3+#>UTe3%+|ide1&5-X$jQIgfpjW@xshEF3{BMQ_EYoS8DUx z3HVHp*jd?)6MEQ#BV;9<^JqncZgYAQa0Yh=-GI6TyEzK}e6ZP2=#+I;@fh;+39ssiV|}V2zPzB9O_GaN z%U2&*-vD{5)bTb@u~uW3BwaQ@5j?+&suADsC>mmZ?F0Cj&aa>jh^#K&A#-j*Su?f& z!OK8is2zFnd0NflAmx%KCZQP^)2uaqv1A4s-8Tv9}Co>oTYS+!}Ke^$fkv& zoy4atWPKEgBO*70`22^15lKmi2e@(!A6lmqFRBTO_(CCH_gP{h$tQ7k?%tZEx5fwW z)l0Lg-+T1#cFQquR_U!h^O0>u1|lvsT{JTL33OpKg3rg+=9_Fh+cPuMezFsm<&~&c zoT%^Rpr=jNQxZzdAW;FQ=SbMf10~Mb*-rXip#ANoshQbb9y^9yJDv;Qjku?cgQZk8 ztx|iC&N)$^6?dCamlV%nfV5RR2O_8nwY7<0T5KvP2G0l~wq+d$`UM3O@9}7s&$8*S z7d-583It!wSpI~YTL49oE?et}**C#Xx)P3FohUiQLwbk{0N=Xj!r^AJt|#Stf;LVQ zgI^I0c0$KRa2OtSzJvPlWK)A)*450qF)F^qZ?8rSu&A+#JzYwPrsp0e1@70%pr7LCUVEi=v6msSn)hE=9OAcFnGj?!6z;Aj&IfPi!; z#dR(|8Fe~{qSCzJ=s^XgxbX&3)7@&jH}%cAq|LRM>@GXk;uaAvi(5x~Z8ee33{?-K z>3F<@o{l@oJgwCneeTBB`bf$2R?j8V2UlO+8ru3+zY(ySgSeFnRHJaVyED6_*qac7 zU@088?F$b_Swlj9lQF^Wpm726Gioc~%ReUUpt9kY`$u*hYsxJfO?nYm`QxLFuJM;$ zbq(7qD$_6mgCECzw837QVeK=Zh_2@S}gYIIgJ(p#vWZ>wx}+C(-b*UM(LyVvT@ zOogH?UWhaZr-xZBC}F*V9V8FyFIDZI)H0|!_g?3C$(wRDrMyMrP1Z>>GDjFtO4xTg z1Bjq{U|RPfO&G!G^ruZiU*$s!E9~+$c8nTWE{eq_PZ6Rx z=p4rJ4B3lInNjTTXr+IfH+O(7R+iCSp_nO1A$twokQZKi=Isuy^lEvj#G->Skfhzl zShp{4m`iO>hPk)uzn9Ij#or|^i$2qcy%FtVZX2bSe!El=?U0hE>r~qqFNqQ1&;}mYeRWs5kgTGBsPeT{HIhZxn*@AzD zzw$|Q9TXcGT%Z3oBJrE-hU&L%PFMN#uS=2u7kyQ280>lerp0v}S|~yqs!_XOr*^Nl zn$=~S&o(`gMO*zgd9}Zvijvo7qm!sEAfeF($d6049|Ie)(;LeSgGT>jx0(5Qu>hOy>l&-PA@KGO-LRy7 z_hdbXug!blOR$SLttB`J3TILjMdL~ob(SR+@DGW$nco)eQf$%~G(?rz6IG}eOeECT zzuE)ug&JmaMKGv|1DBMeTr$-mnR%&ukm++@v{R(fJO1c+XV1^wz(UU*R#{l`mi=!# zMrDBSelY+9Q=DwnS%y>EL8gBpqLHfErGrON5lxe>JjSwH>1ygEyF9rV-2lh88hIX(d+LpxKjdj6LyohzhL!#n$CDTu9k zjHx#6BZ@}Q`f$B0>_ysxiJPA zN>KL8w>R0zaDcmI&vVYpYlgRnPON6@+)_MnE^+n^?p{4B`y=m+5r=FDOcuR4Z>Tp^ zH4CN6bp2tmanrPuPuB42S)U5a;uPJau`C__Boq)@brS9Z{CcVYhYC`6%2&F5+F3MEk$+ske968WgNy{9gQM-dCtCt|$7Pbv zC!smp0%p`}_Rnp1u3Aeo=V_#0=*M;sEY?24p;?eKc1Rg09 zogiszdkXMrolXmyaT&HIT7uRXfdAXpv&k|So1tnUM^QibOd*pyqhAwtiA-Xu-@jDF zmuY{?o&WowUtZ=4OL}C*7rT#>{)B;Rt5X^(YN-6~ z;y9p9A|us(F%M}R2WF;b=i47`N0FlFBtKix=t;F2?gth>bm5_&buMQ_r#3DpZzA2V$64o1Vqumwb+FjqX_N2M2&gD zbW_3f%Gn~iEi+L0QzmhySpx^@g(JIp|Ml*Lv&0k>ni`jzM=)-}`mZ&V%(l487)v_r z3ue2yaV1=2CM;ixmA2N87G08%wIl|>kk8Gza-#36W0IY@omct(2e?x}_1~d@A z$pyCN;3iQx)IS4gk&r;+DW@9;tB6Iik4_fsPyD>rIXUIFXJ>?qjI#tZG&J>D&*k7u z>}Nfl%n9v#1O;sg`P*)eB>qv~UAaz`p6X`PFqElNGt1E=5oz+}7M49$85+008)=sEhL(A7}9|`W-_0zb?;iaVt*M z>^waaNbPDAbo1V?)X0%6x2O=Em-$GM&_bEsL=EZj%#tq<%^lk(qHWq-vGQ)W9Y@!^ z9Oe}cZC?{!;Aoy>6&{ZeOtUwRd6=-F5goDhFB}U6TQ~NX_pYrMDGL@-vGb<`%cikd6A=dCKPHDKwDj>u^#L7Tj@oE826Aw)JYGQdZC7f(Zy}UMBBZW(7fav~j z#HnXbf1ldne_{>9ALQprpZPuX_eQ;cp$ByR&nC4JZc5S}gW96}x>TTd^y$Ck2Nvxu z;l~Pvh@X$)Nt9d)T-__s42g49U|~0)SWiDRu~dya4z)LP-1XypQrgGLlBDzXm#@s+ zejE-ckOS=0oA4zQfbtgJYPhWPixsFJoCW%(!jTW~(%?BJ|8&sKB~LiO8bP-wI{O4* zOo09-69j4^aSFh`g=|M0NYs+f0f;gNHG)6@KOnB^fx?J`aghf)mCD2xwdriqQqJHB z0!_NNT?p{nRs)3|_?{Zj$@bT;%Ox=au!*5Bi#QepLB&_-kLz-`fGW4Mt}S5@$ZcIY z0zk#<0L-@sb;1W!xY43mAtDt}9tyPklfU;OBm(@y+=)P?L*o5<`Oiy_Uc&2yD@nFE zc)XuIe199hx=2V^hhtK3Nu&@U0BNrJgE{xV48$VhZiekww$*@|(K`}om1hP)z(Y=eo<4q`#lPAJ{MSJk=KRgtO8s=l=UDzUIh}(J$sb9` z0F-GJcmHA{&|e23I{dfGKsI6cpeXPfJnV$B2ACD4Ns<;|G9Do8{Ac_8b?TXaApW>4 z?vDvmLF|Lu2*IZ_eLB;p@AUt=6P~`)r@QyxPq_bI?%qXdd)`SMo?)s<8Z7kM*ptey ztv%HY!CWG*-8y{Xf1KI{B`*=~FOovW-vfufiW&o3&qL`EC;_sj6e(PE`~Lrg`*eDb zQ#btoXqQXA_AejoS23Y^1`#RgoZKNzt z0I%gOxuWtdUA($+=2iofjpcLKR+Utl&b3f|GNrk_OU0J)7bxP=Wt?U}Bo4^YE$n(M z5J-Z6_|I*NqyJ;V5u}FL08euHIJoAMrP3sI6w~1O-eJI}88^EmQS6mVu)}E0CnYCp zx%Q5S0~}_CuBDB+*jQCiOh8H-Oz6!wS20z=oa&do24352Rp~R6PWgj@gSe#2uLoYD zmv$dMlr`8DEXz8s?IvOY6xzPjE|6aOha6A;fhm}t^LeGwEWn^JjMy}Vy!b;p4Yg+g z#+K%5K|FBp3V)VQ>YBw(HL3wLh)6<89N{IN6?l>#GC+U`z$arQZBXw5z^h7dzOtNp zP`NiC+Xgui1>uH|BpCqeMj&<<0Fc)lchX7LI6yeY?S$KdxtkaTsImd_FFi&8zf9ae zU9>g1FWE&1Ms#m}DpT9C0D#jUCP@#wNYeg)x#G|72q`HAvhEB{<>VkCUe#ev<(2zD{U5Dk zzE2IfN-ev|8Rl|i)Co7S==b`w6#IMhpCB`IgTKkxN#k&Og2D=oSKEI+G1PheU&`>7qTrAc8wqHp=7ehtNGh@{s3+si>H8PkC*G zXPE8tl)KtS`-uF25Q1?{`s8w0)QilAQc%M^GI+h%zz;a{GdKsK8wWtr1*8Bpb}fV` z82MFSTjW|^!1ywV?)zIMp0*d57ZqcU6q(9EIExb#Ner!F!T) z5ulp97#4w41O%3-B)1UIJ(L?Uc+FvNMV)kf6tu43HspbvFcH-^u``yM>To&#JfgWx z9I4-%%;BOvBb{zCbEHv~vb_qshgm!VKr|tK_&eSiOJD*Z!{h|ug5r$LA$UW)RL|Zm zV$?C*7XM@y5Ml*?T|+MZ+}j_(Ngc5OpHl1OV2uK!W$}ecFRx52Wi8~H0&+wpte4$kix!;w`Qs=ehL+9Z6#oFTft|dkzCrmnd_YV zI}-z&HmO?xGZ9AT*&qBwt5sm!5p#o)35ei#X}&bSJ{{P4@=m+aPP_6>*TDZ~4J3Qy z<#WFz|NRd+*MEWfrPWjhUh3zj)gjq{PV?u|nHke}9{?t;yZ@8iV1K<=u0~EmCZC5* z__lK%W8Q0LHOnBnJ27M$fQIWII<9~Is4)#|XIar!NIcxR&t|PbVdX{f3_q6qZ$&## zH532OG!swl^?%P^da+f>xt~7J{X?Kqq|ZHp`-9`14Nxr{K(EHZ4~qi%-)9}9)Qa%E z9m0FzLAc}JWF~Qc|8KEUu;UMRxRuuOofMogk zdlpl7$#VFN>#a{a>dd%Yyf8rv_ikx7E{h4f*k0ThIusz2skcCx?)6fuZ@!{XeGbiL zUc|c+$dya^-f#kr(L+T*rXW-YkPrh_-B}CVqOML=W3)cs=$0|}w`is1cQZUX`i4tO zEA1#Kh>0|42=HvDy&-@BicAju#qa=LnGkAJzv>e>FpJbd`Honq{>NoE}lF%HWZ}*Udn`@QDXOwLf@Hek7NJA z!oxf6aoS**Yc{li7jAtOmlyvEKKF$(-SY*c` z8LcSg;^9$XLfVbs znO6>#P@UL`&t;exUpKWz?(-r*;bLcN%lJik+v6pGIW|o#8PQZ`+lJtDs@eIO})OXTi4iz>B5?=b4ax9JZyO zS<|V5#wK6zwQnf+EFz1$g?ecu>C}{v4&g*VD7`BTc+Ys5gAf@V-O}Cs^XmKt;}Gsn zPF>AtasCj8_w}zp&o3UX)mZ8f^MEhNDG`Mu$i|*g;$gUzqp*$S?|Bc>rgoZ>hdqU{XM<(IHAA0ZX9d~ivT^Ua=S7~CaW^PZ z8RSVj8V(~Pl!cB5VZ$ibRrIGm6gQc1z3@`l{6OX|inC_gJc}~F@3Fjax$XTYNL#dq zd9qasx!5ga)T0BL0%am|enfl&a8wuvgIfDAn;!MgleJ1#NoQN^%r6Tb)_os2YOko7 z*KP&5eyHIkT)_Fi(>Bf-KD%ch8ec*c0JM~|K}=xFnAj+l*2yyHX^H#r zt>3JPs76SSe@x2_S3G#&S%luN%*5R3CoL-a%Brlt9E$5>#f3ON2njt^YQar!$o8?O z*u&2X`=IRhuuS_LUIrH8b`0X#>6d%uiZ0FXOENC@3_XCM;1|xzDPnt&CY$K8 z`D#s*iqX*ZWxuU~5J4}Q?^7d!`q{!MOfnpteBq+$6vR)*n9`RFTUnz2y%Cvu^VyMld5ar`;SZGN+M|LTS;n5;q^bzMUy=H*$S z$yT@}^{tHg;1T6*OX=nVrkAnDkL`}=Ry5ScX(P%2P|Q%ib9FUYlSmt0X;5qnQ-7u2 zj0zXqcQBTfTkJjTq1E@yh*?ou!#g8Mo&bJIHqaY4je+z4a6^?9F=A-N;sDIm{f6|@ zKa5vyfP#fgFVv{}W>$vD$SfJ`9el0vcINxh1m@UlxiEcy%2%SRv(?>$-CpcHJF>KECntme1j$6n#lRw;idJ3Qb zOeFq62~fUuDdFQ1C?18?L~0vUvmeE3{Ec)HYZ28K1J{A@2{I?JO~^#02YLvs6Fm#= zsH!d*jAAV#+YqBF$oexB4)3%6;IJ0`CWl3=oZj^?-(?r~V9`75w0>7qZ6vmKdWNnJ9PI7Ro#8qFIr-`fMGu>-}~rz(Y=UeCgx`~zJ-P1=4j!Cm|~ z_xvS5h8Wv;59u$g*9cqf&M(fg^$9(5n+u&AG!!s&wop)D?^gY-U27aqXgV*X2>vb* z!qujcz5QX;HJPR7rL@tzcucs=hX3l=RF!!8a|RkofTg+ zwF2-)iZH{CNi?f1eZV?4qNscBh5=3@;cC{bIQ)Ixd5y$vImYUIw-+N=s2F8@l^^Mm z&;)GcwKy-6*}}`Fg@-gsGW%5o5Ac=cfp)xI4_bED|2>>bP;cVv8#=dify(E1Bp=YLep;y9r9*ddo_~ROtO|x@$ufim4=G#v1b-8ayRqKZ znC5M}ZlP8qnkM0)dEMq}8ffH7JrV{@k1*(g#M$Sg!(J$w^6lo{LdA1er}mj>GV?_h zear>FGK9>n1)su?NfBgfqRB_fL<>a~R~GxHmeq&C-!_e&+c0WO8p)SRevQq)p_ya0 ztGPVdan&w}eq-W^odWM4#jlGvP<=*=vDrME6VgaZ*3MzQx9Lw<5j7uhxn z=e0UphaOnC{p*Dwo|vwiLam5^+Ul@DuYp`IY;^iI0ve82IGP9@uVEPjw;BQ~X>T zh$NEvit)*1yydr_lwIiVFG_S=%a@79E(yvH$VCdXrX1V|Z&HvR98ln9U2GKmbTUgD z*|1pLKqJn^S2J~of4G`8u26u&4R>iN*j{f*e9|;gU!l}*mYas*&epL1pI@lU&+W8_ z#i|jZh<+%OraYc_?AR*N%C5`j!v2ST~n*ncuT}oWZwv;bGG4QBqU# z<{)ghmgpvX(F-ZuXqpCQKIHA0+QB#4oGHKe6!_`GaHZYom452uo9S`A^#@i_9WSn` z4tUQPG{cREqqvTB=65Qq9GXV%MJ0pqgzd*CoV2^H(Q?PC&YNa01_K?3`ee}#YyN{W zdX4_^2${y2zueZyy3XK*rS=b_3VI(yX4out9Q( z8EMyo7Pfp}D0p@-)D+dUK5;P&((BC7n%&#Z^Y)VxAvg8uQc9~TUz8BFKFZ>aeHN5OS|1+Ch9Tt z{XuXF)e>C$yb_=a)W)Kh3Iy@BsnS>_LkG9HX1pWRm>T)a#hYuzlJ%f#8VjXHe4}X0 zbO|7PAQVyJydF}@e7foOeY=oR{P!nugR;>P25FtJ z^>dAWiYPwCw0wDakEaf*pcgPSngqG+c>P9P@X7n12dZeQ>y^#jBv?0+y^|3S(S>rr zA#?kGmsMMGr|pe8MzcZtnJgkIpqRQ@2O6PZ$I@CnY3<+z#-EJ{am1UvkE>mG;F<|Z zxOq2|(ZLR$nl`0CzZi;kx%Byae=Eo{iO8#qYbx9yBSrnDu;DnG@?IjY?Z_$(=Et9l zFle_)X4YyN+-`NFVD1m2WVvG{dQq3ifFTu~8@6YNFR9oSu+A>F-JSY5@}1Y8rLbf` zC|DLhSSy!Nw4MZ7aEuO;&2S`*uAg8XNLp}<`RrZ_J^p>kLFEl8=Bgh{c19Z4M{MVWqL{K{~V8HBNTAY)9WIarj&Z_aWw5!6>^73$z%udHaW;a`{LE4#&7*&CKbE2QZ^bo1n+ zo`S4>6yd?Qq;zo*O`UKDIU&_M0{Yb=pK83H#pxVr<6WFyBDMNQ#T25=j5?k(FlK7l zvVKrxU6dfW<5dz|ab1}kqZencW$3aM2)?xy&uq1FNL)|5D2|gO7tksFSwz?=);1xjXGQF-*nnMi8Btj zmyjYzO-Gx>q&yGALcPd9Uz~MoO_s!?=zlJj)CEiwN0%T+F5yHonryyLF<*3Wpol-^r$kF$5ObqlUvd3gScVlfnT4qhdJ+Ghe zJ6^R<>3uhySeeqFruqFC9D^3m1nvMr@9h@#VqKsTJs6@JyqR$`b!Am!eD&D#+3Nb> zL~bnKf->C{+M~R5FCwJ5_LEazlxsN0n18VEl~JZi)o<0johaL9sS&my)8JNu{Y z4Z&{DFIecUXX5UlyM@>SV;m3r57QtFUCfI;kbV@$!tc0WJkbm)W5JT;J#H0Yu<-jhp)8t6`SvCyfOx@mrkH)xWy081^{2HDowO zb0n>P0DnL-LA*?3ApGvRi|eSQs=tw+*+#CGF8J2;KY9+`KVjf1p}Nd-=^@9(@S5~N zD0deat~IZzwvOW4llRU~PxedAO{K~FwhC*tNm6)`$!~U0AfG3x<@Yu4^eZWdER9?3 z9)SyzjNssD-_Bb#Ug&+EJTvditJO`tMnd(Ko#wIHrmrTAV$U(gal_mYG8eB=GcjhP zc41XlVZ;|;@7fuMQiTNvjNvp5 z*E#Nss0oI?{%-7&X6w;`S{Nnx5#?(U<6VNSc+=RY%faUOXPG?Zl|K2g?T$XTmV6ku zH5kh-x?P9To4;`MBlTxh3p%oX`BTeBggW6m5lWLv8os(ZxeEsysHQ+g8Ky^hk1W*| z8>7{u>BYpjF%jw5P?D;*GfzD}=Oj%!+ju75tuc^!bV9x*Ad9=%)}+VEHG0MQ_TDeZ zPsyz#@IoynK3?MecFW{n-^YT!zuqUz$sbq=a~oeE3i)~5HmX7qCH%WhMxa4vucsKev?=E^oaW`Ql{qyr_#I9RwKw z6Ynebt%q%qZb1_nE^G*Prc1M`j4w{)G$7OlB~d^vg4S3o9E2@2PQ+0pn`UdPHx#~p zGEgcRNqxXrr6NBd_AyK0TQO5gW+wD4ii&c9tkiklgt!(aW-;{`g+slZb22cQ^ouWa z5gr@W=FaC`%A(J*dC0k+iXmZX%?A4u8zvDDW-k$qdS9Jz8ncoaUS;`FF(Jv~7PA4)TOwQ+ucm{9 zl1?=UX;b3FbCOpW>lzD6vvTd6(?or)2*#Onyt$w_(E-FYY%>SwA>rIhl-cwP!aPR*{f==+1e%s0R9 za4Z=bYnFRPUF!XAdiCX1?$=qi(MBUmSZKY<{sJzT!hh0dKaoI|DhZ3R!fU-1{(F8< z>COFXz>`1iI@;ZpE6||H%F^rG0cmM+IIDwuq5;mkQA`l2b)33jjbs>Rln z_O5VX8(-9~kl}A~Od3hMd&isvu}KUu1Sp+1%6gqxj11!ceAQvt_g&EsdCuTrMSa`h z+f#kNDlx}x?z2$Ks~)!ol~~b&Yt5OT!}5%0JMG-v{{#5G4l@c8e`()1^aR%SLpo(U z)^?O5Y`_(+d0yTHf?Lf)*7z~+Q5T5mv7M8z4%+Z*g}XT zh8Dp^vN79z%RHmK1y^uZv#H;C1+I2J6M16cIB-!&=QHEo@p^sYQimK1i{z7Tb-dDLkt+37x{hV|P0W1QzYUHsFIYTjP7t55#bmICw=A=9M7NHrnR zL*+rK*+d)B`VuwU2bK$)Mn1Pb5DQ7#WI>`Lt_LqMpd4{~tT#Lpoq2U^THlC@GU1o? zoh?KAafcC&XHpYx2zZL7DPJaJ`%F3Q_Dr7?ZNE_I3*q2=KH;xEq)@KucOwP=Zhkv` z|2A&4uMix<3Q+3`c^miqIbZ^%9k)~8HQvG}&s!lZhqU$8=3Y!zKHe9=&5~U{f#xu@q-qG^(Y=p|HsS2zt~p zy)U0NZQq&VZB75FEop1yYR)(}u-yClr=X$d+-VO$yHcAFbU`mP4bn8!2VOwg71)v` zxU=`r@7UE$8x1Q%#H6@;X!@R9(WeUvAJ3-6J|R+D7uE*`{`!r=RB=8M2@Pu_A{OE@-+aC$%go)I`o6-fd&c; zBJ;fMw^13Xa5O0O$!|+`ADDYzs*jTT@J#$Yp7->KB=>+XY2(j7Pzo4l63I%9?4^O< zoCg4oGMlKvyUP`ZJ@-xr|4^xqW*NGoEh6Xx)a&Yc{gc8F1~ zUS;7vwmWN>E-j#XjU+Z$;Z=G~6Ol}CrAkvxXW`B_nrb0Ink~`H7HX97pF(AaMc(&- z(9JEI2}r|#cKmowyvWT*_4%XY*H5QAT?jj4gXNXK_sSDx+%6T-hh#l;tbEibXmI)T zgu{yv@uiJqxwa}uG{A_wpi6?YSK9B{TaDihwa#MT3_Abi_j`|Q*sXAKp|b-6!QRFR zuHXEO=1uQ(@htN(f2m+MAas()9={16#=5?l7At(sA{W8#n77}C+W-!bMyJRDFjdpe z-&DE*z(w=P0yk9=axI2B*!tK~MJ^<*-y3~%>E+S`T7(Z=5O2_XxG;}VNg->HoWiad zuX60FH_j_}iOnbu%&cc!lNNt!rz@P*z)$m~GLOXy-+1XBLo?kzs_!td3q-625(B*k zxI@Rr`KN!8H#VDH+i%FRjJQ6kze~J~4Y7=7k<$xa<)ml=lmx{u;6!JMhDrA}C)}c3 zR%AIFhe~xPqxgUV{c?j}*f?we*nn+Hg&0>xpCoBXQzq;;mKTWGqe-Ou&94p0e%533 ztm?f!qr)RoRn`K_tX4Lb%(@|^fwk8eNsjgVI8zR9lXxU4L2a(2wgi&l3(bl-4lrF=Y2f!*2|BvuI1^7 z|6e!#bJOoqWpdSt`7h;(ugBkJwZF{v4xM~zpmix%yJ)huqV)`BNC)7o^wcYuJ zrH*RX4Eoa-CUmC%vU0(_qJj9~sO{H$%$5UI6FR`rz@bb>tI~G$OPfN+gFPgQcuY6SatxxM)s;oPTXZ-*ieK0q412h8C4dW5RVF0Qy@zSlVoSXjkoq7@ zugfD(Jm1DU#OC+GLHKLL^;eq@ic47R8rv*SW|y<0!1?ucXHpe#C!+tyuow$mb6u^2 zolnH=JVNT9Tk)wbO&ao|nXmMNw=RR^9~*)^+6w6rldCl3&}xbJPI=5**n54C1tw0t z+m%2#dO2mufG;!sQE@i9%Lp&gcTNW!wxdxWi3Q*$@7#91CNiPQFm0{JpZ;zJYiEJ0 z6!-6EYxqnDaC3U^1U2A=&%NJRrTa}lfaerbE#_1Y6k9pIH~I;J5_F=6cT-YRM^mU{ z92**cyx5(QCvQ7Hga>rM)SpVwWIX>PQm#QH0;#+#5TyUjN zJI(F8K3zAOC#7pbKIhWKX8jrxSdu@V2}IUBmIsgimUs3f+5PlZpWmM^CpP~BnKtEF zIhcs9cZQkQh;ptt@Y-%ledTUp)4t4RS{-rNZOTaWG$Pupjk(^Nl73Qq*mU&nK8lIA@I;wekOIg{1(wgfD7wCEmnF#g(VU{oc*!tq_= zqEihSJGM-ymkHb6IPCcciWi9S28b|9)j3DBvM>ST5Ji_$!KoEBeg(DD=NkntZQR#T zB19F;we0h@wQBoCn+Dd+&J6iw!3_;JeX5NoYytm~G?K_)i7pscAbC#H>5oa}BxK`0 zEyG&SDcOsAp}CAm!NGx;dIlBYES{Uds%RQ(?x@$O z)?&C|hh~qraRniR2w7(8(RRML(4`yK^CQR+yP%{Y@xZ1zX))Xhr7PW_*8jLt z{FI}k({E^S2=x@>SuY zfOT8?JCcSy+a>Tk+}s`^x#|2fLPKT$#Pg%GV@rbH;OF+qUTLIn+tGbwXZpK?35gV& zg)TZ^VZ8rBr|ZXojb*W(FJXbTj|8f6(@c674n@3^Pq4@P<14I6oo|2lfK7L}HWE|5$%`c{*1tBJ{)y8%S<_)Ys zW?d%#ymm|DX??A+W#r%^S?n|Z-PGMeo2GzDtQ+zK^4xU;*~i=ZBhY^X%*Z>d$k^|H z(_H$IVlL)>^v8f0@8Lzs!TxmbJybW(R`zP-qmP5_j^vi&41@w>n^4Mnv^1D+`px8QXTI z2fNEG>DXD_tVXj{`)|39fi`mZ(J)|`!eat0(G5&;bc%l1;X#O}+vDGt#XlvX*m|3% zv?o{i9vhcJ+S0&8;$wN<(TQ)$^MD1}qYal`e}nV@bHnPrd1TAI6HD&6hs{mCO}2e& z(PVAtF4d(d+0Si3MU(b-2iZV)v4)~SOdweBgLxlznr*OazSoW@2UAmgH~pG-@TL-P zB`=5G>{=YX~{ou-gZG^&{znTY}mreuE8iOYWg+f=e!a|=a+>tE) z%=&nkYFn5YasB_UB>* zf!DSkQt9fXT|6?Xb^l=laRxfcj&;)*vMq%UZ;*g}I_7g**~A5Va5tgSmF-!0zD0o< zNPmfUdFVmT2vLeqOk~G%jP^(5#gNTf2wfa?*%q^#$~GC*P4Dh~KcWz5j=5-Dfg)8^ zSZW=bUdXJehKEru39c2=65GWBKbfw#*3@A8xQ?g3L&xiK9ocGr7vb(KX3(oD5ef$i z0Ztez0*shgk#lj3}W1 z@xmW>7~h!A<R4LhYno3Rd2f_ohdK$e788wfE%Z>&q&fDOU`yt?Ep+M|F}P^ z?7Ll}1!TqiuT?gq{=UA!GW9)|?pI|N$u~4l=H3i41Tobvob(BJ_R22qVLba}FN)UV z#t!2@&2aSaotoe49SrHd{SlU!D^I>oEZq>c_$_uQn}`xdu#<(-c!=4UNEsgESXt(d zy!_p}{HJp(v{@eaQ~Vf!o_Cft7C?AGdXOo{W1hIh0pA`Cki?OBUCRLLwFVL^e(y z@`wdDYgsuq{6}7s0>r^)Q$SynLC7-w)>3bX(!uD(akaIy*QeR>#abEFxFlWkaE+xp z8Y+cloYw-dDC&N7WL&2n=?<~xSa(WMYA}D%H11cGdN#S#5RFzXF7UWs6si}m=NjFS zSUZ72$86Z_hisr;o=~`n25Zatf0ON--&gFMiQ7Nn@oE?pzhz8nyB}oGcA;L*(_Mn* zA~*fDYf-cRK(uT#vVSHPD$P5l{X81q`Lug++!51X;|~{n1(+PxVJt_g2*I#Wvl)qp zcYo}A6oeOEs*uTizx;Czq+lemG`~%Um8kL&_y;0$e(Dt%tiH9h;$%zo-pEK;Ex$yYVquGHKeIs}vH{WurLkKva)DufS6!LePT&c4@q}@Xh+Je~I@0gIphC0w zBVWxgi+WED>FdAXCmcWwr(E{l`mNP>MK_4>W*oACby4m|Hi{3bjYVBn8WV1`#9a3m zeS4p0aNnsH<7K~e6M)Crsn9ufMz;;`Kr{1^gRI1BU*lh()-P!B!rodp^Bk>CeDs?Y ze^dhBhycBJ9}!moawV}K0BE-_yb)YUW+m3HG5YF685rS;^U^cYpsP4+TOwueyIpjA?_=oRtA2CcipqaHPdzAMq#`s@^@QMKt&g?nTvDvk z6Oc_R-K??p{RJZUiIl4S5Y>B$RqJVy3+p!(Xv$$+rMIG41nFo*FpXL?M2TK!5u)9? zuR)*swKv7kT`j>W%5;dQI}^wEF_@rV&L=Bxt;Y^q5)%33*FPu)tOQNRv+5~!| zyWR-1S8WY@iN9D@db3indzZWSwCLTZu2Y&HpH4sOw&JL`ET6EVWvSr$IF$irTDS?| z2-!EzE6xS;=g*#m2Z0#U?q1gPqoVm#(M+$}!;PLFMm5m&9WERib>I#93l|QZvdyM7 zEdvUle2HF*iW|K9J(m;bvv{a;<`|Nr@4 z-TMER{}1MKS+7EXfc*dB$g>~-u6T@GZ7y7wWQ=^YcUAxt`}Es|=kLRBm%Sxm3p_K$ zu3=H0Pdxnsv(qhs%m6YG!GQB6M|dVGf$Nq=>ECk>=Q|F5|Hk5)8gC`WKf#T&N$Qe8 z^k;_^+UD64<0}?-WsyPifd*wOuhQ1O4eD7a&JEiPgKq^c{jC+$EXx1(O2mHuuzG57 z>&>4|;n%qNxk`)iucWK)JO}U3K949J-yWg}G*C*A6=q{%gjoQ(QdaAsPz+EJDig!8 zYozpZ_KNu(6Ry+0PguVl0&){B7cm0(xmJf*G5?Rtdq`HYw_9@rzTQ;9m|wYHXf2~+ z#f?GoRz?l~2JHj-Z3+Z2`waMf)>z&(iT%}&KIpkJO!x;Y@M+(db zH=F5_Mtoasn26b@uz6V*NJANQJzZ*~zl=$LTo4oS{chg-yT{%vR0xtQB=1zw4^PIE z2qoulC=j?($B#~pHD3b<;)|+&nLovp(G=*yik9*S;q{y4SyP<8<4A7~C<|4eW6dZi z=5#Jgn;) zzRY{)+2}{7owLZL1!p_aN8*{DIpo>QX9|tlYYk!*3iCOXaeI%qcoo8+e+r6N&jadX9L67-+94!AlXmfTX4xY~Q!(klCOz zEO6s}+VASWw%dk%1*Qkv$I~fTD>IEtN307IgzozD*JNgiZfJ@#E1m|>QRDsnEP5FQ z!xpx9gB80Rs;2ty9J@VEdpmdca;@qz>9)C|TxX)xU=@Dbm5uRc#M)o}vhnu^v93pA z1haWf7zVl6H$)L9#*`?>SMPRls?_h)EUt{NtnFCX>->5iT2gtJkF8kwj+Gj9^?4~- zFA~Q|7{u9N88I@~&Vc?ny+|u3G}x8(^^ft<5dQlO(k?@9g_8L5A`Td{N>P?OS^8O@ z3?$?A`The<-@o&z(BUWR*x{nh_retkvMX0V_*#kP^N5|_y2hJi$ssRjt@=|l%^~oimAHFYD{^oQ4g}pFKV3bO zFt45BlUZv@eAJvOnyUIRRp;{=Rd@O4Z6~&glz*VL50E48m0SNnHTedVch%l4TI_T1 z5E9J}f&)jE2`pbFD@|F?EgMWIPVV3g>#lEXWt7fN1WE1hN96-= zwpOoBtWmS5*R@lbG*?^$#LRC98n5|DYIxR2+WP^|43LxoINBjFuOuq~yt3eduY%^; z-RB0l28&_l0?=~YD zpBAsy?5UUJE_jBpEQ-2bn^BOnoz!;&HGBa*LOgdwFFNbYon#DYnw(_mv6Sty+$q13 zr0Qy0q<2@F+e)8{>IX>m!rT0aMRRZ}MSQ+fkfe@SK&ap+ung<4udYUT{l#=<7}PcG zh>x0PxlUX(^lr?EhlRWLr_IG{u-Nlbh}UbR7ho4CzU}S;&s4#gKZa$k@HIIQX&8{7 z$E5AjxM|~lUeO7AynuXTxw%YA4)OMmqPAb@6YiHi`IJNbDaz`_#geq^>#2`px!Esr zKXlO+elBzgG3ozE3t&M;$AoeA7igZp_ZP)|eTR;nOD#wH)Gs;|<$3~vt0bL-Hi<`h zk&nPRMm5<4_<1Ru9Y_m;ZNK1_tIyNQ*S}s{P%?)7oa8drv?x2U6GzHZ>nvrI(FRee zf}I|k_b}Z*+A087dMFwKCe-PhajkM~tr?CPl4o%`~A?N!p+ zqP?PmoKTLDP91gDMalSXQ#59X@B|k`zI6WSj|o(FuJig)kE^C~*V9mI_k|2M)#b*l z@+;JWgIov0YUfWXLL;JLiB?_Balb^DK6=d(3e8)E1j;m4ej99_bQ9q&Bn!$6o-!kl zn;23=6zt7qEh7dvm*pv~yX9~`w}W29csu=gWxc>B8x8wN^aBjx=y&jk6G(bA(8p8# zxpxjk8ZUhUPT}9QGB*S2P63gQRs$H6dp3>Q_x|z^GzI(i7m7B;`~wZFMmsa(3RAkk zM4$P7dm4+oUDsH-rj{M-B?oo&HVuoYYhRbz*w`-m-MQG+^D$P2gP+(yGDQ4H8 z*Pui_3V)cO`COM6Orbmf$w-L-^WS#`LA=M;5{td5KS-Jz7cFPmfYN6UUx*0cRbmiK zMA_ahd0+Hg_D4Ik^UXDiW2Qdux257Zc@Wzdap5+aG}v_Y{*$VOm8q5M0=jwfAB$Xf z11|c^a^%cr09x?>o@sXGCfy@Tv=J9^HvK4;Kc^PVIuyRGFIl?H@}b_6rW|cO=q!aN zuF*PmVkME)T+E;wa@3|HcGUm`e8wKWegz@3%lSbT_~G;|phW zM~9fM9}K)}$Up@XL`e6iLloJ4tTUWGzKbnT%Anro6KLR)za!9hK|1h5??+Gt-3RIy zHsdYE=HR!5I7`v=IA_}KwXoh9IS8_dUa}vLGge1`6G{GE5 z*V=>vs`l*t9Sn1*%@@16!W-Mu(%j-hQR#6*@W%~WRFqkE%BYBd|8sC-TzsY12}K}( z{psjlB(hOA*jqgHGHBEI^D`~S#IJVrbl%QL$KC4L)SRP=mBoPo_L%EA+`V58RH$RD zCL)(F4fO-bbL0>t1=2{@AB7w!{{&=S$zsj1A1CvVW(d`t;=2~C&0LyKLVYbQ~9%JTc)#Qc|$kXN;+ZdM#lSJAKPzO zPV5cnX|g%?|8N}48r)z?D|(e45T@8R?+YR$h$uXuViV5r{;?ERxX@GxH_ke*e5jll zsc+f&0n}>h;<=)g?5okOFHZaOHyUzr{@q+ zXo>Y)bF*3X*LU(g9OpBMI@iyrURX|V@AGKspLe`~)W@d>{sU<~Jv>)M&wr$R*9AAU z^f>}0Z*2*3N5Q7u+;Z&Tr{^YeUz~x+kAKB_#^M7ESm`wF0Raotsd6Ng#Own-`kUXr?^otDYMB@2|4kE>>zL`jTe6@6|k*k9+1sloI@Si%DP`A%j@y;v^R0 z&PeO?-M+j|b8uJ8p24(eOQcNclt$ChmTSF%tmG#-lQ-I{x0HFA&k7%68?jpBcGnu4 z;ux-~Wp1RJzXRk;Z5oQ=jhfE}TPG<9b|@Uk9!H13C^WO*nyW?fTiWw-btRXbR`sL? z>4&dey>h!RZUHDBYR+?zzZNM%$e$f9|3DuHBG0*R+F0|SwvpsniQgyCO#eXBk;rp_ z*)sz@E~6#Z{?7=>Fu>%%w&9@|rJDH28luNIw4RtF&810bwh=Kh&au#kx4AlI>8xeg zg;G1^VHrvH)6pBcb?1c;&)d9~vmSWb*~a#-*v-0V!N|yPo`)8?@_KgW&UTKpR%Vr* zEu(*GyI12@)NtF_Kz#P#*;Z<>=ZC$?Ud6>z(2-wrquc)FtN^NAsRIoYt==A|C%#3^ zEQ_!81U`7&9{-^LGf;fLFLty_xx~IM=ud?hMzNCFA8&bSLTY}aeGK&(t4s5uc#aPi zgQCU|B?bZ}9(9J)VuRc-e&6A{QZ;GU=49)+G12Rvkhl7UHx+J$%foDCen!0rd4JEu zwC@c2N+jZzLc$>CUYsmbU{yl#h*08*9iLp=2AJOm*@7B`TnvM)ucRaC`b_DdH6>Lr z-XGyoiZ5QZGu;A>37iI$!h793-RV0KZA<@kjR*W6*Lc|-8lF07p2=c!;9$9KMg5b7 z)~0ceFk=l-g*<`Mg^{`;yl_U6JzRatZ9e@aMjg@S0+NyVnfQvA%IdY$K(M0!Wy?+B zlsjgDc^hCL+a6E0S`T|_x@(ft30FHXbN>_nWEqHSA1@0_Oj-I?Q=Qg z1Ig;Iv8lyb#xQ>_S^4j&0+J1x%L)7vdqzeM59zk&vAQ_e2JZlPVY`PSTA=FRb&aST z85OiUKCZN=nD(Zv~_LCp}HIVyUti+dGQNWVMhEZ34g(mp9x zm+Zgz@KME>Sh?-V-0k5z&x-rAga z-lajrZ=hlXhEh9i)|tiny2M)@$~84g6G|J6n+%g3nr4Cw-BR5$_UVGMK6G8knHaTK z!Or7WEpeMC(f>fOLYfgzOtrd0!oi=zeV0IY1s)9^Rlkxf!(ZrU@3&pL9}%C(?p9mn z4}Qbg9^90{vqSw*}d!TAScR!%&Z^RtEa+j!>ISP!&e`n~hkKdCpjorr-XSE3XNY}e57N{_bdwcnqeYHjp~ zlK%RJte)m?9Un6dFV`Yxd@6%o-6PCa90nk{K?OciSglW&*QU2kmW#lzfK_FXxNSTu zmV2W%70OJ$6|xSFjVLW3*oRbqqqhiOsD2%89&O|IdoyESI@6y$Itca-Cy~5JU?Qes z4gpz+TT>}K6nD~Z|JKJDJpTlnyKWhFSTwpgd)6kgH~%t%-#PQ0*M{ytW9m0Yag`!FuJA~KS4+dwTW2bVJNLq?h*2BeX6G6CMBAGpT5_{E}0Dy zD3j%d{g}3ONBUcmcz|+TfSM{cdmM0fWTZbHJy}nqKYpKiS#JcGA+5Vx67mR;gZ?)} z^FPrYU;9Pvc?uV-r2^|;x_c5DRP~5gzUON87c)cJ1ZM^9iHLKCk6$$l(Vfi>dwOZqkmHdg_4+?Jz#JuciJ4Ogq9!oIl z3NoyGb-zw9Z`t@hF?@*j*TZ}Ep^{gw0Qz!_*p)uac}cN{I3Me?dHK_dV&tfP&Vzk? z^V-SInPm~sCMhCg<={6gDbL%bygAiVcsX@k^X~^9Yur*hQQG0Mv34n(9dP;lW3wUd z;2((7NPP99^=|N5y?t23Uzqc5r0k|i^VDCz?Ja1pe{ulj`?Gl@9YXcDiZ%YH(~@zC zPxD-FnBSwE79qFjVcR@w3&Z86*?aSiWJ%%)#yEGp7X7r+wqM4i3ZQx2>)Px5gK^)G2q_EewPLFQ;9lPm<%-2Z?lB z|LiZ|~%H|Kf4 z^l$JGf@_MxyEAuUjktGuXtefrue#V`LvPsJ)W^iWuo4ru`N=IXz%e{kaXoZ! z3*@#@YHDdaq*#ix?3pb?hJU+BXz-Q@@wLj!tg7FsatwU9?H`&`>Aa&n+cdd+S_s+! zM7M&sWfPS|Frfe#Qt>GF4VK7b;<>mr=m2-QV^o~^I*Vn2_o-hon*qFV!BQ6xco#8; zNd*^w_-QKPj?L;}#!}%k`VIH&FN)Y-uo28MIAyRs*}sSa9GS*;w4Y0wZ@kpjW#6(H zHzBK}gYrVN)Ju(D8r6jLJP%d4DSV3trPvOkfRW03P3o_cmcFsfG@!(z`G;-Ej(FxJ<<*4@J$dVvuWcSHSM!A~2)Xhf zPIXlRk2d-ZVxm3uZ*w8b8%$2t?!#EdpXgX-F&-qMRs!UHdET{*@wsf<%|h#9@zypvIPFXOLtFo{#|(lcvDuoz{!{V7TqAQ`dARN4Pso1IXi~ZG}w6ew6n-H_5pcwdtA$5`B=$W(zaZN{ybt8Gmbj9RLB%UHq z4EPe!dS&QgOM9XPzi6FdmAKbCL&xkk#*2EA4#Jg(5s8mtuX<-G*?|S$f%xmDCCUd( zm2>%t$G8}b?Ro6qbT&9Q@o;@{p;Ile!uYe7h*(pjL&A2N-b1w!vu`5;bq}v@WYpKM zMc>|DFT*-vAZe=tebGB!r^KPWFAx*olxmyCKRxV;RFNerMNq z*Y#Z2{d#`)@BZGu=lQ<;;dP!fW6tH6&-wWr$NP96?}IwB)A3A5TEwRs;A#7;_5RDb z9%eUqEecr&(_(_?*rg=01asm1O%*F7z4sCiu`(YsU3bCI%_!zM6pE> z1`=b2!Ga3QPMK3BIMjabLGMyQ2Ofhq-{C^N zZTUA`W-FnXDc~L$oR({nNbd{!jD)g)`$FiG$Gt9l7|*sf!NL<2F`ZGEk0Z#JnP)?oE2y!@8!uE?f*$emf}xm@IQD)LYsTm;nuVI0h@HFE+- zyQQd^vrUy}HR#2w=@zXmnp_EiJ_-6dSx1NOpJ{8>ew=t3>(qjzz3rj9xZ87s++AAY zYwT%J%(hZ&m=ZJbsYu|gx+v93vZ2dX^g^|3g{IG`Tn6XYqFtP?sC$bdcLqnfxkv|6Ij4zs|~7eNpwh+>RkCO(N4X zC|#z*=8<#igQnM>#GL#hgkSLCKi*P62+0( zL_54cHlhK-Rf~yeTyY=Fa}A{}W8B%;`Bbf-PQ%5omvE6*H2@}NSpFK3)2kwUb#)rZ z=BocloZH|32Z`{1wJn5}G_J~rfc8H9CT}XYE0j`A*8@i^w zZR4X_wMymfF0GqC5h%IRQMGka2I}t>@C0L}_Pu-}zzdS+10AWAMvrm9#^0shL8gqI z*0@;CFyRamOibk_v;`97Qap^cBGf;L@t2fEya|%CR5W}!_v)FPrNHof33_zv{D>v9 zjgqwEYOm&8Hc3zInZyJ15lONAX_bE!a4fAjucX3q>mTVWmH(W&-5)8l{d0o$ZSg;U-2I})mX!$2{wAf~H{JzI`?|kspt_(&0k4L10JUxl#iSB60hjZw zELls9%!&Yzb}i(~s>oiQJ8QUD6ad*e5#u9>LgYSx6a0-H@I-Y0L1*4y|ILLzC8cU= zMGQ%P46rD`cpXxD0RR(o?SW1M0QnKc1akZyNMc@1MdfeL$l@(ak|vvdd=?V&6=QUO$qETBp(;)jzjPi+qG1WL-E5qb0T z)q;P#+Y!`4!N$@1uD1*>{(QC2AJ1Nb?1#;Bw|~pZfAoWSSdc%T+;R_;f%+)7Z>)V| z0ngF?$ogdt*nbRvnK1X~tY4Ru{R#em;gEFT5>kNTsK`o7 zEyAhGjWGMFA}Im0^U!3+-3aT(1GPJBXu1&-rzM_WO}07;1#cPIW|q9zDoe>Hd0G3+ zsvz#~fm+*8Jw*Oe7YPfcXr91S4?q|ERLWD;J@`iC7o=%QpG8A#VY1}_PcE(38}J#;!LW58fun`rM% z1RRZvYJcqP0z^@r7f_595x4?F=ptJM`2YZMkz`U(lE_)}sjpcg<-%8E|jtEL<0qUfZ8?`^Q`wDd*pY>0Sg8q2XJ@LA?;oNJm8W5-8ZeQ zf{#h~&)YjdUkvw%KX$fml2e6{(>?eDwjqs{L%p12(;Hv`s|?Hd?HAT{lOODmig{YWSN2*z-Q1V zCPV;g-#o&$JHzV*ZNv|AKHWeI>Sp97z_k5P`3tE)n-QQfFawF3S%Ai{kd@huia|i< zxeKa30?M}@5#+~7JF?&D4%su%-Gj(4<4ClLG>c2Y94uldP-N8wkWl6aC>4Tatu`_X z@*iI?&{E-E+A)|Vn{^Og_uw*v07?Z7K&b$#?fk(%e22APM@^orhu;Iebguh){)f}3 z{rn}@0i8cC?SnNEyDZ{f_-k8hJ+Tk_q^*6@*gk3OzcB{>XrVjs+fx5mGEo0?NiHcU zGp4^l;VIcx^Hxq22|B;44x}ISfi3mx8a!gGfP9A`kPz(YAuA)v zrz7y1QqUbBt=A5?56y$#!nmUr;|tdLc4Ve51~LM<4nRLxsh_`M0crSH^X8u)sdqW^ zvs|1@dP-HnPiFv9jWm`3zY_}G0k~ZFc*Pe4YROgCQUmEfeE>y^e%b?l{kjJ_0RZ#N zYQ;%+=S{j}L*`L``T)31@E^Bnjk~$b-C5PwduRCP_kp}+36SYcN+JRxibO5m4j;c) zkK~O+0Djm{AAm8j*2oPYnfrVS=<}L7qFv~6_N%6f3+(6jf3nWL(SA10zR~ta+8@vD z&yV5$W^A*4cMCQukesA04=TKkWyn_fJ0TzH_@D5&Rxs z?T1nSh;H{?j-MCReV1b&<=96#02=;J2+;oOxxaeuub%tJ?H>sFe(bp)d;YXS?8lz_ zvFCm^>OY;rv%%ssl_Pz{J^?HVPeZl&TSrX0e@Wt<5q`HgE%{uDgOb}*bXP|?U|cA<~E~r{Lp3>mcX2roTWtp&zuLlywUs~d8R@s`$kb0(%+($*>^GHI*u;@->e zSdyK;SUhvS9wOo{f>Rtui+{hk*-Tsk@l2OD!HK}U{0rGjxu$d-F+A@H#ct7Etnd`y zb_sI{3nTErwXn1}PkfsXR;|@k2yZZ}2yOC`ZT=<|ie%OjWhyVQtiE=70L9_viPc6D2ZPW8m#*5xKTQ*G{&L{U zj;9+XeKLh8f5^lkLXsDt_VE%>3Vi#wU0BY@+SBdciZPl-bH-DMG!FIN8GYmI#&l<* z=FPIC4r_=%OsU0f@FV^rS*25(0H|xEa#q{wA!KerSO7sF%NzT;Gyn5-XZC-ifA4Q} z>!vb&vjfYwVtzVSv*$<(-QG*w`p;4KPy^luX2p<{i2fv~zsK zP@5*Msp(FNYv1nsr-YpO-cStmmw%~wr-T-TDE5YapqoHtpq4$9@LQx*xFBY2wxBg4 zXnkoEk&r!ZXM_w)>9x1N!Wr=9p^Ftugr|Mhy7-5Amh}M_zt{IkTv!=G3q%TElLkND zOH}eiYsqL)IUTcQ-?bAp*fw)KRBfzuo??zwE;7XTD#75x5+(r+ZQ28k4g;EjK*_rm z=?L<$U9}Prhx;`frFW;p&EEGm+vfqzgeIDOS2CtHN-qVKCtm+>(5Grv`v_44|KT0b zZv>bFPkJOZt}d5+laE)%ExEFQ8m{Y^`{$EL&N&A?NnExFc(vaCD=m{e?F8 z@UST@rl1k!=T+2;tcWD)%)}Ykg?r!BD0`!q+VPgxPNaib-~gvNWDCoP*Tf{X0UEHG z&mbJ+Pn;}diD5TqxDt9ocj{){x_zk&r+;BpK;O(cYqPO+skbzb=oqUdRu?(|X?Hq$ z&KKX-2PRiXCp%M6#>jf8?zfbXuNQs)>1>?Wvs<2{r~j2?tj8z(^Q1cu2N=XB=Q2q^ zbxUu!iL@3hd^d){9}sRbeDRkf>F-9^{`-IZp1b5&8aqB-C(+f!qU6;K4yASk>Kl$CK{PFLFTUt7gHN_wO|Gt07a14*eh&KW9 zzM8ik&#p>=8NcQ2oIph5BG&d=AbXD_EbzO+16m zT%MR_o>_p)Iu$g{xJT=i_KUk&4)6tB5U8!GzH8wmo&NHWnx050<)MeWvMRa>Ml`7# zagC^wwqQWidUggC28ft30NNpq{DQ#_L?}amp|r80E85JeO~cKeg8iG7YV{T zn+ocA+7DJycab$s9Gnvc_CO{U-$!TEP$@#{8cq&XqD-0^=*3whYj)!kLzZjK@e!n; z6C^FLWgr2So&7Ck`7or5VH2%odOvfR_e#!ln`!H1|M>U_1dCZl|M}Xwr87pM0*SP~#sNO$tm0IK~V_A5?3^ zKTegW!o9xArmBtO1$;3DC>AJG;)E7%qIS@L(rX2NsEoy>v(k_Q`q>Lc!~mU_#)#JB zrapi&7f6Oo%^D5p^qfWSpZmZ5CjZB6t_%DcL|-wWhaYm6OTWw914&k50~EiZB>Ei7 z6eP2lJ>VW*YW!ikdq--}RHHxf!I`CbP1mvsVv z@Zx{hTK)sa`Jo-~-|^z#RX`U<^Yo09wj6Ff&YWJ`VHbn06p+Jg7jj-<9uY%hlW@a( zAXRDCL1~2S;%``k&etS%xOTP&KUytZ!73%FJNd1Lx89%_WrwLaqBYF4E7!&$qGU%TkKr-pV?B1${Yqe!vQ6 zhXdB#Xm5NH5WF}AK{uxq5f1@{u z@jcL~VXf(cQ3~=Ar!0J@Qa|w~rj=HUZRuu7pw4USz7rwc8j)5$t>0G0ILu#jo2Mh% zd)4HZB~t3-fle+Cut0DLL+B=$hIpx0ddYuy1u;mKn%UrV>a}(8%QOSYJ8CC9DjyvQ zUoV~&nD+6b>%DU&x_(K(S;*B*PG6sclCgo(Ra)k*h6*dTpdo3@37ymi3p4uKfTFP8 z{SxPOWU3RABc~co_jzapWM=@dqkT z`q#R%MT|7#+=O=Ftct>XM0GDr645hNHq{_Ls!MYM@13K;R^)Ij{_B;2RJPGDoy1&b zm$a442C_Z?u6a3o`+`Wyt8Y1RRN!c6V>g34u0lG+tWL; zX{#Rh=n5MypD#+OWBLT0PJx!pXJed^;qn8c5rLb{gR4@;CNjH1Nw?~%%L8bpmNCX% zLicGOJg$*{msD#Yl9UJprM``DX8DL1sBf)qEO=uA(hSrROhrG)0o)s#^>cSfF1gyw z9-&t;fdN}EHoM}NQWI>gUv+9@bY7>wPje8>WmU2~!SWiU@lB+wj)n-w8xxf9#$=|R z0M15Ri7R^IVs|_Z$|Wl=Je#N5Nfopi9Z#KpVaYw*I#s^5Qi7R9OUH%Pf$Y4_Ry-=O zBQw_qj4lpcbh#J)ZcLjJVqUu>bY#5h_87%m!4MW>cb=XC1SR>?6g||shryOt5O3z@ z=4O^*O7cbL=OvCjB^zlzF8IK8$Hf#4>l$7@MR-U&Pl_e;;{6&Svc1w1*O&B%kfq7d zSD%f{-X{037{huh{rw!n5)T|#wA-GYo@!BKn6+wBq@9TiSaDn~oj`D$uJGN_abz@) zL7!-LI!RG2sd^k6;u8KcT2Us1xPc!8e*LqgH{@e>+osG#KFY1~@593B`@RJ;8yR;z z4G3SgjFPgv*|7ffF)t0}F$JK71x6o;>LGlCcl+VS$sT@<*y{wX&BzvSyTi+UJ4dbB z2$6EUFX!U~Y7X@b+KPx=9(HwN{x)QK5@?jl85@_a#50&aQ4(yH$Z<`V!|8L(0|I!$!(q=;D7w>_}Q6KDb@^3aLE#;zC3f7H=B3gqJTUl9jOe{~R zu>7Nw=3nen8)qQf!jKqo(&53~8L%g@Q~U}ix^1H^l*6GtdGBl4{Y@+OAO9XU0^nu zx>k6(;6!7#JD)|w!N)+UR1ZW5uF(r&AzmDUoU(ghGG$XOT|M5(`t+X77egK$cVUY= z77do7tOlaj55e$mvu{LZte%u=gTFnvGj`i<=poS8((`zTs|M92w?lD|#gA#uG?bj~ zebeqQbX55MYGwcZJ>j3cjiOrU9*8d#i3gJd21~B~AN4(c6jJ}I-~aDZ9{(c9<}tj& z0aX2NW1-~csbk26Ixiwnz31yq9syHBEt3x5Q=5{Qp1nJ}4TbAa~u_{=#rA<_H!rdZo2SYKpQADrzf@lUJ3l|QKAHyv$@Nrp<JSzF(HIM2sn26@y5B7vFAK`VMOx@6et8*uu35$n_R z&KebF$LgO%F(RiEIB_``C@vc4=q!pazE|LKs-bjhJvVOme4!Xq;;>9u-`DCZrDEo0 zZqOSjyQxqZCLL-8e&yDm0u!SnGN*#JaU7~P1`n&wF;mekTgl*i{$UX_`E=(fZslKTNF?sHXH)sH7o{3kq_t z7L=h%P}9ZGO_u&W&{`5b5*wc__J~QL0*56fB$Hk!n4_IWy>TA&=uV5lD3MSR`yDpU zXRT3!{&KVq&cOoC&2633UnuMo3^w~`kj*0CP;g;pXq~{qhdJdLXuxjbTfhrTl+?;> zzaK0ep*__+d0nEj3nz05$ludOBc6)9maM`)ki-zV*CvjBJ;f z3_Jhni^1rwcGDCWTo@RLKy+940 zB|QM6Coxquc^ZEJqt?pH71s#i!<>EcFs+mM3ZE9_I6U1EQ+qXn_Gt2~#a&NIPCOTx zhLW0i{!#EVImm@NV3MeGPk_DK%$Sl8KthluYk^zZBmCqe8nO*qVBHwv`TWkaiJjt5 z>!SC?c1xg<=`PCF3m;!nM)Dm$s)A@m^pROHtvMLw8Aws~0vmfAZu01`LPGXRN~{O5 zhGRrVy~EJGNZ>BUlXb@&+e6mvoEG0*NCv>UV3Dm7Trd#GAn*x5AmfhO1En$diuF?> zfMx^@0>l$&C?lK$8$KK)WpeRmJe2umpJu0eKF`f%_pjDAtU(+C(+}eb6}Z~LG6rCf z7e_QJD%VTozj|nq^5IZnk&54P?}YmEE&(ObVO=?shC9bp)ugeRM8-9;dR#bi*%rF1 z;skp)c^WerJPSU$h+xKwrNC^ATGECL%KPZj3a|U~Xg`b*jBH<&OBY-__?hSj{EGTS z8oYEKQM3+Ulxq`@41(Wr3k_u&?rn2+&3b!feMo3rB1A*4^VPYk7++tI90BNb>`#gz zvl5XQwsiCx^DF(!Te0QQ1VO`q5&r6;nz5Ik)kAnv##uBtE}D2uPe*j3zCY$rsBOtC?9^7+7yDB7$j^&fOi`Vz9}N!JpB++o&1M$e9#hX#c&<0Ng)U!Nf6v{S~OeLyoBiQv`oKlaplJr8ubGj1aDaSTf8#2QhmVzS|6tS=sD3g!a9=#B11eVaN&5Q6P6lHTu(3; zF*Y?E&(h4{Dm@U-5u+*Okei!+J4fUogV~B(!uu^D0GYkCpXm9UwCR5G=D(f1VeRmU zCb`9t$^f|3t48@0Sj7%?d%rZZ3qBbLvzuWf##$x~8@dthYDN6kM+_av6@fPZMT64_r3(m3-N| z3Z+(%B`6_2)Nx{$r;e?OLj>?(O`3=31aBJCZDWVwlVYK?8FNf3e375j7dXO}3C&5| zz^sBm45FA2e0H+D2l3(5LA81ha~7GUQ9+!n(bxM=`gYB)TgB*ImI~)R_Q(om1RwyE zTiAe-bhrZm9ceb!3D#hfnzWAg8RzlqB%KzzA2K6!kI}JvAcj}z=}FmhoB@TT7Y)$0(myb^XL_o>{eS2{6IoO3w%RshuC6ATbxut|CfaG4k< zh<1Hj=QBNAG&kaIIcQutZ?j(iZjGfQcM)cnd?SpoopmQVg!mEffK8a0S~uiyAMieaBm)YnnHuRyL$m7g z$^j{0=HrvBmQnTQTvIrQox)uQpk#A~!$uyvOB#cl7k$_@`qyfu617^0@!^F**HGqX zpP8Ix`Pl953-wHTX*CxycAXZT zoO*RJ*n_K^>q`-gesbdmGPh zmlqMbhz&dz$uBbP2H zzW#{FJUi1<-$RA?XnLxTXqLASZ?Te}nq{)&{%D&~MS7fBiBt7n_-Cmstl*1xZ=tJlVe||G_ zCT>M=+Q}b9X!{EBY^8_J(tHKSwU)DEg5vBGL%fG`;ELEsL_spu zr`iYAKCLg}x1Mr_=|A#@NPs^pe4NE&|`=sYVU- z+Ob92g4}oQGp!>PtxCs7hlU*7j`1kzQS)eTI#C`QZQv;@7S*{N%5Cj;Br6pJx&S%~ z%6J)nDkVfXXvwt)kBuN7+5;tXqHan3@ZwJKL_A+XEbz=BBfN$iy^#!farESi`0ZwK zt~+Iker7_aClre799kOaUS2sWK`SIEdVRolHwq<+a)i+tXSO9hO+1e^Ez9vRZ#1BB zOELBEQ+qk4opGn#Bozs?z_^llcU*m5Ao^49p+{LfvZ07m>Der;4DiW2e!aZ zW#HJ7`>vGMp~(c+rd&G#$9s<@=o*ynPL~|IsB~1(U^b~Of*mda%uo@{@fL%%Q*=Z- z*LcUQ9?%p^++FF?8Ox@WV$FGnP5+XiI#+xHMtoY(x0Xp790CTzeUNV#Bj_}&N0+_g zC#mmtblN}Hm``z-ye&-O=rvRK3crTY*1}FL2MRVt9F-nQ*<}b^c68+^IF`5EXComT z=vAz$Z-dqkexkzH?#y1ckX}DPDn!V5Buuw8dDAF>in?YQnC;l&A>nk9xg$}kQ~aLx zm+ar|m@9Isfm_LENtLCR*kfoAVUXgO;lU9alPm-v5#sy_Tx`%U7?P1DP zT*i-Z!T23)W<9c0(3i|i6z*S^cE?^1Rfse+%^x7RNH+?se}p_dR2imuQdqY=>;UC( zAp8!VngH=|pKT(u;ghg!Ge`4esC6h zT9vOKCu`C9(f62|t`or5+f1;nw*4@L6^y3I_;h|?Rtui*++yt#d; z%Xv&a3M@N6N^{Yp#jAqIVocVEdkkGp{s#0~)AGK7m>hN=Rhepl9b0r3D^JKEUh1E( zseZl^a{N=S|C@*-2UWXzEFdpb7GL%hL)aJgKuo1QG|F~ZE4}`$2u7N8$qAbW3Et+6 zP807^&%E|ueE1<3`V1n2oq7!6ney;M7x+6Wn9Ur+Hd$rXr^gs6f9!i#+}_(tEy8OU zOfg4UyoKPyhfc$2@mH7HyjE+>?a)gSbfXcki;eTYGCt;zb-cICa^_1c-+}lY5nMBV zVFpS=Jc)^YkBKlX>(7Hf%p0+3YOWXfWORE%MWD|4yv41;YioQfDsZ#H&Umdth5pt$ zX;LkO7JpVdY*GP*L6oG~^iWn81d1i!kEOLqQ*YN8lD;@lNf|6ayB+xQ0PAL4D{R#6 zGTt1crjF0cFw}TAi7%%;g_(?hTw`LgDB+38S>7o>1MjJbew?!*Ib4q_V{bqPk`Lnf zvprHUX_)-voHU{PBaRLZcP<|7dLiMRvPKIaZjUs_Q3{-56Bo+OlD)bT9GBIk+XR+ z9#Tn^i~75It;xxYYz4dpyr~NQ18n!XC=CxUs(;W`Rbt&%3x`@4_)SvbJrIJ6ru-!} zy#m3f%4C?;9x9@rXWgm@x^Na~=hr@K{lVca6U3BMO;lodhBDX2Un|YgtQ0Mi+cdd) zVRe?VhxPr(5Oc}5qQ~AWwO*&8$P;?6{}|}pr$1Z=C7vcFz#V3xL7ceY+@)R1*Jn#@ zTnUoTl@DJrDN$WaQT-s8aZW7+YO_P;LUbn5;fo54=*?RYqJ5?9n=6n>$sErdm@&=6 zVu=1JzLG;P~9Wzggmlb>lL7|6sL;C*i6DwEzN&Bmv3q~#~>Q3~~kA#vCw+^d>U zocbOp;3-~7Qb~I4GkwLFnPC{c*r@Ti%E|lL9%EkIOp=l`$E6ohY!Es4*-wzeOR!@W z!%_s&>239-<%1l3%E(h6Rqh1{(8t!FFWS`|j9NS()`( z=9I*A%A)c{PZ3|wY^QoK#VUv!*(gLrjztzweD^GoAF@1@$u)~pyAP|fy^@n`01?xd zzc6gz1i~da>i|S#!Arjc&Ex*H2_l1e(KqGcax>ua3C-Zkfg$q}hod-r4Q` za5#QPyy=xagqNt;-xgeV+T-Q%O%t~BG5*(;YHRr-&Wwt(oeEhS_0%(P8^#Y3pupV6 z=C~QbY9pW5_7wgQJ)+PBZmx#gZcB(?Opcd1Q^B@UIWKcpj_+75I&QiGSVdCdr)vg@ z2JaT*AYxclP@1GI`P6`p?!4Qqy+mtz>|u5a#%%t_G^1H;?q;ObCE zpwn-6Rg(z{h#}Nbq;15}OEY7-u_IfDp5EOYvSyO$23bfl7eDVDOaF5z@BvyocTod;iTTovRR)Vzja4}B2XrA4j z*%4xVZzXdws_Nk6JV%f_#hj>rN6-}bliQoQ#8jK3$(cPogLxnAM9(+QsLzGB>h%u9 zSlo3!eBor>eNsB|zV=g88C8rEdwAY_|5nW*Ve@>OF{WLX50IO2`i5^soy{LM2qa(D zDCjnZ;!ioXqG&y&p*lcC&E8pTQ zu4gX$5hRgK!bF(?GSDinQ3J>}sNtSfK}v8vg-EL%gj-n|DrSz9^3@&EQ{#?(^LeaQ zd(bs)bu}QON&FddJr;HVIjqI72fCsG%b(&EJzJ*zWQtL$Q$TXu1b@@mmqjP4Pt!s& zi((+^5PWvF;PZR94Z+X@iAw>-OZ^DILQ7zBg)aBVcFU-L0LW-aTdjm`E0U%;&qmw$ z(}NP8Q~*W;4ufITk~lrQ$;SYCEX2D#b*SGUP+wEcp}5mdtopL4^o2=Abkj=rMCWTq z4iYOVyH0uu$gfN_yuUe<@dRCly=dbyrsiV1tvYDtJJ)RLX%V7}7Px=tlIig`_2SS& z#Jj+QeI0MroG6pjilnMF7xd+?t+Wf4suH7bW-C^AZtcFE?mrWDe_Q>>9iGdeSnCTX;Iv`@ovK{T3!rKCz!y?gnt`KgYsarV2U z7f>7RqvU=ht!S;4<7KhQpERo3jHIoV z#@uX)Lmub-gm?6joTph?ZSNY0I>FdeIsZmNYZ68Szlmben28wK zp1GbnJwYJWXr{+%@J+fDi;Q{ROX%PMxw+SKy@`-x_{1P@`+qAp_ zD&@YQIMFY{SY=-IKIW-m{nrk}8=+Ds?|^h5iZV^eZ%ZZW4xKV&SFNn-b$Dyp6TAK3 z)YwPn!u!u|S8Sh%Ry>3lHAsSs<4vZKeuyLeWH3>o-@I?rLGF6{Kx~u-S6r+iLzh6l zr=@vx|6>rZ-%Y_s556l1hXI&0X#a2D2LE5ifXEB1;O>$*!HyVPT|K9uL9XunPBlN3 zXHB$zwQL4>i$nKV*L#|wpG$Do_~aQ5qQMO6P`#U76qd1MDUTI~(SZ$X0Z1xWHOzLCIK${S8Qn_Hr(9|AkM2C~*A`Lei=p&CyYi&I zKA&A3NGKfy+=wWm)u&o9-ZwJ?@iSjcjV4S~*x$HuwVWrtvSizFjch`!Q5Id8=<=aa z0l~Ag5Y0)&KC0N6nU z3!J;xP5UTZ{u6)SW|yOTC92#zG_?I|WOS!P+A>=9G1}Ni-~-Nu zhqU`q-;gdW>f>4XNVKN_4M+KX|52I(4eVr&1K}c^D|Qy`^mw%l@5)+H(O-N1Z3|zN zO1zulksY1u(|nI&##7n&R^aq5`DMNhOir%mi`T_hseQS7XNt5a#f&CfX^ppFh@VURDq>%gri>w!;^ z_rN1@4G=!R=22O{)F@n^l32x9{%V1l|G=E#y+nhs7`|hMxBc4Z>k3jr94ab#4KO{^ zagA$!1-TlSF{RKe4hYw(0Xi3L**5~-9p>FpS|N4j4p&C~9@giO86hOA)0>&rw#Wr@KVN8O$Sp z{s@D|(N2#%A1W@5MMu7Tx-Q@P`NHHoE}o@9H>f{?VhC{(P}*VL5)<#n>OZj)i+zK{ z1rN7Zyt!}4{K1ftq4L_SI2U6g0|l?23in3_2tE{3QjcVF?SiV}pJX6yM;5%o7;>1`ZDoPa!v=iYEhki2CFs&!%l9-q(h^d3&C3W1c<9ZnJ%Pq9U2;Ze$Im-=%lpxrOH+&^Zn=iab(F;lsxgj;9>U75~a^!`^v7!?}4|V8g_OMP_mu9+!e> zf)%emDaZ_3u4Sf+ljsl(5y`2kNx1dk5yPgZrN>JvyosSt&H|DVZ`DLT`$=3u47j%` z-9G8V*Vttq9p)A0zc5{3f9y!4Z`#4be4G<00b}C~AWX$F3ZvYRNQ(tG^#GiY6{6xy z@zI?7!`sE84XPjm&ySJQ4_{aahDARyO*fl{9=4f0?1!%9ye|%1wVdmV{(RXxjrO`w zq08il?vd{FnV$E&qfH!GOrET(MiOYro$-P}_pqmud{e!HPH)Tv%&f1@^a^yVt)6<7 zYC)Y+T^w=!kT;+~4h`g`#RCvW5~T;>I(eY??4)4)aCiKa%cU9hZh|NOa|bu-0FH0Y zB9$r6EU9kApN=~lFv%6gz0hNAf9>K}f^(vw*2vWMg>IKAxm<=o6oUc}P>Sh}pvJHz zk>XNrOLaNfebstc*u$?WxF+Z+aPiIO^)`dtvb? z*(QEKU;C%Gp%qf79RPZICX3ho5@$BS`A_~q=fl|sS34a;=vX|AxDAv^aS?^cNys%5Ovq^fkFMhi)N zh-!>j=@KUcv+ry;nZ;SN&}9GgfA{PB2aL}K|B>N*dlC%rCsj~H07X%@9mz^+?lcCF z?Hk{VYk%)gL=ogiRt+~MPkfhvXi9gH_^D($cykjL8O0VNl-v5Z&-L$;5dTUCl7Fev zYG2jmZ;Iajt{86r{l6{}{C{JYn*u74?uG4AyFwJFN)s&QK10uFFNZpbc)GMw>bx>)Xlg<>YB%)~}l!(-66r9N-bQsc~@3ZyUQ_weuAGgp*?g zzxC8#H+fz{`g7&?jzXP5AZ+`zkv(nFU5LGXs zU#tgFD`R^gmEmjh23K~y#M?j60)jv0e|`Y}c>TMW=kR|X9W$lCwzXC7fdbDeNKfy9 zXl-TUd6Q@CLX%`~zh^Av^a+1@&-hi)i=gd8W);W|Pj05epzTGGuSrk6lEMYCXHzX? z!vKOe7=O!1;JNM4ifx5V#aO*epPGH!nGbPvlaG&XZA$;k6XBmH#{Jj(4#)qzF>q%) zWNQmk_rxu~7HZ8l30vK^pO{zA-Y)#yy1bcu;8U-uELuDC6FwDI_9ZQK_;P7&~J6!@`cDIm?k$CYv&}9aHK$1txY7f+!bKSmx01)?t6{-Taq3ib|h-Z8JV4D!U z`5uUx4M}v5z?&pdp}zTG+Q>&mfdj1o*7uuz*bSd&&)_Y#Fu;jF{Pqk zJV%3eWNAQfit;Qnuucw}9*n{~i*tEomrE6%9>7p~#wSrjN0}KMFG)P+?k_ifV0S&f zBR`#+O8+=tm@hpD?uHq_8<>)ko!}ankVzr9hy!}CbkI@st_<$HExpW_D>t$-lz98p zc@BKLuKjt7MMBAesmX~`g_AU(awPQ|HLDniHAyirNkkKu5VUPRry-M7-$ucjtOBw? zS|I!9rbwhc(30+g_K9a6U)-ZR-puN|#EzaD*v`A!(TAGbAlJ>2UmVE!3(`7jdTd$&eqS7%}C*KK(-_ZIStIj z{6kQ*2N9Sb-wuC#&WD$p%1s?VoM(WmAV- z@)f+v4pdE2#O(y)WPo`Hasm)KY9mGreh#+ojnI9Y)RCmqM9zS2tF32?5RP8t#|Tye zSZMSAyp{gX-WN;+@d;W=-_~RoR4anMoswW2e?p=Edd*B(@J8vO_6dG-1xzZXU*g$g z&hBbQEneNI|Kt&-Txu{w;9ravStm4s%OYCnMf9G{Hs5T>`^?VkRx{S(h`zYvbma7L zchTcsAtXV}Dk=k?dASJ77I7k~=f)F3|DYy^hrNM-coa{Nw4P80S0X~Q*+Ze{mDy_i zgd$JP7P0G{P(cDhn%r;7jOUs`(c!h5ja2ip$MG4oBciI&psJX!rF!cteLM}5#=$)1 zVGMCD^eqMgmeF4PlaQ#CI&cxGs`g|xAaVCpL2DYuVU3V_+(deV4&FqcPR$W(lFTmE z^U1W$_N0Ar>1~WvLt6%%os?b*4NW{VMCM(Da1YgT%&brys;%rT`%HQBgXPC8!JzDm z&(FUVcnonnbDMkcf`+X~>cUl#86P{`V6U<9Fc3ok8VU?VlUb5%lPr_b;%IB&eSxA7 zYlbylL9th_n&@FZpH}{KXEGfroya(gd{%b`Pm?}2o>7Fhb5As`I^q-mrP)j)O7xrqR-xgx z1jlIe17YW)@m3U`|^YeeFZ@X_~L<1}!c&^@dMlnr-B6eA%J<2)e6r&;4E8j?KEd zf!buLK^K%0WecSsGN3SS88v3vw!I!hA`4OrQZHlYCi3|GXT$l&^916w6&^OShj(qT zn%Y(nrO1(Q;b#XC!hpsG;0Ft)oBAh-jw4zBe})L zM8iQi5*=#%46Wi>(8>^84QuEL*qv&AZ`(Js+o>EPY*A4*diuHMnac;)&eU=okW)P5 z36xBZ25RG@v$TE8r+XM}AV>VPss?((r0v{F`qDx^QShsFKa#r7q=y#};dy&dS;ygy z!8adG6*#Nl$^!apzXdkq4Q9BFz3zaoId|fji0e9*I=54=z3ZlVD#2G|!H2oz6#G7N zre{SKLqH2YCGyO6-MV87;l;jLNiR#^idwt9vUcKpdgqCzQpAmkvRhT(sB9{MOfgth z2gYL!EKh@x~30F0Rlp`$vZ9%H2&y+@n3aQk7pZ zQ?YVBg(#1GUjcZrNAc#S*q$&)QDkXaUn$o^@e%uNd#3TLbNbSj)8_7yvJT@3as2On zzxJ~j_`~@~Zxwg|o?8558PEH*04D`;h1f~HzOrvaeH)q{164KyMYJ3$_qd-+T*g;PMcF|(hu3m*S5}vg6z4vAw<>tInI|&W;r*qv3|uaerb>b< zW7CSvh83mw!09!1y!h2Yhm7jpG86M_=Nhtdg<$s9VSO|LTvu!@LVkjN)(pc`9reS43~682;qbFxzvst`)DW3|HIyUKsD9w zd845SNL6|d2na}1dQGsR?c#P{jae(T=-)W~Nd7lde9!KXsO z@Y>HnMv|Sx`zU1DcZSl3Wlrjebaw&`WaBRtW9#lVxQdL`wxcHJ+F)!DNe8lMRBN*+ zK{6(%yr!|T@|$Pc(zZ#bkvUbEUJR9+5FWIefk^(34beUn?}pEFoY)(MsIK+*welRnpvUmzanV)oh}lgIqimU)($ zWIJG#AN+?8_zOLAp~38~{$C&lz`OIE8+89CAQjpfpW-4wTcL+iHl~!uU!Ya(>irIT z`<}=apopdSd&Vhv<=;+7U;i7>-p{lkhaCUB3P?Qp!#BIHS>+d~ho7)biR14&PVTjA z29DOlgJ+|}9;qECciayB_t!g=U=}U^2#VP(K!Fc=ky9v=&+6_?J$P5)U&jc@U*G0%VYfu z-YZ&IeuT_IpuaY*!p5Ll`PQhw2sFCe%Mn;?HIpvhxpaN0#;;3Pv3H9;OQ77$F6s!KU+@#sVqFtwe7YkIx4+m`5Xe`iCk z{Z}>KMY}D-*ym*+dT$LK&L?)n)6j4)&uWi3diX-SutM);u0DuJV{lA~z1qC2SqDeg z52tYN%Ma$s@0*{X)0?@hJOIbe4jd-V;7TL@I3}cE$}KI~{ZvTWk0Zk`O4E(vX#xSB z7CPpU8qD+~${;iDn=K+{qkL6U0x`_PSNNv*G;|_$T&aKT9^=XDN>_h@(lJLz=|{IP zz|pGYVF3nu;N>)(ht|DC=Ins_2$EOLe| z8o43h57fveG0GoyYjJAi=-*R~kDlYlaqi?HG$23YMb3Q$WQ)kxM<~!QP=h(pI<5ds zNGK#^5&@KLD!sufqQVeN+Ee`;1Y* zcz~JR>n%G@lJ$H9GFjZ20&6q*O!f)l3c|tXCwPNd(oXz0)NbZs-XM5GC=It(qww{A^LB z^Nk6$UCK#vZTfSwrW%V32KPRlX}VsGwl}dBR%7(ezgCvFKA!Q&ebUoouCzfu48}xu zie1gf&+4wpXokd1Bo=Z<& z<;h0$>^o!P+q|{&lJBJ=oRVh6Jl8&Hk89f})wuLDt5;T~A2ZV9aX$cN|Z=a5wDr;Nm8X4KT0>j^wThk;rw3nH|wYoz%C(oAbVUz|#<)%dE^qH^R?8rlJ? zREXBTtB|N-N;}n4IBiF%z$w?&C4TjY-6Ec#yj%j(35%(WR#XMfc)r26c*eLefA4f zRcRnOLDnd?bLC%+FjjJ_uac)ZFZePdP5&n4fOnZ|Cp6;3_~$uV#2L!RJyIaaD_Yy2 zY>tTTHtW|Zh#fMh4Os9o9O8VAtRXukqsGC}NY+L^f^BPHHXY$OL&ct*^3H8DzT&g> z+hphX7!mlAnGn^Xm6MZT_{DyLSF1vlg9h<2im~x#uEcVLW8~1Rj<$(1)tPdsJGayL z*qy&G6?S_Y@@mjNy-=89^wgjOe4@JFaUQy1REBsosysT{Xn?b5A|!0E3OKhPHLeRa z7{%AVTzr-9tttILcyAFbwArlgK36fi-L4RWj57>t5#bb z3kYmz6;3?6`@~#Q;&ukb!HW_8(3FXdw*UQ9|J%6J@3SCI>{Hbloo7x}KrWwcsioK8 z`pFfw0VbVW9iBDe30rvK&?e3zcyKV3XQVKGy`Vq zHeQiKN&MlOe?~F+MXE$MjaJ14*j;0MAhvxnJ-j+bIevz$U7I%EW)|{(J|vRwopGRj zj(z2Qsc*jLpT|21rkGmeFeiy#UBbdm_=32q6%~82n@L~ltLp5(b=T3ld^)Fl?sIqv z740b&d4IpwN$?w(Kqwd4aAbFYc@@kLD2DsRHh7KzNpr$Ue13_Uo%?C_L0*SRDx~ZBrp5k&DdnAt43lkKjC1%mgofjpsrD`FGpx=h!lju~dpccH&4%U^ z6sAzeCdN2=%42I_Z0q0jnDrfQkq9GcpaiT}aeD}*dEz#%+;pY{s%^9fDkT}cARU+U2v zC?SLu{vZ+|R|{Qxt&YRc7xFKphZO)ki+TU0WTP3+|;e&~F!O_Hxj+e9!BNsV;u zmVaR^*n9yW{}A2nBvb1)@W3bO>QVFfK0D=Qsfs}VRVYpCkA0cw3_b-f2ZoL>oX

zP!CM16FYU8UFa0^sC6P2=Dk{{O4(YP1yEOJ3gFcH12^#-P>*`>y?UU-ObVPm%ceT8 z)n{)@4EwO3yaGJ-(5dpKg-E;nF>fT*p*dR&l(hr_Bk8$2h!FV* zHxXO}7n5(LZ^w3vO2&>Rf0`aTaEO~l2r&o0M)Vh-+SJ#|T*n9jruMM*UK9DQ&ZEHn z7yR-cJWH+6C}m+2%3B}ix=6!bPu4jZ_9*S51>q2a_S}p=e2`}{>=FyWqV5yj@F?sYU^I(jMyL*M?&@gdDH%RbPch09 z6IjZy2y%Yl%~W{`L=zTE(6QVXp``Djxr}iDyhW?)1G)@7m55sOFHuH!mK&suq# z-ex%U^QDG{V9qX+(oc$Vi2mF@JyF9M-8!qc+%CiCxw-71m(ahtF7hC(&dEZa6(qGF zXgL9^*(|LdJ@~w`bkaEi& z{=B>&a%udmG{*Og*Hr2bWKn12+a}i*H^iD!3uW{v!YcgTH^jRPaLaXK!O{NDBHuPTnKf%3sB`? zT|br_Zk|G7jfV?YIf91u_C0c_)2BFcdOm|?!_p@U;XkpGZJ3zxS@1}sf389CG|`6Q zuOl&QokP+YQvCQp@61Wg7iMO<-4lGbuH1iF#sW?S^OVSA9Ethc*z=IGw8UXJB3Yitg#5oEUpk!{i?s3YGRU zVv+4;BFV=3&+@{OYvPMa6{5kcjT{8iHXaBIF)Xj8WaU85#yF@}nib{0kj&U4Pux8k?CP6Spe#mNi z;9RbvKGPFu&^qioQJ(>J%y?pX7}Ms2b|Dn;m@0VN0y%0ZNQb)5#Ljt zehu#)^1k;*^{Cudesfa_PAgNVQ_#?5W~prJ-ay)-wEw+gg9dA|I^H=dX^$;dH6t(` z7h={br?^ELcy*Ze{G(IS7e!u6=C@n7nS(O~M@z!QfTF@e+Utc{N}aYU0=f_kqq6f5 zrt^?vGjAFe9eJ05)9T?5mKwqisbr1TZqo-0mB(*)_^BdU5ym{5I{2-1TvwNnLVNak z{H|ugSo*um*cCrg-Nx4DV(h$f+VH7jbL;dz`iPLH+x#Rb4hf6`pnM2OGcWOF&gD`o z1F39@Y#@x%l#No19gtF>Xu1=*is2A|M<=YxczCD(p?5ES=@xG=q1dd(Ge!&FRr@I>*yBDpW2 z``G|T0DAIp)Km23*y`Yt&Dte~EmkQShyQBxynmk0|K~^(R;9nI5Dd*lzpZ^j)-6`F zyeVjuMG-3|gkP)FLa1;$=p{OO8^RdgCHtkTGIp$|*#MN_i6JD6* zSr`cmDA4}2`Q;6FqzoykX*uapK9|>q+T71=1qvQew*6^y$6JT6X+gr)?VM6dB z8)wV*zpse<2c8uG)N0n;ze~>lDTX$iB5@qB;_~Ri?8|z9j|}7-h(Ko`4*LwS7pB^!ZUybJU^$jz<-AgXgg`0XEe(;V&fV0TJmkL414v(z)! z?S01mlY%~Pr~CRQ7>ntQw5jaW+F&uEU}EW86C9GM1780iu=4w5m1&4!{SE`2YmnBv zd)_79j~GNw>3Q&TNtlcp&sdo3Hca%7g=gf=HSQS?`wkZ7#C8w<=BNGRRoq;QNOrH# zbFTI8v?18A7(rqIZgZexj&G%{&0?(n{5QWDjV-ZHb;&j`jrT8eByKyuI-$Lzz96?7 z;hRApuPuSgRmV5i7I@H2-F;(a-{HUH^>ya>mg>yZb)|9op?XcwxwGN)_XhYc=osBF zG1dcJ+_&{QTtppo7xNo3%8%-U>Ysz4jAJFGGRH9J`W9?em%r+tI*R`>^kLs@K-QgX z31C@h4SZtdG<|PyTpAjV za-e~Nf&om<@Zz6`ZT}_Tb3MhGa>4^!CU0jf$EpZ~D7K#ADyZ|0`?PyA+d5JGW=b&Q z&`asji~#Jz4hXkkq!Y38>R_HGZ7)o>mjafh}}H;e_xN@ae5 z0-zA}_W0lvJt`aK-x7Pv;peh@`L5nxYRY>9n;uep7nAFty?Z~e;XP`R^QMFU0w&f0 zaONz6!>$sPE4!d^dvHIK^OsM*P+9y1^40+RgjnHal4UZpkdL)ftueb zz;P{5=1mjj4`gSi?gzSiOmj5>A)U4fVcR6=VZuw>Lsl}CNQtI@jkL9@kcE~@#n4c&r z#4UV!d)zM&$7(ZgT970@vK$go6q9q|L{p8r_cO|#&?|4Z2{!$lMn|k=r+zlCUJ9D^b}irkM*LkTBnn1#6p} zwlpn<$7;Py6q0^t=4cuHPNDIMh7)N{9>;*T%=rv-mj9B7^%EI~+A;P2BX4>r`ooY+ z|FJx>N9SLJ5?9X@C$5+}0$}wsd=K*2j3uJ5VDbw&$>Uk%Znh2SURl{< z+Z}-SdTru=N*Z^$- z+W~%YwLq%M@IVqd9=bU|`Luf^1$^}*jNxklX=%)3>bn_JFnrS588D^sc`Mu3=S^Km zn*ygU0OAr|xgj#YW1B**eX1OjefU70*~KHeEY}s~*3#zb_%yNl#?41pgE`dXEqm*B z1S{5&)$eP@#`=Bp$>5-KwYAS-V<1KV9ev@{S!$bp z@`dS6h8rgjKhdV#%p);2^%1^uB=E}Iv}v7EA&;+1ju$_+w(0He8Ij;K&up^H+pb6U zK8*2OIcR7C?gE;2|I+i_{5)l+x;5{d*#u1k}j6y;hz~5~Q zweElVYOw9}L*0Ph=j-iF$vK&Rz(g__Tad5^+r)6Ka8D*2q|RS-2{d7NPi2ydmsl718n-|bxgz&GF*^G^w%XO>q`;(PRxmy%w64Slb5pZTNh!Uj5)wx-zafAe^8@s6 zEIORsU^|DuK(I%@KvzMdIsZNJ1gvBo%Cm)#^OZ@^YTMuM@u2hJOZmZ>ZR9hP3BMF_ijjgq1Dpf5r0?0w zxavO01-##23ywk5HaIRg@;l3-bk;Ljh-?6 z{tMLc7@g3}3i!8XEL7DVa1ZHeqYsumtn;4sd09Ny=gnRmUsiYqy|*2A^tFEvk2hY8)#KOQvFJTz!qQC&yLgbI6M={pvLiIN(3j6h#W)r z4-a9CJr?ICyRfKs1wl8+Ndl~OT`R=0U6_hsk{+EiROVvrjESAo!dg4E%B0qAD<(92 z4D_Tw+{vs;8gl4*jR+dr4h5}YXvkhzilb#}TeARxjVx9_IXlEf8J9;@c)HjUOkA0YvAjy8Cf@DLVq_N_UHt*QFerH24To&alWF}Qr+)~* zYq>(=n!*-T@|;T1Z&A-ln3#+Kvcf+V4-QC$6a5)TD4o(oIX8h6Tq71F=XQVicj+O2SC^u)dPboo)84ne77BbEA zM6#J=vKFgLjhg(`FGFHE75F?g%BJdc7?fd?#<-UU8z%EvkGgIG4y+4u zkD;{IYqes&vOlK>*zHv{ztj*wc27wIZ^Ge_aZ0?lW@>D01iF1A@BwUb-zym1k- z)wHNLFmL@dvbS{rl&EiZc*wS`nzT`d}OnQ1_JC>ignAnN`LPf-Lj6!W7CdL2y=qkLV6^|nT;8aGRF@@>>?S_(T#eAtLbvW z=s;#ON+Q$UM;FD!bL&K+W{s(DGp-|D2S8+-C>**CnTTQ7mD08kp8vFGEVIe#F;OB> z_w;7e7dFA6Fkb1pUf(yHtsmuLq1@V3gp6Sv&oiXk+_OoprtR3xsuP1`gLzW#r@JJR z7mL%p3ylLWmu{daLp zHO-mVMm86Iilj`M@wk7nzfq<^Rm-i#NC;&k!f@au7#O1F8hVZ}7qdHXk{IkzW93&0 zz8MVD#KBPl(@`?aS6^GbIN{>iB@ncSWP~d%q;~>J$ZQ^BIU%T`6v%!&BboyUo^k-xr=J{a{$(Q|d&rd1cU5LCa3%Na%!X?Q4u=uSK z9ZYc)D0Xgt@47td5X-|rP zF*Tn>Xg33C?Xtv%PM-AUv%|Yd9208?JeD>gO9=}bDf&U1*k@mZPFB@GcAnf$JurQ? zS9;%T3e}~_Iewt5UI)Rz*irP4qBHtpgyC0DT=C{G_ zlg@7x-5*sq^<71uO4)&=E8XppCvSoFxK@C;oMZmbL1U7|I#M81VO3RCRdens*d)Sl z{Zm2h@DHAvewOIIY($x8M1G2w>=pZ0(kn8KSktEv6@(D+U?D_Rf$?G)oE`^`kw;uX z=&|O~Dz19@3N&=d<>IW7LFIIVAnuNjKBSze$Adb1?eqvbdi3QwDb zgIXi_d;JOQ@Z{Ex87Z&sHD^PfPsB;#fGvrn>%mFk7>Ul<&bVecPyIOOG+*XzD41Fws+){=h*}s32e>)G@B^H}CI>D-0ax~c35K2k z-;BEUZEH?Z&rPVxqA!8j#odtGr1a^>#DXz0l2D6NXrG%Xz@{fvQEW^UI>wLB4_AHo z(Cc!(q*irjMpszRq_{^dU9iF+;aSRsCo;oiC127#po6{!rrSkDJT{G&{O0*J{T;DM z#lzNCzbfWhK*jWTW75#z+Z(-2OeeY|e>_}XP;2!{XjUik0hZr3Ip2w?osTVJt2}M( zQcZVc`g( z9@Z6HEYmAlGYNG0U~At~aoYoNPDIwbP_eLJsqKW1!loo1F!2Rwf1#&40za&eEp%e0 z`X77xYur`Ee4j)(SXGD}>paUu23KzX%&y+WY$oC7I#FDqj00E&Dz~}GjLNl1=Py%- z_^BTr!)xcs@KWF(Ku&{n0t$e^erm=8l^HFpb+R; zeCc_mp7N&zYc5+2aq{Pg2dC~UO>Tdh)Bw!ERo`J1CTsWo@v5oC?$Gb2SB1r@GWg0C zQ#U=F^DEj9G#;3WoD&ER4@As(MBy>dR4`NYU2~@pw{Y9M@TXVsfltYogRoGxRbjzq zPaOw)s9V~8099ib@&cct`d7%>{Lw%Rf{CEiiK^oHoD`=95!Ccd49i>h#2F@RRux=r z7^zy|w_P;kU*J$nZ{~Df@cCROq%B9%JqBbMrx6|@`1BTUgdyHCNyWPHl5F~|r$!A! z{vMdU`6^PHp_7QCJN})%rQ59J6p|im9E|1y!k`kDnWsZn7*G^O_ap;d$c;R527Iw(}buX!}lZnh;tEe5`@U!2MOmntFJ5Uob61F*A$e=$dpihc7x0l%YaBVQ&4 zVZCC7x$E&saiw}4S)Zp9KUtUlxDjB&G{2Fo)Uu*~@q`gQ7|Rx=jl?R@7eqnMc&Hvx zHY3`fe_uNl#omAC-4(h8c+Z7_`K{I|(OAgLv!RLS7JU;Taiyy@<%+3gES ztxr^cgP{NX|DW+4ENcUJ`k6BHFOY*T5EMq&tcWfNm4U~Z;FH<_xGLA$#h69LsG*_G zbv#)1d}rUH)FSqxx?uL`As|O!X(2(8gJ!<~=GBRx$cPX+(=;4Gc}Z4BO&q1?yUWVf zc_a5y&Ij?bqa(2WP1u=Vpf>N&fw^5y0LyPd06Y+~8vO=fEpgEpNY&!$Kjzv%emG1g z6Vs=Efx1a-n-9QbGAw9slxs)fFI#dV|FWke%xmO8OvnKFDan=|ATROEhWP6t0NCg+ z=Lp76gDVdxClmmO6&S!RIY$40{lvk5YZo~l1BN*R9S5lYH>b+^r!$3Ce?Y4abv^8&+e`-9(!vyuq;{<_U7c@*8G1@m%h|yLQhRcr-91B%r&|CIY|6 zwqxLTIhAAzAaI>Jx;e3gfg~`uXEPI79Ye_dTpQ?4n4GY^ASzLxsYR0~8F%UOj;?8t`-6K8Ehw65J| zbgrsn;=H~wbvg3q;)$1Wq6rlk#TuQpH%itj{N{I67o=s>(DJMHGEH-y!UYMY(bCFG zW^Zy*V*`z^duEP)_dGy30hF4b2F;vN`EsIf*?#>a%@g5s?FzA)wULd+@8LWx*}_N; zc#>I73Tb1`-B?|2V?ly>=nFQI2~S7o9rTq7w12g0q)`h?xql_oYFKtVFCie;ZmLV^ z+}>yTys(U)=m-qwLqv#A*^13pltL8ZBDM${b@OA2bDbU!V?Re;H| zVkSYx8n0h~onr%HHVOdgXpBUIu?Mu);BG`^w6RQ3idX^TV|I+){0-V{8lrJ7oTt56 zf*^$c?i})X*WNZSz>TUr{_HTj`u#8Ei}ND;XlpcJ*AN2{frp_D614$nmEqMBy?sYY z5ncX%3JE|@3(a@-?}i@C&U9UNh|>k2Xx$Tk29ieqNr3qqj`C+r<-hxTINPT6FVNX< z1moilIRJt;azZcO$CPgOw6HooWKhx2& z7YOv8YqJl=xwIUXG%9dRuhq-#@^@5MIVxViVi&OVeK8d6)kpygg0Soa;9G*FN1F^y1?I)-k1*d9K$8Ikhn$S&q7T!pjs~tXf+Do!hVTcv-WygmGleGd z)g*HSJE3X8Jrx0NBB&*OKOO?c25E^G(FS_YRP_ z1-`1AfnG)VC0^&OUq5O05)sAEr}8ZnZ6>dcEgx7~bknRIDepU>Ac)Mgla zyn53IDyZ%V;ONxF-W4Mxi z!)vBcj3!Y1vqLTp_N-BcAb|4%DwrtV*_FwJ#H^q|HL_u2N1eBZyL3KR^mT=-ALVQ-k;0A_Yt?)NN6nyrot0=*Aczxr(3aNeM^*z_Q! z{Q_m)QVt=>H%@zzu4R@FYr6=KmRs9clADp^)0m+rDz5*W-2RW5+~dK2*R>+;=Bi!D znFbvSB+lw2ibM(~IfGK!x_zKIhl3@r&WHXcxQD(C063-pGBN{R!IS+_WcUVQ9( zq5v;U6r`(vh@yRRebkO!z?){vooq~L)aEF2MG8D@g!wZ^851O`OVZML`|cTAiPfeF z?lL!9J<<{6uXj@`I)X+7slr|_m$&_pRxhlRYRZ@JkeoAa@UN-2)8-(-5uSs4-M@F^ zi8GPyhJ16ADB-SP=vnSbn^oWcD8v*coP%*fh~Y{Fx`cU$we7Ko*Cqo>J%vUa&QDH> z^G&wBQGD}(6)+y`>+|W6jpMv(KOJFyGo>95qA5Cyd6)FPvZa3DNhm$hv~^Y_;oXR5 zsdxsC4?>t7;?~=$k&7Cwc%~#QXejoezeme{^r3{fQ{=$ z879*q>eF~E*@L(~510*3>O?F@i#Cn=o47ApyB?i=dFsVPN6Nf)$vC2F@#RBi!+2=~x&Ckz@~L*S-v|0c6ryvL#nq)hFHZ?j*}5CYI-H-Itn^ zT7U)-QC(2_QiwF%^7E{ihX7h|PGaPUldgMa*0wV_Ekp0+J!FN<8Sv}u^VsW3Pm{8K zf$mL++6OO;4!vdXAy~o^P~Z!!Z9y^04jR8QBQ)OUsxGODy=7uI~H5WO+`drGFJ1??`v=Op_ zhPqz|O@g{Qyoe6Xl9ZR|V=2UCV(r_NY`$@ANILf{*Px%RSLJl(r#9P((#49PwZn6X z9!_jKThCExWIQ1?UjJ;P7SN))QE|D@1kXu zeg?*1V}E}B1uB0K=zbQq$;PS*POjGyxPNQl9VjV3*mAQlT16qu62x`^B0~%U+*hLM zT*PU%Zin8kvxt^I&`|@JBAaSJZyO1b`$+V82M@L(jK`x(`?22;P=;(+T`_ zN=yZXH9X%IsbiRt9w-L#bz&xct1*&wy&fFHVOrNXQnDB4U!8tE?fVN}iA(L}$$U-* z*NXH7pFY=a!!~1p1JHy{!T5Fo{RBMtzZ4en(7M!f~<>l=dhfG z8jc)-i1&3AtxjP^LK2xXVA6}u!DbEoJ)0(@&8)7hibW4Co3}PVXfjC-Hw9x;hpmn&kg#@h%_}G>lx&A z{6h@ZUhN65=lMzaepgBUs> zF`R{LH@@dZGv}Itd8+N0qhC4W%1=HsyIG0?nKBG)-=lqEOC#`N!9!Y`KKd8vLDN|< zr$;tF(PN&Cn|#@n`Ro2-k?Q^Z;&Zyu*;87^t!$)PhjJ|TyxTbcH2d){&?#c&Lf1wXcAL>-GAU8nG!D#K zrchF~ZtU^Fyk_jU|9m@(i@1s8r1dEmU*&lCp|_DiciEsl${b-qdG7~{a!{)w!mxA9 z9B7a0~$A4-tqvNywRW9*7MOQxA0cIt07qz34xlWd5lRzxG=uU*ikpNtkohjmTp*{E{0_M{AjdFe3Up0$WeYm=Wkd55&gJqvJFm zCV0}-=9}EF9UIR;e!;&!^FnIHak}@1=Zz@$3)53DP^cJiNl>yJG#t#kQRUHO&?cdr zWonK;bSzl&c7NV0;QhV*OY(Dy=B8A>q0*O9@48hO7u0Qlnk++9$R&G@h}4ZJXCd5{ zO>1f{#KnBgJ)H%bZFy8KqvT6Iize$+ayo89qB&@CN_CSEd5BwPSE~nohh#_%ac6KGtC$;%$PP+r{<5M1sqnu z42XvxN9kU=6uR1Mg`KY*Q)amju2>6@*T3DvZ8SmDvQ4~5OMSuN1WDap(;|jsj6mQq zF=u1J-0n6@W%;gWsWl!}Ii4n|#|6rN{7~qb7ynVc5W!ODmVK7eNDeNApLH!$Zj$*t zmT@2B^H8nrY}vRJLE2y7S`76AN%4gEri)D4AMVtZ_A-gD=&pJ zRig@LYT~WkSY$gd?8hZ6@ulfh)}xs?sBJZ9T-xVqR1;hlbX;1&Y}zMrm}ocbYi7;a zeC(9or^@Qr5VExB17pQUjEFjs2*8a6hQHoz2K{c(mOx$d$Ry~4mMY{YrNW$fM(N4h z5IPx!vEkNiKmI1C5k87asjGJasjBJ@K0>9G3`P?wz(5uf$n9rw$>tHDq9@;l<3I`{J&iZR_a%yuCAa= z^$z(&f!SRjP#e2J{~F-|I1;EV%#pZNk|<(nXaoQ|q$tdTNnE>L6tUPs^1r{n$r{;> zKAr>c084pr@Xif#U9xcZ-Ge&;97yJSsEO=f$V)!a-te*Q? zd{Q&zy`FFUytF#5xwfgPa`?gWh(F&#b#-;jkL;i~27)*BnY0=%P?_ImH&Um`zz_WP zl|?6DST=1tgvF|bxl<11MMpfV89cGUudXCN`-ytw^w8U~%%J-5p^)2MLRGm5#HzFK!YBT$LA(bG#z1rQxfzJ-=MCTHs>9smMq~Lv7qFk=6t7w|~@c^$KLx${A z0m(~1l=P1V!@YiXH*TqFCd)uka|pRI?| zhkiv>L`LB@Ic)ITaSQdMB`N~O9~hvu4}Sc7`0k|x=g#P5$TG-Nu=b)unV3v3Oc`rY zU|9<7{~4;PJ;|2{oq4u8yjlg|K)pme(hyLXNrk+SX1i*08Ax0kq>zN9U2~rNzQce0 z|KFeBWSL05K|sgvnpn0qvk`*}CTG?|#nP5Nzvf7gSl)0)3mcu?`S|^g_fzfXkKfR2 zm@h)0#H6?I!1fHwC)%bzR>wkRsv2W;95<;arJSy`B=xCFi!!U87h|>*9HgUfgGEDh z8VOr<_%@v0`%FqvzI9t+OGsW&&X`A#p`GRzW7#JkcfYdIf$kqn5*y|>6XUQ7NsqT9 z$R|pnF}t=D7KJ_I)uq@Sk6>cK&d}Kgy%YGTXOd!p+C}IpS3s^YkUe{BWQ}dudA@LR zNyahh*1v`H&lUi{C=e!b!YxDH**HI7w)KauEntT!DO9N|@ZY_-{(tWI!`R6tl)OgY zd5qB7G4IfZ-)qkY5?2zoM6>cmb1k)Ezs6p-t%xQ3EID9$c{2fFizuDa3wbcN5lZR8U!0ZI1dwo`_Fr7or&v5g)}Ok59+2}@d)qRZ;5 zUFe^yKr@)$h63RKUm&Cy;Phh-s1hTmUD5`7^DS}%3Wsg{s$;twHNX0#qV?k)ADbjwH!f1aliPc#ah$?lghzj|+w^A_#gR zY=1p25FV3{Uk3OR$hmGH2WAvZIQ1xT2e>hpk43?!et~3>c!^_!0ZvQcPT-3W0QV2d zGk359JytRJyVE#LFSQNaUFiRwWA5eO{Y^BS+v|bup0-%4e%|p06c9tda;_h#(=^bY zF#?PU{_E?ambJ~XU}pG&etO%n{IFcLr{+Dr(yd(fvr8+z+2)aOXOYCtdQBn-9GgC=ZckRIKUXc#8#A@togeZZ-;Hk|}zJGeps|v-dZzEDP z#GF&qK+pMj1=*FtJsNXT0wxx;!C2@;KMVcaJ3;OAP9Y-h&{@S#~0lw?e`M}n_81Th?vd!s?5S8Y4bJ2RRT zQ%HT}(`r>V6oYZZL*SlBgiR(8aX!mps#rFb|iV!fF5LuP;C8y5F^R>dsw%T2D^ zPrFsH+|Z9n8z1fl1qJbh;ZirtO_=ml_BP6|)G}IJW>jf8twF!!-zM5}=@Zx94ChG3 z_lP99Ped8~*R|dj8^0sfb!1eMmt^Gdrlr`1f(L)c>FyVNH91tIg|j}XsXdbfK%j7f zd?kd{ly`M*k_FpjGi5h4fKrCKjL0c1_LE+7gwAv=hI9uPmEmG7?;tLau1$9+#LGQs zmL#)$BBsx)Z>U+jAA_Hg3~VYJ1BCrNLFaoouTk%$+}UKddQCTTG)X&26No?!m`@#Yhs4kbGxeIP(AxQgf5 zAmL!d+xw6Gho`R|g=TT*j9(mfW6w;V{(Ajn^6NMA)IKnSo5rsrlHyB4L7_t*r`v$+ zh$@Q$ZMQR(?Ff~7??wb)cBhMp#gCs1Ch54sxPF1$y#VV!e08HJBp+*Hpg+i(72?A= zcxl`MpHo-e5dV%{^4ziQGM@!4yUgyH*wAkgNg{xMn*i3}b1zc^Tcjqljo}C%|BkPC zEe{W!_6D2s*Ddovp<;#`Mk3VL5$o-9<$)W+03Fz5A|R|kRWs5YC;{*Kvq@2?Ko z+4jo~-V~iuYW{ple$=G+mB6L(S45?KIZ6hC2It|$1Gp%Zvs~{qRqfx}+S+!k@eZU* zl!?iUSFG(Txm{6v?jpL#HTU%alUPfrY-k^fHdNK!;%K}b#$tdhn(P!!JmOofth+#M zXpk~%*cYql4Gx%o<9N0K8HqZ1EJPL_gkpJ#p6{ks9{U>JPZm`WPc_t6>s2n<`7$xj zb6*5RPs6q1XZ9oD<3`XxR46-H8;?pLUnGFrCbj=B_P#T$sV!|gh>D7cbg5B6iZtm6 zNNjX50s>N_A_CGZlmHYBO`&H8)uf|Y7vY-~>!3HJZER|KM`)JIh$8xmIm zgc1TOcMkHM^qTb9XkkNqPq*DE$o7gqHw71o7i_OzY2vM}#)*)_w~wMb5L_B&bY)WM zgY?Qi(XYTV$}Qhjv-?{B=ckfY?RN(u{9!|tf^d#={9t~0G0s^? z+2KK+vA)MOrVM!6wpXX?(AESU==Cy!-LE`ZU_)05rTT&@5T!;7lS0{~+mhjC-C6z8 z>->5i^@g{6Y;eY=Cw85aIB?O_#@8Fdi~w}A*17ja1pi;su$@`djM=m zl{!ALNY_dp?vjDWr31x1-2H5ITu;SkvSe<*kNa|*@HpOY?Xb`&0Vus#)%4-)2{xh~ zdVyvvM=j4j+=|-GaQ8X)VXze22qFPI3}2j2RUbAnAxAoqcDLW-vodh7b9PM3PmKyF z&aIld-TLs0Wa-FY-;yhl6Qk6GWp+$|J%%ExMzg_v zl#Ru#m{$T$8iEbrMNj5epWjr;DceFdh#PG_Qvl`@5GHjS8owI@?AfRot!^BMfx zzy9}EB?7yU3!q`uV<<{|7Pr~VhO2CfxBnoMRwkBP@QpJ_&7oJ8*^s` z_L+$pV|dP5hwftW4ZXLE@yf=$BGGTX%2oGg@4Rt$PqStsJTg1D$++IsJnBX&y)tHh zH;ab$fvkOQ?RuH0lcXlXW!;2I8vHs>qO|4$oi3j_j|~6U>e%h8;ZP>N$yeXFK?&gv2N==#_h@)J`h8D4vs{i5#?{ zL0)&JMQ4x=#&^ZMNJqMDxvyPW#{gY^d+niMu50g23K^pwh>@A}H)Vq{g)*g?$T`_a zD6fW*SQN_CCDo;WzqC~Qo}tugsmmO1cSdu@4;oyJEkzCq32~BGIdfDS(@Q_JY5ILt z&*LujUVO14xi)Npvwd_ zs$f_Ybl}o589Seq%I|*^e+RV8mPktK1K*zx%61av((b&UxJ!Rxm;dMAzjC?$smB9t zgz^Ib>xXeTg$xkE^G%4{;w>%GGF^W&95z1=qj3nL?Z$D`NC`|dW>y}CAUe>sd-3yw zKrb%c2V5E=5ZiU+C-p<7ejz3RaGoavR*$t37MM#SV%E3W#xPro@bJ;~IzUJ7Mk$e( z5xv$Npx5OBj0}G|#=5!CO~+#vUxD?IlCkzS{V%dsjFbn3peMnFj>Ez$4Yzei$h#@yrkxs42Rp9deBB4F{;pg--HS6emAz4=nOA-L zJ8xHM(ek3NILKVd9Q1d2Q?y#4-6P?rcNbec%8GG;ea#)mhFvFS2WoiR`Q%!|5_aX) zt0=SH5xWt(c)RwP-PcP6r-J>Z5%pB#)}6044s^EgGwGZ)O?W(cQ0H*a=l=DCZ6VZI z5^Dqars^~mk~Qv5uI-gJcW;f#mfIUV3YI?YensgA7yJ@MKa9wY%~=?VUq7+x#_~1W zIr}EX$`E?aT3gUW@1?)A7T4DNw(%EaYXhPvyCyc&mYZ}lm!OK$au^rK<$JszkU)2^ zyp6XBQs3El%roL_X8nSo&yK2nauo%QUnyK#=xgXswUE?pS+YVcY`2EOM4o$HAMBuK zYelp}gXOc{#_ZR#6#sIo$VV=ueDcWIW{&GbgSfzk&c5<{)f0w@+dE&*&kz2D?lD57p+!2WTHBZC zU7Cty=U2#V;1v>3#WUzs(B|~qMk$JtmX)J5ebeW(OVc48!?FoS$)ZAzc9aIOKSq-q zJ?IPcm4L&rv#kiR94WJG)H&XpKj8Bs&^ZKg+-u9sA>zv9%B1~}u)Q@wO9n1CM3YUg zlA%Q?phpw#inOyq9>dDGx9c{Axxd68Bd6=a8?cjeI?ydq|Swl`N;Mc&hYMmYht@#psKV zc;qP2ww?r8AOcD%jYI+V#y*SD%S6+LyplKX&Kt2C6gdg6d?AkI2*h<&=>xnCM%-9! zP|MFC!Y5>2jCU|0W<{lS>eTXjl9D!(j0KJjvC4(`oryUxV|C9#y4Gc7`D^T$c}O0{ z$vv_?r6UYWKj`m%Uir+rMd~8jh2#CUHSg@m~TpSmMad)+90NObi z7L~wtr!^b1<;E1HH!7EOTY|)&ia(Utni%1Hr)*l#ti)#SwcG!L7Wy{TzUvq*x{8Gy z*+ds4#o+Ui_y*%Ij@W^bV^w}L&)+9!I?1G$UapltFXCyfsVrUxsj0d|Le#?pf$D`w zng&^E`wTMImYk5K!DFnItM{toTK-8-jvA%Pl2*RP>VnfNf@L+=Z_lS^`Cob(J2W7< z%DRzFPR+UHjoDKi%Q>$pOpL7=<(LgM>0gKM--=Wj$iHeKoj08#;>0fd41Hc=1dv)$lQ6T_!Kn z$PUpY!S#ZT#k*-INonE4)mpyN7!CauovfJ>oVQo!k@z#5sDjG^1sk|V_kAccvMed+ z!Uu9J36wKQ;V6X(K})}+g3hA7p3GKI*6NrRw>S~yE|J*cbA?R&LD#DMKlw{gO})3z z(`(b@`Zervqqlss>ss^7K1yF~bdq{>g}XqTXz0n!*&KgP?VG?3{cj-)z1xy*GIr~j zI@`nDl@^3H$p$rb^()TGW|ZJu-3oykPrg=OdyPQT5FI-!&sEt4U{I?=WUA?4LCpGw zBAsl$37#fa zE_6+mBnkQe=f3_O!jHU5nbt1qiMna1?W}sU)S>K4&9mv4E{7VImd8T|s*@YO*49mP z_FP-1h}^8fn&KptpmluEsE~#ZYxI$_@M0QIL()APLE94#hOPKd4nVr5mo$v^L8r#2 zkB407J(`k%tOJ^@bub|fqj4<2Y5fnVbh#<+P8(_8HuDy`TA4PYa@WY4<;k%f8K{T_ z>kZ#8-Y{cvTn9fal#*7kEsfIo4D|FZD#`a>R^GcM#EB1C#F};ww3tm^Y4hhC%ye+9 z-6_GQb$8D|wQL;Kja)nt8;u2vd`$;4RjyaYwbFFLnR)m+#hG_9#02y*_CCP7gthSQ zPq!*Q{$AtV{f?u-7injw=S{h`lE;@L%KMuPSvQ=Ch>&&lRD%w|;hKDMh!yV$4|j@y zYR?ge=!8H6*{2yA+))mn>B&7Gm4`S$nVos#YiLsksIc`#N_@c3{(z=oU$Y0kMw<-Eh~7{9msZ z6_o0sl6P${Io_~1q5mYXFztY;{=+j$^OI~*g?#&NPg}PFXatS*nR2*jz+lm6jZ2vS zvT_QxA>Nn&=0zC^IKHuUjO4W2kZMENDS6ZINnKVaGB-Hhu$@_g2lc2WlqFZW|mxedsti}Di?B{s*Jr%jBWBa zAtXkR+vqfC3K{Y&_6r-AZ@ZM+6Q3LoZLc0osQKD7vNP(n*!-=nrm?iwV~aB92&{Wh znk0B|Ix@uvSDYuE7flY6Xf7YkwBN&yFFPg80X7o&tKP+Oc#7*;UOXx@d*WcgPDA z*q&Ae)&L70<}sLBopDymK3hP~Igh29LWyzYAbMaDp3Elp9m1tU)w2co@i{dNc_;o8 zY~1~fe*rT`os^KkdlMlO5f5Fz#fnMj{!JbtN6up82^_j zvG^K2e>f^AXc3VNCTc3Vn;t~TrtdZcQ@r0$O8u$(y@|pl z+3dvY=sdNHmSTQ`ep^1!Qcm-67*&)G*cs31ufYTG2t)F~)Vfc=DXeo?GOr3?SX=rV zZfYRN;hdQ1y6yh0|I**+^o-sHjYDxdbQJ6ZCT{zV78A0Zff7(42*GAX7$~n)=Mp ztexCO8@XHVdAO_-L90Fo2U=yOg_pwjJI^^&xQVRysi%njHNGkVC<$h(Sv9VwW@cfF z?>ElNy&q(}_r6vAs(rXpzmaW>U&EoH!G!CUMlmgtlA8dlP4;yDm|f4cf~&`ej3|)z{WI#SxQa;vz8|Ks`}~t}3u*j!zG*~CrA{73FY>#aRZmsrq*wW5IuR7rb$|2FTHRl1haM7Usl1G^poTc*QZo;MBKe~5t&%^x~R^MB`x41Qx ziA@hMw{QVMYM^Khr5_^8>XMRz0WF5PgWV}5q3<B=*Gm)eu<9 zcr?v4^*5HobGI)ct?KA|d+Ge5k0zLhk7?k!XM(SFhrG2tX1wvpaAhz@bA$OIytNL} zJZfTOfNhpS`-1)&BhtBs(V~RVrco}cMmL(nX+Sy2^ZJ12v-J<(mWoexmG6}?%z5Ky z$MUqyLgncGa@ugDArl~*R^tc6#+hPWG$f(nXd&w9B*Pw0X)|W>)%Tw#y03bcc^9J$ z?gX^g9Nlkmc2T|M+-3sjz2I0t?IMf;gKOIEVmOr@^dpcWTF9Mu#1<`xm|Dx}>UpQ) zR%f6t?%lmb@R&AmJ(i&L-*!&K$@t#G1q1*()iTFMj{;I4?@NSC z@*AyFRau#~x)l?lm)_kGIo8P9Jd|;8FGF}uBWt^graY~*(lGlgS=NvYPeL|-~EYORj z%@E=4kq!iLDBfx|>E6)O@j3qRpyMxgGV-)Vu@#r@hKmDq3*O|7;iH<9Dw@*vcG3A} z%a;N@4pF7EZO(c1Yg-7%TUER)*}?MZb!osGy{*Rw4QSh10+cIKXm>JHhX&UAo6mM* z9%yor?d?hD>IOVEnd*F3=K4}xUc28DzHszI$Zd->6|WZK$k@knhlGc_3E7QMA@rva zVX{BT%D4*%LmIpsZK$ec+m(>{==HXSjGam45s2Q=*Qz2cU-pk)?mYLbwy74us;M@Q zhtN44%UKs;gz!pkMR6C6Q&}TlFO+`-ZPzzSj(6`_co6OWAY6~NM!IG$<9RWy3Uf2J z^@;1@K2HUa6)DF9(I^H7Re>ibPAYA7hndLEm7qRA=HQfNGA7!*tY%sf5!{#uce|1Of11ueT$g2cYD zTuWyLuJu%nUYBbT(mab^<@QrpuYkRLdNN!ONX=(d>+BArQuQ#nS6LmCz^#TBU&V~< zCoC0`n8sP7J*3rZVkdIv^%hZLnV%jF%-$Z5%1v~{-@Wm;C0BPj86|*W4Yyj>{BX0e_;6-;#wE7O2IG-ygAY|{Jn1psz{_Qt zmIS-WDu9wAlO|+2$t8myiB*xiMjnlwb_l%E`0Ukao6iy5bT4Ge39r&8IeG~J%>w?{ z2zd?@{vC}7&KbJcXO9YasB($d^7C77;pLRM*$3!b2GEpxanTEpIQ_g{8E*p&+2~xV z+X8#RYIYz>Yg>PW%+sVYqDssUzc!xB|LhD(%--Fze1LLjLiF>HYMSAT$t^u;4z|sB zne0wF#~hSx9TA!$^MZ8mLSbj6jiQXFI{)6CCB$Zt+o@MHGNccgT@|b?I4sAgH1qg! z>Fs@ghhUH``1xPD&ucPv&}>kM{T6UDuAa*|zeuX5Mh?U8`ll5iDrooPheW;SHFf557#yaZu8-E53=rh1|al~=9 z5#blfxq#!pZBo(W?#X!F!}*+W>$g}1+A-bx*pKRvDa~wN;ho#b$M&C>>~8Fg?zx#% zpD;4(Jp18|4{xz0dxpj_3yY7^3nQs2+4+NMDg?}6H4FCuj2FpcN$-tOvIG&)jYy5{NuG&3ECMQ?<~jJ75o^A4wX+*ytdxA0k*N>2<)7H2FNU@ zvj>BZ%o^xAGX8vkJ2*Eu7{yuOf+dP`yfmqQ(f!3C*J)r7Jsr1`ORMUJtfe)<`=wFjI zs2{jS?<+6wDk}0Sd-g#5;nmDI`J9tdO~~4yo*S2#z7(0aK?}FYXPkV-StJP{JHk;V z^3QB|_O5*}&E~mgekZuLO|d$={mbz)liY_Su~{CLeY11_HSHMN|+_JMx;~0Z+l9=e)&Q!_OYarI> z5o>~Gi zn*gNdq(Avzr3?O@mG)oXVDN;7d5*PX8c&~6?&;`L!NI*fXHV<%got|XXV@7Pb6bb& z8@@2R-rsK=U+XH_NEeM6kUqO%RTSsSmJxaoF5(>QeOJ?zcPmzD26hm%5}qch(C#mT z>2a=q%6wrfo!;+_Wmc?+eL&fWwIjStoL_ir)5LfoU+j*I!9ep+OIcLGM0b|Irg=hF zgMG2RL?gRN><2MdY02Eo%}#1;+NXPbPh9*}Uwt&XlNe{-N9y-1okPFtMC`!S0;p#f zK)hb$){Sn?0SxqEE~eI(X|awq!o#W3YTRa@KZ_ExSvB+O>Bo)yI9O4|A2pHBYV9gBen%TMi#s@9I1)bdtENOY#oX+&k-gx~mVv zHfw2c+^J3D+Kuwl4M!Dr%LOzsdM)fUzzHx{|Fd1MlxVlvDet=59d1e7 zrEgStua&uM-QWAg^hzMl;d}4>mm(lr{RC_<%K0_Q5Kv;4`DdL8n>|ujyF3bQ#HK40)u;n<50bPhqz=>TwPoN3TW@ZWBA+p%@P1&{Q zES7(xFa3Wt5d7zSey0=gH}41a3@sZ!S&6KmSG@qsBrij1@{X3&Q}qtVcG7z9L?4*Ie0kbYN(?-0Yj-mPK8-+uQQ(VQB! z>P`WQ3MCn{g`=C+P%_L6ETZTzRP#?O9Ruyqz;{T~8`ydq=Hcr(W(0XXl>Q#K!gUJs zw2+)kQ!W8lmkAcIOFu8_|6Q+{+VI5~YTR}Qg;ogC+4+@5ya^tF8C$}efMyRa@kRf) zXkR2efND|?-QvX&acv+Suo0{KbzFR5HQ?jN(|{w-+qNWnwB>5V8YT#YGE)sOOxIFn zX?(>BWQ(s!m=8clo}Jq9H3j&|nozF(<1G-CxN)ZXy&6hKoh*$dN7X{T?<9o7FRB+% z1J>JYR8Ll2d4?2Vaj~)2j;L_RF+#}BVz^O8&K~b>$t1nySZ%b^9dzH83b+cg7QNa2 zje)EvzUWl95W>zdI1^KWVAzcR+}!5`SlB|F{Dq4<+KW^C%|>5%MM&17l~5RBQ_aoK zYq@O-rX*-sC0y~XBZWKMeIs?S5Mm-3pr4a@E$NP!#^er0ws^yt*u$H*B&T6PqeVAk zN$~oC(f}pQ0cTC%Z58d7ROnc~V8GdJ(LAWx>GrYSfc^cxwgCA$UZxo4dTfbitn0YH za~%+6s$>EZF=kb~3D5hK5UiF`8_KJV3Lw)fk7KU1!ijyl-^>{${%){bm3zPt|^S}i11 zQRKQr`(mQ;0s>S1=%fQ*UJfo?70XpE<9Xxa{&uM%#CuCUIx~Tc#LbFtz$N}dkMDInSz1^8%7lk_) zv!*ZYwl~o+->Pv$k=S2{-#3R=A_cGcdc|f|_w$&udl^-mGA4Ro=i;)?yh+op*zk2{u9&*b(YZ{l^CQl?`?>B^9=t36{GoX1TkGwZ z2+}eK^+uc6f&DUI&mO+ z3=?jsg<=t#vP$m3$t&u%dEu;Dx!EP=euqO-#{rVR#|<-m>rUnB>=2 z=G9zZ7G!-YRW|>ubI(=Y|Lc+Da~ZKWjrZjCGX8FL{P!;4*o})DR4r}IVL)G z>rFg6;^Eov>ALHD>WHh5XK9Moz~#nv&_;8lUH8yQ#XCs}@2uGdLv})pn-5B?O(@~m#3^7AdqAuxo zD&8%yzWYjd(jm{$=rk{40C1%{cmciO>r2Na5rfx|!%Ck*nF1AJivOdt{8MN9Kc3(G zbF_&{l9)EqK$8k-e3?QC1-+c(xWT#KCDWU%3?LQuM$kXNXfjMS$Y44FPIX>!2m}@* zv@7V-KchwHFe)QxQh||^zC&z^L6eG=`LyTXe$%@Kv7*q1pWmbp#J=pn4By6#(XJS2 zaZ!$}9{DK+W?HiYEFqz{AP-lfpUr+HjhX0!Ql{|Dm)GfcJH{Q>2EKsdj{~Xd|43gD zRGHojGF+Wy*!%|Ix17VZ^3g8R0GdA;JA&z7#L`0%iAu8sO-2&@AO<)<)Z&%Fcz9s< z|1v5+JSUmJ$8(Sd^g3k(Maj8cvXjmVT3;^{lV~9>__bR-9R!D)HuQA^s=+GkrX$du zgU<$}|AQRI9a6IQ1rLGH`sTO2y~i*_NZZ zuKY<}ebvpXTx~oK_a?uty4S`=jPiMWhs3CLEX@koZcTP;-&i)Rvf#09kr{bS6zFB7eDUq2QIc3KkBQ+9ZE zKXCf#%`$u#5E2FwR3wsBeK)eM5zVQ$?w5zZ1teR_->ImdhI}enY0UouaTC5%J$>I& z;)Mm40oh$Uz#0m><{q_KB|xGj)r%{Qau3XT`-Whz(Xj5^FJv;ZnZx={EIm;-4f!P6 zRiQn^M~U13M~YA0R=|Augjq{DPPq=acko&p9fBW~2V3XWiIh2W(EoU!o~u!mf^=;` zJX4Ho;|=qhqwhOL#KhF;N6GeM7_K=qZ=VuPWzjtC!29i+;bK?~j6K%TaL_K!44!bh z{(e)5<3^a2cf#uOq8{ny_81lTR$??zg zS04;jlpgSF`VQG$rH;flP+}?w(CB_TSC>qRf@?1@xGEE1>IZp(91Dk3UJwZ^qN#OPAI zWr+d-Ixw$A9(3MT9Y#iucQnxWC>>^MP6fo5;h9$F9DEeuoB`*2trq2he8S^vx6ke$ z*Un=Hu$kUkK=rW(L@5TeRQuLLvPU4xThSc8F}KI39*qX4*DnjPV}BpcrHqn_(=_&br1UJ*jhK- z=iWE=z31b{_4pK3c`py}GoGx@0TQ$J?)Ra5N?$7BB<4D{(OaF`Z&RCP+@!uG9-E0z zb+TK92<)hS7sIgQCFzSV_5{5rO_c0IlH9N+SKJ}0ER-5MmFJ}+6Q>Q|I^Xd;l{d*g zRDf-bcDvxT-IQRdwX))Uu^PQg)-sem-0eJwaeHR2 z+v9-nL9+>du_H6zsOIla)+Y)$Xu@X z2+5xKyym(rVz~ZJT^39R21k?WM&|ALGmKq8s#fj>Q?aIMz1BQ_oivzok`Hakuy%x60~& z;F*fFJj-_DF|XD2M*&uj?P~o))q(Po%~ev=J%H8J*w|h-j=q23UHQF=0fVVl_d5)a z_-hRrn+}@~sE97UIW5A@Aarh=H2@>%<{9}KB}nQvCQgNx$zU_{gPoC5d7pRbYSnjb zy<24DADueYqS52n)#E3CrE;n@nN`xB-AJi*Kib}E+vVn|r`fUbJkdbHc#%ivaze)4 z%!6mg)^U<#{1_~JV7g{77aM^o%6~v-=ua=veh=Csj9XjY>)p@}Z9$64b5u$)LXYoW z0_gZ1Vh2I29&Q2;`a8(EAwIWsbTl-z+{%I zoG->0Y3K>-aX$RWz%ZW3t!L-LexQ$6Kp;jkgqXBYNMx-}i485r>_zI2Ui?5T+Vobl zsW<1*)}5*fKk{r+T5kJ{W9Ma`k(-}T6?!N2onKwqf>+ZulL+1*{yQVWE?og6%GT#| zeWh^&>}NmDx{6<#+;R5Cw`KuxrKwRaJi(WY-7v$GUyxYGM}pFk4%S49wH4C*Os8vA z$6dDx7WeC=@h#K2lR0Wl6>j|TJW3S1Oq3Ye=fxP0#H*{%W+4 zki@eIQ}Kl?Hd9@VAX_%O?LG95B|J$gaW(t{Dh98p-xO2~(t0u3d?Fn_I(V7G<@VG#4q$x`Vl zH@DgL2>kfK*PVAnw|JkGq~A}x-t=0eZ}`UW@JCSm{uPG1%Lm`ku_adiLpON#yy-00 z6adIzlWB9K8$h)PoU4w9Sivf$7PcjB38#S>GOJO%(SU*zW9jMsXL9w=ESTG$LtJVSOjd%T15RQ3RY#KF)P}Y zfHZ%-5hMVacYBuuVJlica^&k((cq0crqI9l3G-apEwEP$`og!Jrkm*6(2Z&Okgq?` zACjB<6`K8X_6z-k?T@DL2hkFaFjkT7H!_Rv>#kPj-UckP`az34kG9U;du#Y{$KmZy z@XrDQzNV;t2|bwe6>hRP83nZ{NC01WO(6yIor{~Uncs8_z6YPLUm#e#Co|R=~-?tP=^;3Lb z-SVvmpU0p3mVEGG&Rws`n6f6&-?Se}dNg`4rIn`JxfbVBnmynpn^aMPdNZLhUZg2O z7OS^aASVzcvCKe~sV=FU<>iZ$#sx!jnl>|6Y;|2Tcj+Gt-XEpibx|Jqob?=$ryfqe zIIxZ(93nwO(e+19_P^1r7hCnlyrxYoe=VJwjc%Q{jYOzY>|`QkeIFui+p#a6=xXf0j(5t2-|Ljynos*VHlN?3Xl<5=a{?~vQsbfqnY8c-_I z-@p$4jQYXOqd~Raf~6V&n#KT-Rm#g2|;`mBEPUHy~`$ z4sJdCsr+Q5$Q1*jh%14^q=)-2e30*ulMW;WimMA4dfnRpAwCUjD(1J_ROoE< zZ>#b(B9?)i9R>rMzXU`o7?N^$$gczQyKSoJ-<9RJ9EgR5fQjRqML)KMEmQ>5vFx?# zpLXvcfAnkfRH`+o=KOLogQfJxTDEb&>8t%Gu|e!%M)8xz7)8hqS0JpE)x>-htG#<5 zo#FTyC^5=$BG$;^AS}=K9atz4G(6ZLP4mD^UIVB-X0hoNK#(ScUj00c>6#8! zq;s9xa_FM$`pJB%{xP+*Vx?+VV<(Zb_v;5wygbnaOgl0k1?q{Z*TWc#PPq-%bqzSH zH74aDZ+5!46z5tc@N}K#l&}hsD7iG0xTPbqAp&*5$&iyt(kMvEMQpayJ!h~}93~U} zGAXO(Xl?g9NSC_)*qb|zdxq)-+;)=UAyDEr!8VjgnKtQtUWxBhdgj!LTQ@YmcB-fL z$b$>Prk9O6PtOME?JHZGBXxw1axPO1#|`1tX(vA4044-Qt;l7=t@Z=Rbdn zcoA@&D@4=ybjy*zZ9&M7K>8Q|cuBLLNQjVIom!lK_@nUi4EfLN|G)7!A7@=W1&kRc z8b;UGS?P}&5T(7pTY#2?Kx*2&gs1spDAufjBxYJImfSztu?zTQQ{GYoek8TO{Lt9Q z0N518kYwo<&M=Bw39fzaZ@oud4#ZD7q+ zrtv3&;U&wzkR|4+->~%^v&BCWap7OX`hPP&M$`4Tz%J$4HlSv;KtXYU8-&pg;H8|q zYf((&X@|imwPAwME?_WbH4ptVB)>&=`=6R;P@y1*zb43T@BfOK>3xl@ZU0n3n@b`m zO`$)5_&1L2{>K>}Tygo%6xk4u>E7b)FD}x;hZPIUOox2MJC4O(m4|0(>Bl{=o?1vU zvr)VE`q;i(iwlW)DQo7*Nbd=;IvCfSWaf;B9p9Othy`?=gE?A@MIKQY$*Rwx=+7yrKBx^lh-!-*1`SoCYK8_$+e{I6IPF0j0?U37^zu#k?{<#-S&cb!)^{%3dHp7R_Qj6c7K3A1GYW$_cWjsJp9CwV&L$d9k zz|?+V9gj|YCi>_=iA==TR`KNVZKY2oO)@#pm*lu-R8?`7FMEr?NlW}L%KbAe$ote@ zK685Gl;o>L@kuQGtmi84F)WZ{6gs{a_o(s+khcOVH6u?og~*Y$d>zqLrI+j}qJ@Mn z#!Jf!T2C@nl;1~%AKl4PJr=Y3P6~w{v0Q6sDy|=`D^c_H>+r1-r#zG1EzMUG^#nn^ z#=MiNZBCwF*PNE{xmXoU9Xy-Hjs@ROzKGe>f)cxDfvQ>dIEK!FrF9~7JFWbkLF_mU z7((julqv-}*n*sVwN*jq^M}nmrosW{bq_rH;y}_G3#S}|ae)5Yr{5t<5ftqR&Eor@ zwH8Bt7TQa~u6~DrD5cXj`qxL$p(;`^of1Eq6dp`}hj^HGDH^T6VWoj%PA+KTqP|1G z|7;!Cbo<=_V1(>$dN>^5$5b)cc6wD@dTicR%nW!e#jdTR9H>8z*J8Bl{hI@rMj{4m zWU{Zo2xe4+NH4Sx>QwRW-99kKiR@{_`L39vG|4|-uL57)1Z;Yft{?kHOAv!)dKFgh zlvuYBLALUHts2vA<$tqpcqky!TZ+MJ67VqYCtUUv88h$ZYDV@~qdCZ-8GxyUtg4Y+ z;*uXFuYHDhXV634!$Ok6q8Zzk^)82C8|HzZygyYgIJvdz@KfXt z&L3ZlMh|FFmwkAhOAG;CaA}M6;W!E!E9HP=5c@O%JfI z{KKWx**|rGj^OuR8t#5N5mWp^3u2F{U!_08kSI8J*Ed!^sVoJnH=GW5ue+6PT&VWLBH2m(Wt9ti}s+JI}!$) z2dI=91orQCwGHiW`=xK~Dp@~0NhQ~)<_&y|rJs`r8@{{f9*|$|^RHKZs}m3te!0)F zf4;|-ML<;Zm;0RY%jD_H<77zqbpp-&I(gP}f0}@Q@E7Mc+X%6HufB}bmtieRf~Ox^ah-|ZP3_4U7!<#@Va#;T{(cIjm{lkfXzLkby8n3 zs{gxOb?y82ebRR9&C+2~Jl{s2rk%=Z`ZdOb9j@3jfMjH{)tC2|Y~l}@jQ?ZH&mohc zdG4uWcU(~YZ22ndnw4w0zpe(+aGE`qhRR;gv;4P7gHB|=?>m~t@5Md%a=0j(%&&d% z)~`1>eU*OJ3~GU2pWZ$<)1d`L~Pg|Uf?6rYh$bDxI$YX8YW zY`I$h@MH7$4@shS@%@Qn(yv=i%9t(kWObKTrVI-Qo%l%nGIuNSxJHZmQXgJ4whc?Z z%D+qz90$0D9cIN4N~~5HT~lxP4haPEO_M1!(ex@D{pct+<}-q>2TGxb8kltzF;KF= zwiNN7s9!!`_;H zF1Lb{4KqfX5wNeJhnS$N>t?^Xd?m_Juw}v*OaB0NP0!|8u3`S_;u%x_X~u5VfqrQB zHa!%HCtex-VbA!R(aHF$S;P9%q-hLSDofX0z2zltO{I=q&-^*LMc*A>*L?ani=~JE zbHU5t-kVdc1NU7&aLU0nPyF;GL${cRF#RI`PJt`^eV=IJmB&_$dl?GxOu`zbza)-Y zu~hUZrvE(XuyQv0r>;y_;1L*BPfYj-TT*TOsFhQz)aSP8H*h&269;|+G0a3wEA&MdZjOa^IRepUzI_ ztT$0~^Z`-guaA3o7U4Bdugat+o8L*QtX4lEF!8cjQJ{MXerLklcI9++hq{lVX#rsl3yy>DrSt)pogl@rid z-vX^a?GXLgCHm7&(N^BJF*3=dhkguB*qXd!mvL^#8E*91)%y6#Cv?&Xk7mR!^yB_d z7(x0@IEfuuX-G)63$+N5+yD8KSJOSdX(yJT60P==gb)T{F49w<#BtJBldPaVy_a2c z32WO6i>>H_+9My1<3?FI|o!$E<2X3pUHMuX5t zdr;=Yjx+sAH=Sgr?oT9YZ+9tG;ts6NS&NSQJwmXNoj0t=39skw)Qs;r()s3Gtg?5S z#85Uy`lxrSuiNoc^J@mDKd&wCpDD529Ur1@u*Z1M$=L`-r_)T1n%ZOpamy zV682B;NY#kTWuA2F58mx(=Rrvq(}$Mqw6~Bt{vCT(vlpJR!m4K?n|j~`i47ai$8^N zW91@8p6*8rU2!gN3ImkkoQieBUWG>^X!~#} z=##ggMGm2!G^TnylZQX7QByEPVywSXR^#)PVe2HO))fBtHKxqiWXxBn!mX@BJ&(5gzv1d#^RuTyq}OO?NI2#P6Jo zotcwZJbs^!Ebl`-W?kM~_waA(_;S0BDf0lHBkwpUeYOWV{IC8wIh+}#*Y>9<$aj{y zf023u&S5=L$j>3exH;@aWy;VK$1MkK(VP*QDx+<=to=EW=qC37f|m zD>wzCATjpkz^}ls#G6KQ2Vy>^E)cTENRplH(=l!k##bC`x~Y3v%qxh7&}PV#yp5KE%9dp{AFDsPcFu9&S9rssqh!MIJ>3x3_?SmQLZ|tzWleplVZ{v~_@RRSFO4mtnc1ET2BaYEEP)$rG zc?y1ID&i{YGI1cijFc9?vTYs2co9I`B-zwDMz3G5eEI85D4;MgoG$BX9ae#n z>U<2!j^#SLGY*&0D+O*EbGuKehQv48L8U{+OLD2xl|vqrUuBV(URLJw#VveJ{#lD& zNuR|HEVG03^$ig9|QxIM)~od|Qq8#8qKMY^FHPc3$+>=#8Y3&`BqKgbi)qqG$5 zPmdLV141OLm4SFT7nr6;H3KCfek*_cja? z7de4Lvx9PAIlZbOa|%lrkso64?YqTc`FptTDDaeh;gdnQ~a~*gucDq9=rv;5-+gIt5|R zQO|qeWhV7sZ3(W*On-x-9sebaa#Fj+$`YU{RjX*sgbZ70Ix6wUUjL3#;6m8pk~wEg zJ|#JbtzI?ib5@eox@=Js@fFKO&4riXt1H|fqD{!9&xH4Jrg`Whbv%@!yk;;6W0rq%j}nS$=Fv4 zNNhME;Y_ua$9yajsen8&3vc=HRCnl96KLqNb?wQc4QH?y2@Ip1mfmZ!S@&OZYgKyp z{;Vn`ljEi-+583VStU;Mkxu8%XaT+ka928+89DVypVN{a+S%w`t(4FStYJedZv6u? zH1xAqU35VIoJo(Q-Io*D2;C*Cvcc76{8;27HvXK=zjF1?Q$MPAi}LgS)%@RR!|`o4 zrt0Zk1q{FpG5si=)P&1l(TC|Q%OtAyW2>Yw93@okzqKXrim=QXBwjrkhG-pYUQT9- z`GOK!M$giM1k`vE#W~advsvFheQ+a7d=0ouQu(&4aQcen5R)8Mr%u=JC|pllZ`kls zG-SxCt)qYR=LiI4M~Y93d>EOsshp^2Wa)chOEoU9css{fSoKY={|Tedgvu31S-Kg? z5Xen*8^Q<$`BShONe6`C)6?30@pVkdJbU8&!)3$DR%<)GN?Wmm-Q91Rh|9b*tC{yh zU(u%^2V$@gR2b$@!MQrp9H*+-j+G;=cSKf9mz6DGW)7)8$~73VDon?z@X6`C!L9hU zP#}sl=mS%=!M(tMk|^9Fg>r&Ap5?aoIv){31++*)M#yCs@9I()1M2!KZ~Z@vxV$H1Hpkat}@Xj~rNl<5MMIp#P|o z9uA!askz3kE$Umcvtb8O~g=yss?o# zQ0E6~evY4+w2dKbGu?yue;XQ0UT}K&Jtfwt-h7P-Nxg1yi85#p&JTE#((xb{hz~G7 zidKCTA3%^(u=ROe*3UMe(<~%gJ)s+Xe~>TFE)FKMG~|d1yMsPj_y;7`BZ6!mptuva zC#BMOnb2E3m#6ix{*_M84Bg#{SC3gmB17W>O*3x)iQjs%v_lPMtQpHP$3cicst#7u zFMqo3#4m#*@X~+s+l7{m`9Tou(RQxw7Wv-Pa1voierbLf-TrhnwSg}w!t%y2qhQkS zyC2YfxPLD!@h^O`|1W$R{wHMin_s{x`S#dxkB>+_u>9vlwr z!Fam+Jc*-%(@x#iM_kTM-%=2ZOSx%$dJD8OA zOToYW_bdIcAtJFb_vhWLVfb7~iYxcPiusit9fuZ3#J#P*rRq;!vsO2|!t65>XE`i? zd>8x={4KE+D!V*HW201?ZrC@o1`6q8SRH_31-h3;&*_6v_PFTabc~BT>rDn@cCyZVA+)-vgN|5lc z!K!RePkGH{GZ=c3T4w6V?!_hq-@q%Z$9UGi^{CWWW>G(Ek(z$G=V?ZdHn%>c3ZrJO3w!bV?|S`g|m z=0Hs>??0CXsYwI<8nm$RFpj!PAkcQfb}K`(8Fw(et4vN3{glpq`R?My8yi0BlfVSQ zml=t;JNirJ0+-X&nZ>*AGMoE%i||d1KMmC`Q%7c(lw(72G}Miz2t{Nh0!Uq!Nov*T zt>fPw#CK@)TUwdBPpyBJ;NIQaxi_eA=lNL;clz_Ycl9YCeCxJncL8)HiO?ItIHjOW z#3qKgSA3ExZNao<{sZzkHR5!Lnd>8Gu8W&nfh#TzGLd6DUTOvs)g{RT{X zjCCAMA=2R?^~_sq1EaG{712uuuw4_zvLAmrCb3@M1c7e^&}%SlNNegXQR!)s0>><> zrc9)FD}Zf5cy15!MSn?5F27oCNjNH8R0pL~bQTCC;t^!Xu$vRBjp;bsrG#1-Owl6M zxry0^GShQ1nHS33nnLzIzmKeEs^~|AB=8iRN52!v2n(%3bJ}kG*1?sPEe^Qw*Nhf? zkvH^S(|Q^HsqDqUOc%c!#pXK+yp*TapQ2xNaTst))|ainWFG7~zg3Q{ZLBDcR&$co zdAgS6h1WHs85uUX#KoF1Ge|%uAlTaxt}8NRTP58`&8<{vP45;JtF5NU!wp#Uy)8s~ zD(-n@FBgP=AUm{RUjc`uVcvKI6O;wez>W6@)FHLal$1H2<1QP15~eCd4k@=8*8iwWYS$rU^@GNA zSRVD9r0R1hnq@QRcU)a~fVVG9%=^1y$`$)J4{elp$a){7+3}q&^|(xxPt+-@TjA;J z`e^O4Q@wqpBx}5dn&tL>aw^rX%wVLoAJi@dXbLp_<#=U3NX4IplHL?ZkfhQR?Ydfn zlfy#1ORev3nlgt_<*wQrNqvrEzN5;-ttU**xeoc=ngop82EKyQ;d=4s{67RZbC+(C zsFMkuXw%8|*cL-WZ@JaP)ufBp%gUWU$K5bLIG$Gx=Ntg%;@dg#P|h89?1P#JeNfgNI17^6BE7d?A?N#{{k=K85OGbH1E)B#)f0;B zwZsiia>mcvkZ^h()HZQrpg=9{bU=WNWLusH(_5aPYi^j63^saaw|L7XiXAUj+C`Rr zNttYT99IW+7!nXnFa$|{z*Z)8C$ipLKlzT*tj25hff@K1@5igi_!Z0QnjlFo=P);F`b*6x>ZXXLTz-G@UTW5}ll%M{BRe>tz9T%p2aL6Db!vbyA&VrsvYtq=iuGQbeBi4pJp8SIn}<7iH4F1a zS0eMS++dv?iJ^nUJAh_8jEpa!n9AyDjg0l$eKgrb=F0x-=faXq9^LIMR25fxrtU?- zG%YU3@7qbBdgxSNC*Kz6gQ}iZSyq>TvR~e{G`i|0xtjJhh^e+n)G~{?|0As&zw8@` zwHP7_3nO)=?zek`rdEA7KNAeUM+`B%d8P|NF(p z54Hvs$cN!dyw>AtA2h}YFBsLnCI|DT&a)U?0yj&i4(graNKzy_To7o}A^Ika+z*H_$xQlKK=ooN#_j^Yzogug4a&83Q(9x(0| ztWT!2KJ8kpuGS<76H-j5>;F>C+RXO&$WrG|S zgxmmTg%h~^z0(ari&6psiiuieEw5q17b|n5E#Y<&mr!)*H;(yFt9OMjbv^eJ1w9Q1 zA*azvCqCdH2{ZN@aIoD2r}(ZH)A)z>_QZaZL~}#Z@3pK#h|xQb_cw{PhcB#{Q)l1wb8nmJOH_>J12pPrzvL)@Pz6$lEIl zlUX~mO9tT)Y>jPaOCR}MX=Ar!pKL&&CSwRSfD=CedW{h4K_BLol3D<5+?faJMVxxR zs-D>8=!<`0p#1rrZjUBq^fU!|&G|4^f#jNY#{14wK>oQ>5l2V3=bCt-9g=YHDK;3w z?IfuwoT+E#MzQ2pON$R~z;{r0{eD}v9In!2A7pl8$NQ!7x`FdOX)B>CiVrtLseR~C zXS4hLzVQfV7;lkhgmN<}7n!?TeMm29V>kQNGnT6MitO3>eNL@511)^ASv*tye3j=|0&<>85l6Tl@Jdf>h;n^WJXHKk6Y$>_ z3071jjXwBgVqMf>cu3C^=UH66FH24S8>Wul_7AN%-k}su7o)jp#uf8V+X$HFe{=*v z;C;nd6U=wG+?nOKGsHV2W8Wy!^)~T)nP16f^IIHmLxufJ#ZQ4y7s^tfFXS(%$y#0D zZeCb1lo5blt|LQ}^#q1%_x-f*uin~r_StPLn@D8gujNtnjAnfCK_Fr;1l2{cZ7Z=V z0Zmv`1*`~YCP025cN~cuFedg7Bzo8OH(G|sg}=!-3Z=9`pt=VcTn+caQ(ut zet3&x6pc6ZS%fsH4-63-VmWTM+CeBwGj4ou&N6L5DnE1O-mAB1S4?E*!6Si_&Ok5) z5`I|+*@;8*B9nW52ges7WqSoW@imt8;-B$BjO-PWxi&L2YG+OS>OY5Nkza-SI+@S; zQAQIm3PQf`IV&wA%jR*8syBYR-z9*3A)4DI-dRIJNbqx}!Mr9H1gt20k^n?MTnr$s zARwLnXl4L6p*xA{&xc+1E1#>5&>pFO@RRFg=M?Uhp2z3I_x{w^=wrdpyG?B$V{6_P zaII!?tQCit+=d2;vXKS<1$jF72PAp+I5iMTJmWB*9b&2c>2zQqqAWWc zVN#gl90!5gm?F4r{-d=bP1z%-@UH!rmxnas{fAca)$GR^>Z&{=9Zx;%WKXEx7>g&| zDR|(u8b24u1&M?Fj!Od45UFrD@Su|!CWjvaU^d|^c6Qv2Uv<34XG(KSrqB?hU5L(LjEm}dV0ab0k@CfCtk4;jD0 z{$Q@_6Qb?oK_U1gHm$>z-bI_7v)|SuM#|@mf}~Y-9Y-GD(94W#du`(3+up9Jo~Zu~kj>4Ru?NbKhGa$zu4(He7LCx!H%OE;3JpPlmpm$vwoZAkZzbq=o;+dXx0b>hl& zwMMUnazV2~sNMNkXx34RgmfN&ci_o>FFK*MG2(LClqRTL-dZ=4Ic|xGP4Vwl@I$?( zE3M>PF%VrR(}d?0W1)a6-Zw!&xnXoq8mr>|*rWA@-^kUtR?F8SUGx5qp91~Y^aKT6 ze&Mmp{{nX%$RxLR_VF4@aoz-cSqCaTb6*5!c|)TZAeBv8hrhnwdYzPS=ZVhhK14ynG`-LcD=6z$X!*JB-~ba{AF`NaGA4E>wb zLg*b+1oI5aA4q%)$Rmh{^VzMP$<-(;&S!yNO&?mcjZyRpi7rm2ru57@Mi2{zzQlNY4t1w zUx8v?UU2Q7=-;S)=_>UpIe1BKEaKKeOzPLCZ}=WzZ6{GSq&BedjR{1gV8u!N*qXQY zgDy&SD~A*KXf;DMJo$-y-Ts{nPSd#M`qlS{R}{NE5*z$JGAWB{q@&IfWPn{>w*ddB zQ&ZYFans#@wyck|AEMiG>Fo_`FJGzm$l(CoR2QQFGJPO|dD1v(HG0E*G$^@-$8*kv zQaNr~=;8}88fEHpCN_c~-7+MsjQ!_vpD!!0WC^5}fSy_xN^|M^ae2~B?>uUJa?G?J zec&>^l4Sh6;j^s4=5wv(7*LDrK2TQe5g`Ytyh9dCAXwcH58Ecr3_0@Y;=&~IYv*>R z6GAHf%m{+DA@26x1I7xsy5#oTXn|kGJjlqdCwl#ttG9XD@{$uYR-pAyB^#$3*6nW- zz6f&g3f-sQea^)^GOO^{(L@IclCcSp69mejc1JQS8eI#DZ_P5F`kFI$Wn#Hm^K;8% z$0Ze!dver*PTZdkJY|yLHvl_)Cl{bL@TA>ACPte`Kqh_urOlt;CBDfs`=y?|u=H7x*P;X8&9N!NZA;?L^>nAg_DicElVxo+`}ulfj*xSh?l4zDo`umdULMbTUHN-uj5z&IgILL?9oH+r;Re+u)X(_Sh z%&-ikHetpNCFC6G>yE;|;j?(>hM4HDT(+cdr;9ypLyMCgzGOexoz&n*g;oPqrV}vz zbBggmwax0lys%Vp75KbVob8^0v?l!4>l2%h%X|d!kSC&DXo0Ox7A)5$Tw>~qe%-pf zwn}2~fY98hv6BRqt_L3lAM*(l^ z5;LU*KVs-E@^y-*qUC(bGd9tRlWU5vGh0V`1=1}_>5Qz1mM>EU;UaEyL#B4J!!S3k5TTD+*s zG=7yS?+y7g8uq~FcjjL^auR(Jq7G+wCsC&0#-&8TbM0B?Obqk#%@L=JvxKH3CRmI4 z7Xjnf63&hZKF>l%p3k1ylRA6;I1OM~NyFuw$)KFhSn+pBMKa3ZOpezjiBh#JGA|7c zt}h?VX?Z>G5~H4ZVKtx{pNLgN$&aB_NHRFANQ~|Hp<30ArhG1U;#|!$<=(hBw|_v8 zyB7tS=H<2vnr611qdZ9asb_jFh1(NIUQI9pz5izf9{x)N?q_Pkvx>1-M$c7Iw@5Nk z?dnDD2ex_yDc?RT0Rf(OxDU1o)zJouTRN%f2@ATA>AQHyisuAO05MLg}1+eU< z>0vTTeli6_b^B{BD{11R)So1soDz=H&o2Yep4QlrXcT-(zgb3dcIM+#p^4$!*&GKh zYe9S|^dE&(y4lBu@cVqWC1c&7NTcJg3PF z9BxT~^aNJ~ClE7$xD+_TiY(sPeUdtP9BrT^>BKy*|E|acLS6y!D^MA%d;Blg?8#i8 zJ1HHcTrnM{(*sV{dEMZ-QB!l?Yf=)+zICi-Tn&x8t?iH7~YbwHaLhtgC) z;Y%sO1nPoFsTThvT{hC-FUWx{G#M_4f&*F5-Vp(hjsEYg*bKi)_mKJ-Jt-o;BiPg=y1Ym>+~X z&)vv)5iS2S^JX07YIw{_sxy$>`@}ebht&&o8}#g@X{L!P|~he;?5(qY0JNns4#R<5!Zsr+f7s%>dFROQ)KCLyr5Yr&OG~A(Ge0@pxhrt zNi6f06xldPeZ|$)HNCT!DmAG%An4>Ahm{F$z*5L*HUtI6bWn3d&;E1yR?<@Pxd4!5 zk0E*2#g7krhI`Old5XDTdG(?ti@E)W9441c(t+(&a#^63?t`#hkJ4!w-yPl%vV&Fre4G>72xB?oYWlV{BQ+jf{#XE$1 z-Mdf;srKOC){K5Ze4=7IPA*-iu`x~%u)J!}LG=~^BcSLaDzXBlO2QVS9yGYIdgiLH zDtUT`NX&7t*m6CfR8tzimx8%l_8uFC=l48{C1QGg0ejVrq?N{&l>Q*F|DaG&6n#T9 z-_-j{+AX|h^+jryNQRx1=Zr04b=i9`dlD}moh}X1N7S8>YR03DHSkljHqRS%wGR8{ z3C46}S9{(`x~{`mwD@TT{6N1}_!W{Ry7q^_b+@vqvujnxrHl793+{&)LgnTuA(THa zM3@e6cMU_Rn@t_)Nml(>S-3Q@v*#ZW$YOu#R>b8~i*Mg6B_#rmBqVMPvBjQShVsTP zbP4evv=<~3K>T-+mc*ER&JVmbC(v6NjPmxW@=tO+q)q-2zlR+W=2%W$483%Tyw67z z1|d6?Vkc22ooSJ_SIVFM8cD_qk-U^^B(pO;1h~*fao-ivcG7<#*C>X6K3s?+givPQ ze7@v+ZNBKeuI^*xl_-v+6IVMRkEEoLx=2q9Ur#vaC!UvtRQ9iT^mj~nRC-?&pVs_J zUMb$i!nL4bMpbt3(pWI3xNGI|3 zD4(kk850so!JR9+*A&B9)@MhCa!isQFgs-~&IhGEvQSeI@*9CnUB>4}66$);3~o>s zP&#P3>1kMqD@WPNVBim_=$cW<(e5i`*RrMa$%K8pV!+@ZL9DbJAKtqu^0}g@!+L4&mrCJ>! zaIF-JdAId;R_&u1g-jNooSx_>K8&QXnl%%6OeVzObNan$b%CeLRmqXSZIt`UwQ8q{ zT5riur-3{Lbmj)WG~zYnEPEGNi?g~Pk{#}{A8^!Ep&S7Nd?!_B63mG)*$ZX zTKyS^FCB);Y8c}d6>L4YA;|EW+Yhrn3jw#10yJ@nwJ9>~H{uz}uvjCu@pWKWRoVMY z{NjP(Tiu>72Yn1*m>UJv6NOiuK9EM@;Np>P9udOh=VAjZ`4_lA*@+K>MK%i}r6xES z&VB9i&h_fmg4Y9@ViXH*b?8pld_%l(0!$I42?}f*Rn2%G|eGaV9)6MYf)Aj$d})vIM!2!p{diW-Q44$8RF1Kp^6CQ+DQJlHHGf3R`?$^-+tWGDLM40I^`ht1h9Dkp|#3 zOYbpIj+27vRU`i7s?C_zMRV0WG|(MOosoQe`wb~YmipT-t4~J=cKEeTEIa8qcC7(y zhi454(6=`>Hsy|gtq)@;4WR0s>!C5rhzp^hfj|nXAAW1{P0_drvs%WG^imv2-swp} z)(T-m)bFFeu4FI2JNdrL#4yASTP2$il2(ce57R-Vy4Rk$0;Mnu{5}OTn~~A|3ICr( zbjfDtgSh=ut(|*5q3h2%bY8dE7w!%c)~GtBRy5L#!J9l+G}VC}lVkd{{YRFXCDPf= zWiIpXk{nm9!Ht2dQR*y7CneTXaN)CC02&XaM6&kD0miq9sU5G{JM6^jHrhHmw8aH& zuokIoj`hR$VxITKi2Yy7YF`|2r5Axi$UIKEHCECIZ%XSbq? z-jm%&SJaiaG}pI$Y{Yne#3wGQ1-j_I{$_BGu1`!7N%@BErzS^5-Kz-RGjM0)BU5uX z;!sXyXoeY^AAa}eHZQpOyta9(!`e<_u<2!PU_*=&L)QsLSTIQTs}&Fy~F>XPPJ-Z<}E8*<@iH&2i&;bX`Y12-sQ$vo3)lq zv6*aP3#w!lGELB*0|Fi!P!hcDR1?X%vVg&bNA^Eg_}J9aMr^|6u(w~MpHHgt629@q zkjt-~??yLO+EU)AFU)`>ijV9w^6YV-oSFi=Cb2s^0tY{)`@;hQ!Xlw>GIsOU?xiA8 z0Uz~M=)j=S&_TujM@wa{oOmvR5&^OB5qe;x-sZic3I z&fd7h3t=CG{GLq$3S>A@!QamL>`_nNlc;LSQXC?Rd{-X5Ptv!$gLx5W~*4q|OQ*BKfi$6U!5My`@BHOtV;OGH07&$UA=koo;60iqk z%xUA1tF{$96*n$nn5UOI?VaH$%=Vx>d)VMUb2MWu%96yG1d~}-H?|~N=1JGoiX}-% zxD|y(JLl@$Tw`Lf1e*^qRQq!=iZQXe=S|*r1jZg?c0lUPl)#0ubHe9a(hD4P?+7*^ zU0TGkL2b7vKH!X1Ac3ETQd^hU;aAU$N83YJpp4UQ=_PKQ=hr40PlDoGFmJY)?<~V; zFL2{6&HCzlQ6*GiQQ^ja>F57nP^bR=&rAjCNbj)gncamHQvan@_J1#IN7knWI;QH@ zfYOCazolCp$3MRME4Ay^?!25EKJES>(9v-rP1|8HvRVv>ok^33^I9a!vrh6!s@c|2SR9M+=mjFPr9 z2Zh8GhcQ)4l4g4JA5J`^2u@du7WZf*CW8j()8C78c`rAcfhzd7zgRyrDQxgJ<{t^r zguX!&Ti|>s`)|@sj41^&IflgD4g$SKPqyXp!)q%E>C&DvD~Ty73&9ffrOw`~Q1ebw zdQ3Yv$+s8EQ5Y%FvI}b z-HW`Fab)|h_?agAy$57nkYKhg$cgk)zp4ffkuJde?TlW+Lsc}|tBE)7kCszl%*bRh z(*Svng$QnRBklDbgYuaxsB5J{{CVEZGjN{l@%tu?U~`JLH;)dNaIDUy!mO+=LYCPm zbp~ksmex=Mbf8SV36V_h*?7ZHjSn@V79aX9YuUF93(w^o4%WSBw;{!JFEO{f*C9jj zRw*vTrI^OBO-aYGUq7U6y%9S*7Hc0{;;zZjzQ@aI3I3we#{95gBRc>)wm4|~lM7j3 zbHm^RCTry`#yhNZq@t{&N5@mr!+bFF`qQ4FOxo*fiH`=m6~CgG(|fcDci%5j_ID8l z$1H;6^J1KXA~jYIP(NE*k|);Y+W43eZiZ~;xY6O{E3&;3kk5K8Ff(mRjxk9kQmJX( z!Yz|`@F+h`ma%`@#a3ON%vd?3FHVE0X&(Yi;aC8@?%#Y%4-1xzqeEpB6LTa~+etd2 zFE7c8Spfqk0WVLtz&Lj8dotDA0Uuhy^zFxP9;H(uS*_Y9nkYPdZz$DoG2aq?{rw(G z^Ov{~!E9H)Y{k*9gj5PVHO@{Zp@92!UAr7{yZ86Yh4bQyP1^hS`8S9=P}SgSV|s}w4zr`e^#?A zqtQ^^BS$ku&nGEeD)c5Bcad8BwoGj|A)W3_37Dw{M*2doPJs0mQ=`4~@$GMP*Yo_3 z9#=mUdM24NmJbL%U?0B7ex#_a-p(oa%E!sT?2PCxY19#g) z-){5N#qP9Q)y{o=>tKz(vW_3Po2G9{BwSHRdEE_JQ&;UL*b8hdFQvi-kf(i5YRl_> zw3>U^23J)%#Q3Sd@4T;h;6-`jIGqx8_kxOu*6H=!&$VTI7c991Q=%E2G@%lJjP-k< z{8V!RrA@34tD^_PdV6*4wVi~mIDg)KlS**MTn+;WEL#dxw=~mrY2g5KR3$4 z`Pt;OczVet{R(@EA@2%oBUq-#}US>cIg z8Od;9Q5=Z$JTj(OlzPGORxFp+uIfk5@wgVZ1?2J~F9lRqod~ZlSfs5;QI;#M$J`5| zE8k*dzj8&lNXX<}34|<)`u$(;BCCx@ZKU|FB{r0K_2v>=yOVUx@}KMHhKB0Y#?e2p zm3;K+@V#{!^szs4-)&v>r1;1&RWS;Ds%O6d4RI+og8$5!2_I7K^^u2=B zBz20NZP;z^*9NcdiWXc4&M&*qruP~1pu)$5JeTN^<~``?W{e~cSKWRJp5W~Dnb$2~ zt$x<8g&CwwjRzW-mSkv`kaJr*Gd+n`8`tA|jH|zyln^EUE=7!@5L^*RL@=O-x9VPE z@lcKIV@wlJR>gIYaVq6rw_bevvh?HS=u!g;$q(g_HhFSA(k`O|x)9jzjifvmLupN% zU%n524bEJ(9PVBvtz_!gmSix#NiwzGPfajsS&i96*T3VgS#G%`nkqcqJ@q7Rwzr7; zhaMPJ{AV(N3*MI-sdU`8U$-4WAISowTaf5X-4AG7GQWd_SEj_L)P*S@!r);^;fG)A zy7p6_L?*QRR@l$G*-phdjSaU2*T_e@*?xv{(nURYP#pFfRQXY@H+{%9svW?p<;OF` zn{xdIU1?Yh$U%F3e(4U(l_Z3x?yrHXaNhjx{C?us>owi`dwmS%qZM^ofxbzIOXpYZd+{Ub5i*kX_Z7awSul<5=fe#&eM0vY z9=~sWp5|}ICCpbT)>#^8Lj46HfVx>AN{oMY#=PQLTz{rFDY0fR%gHGob`+Sq}!bou!8BY+Eg4#6Ohgv&`;XTGbYBCbxb!iXw3UMQnx`%5G)LnvQVj44YK}?Vig6QH z{nb;?_Y2BA{0yZ3bh>@LIyq9dlrMjqc=FLQ(bpMcfeF2tU;B_j`$&>PTAL#M<9amj zt6b0$$$H)~qsv8TUVvU7V#2NqStgr}f?omx2)@xFi((TX-H>+RI+v&Jek z`!<%f{X=8^p0~o_Ey0e3z8s3LW*2`lJJaYrl)JYBGb};T0~7cO(uD(0Z~6Y#h%CSI ztz+i)N?5D&g^L-pioS~tD*kdQPH)$!cW%dpA*IcSKBkJ?iJRTxatWoTZc!Jb*f5@1 z{Jw7v)&V1U*!P3kS!Aa}?!J*tj&r8Uj;tcM}ov4z_;R+l=H`&JFRlsb#|f7)nj5{=I{g^u%=WD$laB$KTt57)#^!0aS`li9;Dzl z{C0NzC@j2u)3zX^vfZqam(z*C1Ndy!v zWky*(921!o@_xU$Rnz=i{{^SZC0^RbH_IziWSyEDnCLZF+pF<=pS(e#Gppy1!(ztY z7BVKBb8an>EAl_F&ccPjrAfyLyX*C;WrsEMUa;x8z~E2BYD?17H}o?UYxFTm>o66P z@hxI}m%8!tdUFmFu>N_;bW~_8dr`L_EP3kX17vfh<;{i*!=c@{5b6C<)n{{Eu69{G z+%IoS#_AHwE2wK3%OI$Q;xh)4AaNj0awN6s9}q^Pw{Az4IZCQ7JvErwEB8M?;miD@ zrA|ZMvUCZYw&+Drw1<#5!4?m*57f}e&L*$#iA%4xaAGLckNIt89j`_&azdLkLmYOn z!UcnQQ&gbv9M?VC`hOhk;r$S#=+0Ep)-0lTJKxE+IZOi0x^+DJqxrcbK8^H3m+Q#~ zLEjR(D9<;4-c*-PMhGB#jpNqsu1U8W*7RUx`3!0GnQtW+la0QqYpJUgD`d=7%$LWZ zDNrI+$j`mD-`k&%c%2lptK@P%HCbJ8cchX3Xz^hoI@*}L-45~XoDImsBc8Qu5!u)B zaJg|ERO?kzxeLO2M$a1@c+0Z9JQ#F|5HDAC%T7)4Mvma%>RnID$FCXg}dV9rd*spcJwEQNhME$!7!3ql-JJp2i47HqVUM$jKXY9_SH)ivJO!Nr3{l~1lhC8 z-yBJNw&MVy59*jYnJRd~8a4WCJow1evTtmYQhox+X-1bmQ((S>7!C5Vu9PMYgXAB?saM za&vlo=>b--ThUs;5UOyiV@mNU#lpO;y?| zr6&y+Rc{MOH4q09zV4OzMJ&027-3uLm5di+>o-zD2kb{SGbKF)WH11jK=#fa_be+` zX^^|CHmzbL)9D*?W>Y^VEzSizQ%e@FA0TeD+&JYZj;4_+VVcv;(7kxs^k#+dD)GkZ zDD?)q&p09S0(e*pdoEsXDj34&chuK^_|Rb3*V!~#l#yauVZv7NV(;WYQvf;;GdOY_R@v{>ku-nx%T1Kjpgxw-9c)CFKV{6!7)R( ze^v*l=!?)eGyMpdE^F*|C};-pp0+fe>V2de?G=7EJlaU%5Z@QU1|%=T z&Lv|^CSjg_1R1EO;LJdUgROm^kUaTY3H@2Bqy-vb27fX^ri-@!6P%#!MzaOV#6?mC zrN^9$u+9M^x;zChz2DM^g!;O4WLja6w~H)Ozw}b8h+ik83X$)F!zQt;NZ&3rrO)9c zF<`J*Wbb1&jldp$?2)U6D@Ok%>DqJEoO9+lvl}BzM!pnxa-?{;P1tQNMSte4pst|q zFw%sgdHUmf5X@&#l4u;3%Kj^!{>f)UqY#tOqK}^2KfP~A9}Fs(o}@Otd8RdW<9@wp zBMH+NNqhFBoyZw;E-)lr^f+ivD&U@gdEvxPbqx2dFQ3`q2#@9G)(@bs1CH{w+1r^K z)9KuKZ_llY7jpW%_6mZpN5QDA0VzCfKZ&w;K=tsq$9L7T#wYfxTVD5;x+V47G(TCV zMAf|=b0Ck9_%VfOz@r4BCDH+7p06s?`r)K8XD+{g_Hu z@M!$*4PFQr^u)tBF(K;*I%x`A_dxiCp^E_m*5#4>o}H8+N4Dw?5z~{( zLId**QqOeH4bN|=EprOa6f$1F&&Cie-rCUce1N_{nQ_cep(SmcX77!GDlS@&g6s`h zOL}FQp`G=5*sGOPk*xhs?QUwlsc7+P!iw+{m4T#Ep9N5c5Of1YoBMBBx;J7xb_xf1A?sbgZykV|-rw~4jWXP3UWJDk&x!sJWbk8=kcFHf>V~H^mwfDnKhBBymv1C zo5DW5kzb9+R3%$RzZV?{30~E?=^R4o&6l#lrv&e;aKuE<+_uAINXR{8z8U>>5Ei2T z6@sbf~(;OmFY?fCG9XH*~ChAEHXA}=f zE4P?%H~$*k@|#m2BZ3i^{F^f&;)*Af9%YI@f$=W?q0{pY_=BcASlXJno~|ULDpq=M zC1s7vX??#%d2oA?Zxqx%f_7!ABD!VRwjB7!6x1pO-4z_A8V2Qbf^Cd?Bs2MLJRDFF zt@|JBeFs!iZMtp{5v3zdI#Q&A^iD*iiwH_@N|7cYy%Rv`O+Y|Eh|+tcOAWoMNEeWj zfYJmK5C{;$-E+^Gd;kB={AZmrch=mwbF!9uElsi^zWe*W_kG^-JSF4x_lXCXdel(h z72fDJ^A#oa!_(W7!4kaDPiBB~XCpB4#)fVW=NtF?m#H-;X^A#X%^n{s(X0sA2Qr^@m~x*;tm z2*^rMfC%3MffLx_{o>6Iw0plfy2JhIW~%ANM~#zqK|SS%0?ixE;fus%gOp|`PkuiT zPxu`=$Gbv46W%~h*k$&lhB%sg=0)w2i$Uj+Ysu_D7} z&Wt4rMWbiDmTIn|5i!}M+2&37T zpI5JbTuJS3v7hqZO#(AZZd-RYO*F#GUh;xeGmQ~ZUn51{VykfzZfmj1KdHBB*D{YS}{M~!zo_d*? z59GVo$5|#2ET(Zb+Y1B${6U^x*(aR9@xICGau;B5YBFs@A7D2M{b6e3(=%o*8ZUMH zif%XVaaS?D(Oza`PViJxduGsA;Ic@HNk{ATG0~j?jDw1%)w9e-jUO4FeKm25Q_@x% z{`gL3jVSN}v*4Sv9Xx3EHmmq2ItQ_>@R0|bR9=?NkP%fD-2OsTQsQ^ ziZU_yvFM9n_IIBS`L};zcvJUHvOMc5MrjQK?iXB$ge3S7%UQQyU0men&XyhHe)XJ7 zAndaSp$E&Gpvg%B)M(5BEIKeGv&TJliF9I{jRbWA7Et1RX?pRQtL-FbjFv=YDUWLw z*^Y|PXE`C4VoT$DKnGOay(uhdh=OAW-Is>TPo`Z{3IHkLlzP6GS#)09j*E|EIjBE{ zgx=yJe(5aB5i!RTH76M-by^xnr}2e?k8ouv4t^;Z=-mUR>%L<3sxjSrH|jbfMh#x- zCD#BwrTh==Y7%NXhg{zhyfFkb2Wz0<0~MnL{$Rw<+D!&x%i0+!mGAQ8%EN1S$+ z!YUOHNENjO-Z<4P`r665AugC`4`x_aVj>Ny#v@3@3G>zLPmaPo*pUu546XuuW`)*7Gvgt$C9b z?ueUR?;C=315jhZR}iA~*lUR}tO9Dk_pm9u()Y`~+DbARJ&7x0Y#M}4LY^R{+hqfP zI(7$+a1yAse#(Rnl1W7xPakrcuA9#C)v(f-)uhY19|c|xWYJwo^R%m0-T*H=QgoX@ zuJyRb8;`p{SrjdKl2YgouHbhT#0Z$o}XX37lZOXkcUrFT~RqvB5I=_`fjeC zazn>ejYRyOR_BhMS@wT5ZFm*Ke7hCX3bd{)QF*gIF!&-F66h*EpgAS9PxKMJQA!`c zwMekH@Cu~4dR10HE#$c*)wkX+7V5SAD`ZK8{A|l8=UW%T%5M^b033-1a1hBRl*B!l zaOKR}bgE6i7zlaWT<;xXbK>L8bq%h)U3$T|moMh35>RF4KJY1!p9o|*`i;netphNZA-fRD=rbE<+~gxeM_YS;(3mY5E6 z*7#rG;@g{5B}!K}p@zQxwP7_6jM;4G#BEvScbj{#UOF^An^ z%aE%k7IO>EZnZ4~-l~Kb^KbeVro1HB^wd+cQQFDRzUIc|=*DGg`xporUL`;Cmn1;L zJMW+dF%3uwl(!{ibb)q^g_}fQ&GxTcPWPSXsuz*8 zj#}i2Sd@zUpJ3wFAz?UBbsg|kRzQt*!xODUW`Zp}r{#&0>(2xqj7!PH8AVvv+_LqL zeJI3o92t?)y&^00whm}>Jb=Z_X~YLRI8{31u0HRxx)Gvt??a6{=VplfMgM#e=9j5i zq>qwHFAs7+-#h&EbYWt!amfhE9LXDo^+F~-(4VeX2ogMFFqn2%wa{}rx~lj^ah^ay zN9#S6?8AdjDO*fri8Gj5(FuKYClMAbh0r5`*vx%kcdxAspE5fH<~fv)V~Z! z2Ayh+@u&l1iwT$QAHP)Dyu7Q$;?cv@MXk5||S>Xky=9Z;ht(fx4LYbcA${+!Ze zrm99j=1&5ig_uTLWiz*94J)F+16qQ8>%Qb;5y+);(AJ9eIcVI(8Qz;rh2{GaDr^FD zQ}(=9XV;u9#zY-k{rHq+Z!_I-uRoT@@+0y#>7($J6ljS6I!{|&nsj@brehfUt}zdJdDhLoDKTPO7oZPh3CGH^n;Hm| z^F1VZNCuJx8GQLIfe-N->ruaGG@Slm;SLarC$xYggAuqqK zh3hl@ss1=FzL;K)Y3d54!=x`KCj{ycVIZZLKnU4D2vL0*QJVSZT`I>zVznnk4Bv5A z1IcFQ9uCT6r%_%XBss$#VC%3G6qtwo=jtj@w@ZI^_P-(09}6a z{T3(vuQ!&jaeg$sGH^Yd?VDdj2Pc+c`XEFGC|>KaNVg;X<3=4yLZZ-;pExyoE=KW$ z6$~+Uii>f)q~uYBeyP6`OD{Xg$wy$Q4kCO@*dQOKERBLC1C*Ew0}$$9Fq$6mtA45> zt4*WWLQ-5a^QBed=Nek05%o?Hg~nU!PCy!8nHEz3Xt>)~uL=#K<6HI-Plnw%$O z4kIhyp`Q(2AzHCmV@b=4>-E?Rz6YUz_fgKV-)Y#dKeKWbRY$E@Rt&JNW(=*4NKZ6; z)K*7-X(aisDSJBXc)dCH?T1AB#C}GWO9o0^%adV51P>okfLKcj5!O*`Vwme5$TOMV zj+^L@z_tA=#cXawDSg#9Bh5m(FX}UmTTQQw^ul)1_MUyk`YtI}Y`RSW8HJ`>N<28T zxg-JUZ9MS_Qu(oV?LPQ9ShQGh#t}eQKqmcI9!7c&`dSfm4l2llp5FPk;F5yTLkK4% z()iCCYr31tdKAyPW^XyMQjkEOT~=fQC=Wmp)6O8MYXZ^LJodHWguwG4^PK?O+}BO5Z1< zH^#y|(JzEuVak0M)O*#BJk_q8-hC0g6hx@>{MyV6b3c$k4nmi8Tz8(xaVPfQ?a9#4 zow|6H)F=C!$Y9p(on&v0n?&m3vRlcu0{qJnKW;?*kj#+YOnUd~Oa*{2G|!Rt1Cf%W zan|)BSx!I9FaRBq?nIls$W(zjtVSKE)jA69HOE9)P`=8I^rX!L*y z6up2eD1_Unv3ArxfVHS_hP>u+-HZ835AshPHPrJF7yu73a#rZEDm)Dld6n`_G-gUp2sv((DFhn2R zWKWc)$Xd83t|S2DIo34MZqHE)E5u2zq1P8iY)de?LQ=w_2HE`FNvrdB3=pL1mBF3c zM;`Ny--*K;F!5EvV!)6odo2Bz8@WMf_I?J54f0YhYL~~)NQJ-Ea5y}QtGpfNmHt%x z4LiITIM#1lsHc{{f5xf`8X4qL8nAtEpSTZx8CX5x2ADF3=>AMAVN7^6*F3q=-t?v% zZSB<|XBbJJTNq)z14nRk*SyuivS?Jxz;h|B16EZawvFY={?;knpp~I%YcsrP6GlLB zA$_!f=^zdWGpi_Z_v(6~hx}%c^RDtD~ztxfcl79;V-EjH>?aewWtZtxXJ zjC&>Y-iOH@5g*=$GzFwibg#hdnzDAW*Wm7FmvxfgFvvB-82vNmyEaL-sFYGxH{h>y$t)O`WuQTcl4W!yCv&16dW|Qlu3(drESbE!kD5l~mC^Mn zXe8I$?Pirz`ghrjr0G{Yn6%5gI(^6pML80VSQA0Pgf3_XGmI^2v=@9;_^qz|5fYpr z;xNv9U!8Nhdzs$6+2+>gE;^G)(3-$kds&4%5FA5SZEgKkWkn&G9+>9SO`Oh_(m6H% zFeuTzX|P~Mm$b+s5&kAT9iT$*SkDgwgT0sHnWQsM!4_E7wy5ul{uzGCj7(G!s?YYn zNpvR^^55<--{tkw4}X(z+Mk7b&?~l)$CBW`Vm0KmDNGgf*T@;E0L z-=(TRoI)$!-ySZMfMw9GhJQ$brq^_u1Drq*q7Ev5Tdn3iQ3@9;#VOGP#$9)gpyZzw zTC6%ctDJR;t!(1u#u1wKgR*CrGZwF8%VbNYnozlmz){o ztHYO*8J1kwq|rR-y?$l~y~a9aH^2HR8t9S?P$eKzR7QuJh3l!mU|P0J&fehITyP@L z-no)^m|J31Bb1_9CW}^v?4x+=GmnP&4;SgF!&4?hv;arWkLu|MUldWaF2-c`v&jLM zQb($wxv4{KThjQrOVro*v)!)KvQaLO&R_Y&g@F3rR|N^3G%M6~XmCp#}#`li@oOL>3m*rQfp z;4)J-qf?v8R&L+eX|0KFhwGC>Lo#ho0Vetm>Q_eX$CG&rfxE9~DQCZkEu}$od@l)R z&fs{-WlWpD)C&_onAxc`H2XQLuK2-^EK+FTN3b`@YeMcK#Seh$Fyb8aaNKf)-LS`3L$GqXMlxev5kf;8G59bI`ZuRwv39e|8hNjZZ}9r zGyPMyg~;q9e~g{aMQrB^$U*MfXSHV;=O9KKVe%gZh$;uYu^m7dqZ} zWBH5-nSrbz^;1RmQm1JddKtf^IsLn6sq9!S$4-H8Pg2Pjkrp0lLxkB2sOokIl2vZE zft77nE#-;h^y0qz>p{?UR7sdu0-Go0y8D(XUq3*1fnOT#tnQ4 zQioW?+Q#4CQ4{(&0ODIs4FSPuGglto(JD3Z2cYEGI~!P;21(4|gNV(_&h%??+zEbt zK|Wr7bHWE_ZH?}soQ+vbGI4xV{KgllQ?=HV>jixXWsK1M(BiJQmh)Z0KiN3in(8Ao z-*=caf46(~_4=(%`BTGDI{#vJl7ZqOsmdnnIkOi`fiX3wjZk0KT8&}p{Uk?a+B#`@ z-B?JPR-PPEA@KF*TU&jOTk=9o<8wmW^=6hD-fa%TY#!K?vA1kjkjc#ci#;ospyW}R z<(~@YO)Yv)f^R4_joWR1xC?FRSY?xc7z%C);a$;t-e&DVzS8Gfuyp6?_NyVGx_g&3 zy9pbh9w56g`Bjpm<9bKl>FtAlaC>7ULO*GA2HKyxrrOvt{qtZ5JY!mre?j7?>*89I zS+yNkB5J1h^+CHg#>Hr?ft=)QMZ&yjv($9V^WL;U=pzDd@8x}f>#BoWBOhQ4M!u8df zYsAE|Csel(#w%tPPO%jm9Sqa%uKF?yBeYuI=MRQ=gk)+H=m&-gwx-)TM|yNz{YtI% zJl1qedpWb(8t!g0t8}BD394$2Rn;eQDzTAWvo*GQ{drGo1zm7U(Pf1=QK~GIA@@P& z?E{`Eu0+ISRYX}Wsif&Xp(km?*fQbs?4p&D@!$ZI?fq!LAs^hSQLi(t3Z9JnfymI* z9!|Jo+4@=2UA5oCs;%Q{EgOR}{Sqz-67PN{xi9Z9vsmAdcy-BS462sf*t^A)26UlR z*gqb?UdndVkgCSiX`)18i|6}Xe1arv2HYP%eyX^Yb(@cHm*r&v^XoTfTIGxMn8Zu) z@}}qm-5Y?u($vLJPxB>pP}U_+TOV#|vCp@56P8yh<>~6Sj7}zU$IZ=i{9nNqhU6Xv zU8PV?FFgbzIM&IR{rjpZED3L0+?KbW+S&Q^-FvQBVu-2bnB4ibOX=@tI5XW9XK7*D zulUO6bhz+ME9G6X!@+_+HpLtRjCBywo!D&glhi`hN3m<^20@I$W#AAFUeN7jn#9@V zgt%WWIppfbwywd#hDn-9MBJyTy{o5FYCReo}Ro@y*iBe(LHxiW5n6MrD^;Pm~PM~@9lqI zBgXknsP)RHun6F_JfAwl=D+kV`akBa|LubmI;w!0!ejG>$ajECdS5j+XP)&IAiBLJ zP&IneSYc?ic4ltK!H-eEsg3BJx&Uy7sm1w6Fe^|^`(APe#HwS7mQuRbi6`llkpOY8 z>8t3`}$qW{8p)$b{7eqYzXzlXQS|Eo3d_Z$0r zOL;zn_pbjsr#Rjt|8qXezoU2kg7>a?&-4Gv^Za-Cy?%!7IWHt*nHntwlhw@lwX&@5wfl9`y}9_({s@K>T(_b@28zi<=$JKq3hTR zE5~*-`iduBK&tqSCFG0HIcRAY*PV>HCjwumhwL5!&G44QhpzA=h&H$mPzPu|(LaTM z2bh{Z1|G?sgMRxt4J9clE2W%2|&4+0uCO&w0oW?o}xM7QDsq3kJVm{`aYZKQ8d6CEi)!eI-6r zz(-2>KoK7&<6#0GCE;-;9#-SC3izbT|4KdKK_VU`;z1%FB;r9L9wg#HA|52-K_VU` z;z1%FB;r9L9wg#H;=i?L;4v~DBjYjhe@~437BgUwd)If)F-dhS&vID#t-#uT^}n}k zX=YGeAJo@I;jBNJ9f{W~@ITVx{a~~IO)k|~>FY@l#nf1wbE$s#z0$PS55VAL*>Aau zfA{wyRwsT9Gtl|O-_n5kC-PVPg|`8I4gB#M0CtzQ{^Wh)^S?zmE&un_w7=WA`1knm z_Q0ig+04?zRr-gLIn$Oa!B&I8_MlMlwc65`26N5L>zf((N-YYAmR2 zK!~K1!g%TA^t0e^e~{$wZfrHuA?DHNpfDB~{NU(~F_tHr9Sd}mugaW*kdFVyy}tGOqZCWYSkU*7 za}cZz2}cNhIR~w+orA8!&p|XAzq{F`AwS9A7YkV?7Ti4xS))4#U3n6H4g!OZ$$>WY zZ1C^zwXCA`>S+SV`ayEmkgZ)=*zYU_5FP#Q=55D(w7#>#RVKp9B<6$)(R{uAK)q2T& z@+=9|ZehHq!^2?lx5oDRx@0oc^$+p~6K)ztsbI-P{%4N>>7RNP_EK9ukQGv?s}OU< z`FNS#J_C9e?vGQ)Mor&w3}15|Zf!gx@@{t;GL0bN%P+j}AIe1h&Ajt7#FwX@lz#*C zMw}fvehui0%{HLi{gKRq zK~nvzf+|2I0?#|I|If))j^~j7*Lg1gfAY>-1)%+UPckEvY5gbq1Njm*nTVqsEDgTg zEkf@9+_ukF+Puu;$1ylKxN98)p#ZzVFnoG_^9r9d5YUKvIJMcvUZsqL$@+w%hxW>| z+e^-bzKhQ&ZgDB8JE^^I2HG^$Lb)M5>X0r&@cOH+b5Mj9mgN;z{=J*cr(9~Z5B~}ux{ZHMubJ@+ zMVWF;o#m^p;`K%u`NY-ogzv)JTu%0n%1Om87cO7WQ@O?LZ5)lga`vu+DReB4ZBkJW z)xEj7*>ku3l&HtjT&eB~wmy@UtWA$TH5koh|m9Ti1z=>B60pR+l=R+8%Jm` zu6KzFve6NU1zMRS6wX0IJm|HvglFfV4Nl|rwZHfj&}AJFgqvk220wukUHl9o&x8!_teMgV+z-ih@f)mdl`*!H7q=&r7H`8>oO5SeU4>K3PSke8}`yQK~>t zaM|l~kS~o@^Ev1u4$}l^*ZLh=qpA+RE&5gFRf%sa$hnNfN&`*Gv?bCy%}@6z}KI)z6Jf~c+T$_~pn_t5O`>sr2k?O(8Q z31|NFY%2_qm`$e{#f#{Zy)8yx`MgdZwiQRNhEAQdiGdZqMF<5#m+Cr#Z&ICXkR`LH2m| z_a*Ti+#5sRRgvJRlf1V!=b$`s-I77OnA3q9t4aZ^y1aA+w~~x+0ed0_H=142HH4Gg zdf=?gK0#yrVa(Ngemy_L;AC^|8ZV@-%U$x_OX2PdKR3%m(H7OA0r7vb_}xwAhd2_n zwh3g^`;=z%92BbC4a2FyQsB$k?6t5+WjU)YFtsv&rxcV7W3VACxj^sh<)U07URXOK zeu1taNh;ym@zo6Gu7^FLYyLUQ#9i#y{N1cCW1e@m5cQ`C=~9JDVjl0Mw|1ii6ourY z6Vt<2shk>Ue=^mwM?lz>>2Y5|>Hjn|frxsaoj^^eGh)nUxSdcy0f9N#DK}I5$poQNG@lAHL8eVkF(U zeg)aVaRv*S6Fb$SXO zN*rdQU{O-m5$x0liF%sv+u)5T-{#c?Jy+Vgf$v{G57nw0j5Ne@5kDWyAJU}kfqm6E zT){Y;3S*Vf#4m!~^IckUr>iQ@K~AbS(pl^JYtHic8sSh6(n|}BiWhDM&g>3!!Q%qi z`$wY!8Tv%Y=N4w2TCn1}?nHa}-#7;ZyH#Tr?+|<2C5Wxi9eV(KKMfWA0;`5{=$EnL z81vq~=ZL*$t0gMT`N2o8W=ce!O zqo=IX@ZnUIOt}cUuKC@M=$Q&5%b0@9BXc$>bOnyY@>BuKF|*UgYjYBv;1k5i#9TCX z^+tVD`W15KZ=bjwKbAcIeg&j>^)g2QECRAz1qsd2{o=Re$0(P-io0j#us@xIwM}3L5cPFr_$dyV9lZ=ieg|s5I3%nUM>WCKx z+SL|Ai61LzsR%}aA)AqGVf4H=quc4fW7j`H#{=tW$}L-}<}n+~1~O z&et58+ZrIgNSUs1spLyGeQSX~RJ|6>5bgeGvc6sW@=le=_8T2C)bP8Mv6<`X;e(tF zE-R3)$%hb3`l&RQ4~kgp)uY-tSw0QUY^2)gHj3)vz5gWAKFiiY{S_lR z9i<20Ej9lzU-n0NH2mv-Rbduy$KOcu{y$hF6r8_T4*m!rHZFBwH@hvJh_pN&Z{hv3 zz)RhKoOCJ$#16;*QQ~R(E7tW6*qo)_bI>VGu*x~8_;_ni19!y*rHUZ#14o5QOyamO zU=1|SLPjes{l2qN$~Q%QW;>fWi>tIXylf383#aOkp?0j^IjBaam;J;&4=#HST249# z?P&!EoP%sxz$cpNE(n_-XaJ;#9XA5`rK2baxY9u|CVL&r3mh1PDE1g(MbqU`kUvCi z`YBn|+{th^pWAiuf;*?Ix41kN_y_K5!k*?A|9rw8i^hroPDV=f>sTB8EDT^W6 ziu%j(kQdNeBlxoD6%jNd8MJ9+Cw`6}8SmWbb^OTnnqP>~o9$$5Q)M!i2pp6Nck~IBcG<_I~-M^_1s}aBM2z!}o>9zuk!6;olYOE3_-klW|Bk4})U(8%;lO;k;hnwf-&|>6U`r!Tf3J5*d z2yvmD-$xw%{8YJNMORak+^>B71Jt*yc+RS-)v56jd!Fes9x4GgaSx|4pgjYf8FJ;bo0 zY3|ml3imBVN`1Jl#wg6)_&^{`NsHq_$i?K(dKj)HY>FropolaH`4zVaH*C{IwA1t} zvrb}pk>+n>A2w83U3i^lj)cdwoeX#0egmVI@)L;-VCIVfy4p3RzBG|MzR*do|x|(m|=x zt5m*gp6^-pwt0}?$VDa$KXL?~Kvw!UE!s^Vq#lcj!C+mB@=Q@tuZ`D*?gfh)BWbXu2eajrEgJpf6<*fJ>YS$y9^|O zQvNVY@Yga2_}Bh2n}WB=KZQ+L?)<*4mh~K`o@kC+fd8`e?kV!tE6K+uysXz(dvY`X z4~QcEOrG#J(fjVjfG>irgJw3=sOnoA3tu1|z?IMr)k*~H%E`cI;i$CrrW1{MMHu)e(8>^w*blBkALq!p&A0p6GDn;3mKLtgw=(XP{Cs{Y z4(Z{?N>Ae0&OzNkfOAFTFsWI&?r`)y#Njy9r=bC!{{1X}%~yG})fb)nb-rJ3%3EL6 zZz>!$lLWUpK$mRWBY^lY9!Epya2EAc3vjx1ic7MyT)fzjvodM-1?Yirg5M~+C)MSy zRVFjOr<8-D3G67XB{ED}{{&`qc_zUQb;mE0+~YE1Yp6OM zNQU3?okkz}oIyo8sIesMM9SB&T(-L0bNwww7@Z*VPTu30Z zJCjqBxiJ-KiyrNVqO>r-;IvxEnzg^oJ1YHR{a`feyKObAjp+cvkSzcB4w8xGACJS>k39apgn zIO;wJMJ^I!WR|PIfE9W^Nh^t}PrUk>sO7|+(i~v_5<9NFmhnVRNftz~E~$V25BKgL z?P>h$cw(S`(ltOB^E(gabrUi;RsorB!o^p=_O6cob6ZGd{~tCN6jbr>ZSoQRO>A1_ zP2kPBDnoPVf$PJtlI7iF24V0v442@%QIUo6!^USo4*@`+F6BKX6)Lm&P?;9^7Eb`p zWZJ({zQwH&-!**>7Zcpu+jg}2GS z*c$jdHgrw@!*bz!qT32c=86!n&JNNksR|gmzh19#CV$nYFYLSY*E>)6?tVQRZ?^pa z&14rNdKhOD`gzRX>PQO>{dtDG;(hv}HO~Bl$nNTg2`Od?T(e2}UDKrmHscR-T_%CB zUN}>*c(m0Rjv-j9#uR~;*E}3wQe$?)*~uN7X*@EpSiVmB^5X}N?BnMvl;Ocrr;5sH zE8ypW?LZOMa?=O}i#FP>7H*JzgWY_bl6||K;K>vHmzSmmT#9pi_02->4jZ+9opm{EG~1NV`hYTpu~QK3G70BfN}@dMe$>li=`TnyS9jjTUlCR`&RFkYl3E9klN5 z^I&#Fl}mqiMk)b-s%zfvzpHyPy0g%~@`JoYFu~#b=jBc_>p9+TV+d)3b?lsO`u4b^ zXC+hKtKk%9`cy_EX;bRg;Z43jS0mmYkr9)hidcVj`h+I!G3!NZAYI()on_48hF)Zt zKpnNB0>tQzxl%8AVO3?9C?uE|RE>12b zmN<2@bNRVex4`E7g{Oy*SZfxnC~Ce_-nf_f1MlS1hLT2e*{ZlJ+~%*%d?2sG>p54U z2E>75=+VA2%C2nUXsNGN4pVT1Kzm*7gz&cZ6&{yKQD$r}`G-#BpGqzWSQNdVHKR{5 zNiZ||;l1mafI^oq&WNr#hm^VD1$9W=MaN;Nq3muVB*L$yq}M&hnzD_$`pzsyw`5bV zwBmWwc8UeFxi?!ew+W+Od85Kqi7T14 z)1sU5q#J2UBNVZfbhi{**cb@q)*hWz)mQ2Ctn@KaMg;4WJNXV;KWJ@geBf^1#4|b6 z>QXDhh>kSm$k3t=xpsGCFV){1$JRy9otfOi)ZsYZZZxt za%Hb<(idApRgGr@@-k)mMhVTa(t2@wORgwvM)!B_fnAfd`r9;$pMDUseLGtY=)BRU zzIE6z;T^)?uuFqs@0}CL@n8&*-rV`hZJd}ma?LhU-DiYXsPKYU-0_C3JH~c5x+V9U zs8^wrvVeKJ8IQqnjrn|Ea8izrd;;4QF7yfMVIk%@>gYa(x_sW;g`Vj}OJ_aPQ=|O> z!NDy>Pxt$UFH7Te*g&TxsRYii9#*+*ia5CBwU!0Dppp^;mJ<~o#2qR?*(!BQgq|J8 zGG^Hb+<4T(GF+}5HSi$vM|)^nU02{*l;r3o45i*QtkTte_g4<>#N*}+$-Drf`o}Lw zRwZtd5zL=0E5sehuchkP-U+^fX4l5llwch(?iHBbUiwUFF2D}4G8U|Z$9(r3zXT`%EvyOY~!k0bPPNzPD2Q?3VmBN?_!$`=i*ASH+T zgeyjnpq}EsK=<@<ylv~Zu&7zdGal){>f1{aey+7zkt@Y zR(P~`@e|urt@?QGyw!26HYNuFk8B}v3FVNudql(2ke---MPyfmWm$vFE^(llJB+v) zRJXi~O$A?sd~GfS+QYaF_mj63C~DYymm;$h8=D!TwlmfYnxc(9H0XQ~g7Ij!HKy?N zI(+Oj6jJ}lfMfbBW>EG-dYhF}7nQk9TH>P2_a5aJkCmwMmw7Nv$a>R-D&W~dIwK#f zpSxe#pk32qM}X36c`1&`JsxX~gkOvoOavRCiavVW%Ovvfpq)?fQmap^Nmun6Bx~NX zmhzwPToiJr!3c~Zqx(sjb6(5{i`KhDV%p(R{sMOqmR=*g>Ur*P&O?0T=gB zxrfgHGIfbKcRu>|yAHFxZQgD+PU~6T{!pP;G)PhA_+)CU_tsfeMOk(NVnara#vU6# znCkK!!BkSB5sh=LSo;ZAMWz#h`B552dUw|Lrc|z=C)b-YRbCH=w>5$6rUagCt&2FZ zt6^_r_LrBU1FfSPwx*!>$FX`hgsUsVQj9p`Invz8x}KAPB(m4MDd%K#JJ3m4%jY0k zjIkB!Rm&FbxSLeG2brH_GC#HpZdwkj-+1l z4Q?jX_ib5c+6>GDQeg3O8om8fl86%Pb@|0uPK{D0`NB}ckDU4~GK669o9oXgOS=pf z8?42#^q7pf@mZ^j+$C=ZSy`NMRqDmA1&jscmoYlbeMH zyo%G&QEgm^-OK)N^WDm<^`|$|9Ftk3adxTOT8z0-$Bb{jzs@r`s7{TOd;Qb@M?1n6 zwTn<&iVCI0*i0BjP0P^>Up)-qj`DZo7Jc^Oqn#5eu_yIw!Z(Ctdi@<-UnHUQj!hjj z7;BVfp*uZLNL|weXwBz}4-tgAQ zRXtB#2TVn`6$`o}+5<64_f@TQV@7tLBa(EB@ZU+ z&p~n`7uB^mIZgKHp7*XVhxI<|;dtpUH8ZCBS$Cnv^r>N8ZNvMz=lAMjZ5kV6ugCGQ z3#f+)l(L198HX=~4li90m5Q1!LiM@`4y{Rwefy^I)Eek)F-Uzu3Ppf;pW1Xp?1O0g?V<&M*Ae>-xcJ6UCpEdn1A(9v!Bp ztB;x$RGy050}WO0#qmooRz6mvHNeY0{6RJUpS0?Oe_sFldHww=U|;@Gc{zLq3||5K z?^pr-yH>#dp>v1$3fI5RXg>Z~{^y_N-?8fT51RnNdsn=7#d}v^K&$yRc-3(VzC8~R zZ_M14H@&Gsu``E^j^+T28q96U2kalVa7&8?E23CIcZ|{809JVSm=-<; zsRysD;X-ZpAS)9`=b$YtycvUShTS{|CAb2!e85$%a}M%gKe-G{Ecsy}5U5D|8y>k9 zDraGsW5%l$o*>tc2WjV^68D9mJR^ZZI;RpIluVTdt0-JxO!UOR!JHT?0H4#r#b@Ho zr zR-l;arDK3kAgLX^JcAYE#R}!J7)JbmC~MGvlmyYzSI456KJ=Oh{7sQ!FGf@nEcuM z^JE(8LsFNV%pOaxC8WN~`NZNC%cY9ln(Cm$eLV*ehu*}*=@FS}mHIpMuFo^5q3K#? zEk7>XX9#I=DiD1B)P2{h3AD1RN4N>E_Z!HC^qJ}XL?DH^5Pm(d=$7Z}*}{d=`h%IN z^Q)J9_qcieFKCRCaO*d!e;ep*7}<@nX220(H82fm@O>?1F6?!*W$K1mQA2xs;b8?` zug9mS+)YV9`82^U*%w*;+=)?cX?DQIZFFWgeu*uV4NHXs3ZXCdf=VF>u2vU8_B!+W z(_+gk^7_PrHJ0q&vv)Y&U|ozkqDs&RW4){cWwW;0^f0rSGiQ`=C#<01x}5Uu(j$fd zW*RxSPMjI;8xyJjj1EQ&of_iuU_X?@)TzTQ&+fwbr^3d@SD)P3zSy7Xi73iP|$!)KNY&*u<&9b9tkFSf-9p-yVK}P+0~E*y=heK&!r0p-h<4EWByuwJ#_U!>MtbAC~hJjXv&Mi?YvtkJQ=AxtSwIg!;*<1ov_uiVv z`fz{vKt=q}DFbxZA&R0@l^>KWrgsVJiwQZ^Z~6&Cz~i&`os?y2%*%XS%Ixy?<`!&H zcN|_QmJGFkpQMUPOB)O?=Xo>;m{}n{hA!$`r$Xy0q14KkadYxVKaVRg0}s%~(IWL_ zqFk=`{9Z-h)bL}OxAWWkZqerUFl^-q*G}YdO{k*3@yc4SD4joSCAl9=6|6ii?4}4K z*-&PS!{m1}9^OSR^4}LPf9Lr%Rl_zSuDm{o;|Ca03LDa!eSVmLX+XlBL#_q$6gp4% z&-bzsyw7td*-EBO4k}f>*=$nixJE8i9mSKuoo=SS$Q8UyatubmV!bI@9I0Fa&q3Sd z$mC1G=BGgnmY&F;j$2HhpLGOYGGw#n*4zxQ&9hp{j#S%v_5#tQV_Z2)htk$mJFU+!AODZ2VC#%{v0?9#MR6iDmZWR~lj{AHGRp4<^^hssJ+G4%&ek)QhK9IeO zk^!UI3nsux`a=i&hP=)}bV5vFExO7+>d69So~7JcQ3qXD={g^CJY_mrIjjQKMMPRDETQIYj5s z3lg(*5tv|7@;eNg3VvLMf%VJ;nlGx)y&2_S`~s|xca}>d>3)iC_rsQVfc0@NBPUwy zWJ)cR8TZ)=gef`I@&~ACA`if^p*&xLMc-|H656u&;nMw6iIU%)DrM<=lw{(Fy0U@x zsvSSO77plaqgLi#2hIY{(2tO-4X02V@QZ|*z$fp5_jEkJn2)lM?+@g6&>j(B&NTM|?mO?OXGYjgiP2(O`1ZqU z98i|&bu~nKK<4TVX0Ki*3@XTfmDo^z^zys#CPEhOKa)p#Sw!I_$rNE=QN81>npe9U zg6ECCsVxjR*iFZzwa#(k&ZWH+jl5>z@DA#6W_=PU?5=nI3o;L94g&+G`CmgE20q)( z>m3*?yaT3NHLBw6bcU4zC}KJlwNsmI9I%38j9U4O&fMAg=<%~X-5@qbBmDVIe*2w- z(v(z%FQlYDbkYYsAmZss@UNUZ6f0^b(zP;zrcF(x$xsXkF6l~?Th8LO&7LcUl6A2g z>GHlDZ$1!z3=NG0P}+C2{l__t?PF?)j6ERnwlky)?tMKvn%`>oc7kCQ+wl3H=yAo5 zqZwB{o!&wipP{{1UOJ>u>+%z%XxtnPc1UO7k3@PMyxv}NnMV&F_|^>09Y9CE`@XXR zX1|?~P%taShRg`-!l9yTCqi(g9-d}vqvq-Eto1R49N%v-EmS!kv9Hb_Kqc@3qU+sY z5mNOGjkzD+aI2=d(a7G_Ve*2~M;nc(y4t2MZk|u14}{KIvxnYfykWKddQ90DRK3VU z&DCKdZP|&7;FA*76s;^=IzAQ=g(+_txdj#zb4%zY$W}XGywM6OjsnFGt~|nrG$ef(hig5CR>1CU zTF*EiGs`qtMqiDwScDw8u8ECN2Kqy-Y7(YD1R&B$Jh-H;${3 zd8gLOR6j5X-7}uO{GGwu=V4I{+O0B7hkfP=el&&>n7e@~P+B$iP~Ubm013@sI(4Ma zn7>o`@(&A65Ba@9S?Of$u?!R^EBvg8mK?u?#| ziPJu{s1qbe8<`eY8K+&QaGJ!}@=t2-_&uQ$qTP_On*3ZOKzXrsz7t$42gqKC zdpLC=I0$VqpEeT>631C;4+_t#zzd~?E?qg&^chA3ky?7u)sLvL+Sk0yd#rR=v#o=J z*|=H0W#vw;9LT0J7dSfYJ6?Q3lOB{hpN?Vt3aPb7uf&!@qZXCFwJ~$N3~2Tw+3Oq| zt!Ce!l#Lrqm(sR#%ydvv3OM4*R!pGA2wRQ4Od)Trpkg2#G@*^LO*E(Wts)p=+T}^a z-Yz%2>bb!Scl!L|PxLb}pKMytTtRn~1EO2HcQl~cV&oA^TICuucM|ZwX zt%xu1KgD^yau^j&6Cb0g0vnHpiU=`^*)4zUuz*oQ?ScwUpVQ&ZL=V=&LW*u^cb9R= zI-p*kZxDWiWU~x;^@k3Be<|`RxNFNmZCJ~k%usmo{WH74`li692;v863I7NYH>p$@ zz0jSkt=Wr+D$*fty$cl4@AZd{lVbAGjp0CcQEUEHqD?ryM{0yWT6=R8?RCGg7h@J} z7zs2R=VVYhZ65ob7<$_-Xylt z#SK9J3&QMvRi`LeJf+aRCqHt_bpKJhVMW%J{0l{gJ|CZ(pUx1CB%;DVb%EVtj6?}S zWj7n*sIHQebj#cxWYCP34U!fJpL(QPBQ_x@9QdqiP%`35-_?QiwvF@lqchD41V?Zv zNJNhM9z-la#^uP0tI_(Q{4A!ynsbQuPhRk{y@kekHuBA*>$E+WrL5+q1W+xi7b=YC zqH&Q>%NrGb!zK?VA@>OP@(UPZjr{6Vdm2?vPH%W`h}3+rFMRbVbXH+5;PDXRi&eY_ zM7&M>CrHo_8ulXo&k#YXMG5AxrA$(DvO5FOyl|Nk3Mci0 zztNnF|5czpgS&X$#v}&RR@wDpAEoLUlke0fiO>z~4Evyj5U2Z!X-gP^Fp-``iD+0a zOS#*o>4M|oJxwr%hnh8h7qQDkDUWW%TE{+3{gTb@bjTmuhbJbhvC$iUix`?g&((X| zhJ0LY7}ZP>F3OY&44hBD)~|jfN4Nuu(*aZ4>MCCW@^rnWSYxo+xMKPyZaPTN)>iSA z>d-VHD7r+g>;wG=)|SB+YiHRXH#iZwV=1vD@g*Lx>*%~E*mc;h_XR2ru8Fh18eDv@ zNG&xb&JfCNpClbFpSGMT`{Z)UJ=_V5KsISZ?o|<~5LY^yh^&oRdnb`Op^N`R_p)tH ziRfcC@7S2g3o|pAlz^uNiD7;v8Pu|nMCqImEzI7R@9IH|)pAs1n*z)i_a(iB zz_SAB+vA3*_6ca3zZbYW_F-}a^;qz}qqN=a&8l>n+dfwtExwP8^a*GQL~_VT)+$17)F525|&a~^PwUPkmUcCLXP ziYxm#Flb!;hh?-ViIHfZ-PauTl5)1dZJHa9H?BuNMVUAHh`wZhw4ikqC;W~zGSzeZ zWU=xvoSU=m)ZO@u+>C(0m-MaWt)03CK z{wNLp#&Z<~9k9Gqz^Utxs@?{3P2d`OL9++Fi)vH96|c@1wgfBMc!74(vt`3iXHETZ z7p9lCGFZDdRJ_$Og6k^u`Y?ouh0Bu;@dqm!<+uca4xR;Le=JM!_HSh$uW#p#6oz6s zQEi&nDM>fB97Z8A;LjW#v%iz#k(}yXI8U#+R{9D|Za7QA=gs*a=p@apq{Wm~FVWvF zzbohEW4Nw}auyw#mGBlmQQM6if9mIsvyNa{AiI?IIJY54Hibj1WJ;tJw08JhMxB$i2{-Ns$dESoz-3WFqn7wf! zhPdIk<&SoUx)@rlrlecMNIx3+@Z50S|EfY`Q_{j!1;U;owG1H*gAh;F5+*U(_N2BI z+l_L>PRrPlDTLb)#P;HTO-}qa zb{tsSwJDcQ+&7rYJE`wWlwM~CNf5& zMf^jlZXpZIi+>@dFg&Os{fYN=&XoATtv)a>VtlD~uN%w<7bB?`z}4D386l+R6p{J& zI{J|w?p)=|ut#q+Glj2B4r$V(pTI_#M@NzMXh6DR1sR59)z;!gbNZtNNxl!Jd3Mq< zT|%eZ%K2K?u9OdIy|Hl$>XHpU*)yWiXlC`WeRY<)Fj2|yp$N0|XpX(dkJp1e zP&}jz18OPSl`3aARasW%&*m_8ai@IuNvueOr{01=y4s_PGpS6EV3$jXPEEhiFVXJT zw0Zz(NLRqr#Pw~he0fEyVo@D=Gr_x(7i(NRE6F5ea(w?s6}gQPq7He3JmarmFG4$` zNhq>v^Gu)C;csrr{2~=amY=232_I=*Crx216K&Datw_SbN?>%G_-2Bic^5__jQxX5 z`I|eT1*o5d=4YqFJy}zmEM1^)g&XdWS>DoK7FULXmr+PDZ5u)`mWIxS&6v{`CgEa8 zzJjYQj0cs^y!hfdlwY&&)ALZa>8p1ZSt6Ydsm|vbTa=5u^J35I{qrTy!^*@~bI)bu zDbmZ{jJP&7dZX6K9}d~+BLZ&|uieCjUj3wSw1%JQfwIG`s%H?Aa1Rm{XTku(t!?_| zZDgrk&79blI>UN9&h5RWN_TOhoYk3@%(>Z>xiwNI!JPPt8c_!k(y1x7BQ;%)V0 zbZ|!Qzr{2zI~|Do@?2aqSiiWAPH8C>-Tql?qD*$yMckx~p=vbGHMq~<@ltLttgh0+5#&mI@(|j?C?Gw`ARK8 zxYL9OmOis%z8T0amHc=}qzI|(WFD40Zrps`f`PlB>n$}Y56w+uh6hd{L=fXTym*ez z%9!K6ZdBBw63lPD1jwPIdRlnfPd#?L3Qib56t8hKaQ`z#Osb`$QQc^Vmb=&$J8Wk z&lO{c*+jWtc0=`4I+ix)UhO7fQ|_RblB=TYm+16;AhA_+SFsb(4rX+k)={QhpW%q9 zYjMG|w>%AJx~S1r3QeVHFI9kF=%+RMPGwIgxugaH)!Mx219kg5^LpcZ>cL(0i@l3> znFc$e=k3uqAc>%w_3$=T#9UMlSOjiJ(C-%KNgcEdR^*;A$kDB>Z8XS#8xb{R!P#4V zyYM=joXq!kuelN?o_V5jQ74e@*T5@9aR>?6z0sT52FMdnxvY)U8d$C_WXd$hJukj} z?nIs3DOBsVE5}dKqR8bOGg7kxphF|0 zr<2n+TC5h($N>B4$Wu)4MIEE3mf+V3wXbg#xbL03Mtx&^Ve~4j|RA zQUk(Fgj$l&Pu9JUTj}>97`0+2-_xDUoYgrGcBG{05W2K)n!@XS9J3&x)DeZ7Ry^g} z#Au7_E|j;FS-vQ%-ZZtYo$)z$W(4heU@mxOcUCM4O<^H>)KdA+`2OPuirD(^C1TA+d?^yf!_-UG?JPiG+lu6z!CcltD{OiUpI!WrzO7jv>U} zOgvnG^c#P;vi7>f1IZ!RoHKK$nLm(WbD@0p&i%`Dnx?hCD@On{O&`aACX6rPthNVB z;Wws!?+8zy{sPp^@e=Okb*L&C4CCot{dbyPNoSU;Pi_jmc3HedV@|-At7n%R;lc>) zm2Qi|Q-!s{*ILPH^J6|w#`c=xKw5IyP3*AqZEvVqhD*7=pxQ}OUB`co3i7`Rqv%uG z>IAzk6yJ8;QZ!1K28O-v$hq9q{O)J7O9J~xKQdG2OD;)_oJD-qd8wGG&Wg2wfXm~& z-|Kh+z#p;{2pZ5B6d%~lWY*4t@OtZN1Ue2OxaB6-HnA&Rk20NbiUcdKE3522NqoK= zd?eCbHR?mwqm7BnlETQUaM3Xeeew4jxV@ML%jCO6b8S^M;%UzcCk`Rj9A|Q_=zeZu zP#5tYQ9$|lw=Uu`VhVte>o`u6*4x3=+l$vGwLw@mDZS6HyBB5Z$PbR+cSZjY^kvvs z8nT{Texml;E1B;`qQ`PZUx+5QVMhvULPt3dV9ansQV8xa%DAPTa4OJ4=Y5c>nvbCI zkPjWaGu~GH%vT$+!1LF{`!U!d1jZB+C(el7e%? zx@Wa>YMd9QE2Rv+2}w5VEAKk%JFo}xiz)cCJN+`pn)IQgP(nZeacg7B+4QJnve$Pl ziHi#eGqZ7ca{m>T(9HPb1&1y11;vmWieT?6gFBJJDnL9Q0mI8;0aK?qA9_YvF3C`W z&<_#6k`%nxOErP9OZ`rfi>6cjui^74rfJC&&HS+x8B$dU_N@}-aRuc8weUBaQEzf~ z#<$v0Mv=aW3y}7pS@TQM|+@Sgf+KCO5nFA{dtOEZG8^N zGw#Rle{v5DOX^-7m4&5RKT09iylhG_+C6FjKiSD`N}AauBqe~vY2tADalZu*ob=&+ z+sy{Ok?)xKx-KCLmgJ5XZ29GgV7EVX)sP)Y9Z^y+ZYB(IachF2JLy<6w<;Xm z_naRhleu_(P3Cdyol4QSQf{ZL0J+Z75_p|9Z6)AU!|BKU7AgL{a7W8t;lbDk)X?~& z)=0)w_wpI~HCGq=zE3CGi-dii*L5^F{i-2Gk=_$DvCzocayu+C>>@lUB)Fu<-Piru zli^nOvb*t;`rbmJ_CKE8U2UP?8~gtcwXA+niFsdD>YG|moz7N(|%e30q$ZoPs4A%l( z7}e^v7qZT?>pYYDNZgQtM%S^uo7UR7zVVyyNbH%8B&`=*+ZRedg0D^|#4dJcXxyzTZQRd(?$d;GxQeyNpuu{($#p@>)jbGPxqJaFuFSYx5GS2O!I z-|vjF#mhhHQ8XXA!P2j)SNJWQ>mBESjZLu9HTt*I^gOg2(m6yQ2LbX2X1!;rMn6W| z28sJ}hE2Uvu@If|LtZWo>dPA~oqCH)`L3C+dEHz3S*tC++baXT?*XvCkZEj4$xBz1q^_heTk2VhMw(qYC4NKf+;#t7R_jO#&tNy=EP-Qtv}`kr zRuWvYs9*8atwA7z+eGD)?R?t(ebq~JsnKO?%pysdUvF@5uCZHvd1 zZ+E<$(~Y)DJuD;J9~yFI41t>?et0u3TtVd35pC<92PI*iD&R%1vgO!4-Z_%fLwwPW zSS8677oVZ5QRIPZs>r^Z79-J{s`1nLbbV;eozCm`EKKM(lIBq>BQ1q+eSBbh3>=~v zR?9N45MthQm6o2t=3SyNkn_NC$&akjZRbcmkc4X8__(1pd!@GNxJwry4nI#K&7_m2~;6NbEtwSI6k%Lv^cSf+ezkis|g zpc29L;2vZ|mRz^JYiHK!mO+1nXHmKy`GU&)r}_D!tZ>CWiGDKyH;G7){I&m9;_-D; zH1W2;UYTsva>S%pop1hJ-?N#+it&dJoA>vxxHxJmOJ6iFjSxKnNrte(&k_Px_I6kZ zXe_m|yF9QsV z!0%0Is}^i5$`L^EVD|*4ZV2~>^q|^c2+OsN@xzZAx@*08Ot*COcMEREKMGygF$1tC zP4mOeSc)a-1EB_|8INAh$>Aal(;9*qqoZOb?lw=B%LTjdI@OaM&jv)7$fTGf!KxQm z`YT*la>59Q%N*ftAjCKXU+4ec+RS&#+{YuJ5H%{{2B>k$&8mD zF?gRg8oHA7{a67{URjEyY0?HU=&sQOGq~A|w$Ue#!!EMp^rk!i%t+_GZ~7c>$J9#| z3_#hVO{;0qJI6VkWs7*gI8 zr5EQuV>=tj%6HvifDGVI4(BR+&~sZWUy8zz?g{i*WEV8XwxPQ+N=Gr;?$S)^hF9(2 zLh6wRS99V8_-4V|DJQ?=@Rl)KwEKBic1yM0e{~3V^8Xpw^$=u6%3ZMwW_#Bg1YW%3 zx8k<3t7=bQm2%?dnN z=GV_|hfNmmb4xJrHCrYZ4HsuuQF%-unV{O4UUV$v4B7?oQXoNZ5S(+qtbj$nHoFn@ zGWN@R^5V0zt;}u?O7@@0)W12hQCFWvSc(VOHaaSZ-bMazI+saCxWopW0@;r2;fd&a zkYn@gA_i*+ZgFQP8C~qG%w$*w9IzrwmWm%zGxN|2vAF93^Ylb`+c$r^Eqjh0 zVe#yeFK;weWNQ0^WV&OYBv?zmFVwRZrvr*@%z8IXW*l%?0Z1=~Yv zf-@x}v38~nW-9Wx3v?G?6O-51yAR+y3V}(8l3-~cOa#3w^`)uoHvR55W zKg+!2p;W)WYDuzzsH84yq9i+CgCzf%#-i=ko*_iT7z71o1G`pYc$Oi(p0Y?L(%NA! zn04>${_kuhPKTO@^EJ@Zxd{y)e|V-c#((f>668Dq=79~aj7I6GQ+x?;kV0(=TPSvl z2)3mJm(!v=aGCTtW$6UTU0K}+XCEv-*!}g`_Yl##gxibLwpxZp z9s{3T*o{_;3is(PnVb}cJ(bn?*z(Y@_w`b05fAtuwOFMpETd*YE9hvr9qtdEFhyhv zZUs*K6>@?-AG^otP_PkvE#sY}fA$WzP3kZu&1z6D@SKZrHX@r^``h09HuWt$@RM6Z z2EV{(TZ~|Zr?Z<&eBEmE`-)d8Ke*XBZpA)K&rlHi)davftlCC66G002TdT4Nd(I%~amYq!s+mU0ghdv%)&H4E*o z2qq>@!1aqaj(IVHcw%lnd(A_|j(HNK>RF7l;3D8ab+vz}lSePT%)wmFo0OZ}XOejlQQ(~pARS{BpCxyB*g zpnMxh{&j)C^ep?b7s;Pv#@_Zk9c9%qi|LFPTyTuOZ1zfibR3vGBi)k{b=0X*+NuPe zE-L{`;V->a7gKNvc82DxC8s~9nOz@Cn8qz1=^1k7a_nE^>m2v91_t43R->rux|v8N z#0iqwUdQonInMsP+n)F}^M_w2<=!mbbLDZBQyy(oUybY$bO9+JvsXVI=>bFs4F1z> zBL3k``d=<<=PRx{1vkutc^#PJBY}I%e6gG(jToY|<1-8J{h}*rDd)~*bJpzZc(&+E zTPXn-SaqXFmP>emSJ=r0G+9vU86f--mkthAk$to!DXRY7F|z8gbmC`4tp5kW;%4{S zy};oBbcSBq7w(MAS3gJ0o|}6Z+1Tk*Fdz3eG5b1?0rlDvvLSK|_;G_R_W-!ne-ao@ z{Gk)^M|0b3|IkVPo;SA<>)ec*wK-hSovZ=j-)6Wa}QbF!}j&&3;T~X*y#YJRd?IC3s3E| z>f>I$E57oxfbKHgnL}h4y2iD0Z*FbI{3Uj{?#J^jasBzC)|OQ4I{!SStVDr(=K%CZ zS1wSRknsLN`m24^6~ydPjb=h?2)?r2R<7f%Qwy3Dq$cm~?4#!0I$d=`^qlFcJXZ?q zxqueQWV?5v94E;4;3`yrM+r1#b1NP7S*Wm`ZHljJrHTJ1cgqZ-&kernKEM$(>Ds*9 zNLi+d`de-oebMGMzO3S@*ebk0_h>khr}YLI3fCZ^3*466@QGo0x~|2W;HUK_lKxj? z6n?ap0uFbTNpBLOhG$;JPz>>QIA`F<2w0N@%Ph^zEm1GWQ))H>mCX}!;ctD zy_dAVs#K+n_=XygF|mM5TbR=_3~`2X*JOTeWyRcW7Vq>kZ_FQDXXmRqn=aO-pG{2q z9U6ZG+k5Bhpjbc=pcbN?mqbVvqsyb=evoJyGeLa}U7dJr6dd$xBU{V#)$7}{_X9K* zzHY|0_s*xIt=)=t1g%L$Sb;F`Q!Kuw=Mc=PZB*!{b7jT~8TFxhqL%nlSH7w9?zi^- zO95I;PT=&H-Y$+lguZT*S4;JfUK6IuE|X}`nO3F13Tlb=Xf%fgift+NHFQyUQTLJ1 zbvxQFUrKod>_%!F6rG@PFpxG(LGaoV*qiH0wpPu9Vq_zq)4?{1m90__VLzh0jw{? zUxzsHR%?B*Z1S8akmr5+f&0>;%fnQ`N0n2+*yRkxm;l=8!>_NfC*+6ZcM7v7h<*G} zO#L*cotak0ZPg!S36PH=AbAmv>`F!ud`!R2aaD(zAlCtn$pCnzeGxk9wr-2AFVz;f z?TpGzb}YLF-898zGGlh@z7S%A^*ZXm-YPoMrH*XX9w0;d* zbwLZBq`3pyIw7=ASh~E{M#{^mMMgw9;RA`bXlj0|`ifGVjsod)zI)EO1a)-v(_`5W zm%_f+&Oo8QENY+SmANFV_xd?Ht5y*|sEI%lM8@RM6OaiAO^T-m9@f`e-QV0fH~!dz z^?)U&!BFHX+x}^b1feu; zfecnVD^*Rl#$W3*i|5zP4nM!S`I%ybEvN6jdipSeV(P?RRIuq?_hq55b2rg?zF4YQ zVxOtQ?8GTfHZOn~f-oah5?!gE;4%b-4t@}`dhj)?&NjBILkQt%|Cp4DUn2G|<~(J? zv0^X3$KAG{?%^UcoVcz_K3MMSNMeEW;%nS&d5l7eA$Oqa?_KbFZBtN`tWjJH^94i4 zfC_`_!Kp)wUvwXS#C$IMSGxmN2)8>3p9~9p@D09H15^z*4{eTG0*?@IPw|~5`}sgu zA)()V2cQo0oCl3h4iJNYvjX&G6xoW#edANoj>+c`6i}~W0!lprLJAOIGLRV!fyYw| z?|i1)>hrQ**M;}>JDi}V1A_UC)Xd+Nb2Bt1FZ>`)>T+*Ct`$lg4 zvY?G^nY0W@A&Zc%pk0EM=Fq)aueZ{V{bsBJvbr@oM}mX#zsr3JZ66KXHfE ztDaBgEq}4z3rM={0|Jimzm#H@*jjCZ@P|D#P)%azB5?#%dz<*JRQjpYfupmtzS|(f z*?cVc<80IQ#8;3V#I2C0zC^Iez za@9P$`IXLdcKz2#tOFn(50}F2%_?Bmn(%VBNXogJhs}3s;$L1rsGZJI&v93BJ$3Kk zHtUU)-fw(1XI|Y^?pRo(X#$LSBy10t^Zp~adnw_?$1kNDDoNGDzJ)Q0kLo3kQVLG) zaAZrJQdEW~huz6xqH5%2l}d{iQ!1%-o@mz+nhNX@Z0jKb+=UWmQI^Sw`;~o@D9NX| z8Z;^r6W1eaYRf64Nh5@NDjb+}q1a)72~~YjS2sx?7vh04A-br8xJmgBR0sA)8Q(X> z4ds?8cUS4f8?tWms&b!3ER*s(0J2<9=s3mw!$$M(toq*#lRJ_vF?Ju9Un|gsv=8fI zp(jal?bDUc%at4(FHW~Ms^}KZb-5&3UA}PkHmjZq#J13K>~oX9juEMaEM^ZY#RXGb zN!M25_97P*0r;V0)Rnn0{K$Z=Mj}hGtiuYXl@hDq$<88<0t^D)Y}1%XQ4dKkaVESF z*i!GJ)GfZK;JLtcK4<>&42|CMe1{}>4Se}$s0 zlvg};4y^EAUkWzHjvB0*omX4Ac3IkN9{cGIa^_#S-Y>!adt&S+J+5-r4lCEK^b$qC z2L}$wbeSv)vC#GHjb?*xOFOth~NMw>=AQrDhNBH_oBgD?irlg`vcCxDX>be54?< z8Yyv!?AxX1I*DzrubnGrDGDlj;L-TQIy&>~b^8np=_K(iL)k@$CrC2Q~}uJcnS^& zg31gr1`pj4!>j676BHLCiY}rwvi-I1^ZI!tk96APa)_opOcMdU_&lOK@hdg%a0wO!BHp+Ah(y9-;n(#sY?(3R18rUg1d z%2-BqFWe%M@kPCZ#v;h@U&G>dcK^~9W`nMwIXa$P|xT2WSWq~BP zvn$pl3L#2(lOx#{1T^b{n==8+m=gCh1K0uqL9MPq?p(*^<;IT6*{kxODj%(arGR~z z!6k8Rd9oJV8!r&!Cjq~OTaO~k@E`X_kk5MVGujN?7JP@Zyfu1{N`*gj zkn!cu{Gy#F5HnA+9i}(0$cP8uRUDZ#doC^UOGw)aOfVr@kTP*ezzt$huVj+>g6c*^ z2s>ou8@0e37B{V(>Q%0fN4gp5UI1N$40w;QJPHRJ{rvFYvC{#hi->Aq>_&;fUMNC4 z9mGf$*z&8+Ay09Femi=0qz-dQy;P9~%d-YaZr594T%XZ_@0`o~Xx1nV0xh*BUxS zP%MaVR}&J^xDyhUlzX|XPJL?S2HqgMbGhdtykIRb*8U@N*76{ zA8E5X8l<|%xTNT2{wVx>hp?kdi14_W4src{N+93-B>|q>Mk!6*DRi+XOB`*{*MUk| ztc+iWk@~(3D9G`0JJ*0AuUu>`^fL+BV`bi7;1Kc&1F0=tRQm)kE(~%S5Ty|WCMx+r zoj@Ssfh&`}C`Kf7h1-$~J{?_P;!*Sz^tAr)2n z*O&W`v#~wvJ4(KUjJ|XvcP&+eBg!XAT%fT5c6XnKXKK_}IbdJWd{-KCNoruN?QLF^ z*5)^91Psv)K1q|ONRX6Qkj#|ZW8i9kdxvA3hXS$=^Zlsm%R3+WC8%0)leeBw*xp2z z>vld~0aw%onX>~rUN(wn9?}(-WY;wPqpF&0Uq*Yruu)IMqcnsHVgd)^(W>!Ia`X)7 z+r=L@HNC5joR>kf>wO3*YFs6PiF7;-W+Q!43|O(9I5lx2ko#UJ6TGiJ)q?qarj%ou z4ZRn}raAtayFgU49fW{MP7{aa{kA=p@ao zvU{Z3=<{v{n013_f`~gf{Kvu%EME$gFN}L#uxWe5aI)$LD&H;dLrY6MU^jOi2v+};z&>9b&Yq#G z$3biguJozIL(y>n*SV^v^0+A>&u2vcd~ZEqP5QO+G(hJ7vb@WVlnu#z8FT`M#4$wA zm=AyOm{GCSRcu6&3Bx`--rh93c!l(n`gczpx^^f#v~x1L5f>3iEQAu}5StE=Q1B z(8hq7-2(25Vk9a!cT-j^oH)j1~J2~rynG8D*+8ngyx1R0mBo2cWcvol;D+TYj~=r^?W!!cihO~Stf2^}nj0gm?W z;5jlef#A4-5dJ((6DJ+m3RoR~Z3%O!t26X^5;3lkbLDmnF z>Oih*4(UcUUtvu8g^F$V$^>-*Vu1J`pVegDQ+}KYeHD;`=VeyPI*b6`SZE`!sJ>+q3+bq^$(jYhde=2b&J>5bRocomd~stITM&oZTW z2XHb`3-U_mm7k;DTY_pJ-62ro$p+HtlKEQ&uz_>VZ)``k&AMgdEK`r9+;fAZsN2>j zUUHUo1>RH`%_ChQo5Al>Q~aS};#cvj8Ik@F){jYyQD0lbUR&3Fc2Q#8W9#Y6&npPF zex(=krGbxXnU_)LR7I-7Edgal-C+`f&KfQ{(Z=&roTvI*Pjr(;#?8hv`bD)pf21%E~n3Ds#um>m?)B~Ig|dN0bJ z4hT;Y4U>ykN&ea$OCFCEvzonP(vOTn)|s$qxJDon?KWtmzQ>RF#^e4Xcr*1x zAuRZAUA1Y^ZR?i3#`>EhI-7ZFRnhKRDZTG-mMR#Aok1vXJhXe5(T%5DHbt*v=8Fxg?;i zOg4nG)m2Tm8s*xt=^Wmeyz72?r(Ra1>kc7b*$|^?=`V5WiB?7i{M-cc8At?f`x#&+ z+Oymuc`hd?tLh}Uv!jB2iw#<0ciytZie8=+`C^+|*$rFEIhN2wXBkJC!h>+!{Zl~? zXQm$9Uk|aCMyOImNkU{>iYR_5hQ^Ucv}cmji35etz<|ZZbVmbOwwbJM`6+=-trt<-bC}oy2C7xiVDmrKgw5Cv0rftlMA} z4mUNAo?Cn&cr93J}@Qs3Q= zQ)@`Qyl$06NQPcKVRGrS_VSruXiPAW{8~`4ZQRsC1f62}Uc9!dSGwj^-Fbc9K<{&J zy*Q+Li~M|BRZ3ErZx#w(TK^>(d+i@(FM@-lO4f(JpymS8FcdLsHJBi@`rnJ7Ar`M+}*c`a5c4VS&|sp56)i)tfO-3T6I_E#f9 z{kL_THc&Mt?O=>67P>vW0%F|Y?plU`7PfXuHdG#7OU!5e%o6*F-COM@P(8)-dBxs{$a z#_~B`H^pYMy3JxLnf_Q2s2QW=kGAkLCe$iQ5CLK^L-ED#uwawI{mN4vHm1LA93Be4 zKC4*wq^EnVM&pD(ETBlCsi|Bk9P*DSp-=20l@d(4Z8hh#m2gHj`Qv-EDNi|!SW&&V z_S;qW*9sz__X0(Yqf5MI{({@^X(hBfgyin)=ttG0@$M15uz_u$x{%VZBg*I;gh(3sgPR7hE~(dXuCD#lEL0)e!79eK(e%RU(SaP2D*` zjhvw0ar-eWz7sE#o>Qx6rzsCerQ|Clo_55^F>sywf-w1R*73|vKt0XOZeyb3?15a? z<@slcr4f$zo~x*M{JI(IFtvysKm^mi|DmIAJ4bQC%Y~^yqlA@+U)B;zLh_Emb(r}e z)1wobUX58Y(Cm15IZQT?C{B^87<(lyXsoufKu$v?H82K{J7b^BX4C!eV)929O^@xShI zg-aT?4SN5)?Hlx*L4W^yB&I#GmxJ#}WMwG|Rlk(jDql)bCZ*uJIv1}_DM|a)5V|Wr zc3i7fOv>R-^7{H!_4C^m@5|>_Dz}aKd{F1InvSvoI6AmTxN{q3a3yAf=s_wifn{LPJ>a=b zCa5|ps-8&XavvY&Wq(wiZ1`-z1(xRrx;hXsS)I%)nylSmN0K2wf!`1_ zB&c13n4}WB44Uc_ffe47UHQ!KMuAep7n)Mu-X33;3=KL1w*N<0TP9l6zQjTU=3)4~ zoj!ud3VTg{2&z+}~J^^bWNW#jEe_rF0Hw7h!`>L4WtJsYw$VibUJC^rZKouFEi zcFX!kLeVQHJFAI{nUab7Q{qN*e_^C`L(R3_+R0@0#TRDfv@SE#^{+=@$s=6S-pSyAFnhM$)}SN z(5|EGh)InXkT|$KA=a3G&~h>_gT}STZfj>#pusJ+n-`q@Kt;`&C|Qza#>+iq9q(GTl~p_1W0XVTE&M(g%;T6~exG>ipj0L(J%U_6#_}JZ@A0 z-d<{ztnQ)ZIZ4jY$6o9zXX_Ij@4X9|;%m_5i@EVnR>uGS-TSxit#f3)J%d|dhpjq~ z-^z|!S2uocq!+sMy>|@kptB`BpBD<20z3#5s7+|sI7R3(x~m)naLTTfLWZwJ#VTFQ z*PWo?tJK@0c1}8LaX|+5pRmZ@IeK|z8|@64)9Pzx>;T6inRPB%Yecsxqxx$bZFVXJ zd(WP4IQuB;{u#r%&L%ShipQ_x*s-Z+4~u?SMYKwh{V1|{1qu%y-L=H-VLDqo-E0z< zVYyDVvyhM{Y0-2CO~@X9=<Z~9kX}L&5EM{p(vjYzcNC;cXi1PNfrJtw3Gvy#=hc}r=bm%_ z?|IIdJ)0MqVJ6vg?RBlSuJ!$VIm%?c&9bkzsYCI&NvdGFjl;r@<#SI#IAIC3G+2L6 z`MT(BNxxPb8-D?7;mBJOmGc9<2VRJ}kT}QbYS9-E3~w_`qABg?m>;I1JqE*{(TWp6 zGL{3Q_XTRWu&p8Vi>RdSvE28ae5-9HpYH0z${uD=g~mhTnlpO!=>T&>Z- zUHGLDT840jnUhVaKdIdZ9R;MfXW6)Xy=^nZ40?YxFYnfJ{_Onx<+bldWXaxaR4j3b z$e8&H5Frokc0D^#yPrrcWsIQgZV&Df%VYba<)ZXvI;XK+oE`wJOU#?h_Y;A&CqhAF z@b|dp)7^-_G!x`AlW$L3k?~!^T0C%}JMMtAlwVl^hXC(7!2P@Oh`tKnhcboM+;Vfq zwN6BSmrgb+G>~fgZ4tzw#fSl-7%BTj_9%7Y@TnZNU99Vn`j_TmJ%7z>0Mf<-Q|}Q2 zBC*>l4_rG}9l`D~A0eGiweeor=2c=%k9?Xe74qlpbB@#5gB43^6IYm+KFN*PdiK7< z3CqIH0`nRqTA`}T?%3JdNvX+BeZSoMS>eKGsnb-@*3KUVObt$wdD`c3=1#yL-K#>Z0~#viw-Qa`GB_l;+(96Reo`L4& zaCg$n&|g+Px$}ee2yEAG1)**e9LWsJzG!)f7JCiM%kB*IS^^qU%p#NW@_DnA4R45L<8+nzrJHFN29f?x73dr@ z)?Jnse&tVSx1J)b^Q8z^qR?jyEWS;d-Gl85OOBlL<=ho4v!KA*@F2Rbkp3C#SWNdgXb^C;dZoom%0WXo zVDkeZcN!)z2v*N#RoiE36AZcYs>DNM?t|{Ps}fo_LTF#o(m4wl+1==jo$eGQn7mqJ zXZuNN?h7dkFY+{%o2^2{JWA*Nb&HMr)$zFw)m38GS+0DCX+B#sDXOTm_|;le8zpRjbsDZTR@JW=qSpyO8iShx>u$4C%pLuavX_!yEs7!`_mQcAiEj2 z2X_Aam*#1!`OhuJyIO*d&S`(ZC>g5*E#tzokj2jFNaZ_B3q+ z7#vju!hDgeO74cLAS#CJ+6*A@8R*8Tf-A(R)BfWBT@*#OaDbU zX8fy1^}=23HHU>1lC$J<8>i=Wdi}yLcbKbHeP6C{&uFQACyYT;cTnjbobIPVc}r#^ z-lcje_QkQ{X`rlU&88wR(eEkqcU|xhL+}dhj@r*UE`AyzOlz7p7J4*iH;M> z644*Q3ov8**;z>wYt0Fj-a#+Iha9A5#+H_Q>-ihDg!OqE9Q(YJ;0xyk?92T*9(K8j zuxhXpYSvD=*;!3cuCKgQ^D4I{yE{Dgt8Dh)jXdnO9{YzgjQ#q<=eET^*AS6q$)+(qs*%SOsU;N>h~dr5n=X z(_NlBxeqT1-?$~KFTTmY(Wyva@9TQGS~s-YSLyC>t*&9F!TtK4Io4=P!fV-;`a3k4 zdC(!`DGw94-GWi}v%#OWK{NPW5|CEXq4ArM$0N>l^AzptNBTB8Ts>|T4kNPKXmlB` z^FKSGruUBpN{91%0&w<1#4kV$)4>i?I15Q9_giN-GM~h#c<>4o2cyb(`ox>la#~E& zxeWPtl#VpvuLy<2=Oicq-s`J@YfLqOKrp!GhsR6X4=b5u5{QEgS+~EvWK=ZRCeMvO zR$>_Unnt)H_&v2WN%Uw4&+kh@iR5M8CHn`fVK!(60g*0L@ZF)MnTD!BrW4si01TB3 zW(@rLXv?-Bg`(n7#(41k{pr`D5ZWR9Ta+o9?4)w2kE4G9_zbQJP}IqCTY^<{u^%Bt zMp$2gm7lE%JNDP4Z|J%S7j$3Ah}X2pzHK_Xs-chVin0{tnK@pKfz}s+KD%_ZL|b{QwJosa z7Zz_)^?%GJQ2Izl6^j%p0zl&uq^KwSHUxNq4PT3>ylw4XZv%}zgFL)9>RrWT#~&4n zckhJK@_>z0ypEmg`^CFhItA&oT0E}wZ9&w%;S1>k5BH_&b%h2lT|>tPiT@JS4L{DraV+X1UA zLhtC?J7(uL44qg5f-k2C@85m-#XPQ}5hk#!MZdku*U25xj}nA|jT;EQ$#U17+ov1m z+Ea|&QVx!bt@{c0xpY`NihC;y{h)Hze)l39e^kFHuJ&qEhzU&W;(#Tbt{P82lklka z*(w%1KPdXDAvs$uO%tUiH9Z!p53z!aZdOV|0Hzb(HD-KwPe@JI^cG> zZmpPtHHB#2t_Hq7@J077e(&mr&~$q>+u4Q}cQ%w*9C}2zuWzIlMcM_W4L^C!E6Wt2 z7{NjMLr_PT4kCB}gj7h6x}7!LsSwurO}{MB`si(-`_cCOrRxf}UXL!ATJlFRE~I5K zG4o$hotR^^+ zLDsw8GMI_PXN`#@&R^lWTsnU1gLmsI9~Sv+F$=iRhYBBD>*9@Ig)w4X%P=*(l)Gwb zmJSTLzaPdLfAcL}8Xj&9ZxNL7==hMMd$CX|lAjBNG3=C~TsGasL@S#P1YlSa zzv^4hq4r0Pg`al4fE9(LBO)K5gT!x8RPr^hz@QiwDqOy63P%gNI z%ctdK@pOwO2cW*TOBfI*6+W_d3}%()N*~F+b8usho7W^8T4wz zxGhCcHG`}R55n`rO>2oQEj{)W<&PRUsM>g^*U+MtZQA#$N#GZgHVxYa$NLE{zPoXYLoPmNO< z!rNQv{H|bm^dOe5;<8CuQZ&pp0Aa^5bguz=0j^DgT;KO|!ygXWj>ncLzs|CwOI7wX z97n*MeM!6^C1S$VGwN09445H;jg-v$yU$d&99C#nn--!Qq*C;tsaG53Vx>n9p|^iU zCzuZj>v_RmNEM*|Sf%g0vHI8pfNNQ~RIZ>34du$?#alQF>D{bL4VF{6XoLP;grFMI zD}q8d^uiICWT$0t<>FX%=6jZbNhH)|RIjAXFCayaX4BL;?Ib>4qQFp8{3bH->Wk zqpum9Be~NpEu_xfO=Ygh(z*c)Hze7S?EookB1XtMa0Kq5T8zmHQ+Mz82p7^9vTI0a zp`X*EYf^+ajPzpP;aU1l!2|3l$eP;#ly~u7`3fw+4%vI>YHN}~mg;F(o$)&87s#N; z@QG4739Nnro*3~eV0Zr<{2pGvA4jhNL5sLfKb{srDKyw>q3h(;B+L3FU+Tzq3v>8I zg6e8sXP@Km_ls&bMtuDQ$GFSQ4VDjLZq zO&1(yk;D=};4?{ZNkA!c={X~1(F)&6TQn?suI% zmbERO;(Sx8sQl8#;LBfS+xeNl8xIjfh`3V(;5&m_CCT(zw#6oNn3bVO2<_=AY|65H zBk1djX>Ev;5mWF7EH(X_cn04QBmaf}Y-wEM>vQ4(tOuRjnF)EC$QYMk*Z?ReJ|*>~xN_ zv*XQL9U*hSYGyR}VDmbg-+uh_=-XRQWuM7MyfTBnn_m?I+!)Tmt-b($sV|gzMa2p1 z$#SgoF^!2gLwrkZLm%LRh{F^6&IXs07d^dwTMs+2eA84efOEH81P}d6I!{<~4~t%& zi-hYJdZM`f`-HQ8-+uKeQ<^HzpG0HjCf#?A(RhzfE0GjH@WKG@EbqK+_qzo@&r19_ z76`1^;22}i4q~Ez!)(S<&2)KQHe8f7Of%y7c0q$$aznww#F}savh0vv{hWr-S~BE* ztzGzKo{lfNDoIa`;wEF?DKRew{NlYeVe)VQU|E5m)m)$`HJ^Qy58P*Bzj)6ZkbT0Q z$c@azyz{F+Nq_uHPX>i~D~@`3HZS|A%e8lN>x}2ns((KYET{ryhTT0R2IFV*O9R%p zW7ZqJU0sa91`YY#IZ`bNx9RrAYYyJd&fb3?BW=;q*Nxz#-hs)it;FL&YyB(2bFqmH zzblr7EPj|;d7pMQjIrBBj0Pr)vv`>QFJgxGi#F#WkEK%g8>)Y46~GkZ(N~Nbt7Yf zr42Vl3v^(=0YdnyDBNK#f;D1-V+#et2lCdD-u2%(HB`Pa0nc~&T2*PrWe=2Z*NdDL z*Ht5N(}yetZj(?6iYRGqt&8-a1B#Dbo6Udcge_q5sHm1NEc_D%nP~_{FG<`tD%2aW z=-DyE1Rt*FUj&@0pHjT0jQ+ixYJ+bG}!cYpcZgff?7ZF0*rUl zoMepg!%lFGT(=}j%Qu6kgw)t+OhH?>Z8)VkAPwb@ii2q1nS z39W(8%M2MInY=oM37w7JA4b~*AM1paEZe7Z&Wv&!UU;z~ZJm07QtAQzs9Y>`&QUkw zISjm}kAo7j0c<0e20I=FzUaZ*$xJXQD-{W_j10c#eQ|=dxYAG04*r*>EhP6Y(}l5@ zrLu! zB?D0`1$k=@j&I5>c!ICf*vgm zd2toLm0#O1gY6R!M1elVkZ2S}^PX{Qikvp=$_l6p_o{T%B9qH8)u*Gd_06V8p&YsV zHvi+Zi=R4mNM8tx*sC+}OZYMLc+>?Lc}Vd2oPfqZ>AGGYw}(HBN&j;Hr_;0b=4%?v zn_oA3o4~KNu2TYmu0d2^7gLw}ts_nI#lauTBIo-B>HNDt9gNVWFFx*5cu@AoM*COI z%Gk5pB9WV@8LMto_8=6+0@yD43Ipn5ksu71&4xsaZqE1Rs61TtR8y?ra!R-XZx3>j z{a%}@TI;&p2pF>RQ-46YBQ8BiVQThjG!6VwPRp zdP}BLJ`+hHa&PIifGh+RBxn8aqN3a;)sr3I&u8IIr6ev0vwIliHN~dPgSFB#_;5_R z*RGAJ>QkhuWT4;rdRpA_hPZvZ_56q509Lyb41YxWh=tHZOn^RYovOVmF%t3Z7Zp#i zp-z_7F3ruQ{R0`}$KD-#znOLrTjM$qu)7Skm_8DbJ$XF4Vdo`sXT`3)>@C+9opXF? z!!++@BVly2K*zCAn@|&5sbPf)@1If5GvV~}2;z6KdFqpNKH71*g`rbnDnb#URzlgd zQ~{I9))E_!&O3O8*qVXg+b-h;2)A%Y<*bt%p|9Ka&Tl-NmW4@u>ccnpckyj8(carOefE#fOZgkbJ-;wCp^iLHf8fribzE*-<}vbFK7HPl zWixTy&PgIZSKO~dKX1VQ=6fd|2!}5H~4f;A438b;x zC!>5%>wp*eQhWLNW|?%G`#6LQVIzaA^PL=G+lToc-WPn@-^teT&LDqhG^9D|p4#DV zWT55JiB8*a(KV6Jk0`yHJDEHOi~|LU1$+vfSFI^@Bo>ciwfMrRdE5EMuinmgB66H@ z>w{&&|Flnlj?9^8Qkbq!He;Xz6NznVg92LT;4d1d+-CO!o96;qL+;v0Hgq*bHyLw( zxo;%3<-bI89ZGmPOaZz`Tz!&uo2A|-ys>1o0a1~C1u4~AzKg71RQ&tFEVZ0t3)_a$C?Wo zw3_k$(y7X>~cgd9*X12hB8x( z*AQac-o?Ki81mO3^9{fKFT5LOvf$u#I{5ajy!|bvPO+Ooi|WzWc-5*5!Z!29Wz2bB zI>de1qbqAd-xU@b5pL4RZ&K&yqcQI}8ElnVkX>MGF;QBPLjWhimC!#M{&W~eWHFbo z_LbOVTl%UVpl_yJZnUFs$~R#Y&i%s+0R-QcE9_uCx9N@>r*{|sbs~tdkZ1UyjO%nf z+lOfAA97|;w|$rA08@Da!$f}p1C^g*gkLXee!fKN(wo6mPK+rhrP_m2gZF4peD{ zG~`w{m;Ou~w#3o~1#z=VK_+JmMh&zYH?VbWGmqSOONzs9weK`Ll>grUvER3$T;8f% z%3D>G*$@uS%W(o4+&|z#AMJsi|0LeA#Jc?JK>w>8C(9=wcn4Ej4eh9TA^B&ck`u4=BP+<-nMPf+_cUo!uLT?#t-$qfePTSDfe zt$2J{gw5^y3OPmTNl*7{Dk#^hT^`>2RddyrV3s&(-?V72$+t7{>2pm6g&A-U?uw<} zT%-t+I!@(_92^`%P9&DR#CdssbxO#5p|miLf}E_p4bFj_qm-bK7sPkI}V z^?J8#bl;b42wUZ-!V=h=YCrOsE)kw)U^4T%X^K1YIlBhIe7N|6O1VX@iExwM;Wf`( zueL=(ZQ*;pAdiQo3^V)dt_>bF@?FsrU$53A2KvSU)~(>d;F%5^ydPZi6G?As$Ikxd zaYL?Ao>|rSe8!1mriAM-e-E8gzCn8cS(lW4NDL?VB0o$!PHDKHe;4dlnfC@MF7_d~ z@k5u*y8M!}?pn#Eb|*C{K57Z)F8c8ParLLEuz@k%?~C>#HExA7UK)KZtqn8JP{C7% zp13p69`cKOP24(R73b)O{@khX(}OB#%x^1S3b-)rCaQZXZez}8D<)md%aG^bY!H4@ z`!k{%&zICN5$C`=l1#|Lq}3WMC0%$g>}(~kCR-5`+wkU1=I$T+ zT{3vPbTW_s!DwFSfz)*4>}+*=&CaI1F1OX&u>TD^_)j1S4)?HN&a*`7C3aFJxE=vq z;0=MzzckK&$cP272ifEWrGso$WA)z)zE#p8XCX(3`K1R$&9H!ls5DW<9_ ziO`LJNvC8ZC9w~5^PBsz5!WJqb_pJ_Oe7*0cj4DQ!3@_6sGMh#&;-n}h$U)yL1Q8R z%EG1lqjzbBThVzfnIHAm!1vs1A|vD@rlGuWNjw;{+V8E!I09mqT*I*ZC4;cb@I$YdenSwIHrhB1_5kjp72_`4C zc~kx4c5E8ap?(b<0%3>xKp|i;38jb202q4XwJucY0OEp*P`EoqOlT)dRHWS?N4jN3 zS?S!0%vnc@ zzHC8^2IM1bqK^oGc?VF?ZQCM{pNIdeOqcl68*Dr;wa|i;HBvklvFIT73V1kCYZdIw zk6{Qa{MpuwhT79?j-6cZ=;Mmg_g7vFPc1TQj1;>1ec?afUIOI#LsldnGB;diPUE(V zTSyftMovL{`ki^&r)gYiyCHODL0|$Q@<{ zxw{R-ZHb02i~{CcZ0i?q3!GOu80z~DAvR8GAc{Spmv9|w*i~k);AunoFPLwr&Wt-( z0}r{@rzavG;GlB$6D#U|F@M4_yg(HRv~OJ~#tFuVJ}63+0Q068UHwup(l-5#lYgz= z_)mfv!=w6iwZkN{kx`~KXxukO;;u1;UQ4IfuJ z2mM0h*^GSnwBF!-krXik!|KB}d~mU7DQ|MwWA~Hqf^C2Jh#w!+=IyjPv$aY}<}+9K zc3lI$O9*fh*TWu*;4aNwvG?jn%@0g)*^t8fh@oEJO^yreF2t1!WU0796(4YXcu5;< z;roeVMu=S#>*6vic* zoi)|^{l%mx=m!;fRhDP~vUKB9!d068;66VL*T;gtAbK5v0w9*?3tVoLJ`LcUqX6tn zmcfBNCc3fqHh zm)4n@B2GKoe-6KGei{YvEMP7u*T7~6{cI`6nl=>GXJZucK1^6^BHFGs}4NRcCuoJH%7%A$ckUoqh#gDqw`QbYa!bN}E6-E~ zT0cONU;LkhG6yew0kMpr2H1Rf7VuE6&UoVr@o?XAYgjN&!Z~Zr^v5?ASia*^Df=p^ z9GWNIzu!lt0b941n$4W@D!cm$idugMwSDT{FrOVzEB!Q*PSN1kRjFtTnU@eAg8Y9N z?`m%TPl8n8qh;WSZ~niAz?GWs%j#<>HFyy5DhW~v^B*1Gwqw7LBFahGLaGPakZ3oc?B% z4bfs&YJ@k2fMK{n{^yPXJFrH%JK;d%RsKWz!3+rElMXWC@XM5cxo6s!ma1gsbx`pi z1v9Ji|3P%(xD(+R@ViV)4h~Ml20|I7X0-`{D8JcdjOuhi@d?!xPD-CDta#kLws8r=|UCAR5M)Lh*AWn*;1I z{lvma1$n@V#Ac{sCoC^7JKOKdCk0z(OM$ohcIH+f0g=#K8tl3MgBa$N0qi0>13ZN6 z1g#qsCz2Z8$#5=0a=`-yOeO5|dp4cw#eUfK3*|N4;Y0u7Js5UzlIZ8oab}}^CXot; z!M^^dG0X^9(?10N9Ae#Yns_7zl2{3+#~P8_ksPZ<{v~-OHs8YmL#N=vVF`1Nn_JAw zDSkCO(+!AUoL8bzSlTJd+8C()>XkWj};4~saTayKM zte`G9Tqmr2ErzR3!&T5VEL%wubu(~1+r2gG7e#;4s_O55(Keu}SXqd_Z~6t{BghPX z4+n5cc7!mffQ`*hVALZWN(#3$)?C=#$e+Y$1qvnJNbW72yZgY#8S#IqW zW}jbQ{6PMC4LV^5jrJ`U@dMh5WBg{kmJ$i@)x8+OMo}eM6x(@;f(aY( zjtuG9>(SB0U-RCu2LuIt$s8R_PA#nFKWz5$B`FLPH2OwqNxOHllLiX6MM3!0I7=4@ z2gw$-4z8<~H138dL}pwsZezTS*5*wQEFc>h~g$oww(Y5OFIkr0imwZ7?TQ z(9TfqU}4W&m3Zw*x|h-C^ItNY6JFM3OunJCCtL7>_fqu$Mwa?{$|7DYNw>D)()%hA1@5OJ$IlZ-#yZbMpJfBF*_}D(grNTyD zh04WYw5lI4F8`q%t|U`YQB8tZKs1NvPds`832rLw2ft!mtBIA<5b`c@ zZgObd&x_!P?ls@lSCL(f*$JJT zhUEJsNr3;3ME?eP1aW@wl-O8%)cU1vbm`kPQvPOkie9{xNE7=!uVbryicFN`--QF|~O%`D^sM+{K>(RR3DIbt6 zVSTw^QN4n^#Ud+TFm6pq>qd*`#AH|!p5gjOlVd$e56#;H@bHfm`?HS`yc93IRWC49 zWF^WsAGjYUu?J$o(O+rKA3c~;d66#lfgwI;mT!H`Ef~{KhSj)MPU^Z#Y9vFwI%zq& z;sS>?)Wb`M`~-4uyEfIfXOCSK@OQpo>VI2&n&=pCRFXhq!7AYFv0m&8`aNJ?IHRvu z=$e?&Sjl#iWv5~Or83q1rceF+T%UhDNX+_U_;?PP(&e$rU9d2ZDNX4VEq;@)2uxQN zx)V*m3*@3ezbmUYhXt&Q%m)d_=(>&UddGmhQP74$V(uzVJ!p+pp+}7F$Q#Jv(#LSN z$iyJxp`5w);sXvl?G30J|FbslXQ?;18~y*%&}u2eA+r%Oun9C|5O!pTyaY2JUwqg! zt1KyjT3J}4A14+4NjE_K!`gdbuy_y~@V`5CwxB~KFsbx~>=5xIU-$<+5Q)(|-*>}P zORrFQ?rxMEa$EI?%8~lW2Bat=k`UWn@LH8B8nb9H z-LQB(+xT|-TB(qkK?oZ zBNRGE-RH77k-4|z%&1c~ahP1iQqW69s=fcs$EQ;Xq(1b-AULsURp=P8u(^gL@_wwe z+lqott0dDIaz9)Q9b?heF!!&cEXJIB$#I6ZK<2 z9l}n;sG(w#D?R2+#=QLyPG24k4t;lD3wd50;oWW%qemaG!T><&amAJHotH?Ja&Q6c zJ}WF9cclYQeLcZ?mY2N3MymFawia}^=nAU>U3F}5c6mbtPDWn>XJqhaq%p!BaQrE_ zoBd^$;4|ut8RhwT6*-74TObZ(WaXZ@@Khb8|At-+M88yUZS~D4DTshr14mJBZvUk@ z2SC{qUx@DQ_Y*_-@&yPCFVl6sgP&yW%jpVSm9;)y%d(7jWnd6N!zZJ6g=FhXK(e9VU&p#Z0Bl!}# zh@B)d=FC!ob~}O#Us8ttT^5+^zh=RwG=!+s#&rt)V~k~*y3y$vaCv3T<9zDBg@4f- zt4+CmoC`sIjc7NerD^Mtr5ctMjWr1D60rVbtPFKYKrcQP@?G&s&dKL$bz5jjYNFK? z!+DS`VMugA9Gu+^?Jm~{68bsbidA#B4Nknr$BUOr!?`SOG*o}YKi9@0-GGhZ#l9}Q zmB6ybnBd*z4vv8`!WriL?S2!pQJZmYS>W5Bro87*SUE4A`*R?b7Sr>qT7CZZ8Y`4I zN^na##(^+R?=Us=Fz7#yJXwWU#rY7yKAgmQ;SL3TVeEag_+8WzO7o49am9-qIrve&A(XSQh2frHL8if7HRq^*dkn=q zf3^V_@mW)Z1WcEzOp-Lgr{rPAKEE@a)KK^=-QSi+eXlr~BcsPzIju*FyjUJ`F}kKI zf(dRh4V;@?|94n)S$4TfV$OS^xGA8eCx9;bBEhG7iOc#Y=!wr`RR+KNrtb1#jsHcF z_}?uAvCkE~{+k=-5IOlsrE)IubgQGQX5d@MZH03raD(S zRL9|1-Y(HfRKP2X{6RG}Lx`W_e`$#21io%{5fHi?-x>AEUCnAzdOwZ}8`@|$;^q}= zJtqy~=B!MJt~GrA?`c6V=>^$Rdb0<>66=x*3RRP_VlgLbw$S*73iAtjcYl_DXp+Yr zn2eXddy9LP{OyDKwTJaTxRGBfkOU;M<1(5lupPTmqFaBhYCIFY`6GRv{1n1iZl7!xnAhnc8hn$O#{SL9Z#yr# zE6BQ_Nq+#u&P$;ssT0C`gCDNit-$vCP6zU$9Np5UP(+<)!TaZocbwEiSeKRVmR14o z-2X0sHE2Q?Ag}7iDNbYO2fW0Xe`{T^OAMNCNM@GjGn?|>doKq~IYK z+BHr*#WPhcF1hS0b;8`%qFLDY8EeJwNFB-dPPtnuAnBQ--&MEQv*_Dm3@+A!v#&qZ zm9-Jdt5(X?M5^FRUq|o(K5SOFfKOXgL9dbMlh+Cg)qB2swmTbG%$_|TXTNUz(SpB#OPKQc2mstx-eOmHAy{jYcRCF2NU{Nz8PF zRM~lOEb&_Z)1Gg5|6+4Cx961BQWEZA64K1F;}U_f2f=w%GS|UbvFJ&3r#?oW7n$s& zU6i=NmK^n7F)HCtLC+n%JOUr_Gbs@Z;nEQ~C5g`8pHhaE>PQ7|?5JgV@YqShg5au3 zvC4JZcMyFDpvL+K!m2A0jqDdWM^IrgFqKkt@F165qJMnVKaN(MtupLO^|s3`7e*aJ zvI|?p`!05{TvhnzS-5>i$kVrwtcK10Ey}c9Dy5^X`RwFy3_?*HxLjjj({zLC$o(f%L z5-ssdd)Vu^Y<&n)&IoRpHeOM^KVmoWV*1BnUB^brm9}DetH8zkC(*fa>_6U|tL+dW>|@ybS$)8)B=!ER)BNJ=zOr^h!lMI{0#4bAwx_BFaFr~i@^1DbPen8||I$R+L8YCY zS=>>5xOY(PEp3R&aN_o^eqGjgj*Xp;bFRUI2Jr5r?brEBBdJ&Qm&RxHRKCq|s`V}S zm-}oN4mi5joqur0>Yvjvh2aqvU2aP!z&hvU|Kn{om;NT`1N+~}|G#C#JVxd-4QFBy zVAj|!uIf5Y!lN|bm08&A!m@;QQs5 z32>Kzb1vF0>ecpLl;yg$rqgI)p?#s8fkv3t(yLG`g}8U4RMggwWaWeFtU5+~GU%g^ zB3>K!&GlcVCf3>W?JNRMz2mR}luFnrK1;(G;qH;0$md575LhQ7v?)}mSQn7|MRi34 z2d)K&TS09EkMpZOdnlpY!;nPd-FF%l6PM-TRn;sJ+rySiA8Is}@@LJKA48nP{(I8I zPViarrvwBlo9LC`Y{OYYG0uF#FLvZ*@?n0FH#n?8u&FR40xNA<(&3-WN=_+k!eGy~3@Xg2n|TEgbXjyvn8A2h!2Li3L0K zW?Y9AnjO_=Fsq#GvuM@PG1(Z@GMhhbJ>{zY0hSz}&3tOufFA?=f3)t0YExK8_z^C7~4j)B2POH`j#(wh> zQ;mMD=w)-M|C1!`^PbCKY0+PSB6HTj{I2nBOc$V(e#;=+2S~ zpU7T!8S8JN7Bdlc3~m=$gh5Z-j!r*@dxc6H#Y^aAUEd8hwF#JK{5;X96?mfKv?2C$ z8Z#8H#TPM=FADs?B)RYT&4DLjdAKr-#jm^jvU=Lxde#ZPIw#QQIEMnlj2jx+FAmyMwd&$$&%8U-*fIn4@~R9vZQe+|@|H|lag`Uj zI~Fa#6e?Cf%O4}1R`SS9l189gC{Bb{(}3rG_!g@e2YCs8Jga-$6s+>bCKvlS|iJ?E_xv7BF=mIUY>sT zD;H#0+y1J^pw>0l#x+JI)c#!nmw!M0W;aM5 zP6iGiFXG&K+v;qL1H3+aG?)7Km(XQ!eSBOi>Fz3PusBgj{dOW)JXc1DA~q5>-i2V! zKm!MT0VSyAUfroJTb}yz#|>Ut-@edB4_#5T@~`_sURX;prHiZPjuDD^u77XB5At#R z?A#DGB?=hE<{*s_5LDhF981ke@m2&+D+s;Hcows_cWdbhP^>#NaE!2wn_T$tlqW`O z2k?FKp!j*q0D|1C<2(pD^H*-=zO&^DYdQaZV zZS$ZQQp%{>`+4Bw(>O%Mdd$JUMyq7l*D*ZeI1Szxo@K( zmrg>;SqCDvNFem>2!6OUKD&>c!)uq!ZrIe=8c42s{`uknVnLC2s4?tG!p+NXBx0Y? zK4a}?dzs(DeQKWGn9d@`NP1&S3LviY=KiX3b0UC%b78H#;004uX7OZ5q}mq0_W3o* z>!Wwl3ZzH~0ti^u7dz?fBgRn8Kv&kDqBFhQD932bYa5`2{LIpN#oCwmIN_hBQE3J% zI2-f0AB`?7y28) z9SB(xKywchU@NJzT7j_W!t3xfvBEaU}n;T7b=ezmyyB}L?slCbJ zfOPxa>W>S*oML4^D3(3J%)USpZT_v|9Wmf|p!3Bl>;a4kWR@>`-H}iG93?ttAmLXk zJ$RvR-%b2T{YKxu-w9|)IQl_crRm<|B=jlr9;9S5;$1Xy!boAU5RKb>y$6>Ax>UMf ze{?u<``hm1UuvD)lOOoD;Cz5)P)nZDN$&I#-xQEcj~Ktx^pUJY9kJ~~Ql+*|tFp4$ zD#EL*-OYwJp+7xB4s}I3grtHN55HtKXQHZYY6GAjaNH)pK@!;ya8GGL`7N6D5OEG2 z0mjcCM{GyvkvTxJ=}&Nrrt-q9)@1tjFWAEpb!HrT$+lnI?SqVrc@HjwCWK{wD)tvK znA_+)G5jeII|O(W4nban8^L{KXiNd!(eHg;_`Mm0-FHT?qY+%mq{Fqzja;vs!sMq9 zx!P{(y9hPkr1b||?q(a~pT5(P?gp0!3H#|@*p27mlfr19mq~{m zD_<*~HgzX_*I&zyZkR|BwCXn84bqzrdU3`0sZc``BgES2P_ah-tfwn*Y4=)sMSH;0 zE_H;*J}SJsfTL6Ham2(5h#)c%MHPWXtY-{_{IGj$6kcU-cWb${TW&3_@FkdSkLD?} zz=co3UBr(>Fi}DqW{!{oB&j89lue(L^6$#UKS{(Y582Cc z`&LZF3*2bcQ1OUQ4+U>6XD;*PFv}W@n8R*qwiM=gd!HNX5v#`y*5HMRa6;D*BC*Z* zxVjJvm^Tuti;L~6o zzzUn`$F+bKif|)Vf6kHC%{@x^t=bpwN-MvI?XI?6x=eIW4p_PW9Dj`*+5q?aCTfYC z)pfW5uMEbwNB8S21zbdmndtAlHkUu@ub5@U;Kcn%PooB%her$^L zBA4tr!`_z+5Gle^t{+X3s7_&Cpe;ReToXJG#mO))(S}R*1KH?scm7mATh6 za=fYOl@l8LviUT2s0Q`0zpLSEeqM+Z`m0*sBn;BW$5;DS?BPQ|tlyd}w82@iPm>lY zbzVJlHsUWZDUx%4mjkGyBrlL4#6dcW_E~tNdVuB!{Dd( z2UqCv%?X8*J{^XoB!&JPp1CU-E})@+fI=Qn$gj|6)h?#okwrY_-`E+!;zmwn8d$UG z5BN=dcF!Fku8AP*+GAveatABS#b-02jv&3^yL-+Gg}iQdQY8Q1X>##3@weMUSp9#)(jc z`1K9!QA56#J4DU&2qMl8b^TH7;#{M?Zb2OV6LdVwy{!G^&ox4}ZNURPVt3z*z-Kkz z0FG*o;H`&pF1yQVxYSrdUN7nf5_hITO@cAn(lG~x{xJ^hm^$i27k)vE$&TnZsUX*( z+1!6_)2@YY#j*mXynRw>95JXzzBPDoE_o_&3xbnM8&dY>E*BBz80`~}`WZDBx0b>` zch$^{!_h*I=6vn>SH>1~wXKlxH zq)5`jCYzdcWHiKko_>6#B~5sUneSeW?P_RFKAu3u>d)v$Ydk0BX2(!;y|q5bIkp%y zt=K+hVPq2?4&awvG}A$=iPh{2`_o97c60Pe-je)yI_(-M6!%Syv+_%`#d873jOaDl zEFt|3-`#yQa$z6KP)6YCJO`7po;rHh#kNceRuF(fq3`Vf@x1!U`bi{iEK2BuG@&&( zDSC+(iH6{yXebc7Se{WYz#Zyml@Vg3t42lDu?z*8-%u4&$wVht{NSWozJP^MTMYPy zw1LX0e_Wb)iV9Qt4IVuj(cZT|w5O{2^kN>-fime|YHDlhvU%(QZjgUzB7-K%?J07E z*_BrJXDR~J%fHR-QTerxm3dta{?ee?Gbx~wv-TigLHE@QM|L&rt6qZ8SY+JprGXO^ zt;>w}5ik2@htG%q#ol`cH5qpM-k=~BdhbC65ow|nsZpwch#2NIAFNQm$4KKs1$?0xo`^E_wHoDc8oWcYA143oL<>t5Gd>stTc z|NSHMoG%61sQ2!99N-&xw)d<$8GJ$M8h95e-He&ho&M4GbiC^NYTCser5p96QBO5{ zYo6>lxFKxoht0WrUGyl07tMa#?4oG2^+8eQ!>9b{80F~nTr%N|%YO=y0qll9rZf{gixIGa0%X{7VVXUV^-3%eDl zu0gf+^as%8kq0HG(zQT9#206u;L`ZWK;A%*3BIaW=53|uwdMAwfw8>~#V<#myvpPM z$pL?P;l$$I#p^@6U{?TBW7JGnC`k|n8ILImc2Tg>EQOZVg<-a}tA(x|!op*$X_Bcv zN@IV9ooH+ZDvK^Lam909`T)H{$<=$xG|B9dTXzMNjHuEG`XvN7D1!0(*u&P8QT(0# zHoeVs!PnaLHAxNNZ>|aJLZ)cg$DB|r`-qSCpN4qv-z=hP2^7XDVgPO-MrvJmVy8e4E;Pjjz6u-xowXE1dGG zg=_fBBUbD#=QH=m8hRJ+aj+ql<6>d1*`#jXt5~XzlFQBrrUq%RTJ*0SMN{yKv)8hn z#EG%bm234iF~@Q!5i)A_YXx+pj!^W*%~90^_8)5^8Ief6^suj4Gr}fDU{*;U$kI`G zhd5d8u3#}f=}1w<3OJj1^SW(Qd{#A1-5owIFtd=``{bDm_0l=hhp*m{M#pZ?&d%-~ zTzhz2y*`!U-c{T6^r=CwF{cr*SBEyQS>l0zU<+wSo{IfwQpF0k#ZAvHyLRcmOx!snXSVClkOYSgFk6*Z_PpJZoa&Hx*2>O!~LD-3DvG(cKy@5F&d?`7SdS4~v+ z6TTK^r5MLNu44{(&w?&WB14Rk)PTix+fqufSKxUy;QQL^j}|qk>RyPWy?p-;%plhKl$3pszT@D3dX@2|73nPqr;pp{46CfG&yTAU!YWqceT z$GNpQYb8)i8gclVmL1*Y#7m6sLwUxsFq5M=db%c&JVaoqaviMUD3VL%@z}D|tjQ_QphM@cRaupnJy^mMP z+h(`n4tTO{37EAi0%3(}`9?576Wmb}m#UQUjVOank8q@Hs(r4w8TDvf)R10e$7bhd zqyvlAlJvT)A-}9uGtO=VVcY1l`pK!eVlhN2s@|1$>!8ASBmk{yqT%+c=!%<e! zOOiz%B!;ct%;_i-(gOS3CyS&zZTS`Gz)|g=70LSNgjvSai(Wk z3YRby%akSIN&;02F;P+VMK_jA2NmRE>U&#=xe?r#u6>ZZ9r%SNR{=ZXfTV7KV6B&s z9nFjgJDsnK#E0V-in1IJOJj|y%93tW)6%k-y~uHY#TE8rga#h2O~Dk()R{o}td~dS zdARc3g`ASF?QZ;vl~@xqiz-0@K|f1JF`I<)`Rw`GgR;Z1I~;_Y&#^4B8SFI$!ivVi z(D~isk?By)Mv6Hx32#6Y%AO{aCYdQ)dwM z%ckp2{+)@Kx*Zk0Z@Sr)JzU$utorg_gH8Kwm7#hG@E2d6e}IQQ<&Tw(&rDLuqP|nw zeSMB|^ZUj~W@dgzPp)9V&c2$4`e=nwo&PEO>K$9dp3#Izr&|-F^NGoMQl9&El}BJP z5?kCGDqIc*FrXh1gDNPVAqy^y<+24xam7PrJ`8^>bt zt_*feHNeF@&*=2AIz6cItg6)Yd9fAyc~`-N*xtS9B2ZrlOYKUtdOWMt#UP;iAbUop zNa-8i+8laX65{on?5$jSt!UajDyrduSdlZgz~^l7&mt|u_uV#g!W;cP21}<>z2FtB zll<29@;x)K$#u6ytBKLQ!_`FNwjapS1l@G~5$VVVQ5SP`Zotm*iAKwn6VffB3)Zy@ zD&4y>+9sOwV0nOZ=T7H+c@;kLIP16ub}_cy#g(EfZFRrNVwEWIdAXwv zdf$9=&6=yL5;&e%OzUtmi0GrIL*gsMuM3A+;0W=C29*CTb~A_4*Sz~SM^3i-j?T)t zw?oCNchyVrF%WmS?yz9cDSDGK+& z@A=Xh;y++I_oBCnHvs=lE?ABJD%n5942TL^6c(uQVl`A&CrmFgd*JGJ*n*kgIqCtpMXaF>c}3;WB)z>dm=Or28Lx!>rM*!y%T0KftIu7yOmSGi~?5I z^&`gpFwQVcH|rUFce6GQWdX ze~!W3x^vUdwBG4%%`4+DnztTfvov|VW&hi;!@$iRvwkS(6QoimTH)y`kjgBc11LY@ zG~hR0qEAgWI-5XmFrAf7^3)C@ zo_@l4VsB&s6uE=&<<4+dfx*bCD_2~ZG_N2REf#g$Q{TL6g8ypLJTTxbE=XKxesnVz z4ft>OBi=Sw@3$e}BFPmrmg%TxoP5CaUd^j!!zkRsEes;G`2}5=C|2BDyqxa01qNAZ7HSiW!9^(Z};Md(l0DCbA@LvJvj61@|IZWrNzpx6SJg};Sq=KJce z&C5hr7R39XvLq#cAFh!pE9jDV(V{u0jefF|Y=nE;5V#CfxXmcG*su85NlwF*_9Adw z^#V_$^r$w}%Y(wrOj7;fa0n{(vF3>Zb(uvpDMH1SvfR%bo2{APof*oZ_?S|5HTIF~ zli7#Q<3BUZ1q^Ll7%5%Fi~c4P%q6HGCQ)w?zvgZ>{U&=K0Zba=w77ngJuaV|lhpT^ zSS`aBVES-g<1oJ*qAq?C(}Y{q#peKw(1_FJp~ZoYs&;9(MTx`k=Nm3cL))e`FKPEgqI02&xyo~sd_RBks>W9md5zkY)tQbNx`NsHAYC;HZtsH^*gRqETYWnI| z-P>RjhkRV|F`E#+L^N)fd}Utc0j8@JLIEHO=)KNd_SlhH)lCycX1%N{ntS}U?^G!S z_n`v!*GjE)(RZ$OMn(+-jaUUb5551Qos_q2uk<|U8GyRJ@UNnh{pj8jHE`niN8puG z(g5)3|4sJ69(k6yfd*RrXSrzEeJ1CTO zkxEI*e47){Dbq05+2fR_24%$BL77+nIey36F#(X8><@!9FASY z#zi+sk{HISfOx>0R_T}PxQ=>zR;adqSM8FqCwVV3rO&g2i=gZhSBiw}eNM^v4eKPz z6vbEm(PLvC1@l*@PUvtW7~M$NQ%r?678LSpV?xT69G|FzwK02XztIr)_>iJ3e;HNX zbA^(uY(_cc;nOAXzaB>5X$B1cV`RwT$f>&!_oHNHv`r4xf_wwH+$4;*W!*Qzi+g>Y zsejl7v^D58tmW=5RSU#F*MF!Wac_{SQ^9d*kb!vl?0pj*%zb$I5IBTxe7H07J`uCe z7IpqCPvF_zde2g2cX^L=phxKW)KH{Q81(TF{v(}#47`;7gm`ZVy;h4g%6JZ4alGn5 z*!i?o{Palz+u%YRP8 zm)Q<0It*&}0j8sgAJ2>6#LJy_J+7W0zB4C?O_#&xdcX9%Eq&G9twJvo)7p@`d?5!z z>cWL%9w!pmeZ$*Rb3?^+Mt%FVYS~IMOif?XaJ>%TZ17+eVNPpr8mFzbb)7sQXIFTw z_di4huw#u05gpaF0Ky9s+?l;SdeZo|21}NzO$@uRU-lX@ z>3$ze_aGEwPSVxIg#rCn*NeZ&wrY%L2f5v?{ljKdsH2x+R~L}l$oplOqhn&Wt}XzP zc(QovmE0taw~)(i5D>`?R{W6%WWAXZG$#7fD4Ic)Vz>EStq28UojLC z+kY?l=;E``iZBhm4MqU@%qu!338Ds0K_53`sUQ=3%Mrf{oY79>g&8jV=_}eFDef!7 zaU%w_+LUXgF#`s(+57wa^j%!N?z{QSWk>v8M92K#8@=bjb<;*e2Q%T(=kak(QNMmJxiw1D~Gfoj z_=RhaUiMzOs;HH42YflT5|{ZCe3$5ZiflbTLn0iFMqRwX)V`2b>=y40!ZnVs0Jl}- zg-LO;1d*X$B0l_C0a1l_d6^Cvn`vESh2PjrKaanfW9i$hohE>UOwP#1C=F_avU&QM zqF?Lqhu>maxzmSahOn~0i#68hbc$_>rG4uAxP;!VYw>I7T$Z3%8XEc|#Bk@+^Q+(cv zZY-#>(jWTc<1&H)A3$JgQ%672Uz{;9t4ZGNeB~{l`C$t8qPf-imtBB!K=#4j3(a@* z-rX5t8Y-{Tot}}gbCc^Li>j`Gu9CXI2M)YffLC8_pY-0s2ts7qAnAy=K#oR@f0K=- zjR$6^2@21N0DHv!*2tUxrH8_~KfiAXZ--weun}*7uqFt*f8$-)A^PtQl6nqtz>0^D z;yx2j{BR{!#VY#44aOd4WoO70@v=bFZu9iwriAtx@~8C=Lc1Rc0Y-4$?XZ+ioIE9h zj*gjxe@VeK0lS4gU^vyv7<4LHurxT0An8rhokgVsg1?bQt!5R6>>S${af1*_M6Xma zcsJb{e0pOYzJ$=}u`2)w>7zhEg?!a6VxF#|-Ea9uhea(!!&vGAkK3IP=NxR_Eb?iP4j*)qL^{fEAthW6Mc>baob3=eW^J`r2=CE^=OEp7X ze9UlRrw!kc-L9-|kP-!!0$KG2aY4#N8V^}=$y!nL(6aJoKbj0JyzbR0!(t(%8l|tP!!y9$$xGXS#N^0e-DBV@eo~E?yrvdl5 zhoHj4+1YuGpBC*2UmwhDbGXY=QN`YJ`FvUNYw{H*7|?g5*!xYEsE=tr3*25jwUmNM z0ohwPvK-Yi$lzP@9aI$-pYO;yUtQwom*uqMR-pK`EW6+5K9-A0c>P;RJ!_)6`@%F*+(UKnt2n7E1W11RD9;eXE0)<9M16vjdF>WLSx2 z&ev;ZmLRZ~SynfxfLr9*s#H(veshkjN3XPaXoTrBP)~<~O+r$JA-fErCoxjsX9%Obcu!d%|*`jG9c2Tw68Yf)Om)MB|*`>(Pd+Vy$dqP3+8rVwoU^ zzb>{`KxXTAQxyvnsCdoq-r0T8dyy=G{KVdBl5}3V?nV)T(Mjpn5L{^67+0tuoO|WC zVs7{Aiu~rDVTMHe9oimFJ}Tjgb;!J2n0$b5w%>~ghM%(DhGb>D*?)GCx;cy7jr|TV z19*3Xp#K27+BsoNx1`JFYb8$Sn_>&c;Wdi4hEKN`tJDr;tQr9KHJ{*c&Xr( z10P?k+;3ZChKYr&AGd%muZ+7&@xV<4D#KO?`k^l(XUOmHM;o-qeh*F(jStFcR_9?< zmFUh$3cFm|&4;`8iTd_zXX$KbS!ctoFPF16shDd?*eQG>4mcT0h$B1zcu>mqBpp3? zTk`=O9?(MBnzutvX&M82)CA?{MBr|uzVr)K_!Pn|m@0;HokeP&-Z!(uGW@jGmQPJ^ zLRPxwm}Lc6BZ%Mz6@m)>>B{3AfUwZ>r>&jaS|s&Tel2L~yOsBgwzC(5Yg+!q_6<8^tT7R|1)@c16$@^MF!~}_>0*{77JLIVMwED`s07m3w8Nwu79JAzuXSAazgv2& zr1otGLQw+01=B1)Lmjy?>K4!VMs5Lg@A_?P?Lanfk%9L{x3Z332bm_BK&?~mNWn)8 z?wHT^@w@ji%C~FAe0*Rdn5VC&7KQ0 zt;8cd$|vr(m-@0Xl=8nbPK0D@w4^{7z&7=Wb5r+X_bo9rjWHD!EP4tv?uBY^Njz&V zxPic{YC?}!9}-0{+2B&3WQUz+4aMfRo|00q;0Gweg?HeqjjXs-JQtVclL;AF9? z)Ij=j!8xiL#iGhYf%bQuBVEV*x2}i}tzOH`^pbri0Mt0b5`S9V|9Ld}pKN`D=Ug+2 zwf~t-%j?M9sdsT=0W!Jr(}L)876lLn!0O&qcfUkjE#yiOzR_6*ynV_H{H*9diOJ$JvZ?Bm7r=3VlD$|K;$Y z1HZm<)(^cD(V#`)4M(GraZPm5o^nyY=1q0lj4^3;&+B|kab~G`V-s7HaRUK^vlYwZ zK;Cjm;W{*Ty9lekqa}A6gTUDi&KMgefcP@3FGls5((c;(J%|aeDY=V3T!OH`IL_jg zD15=YH-KS>2I=%3EkU0-v)Ryyl~G}`ADa_A`J0c@sVdxf)omgD-lvykv{pP zPV{%_bbC6K&;LuM>;wVqZFv~+uE8)i$oVE}b0@RKSfazksZFZtDGXQc2x-))b?!=) zih#WfWzVY1;_0Z)lRAB{tVjcsShnP9d$?{m;z=;4UrR7CS1nsh?D;WwXs!u$tr91nyJnL+k4Mwo0=X?BG!Jvq!HWdwLtb#>%1c; zTtFFpTK}o)B(ZpbH+H z9|RP8&%&-U_p#fPkJX=JPOyMdIVaU(2&RdvDD)+^j>ZcU>tIT}ipHl$qvFNS9pH-y zZ{1X^aL_EP4BuxPs6}x7c{J<4=Q|WO^p5v0pZoTmn@o5l*^5fE*`6>-``CG_&&B*; zcIBs0Bl@Supy{J=)yCYtvDy=8(SG1QO1ip=xa)@qRuc6^tWZS|&6jnqjXpuuVZ64d z7J7WhA~|ectlloQ6RC|pTguKeI)9OvAz^P=$Na63#e@fSYcoKMDpwH4dx=9 zYv&};k$LV1XrtR&9s`3TmZYe!tJ& zs~Z6MsAlf+x&G)tKAkqRKyD~4M}VaY-MdhK)ZEv9@|$dBvJ&C~ef&x}^75A=l#Bs_cC9D$A;olE^49t_zw0weX7JU7=p$;R;uvd79sx z%gq}rjTs@TFJfoJWesO3+@)WK!SD4DKK!{Sqk4=|mpDTW*@4_bF%%lszxgC*PycLR zBx_(GCp#6|IXgWY;8m6eYpOC!KhvE*6f&EcmmJY=nlzpvS%3S}-ZuDG+uQ&6_x}`^ zr@omLuhOQZfH_(WRj~frQm}cv0GWBYXAILnxg(NS<1>3rnC{iB^qef;;tfED0PMss z2(HtJisqpgDFkqDSK9I0Lm~-IlD3cB+0m4;b=`6OgMQSv{{hByBPwLhm|}oxiu^a( z=`TdvRZ{=rug8+&M5^CpJCnm>28VsMMjEoq;un4Gzr%SeF}bfRrzB%|yZQ-IY2~|- z;&SRqxY*fjZ|glBPftDlKP)yX1}b6=>L)MbJ-{5LRJgmQLtu?va3 znMan70&mY08JZ)Hpawy?OZz8mqF{6hDcWhP;3LL|7?q5~0eC}oDbH~!xXiYJ5;IUL z+C2fpH-7{;e}Deoga1FRf&Zg|v(f*Xg0trfzOHIxVpe;5i~Y%uT%db*gUFU{^H3TB znY(-&@(^f)#M=P-NWs_4B7@Z7JAT$v>xgAq%m(okv1SU!=Y#+8V(VKj+I~KqKY)9X zcy)pMHyKiw7$pdl*&6@x(o%{!!1VZe4{sMxF<zKA?P13Jje9@ ze!IW-?(e$$`&RsoDE|4#d&S><_HT~zH-q|{eg4hd|JD_MYqI}dKK`v3|5n?7 zI~9NXD1UoUfBScTyNmy^Q~S4K{97^ptr-7SjDIV}zZK*ES1LxcA3tVwtF^UN4_4yj zjrmvk6MOiNr0gPvrS}VN{uw%1;rowc7#97Y14*Yv9H4;8-1*8QoEfOdwq_IhKN~&# zw^78KJDOT@kz~Ke{;y7D7z>o(_gk%4Cp>lO@ZtKAoxqHrhoFOtKKWZ_Y$wn!< z#eS{Y0r;Yy&Po8jD3|~uAO--ws3oqX?1W&e{+rA)zQRuCXv0N*T*J#vF(yiWz%0;Q zud;r$X}}h`78rXtsHrr$e)SG%lV;dY=YTjpKjvn3)a@|iI^AHrBC0|F{TctGBR+zU zuLGk~etIkbvlKb!2lDu`_<6D&R4o`LqTqvFT%rm(s@+>1k?Lz^R0-fo>rXDZra|+m zWRQd6dHCT`Zto}5Q7J^_mt5qDMk}~1r3FEOM?S)Ohe-{8bCi*oH$OS;7#sGB{~Uv@ zPqICtcs8!fL7F&y9KRZ9{2fB4z_jA}7PY{0)vJ~$?^I!CqUHXGM(CyFDwRa=aqtsu zVM+@WUU_3u(zp{r50~`SU6t95!ZLO7Qqmp?X$c?J)HyNjIVjGDYvzKUFgiq~kSA1_Qo$Mw$Z4^J&Tl%oD zyj$y=Em(qGARqdr_S9I-V}S_^2`73i7s+>!m>c8tMx>lQYb$Ht63f*|U6dx=VfyEV z&t0TofQZ8<)4B1BD|F<}MN4!nTO@W&QCxV{l>vKt%^O9Y6T_N9AsplekwSXPcP|)o zC~92LuP+@e{Z=yg2^0ZP0<8hL!Tt#8ngbnw-F!-Dq0x*tL~%8B&lmk>O-aSi%Jt)+ z4Xh#LUa{cQvpAw+29fF0%293%QMsA15>4I!c=}y(-maiOX1MRtdnZ{K_cSD{fKoof zjwd3x+VsN%fjY<2VK~a3oBa+5T}{hLD)9eIuGvZJl1>>ZN^`cVwg;Ic#i4w zvx5iL7WuQ08;ie;*THS#p%aj5my%Ub6aX*t(yHc{gh2%2)`%mJnuJMx>%paIKMT_SSZk^0k` zVU?=ToZg}WHtrFPa4{BN?(7p7SajgUK|>Z5$!si!tAa}Ov~ zvspxPuf~ock{VP3F&?c8LMd$^Mubx{uV75k=b}}|$$iJ17WdkPu!Sp{Mb}!EGyOE# zyDo%Yd2PR)!-9!x*^gF|#vo%Gq%emoRBxBDi*J8g<)kW*aKl&oF-9zR zb#caig*D4B@|*B5E+RB znt6PR;p?utxQJh8N;2oioVL6J)8pAD>>B~?-re5s2@j#)lMV0ZsT5p6 zew8$C0Y>(HB4L`CzD^K}61nfHNh6jrt}O>OA*rK&(vE^=St;8e@Oy-;lUJV8HF_qU znI9*L7sp(tn?be6fIv#p&Z)bpgOPjt_CtJSWBgU&_sc^}MVDBIyWT8FGbQVDyfR@E z=|2&zzk>W`U<{~a$_8TRzWfFWjD($&SD0^jgu)Y}pTDWx2t{uID?;f&W_QJbZA z?`6fUFgrUDXArI&O9kLkR*+$f6(u1@0Y&FrBRE5s$E)OTT=Jle&uPC=8!Nb7ax38h z`(R4tPm_>Z#l0s@DN0kB%@U*=M6vR-=qdyi41!n7cfvR@IZvd5qdc8wx5PzDpi&pE z7MDrL+Z#a|z!C3b^4Vnqu<5fF_+x^$BcdV~*O`%p7jGkh04(4w$BIvmRYG>}RVWLz zn(xJ^2s3=9?{}-!OFHn%j4c*WL_(9b&7Y0wWc!+Uc-29D<+B?SYfr?=FZjl?4)x#(DYeGD*7 z1?z#~CgnAywFfp1*#|Dx4oK@f>KMQRiu-kUNiS&TF3t*Xi&^bxzUUcuMW?t83MiL2 zrXA|?`wHf@Y%0=*d|bgr|q$|xkmW-41dgxt4c8QmPQ$2zJ$c0`b% zN$Y6;z|eL*tpAQC^8M}WwR|4h@r_R`0H*Z`WMvU;xeR%OU_`^27w|q-lT~PK^*E!^ zqDphGx@7Fnngq(~Sj84pFmpn^G>f%L&r6{;tS&k<3#K%xK<9&HYEj}J+9$s9vZ)@4 zzNARJ>-h3*JiFm*g_JmcM=~;-8WF?Cj^8vx2g`1jgrgBIu2i$mYzqw7xL~5~ax*Lc ztAQLmd`IU{{3x_0u`dS70&-SzH+M52H>d3|q0_)C5*}?XGB-FEz$7OWB#QBZ9jS&T zxZshaO;#bn@`dY%nYR45sr%AzdnAdFU%jX4#HKN_y?Ju8rBv%P_fl-uw$M0+trZyo z06u7my!cwIOiL;+iudF4BIouKXK9qNrkk6`w}P1t{^XxXr*_z{&ei72K8$W=Gf4FK zvgM7=!H(nfbJzr5+HI2zB~hq?SUPnfvsNUe-&cnF((Nk@Z;bfQoqgJ5)0q2Z989!1 z%WR;*xM~dTyFP2i0`6!ZDa>f&GL*&ktF9?mZ$5oRN#@yS559ew{he?M-khMfWu=70 z;!RgdF8YRlx4M-)P<2I^$A3yaWum7~l2Pa+GDw@|3#^b_z=X0J?KXFs5J{ZEl%R#N z`a8G+tZryAjAf;-h#9a4px+GO`|-g_Rbxzm>pOif?UD-9>yf5+fYsZhO)xF&xieW*Os>kDxa6-Q!c83b}P`EJJ^cM@$3pCwTG>kF!s1046^fi z;nsw=TuL}hWx3W!)c(Q55-SR4_vpR1Wk073*}Ly&_qzw9=SZ_nTy^7Kjty)}U^ZV= zt3PGmtP_Ax-c>zyVs~3_5cIZ-<@1r?dc64IT#iYx=1VrExy&Y}vmoOAbRm2I_Piyk zA>njne?_`h>hlPjY&8JLPX^2&x^Q~ZdC6F)bI|!3( zA^J5OQ9OOI$felkUM%Y~9}SUc<^1JZz>kG*a$54U*__X1;T756WYD5>hwWDU7~>Ek z72w^8Pi*7-k(Fb)b*fXYQ!Og@fXT8UxH?>N%|2*+))VSa_qc*6BRVuzTxZ4AtFTHH%lqL< z=dqA>ZC4sC=uzO)w(1uvotH+rR$?C^rBw&}$#^d58!+ik_dTmq`jOd?@*TlN;)1E- zZIr|u{3~DK-ERt{;+)G%8-r1nqg|f0*JQ78m-bN5_nMk&o)p3tc-don6rTHG4m&3n z>DE81fTEB(7uu{JUT34u=zDvGm)$mQ{z~)D>@QQ6ARj#|N~}FD3M1H>c3yd$Q+|BEqyvST;!>COJ`)SqLl%g`5{HMlK-Sn!Oq z9TlS0q4~}e5i~jD?XM-2cey|0q-2WsYhJ%cC500ZWJU3`M&kWPakHba2ZcMl92mAX zB%5!E$&go6qxcilsA!fibhYZ8s$haU$t+?P@jiTA$((iOwyqym7?(5Lz_FTww_RGi zv;z=mV0w-&DP~D2;a^M>bs`@zv*{tV*s!r}@xIeE(*3miGKZ%pcsx`cl20Hl4Z_vG1mwc^`^$=ivd_@B$VAsWT=fsLgZy~X+S*Fph?GsrtsXQ9Oto~Q>=fV}|TBNzY z-k1V>Ne78fJ-MwdmHFH{z7+{~RKFi9(83k#ZdiJ`AjuU-!)Ac-d6ovXd|yVu%W6V_ zYn6wSrLJzsYZJ&yojUH<1Qpy)7Ad8yk>y*ZV65dSX44p!)Kh!--)Rf9D*6*JW9T1V z!t!GES=1k1!q%|bS;qS655o5oUJWn;Fn;$sT2s1?*_cHv-v<0F!31sKbC>i2u7N|v zqs}sLt`*j^{avuhB5jc;s)vtuxZU#Xz3&+sa_}d9C-aiZPAEqmp+1qCehMA)XEr^k zJuC4vz1lR{AhQ(5;=I5z$}_P8si*+iOtZpzuFti(^HG$&_@p5kYzTI6Wi#JS5U5FGSNcnxoiA6IDMoKC@lc7BF; z3uVfawC=3CP0U(aO%E3DR(Jk6gI}}3$i@M?o#skX612prP9ubPbw!-h+=20fl#YgKwQ13_BskGw zw%LD+c>md}hx{HUg_(_->XO&ySF-nQolh1f&=r9(R*vcn?u8@AsYdmU4Mhk`^xSDk z-kc=L;-v>zkb!VqSBt#VL?H?E^_TCs7_#(8|kDH6|)W<7zP} z0v&xkBKZwI8sOP;neACEyIy=^k7963`ywq|X)FC6*7G+R-O(cLjuHb_#0cpc*=F)a za0aRZy`#MSYD&?aN+ra*T8>vQ3ir6~^(*7a9(frkdVZ$6#m?8&;ahFMj~Txz&yp%4 zO7S%EL>V$uuTeK~w0POqyoGcX%Ub)zDWxuOAUW+^U$s2j!OYLk5(cpvy`8isNwVjo zkKy$A{Y>A(7XQJB28pcg6uGA0tEe#r8GdcnBAV~eCUez+;LnWN?`S8es0%Z<*FJ3P zZR9=fdpz&mR3|vxsL+%9>G>_~1g84QW*zj`B5$+wEj5@uK?r7r?TY=?*Lb(XU%kR7 zM&-%#V#|x99?s6b@}YMsei5IoT@-gR0EM(u(N(WN{lOMqTC8C7uX$R#*LvfX&U#V_ zT0v|kNS}SJ^Mmv3C&9vD@wE|e z^}B(_YQDge?~0>T!+5W*TE*Ipdz$;|8->vnxEGIP>o67EzI5#_@q79-MaZSYE6ACB z<&a?oZMG2NQ@3TB9q#n&v0c*I2`t$brFIeKw;<8+L6^SY8}5-9ckR*HoP+54c}^DB zyPR?w4q!adgL+OSiyD)U)9oh>3~7W7Mym#-CrwAhtQ*Q2L&Ze*u09*?V-C7g9zRC! ze(TH+D!F^C$UJKNK#f_S{a;b(8DGtFRuZlzO_2sM`?K&49AtO@*JdVZ=+JE=a0wQ7 z9od|QU#UC&BgOPUH)B2^IzVSRz~|#{G70c?f_e8WX^0>*U4~w_ZgSenUTB_NX)bB_ z2+7zP(`RI6d`z~M2w`*vRqu!E6HIF{;GhP`sw*|#+fVdJoMF>jQz^ZK?#>7Hn!^N% zJ|#nC;`DUboy>&}3xa#(iANW>s=0NL5+)4fhMoaw#;psY=FOeTHicHW%zG{eCLfGvGu)1%hPc;0bHA-D z!E^JKgIItl%VF+ou%j!5@8W7nWYf7V?_;4tU$gn#vmBQ~X= z%w`!lAAH8lH3H6r|B8czlkN^Fh!=0BCdDSM6wJ~j-?6YX>rO80l(vhN&9*gJqfGH2 zkMH4)!?dmHhLWh^T?jgu&+12Uu{WoNF=qd1qA z{a#tW=-2T;KgU52f`pVew<}Ts%^JX$ezxnhv|>ckHDZDP&fHwRQul=X z{djd+(~lp}562k$@9QO6t=bcGe9b188WwqAUfE7o3`6W2y47QEG@gtx>K&*W}4 zS1Qc;E&774cW>-(!0#0|{UJVa6I}lgpELj;5riWG06ytp0&F|a^PHRa?%|#6WBCSQMrqa0GzYATzJk~Vf0;2;`Yy51R5>L8zpmw`IPl9f4 zL0kXV3t|du(e8suPnxB@pT~KuB4-wt?L(Sa@VcvVia!dLU0JuQPc7Jt^1`a`6r%YP z)u&+hp=+iL4+7iBIAsNdN_q2OfL3ggcAilA9hxw>mtNo3$4-zw1lxTc|6) z5YD{M=$&e-h(uuT&*1Ksi|wAp_ASUtREUBrcCrIP?pYu3enLUiWwg)ds&0kFhiIWY zYGI;Hf**vaFL;-6U$!Xp`IGM>hMFA)DV$CR+w09MQyvYI*d8U%R9AU+i>!UJuFPW{ zv8WWdd?!Ak1Aq>er2Ox^;51KP8f$E^umCW6x)>!kyaa&q&ORTH@b8h(&X)xev$ItJ;D7z4<^!z8<4S$L{w5QDwHPz&@k7yV>v2icFCO#d z{kI6GK{}^XWZ2O>*9vbIW?j*wXuh|oD(%grI7d}Fr8|5i*4&4S%B{i1?O%JvHEslZ z{9=tfDIUb7Vya47{F>zOI}ZWh&o2@`kkGt~u^Hd^k=xX_)i>5Z|0XLidZrb!!9YCf zz`No)N5o(nnGO&J80E@fcr{6|#$1Q%>Ev#^v=1BOGY#rkuG>8~;7`8Ct_2T>0hM5P z;efW;aOHD`@qP45Rdo4vk2@-j&2{zNJvf$ZUyhQ_0!zEaRabQIitv6U=#qkNiN;qm zhh#H&lqVpZm8&RxbZqR9c#GNFF6ou|&lg&2)c4ev=HsTFgxBae;gfah@vAZRz+2E( z@~4s&%U%9DU8K28cpzF7UBllxlHl`5x^#*yS^rBiHI)$7det=yE=lS{(!+d~>>JCa zCuF2$yeA!T0XtWAeBSm@U@u-FXM@(C16FsnE z_Zhd}^(ZAlSFSu@mJ3nMnSb_ClX9G#pPr1bSldlIeveJ5Fth0iK8|3#*~EYym~4Zb z$E&mh_gN*UwPJh7*L})DEmt_iP%s57l1=^Qd@-ARlNlP$0Uze2!sjgkrnRZmGSw+c z9Be{G4ykXH7Y#=DL=C4iQyJTZpfRNz6d|-6rUq-?H5SMD!b_hZvx5&NVAlX1V{V%( zr*j=k_6?}@lk#%)s?qAT9*(5XBIT+<3iWVRBMvyNQV#|ct00RNY?;xGZ4mIl60su2QZ*Jk4*$;W|IaX^|M%LRGr3}=-W46U3-sa7P`eOY z(hq=M8!3*ali~GQpz1!5C7dkA0`B5hv7m4zzzOwII1!j$nt{wfrjdtC2jHrPm}WFx zMc^mi1v~lm;#8fTGq~_6p(p8-w^7ZYxn4)9b)BRpQa#krpOwdu_kyan1IAzvSUFN) zz7{NP5(6_}a@gX6FEinC<7a8n?&glRmR%|QU)40;UCS;CVPI69Bb1-hbA67o{&hJL z?*lojYhcTD+~{cH!9b!KG?xPW80DK;rW|KIr=lnqp7eI_U9$rK&5`_+4+J@INZ?Gb z(zOj4x^RA2Auv#MqRe$A@nsXJeB?PnZ9V@uKH@nmHlda}I+s64hP>}i9EQhc##;b1^>r>x0t*CS9iVq&Imws2s;=Wdra^Q1J>5FnU1-JdQ9{luiOSL!%=qKr zrmKCJ!&Py#PA!Xk(kL5SWq34(0a z5}mbz=$#-45+ove?^f@_^7tJsww(}@TQe7N&4SO>#|Qkt`&eUhW6zX~{4-f14ts{j zt?!tRWS@|@G|=Z}5xMe8QcMCqrkcJ!8-h3_syc6AIj!SzQNXN`+hg@kF2#Dmd3MNcF2?It z#^+Z^A5PJsZKXfr_iqibw7@RSe&>)(!3FJq;^1Z+(;#8g zByXFofs^T6t8ejKKrDZ6Q4C;mga*~5MPTiF*pXd_hFwi-p`cfJOA?2pF=g$18Ha4C zAiSk69qXINK!#(mZCB>$EmdeMzjZ5?ENVR{0wIO9t3;I=|23GF@GO3kslZ?57UGkI z7#D`3S$lUmhTes-3T&ozcm^Uhed#^`J(Oy=9SE=ali*z6*f8a(Pvfdp$#kIU`sci4 z8dNdF=s1ulCh|NhhRo)@yPZ-2Vwsz}F;`;-uD4Fd>TBPzD$o$Vq>nWyev{-fJSY5D z`k9&5NnSc{{#K~eu*!3tM*=J=>v=828{k8F6gcFsqDrt_RuORVRPH(f=}(^bG)KR= zC56}-XK=i>E!^HrroBPA^&WBidWxGHpNlR&j__X%F2Qs3n%$zB?e?!j@L78tZc2GD4E^4y_i_~ zezZhg>o7IW&B5DPF1}WM4!4W(iI%x_mJrTOj*W#;SZk zty8;Bjx=lj{YSg97QQ! zwo}rCjg|i{&y*=&%xY)<+urK2(H7_ObEpvSF&6V;ay#nfG_>q6nnI#L>vhOu0kg|Z z=&RB9q;z4qwWReut#9Xj1KO_zsxbvP4_o;dSuxL=$>3ml1#|DAukU_fKUi?fg*b1% z^4NPThAJ*!O7ALbN{9sD%gbInUW`hLOp>i{wPA(X)S!BgVJDnntTZBwYt;39qO^3SV7Vm9MS_xOBY$m{a?O(H^ z|M^Y+|0ZAnnf;N;;cSOS&ECs1J~~qW^(!`6cb({wz|4Tyzlk$IEI~->`=??kjKEMWhi@Oy z=CmKP`$}Ky%9IA6&BG-nwqsj_to=3`p=E{C%51D|TDSVYz3{2#8f*LeUoGV-*_5 zNPzT9e}n1Z6li3m8G`lm(!OGO#JgGa;Hnp!Z+_rfTe2#em^eg@_f5R^xMX0ermsQz zr4C$h20^Xb_p>&LzccCaiN5%6`-XVur6I_hn4;X_PEnD&^C90;gH>b;5KC6KTPGz! z0YHiC<-UbkitR*piJ979{cyv1bp-}qoSQOwl+#|w+;N)O8yaU z?O!YTgzHJ*^{~DzKMF&*|kS=p$P?4|k-tk~n+lJa?Hyn4;4X7P4az zH^CvfHA)2PDOpIXVdpjPI1t(^vt+$He6pMV02GYYc7@mLWLNfK{*u%?RO$ROn2|D7 z)9+n;Uz6Jtcy7B`+hn)H>EWjsjk#J%2}wO`f>#o@*-@!IR7FS2b(P+(xSEnl#%gNfjX&mb12d%|#i##^|A-XA7>Q(;R zj(#pKJmKf6?#|QKFGmC$)32@ksEI~{VqztUdViSfzS=TNwR2I^9I!U@AJPSzWmQjj z)gC|%AN<_!O??XgrC)GdmOWFWFCiN!1{Hu3btIdxn#VqlRaf9U9}oa^hY ze%$q$c4c3cPwZg`VOH4Gq#VBWDrMTujUa-(3B-dQ`26rak7{V1YLRD5%rLl`lTKn( zI(ctC;#ub9Zgdk9QxN;?KP?`D-c)5LKoYn#+g1 z7iqs@&^p&WuSy|SZ~mT?7JSl{nD&d8U)`;DH#IIfFlQxe7Tu&bbus#GcJzL0R#FxB z$7eesCjlz^$i>OnbI-KMU{LfzS8o$n(^6~a&jU6BX9e8>w#?vAf1dCbAB<`bOFg$_ z>x}s8+9F`)>B^wNS(g|Km8C0*+&eiM!!^Zp^ZFv@^m2 ziMj$85ixBP`$5cYLT~554CStd!QxOTYWz1~L)WUeID*&sMR+v8p<5?O&tb;b zVp&k!DaCdW1QX_D-o~Q#V9g~^1-(U)HvY`dan!AV(0r@+aPx`{%WnY?q5@Dm(X#7H z2HE-Gl@P^HYT6C%b53(1DM?RvF*-JIR%&5gvTmuOvX{022j?%;il3NuhHP6URN23j zb~2h!jaOPfUI+kVd?F-T+&6^5%x{^CC6a}{&FoJ(;=1=TvSK0j>HE^41+ zsD3!G^?A-+eAo}PAzT^=vvai%z4#&O>k2t(21By(oaVD`m~x1R*ir?ML)+~Y_P_9~ z{lCV%|LJ?2;onQ}WlR4$7Iq<_mn{D}7Ea~GTxyH}j)lP|pm@Z!&j#RF*bmo6jnx6X z?N|R0F$Uq%ftM4Zn~-n_wMA6LTW1KB39<`TtyB-u$0U<3D*7 zeCKi|{%7X@Pj|Ebv!a3s>$zvq!c*^3)l{AYq^??4 z4VJY0P%P6Z*J2JSHGT2k$gp@J$hJN};+Z>Bwy5h{NqtXir|ny zWyX1Lcr?HI(U9?BO=c{(O}kI{D=QHx5iPpul-f}-DV&G4)PSY-FLdz`*P0gdq~&N$ zlAKE6k$KtG`66yXu*xodtvoFX_|yC%zB2Xup6XxEVZP&XuM)11+vloS$xHKj!c|p% zP+9*%HOIwiJ=cDDnMPkG42KMps`-cLAP5jE$OB$$Q9g@peLIJ#99Q02BcIpivKx*~ z>7ppD$>M%oW%VHVrd2DidvI$NfKZ_C&<=)+NTmm#J-X^k`m0EDJ^~lJeB;a06?6xo zf*3=PV*{)0oG)tEqFyxzJNoM7bvdk)$ED6~KlkNp+ncCatM)DLwu->1&bKY$c<`UE zibt-;Px8dB3soCVRCd&mkA5Kp@Gk2BE1|f{P7ceQg=>X$oY?B+t@xd4q*BWqDf6i8<|siZdsXXBElg*xU%7O60*6CaYIYMHwR%u~RWyGjYE@`;22?MzhpF1I63nctR{{jSElPG0P~X17D? zll_=qaCRV!)r@L>g3R}8;k#IEoFSe9o6t?%V+X=?+CoT~MWmo*uHxS_7@;@8)kCZ) zlsCg)T1XKE_s|y+x}5PlI+(Pquh(M$Xz`=o3Cq`qmffx=C1loIAU-#}lWY2N|C#W) zy-(C|^QWU&QYDYHmCOrkoE!FU7ZrGcp)>QU=PH()X96V4R93q!?dNV|tx<=2^y2cE z*Lz-TXZ04j+gObYnB-ty^DR3EJD!s{4e8FRZ>H#v zO1WEpR>c@DaRCw2)|d`tyw1zU#u-WRyPs}j7lr~JJlmuWSIV|#b$qE!E_o0R8$ws_NZ2|ApAR!=>c6Qof} z;EmC{v`a_1ya{KM%yr6u{TOg75qvjLNz_C5F&ws|yWk-Rj{|LJ4v@Stxs3Su~ zWmwT+FQ(i{^^WOeet1%;h$OT%i@(%YDDIL8F>FO1J=N>)6kN(+6z%SDN7vm$qTmJD zGMj`$##dH_yWUV6ny;os#g#I`2Ss^mm>8TbMlO3pEGCd+U}|J*XmzkcKz^MJ3#aR(zmjHl`UBOAi4vf-FF# zeC??ZEIJoxg1mJX6MKo7Xg>7ls*2Vrf)|$7+afUFE*80}w=w1T=59dK<&00aPBxSd zR6nn>*i7!cH*`PFu;{h?LsM8}Zk5!*DHh!0W2b-xYWF`xwX)6AQNm5v6VnoZOXy3C z5+tcU=W`f6MrpaHq?om_T@QkZ0GIR6z`QjUhOCke3(as~Ikz?M>`oY>(`q{vWk?R>*rwIGGbKcV$kBmjVlld#RQ#5@Lii(dchWrj2H56H z;xG4sz=b!qR$XYiLk8^rhDwa6KB_pTm0ztAX+}mBF$sO*BN;c52#xFV6yxPZw{D;l z4r(zx8*;Tgk=J+e##|aEad#g2(e(6unbgYla)h|NmL^glJ$bx-o77(=6*JWC&+=gt zZ=dHpi{oZZ8x0_zDy@GK2YX+Va&xa!f07J3*6b(jeQ>Hj^7b+;A-qK&ErwhI_nzX3 zyA*?`t|@)rV9mSPYmCng(bn^~+@0RGhd@8ASI5)Q(p{AN1qOt_VdmFt{#z|fjtthm zlE+V{4-X~W_~NJZQ;kwheJL29>2jqSet#F#g#?neU>CRlAv&on4myDb(qJx8<{wm; z@gQIF_Qj_z7esz*2gZ7`iw_zFh8oKpQs-6tNF)1LduSnglw(C3JnYv>aODWxODtV? zGmYJBpsF3_YMR|l(D*Nl&$x{HW5zr19-o_g185AU7 zAIiL{7YRP@k!XKdC7&;nLgLNOH28b1GU#9cn4_8dHf*KZ>)iLAKdZkTk+W@W@#95< zqSe4d>mqUzI;ppba=~CDlYwGOYP=On^4nDlNR9oIt-)WE0`!hH(J!WHxvJB(5z>b1 z+mLP*T72=kT*@W&zQ26T&Ls3KD^STgrd!dqU_$cO#gcMoVFn`-DNox&BFvHg;g+cT z+412GjCQx3@-&e6E06Lngnk2p8ceDNzOSt0%YHvB8GJG;Z><6oeTHd&@T`J(M*w~y zNzj0yBjFG%G444Fw|rc8gxSQKDXDKcy9S!QSMB+Ch{Xolo~*kHm__~g=m!h0J!I(4 zr3!L@QTxK4*EP+(#OjAlCoT<^gUm7=Jg!<4Lo6S&(j_XI@8K$6HkG9We6L)TlK5UP zJpMGy<6>?s_XdIy|4_49^>zVX?>j*T>qtl!k^SD1_BTbtbyWRb=8dgh!N(;Ny^O>s zNj-rgMvrWN%fLAXvFV>sL|4Xu=K(c|ZP*(Enih5sPn*oD4rs+e}DYMeaW@UtnwM8&nhIO7j5e=qT#iABQ>g0XVP7FS@)BF&Q6~38d1*hzSyMAw+tCs7=X}1M(=D=5xKvKssgKxAU#_flxQ(SE<7iz3*!r( z)#*m)Y9-j`Ri*NVJj~=wEfMp&ufj+0z8V#YV@jCa<~4s9l)A?SmHTfdIj~Sf4OB3yii1axZfcl9g3FQ=jPRoZpyfV)kONZe`Gq z4Ulxn)cy|BNyCzB%ojGnZCi#`#=kqWF^r7Mlw`^S;*d zd(`>G;;Q1T^kFZMQuYv|r=FuU5@3Yw%`RWI?%bPH`{7a~lIcS9=&`Yur!dDyXzcpj zf{HReV7)w=nRFDgJUWC z1*$y!?&R^&c#p(pilLAD7DEdAfQLXyqz;>jC)*o-Om+6ds zRCW1$Y8V^jd=-NLbuh!%gnjqp8p~sXUdO@oF|oM}h+F&BJ@#liYTqG~R_1D*Vu3~I zc3(J(_+=GWLGr^e2Vst|K<70I1h;B;5599zM!RSC)m3IwdWIwlIySU*d{X~1b*&n) zmhP=kCWbCQ=)pYPFe@T!#PW2G?^%7iRVlIgV%c(Z;%>h#_o78?wDe=T?6279PqXdt z0Zf$`EH0>q<&bp4kVYq6g(p|52IH9ajbocCE46OP&E5-@%7wu6FAl180PA56d>Cr$ z>dQO0eA(*Ku7CXp0pyhIrFD@pOC=;A!v^#%axq+v&Ew>VTKZ|`#aah92_~W|h}H_P z-M(lF2uLiCPD-Jl!l?Vihjqn|`qJJACV1G%0*9C;kj;J1_Zz`!!;sv1WuHO1wWnKN zUM|~C68@xEt z3?cquaWijgVepsmum&?fsReh&FVz~=Xo3Y*6j=e6XUk1IV!^K`+a*vc%a(Wc9#dm1FykEAU|@$Hk*~Ssb2y z>Ajz69!=m{2l7CzB)ZL4d9gcDe}0x8@+N{}967T#8=(cMQ3eyp;1C11!aFN_I92L@ zh+rA61Vd4a-8Fgw8_kalKc$b+`dXcyWNRKT$sQCEgQ~x>iHohYu^@)PH?FDojeQe< zx$W-MnJ)bXONxz+ojxb*Z<j$|sLSOb9QwP6bup?I75Jb_D}YB0Lq9U^J?%+XghhF(KI*(`B9H1u z^UW{!AIIejZ^5ZWWd9&LgFb+7U6U`Zs9}b>DqQH`jJ7s@$;->b41%UVvNuzl1rmcp zLPzi6D=}0ko<6Do3l$-}H;wIq298;Wds4_YmBXh^vaQpH|orOFlbZpl! z3MBs(-=*G)>5CTUo&Hn$R48O`a*Mb}96BHR+mGb^Et1=hWlxbIs`hliDSaGO+5$$E zllL}d$3%&5Ha9o5#xHa%vn!MdCEp)hE(SEEsk}42E_Y@8X8r*Akr*Qh!9ps5M1sg0 zGqDL^aNIWTDx;v*9#1m3%Hs{+z?ENR@n;kNY{u$+=;HVEP8%-VE4jgqZYv84zotq- ziw80D7>q^dO&Wx!U&EJOwqK~GY@X+6U-U{Kht`(774o}PX$UOna%McFPZ5`mD}{B^ zcwflQ<;ny(LN+aSRBYahzlS|By6g#T7+l{@&P4WmtLWj2ArPs<6^w!9Yi+Ob7Ih6K zl905i!=0<_KJE-zST|)caOEj6%|E+TyOdI2D<(?q@bY|cd+Z^#|bjyaQCn9^G0ARo&>s32egwZVB{nxzsUvT*3+3HBA|JGfz7*HI@ounZ8>r@^0PeT`vF@rM`$z)LM-E zS{-?B9C^n-M0ZLE#AR=#cjd>seDbW{zTazlzeLYqUEB4I>g{*q#~CC!h~2)GHToc@ z+|V_q7VQE&vQLFO{?dAaU9M`HFDF3nSFtoA;BC^2JU-bN6?^JD7Q(^B0F;L_u~6W^M>0y3C3 zbI_=CCHTO$pP*Z#l1bgnz#^HxA2JGQ4_>J6xqg_{2ZV@*N*u{Timqqg8>6>5AW?r^ zr6g+Jmq=PR!hdjXHoW^1@AA8|FD9r%L9!<6_#;BLb=>~;ZaTN>tYB5FWP92e)L}w$ zbzYrJ$-E3Pi)10_VRAd#xFR~4t!yrkF)iBms7vcsw+B<=+&dmIQJot~lnxFbS{hfX zApt=jRM>nuP_DT@ckOOYPU+Un)QZK~9Wka^njX7`h*#YZYiob<_NLJEa}`r2do+1h zIVq5J+%p!6;B~nVQPi9;3-GHKq0RN$NTM9zC^O(T%Nf z)Fl%>qBDtLe)SC`;}jxAubOaXy%QH{`J=)*V}i|NsKD4St1>ZM?Tahh7^W=$hi@(} z@~VKKw?1H>s}|as*5q|Hf*c|3Ev3mXW^zACixfy|dw6=&W9$K3iSC|Z3toLw}RD34p`}C438ePusBJ4AmY6d{V5sxjlV1Cb(SRqP8$PaHyd)_QFfg!h3ltA)jyXh=YWMHz3)rA>L;x*Xj_ z3i~k#{@o*$H!yBJh{V?()fWaRIY{u*LzhaLllji267U75lZllA{^5+xq^e=V;qKF2 zJ3%Z5PW38BMa(w`%;r1Q8RcHQe0XWvQ@b*g)VN4QW?G*q>)lS&CjW&xhtyCSy7uz` zenYVA8ydNgk1N2kbj1RLglvg#Z@{7OK>_&A`utlv@nG_eq~H&~v{@Cd7_0GF z81+6}0B{XUz%DVEzn9FD%$D}nF|WwelBiy|{@PkG;J^P-oE0jT6pb^a^|kKGp~sx% zek8~iTJJ6@e^hm;y*^CR2UIM{}2&hQ@%}sAnD+;Txmt1H$rUh?~hM0}#(+Ekp26pb?JNEt9lexC#q76Ely)^ZG!|U;2OCKf0 zsJq4;e-#CCAGwtg%|G~x&t8Wu%Hu4t$`OYg9`@_|0d#ke5t3eUyw&r%MOHN)U0!e9 z@7+6?hxVj~Z!~JqAfFMmuaZ=q%A>CZQ+l~&F<*QXTYD#fAXG0ehq=3tiAR~Io|MfK zx$=7xv9&Y(u7tDTP071{;PqI-WzI06+FNz0TW^@pLyrZrw{6!|Gp&bLlm||*R%EVKIZ1V^Ep_F;Yq&xW3(*32QzOULTbZdy(Fk8_&&!@#)c%B8Eit zq_cm#fQ|-3i)`$6PtyXFB3DsKgo3b;1KYt2lH4y07v}3=ptZt7V8x5R!UoqPF}5>h zUL$Jo^TN|ws`e0fN>72muR+Y)~IMVK36DF=FArkuM zN>FA3qFft0MBM)>>DwFn;=79v8}8dT>XfYTpaDY>9>fSw^>GM+f-H%-cB7gs3;Jt+ zaIA25gyCit6YFqK0a#4nq>$3!!C#+H6%v9FFs8?8qvk?el*qEa?%y6E`$qEqsbjNV zveiiY{QDEjdUfw%uC16^`HCE0DI{Uf?Iq23?C{SRTGA3{xDQh`-k6<7y0RdI}$jS zEKlscec-LWWsolL%{B(ShA!4D40TM~0V%{UT4#9e2T5Dr!K~y9{PJmL)G~ibFPC?u z^mxQc|56Fgo{M@0CUL}UI(4{JB+0DR*xVFgVEcQHHgazn)MGxCey_cP&R^j!tX2cb z-|zE)@(oe{D(8&sNSX-O5aGP7%^P1UVKgPP#KoasGbz(xwm8^(>#!81_A#2(gpco1 z^aH6~(Z9O28~>T+^&39j0{CCwE(RD?%fN=f(#Fn@{^}et#-Us33#wbDrIX#s`A@{N zWs2g_M(vI-)qu22{}3@JLEpx=NYsBxTHZ`m>uDkU)Jh0od;-S$IX=IX@MHqShSFQ& zIJbT}>Dl0_>XkwN)o&+oKqi(lG2`_}@Id%#j1tKC&Y(_;T~ zuXBY>-vQg1w}dbC+n>sgSprS-YWyWyE_@4g-GvXol?vuZ?!dz5qvjpNvhd!?$~OwG z;$#CU$JRX+Wll9+ik(>&WBmy)?#DYz>JOK<1$NV4mgal7pCsje+St8Cpg}pez@)mJ z58TlrHK>Btoh&IibpISa?yMHoIk zx$oEW)T>CbsZ%<(WR%;>?>ZT{49N3kLqJ1U8^+S+*0v!!Qx3 zKbdApKllA9-|{S3)d;y$_EEgxD)FP7V$$k=G?+B*FqgG!#w|2~e5XpXi@1-S#LrnK zXiv9IPRw__Of#x&Iph>lU<)^tI(=0c8cPobu)#?@9c{nywmGOq64E zfEOjpTYZj_EFGg%agEy)Bp)Ec9mwjjjy0mUi>|FGRoXuLA{RZky1CbA)Yd;lPmPl^ zs0KTYO%g%vOWIV?XUOG@-7 zht^%OdyD(2l4gJW>;H1IT#D`6aT!Lgv3oLzKiG$ENN61Zy1-XI5u*ET%t=BM=*r0wm~h1BH`94GcS;l_ShcnG$7BcKN>|w+;fpGNXZ3MPUuMsCx`#r}po@gCqbODyH1k?U&%A}*rhQTK+YUXUjJ#?c1}2Bw(0;{arYrlacxLn`XQ z!$M6HUG+Pknod=ttY)j$%zc6~PI(S~oZ7-Uux2UW4U+aMA&Up19|@RI{DULA{A4=W z@=I>WDoZ_{`1`yzh*{o>F?|B^e6&*pTBg|@KcaHLG$@^Dorm%`Sr1@N!kDAdf;X0O zqcVje(^T%ZSZekRGdxS`cj`#WB)T@(;TQLIs2@hSLej7a2VEGAz8t=+9u)!1qJEK0 zML@>O#)dk}`5?w9>d2D5W_$M|eGjz9Gg=|je4_!a{Me&psIE|Ey>!!@wkIJDbB>Vy z=<<|O^0|Q=v|y^*fKWE3Z<RcaEwv}EH0Hc!% z<-8uv;lr2*%lM=WRoB*6OnLsMs_Q>`rDPv{-vXs3Oq4^Ryf3AD_34^yPyai<&>9m9 zUMz(`C8i|=ujF;^i8KvM{$d_4WTyQPk@HA4*4OQ>w3e*!h+O+j17YT0YAs4V$f?Kd$$) zGE`H0%(iOa2nj=YLsXoTQS1n6g{Sv|>u+QpeFpI^AY=~yL^gQr+21k1{~M8kCGS`Z z&k>#gJwmlwtAE(Fqn{Q((`O!C*s2a6JnFE7t}w5lN$qLd`5kHfUi2zu+iOp@sC~C{ zw%RI?zwrJ>k~U{ne@h_T+0nQxzT}qUOC8>+9V^m=Bvq&sD?v3EXO0z5PoFi%_=b<( zl97#?gw@#&h{If=oky!iA5z37Ouj^)(8a@w;CB*mfmh$)T2-xMAHUXN=Ast`1Xq`g zD=GM!Vw3Nt3ch@FzUW4i+d9pH%es zKOza4o}8c@CM1r3ZNhV`Cwv6gF(X|8w<9ch+j_EUdv=>EMo*T}9Z{lcg?U zy}E2`Gc6S87%*OFEvm&xQ6}>^UTUg0b1ki)W!&!VeZ2p&G- z>!d%etI=aUq&$wa)(Vl0EOrvBfOd>(TOp<&8K$c|0zCRq(7A&kbP&Cz-8?e<3`VhR zA>yTXPLlwHcYp#&fPAm9>E|<;Gh()a6Exn+SOE0)8?K=eL2_0)hoG zxOStBW?#Fz?IxziEEAbFA$T^@({q63rzvpve|GJ*2EyL{efxr?jbXBM7tQYd3 zKP`tr6AteH8>+YSsGB(b7PUS;*U8BRm@?mxfA%E;U*r+wG2jR|1T7Wmuab=my6syE zWiW3!-43cL{fIDaI9b(-R*vdBn(*;@m*e~&?otZ2%TKrxx}mD=;M;|D*z(@U^@yI; zoA^L1#0ohBViIkWe0r|6cV35bxZnBeRvDKG1#4W^%yrXMMT=7*K^O0Yu}3F-Xwf9g zMp=TKeyp@rOZ-~t`tfvdpJrsHIs0>sJKqq;I@!4)hzALx$4qtb&_ZQn=*V_MI@iE6 zuC=9F4`t?V23(HEfC|Tw^}luAn{R$@AIA1*iy(Wc3g^Zogn1nkJ9Be{)6wG7TqI>B zL@moC#S4;+!XI>isW+Po3)5G zp*n0(cnc5vp0}hxb@I{C9!|-L+|3!?kg3xp_P)fVD#s)gY&314dms}MeedUg%ZlVb zAOCEzv}5Mepc`li9bKiq@s2h!eBi?Xi}d4t`u6<@zQ+H=s{}GvY}v|kHsOcdKQdw} z!Ui2!Z}1Q;T@U7PCsQpc-2%zFc#yRvH$8b*hECINkQa4(-Uc7b`cf9D==fxzN^Ojm3m%N%MdG~Eh)VE`VXC;X%pXgNzoXeEgb5840%?(l-#2(7P5~m3VDibu z;5FUtg$}atN=1F#P@`bn;Yfq+(%}6&j{c%4NnqQ3c9m2#jp(WRoWxz^RP8N+x~AF& zHGzj3qN$!Uy4#1BL?IO`s`&l21D)x?Et~IYODYlPo^n7uBPVl0G<@c2E$Y<_uB$ zZe%qqj(EAZN`loaCosUeSMO!B>-+Sv>~848hK%i;rDRzJm+7A8Eh=ogw!7{Rs5-&l z0~E^6rSf@z*LuxY)mj-uv$x97P&3J7=?(fT_d`j6-!9K2@#|9DM5;h=&BmURGL?44 z_&R2$v_S8>wUuD3cbHGNM7|n(w`q0iyxjT@e<^(EzfnEZcMRPsPnWq_@!$=^`L*@F za0H)kDS;*E(c}-zX!&iy_1S!LivTD;?ZR?D`Rej_HLf=aSdNXI4se_uG2RsGV+**G z?Apl%WGT@YkIuaFDi#hiZ5jBQuzA0N_aV^&QKg$X-PxOBj2KF;5i>fqeqD~5mjVeE zc5%vO!Y7|?ue>7R*M5{ZntV@yf+P#0GbYps4qL0LZ-<5YPhh1!v`8@hDBr5l4fJq# z4*={zpK^H<*_DT(>4eD#^Ir=)?(R78OkM!8?h5dg@3h6zGz$9e`u za!X?V_}KA{e-D93XtC|oW?L<)iCYif(GtA1Au2!<9~z=|AoDLij5&^jYhvlNr`pEQ zbWEjrZ~x}N$8f0?34`_A*8LOOl?qpjl1HT}Ba&XQ!~=L~AV5H1m;$KypX9Hz9m_|r z{+mVQA0k&U3K_DAkKyTwn5stqtV#I>xK8EDv-^D-+dNlsO1iF$0gQ2QEAb*Zw*Xpw zLWEpqPeiC^$17O*UcJ?9K3gUvSo!L=X3mS90ikge<2&1*4?1JN)EakIVt5Y2Hk4J- zhFz+mJdA)J#XXs0%7G1Kxx=#zsM!&hw3)eut83}oIjjW(!W zFO}ED&t2*`?|$7^jLVoxAn?^y*8Gk3X&={xs%9NG-m>8~pi_0jLvRSZGKzZ@d6;m&C#K*q!^t7?m zVY!eYWwphmSf-JpmY8Rd$XT4Vr=XQXy~H-_3El7wPHta?b7GVfA(yT%2%uR4+;yG& z@lsDLg02jJjA zA4ewRS$Z?cJCU?_)ovDl&W|n+-uid1y*jtr{%tGW9o-Hu?Om4ks1ATHV748yaJpB8 znKbs-cUY~v7qj|`p%%SgS-WDsMx99IJP=|D{z6Ms4k!+}5Pjh4-0lPx{fz`>UoDZd zfciVOL!>h^1wICkR%C!m;@TZs4W-^WX0S!1Up^wROn~m9VMM#!?9pRg*Y_Kf_bn=DYspw#ZSj>-7nm6syHpu{M|Dt`9RgoHdtm8E zFZ1G@S;N#txRq~qSNW^W7Q%p|pelPo%YF*TlQ^872}C6fy07MZv^4SxuOk=Dq)0DbJ?`bF}w z@4maV;=T4n1q4!F7^K~qyAZJM)M0CE>x0?}=c}9%itU6I0xPw!xTXS_yFiWwe`qyu z>qhjF?Lj;^#p#+-exO2gws4^-@*;X6SaOr;vPm0l<=!ke#>HpB6;|8=jvaTIIuxiM z_WR0RKEq1&0ruzJ*ObYRT0l7*)l`Kz-x2ccb+!Wt*^j=RRMI2TAt65P(6~lR}Cke<~ zZP{|kp2sx?3)Kx~mi(ug8mhxwZLo)KVKdDpWM40v`+KAk`nX>KJM{U87xnn+UrmCXC=bU@HMfUOqoT37sjeW|)wO?AY zJi?s~{ci07`Mx+@S@fFM+lPg^*`%Kg#nz{h8-Qo}VF>}(AP+V2-x^UI9B*TKYP~M|!D^V)Y))&)_}81+dQ@ z0%0V{fuUVUfQE)rWx}WTUh_<~4VC(K916^qwVW4RzOcyeyK%Cal%MdrnQrBm>!`Ib z*PRmbTrcbo1mokeQQhF`uzU>f3aB_6FH8Vu zw-znzrY3zHm*M)_EE^2fC-n?1J<*=F5TZhc=AIQ-rJ-9J717`(LY{8ja2WT(&hsEo0&&Nx04__j} zeE0TYUy~1KHGTOdZwR32>%~{=IAr`+hW2(bHY?&4fHtYU{Azp7Qg1<7yuk3#8=_rK zeWFWALSt3Rb2GiGrLiWFPn|?4(ub&keb}p=+4@Ie*rGJ`=;BT}9~s4GtEUa1Lg%30 zmk=)h_3pZD;O5A1o~wA>6-{e$D48~~e?&CHICyF(b=5{2EfD@ILqk9zJz_mpDk!Ma z*SeE;2D~iT1!e$1_ebqlyh@l&@>*&e>VG8L>Q-L~91?x?Oo*Bz=tc7-DrS#jgl1o&XTBRP9lp`jI%yC=hq<<2&E<6c}KZ!bhxm?;3|) z`|l+S>u6pkgy^nywRSv^y9>1p6U4k>@@L20AH346Yb`z{*wDw@&@gh{ooNVhcthKF z>Hr@oydt|OzzmYn*bIT?n*o5c4?T`ZdkKnhIzPVql_QbL=Cv9oGj9Y(5 z>QThXk(v#pP^=_uOMd2*^;eH#wXmR|x9w(Dx$Q;hOF)|(l|o9A zM7#ry;K248XzFEUDw(YAxXgoi0)H)$A((e3GlcN)6{u&7(U5k4xWeZ$H_OyX)2n3y zrnhaAW`@qDj1nEGxtxo*f#dQ(F1*A_DWcqIIbGpgR?Nq!VM>PLXd`oQT;kG|f?uQR z`p}rbC$k~fg?jrxjZJItW*}+MpzHH^HeCKFNO(y$arr#%L*shO#khZ!bJee+1XUJ+ z(@DKhkSfmZ*Shfg+TwpJf4j`T=fO&zIUId5QtJWc1iwWYJwjk<;e^CC!DIe1DT@8D(;eE)_4 z_b20cyfIGb;tPxmWe#U`%%BNJ<2-1htZOV67Fx-()+8S(j;bUne!KJZBlU75V2d*@ zI&?2UM-%ghgur~&3O_PBMZCrvUTKE6_pe;fN)kUAdL6wak)hl(-NUE7w94VrdGYue zmI_^oQB%Wwt<)-q22OR{_uFlape;*#SfQSI?=<&($^S+N3>`JBH~Zpy_Th1b~goI0XrPLhm*Z*j$6qH;z<$D ztwZ}rh}PYgBJVYHa`3%=Lr{S^bm+m5jAB2KI|9K%9JvTq0TE!WRoSO`rUmx^$4R$yF{a|MAOGU5; zcuk-SoI5tZ5T-D)I)bk8Kb2AF(6CSY)tF>x8kDL*EzV35Rl|liu-#}W!?DB#A#IUt z3xT8H>v{NzqLMhsGK6f4$Q6;N$5IouCS~3CWxwopbjDVnFMC;T8&TmR3k1eDp#%^V z*n%KTc{_q0OR*Tv$N9`Gqw@ZApix63+q24>6}%$ubyvUcEiO62Wbhi8gB8lOA}3xt zPtTE38S_&ak@``mf+O*KL)91d3ChJa%;b8E@K9B4Sb4W~<<#CLmcMfhy4sn+7#U!N z?nrst>gDCcJr?Vu#muC}Rmm?p_gL<{V{|j7ZLoVYy!}f8WJVB|;V2V_SAPj%a)$7f z*4S{qv!N3Y7VJSlJ3d=czIkv7L7c3P(L2Hkrai&rsX*-TjumE)sR_TdKT)M{mSZ3E zl_|tq1?3Y5;S|4hE<@9P%BzLtQ~`4&THLmAQuIbcgL+}IWmD}d*I{vH3iW4>Sud4X zcFknt3%58`Vngy&)=ai*hiA@-R%rc}c{go{% zYCP%602$y171d=X4G9oSE~O}*=@#`^(Bv12RP(k>kowj;_-NV4Ap-nLXC|>TL$Ds} zUA5d3bG){(v+jBzjxH_uoX|OY*8{8ABci1%b8by$PbKv%`~`F}ui{udQ8{wOpIs^6A66-nE)NXx6; zh&)%c4ut&Z7(I1qJq~8j8zA;P+dqh>lUoTU#7~=lewZSSI`z7_IAOFMmG{QoRrm zYMXfD$L#5%a!_WH@@p&Vq8m12#<&2yGJ+0+e8;BL6|y{_&F%2G`X9mnt>5&b@%{e@ z{+rC4=w>X3_t(|QSkU~#-VTG9{P9f8a|lECD->XfqE^fHGRc&#kaAS*4IQl@feC;I zViv;pR;a@F9fG?pFkQKTI2S6;{VHR2Z}Hjr{$mEU{iou%)isf?-?}G90PL0pn9&|z z$(ml*Y0RlUyf&_Q8jDtZT6GH2NbKQlem>XXkMG)Zw^G5<;2r_mTw!Q|H79haO?Sch zL?LkEVavkA=f-K0e;T-CyqE1h%)gP;(vfujEYQs4UE!7O(xl z2fYMU!JTrejoSN-oH|oHf#G^104vM0@~~$H$k#Zhrwu29EkMVnEH4 z9|R%PGor=(sNyYDi!qSIceF@pN7y%o3CPaoe+}ZGO5qQ!zZXnN zs^865d#PEX?SRw?5U#bjf2InOc zlYX8}q10L>!gyI@sxuxAqsHCDnDf{~1Zqz%hYLES(d0_nCRRo~*LKfv$;Jr&(-I&x zf~-)a&1=t_PLXVUV!Ehtnandm-Asdv+TXN+Pputs z?mZqp=iVDT2#zr0j7(~C5VQu5J!mF1RF{&aPVvzQ;lnD3>O;;(6n1Ti!`f1A# z!?xAl#`i2V-^mH6aWOnp3Gm8--NW1uCD2Q>$Ixh+Thk5E4m8)kGBt_gSj}jzm zfy1p+@I6TYlE$VCD^hw(-$OZ1eKg?FxhPw4k$_;EcAov(D9s}@E?VvCU_uA$cV+cS zvpH}x_WHpmHs;8WFW%mU+wsoeTmzcb1Vc(eqx*LEt~juU_6`R22^`)d4h|sqrfOX> zxP}$Aax9<_>oN4f@1`QcH`m)rBa(C>5Z8JN^;SJn_M0sn4$~%sVjklbgoD&s$BE>! z1M^z6zZl)+wdn|Djli{5DGT$v;n*zK!B39H{&lYv1Y2Dr3JwNs|hpBHS zt&;N?p!+gZ?~07N1#&@eA9W{ZGP!xyFLg}H#@Imut(1Dn!pUFLt|zzu*uP@}c+$CB z_$J$hb?V2+Cw`sx&6G~qXsXG@g1w{{_D@Fm3rSO^+6VOuFFyhq_Oqh%55!WMCmKB` zGN|(5y?ZX!IGr2-$Fk+(uo~V)>!3M~4rCw*AC?jP%L>oB`S;Fba_Lj|*Bhvnk2pX2 zU!yY=z-<92eiKF4`yD1F-uSRp9ZrLkjMs%;pX2QqPgMxnM@0(3ZfF1mV2v7@fiFA6 zDysOSkj!`obYoc#N;564Zb@ZBvPj8W<;@3>Az3K%^IvzFI`oSp_1xcIt4VB5*l9>w zot&C_IoWDsqwI+pu+n!saajmRPtWYv8jMy<+=^8d2)Qgq?v!#OTW%-16+ohY?rJ5QL5X*;h}L5 zf)mfXQXA)$g%^Ap^{k?~Az>fNl40nZPim4VBG)xR&CH#3l|&?p79L#uW8z7 zp{3Jur>6^YuJ9*bD_c{cLL<+kUnLr8^)1vry@0?wPUpJJ?(dDEcxN{Cv8?F@Te5+? ziBD5egZ}bKO~Qzo^>^Vsi3@VizH(Xql)}?I2z5ghVuNlfn?VyHgXPL z$)<{VH6`!ZpT?#Z9A)C{UoD@h$mFFT&!hV*M%!1iRsHi_FGUKKE2063*}H%BrTDMe z4eTKJ@Wy)Bx{zb~t4=&O#uX)e{MSzXYLolwk{1nnMSSh*FHqSr$Qc`p@_#L&o%kOS zY~(l|N#w9b>0Ge=A>oBDZNb~(@OJPB@Na7ZaFz$p2D&)Tl_N8qZtl6m=@mu3K?PgS z;9)Xw24^1OrXNSm1Lg*IrhGuJhwhw)LN8|PW8gEomif#EcmElM2Oq#|juS{Upmb81 zdM0lyMMa3=th;D}Z#8a*Ki$gIQ90${1Nh&+Uj7H9)qf+eK9wKUi_Lil{xf-T&MoZt z9}lja7(MY}sM{oKI1o{^)wwvi*#qi}ZzSLAz&o?0hUS^at_JT4mk&b{aJrKTpS-f@|4jYgL?OOhG;z_lXs%5y zpUHXc8nw4|{)Pm6Pfkv8!g>!0w44q@{*c__2kgVPi;DH(qfZWVzYzPeycd)JYf2A{ z%{`asfdA(DL(;1bkcAtah0oR2Pj0NMNnNC%z-P37NY?V;t7{ThaPkWBXf&{P#uNzqQ)G z_3VEu?*Gjo|7MW?pUohRsvM;y=@VXz&Uxzi>Bl%&D^bM(II@0jZv7!X2rQOgKkSgTM`7ETTek*`F*=Vb6v{3JR zsOe$h;7D4T_^an>WV=jM4TG31W9&KYcf=d=RRYhow=?zD}mrNadEr8;RDyCDtw!c@W zj}c4GWhQ{}wb)oO<;1n*;T<$GEv5v|Ws+)#WG&-vFWqaC=nMM1{+W)n)Nf7E_Z!?6 zs(1dJI8FR{*qjO2fTf@_RJV2EFEy^GA4A5ovt*Aq_O(p5{sN?W5b=mUjR)V z@9QX=I1#jv75MYJ(gxK)J@+M+a*ME-ZvlmXQ5n!lT??ASNmKy($fiAnF%F)_2sxg< z06L;i&eA`3!s^bS!ye<2Suia?hCj6;-r}@!O7H^J01dJ0(LOx|T?(c*6)djZ?V|g!wIGyi0@jS!^#%C|h3neI+H|1#%Y9G+q^x7#uYQIbU256LC-wN}~XF#*Y$G=?Jozn@;pcevb6Fp8(01A$t0U0n&Z?s*KAGf%?2!(0k)u8144+$dNkgO&98GG`AP zgH;^ML3rKOX^;>>1~b*6;BWuKn!%~|WZ?BLleWVm3HDcPZ`68dgX*s?+qY0=XNR(2 z%VV3(&y@+P_|{T@T65pmX*q_it=8zrj+NlJ=UCv0k57+4ESFIJB`TAtn~xL2s06N) zm11a6bscGdNgt0ao*Vmldn)iY=C!xaunVUdyX!GG=+uY5S@1)C+#U9-WKAS5eI6bv zSQvwmpwq_GlFzjJP?X$g~_FqMNBb9C{qQG*FhNY`F1d!KD4_`)KyA z_4E2y`Ds%in!pji!e}BRw5o$BI}%eD4dT`;+9uu{+4E5!UEHor`9q?n+fwOX{at9` zD46sGDSyZ#kKH>WN15kv+#&++biaFjs#z{yDHS%m7D!n?8Vjx(d4`fJzh1KY_Jws* zl4bW*gH1>!z8_aG)+~2^cRRD1A~xAgqUK!T*68oI>(QzC*lDqoJ7HcC?Ui@38dbgD zsprQ3rpYuLvHl7el*ge{FuZNaOPmP)U3s>sYAz=+TP$zrp6BnHH0|1YyO@~LQQFaJ z?H%?8JF1N5ti0KNpwhzKS*_%zykB*!@-fxM-eVFA2^__G zW#k8WauN4{TnqK8c6aB2O1Hf-HkyYGuP-T`nyh9NZi&pzS;`Ks>LQX})Ye37q#8dk zh`nq2Ia7)BcA}QTz2u_uLC9t360YSU`}f1gsDrjrkH;8DXzIqcqD;=x_O6d?DQ&T| z`F`1T)^{2=D=6*-U+x;_XbJhrTf-c9>mp4C&^Y)l#^YRFS~1Q>XB#n0ANeOdJNuQ{ z!)#4GxNO4?0rRq1jY6$#i?fYL!c<}>uu#RMv{78-3u3K9H^z`Z^gH5~R|+WJIXw&B zymStNXW~54n?4MYM(pAM>JCu|@6f?Z3zNZ088+4p19sCTqwT%Ns`m zLM7*Ej@^s=K?8!6!JBy_)_ef)nh|juZ*7iuSeAG{TUr)Vir=+LZY|p{)x+}F2HzOH zpS+9-Q?ZHWxtHPM4~WWx!Oj7Koo9jBSbCIER5{d-Ut-Sl+>%Z~qmY)V#NS^3(;S}> zD2s71)>52m?6+|zm?=;g_6j@HHTRF%0ShiYODoH%(i!mC6uYQzkyYIygSb*Og>XIX z>G?w<`<4su%{_&jM{xtZZ?yxYs9x- zVDdDmN<-;CU_?&7)bFJ^zFGcI<_lyxO6oA%Q;cbVo2KJTz6(NzNVyzcKH z&UoublK?Ob84*a6xhfk`x&@-EOL8mwT~1-WZROGLLUT6;BECi={kC3Nb@;o_C1nTd zPi}1B$3^9_*0|cytcyf3q?76IpW<$4SdnKuziWyC8?D1yF?wPBv}fR}LqGYUOD{nO zH8ke{w8#hF#ILW$m@8p-CVfW`L%{ETEz?*)CW|+)>;$@x+-Rb?NhSwqm!om%B)YKoH>-erDA= zG?P*WE%9?!qJ5$wTyNq)luf^-xdj>B_wD+%AkHV305H`NF?_BeuuP(mN;nus+zA|As-bKsb)0#+78G~sQEa2@Y?&h@0iFe@7W{0X}+Mu5SE&<%G%1jwyRfQzYjSW_2D`WR?!Rr1mtPMXPBWFf`>1Eosi;;Y^TmiYg$9-h_a1+Y73l^s;{{RN zTt5+<7`mKU?yf=~+s1b@LGeS`kGBo{0n9~EK=A^9f{U)K zmPPQ4A!}V>E(LR%klclt8$6yK3R#f~A5=|0u_!!-)m!e(bJAp*>RR&>XfDc{8L{v# zkRayuS#rFSza5HZK&ri>^{s7+NkyHJS5u71TMp*B{w@l?!3Mw^;3{U^N77|cZbTH( zT{Q0`l~?B|pt-A@1NFXS(R^#_*H6Ctw9~+foL<7FRyATRHVXvtvIu#64HU`XS?ZxZ zDs3VmjijA3e`geM(=gQP$q|!LhF9ds zc%_n&+8r(r+T!Sa#j6uKq_7uwORO524Di~PZVA-9%ZU;Z`IO+86hWGy7;Y%=;vW0M z7?HaVc_Kwt;B)$`OC9h~Z!0cLN^7VF%(@hC%1qK~v}FICesgBC0V4h^y7s%zyh$`ciqpRhYvTqag?1sO)UQ=+GgQZ zUK;4`Q{n<9@SAIi6VWpnK+aWv)MQJ$GI!JMx}6SXQkZA8@sKqW-0=@dxYcF6ZaG0? zRAxa$mpE|0R`y;^52NL-Y(;ZUhvd;lfUBe%{_k*AMW%F!yA4uU-9VRxqlx1+pI zFHqxYy8ByL6gyuOhbWggw4;wupXQY5hB!%M*7%}lFWT&Cm0QUM8*Xif)%^8rp< z4rU+Wk0Kr&a26036l|FJ1Zy2p-NJJ=r_EVCykx27HZsit3sQjGxcqCWi9EwRXn@t9 zbV=9BW4SzPiH68;VzpyMiB_2twnErao92 zlwobl>Vj0KH*0F%l|o0H5w_DkOSPXrAY*-)(#LBS^s0MJEWW;I3UQH5q;Sd*f>Z2( z6o(ar-+cvIF`XX7DX}L!M~lFRZwW7A=Obd zcEfT>I~nuMEyVw$*LM@0vwx>765!VgJE=aKU)nZS{7SMOcaRXINJC`yKZ+n?PkBQLC1Wf|BZ{g z#Yvw?H%$Lr8AgxM`9L2EGhdCNe>(B;d#{s+FQ>+pmmhC$GTJf(zHMgkBWY z0vK@a+1vr^=MO5*J*^;_=?IO}idzfa$=U>L^iw@@;%8TrPb@+>blykKc$+~#lFJG`1-Nh-dhqnT%@$3-5C&ukrV?M(>UtXjE*Oxye zcZa~|fQ78~7dSK!oMsf#YISF{CO7*IA_r$IENZm1^1(Y^dm!8f)*6ZN zMMd3xcqbA&bTx1oN!ILyV!;%KDtct^q*h1wvy|5CxgALctA~Gmszgo*ttbCowm;W} zxYmrd+YA!(axsNHE}XlCo=p8g=D|`Os@&H*&L^7tP>$I&Xk6DKHhuMgVuvU?PN2!( zH8Qs18_CtEp_LUjEOX8MC~Oo@b>}ib96*F>=0lg-@H@G_fnQdb7<4(;Y1eqgXAaKI!z+4*$MrYW~QJd2hb8}B5wOk$ECOoSQW=8zl7rH`HPw`ew zF%ly|L7V}IJ%-q(4&>GR$!c{^e~G<%Pg-5^6WLNC-!9OCBXBEbS}S063&6s(PV9=x;7pS-Bq^J|!&Pa&%RT2)Swr~y+n_44m> z)}6pxcyyj6)CZ*+@3TUy)28{|9B(AV??0EHY-BL5=ZbJh&}QbIgNjrM)Lbv|0mbJa z%r8BEmbNLNdP$ffc8|1I`m32YP5K1O8saMc2mrP6 zR1kSEIx*6&4*E(1I8F0vr*!=TX{V32y7L7}b7UcLUqAJ|! zQbPR>rSt1P`9_fe7#}un#X4?dA`4?2SzYS5^|ZXGC8&Vg>zi^fS4!rUbz^hEBlkYMGKYM9wN_+u80gBcSj`T1WtA`|!%l{!+QjWSSzax@7+6-CY_OPB* z6v=a*tV>0P6Ee}74{T}0GH02qt={myX$)5NTRt-m!;j&<;-4=Ski1?BBi_L;psd66cFhFjAEw|eC(nWEfvXOf8`-t^@Co8dWf+pZ}(TF+dh`D*t#+ms(#h?yT@?7<#PE)kxTT$K| zY)Ig%kU}lS*j~f=*MDWIT`!xW$<))ekocEpoXikjYIUeJ?t@=D-oF(jJyMgdMRtEi z%x$E=OQ(6H;8DEV+b@@rJ`b7Ygmm9ViYY!iSFY;<&&r>)^04AZoB$8BtqP~&f`NiO zCXMnPwltcKgx)C^x#*ye)N!8@)ZL?Ay}r=QX)f-zzK)M-?(A~RJ2S_Blj74al`?t45f|cH52{$`@6_5fOBze>5pt!%e&5 zJN3LK{dVoW&UEw!pU9!BLc^*0jpazu6SBOV=Eu)3@)0CXx=v%xUftbhHc$duE|Tv_26f8Ea1#Fpj88e=Q7^yISE z|7y`Id#s1u43&;U$DwHsM9#_fkh9>1q~^FC6U>Wx^#u6P~NT_MWB3S>;4xOO0_K@GLpd&v*qR>_(7N zN#2q}!l>p}NVlx_>09nO8`xLZw{-pnd5fJq{VKLDjl}SkfSa2gJObll)h&{}iv3aj zy$P3ZJ_|~T?=d9*NU0-$s)t{KIpejk@*DoV;Y88Vnz>@TC9#(DKE<6c0EIz`lHMjGzXHYEEXwzidB~{NgcU zpVyWOvf@4$BUoYuyLBSX!lPl2u=Wp<#f%N2p5guNm}#yz8Zdr}^yR&9A+dPyK;TpF zYuSl%dtjr!kjRNVLh=yI@phO-pNjQ$J zPsU=vmdk|)qv#?5M+#7tP1$zY#yyXh@;dDCZ%o;<6)Y}E76L%aGX4&LZAjlrPl11r z*XazD8?G+3ynJoe(prV9&BXS~+vyMS!DLCxA;TjM6+Epf4)e}uh8Zch8+`mBlxfVA zJDR<>RO-|(9Y|K^y}!)1F|U1Z(A~;qc_@yT5-1?h12si*=$Oi+m&{d_{L*=d!uP9H zs$Ujv7OnlTr3W7DlLbo#w8aLgiGF5@P{vko%I|py4 zx@8tG0T7=@VPi&glX_g^AiqxjC;M5~=2)NDiN!PpaiHoDH(-_kYzo1#K+wuG9m~{| zg~+CPPTg^puy_1|UX3-lWj!bodPmz|x9{iiQ;|*h%no-lLHcJ3mdy+hz6S6?er+@c*x$&eWzn=PIcUy>#%k2A zy2mOWylCM10F-hvR9x|pu0;lH>^sCAOh%PWiR0e&s5#+LDA?zu)l=Zo=hL7ypG&~g zwj)&L(}obk48)^PH#txCr38%Z6g) z`%&SouHIclkpZ~QSS~Wirl~GL*zKy+_k9Wtil>`JH&dhBegb86caR)DahX2M&(p8G zgPy@@k+&xO*PE7$w#SRci`#ZYxD$ZA=yoP3bJ2ppwi9Juv< z_kO~ft!O0O)^x1Wi!0ZE=R3Fr&5fuq|C6hb{I6bXG7>yceRbeCa2RojtN`_2V>e;Qky%#g)-qW9b=nP_y z+XBasEQ-dMxuF6Xbz%bBa#571D7 zvXteb3NG>_q`k5GU&P;MaG2*~OzPs!RfQGT;?P}|2#2J4^x#FqizZ1jW3^RYU{Zj1 zU7S|Rxqvw_Qlm!QHM)QJU_-?{$%#!4C@j&S$vyM?y8I?s(jmp$_xY zCmhNdmd;*k>d1NS%{+JHHu%ppvtEJB(kzF^)L>U2SMaNkC%o)$+0@jw#H@WT7wp@- zw(N1px|;FHG-yxSIGo^)-~Ok%( zsk=e)OF8pSi0MU>m&ufANc$44r>0MP43}=pc$pWuK7rojHE5vOz3-dFnZ7PW*W#Qt z@-%lvq8qK#$s^f}SHbGH>)}PZak4|OWK~^{m*1v~_s+FKd&quST&(fGJsK|#{SEY; z6M*s)rhZPa1I+B?N1l?E1}%4Em9u;P#*}~XFbiXHm27;}-KS#TPlY99rJNb>(&Z=3 z!-q-!=1{WjqtKkz&oPRkntk(A(JtlABXWlu(L62#4i~u~vRQlr@1BB2pFSYJRvHpacUR@jqQFHCksSZHgMJ0V z1U-5*R%4RcmpbV`-Tw0r$-?JNMqXV$3u@7yI6sjjEPbpZ?~2wn`fJcQld7@b#oum3 z()1SSl9#_#de6T}yJ73vZ8gyi5IT7fG|r3S!2V4042uZ&LXimvy}pTvSa%x#I3ms- z_KD$vm6G z6Sn*PYejRLWrYE=NeM=0qXQqO0_hO6lzDfPXJooJZOo81Ei2jgoG$|L?Oa+?cWw&X z+dnYW?G?x%xzr3GWUB>#F0tYxV7FGvfr?#n*&%yQbsZvN?Mv6&3c~cKWu_1PZ={r; z(Z9-Rkl?@{wZiFsd!XpKcfIB5(wm=%OKhq$=DkpVGXKcu#x<6=Z?1Gx7D4Gz;qAys zRw-vNJxrw#8cbtv@O66dN44n89RVdDz87@&Nxxp#b*SfFXIYa!=spO}U^m~uQpHqT zDsI;e6=;PoNieh=&sr$&)80yh>v*`Xp?WqyT zg$^z!sCT7!m}lT3oL25F7j$0s*5c>lv?V>J$JVN@5&}qR>#{hr^af^ zhM&$t%nbh1)m7wwV@7HD;7EZ<&}ORWyIInz)0x-AnR&nG4 zrxz=YDAdbWFuPLcN26WBWDKv%0FRrYxcT{fdD-Mlq08dzbemj@ zpz+LMlXXh!;(_FL%gHFN=6Ay}1zt?%4{COt>Qj>T!j%OYo1qdKEfuO@AD!Dyf+;AwuU{x?Itb!T+m>_|;Z4N|Sq zxHcR)VyyrR#OGtlesYRU)U_{Nv2wZJtySORY7)xnoqnA!s=1_tDxOiZ1m?C{z90|y zQ|AkSt2WZGkZz_cc5#o1V+h9ynda>$Z_`dnIZUD-lM{dg~erO-S)f z0PIvHu-q>@ZoGE-Vf;hpCjuCWU!9n6fe#-DeY_+-)rW1O+Fx&MlUI} zxE%Lj5W7lU@4sl=jSzshDTu{I$msl-d7S4gEC9A27q{qolHCSQ z4mC|txL>wt?5(EqEb_-!r?IcL^9`>vM)&qp7R##V+c-J}uW0AlF{j8Ddo7s#A@Qg> z1SRDl__6RPuw!`;5bOcj7Ljj+V3^f{u0d25n48dOydGV9zu+QCJGy5>un~+)Ax}E@ zD3|Gv>0b|zb`};^HLi+5d%2YA`B{4IW{+_H>k8Ca)Jq~D2_!G1Vjl_e1vo6nMS*U+ zoLQCT5KKq7o=thuOjg~mXcaJ$&r{rMs1?6dp`eW}65{QdxaEo^cnyfbs7JF^mS@c4>q}d-8HPYvzgKCU3Uw zcj4YDmWcYA-t27^6yy+O=YYaeYn-2!*fFpBu-BD*@~KVUI&sDg8y=Y%d~b9U%eS31 zyNyHC?bK>7=u`sX+#&t5|5Z@;AASCRF3{74@uXKAW)6dHn8A~^Oy|K$ABwQ6&NGMcJ zlI0EKVLQ>J@Dp5m^j@zRb>HR|z5jPV!v*wn>cA*U%D$I<<%%Cj;-ts7pBY!9g2Nc0y z!(aGX=@6a;_Tz^5J&TY#Z+s302fw-vITyjy^`@m=HPIjuENkXPC2pxQAe?w>$?gzY zMVO9)mvtWy{*WNY_qs$@tmmYjVy)`1M>zk{X8JOTu$s9j2t_50x(~@cJSlWdWQH~1vzDNLWD2vc-ydS@?HZ` z!`s^M#h5V^1UEDdUa_2a_PB`JL-@=gt6zmF`XZctLDorM_Y%F`yX2Z?jSnv<8s&7t zd1=8;<@C_5Zex4|Hi4dXi{VP>Fa>-wICG6P13pnV^1y6DCPv0;QOHEK5%$KaoBzp2i9TgayW{!ytiXQb&a;y} zB$iAGo7{pbpE*Fi2F$9(V1{p}X1n5UCsCH#o{V1A@NlcDU{Fjq5$XkZFjJ7**C3Bi z$kYZGSux-aB*2HNl0eh{Q&N(`i?mPG&c=RQY2k5IUD7jGcSElqEk~+zSH%C|Bl&)@ zFX_XCUaC6To5LtrUnIlC@^?X8V>0x34cJ51fTA6J^R5%5bIUu0MvEU``2F9m^WSOj zrzSbD1deo(_LqNygF%vbLod{Vn#rW17t4|J;?42rgB$y&)Y6r+r`dWk0(Hp(y#ni} z?1v)O(^IIWZ~`|~8P$`AR;a*`nQs)mBL78I2bcl}#tJJKSrTWK@Itn&QH=p~FUutPzts}(K ze}Loe?847fWIVxi1k#nvPz3d;BI)uu=LnQ^Rz!gh1?4r$B;~LWbloZ3;8& zR2Y0k2BY=?#_1N=ebJI{wVmlSvvCT39lCNP>!x*nf75M!@Lv4n4_7%0?_mI4JY%gt z<_Vc`S=rAoUTC#(pbT=ht8a*Z89}O`y7`vb7N|$*TiKoK!I^RU=%Oy7 zeBSWOmb!E3U5yM{yLVSmB>Ytg=>TjKa?THPtQh86=}N;MnT7vUC9`jIabg`R>b8ps zo{=HD5pSS&xNd07EA-6WD0RbaW%y)h#=m=(x1;tee_9n1o`+uz3sshe9}^`t6{*fScj%bvJ|{K{cYR#whM{^|8qp*VivwU)Ijc zULlWumsO!+(?d|Zh)3Ll4y{HnT~`ES-K)7(*+XmNA@{>yjCUnL*5BI(m5B#m>h@7Xi0OyU~ZY;G+IKB-;S#GyKg=cX<||FoK~eH z9P1kA#73LVA4%W^JJ*xC_i|Ub%wH+)UO9I0uO($rn4z5$qm@3|$Xz?dZCHLH7 zu{IwXWQ(v{V0WUV9Om#2ea^)%;3kh)h8lN6c%g}_Q_+Cyrkzf3)u(qwI=s--dx#~C zinmXabt@kDfBPxapYcWKbZ5jqa2muh9LNO|#>?bwyI-WVEi&MPRz7{PSbz1SCf4)l zmd6(8h^J&maRMH0U0K)-em^UU;Klo6_qK4xY}YIYEAgN{)7$llTzSc+WqHY}H%L=# z-jT4Au^h8(wuWQtTICQ7FsG?}Y{}GcKR2E`HwM@4-zkq8BvJ0J%RXQC}=~^RvaQa2_ZyxU)8mw=V9y?i*aQCu|5r<^!YQdx+ zu9+Ra;#YX1me^&iIiOUJGdNyguwywt z61H8D6KX!tgyyOo4BbV?v0h9t=;Vp|h)s-g&b#m5?*i`1-0zB#5`J*b6R^z_n^hOz ziSmTU8Pki-nRFnY8Nu+CkCeYW%pU$m=w(QbeS3xpwC84@igpH9g$FlloZnsw9BCvr zl`O*4#}&mqP^JWxi+o81Em1MKABRcrMW{fJ{vX!fGpMPy{TD?k7LW+iTToD>BULGh z#;D=aGblI$q);ownS#)z)8a`E*? zuU&6xOZ!-4207Ud4EY&UzqI8XepVfC1>885NzP?g%9kl#zcc-uvgFE(Mpl9kt@m%o z%;xzg^Y?BKhK-X_$NmB$22i3*K-xI2*IOo%B924byHvt;= zS3XH)I9k9Us>IHHiH$z-u)cm==BFcEGFFVsFH5y+)cZwY|C;yNwLQ6JfgvB;i#kBX zul$7at{&Nr5~}*XZ?v;0Cqy-O6>%f=&b^aE?i$!tptvXk0J+X0xlT*y;#=7PFHa(? zAfldAA0UaN3^Av5h% zD#RJBvL|pCIvp~Tq9gb$;>`V5So7HF1}qd32%5DfXVjnOU9>^!=pK1`a+K);cmMtd zYf!Z|JvD&v`Sio$`wmBkE`x}T{DGRuD7D(Et6v)pi;1<@0<|1 zum!PyS8Dh!^}O`KyZO#gwZwlJT&a161d-Q3<&AdSv0)S-lxwI#$Op6?*yzGNgp?H( zG9-L%A?#A#Vu!gN zU&D;0z;o66+}V(r29fVzs2$~jSa2nFO+uvR>W3V*GvcKhGS`K_~agg5W^ z;JU4M`CC(}(;4<$%+H|mD8H#tE1Hvt$h7h>2aKZECBm6)Sqr;taWmw(+Ql+OJsw9( z$K;!RdvcioE%4JXbJ5sjYEwsi3Tvr~ZPn(cTe@eF|pVE{YUK_WnVdPCVL=!(Y<04+h@X z?(DFvag0e_o!)ln{58Gv-f(BR25P90K0@dZvc$#7G8b$;W zD_-|wT3*!JC?jR}+S1Y@|J2QsYpIOScWsy%nKrDWQhs4Ts7pvqigg(RV?%uO-b-H7 z9(`I=rsI+UQx6+cm=ky5`0VcV{0jr~(Crqm8lZ3CqCF*@>lj1zL(e*2T7{dP#oe5~ zBI`pKlzJMYrfgJs5qQc583kbXAf)66mbi8lJ1OYZNrh-{>a2i| zx}^@^C7FYe#Ji0CLhN^|%Fym`ZG-C5Je2qntmn;=;YAOUG|w3;y*SHj(TrOM>JcZ` za^OTCBa&L{sWt)H4dR3*4V8cE4k+B zi6y6)2Bl<@k}OEj_An_65hy!wMRdAqb(nSVeQ3ZZnq}*ZGk(@OV;j%)TKVL87>Fuo zwPXp@j9mJF8_w2LDz4*u{uaTV%(3$pAQohi=EUGuAI4?MN!PU9!-VYJSgzLmJ;LjQ z-Ie=~{y2%f9$~PIHWl|r^U%2vajVRk5#>n1HGS=t6hyFD9WE;%{i+ZAxge^K;1tc& zr67nzFC{c|C(uWr->MQIs>sJ95YgW-&YX5%gu~6D%wqkIonPkXm!y@nMl35GV?Oz$ zF&8*AafP>ZRGRJ09D`=t3CoEz!!=R* ze=BOSe5Q@#Bt`>LP6;HY0i0NOyqC(b5Y0QY^Y8WgJaQg?vyyX3T$LiP&Y>^Y(C_u0 zehJ2n`C6jBKSb*Ey{4n%+G6mkL<=m&9M4{bG?7}^24eAB%iT|cAKb~aZ+KpGrA^3>TdN`BX0q)^VaBAH7dAa!H@J9ruO?HmHXhGSA4a`~JD>>!0NN3ds+=BU1UIPW%=b z2zMDfWdCJw^ofRC3bSs~%opI+&Y{kt`3zRSz;x@%TEIa!YMP0ii42Uljkp-J*uUj8HB7ZW zro!;Au8$f$`u>IW&tTq3`b_d)iAf|jwP|vRLutklr;;Wo_6Pu#B)L@T8>^nJWkN^ zx;AmtpVcegm;9u!`i@L@;Yu}Yt&nNgRLvF0r%A{)iu6NLeiHG}c+w%N<0Z|+u*7}d zb|YUp&?SX#Di!_uz}ct>|zl@v}EAI1tb@Rsa-AeVhuI3r>}v#r2X8K(mJ%{Tn;o ze}~h8PabM~%6n=GP_vo{F|>6PufKUPRr=mkr#+RKGYDQ33PCRiOCrJuAZRuY!Q$C`h5nS z<{6v1NpQ!lgU_rxP)@W9=86Z5V-F`syG&Z|ZpU2NB9rE}oq<<)2dn({3|Ff4Kr4@v z5erR?@zn(v@1_;l4)t7{#$sqEU5vy$9Z&OJEfouM?BGo~FQP**s=mi2HB|l2s{p3W z*C(dj?!8tg+(|=PAd?Bmbs9g#lPct?Cf7J&2c6JVS>=vjefkOEoP7|6Ut|@kmhnOi zXqTSjbk838NCFdr+n}?orkO*NJI!I}4~W#Oxq0$!-md8v^JC!~N%opoIJzGs;hJTs zG6-}VFk}r!vJ$kI!xAgqh2Dm${oDjP(Cb5)P4*2 zpd86Vl%_C}ghBlj=vDdAC5`qu?;?SPd8^h?Z`TY2Az9fz`ycj-_^S7zE7Q;dq$Uy8 zUPZZCQBm?n27c58cWg=9$}}^J7ORil(u;~1@U7&$b*(MY^sZox7jkkR3^eF1`UBz! zjt`V>Vt7{#O^fugRsdBPEd1_eLS2ztPLK@wpz)*A9D@VjbO^1G8xwMD>a%0nm&|pWenc@xOnwZDgAQgc7_jmjoG9^NiJq(YP8Uj5 z1!@phD_fjWx^48!)v9_*xwf;oq`0|Y5#UA{WZqWyod0tFt8_y7F?M*?up1>r8p5w7 z&2FxSEw>X^%ZhQ6M_ETRDxnwT#qWfC)SZ!e(orquD3mKL#ZWkkxG9ImAw zSv`!k`HklUno*0b-8wQx-t@1xwfYM@Pr<%W(D#Rab8SnCvb#xnOkeP(v=CQON9p6p9DW4*Q%Q~ z#pyfCMl?^IpRaJJmUxaKER+GH#Aob%Dy6SHAVg0Vd+)xqq0aA+MSxmW1 z*>9h-O9`oXKzR70e%wpm+kW|?&lN`2id?tyYtnBj&G#})4CY%g{3_@qU>Ute@mW!) zDJDI_d1|4^?N;OBk^8!htb*lJOzhh8>DTT zw7;jaYJCE4zHCW=v{12Z@5cF=$oU_^j{L%&egCOS6$oyDM*IzK&k-a~7S&~JZ0tWp zpoUH|)f8)L6GZ-~5*~jLoY}pXs_%M1{QVq650FiuC_{Q0XkjG#gz}*IeSrUlnP-}g z94!VdR;cg=*gl2a`mST(oWm1G_T z_#OAdZVXVtvAyGafE|Nos$St=G<2gzdu|aFw>ME zIAc+k$5um3g zX?3GNe*egxEU|pp&Umf%$=xKjv&;;>fa81(%84kmJWT*5_@wg>9RsVZC?z)4W5<`& z1xFp`im~y^6r|>lqf_1Vcsr zByhI5;Lx-DM~KIs!3(kNMXKAja$b=8T-KXI+YlR5Nm*h*WJOm!q6nkdh*TT;( z`~TB>{#CC~_?Ma$wZUQ0zxzp=7YM)|gJ_h*Zb|9Zk2018;iB&1jhrB?SWu!gwNfkNV2e8yIz!b#-1no*kxnm z0$bv(VFC>>Tdl+JfXm-5G#UljvK#eU;^e0eQ8N3ymby|A2se?;%6s_sK~pA2sNp}Wo22dVynW1iYb(}6qw2wig-FaZUwWdSuttL{73NoKEa z;s&m-GGwi;V|y_j{REwd!IO?`%;@3 z8g3u-3|Xg!Dpbqwo+&|IA%de&Tr_EtdE_ym_ZPs%Z$K}&DGa%$9`0~_sm*NRt0;=S zNiJ16+`=mQJ%SK}|0+2kz<-R58RP>a%UDm#y|;u7Nj7eS|+SEoeKXd_w7@ z+&{p#S^fK!iq_!aFQu}h+kNG{`U4sL~SBsgYkL_6KQp%~HY z;G5xR8qQ%;97Vl>_`A6}9gb3_=~K!AR|kXJ#uj<%;Wq>|)atXvgnX^L+4?fp`SU)d zd1m>2h?q^CNUvwfdc9(J4)GB0jgR3O{P??A5XR~@ZS)9!ZI)|iG)?MKgSkX%J5&C# zLAUvYCX{MM9~B^{apY6=iIB_?IOl<#o6JAag_=&^UfcDq?axkkWaGO+4T0;OtvL`H zu9D?daWv>L^PA+M+L-r_v;6hN9@6`TFK^}4gwE94_j=E_FEcxi(A6l@YeI9Mo0GcK zT`es8S$o=a{eRJ4d8k%T09B+3iV z1Nt>>@;$k?#A>TC^dIh|>(6>xp2Ha#9QnYOpjpsra5x5N0d57yo6|240eVKZbtEzK z5_RVE!^X3k#?*%y;u3p1QvDM(s=7z=9Q0lkSJP>hH{PY{oQL5@i$zxRFf%vEyk_QQ z+xB3YgYJ#{!W(X1Uu=Coe^K?b6)qrePZ}7?^l9gT>UZ?a@-sMV`^&KOlc<0}$U(Pp z9&-7rgJXQxXo-nHT-Z)AWEMO#x1 zXt5lkYLjgfu$g)Fu32Qnlor)*J{Ufv=)2`9Aze`J{q!L>zh{0y zPk=8_c0&`mtFW*>d{vfEzUw3W!n;tw941=m!5Lpltm^ zMbARrsRm)RW~y0j`ttGe=)VjwU!|EHBpQ%7qg(RDrjI_yPd9p}g#GV}MKpxt5u(@m zEKc$C9f}DFsAP7Q3%5~n|4EME+QO;5`Cp%71E!`Q-y0jUf#Lo)C*w6`?RDewi;bB> z2NtKhGEWV!v?|J^^b`s60ZRYpZ$L&5kynB1ErO)f=2?a?U+M0WebAcEIOUojG-8m+ z{_%SBckzDV^o7*&uZ2##GtWvjVqE&Ud5fy-YXGdz10Rm#BAT}>hyTmKQaeBR;3<(v z$t?WcH$8pUItBi+etwO!tD5jkr|&((mleiWw-)I$`JBY**ANf__y^C9RcJ~UQpP*y zcq6e*2_olrqQ};ilr9KdXU>#P$`Orx?%xo3GzcT>5PK=E#5F?j+d%h#Fb%?f44^jU zEFYhb>pi~UH83po*i7fF=KdXr6@@3yZz!CrN7_AD5CxWJ~>#qK^Z7TqErPUk(%4gBHLh7uV^%739q%?a!MGa1ky zPzw~0*QH-{SXJSyPH%7+(DegrwAlAks%#pGu3h+7&{{|%3kH-((*Q?kJ{i0G=FYxs z#@@&su-uy8rUbRxaa`CM)dRaid#=393V0B@KO=@)vQ0ab63)B7n9)PZ4ml+5?cK4m ze0EvQTV`;A+lyl#TnlT_mmt5Qn5eZ&`eZ(k_ID3-d|6lU8!nFZLISAO-X&H|8}$`P zNZ0vK840id;E6t_&BWkN%sJFlzS#HFc^yiB6{YGi-ZQ)!?p5?+?ioTWzOICSE4E>n zTR9sObF@4YwL0D1?*r+#0xWjA@^%DWU3hKQF;k6BjL^=U%foJB->q&~6XYhnZwX9E zpsN1@qywk8($jR2aQ62Z0v~I6Z``Rp=BOta)kAmm-G@O?TjAn16LW;L!|79p+PRd0o13T~8Bj~JoN26I9 zVNh-Y5!$Y1l^$7fso5PlouOK6vFVxqRJwWKm2QT{WbBcsdBzeFOe*Ozobe<;l2)G8 z{=khsN~_TQ1nXV5+8UYr^kpg)@{D2QF3QDJh?u^`!m+g$Rx{iH(73UooGH0h@W+(nyjG1A>0-S00PmOqOrh% zZnTGvpmz@!KWNzLnMj()r(THfPriG#@s0m=V9EvbkvKWZbJT5$k{+dq=)Fzg?RfZR zYq@>e%-Q5I9%7;U{L0LqTQ+b54sl%$HOCh+P4y^Fz@R5h^+tNs+k*5t+#Au665sB* z^US+jjY-H~o{wJmx?uT2ce5gRi4&+B4-F+1tATS;=D8);7i18yS1195U^lehu=|p0m%2(mRxZk&Q0*v8llEmY3@&+q zyT|o9xrgbl^ySBIeB-ls^wab6fSvr@nDQy)d<7hi;)s6!hKr+<>*-di)U|5>hx&nm zf#J++yW$WtXbPKBshD?CnsTfYuv{$r{W5Y z{}At%gHFQF^Brj3K*|G-NSnRE`NgopT@fE}s88m4(9qsQ?j#+kA75JTqAS$YkTC7L z?tx%-+SMtX+%^ZIz0=BLKLLfN```qYJe`j^vvszO{ZAWr}4%jOQv{5bIxG$b>IEG=zy8z9t+N~l`3VOAv zfoAdv0VI=USN;fOtHZlo?k+8t{>i2%=@Q+>@50Q!bNS0N0m2bx_M!wuLak+A5Ycwn zA>fjOl5dtMt*Dw+(LeKX0p9kcrssx&_f>-#VtEgP?Q6-2ggt4c^{Ut&{+F1&-|+zW+n{^#5C@*?)?u|G&MgK@jNVJ`K8J$g%zR*(1+IH62`YT}+6) z@@38cJq_9f|5ug}?EmRF^Hg!dSH|_CVWH7`$Sc&Fz>K5~U>vh}?J1h=hu?I`Nu&>R zS5c)$WA26EQ2#(*Wgs_fOq}H(x1_!z3+_Pqyr0#FRdZE9JG>@0Q4MfhwN|Je8ciTI zA=iKX^}`;wWc;+Ys~}T4s>>0koQlN^QVk3%Y%g7Dio6}e7b+_Vuy8OR7Q})8S>}h# z-&40yf17dbXPQiqx!>b&Z3$`h_Qs#~uII>v{`eoCYs~)Fr5A!Uhshnp%*f^o#L#v+ z6Okv~ouCiy%9k5yR;gHUBWgQ6%9PA{uQPg6=DQ7YmPv^*uR{ethhO1s{g;82KBT@> zPk@5lalDgAZa8~Ufk&frqm|vf&HUqtTfPD@7JUo1T*SYF@>Uf7;(^ets*6Z>B1S@4u;+zI6l*!Zlq3OgcI)i>S8pGaE{^l#0@dm%s4>z$)J*wKgDi?ADfu67fd5 zFWcIE0UK4$Wmf<9g-uO~W*MeTm*(S?0-3Fuo;cM`2;4E`-p;gRqf8Uek)x*XjuS}B zQI5otnC$zPwYAp2EzX@2TVL?D`S~wHkjzWR7Tl$+`h0du&C34Vct^0JwL6#}us3u6 zHs5^_BwO*WQt)xox$2CGHLa)S{Hu5!s2l!Ow&Cs>VzE!8@v>Z`*~Zvb*D?Iz*qpA% z%pd#1s|x}=h=#xx-1 zhYtPv{K;zjENpLouCctE#Ij@&bN>e?X&L>0e$0*b6Jf3XG~Rj&Z`u55eS5WA-CvnF zdc{v2G1Dt&FU-pwb4K>I9}Xfv|I1Ka)d@FmJwQs547+v>pAwl=HlCmnzhb)lWJu`P; zmG!vUDfx+u&6_iqCWMwRpayVSKPWN4oCg-h-LOH>x7%c88in6lnc~u1ef*`~D)oG= z38{L;_u`YnIdQh9L*>V;LZG()ETd@naDv(P$KM6AYKDNKPDl3IJY3r9pY>HiU%?E) zIJpa&$K^>3G-aY%BHA01C@>r!;Hl+d%Rb)j(4|2!TRoq@ZxDriBguF*`TQ$0(R8LY zewDp^>C-%9$4YW4$?aXgzr7+jMFL|9u!(G*p4V zTfI`;Hw=KZZ^C~IpfF5kb#?gj9SZj@o?nff>D$9Z9W3>fA6@QOxEcIB!uZ3uiH-oo z^YmNoy!=I^4CN_M$D1EP#$WJUk{mAwYmdwGbjcczKI;`unu`$)tDb>occgANr-ne_ zBXihnQhW%pfmW$$+v7`h?P zxzpig;gsGgk&iv17ZTe$&GAA3Rk0(8&1ZEZ0jD?g)qO6ALT67*?xgXuBU_pxkD*&} zdkJU+ue2%cI?)MXy%v>7S3-M*mC&zv>Pt;i)pnL(v(Oq*i{KEtX9&(^VXa^PhvK5A z^4OEYHC+{a)XNiqi7;PgMxC`qT1?G9OEV;~f3LKi?<{7Wxu^R9i!q_zeP*-kl<@R% z#6`_2ndt<#7 zpmUtYuM(45@iEZzqNMb}BlKnY&1QXrgZ_c>)03(|=>tW-?CuzT zh31f;_qu%>YB@JN2`Nab3O5p$Q#?<^6*+f15;u1K`mqRG(l8`CtU z;w^KW#5nfCG3$1Y+j>**VM(HFnu4PC&ucf6>;)h1@j2)o<7dQ-ag$J|e;F9{(MpEm zlAq_rzV~tfzM5Md_tP{EKx=S_xMI(q zoHLW`fb7LOo(JOATxSxC@b-cF>eCkEaz}A1gYYn>x^X6lc*pd|s{A@qFAUD#5iVQ# zbeaTFu%b9@6AUn<;b%#N&apx7zt84WYX8Q3`!3^Bryi~&K1Z0j@(KW>$)v}*sS9us zXX+Er44mWy-W6cCHAm!-!7E|jOZ#TEBQRstxQg!Lxw~XvL;sfp-8~6$JvHkX4Z%$n zP&D!iDXjy;2~efOt>~Hw^d&6l;`WrEoySXW?5B4*4;|MRt@|?ku7KMt~(z1(P z=i0*53?_l&)@M%MU=nWsqc(fG?W~2In5DxD~RmzE`04u^xH3IFPz;!e@@Up-h2edN>KvPVssZK8VwYK*Fk`u>s?bBQc`?dhMJ0LjRV@&mXLz^hUxt6go&aQ2T|Z4Kql9{g zW-*~@uhxZ*M5&`AP&Y}%StaN;+d^T;yloBD>#`JB@~5-@NM3(~;!H?3SZ9qS9? zLqR)*L@_{54ZORjU~3?Fsf1EuN^0g6$oT$c>&5lO-NDI@F&_XpN#^G$fJ&u5H=V!* zr*@B_nCJsnXhI}>f+oBi(Y4=Y4pDtGC~r{cRz0}cQnA^jb3HI1eX;J5*i)`h6WMr- z*1rsq_bFKfmC0slqT?FR$CcqT+e*V4ZW4M?MyVY(sm_Ugd%9*8Prn82NIlEzsBuoX zBT>WTiw4t$+;EJP5TYyDXAEm=3}f=7->DhHO788o56Z^%9J2Cet0etQ)jpl+?qB~* z=YRq92ib~py>giF<8k->I%4HVf*#d#SIKDPTDal&M_7$iUSAH*`-a!~M6{WlHYJQs zQ|Um^1oJrVtQB^#5>u$S_`C7TZTd*vBuD-|WaUTgY&-29hD+to;C$T}3sfJNQ`2M> z#J+??Qfh+Nc0p~KU$@jz@!9&gEUsy@)?>Sis@A)?lSw+sQ+Uj-E zB~Gj9;xO>re;J5%XaZa9=+UlJ+lfg{P2DJ=ss2js_NCQkKdph+dA8=a5=&&H$59Lj z!PUwL>LW^Aw<1!;CxXsKl88d)Y3oNlt8T7Mv#8Iql71IEQIcVGZ5!*@WjT|J4MlhQ z%#K@=U@!>j0cXK{w$pYMDReKLyP;Y89h;S*iXfiF-)8VlHc46|DjIha}a-NAl!SoBi ziRJ_YJXH&Hg_71j2a8tG@}rYkdsQ?ns@ROId#hzf9+!(f0V%vr82EE%jR$r9SGFC7 zxJHhrJpNi)LVz)QS}nX}3x3}iJEB!SG(`$&`U+q4&u?0&^V5acQiYLhl$vtdnXzU| zV(4nc@@w7>bKd^)8QtQ0U#xpoehegE@5E>KO&z>{`n1oF`fN||Au1LrN?|5|-on`S zP=d3%kT2QQ-*c=dS=3^AANhOPq9O*;Jo>Ve~ zp0wb(nx#qL)x@S!q*@xG>P_?00@lyUZzp#4cO51xCdA%5*4eLz^z3z#DtPx8 zBY+x0sZ1h0P`7|!u<~U#P5VlV`3I{Sfi+R)zn5JQ8$v(N zB7~DQiO&wzKfUO#P>we^%RDKsD^70N{0+PKd-)&%&+;$B%qEDQ=UVkO06c@~u;Wt4 zgd=Z}Ty4had>-|FHiiTpS;xb-CYYu98wE~^-B;qvLfnep<;^-+?9J1=mR(PC08iF7 zo%3{gR-n)0UxqmV6?%UdWcy<}o$P}}eqXK+&VK1Cw4!peB=ndm>oxW6Hu_>EO3SVB z379QVJ`ToN`-8hA>WQT`*)$?PRk+4Rc3h?0j~6PF|5VIx558mvATxe|`XER5v<_+F zT!G-}CS*-(UR04zV*fpzaq=}J#csY^xc$eMPuI)`-bOqQ$}hqZpjekNow-?_DI94v%s@NAevwu*VsH`X0>c5f%erE?~6Z_>H(F}s@DryoxNBpeK=AhWl8 z#DJ{Kz2LAC!IR#E?{ogIk)%ByR}HoU;G@@iula#LlfGs$P3(~KI(1BO>&4~5#pq6d zbhT^Sa1@ji!VHQ5;)HG0I`eOk*6F3el}lSwq@{tO%(T1Jl35mAu_5dGa#C$bGeEM;um7<oXvZ=2Op1LO?S zyonM=^4QtW*Vn z1G)g=t*ats@@K_R_g?5IR)Ri;~2*1dwl!(f$dd%hHFg1&* zX}hSW`HRZaShcenh^yKh;v6A&)!{wu%u)*H#?avA>uYGhXv>9^r0UU>M)#T@1!yT6 zUZP;`*PPXBs$gC$v6M|u+|0P33lEpsbR|YrrPto03V5ncld}!G^3ZKd=O*{WnG(FcJmvmw!;5c@eD1#k&gnV6hX|m0M3lo%8V@K*24in`bhF9> zZ#(O?z%rz<_e4qCc7;?ZLcR^p15rf60n$b3aosfbhjeE>gl~Ko>y~<;1$|sC=y197 zrqjLK;;H9u--ZHORH_P%kpe4y0LYe>I4Dt7l*2X@$M*?GVtQghfuKIbH7M3q%05;% zkDVZ>_~r8*(=KT|X@6&Ub()e?N;9KeA+f9xhOnzQ9phlH+<~Q3AiO;}?Y+eF81?Xk z8Lxv!V?&mAWQ{C-0u~DuU<=#K`q{>^KeM}(A9^CS zCH)vLGkMmy8A) zXKAmz{&?akCe&LL*A^5X36-`c{CKTf0N){z(rof&>*iJXJzHBQJ%L*X4i8i6Zu&i| zZe?_XT>-{TRZ8`_s81Br66A}?3OZkp$bwtRvMt82+RKlRqr7nIi9*mKwQ&rK~i@GJxdI7d29 zeKZQ}xjYY^MHAm35k-_z8?o)4F*+wZ*c_B1B~!-v86GDV(X%2Hz$moYW*CWLBz5mrlcw!R zi8=0Ni*BHTN(?-V)9|8TKWu5>+KWD0CaEtS&JS_}tEzwrQ2>}~B1jShdRhM&UPQ5Pb$ z1l#D>DKF>f--~CHu62!VjqMg#7sYCdqnqL@FP~+LpZQbPQOgW~Bq%TgzM)^sd4}*inPG5FlfcS^`8I5sL;> zraQ@9?a!vXkA`DO6|-?`K17E|(BT*PTT9fVY(gi)1xS3!&je}j=g!*eiqCAX6)p5M$9?A`@$ z(-hB$Wq`iN)p)-UT7RYTyO%1mbDE8WQZ;}@(i*cPYZ+(=L^&)U&-*wxAJ7NMRcWW* zgG-(Pi-|9^%E(a^;QLs&36KgRo(iLasK$D_5CD_G{y{r8BqBrXyfo^)=1;nm@_pZ^ z$8IgQ&4JZvFHDFfFI$IjUbGUMlfT`e}cZ37~QDK82Z7Q@9#sBNpbu>SM5{ z(hnx~MbWYqN7P=!{7!sBE0dS{<)4@DU2Br(rT1VMkoqf4pmXw(yUkFZW-&@iGTcf8|p%#z&K@#ae;|20U-DxSgJzxCR$xT029{}AC)7QV`= z4DD=F<3iuCo$d{03&{&Ao;TPkR>7>l@H|j&o#v|~5$>q~C=-Q8%S2}k%TQxwYiF}i zZoH()6k>e&o0n*%+O^A&r~0Jfx6J^hK<=U3E2SxouZ$Wd$sX@2b*Q^!3CvsDwmN&) zJk)6Cvp5m!vCUzq&rm zi(Qb*e8S+Hkh8cxiZ0QU&g~il5v7C!`OSv(EBMR(RUuFpzd0;hjSne_ca!tI@ZPu$lv^)O%$AHvNCh<|Be`k?{`LMsknL(&u-IBwA6m%6Z zYOSl{&-y64WhE4+tmb+5jq=BZybve6c@sh%>fX|=YLMWMsc|b|J~E6sH1MCrpL3GHTyG2nRU7?3p8u5y&AjTr#6>Hv z2cHHXp{Ey~khNaoo=ii39wF5L2fE5IJ-r`hIh_VW%29o~64U_Rot!_sb9&L1mkR9} z&f0i9_6HaI{#L@w{Ce)1Mw5Avd34DmQ(dXw8s;8 zFIh$#N}5Xi%QlJ!`FHIPg)IAVWuns?z9o~B#r2fDq$eriZx~LJqA_Pw;KAK!Vl9rJ z(zwI zxz18pz9brxeG~Unp{*$6W@hDxq4$d~=SF1aL2P1~n$Bv5X#|f@t3jG(sn>M#PTCeC zNv1;cagwx=$tERJ?xYdMJ--MIw8f5;k($;7Xv*Ui%20MIVIVm4sw4cP8wp5guISFY z$pn9+)X({7$5GVVxrQiDuw8Bkvo5Md`#`Y(m?T&aFmv>=CH>xiR#1DI1O)#bFScC~ z=x5Xbnp1E!2um`&PxYp*U%XV5tIS|LXn2m<3X3A~O+^mk`ex5V5D=VN_ z0Xa zkb`8q-S3XLzdu5+Pe0gJxs_OVEk3=nu-q#X9ea{7?^e6FtWOH1>p~OIJGPVPqYNv` zcIWCYeg(tRHoyt&_1U^%g%bU|UwLU~HzBiCrJ8EQCaWxI+9)yP3f41nY zuq)J@!C7(}bf+)Ay+>qxtjoyH$l!(0CS+uNKuUe3m{dG&9E`wa1T44Vb9|rsb5hHlYs}+)Dw|+66Xj;?byCLOn#~jI!cz%H^jGM&>BO~BFk!u_ zGtW+*;alwkT~!6_>RdGdlcVeQKY;&uGL7EHEgJx4o3;07Z-30&@m{&)Lq| z!4N3&9k^IaV2rb6s`0e^mD^G-jPZag()!5p$;5{#-A*|Y zQ#k+xXFJOz)~=M+4@gT&33}Cs^`5dHE}bQZCHusIlb>gGl~-=<1^6`jmKEM^;3Y-f4UH&bhBbQbMjieedY;lzEs}3bB5to@lVW zTGH;01qmTaY_Z?IPE_vf1XM`v@94sB+slj(Vs%3Xz9E~U`WUv(vmSNt%mPJ2-KCU$ zf?;f+JMHcg)8y5^rHCd~?sdodPHnZufktDNS8s@GA52 zo2w+DjcwC$Tr2xWk7>}!#%m|1%T0l|nbJmIF|fx0jC#!}{w;*pbBUQ)6{8|3>)!#t zK6nx{lZj6~Fk>2cv30j)J|gh8_}-G9$j-D%yQA3Cp)VeVaq%Iry~SyzmqCpu)_y-` zyEE3Y#BaqP^-GxkU=&Y|PK>925xx&VX%>-Zo9vY*FJTdd_5p|i%!-!JTT3td8juqS38N~9q zrt>GgukjL0&#ms3@tgnN4|Iuj(nU!k36+57BO-83&j(}+#BmjOmb4bloqiFcmbzH* z{V966^7@yqacc&na@%P8{Y*gu?MNW3av)B*#mlqD6$XmaHX|t0v~1! z)aU(cM{MNN!1T2VvO0NL{L1`*gN)VMMBBIhuM5GH5X+a>N_aY#mARry2M5$6E zH538q5=uy-QUeJ{h!EoY{Lk9&K5LJ$_C9OxvBn&i$yFZW&?id*q9O+71mr+)fftc6k-|||(K??5TVVm}fK8b_Q=2Z^-a+MTdcU%Daq)k38C_@kYe>05vO|WN-f%6i!uUsF~<$l!_Fa4JBAN{@bD=rb%WkCEM z|6lgU<@&GmhJQVFgtL=5O*pB$29siXTlRPF&7I_c8|84b z&MT^Rdv2GJS5R4RTy8fvhvx1jTq|)@?0+Y6Um%UESwlzkQKRd>k56{kP>~7BsCLmqgFa^v3|Eh2Lue{E`XkKz<`aSW# z3G{SWgsk74Z!^!fz&x_`%p#u1sXd~7fuB#)3_>(H^PAxdkU%_70QQ8d<(2pCP*(yW zKCkJMWYFOe?QJh@QqjTv9>h=P-wXpEfpklY`-L6kcSy>w7@18UZOmW!owrhSV>F!$ z;SNiohvxrM1yL=Gb%oY{SrF(Bg9mR$DP_QhXoclBL%R20`@_F`4flkpzB=6uFbR0| ztYca6umZ2W&xrUokHG2w#~1ldnvS3{;MzZgkj;M;^8EWdnf~2t?3B5D{(Q8*YwAC( z_NTA?T?_mfp?@Y1`kyKH&oKBi4E_v*Kk?e1P!j!T82lLqe}=)IVen`7{wJ{jq;UT1 z4gTy6{_G9@41+&G(Vw8`&uZ`|DEbo={RxWx6(@V&J+68=HyU~^9Vk`jjzKw^n8SA1 z+4Ys3<7HI-@=N^Jc_nfk`91l+toVTC_f?zVo1%XnD)xcc#8VzLjX9@zLa$%0$iG+n zu=%us*=xy|Q=JxBqh!w$3w*X3NV9v!=MP#HP@`T88x5CxEFQSERI6lpLKeQG;OItE zTRoG50O6)eS%rQ#Eu_`Y)41CV_fvixZwKxbmh%Q2d8KmUG1ri{V-(%?!wf5!6{SCN$!O4EdsGEvlA z0t_xd(*%&stO#qUm>L*ukzaSOY^mFm+pBdE={3g7UdGqi%cYJ^4mraHJX00 z<=TMPhH!z+%2{vzhYXJjNOz8Tk0-c2Ro|CJGE%n=3}{yl^L;P)aqzF5*ssbQ2Im)D z_X!Nvxmdud9*kg(oT#425Rii%+ z(=bYI60(Cu{=N5Lws~D0j)*yno|Lx(Ju%}uPmM{_~rSk6U!7a-(?QiEY z6@DCL9Z(x!)A?X~FdpAULdW?6u3kR3$u2SSM;EiItZ#(4s2vUNm%6qxXL;=2gT(M7 z$HR|QV^X8Ix3_wL`p;X-T^(A`D9|YycLnVRIjSKIi=DL`7S3phJo~W6OTP3}?D(;x zdJ~<({oE6@v(&v}+M_JU7cXBs{jLrfQWaUJ+Eu+U%-eH0{7Zi_O7?>RSB66}06*`y zZWgYQ$=lNnw!w2?)*rNxol!V!L_V7`Ds~!vw%J3==fQ_;4I5W4@zET%rdP=`_w@8m z*08KK+f^+RNN7SEDh}AKe4U7c#tP(O(M5>+Yb|e+sGbGC*V{`Ms`nxP&U=jnvhZi4D9#`u` zPYUeyL1H?DsCTgf4Q#g&T~dd+K=B_&oF`lGZO8TE$H#UgT^>9T6-FNyT6*d#|2%`6 zlvGBnE_Z``rJth~keYf#PLfnmN|(M;Gq+ur00P#`mu_V!4(g{x$6C%bMm2fYLMx%S*GuA8L2grKk$kFpJx*SK@Yqs`W51&&HdZ zB}GX$R48{Ngjt!!lPx@wmnVK&e8%#j+)jXnsNKd?hb0uNJ6MZ6UFkkUUTN{EVub<~ z)y6(PqK~8aUxszArYF{{V*w$HE1>lsX{dpLY`!Q1#8nzbTgu*(%B*$AMN_t?;dX~54Dkk`>?SkDM+_`AJmvyZlaAptA z8m`FvP>4h|VE_6W2!3U3ls!YZ$GR5htq`Mw0RJJ6(s)-f7%uMR)w>gk1_o^POWYTG zrJLRfk5;Z!nVhAj=#pY$c0pX!?ejJ5-%>4H@&w#7>WON10WqYFj1v&P++y))L@-vB@ zvG&Z%e=9kt^DN!{uF_aVDnTsPvtrLevXj8=@d+!`ahaOm``kYQuMqwm8(lv)aMISj zNj;-yr{qZO|2_5%DHdFmjLTbY#Uv9>xR@uLQWYgVsck+`o( zq<`YxMsI8#SWrDENo4&*C2iJ~Jr#3%Ue{BqGiM_xR4);;WZi^E^*WhypDs(CQXH1# znL_)l?MoNF_**r(MW2Y=Au^ZdR~f8M6ICM<#p`w4p4GbTk+YN#?j4g(BnEPgS^+RFaGT8q?s+Waj&xp(mlB)1R=QTxpyrAM zgY1X!PcA17G(u&DL*#B4yP}^K#$Wh1WhktpfSf$uO_Qhz6vjCe5JCRV;8fQ)E!z>NuIXGT=%*ZPLrKFO0} zU^(~b+6dP+yGm`^FJS7=zd2^_v!oplKTAzT;6qfq&yGsaPftsIX}GMUC)(7AWhA1?yohRcg{NBJc_yCCOm<5nQT zXy;DBEd<>Lko={v{F|?A-S*qx@J^>Cr|CRPknp5dGTCs2O4s=GiCi29c;d#8zUK$( zZY{zu_oL=+M(dxp5lbB`{~l|mCcOS)3M{jd39wP1B`G=a*t>+>z3crLAHXp}UXY3%nU9DnSqaWcaz+vO-+Gk)l#}1N@5dsE-e)}J%M$umZa&oJiJe-sJR&dE*$q*xjYYAj_};<8T>0*d zg9{PPKA~5!t@*9>UZpQYs&!#ao!W_+`TPJWoC}L_d*Pe&n}&jY`a!T+nZmw81-#TAht5y}8vZ6Y>hHdo!nD_;L8+F^L=I(?LFQukO1`U z`wGdLUio})NsKW0?=-pdFQC}oN8jNiSq_7TFFWh5eiGVR7+t`qn!Eh-Z5oVx+Due3 z)fGJ{jeMc$eV`L;ltpk_?$i#avow$;H^bcALXc|$$!}$=iQ;W1#|q`I5WlxH>PUPG z{dmu~T1^J?fIp1!^mTb^9t+DUP}R`)If4KDa@1PgyeQ-X%Y_zMZ{UQVtkhfHO+b zqA^6(y_~jsx08)im_(C7!#=f<8@D$5Is6LSW^i{tkhN_|mZHIx)&bcQ%*jVal~*4qKRhY@?s?Qt0jH>u5?_Ppaek>69 z*YM(yJtl0ymL$E`+`W#-wI>Bt7iRh0C!i8r1Zv4mT$>I&okXnXQ zh~g2@E5ZMAiD&b%tp8Gd>I{E^{bJ1JV@#VB+jDYXEVRho1mUty6Asr7(Y6VRsr!~Q z8%mPN7jB+c>5ykG&Ug|zJ4k-B%Qb0fOL_i(;|Ok{@#52M+aX^kTOG&rj04L;!7?xe z9@*_mKTp$&C)|JE8c*DKn*knH?rBVs(9_gDVQnxN4*MqZk~qm>QrI?!Q%IoM5s-|Q zuq-r~JHPXJ@6eq(*FD9AI5Ep_kM-owD#mdgV<=30^X!sI@t3Lkf1BQYNL%>)$PQ_a z(@jy5c{;cxudVL=nA|f7p1YY?<@?%!$H>t_0zch7E&uU6@jsaZ>=npm1j(|_Ruh&5 zyVW#z$6mPfMB8Nnv~)s$$hBKHi5Z@Qd60{j?mUk-gxpjFq8I5Hw1{dtfg2qvL9+V{ z=SeWIq0-E~9?T8++daU<`n#w}SK!d$9JYs2it?Q@qZaQ2>=FG&J*%}pd;>uYep=$d8ZYNY#>&*iYtr~ z+!zP=2VbxV-eG6yM4A;()jI-6@qddJ|3PieKV{7ESA}wSJ}|3BcGIN+T%H0^VPo`H z+%FJjQ4dRrne7-(fhr2`nDLeFa{6mMk4Fahc{+M16Tej)ZEy3Gt?j>Fs25tN$oYxk zRQf7JgQ`u*Au055B*>9ao$mX^reBBr_uHV2UkA4lQPRlK#>pP?1EoPz@ft1ltTy*9_6OF^Aj77 zEzi|Q5*%%9)tpk`I-m=m#MS1TrvMB>?GPSZ_Ks>|F$N8m!MC&BGa?G!y*MJ4F6b1m z`zaHwXXDzZ|A+-+bw^$aT#MVp98}J(2H8_~8WJ5}<8q;u6+ttNBQwMxYq~}ACYQzV z;)TPv%7O@fclc4N%Tl!wS|B<69DODY1KS|ViP)y{=1Plw$0*jbn=pJ+Sp-VW^m{{i z@qGyaQBA6cL|apemW%?@;T^RS zcfQ>0Q6gimY`VT@nI8#t{2?=}a#Q;XZ-uoUuIVTTjhg~(B1Lq(dA0=l-C-R(8o zNWUIT{b+bCC+F#O_47Fk{hjl7*-iEBk4OkT=j{R|U^x2N7?;h*t841#h$^cae#TdR zso2ii>F=eYy;tUaMWY@LDp$Y6ubS@n8d$6QSy*7!_AFL?Yg~*JyB}0;h$#fwCy&g{ zVn!C8{M33Bzl}`*@hE9Wws6-}yt7_#w`j?oe-3|L`nBw}Pf&ouLeg=aiL{W=q0=0> zR4654a;{InBD_NiCVr2kwH(VoVUUN1ZFzc?*gg`My>{ZeXv)io@M}`38TuD{&5DSt zUF4Z}t&J3m)+QUNhn24#R;MV6S?y)|P9Zf!CwP|o^7tgMm@Ys4Z~6}WZ72B8g|^Rk z9~7nmLD>4HVHChixK#MJ$~C6g2)bU94SfOi)6TcM#OKm~sF;lV`4f_w#sj2+`~K7L zx~N)Gdi@&c_tgJpDbn9QjqULsWSl(@;CbVb!VP=3gl2Xb3O_-b;SD$iHgLG3s^PeD z%qsS-v727v+VH(%q*S57NVVm?hziqLx!E1nK4S$s|4y&@ZwA2*kcn`W`eqT-0S{tJ zkM;AnUH()Uwr{19H#Zkm!yJWPqLQNmr#oo6fA6CM^n*=A5d38u?$f zlDMBVZSkNhY$t+=QjiQ+S!9Dl5y!#9Dms$2>D0{o+mW_IYoh$F2-6?Sru{2z~ zOj~I2fkJbp-WSHpbZb5RXLId#A=;yWFcM$cOUoQ<}d(M?7$l zIYn!Lk_iXHN1x9`Djg&1eeejtThx#9tjZ?My?PR+qZvOS!j(C2yi{Xm!CEDU0_CPA z+@+%rc<10iu8I@X5QxHvJkUilp3LXrbA0%KL_t`AKH`e5B^8?GZ^AIMTm=$yTk`W$U6kySj`LE z9hE)~I3zpuxy`zbhcS4b7{93>j(MDkcieH&JnfTlF_k_wvmBj(gJOADW8Xy>sqF|dE5(%h zYiSP4X-LpOFn?X+$+n1A~`>b|^HHb|d$hR`=7bSF-_IinkL>JY(g9CnDiK$1MEkecq&RascKJpuYS% zXpbE)-mWGy*bZMQd`nCG`Zz5%t?vR}=4e%xMkc?+DT77Za=xK7LlL8;^{u%G!0$K- zw6vH`nlqX9V+D-uv^08ItF3$4-=y6vaBOaP6g=?6C@?6^L|%vQqQtib2;B5}zA=3O z#qBqmn9oSlCV;p$=nMCK%GRQlzl!`AbcyVL@KoTYnLpD>{#b@nCs)AQRA_e->ZGP0 zUT{HvkYH9vN^TNv_}NHq|1AAvS<>-kh3`E>HD-2qlUXe8EC46f#sQ$Q(hbP`>W3k@ z@8dO7*_&$?dH0HHdR@LoZky@_4*TWvC>fjd0FWprT>Dv2y}No-%&w83LBPAfEMApb zeF3j$?^<(#>G=4)YgIY68166I+Ort9{Ke6K| zMYw>d*Rz%^!bPb8<+(Q3n#SdbM5xs%6OC({&94a(ufFYM?3Lc>8(fa3v{3c_0*<2r zk{UJ|%o9D)lfC%?@1f29A^)?1eTcPDLPA`sSp+fpI=3QC;;j12!ql70CIQX59(^3N za~;7Q>^O6-ZcJdC@BED4Jyb`FjqWyatffBr$eEt_D?L#RZ!Cteb=4_}ZIG&9{lhB1 zLv>>z>SCXCuwwB*nEI-^uT+1YmjU*v89zKKOnS&Z2q5h$QeIP2$+dlMbUuY7FfaAq zG~du0nHwEc@m%YwnT|zP{KzMn(XBY8c)mth*1aK~~z>ql>nYozs~UJX33@F{j5*h+ZrDZho~Z zrKP-b7tzZRZLfS-f^Z2dfT0ajK7rK~lkW7*5i82i=ahe)H;{WZKbKT>K4$9*qvP2; zR(V#cHQPuQrD?o=0YY)5rntS+OF3nIbZT5CF-)uQ7wODqZC_+in4QbUFGSEg+A*q6 zg}dyipAXKM$I5Qxhrfqf+%uDVzZrta$mBM+Qur(i)CM}5-{(}yb7LQa}EkSCczMz z_>}#~MfLpn`>v3a+HOP(GitIq`V&Y{Q(jXwuu>y-seW>U;2J*P%9skA4L1mX92odz z+CS7ly?kIjL`s9s_RUz3g7a9@O|ov+lf4eIQ0e+l7ats(y_WLXb+E@)xbh4xH=6L= z>a0F)t`fygvp>v-U-=s7-;~c!yCNIx#$9i8N_DTyIDUU|eefEW(Q@-Vwf`D#^XR-b zpC2nx3MZAcYpf73_k?z}($;1}4XQ3ee#)o3E!71IM+hsl-6z!|5-9s3S#N0q z<2AmAa!Qp=tvTi`9uGdm2kPirrb*uqxV!jJTVC+{!Hntqx+&j-T!p)_#vXyEGIx3w zL@qq2te{*pD9^Fb75|a{wa#dwK7Td{_fz1}MKt)8SFsH3{`{~+ZCX(7hCVJi)M60D zf+OkWlOUA0q^!g(8$;k90)*2_?(;2MjP51N)Q2hJK1H##dLfM$8Z%}~xg3=C!yMYx zAd&~LUWEGsCPnH;8+yk`=-Bg9)f>i%yz=8wZH*Zj-?wvTW3Pv9zw7a2Y8pd57Tlsb zfzAY~6dQS*O8j9;9|F-Fld;q9zzB&&649AJ@2u2OD)z^AF6m zH}X2TTB%T3@KJh?@i`NoCy8rJ-44tkH+8k+hQI8@8;cOCS2b*%;_t9+KIfDOCuEE7C^+W)6VN0R=Np z_>S_z5_IzxF+bhYa)SKB12R3Di?B*|=bv)ler-7*W*I7-zHy=iz^;l?N6E+02v(X6 zDR2EoG=zD6O;ypbrmf>{9#Jg$Lh!4*uTSX+hn_0(=0EBKptfT=w4D?{bF?-thtiWolhZ+Ax~tHsCIhITVMG;Q8&oO$Sk4fQT9JAlB)1QrWhksE^D z)*%&eYZ=vs7a0)U7u|xVH4^jcQK!!tD^RFZD@1AOToSY^dn&p3F2S$*ow24Q`nu-) zk*yS+xDLtStJG1_D4}7Q$V8I5Sx@#u#r^yWoIP{FoP&BMe&pF);$i(Le;#bCy$i%!o$7+=cK?|(xLE0p$&#Q8w^oMu1D~=-!pM2SyLJG{JGAe`Dr>wxY$BZ z|AEuV4=+Naj()WWg&7%5C_$*wJWZvp(=RNoI!U$M@rxMAXug?)JM7%2kDC7E{%O%w z?LzRcsG*K?Bs^!&DsuCG-l~fWtp7!uRq);Dka!bV>*-mjm?r+{^QXQ7z2H3~swV&) znp3o-B2{vmx|-}6Q*?pAe>8FvWwYXZIq;l`8k}f2@5s`p>Jo3b1@G3JAlNO85+%uL zLzKr~BoWk`no86A*dC3KmQgQ`ak!Km2ldJ@Y#-?tifB0x(8)KVJUkuA9E9DBH-<;s zQ7Mw~(nWVGgj}P{%=8${{({QXWZ4}?cQC>tdiG}$w&WUK`6--+%)6^@c~shdsoC@!1;2iFz-;VjN^8U1^?3?5r zMaID(L&21f9xI5*j&szVpd~FIbLtSzPQANlIx7o1n{A)uCn)#5*r3`=b3iIhDe&=p zSl&%O%t*!X)BM`3E^S^a=S?ywg)Y;T3J7QDl`0k0?*@eM(-O`$HaF8$eJ}S!zCYQ+ zcJS+>99^4O17PW%nw88xN25IL9!2r>f52b2 zc(z1j5`FW`8qu4N0WG2bIvf(GgoQBm*b9;umMP}1k*+V=i>F)OLs{*7KYOWvUNJEx z|LH|SV=GGzq<$vWFF&4sc?|IJO<}OpYDdS4+v)dZCkp$HviEiS2Chi9s$DCi-ij8K z>_;EwwrLf?j3^(etGE<)OiAYJ5;yp%`ue6shey%Em$|tD)R@u&rP7C=Ba#u0fYH+F zHt0K`U5_?awJg?-HGG?Xp4(fC$`H8uR`vV@tTk7>~W1A6=*W>dcb)&i&rGAFBTzB3&ZhrGIR@?q6SFx}9fBEl1$m9k=qIjo> z*i`-J!`h)+?H`-a5Orz02@pwC<~xKcwHR0AhN#_&R@PF|mt1U8DGI5ueTO&P?3h)8 zv}p%ss}T&g4g2lYkoAv~B=zFW*ppAzzV8<$=^QUt{xt#k%frV}wb7MTFdy9UXgRo4 zu*xJi2k>-xWGD0%mtvwXy7+5Zeo9!1dyj zurhYUVOiW}ARb1}&3u_Z)*k!E8~WEt_ielZr9WhwqJKuP(cDOTrqnv^M5V0_D$SUD z+-gRtXt`Szqjb=Cp9|ZZI_Sl;37!$2yl;}BbrTi|xKaUVmC+=7@R;%_&wBRp?ycyo zR2Uq6n{>E7YlJ9&=ZyDgj`fks95mBY48Qas=8EppusAwTh&JH|} zvL{71mD{$uQ{1i|T!`DWaD!fa#(z1KQHVj%eK${(gg_%gfwRLlE3)9yOq3j54CaVu z?GAe98ci3L-|W60=FeZ0`EZat$RZczEU^^IrRaw}0_LaPYp3Sp5g2iTUv5ntUh8?6 zFo)3>x${OP<3C?nImt+NokdF2mOIwJxO4~pFwS`O+wmb@EKi#^nS-K2^&{k(bdYP& z0~U7lW-X&kquA;L!X8>Eo@aRBG^w!p1!*0SvL!vnQ_`;CM+avO7~J@Z)g?UTa<&mRBxJ+aa~-V7ye!Lt}o~)n2!dTfvb8z>I3?S>fPPe z8GZ2`!sD7+4o{nsJRVD0VT=-DzoI2_!kCzsz18k=-3zh{!$UsAbf$33(oCr(c!{aq zz5LEat*QDUwa1g+J%V0k*o#Si3z2v3{?@wlk!cb*sveCLz@oPVgCC`%!CE(DxazYPM8qj`R-{lrM#ruB>+nDDNW{5g(=OGKDrK@>@V?2Y? zZr?Hm5sLbc=++viOGah&WdpA&Z|{9VB-)Eo>qv9By^RD?j1_S9^^CS^ai3b*BfDtU zTb&KW4c4oJx9YPLgyOAcHY?QBEFK>~bg9N<#tDK8@i=}xNya&yki=_P|HTVD<^`Ws zZhSSpUDJ61);Q?@!|dAgaDC-(*3gX@dNGq7l zn3{pWXL3?mtR4ZLa-UB}I%kAFZF_V2*@@YokYr6Z@?NhDX@?R$)+XoTNLKAKZ&LSf z!pY3FS~N__Zo;k1SwH^Blpfg_I1%tGfQG&hv#xm@NuQ*Hsp&;nYRso>mo7kzL#9GQym9+sCSsOUi99 z!*V5QEjPVfZpsPie0!{Wjy3pVZ*_82deNvd!cc#kgyS9FG5Mq2fZjZrLddp zZg+2F^g$+n%@2)7R|&R|kg;!)$dyF*OSOG#S!DNlG`8n+jXqKkUf!d{SM1c>PP=+(=^q z!Fh-A9ehotGfmH{87WWo1`I*!~3n zV@BIGX9yR6E~51*`+DMosx1c*Xwga&h!gSXH$#GYOngJNvquU$HKw;EsuGR3_?j)Z z^~BPvwA-23tDmL5|AjN<#MPuMrF^~7Ll>K9V6)yvaM9$0=E@sbSLLgT^KP8rAr1(`ZBYYHbMoD27ipCym^XD}I^4flQzUs}A%nO+}Cq*p_T6~y3bK7+~ z-`-*>A2wd%U=I$OL^y5n2eXl9!W_pM>;ya0sUFu_BFq|^6KqqfYUGM8a(`;<`>J#0 zJ#(`}%?YmWv%5^an#T`R*7GC}GwPwSd--Q*HZJ%e2F z+W$f;??fRtCdlUj0`~)|2QI<4=?h(grqYpOKT*92q=Q}B8uJ2p>I_*2_>&)}8eZ)2 zI>{H-%KBOr`Lr<`Bn?X^aC9QVBW{xSHhwdZ%X;V+r#Jjqou=!x{B71NJ>9$X7?)DD zsxIqaNj9r{0p1!;JTxKu=#ddUkU2+vs!uU&2td2XAmPF#l=2p>Ih$c6mh$<>*XFCP z^y4Mn%mRMtq^r5FJt9Mhse}cKo20}1ZZ>gTZky`Uf$H@cOj70tp-dp@R~?VRh_&$_ zzxeEH-}w4oO3^~FD!Dkn(J#L@a-t4r*#Qz}+oDlnlk5c&bd&TSfxj8nzN!HE2^Y^< zd`=p73NJ}2+7A^DYPgMH{yEC+(Si+cgW@#W?`Rl5+TC29*m{_nn$41PR7Y1$^l|2| zS~KIP*gDWB6q_}D9L4)uIsc3{O>}=c_DRHAohpX*Rmz95^=rS=R-PUq-VC6sO-Y2l z=P5*=B~(1ma|CcOFV%%f&It?wY75LJw>9+gOkdodi{N;Dw|rCgX`ToP+J}q;ba#7+ zZTfFv_dr}Q5I$rxRcowwj;#`5V!1%57CPDr_;(FaByNCuvsG z9iTNpBy5oc^(vjT=u(eVbj!?2HaujKT1{^CUt(yDT^+`p4!4$r+5p}ZSW>?eD!@k(pj-UfFdJABn<_e~}zYKmOynK01hlyR1v$gd0HG1uIwu ztDP}C1(uooS^Mzgw3YZT{KSv*QgOwYk^UE8pNU7@h?n3q!A2zBNQB!KBg|w8)MLU4 zLwA8?jP=lv+L^~Kc^Hjyxz8_#p6uQ2((GDNe0iMVOshwz)&Zdm5UT~$(LmG`4@XBb z0Ot13GOBSCh?x7T`))W$$YJv#dmNNM{-*5P8ojUm=1!tG?I>+GWIU>#w+kBAafuq@ zwzS1U1rzQ=HmD6AHglEA&0%I`Z;JHzT^t1Tg`_{{+3+%OOO{q~_#~4|K7m;0;d5ZM zF_0};I!14-zS^Ci*W$HvcA!)84X$mDY@??z%ap<6+#49FWF!!$ng{!KOd)HW$J&%} zY*P1)R9_FbofFhiDpebhj%s}K;!4mIikGTEfOKzRl9z!6dGw?X!Gr_Ws`p{c&+=H& z(WvQc%J^HwFfenhxNVeerbPJtlQw0fy)FeVBOn20MMlKd4|kj)r^NWSU!2|=jq3Q~ z*koD5IcVW_A1W>%&+%m3>wv=aiOwC&NDd&1ktiI=+MI9+YSS&UYCLW3@H`unsfU(^ zUgHj*jl?BS2~t50dvT?s#*X+i@D(bW%-Mr@kLYnGpRbk$E0cI*#YiReG6(UwVa-PM z+_b>CFO|pAuBtTiE#5eL%mArNx(R7KzCp&tP~~tYF`3$@>#MIA;z`&zR0Hwn&*X6z zmn5j%W3kyn*=J0m=)tN_j3!+4q5LyS$gg$1h?BmlptufEYSaCunO(?51JA;blVy`~ zQq3$9#8W|!;)RYqYNe!cJ(doznE9A&L4bB51cR?oFDMX?m(uQ#J<&Z{$5`deH{BX| z)SWuBEh8xdj~S9R{B}69_y%$Q??uV`W;jm=+6`QiI3$(Xv%=EG{tA1%OWb2oztxtu z8EW-g;Pf$jq(JATV)|VM-5A}3JDavnhr%Qy*xJ<1Qr3>R3WRCYNiZzfL zlfX?uM|*oNaj^+k!Jm``G4t6bF1^WnZobPky&s{eLFdIrYp-x15lg3kGZ0=Px(-O_ z!y~&}G)55ZS$kjnOkVyrUBcRKRGPHadw9I3Ww}x5TrBbMt<(~N~C$R7O zlJ|5w;3a%j3ENV24|TUN{-WN0DsA{5;A6P~?_ARI90GR<&m27kql0JuAJ2(@LeXVC?vI#3m>q_E8+AmH?NJ^$ZPs;>3+?<(V^#7EEHNev zn4a;bl~R-joQK9tP9gG>)@)5c51H?MoqwP*;a#Ul$w(ofqQJ~FpdDg0 z?S$Z(IrwAgCB`+Ya_73Wv$Mh%ek5foC^8LQ=^Lumzh}@%aKVp8?Lud5aBr4zP4P6H zYAP1*+)xZN$37s-zugZD-&`MA@Hy+rD!8#QBFHRd>(F8nhdK_|gjM2Py4XNH0dWK% zH-|vCXvb>m2eDdP-QX@h_HA&if~S9#u|Jlv?Dcuoqu;_dLG`1ZL=%EVH@~J9Zs_NP zrfxBI&Lf+9{+)o@t_)+J98HD0`wCCzT&w>ylUt2bA$LkT_#%9?j!f-=-42A8C3#FW#g0I%sb3j#;@B51sW?b>oLoN-cV z2+LmOa|0@Eb60NmW?j8E!w1z@H!iV#4;%O-e<&dmGmK)S%TNiXhgDvhel_j^SEzz` zz_%~X7sNi-wn>QtjDPoLKXbn0{N6W?78IRJ`V2u@+ldnb5&?4xM*@;)>WEOD%o8Om zP)s70np1x?gbyw{)rG?xoG(Yjy?%8h1{TQd_Y)GYU3WbB?O|Fl(~?OP_(U`BtC6@N*^Xu3eD-S>z`0&oKNUpz<&4Zw*BZLHt zWV80P8}-{sFhPIzTbDaazYF(PENP!XIdO1P#g{DNXn|0&YH!n`dIM>9ce8#ElVH1= z9SL#r332tbGugz5i$-S3rZm)jVp8a#i&GPD`CmD4QOlvuQ?k{i35F3p&!c0bb_M0m zjNkWG;_DVac0#q{sLudHnmY1~9eoZk=jq^F%Rj0NjZyc{LiiOAm#m4%hImaIC{*`I z3hB5OUm1qIee3Kkz$+Q)xVi8D8mEmh!eKWiNb7o3M~{bj@}znmqiR>)ahvz3##oU0 zv_|#tsb`#_LTY?c>?imYupdQ&4piN+tbogOi%Tq>f#x~Y(5}58s7LxH-SvU3EBG9h2^V=-OFzHzn_(_b@)A`~fo;t^*)K40=E@NB z{g-X&Tedg(JWrsHfbBEpRQ|Iz*`H1Sm0toZe}TO4igbq-yKNbT@IjWosQ^8hR#H z$9}njerzu>4{o26K6~|E;9ZaLpVA6#Vh0|8!oM-U(mg_B*6FY$cN{7b{t8o5oN{^PVDLzhbWKx&@Y z)8fGJo7e5kV()&gFz&-o{*vj*=YzA-xCEq9P%c3F5G+MDZ*nZRk#8tiuf^Kgc$lBP z#LFB%tpus!$_7s@Z;$GWNPW}%|VOEX=UVMt0pd9$(*1|P*mr;tuY2!&^Y1kK`~%p zEV9JVOo3fD1Ou7P-{IWWZfHwF5jpBYazqxLHGZ@Lk@Y&IgOk+p0iQFL6C%*He)pB{ z;X;+M3_RW=^q;y$yW)SkB3cixplT9E_i0@EK06UO=qD3Cz^{$HfQlpY;!P5i^0}!W zoF|oD)e9SL{3PEdOj5w3l9fT2J_6eM zN12a8SjPn{HA{y?Y#rHh%_pUVyy;Xg0NZ-Xde^djobTP=MHZvn0c|6ouZ-!0a;!p* zz4gJPj<^drZN->hEogcvSI)ChXoXP=waob}_UhR7r*BIjMPOOK1Y6^nmHGr`rb0YZ zM5rh2H10PT1ulhU@82cdWmOt^LA+vXcwwFz68h}Ui8r29rsid9{k|kC_FEO!`woj~&1?wHY)U;Si3A2|Xe@6jI zLo941 zFI2sN*u>sa3m-FZ$|mbv`;1qTH#&h{aJOEO3AhU31S*OZq7e^GqIvU<)x(w8-rQ1(k6ZVT=Fr$YIe%2(Ik{-ym1D`2+?q7P|(O@6m`nH6oRb zd7B`sW@kma=3>{JwmY#U6@yhpk@a0Zx5H^q{sOfqK6r{suwt93X5T$wsjFU1ocs6JrHQ&c$Dh1g-EtDM#xfJ~jZb=0mCQyxSd zlUetH)`CWq*U9E9E*Q<^XE?l-C1?Jfg3~WwIS5X(WZeg)YQ&pAZvD~-dzD)C!pce$ zoFl@TkV+97!BMLqlsM%&veSd;R>V4--*e%lQo4n`j2bj|35m&5#8x9n8elUfsy4-D z7D0Km-k*`r)1?OYDDO&$bVe!A>3#{UjUq^=W5ye>b=kfUVWvK0e%CJ$l!i5Ih8H?= z44DAq%}Lib_YXQ0jia$Vn7cUxAru5be+5L;>ukn)1P#|Nfg6RXzWVXbO6SAWpr{?& zaJ47-xG&FqjTR?*GpX*qei=8BZ;U*w3_KTvP@snT@HB&dC>JHEc>qQYVcGp)VQsaf zd_A)p7VD>wpWteOOn$BZ04lW&miX_$fG!mfVSJ&IFofaDerKSaOCjzt_GzuT^CDxZ z%s|&F6hZuiS#2snQmS8!KKZ6bj8;WGIZK8t;=hOl#>X4Y&~zAP8c;_IA%8E#o8VsY zg`?i`^QSm%)G6jDb`18)6(<+sBsj-^uKGD`X+T12B=|@F)2It_M8Q@Wr+I}{IJabE zQbvJOJ9U)jpk5GUu z(qKYopCgU$Pj*Vcowl29-+%b_0)ox3)1h_KM4^K5e8BfZ!HaG{F%G0HW7x0@#V*;i zr!fVnYC?Xo)60?)W@`(l&>jq+C_MrD+p)a?+LfCmg6B;;1Ui)Q!Nv1C5EX1FgaZZD z#>O%wbgBeY@2m>k?ka(LU9f6K199l(Z>o4RulWl4dKMj?dEq!vWXM_A{uz3^H&0@+ zdJ~tEvE%XgpUkc`P zY(MSO<#PU+98qFgfaZ)qbdB1^ z1Ho(&aO1G=-r3q(I&zqoV}~tLVmt{NsaHufki21R3=^WM&1}=kKNREpl&I%Jo`bn? z%4l#r&IUn6^D&PGO|=&3O~uofHC9^m;VaSBs)g+Q2?ws<_SUcf7a)w7h*aW3uZ8*O zCO{iX;~^>mh->R(SN1sB=4x#nW}rG<&3?yQIr6?OzN*IShbsv;RDr!aI0ODY%pRcd ztxC^y(_$rQVmT?$Ta|J#+A%Zlr)s`e8|{G|*-9vRR-b^9fE|wL zad!CZ#^jh_QEU$K21EtOz2c7&X)@(*oQ|w&;JsLAogKhyCn}Nv|5SI^*ii;!ydQz4 z=?4Ram4hys|HMFgPPNq*MWst+#A&GuTY0sS+K{n#tm%X=e(e^H-VE#QFn z`(Zu5`VgaV#DMjj9w4yIKqNvu{G8m&m%17oOvdNtB`OoH(pR4Fyu7(#ye+=Zh4Sj_ z9Ubfzch$8B%vBgvy7p!2>#jaNNy~#>;_O53P0sab`PaCGkNd*kce^?9d5Uc4%Jr6h zYewAdS%@HY;kq>~Hp>Xj2aQ{wc|yA2PW#aJc%hl!o?k})Zf^&>o9>$%FrWOc38=St zyb=IQpYubEv0fFse)E8q#37~@!c@AfsnCTV!t}#M1vE`tj`|xE)qU>`%I1L>s+2_i zw}D371I-3si;)qooZ!Oh_8SM2Hn*N^1a@T23XrlOGGep%S?nEk{D_zbZ%XXKXu)=X z7zi7U8TvxF=H$Boknxvyl&+z#QpD(in;S2=*)&iQ-+FsYX>+4E#DBA0A94?$g>y$( zFA3boMm%-xfX^O`XCUqbbx)F)VpbzA_RBt5YKVQ8Vl!fJ<9>2Ss+pJi4*~t!*hVmi ze;+~sm`iLbX_$7~`BULX7nKn-OfIah(_eRcttpl3QB7mwW%p;ZZb#y7&xHBPAt!Cxfg^(Rmbs^GTDgTP|&sBbUyMz5yAiN>AQX zXY5*|P+SW+ga|Vz;j;TL5O(Yd&I-oWl-#FF;<84}onz5BsdRluu4NFe_6}|Cv?JJ> z?h1cZr!4uR&3@t&H8nr&Yug;s!$fc*l*Stxy+$rg1JDwC;V^*Jc1uQ+%Xr3zVjgNf z1ApBZH8*#*K_^Vqv1ziw=aJgPV!b)>%9;)cmgiaw?8&=|B?F-SRS8sb+_YZ({C?Ad zSZQ<8E`=AbqpNcqHF#?l36d-TXiYw|N4*XP5 z;836PPSGMKC62Bj#bs-=kfE`a(a=>JQl3#{KIjQC>`PVf1>D^!z?R|!$epic-wozP zeSSW_$}*$>)3NEBYrcAFb*&qT%hru2@1MSrJY-f~jDU8dN{1#Eju0&gI73wQM_}cp z?c_p}o}AlnYq7p&HQahzrF4Is^T{ahW3D%F&2Q8zMI-wmWYW6HW|(NiiZ1eCv+30; ze=1_CQ^5ukQ23=P?)Gz+Hz_PzLF@IB8n7EYZd-byn3ornjPa@8tC`l<_9Mg(h%c^| z29}9O%jC34pLgu=POB_fS~O~2Y`J_nwZPEcO7of5NF{*?{|4uRj)rGK(eVQSdlzSI zgC-uxyj)|VUFxjuTH*wKuB$Xh-()x(t2h1G&}S!dh!+#m(9*{hpRL|&>4GuE_Q7ve zL1bKuoELpc!){0x?Y`d63ht0H!IO%S;fO|Gxc>T z3`jbD;Sj!uPTR%I%~jgI)e3OOQOpx7KZ1}YemJfMaMSLvBskT^i+|ty$3y9-oQ>BnG>q=aTi)T?5WD7(>LSh~7NRuk-qZrN`@f@ugN!CY90_12+Sh>An4 z$?nhBy(X@&rkbWLEH$bjP?6qQ(J?kqqhoYiBY!NPQ zbC`6?h6iO9;dO->Z0e5(9_G##=pRm)){agjdEl-kBcfvtfvO91W;{78Ge2Tj{1khLfwc_n&j)xh6tRw%*ygDw5>3{Iifj;#L?>zc zAHC{iI9Cpyu)adz<|2a#Ob1_AMT%cpb$RI*J6`Kly4;gh-D$oOuxl@TnJ>mN&hlNk zLbpDx$Fg=_;5t`4U>6|1uZPa%NAs6gjIAH2KbrQo^xWBqew?nusj}2KuJPs}v8)zH z&z0!I`T3A5K0#(n7@(x>2waM3V!#G6^mJ-kx{(ZiWFF=v3&x#v$WO>1p=7{9FCK3U zB@33rUPa8vW?OZkuUgEyyB=|8%O4129^M@FjKA6$OQ9o2k|L6SyG&-#g_9NE(rJSt z-&>~wn*PQ_K5sm;lc!6cadWn|+2W@=bst^bcrOUL-FHmWlB&39uVC0pwa}#yt&)H* zP^54{Oe~yWywT&el`f*?yYA~jjN5j&aHgcgPntz-Upq!lw|* zP7e5}mJhnN58EkTK_$86KPO-7?IJ-rH)vN2$@UDl-hAPmeRk&J4~ArRd_gype=^1i zH%8$DSMr|uv)S4=Vy;9i6heJjlWnoC-=Ft z;!Lqb)&2r-LN30t+Hz&*SjA<#&%KSiO_TjBi%y-nH$32J-hxatdK3=rKM+97MW3re zSf=)IT2&@H;_wxhKEHHzM;Q*$O}R^7EHsbRr9Izmwug4z75XHpGtZ{}nTv#Q6U+2* ztuZ=Mi4(_!&8YMTA|_>8x|+MEeOlV{EV&*vzZxU?qUA#=+8mT4D|Yv6)OLSJ9q6yK zVuBTLM%bki?9huLj_i5Pv(!b!?ZaV)uCmwFzAY4-Y$!S9`A)+E zh!Z|XF#u8RXENPMQ*EwZvUlMJd^Ykmyyj_S&FiCU4?%LzSYAK9S($N847oMcn7lBx zgve+vu52!?*vVdbmzid*vFI(xvHxC?5#}im_AF}M=7V**eB%mVqlDPOLlQ#R6}1qS ziVNQeQZwI28Us@mCE4CQX~~v1w{<(>oO>a0ywrZ) zQ5?t`T|>RaX`*>ouQttz+XlwR>jhS$)dvL=Z`IJb}d!b@8m$H!}e8VF?3BMEgI0$`ZK(JD@_Y zC2+BL3*TWCXK|Oo)f=a$R~$Jxzwp8unx`7ENniQh`4?@|5XvV~4)}F{gLCus_79~^aT~2h{V-yF;HH9+5vJKwaYnZN9%@StXW)f z95UNOEYkhxi}?L{iLX0)*Huavl@u%OQzaX2du5G!gtf(p1l0h_<9&U=A?BY9$H@LQ zzZa{9Td(`L!{+24G!OZRReW9l5MC7eGOGZDUU12LtZyA*JI%ohmCje{@3*!X2k`V+}DbcIBRePDx=Z(KW z_v^#Aeroca0IB9e+Lh7{&vg#{UKB+nvfX_-+Y&1yth+Q}IV~>3mNDrX%ox;FO*!tW zZ!q(oN-iTer`OhPaNi^QnClf6d8g*NIaUpc-0lzI^sl_1)o+{yMI|}qam-}*&Z{>x z^REllDIv^SFAAab@W!-+FMAw0RDb3I=bx&mt-_4T1&m}ef z3uI8`$Bgk^$rJAHq$&uW3Hd5zpf+2Q2_(1xv~H|oP_c!%uFunItuhOf zz2T{X(TsH6;3?R^wyAtr{j7?CsfVB&F| ziOmx`N0Ag3us<2O**&5`1Kcj+%UhK}zuVxUkj04JY^J#Iv2}N1e?i3nnOAFfn#S{A z!mr8ErZ&wno7|4#c*B+PhW!rEPcVWW?3jp%7P;76yuf4RSF@a+0B;QPw@#bMJ#qp4Z+V^CFoi zE*KID4gIca%)1T>I3kB|bX6$$~YwrrC#mMa}%!yBexDW zd)y@=XgAScLT?hSG4B_r_Y+d2IE_ z`#Q74qn-zS(dD>v8mR=heS|P{Iv{FaDbciG69G{(ODUYg665O#c3f zp}jvQ!&76KbYQV^Ytel_ABlH|zv7~IBM4zff`wLhMr+i)I7=QsOgh%UeQ#jQztzG* zTSvxjdqa0+{sX`QfDRtT!zhEfzgaih=erj}*?E?BZZm{0Evv)#?5H-=6(3Obui6hi zAKp8@P^`sZ&C@swb93c_@8YPNv3?~MyRsPY*UZ)1th4Q=6so#>Vu|^r?h?;FZm0F} z^PE1=ZJ42^K}-y~bK*?!nS@LJ=Y20bup#{fUi4~4$+E=)W74$%uBGaCoyv8n#>vZ+ z+OK&)8~P9jtTCEwT|J4wUfM?!7cAz~&9jT_ZC`F*&By0wb{RhZMAgDKTQG2xK;m~x8$;;l@M%2jRUgrVFQ!EglW%+8ceZ+X zv*-C$tKxHYh%CA^8DfX>GeYI%V)m@bu~XAVvl}Py=>0jpgB3BpRMv+!hl4C#7s)kU zoAYgY#c;G$!DFz-iQY=_%h-wjpR2KGMoV+uIbagJ;;dc9qvhbvHgucOurDh`;<+1} z2AK;(jo*C~Sv)~5cs7K!^I9c#t^c-qxVJ(st4pqeCM?iNpfzvu6>Sw%A`V0{Cd7R~ z?W?ZPrJr6%KS2B84@3HW1bA0|y60A@a1LGL);Tvttj)QIu@S0B`-3LK#`3Tlk1-E> zsPM)S)$T74D@63%0_Tr*=yj(y_aC2{+P>E`=S|kFeS6EUt5gQMt1}mwu22a(ygB9EAbwVc+6&IcHA(8Hg_2(xEQ|m5%k?Hh)`lv~QQ>-Z1Js zh3h~n@TP-qfW$x|8#ox6s+($O3Y&I<@H^l^XuBg+CVUqiQAMYkPi++K60WGYIA%!< zL=o9q-|-l}Xu$+F#)$w9Wxw5O=x~PUZKP|0)sz8Hl3^S(Zuk~Q&RKRwjnFaw%i&|3LJxi;twE^Ro0~xQgP@kTp1&E4oHyNcC zE~VaxeHc+l=Sk(w)o9&Y%Sadx1_4Y$MNu@*KzmC(1YGu2tCGrCh_q)*Myyq%lcHf>uzm6U$6?-$DQ z?0LBQuz$7nQbgb6GGW5lN<41&j)EDA;V>7Wef>}+jN{!yE7Qu!Kni$h3y6E=MN>o+j4 zgF@iPnxdjyjz|WdMvuCBGu1sodfg++U;C2ul(8sT3Vhz4^b4i(MM{jhsF)18-H z*MsEXTSWq4GVZLoI-`2c$IrM&`HI6#O{9A`Dpu`@79U(~v+y>0$O6#e&`^LRAT)vT zsYi3>!*$8AA$_q3Fx|4FF_n8rpqFBvfsub#wD!h&+6zD_XxTdrwb={#0s=k)DY23lq7YP)Z?5y^lM$qB|Vc3!{ZV zu*GPYHrgQ>XIPANzlToTY>I*w>}osrBJQmzbcno-Be{QEFxWGYq`(eaIESkz!5qO< z*p~a)YP7<@2Qw_ObvG(0WzneM`9^?vw_5b7Jl!sP)(cC&H_k63 ztrN^(ag9fHi~f~^#;i4|0#HhrQ^O12k!C@T!tvn!F!RN?=R!DH0Biv|3O)a69m2T# z70BJWrmkB7sEO^J(`U4lYi()TIn8pz=N2{@^vkDpybgqZz%<4oL5Z|CPkN?g&gTxX z@l2!aj2Ls{slR+4nx%8 z6U{)^{S+woLNHmt;ehMMB_Fu+xSy-+uh|c^yiGc*c2WTE!72#d#}4&-QXenQ(3vd{ zrmILwd#YcLQdeWPvs1jHPQrPqHl@b9T3i)h50NN!ob$yn)?-=sY#Ap-B*fe{$7w-& zSn_l7?tobc1tJH!=ye|(eKGThX3<|iNYVu+d+o!)A+JyJsQA{qO5)aQ)-S&w$4y35 zlnM)6{;{&8`*v%~``xS@^Gf;9VKQj41<;{y%M&l+0+|ko*OO!AIHj?H4gfK2B1*>Gq@WeGf4XCjVWI_5HXq4- zV(8sKdWamn?x7Tg2%@<9MIR$L%h9!ngX)^MRm)%bQ;Qs%8z?fSpA(-YciZuCnsSv} zMJR?Y8GkbpdiCN%|IDVRcbiyo%_l)mw`}v4!^WB>hbYvK;usTuuNxKb<~*kT_|Gs- zU0DNuH8Dpx(`tw;_A0zOWGD-zT-+DvdD@b9moqp&MC?Vy<+IHc)NPQY4m};v2VtJ0 zO5_uHfxjNcAqF9KOBH1JM z-WgA3zQ7rvvw9L;bg^MYW=;f&S?NTh>3v51{8u9)o2lHjcCl`s0)eF}+VN+VzKSUDXV#ryi5 z8XnI3Y}Y;eX3($WS;*M7qbXeJd|-PnHP8rf78k?0B7K7;zI1-WoTzcdfJ*Awo|%2zj~ZC06y@uTMxk+c=&_0vJZvD_scphWK1G!7w(;D$t}d3 zbWU=4N_A`Nn;y9f-YS4L->G(DZY`N-KNZSaI_~=eL>28{=9F3nwLAd(}KG zT0306J0_^wc&l63KExV@zn2=Yl{p9C+hRZ11ZBpoMqSVA)F|UnMFacDw1=ePZLim< zhBn-%HnIh|&0|b7*|@!J{j^Izw4ISg z5qip$`XWV3O9Ro%1EiAX)1J^bfd?IsM_&lnzgf{uHU_dNu`hlr5Kh!FJqhAi78+r_ zD0!hLG9jdrJIY=>g|YMV>dngNQf<$BdfSltG>_(_)6TB#rkd|s_x(20a&OP_pKY>u z);Ot_TU(0S9abONbon&!8$4_L99>TAHu=T2 zPUP-491-yTAx;5t>P76)(6MsK?%LJPr!Qn^>PQ#tXrqNMw!E<<4sbkFvoz)vJEVZB z+^UQo5Soq;f9$c*V6oT~9ORZ}43pH9Zu7qNq1^{{_?k86h5mNC@1%m~j{Qz(A(!(_cFO}w?sN>5sRUHjC{3`RN_;X}@%mJ*uQ`4wIkLBQrSl@%uipi= zjld+@mDDCfcqpsO96d+l6_Q)}>z7sOix>2!x5%|XAW2vP@svvhw zY+FX*u+HoTovGOlnMs>+qjIaFf}(ftSmWY1Gl2TRae8u(gKiS~93W_*1Q!3E0rFpS zb>{q+k_ddPui(5&aI&c2e59q-#3NYabSG4DO{>|ZW9Vc{!+11OLo_Od@%tlP=gog< zovyX2w*PKDue$XMRNHpnPe~l`VBEk0meTj4lVPZLIe;3ukieD>Z^4su0`#I@Pj`Y? z_m_ea^uARo6Y6B>wtGL6Y=*zL-_4K+01(D0#1qvDUEun_Ba1wMEf61>Wev?1l9Eb zW7)a?UxV0;`D(FDy?`Tzx9%1H2*6x@vlZ3VFDW>L5pqfi# zK8=Rc<+t6lsV7D!)K9A~<=z_e9J35KbB0|3gk=^@+hI%;L!paTF1q}3tYN&XwrO+%JSW+M5*RG5#;9=;+(agGs<&a z@MrqX7=Z|sV!1wMM)j#pO-{|Nlw_{IPhC{QZ;T(yT7EqqV(IDWscHW!(1!jW!8ZT* zeK!WoQfPX!VVEIIWO5E*{9=8;wf3Mpqthvwz~)X@AF?~|v}>ItR?_FO$aXN_|`0IOVg472R0YLJGFq(6*Vh1# zB@{Rr;)-U{$i`^v4t>};adz^!F4O5+GQg`BKwe*YLzstgc_KZ*rubzB{a+C0_O6=ru7FI;K6Xpw0b8s^lZR5=iD=NJR)fFl9 zIF4VS>zk!`z$s}m(Ne}s3Gj(c^_(Uw{sMg)tjR8^9mGF~?hOb0+dthrQq(NiITd&E z^Vl5aloJEIwn;qclcFkswcZ9kad!R-G^`(jmYLQwdUv~ah(IKp`uU%KBpveaeo+Ut zPXGveL{5H$?h_y==G9Oi^yKsxD5VIfJ01Vsxl2hwd|w0bzpP&@Ui*1I?m)Q8MIAD+ zM!1&_=uZp(>8vI@PMmt;=ocuIF)L*6NFIuP2$BB<0*9QD>k{~r|LLsV`9`M#7)Ah@ zSpt&SKEBN!2|GMUXuJT{Q%r|Q{iK3W@UJiUv+-LcnPqQ#j`UbED|*aU)Zhl6NB1xbQqCKO@iA1mIxbvAtAWJ2wt^0AqrYu_dJOY+Z~ zHLturR`a!GbEt9`mxC%=z`KjphUU;8t_Go{>qloyqTqvCLW1*7( zmJF4W|Dmg!jp@^Dej4`F){CYlbSx(9;kT|=&526yk3H@#`#W>%cbt6|Mm$&^aZh*H; zcl6=RdV%m<6*g~kN(foo^|fL64AI8IQI+cp)9U>bS3c&4xSah0Jv%{W;Eoysg54C$ z*4Pwh#yw73kF*C?d*1HO7>_Hl;A=u0#F??-eZ8x!=&lS*Wra@WT;>SXr^W`27Znt} z6_=HY$ba5W*LJ&EP!Cw}++pgyO`4BLrd<(D$|_zO@d@yRzkL>Ut!+7yvL7VX!(Z~n zXH2+%krRs0CWpIyUoo3w+f#T&A~JV+i8r?A$tB8!OT%P&s@yV;fBSpdWFLQ0oyOvH zgQ#Dxn=v}l7b0wIQ30c1qBQ0 zsW?<^3}C9?lN_1H4XDgc24z{Ts?O!iXhn|i^Rm7E%$=lsi6_N&@uu=OwV>$xbKgVg zoEWo#xXPm^Gu}(s%s}%FCq@(d*g?b8nG|JAerYS~Yvb`OXj9AnN-4IylPLg+=f7jf z=g6Ve)}m?HOz-kOYQaQ~goSADo5y#Cv4h;)ckPkO=#MUxuF?&|@ar0{-5eZvZ#*K^ z6aaatXuDm^7T!L(96W2?FrNf5$RkJ9CP^4DZc7@~-lM>!-wTuYsPe!7)p z{*3QU&!*qSTtwp3)o^NFyItYs=RO?Z$J6VxjeBq0s%i>M*V`iJH0)w~?7V&WOigu^ z$w<7kOIj`*Fr2)yZd%))1;>#^AOOiqbBW!Ruy*C=wxV@6+66Js{5%LBx|2z0Q-K%H zM1G_8Rs`ax&!skI8pqo_UtNs$Y2GFC?#pNCWX42MQpvW~Y0yWObhQcfaXmM;hOBN<^~F4x4tLoJxuhF;vS-vc zVBDM>M4Cw@HR#A;wi?d5iNmA9O~z|=0kfew%dv7Lwoa7$+v6GB%Jb@ zuX4VM1zl5B-x}BqIG-O~f(5Isw2pgCGap&Yn-J#L8jOk&jVQ~kPES2ECe`1x_i-S~J- z%{1BQ*@dtXUeINkEie_pK?S5rTueTujpEV4V)cN$&v2z0l)37wG0rh1KP8*07GO&$ zG47$72lrY67OA_yOb?>hvl2v0VG^)BsF#>KQh*y%m3RD(o-Lz)+SWIopm|5pDN{Z3 z2FcJDFZ`va+@IX3iCgdH!s%fH(Z&zb&9Q#93odgnT9X_a)4lF(xKUhZSA4F{Eg7!r z2aI1Jp5^aft!KC(IE6L4IYbt!pQxx6P}*EhnrDa`YEYMG%x~WB@!`4HF!TVlf1{QK z`}SM~!iZJy;fU@}W;FSBny$vLrAB9A$^12i{o@7A8~VybaqH{I{F;UyuB(bfXk9he z5cpPyU9E|_Kn8Dfnwx}X=n}6=bYh+I;yOF~_fiL!uoXRnY8g?5M}aZ>V(;4mO&>~C zNs2@X8du!X_pLjmrm`#|QVsCUMHj+rDiKHYSjHh!~h zQVLv&R<0NrJ%k9Abw9d4gtnxQ_%(0xvXs)KVRJg7EefmgCtEMHz4g&4!GNf1f z=O|AC`SD09ou4-v%_#(Z*y3lEY&D%I?Tug4Q?=c@uy#Y9L+UPDqmf)RM5WNbMR^*h z3tuYkn)+exc({M~=*owWl2PhJp-(Q!ZxEYH|AS7i-#pW}H=2{9pj9T&+F)lMQ60Rz!lu@F5t&E?(7ph|z)9g(I=56XIcwx8IAs8j~q zvjQJJ3Xnm>l2WpY(cd)$TpwMm|$R=Xpgxxx)z%-~S>x|7Z2r z|JeP%gL=?hUtxa>>ghX|0}d&|)4ULjF0=)oj)69AuZ>PL89dwAf3=cq_0KUushX(( zYuDc8_V`;kke*{b=U{FL)^5%|KJ+E2dUQ8RlRc6orJ@LR8Bvb48DOPJz=5A4YALPw z2pJXkS{So#R8@-TPKLgyB02?qA;r_bWq2U^SUV3BBumlC+u1}uy;Kx8)z5CH^NpC`< zUeJ0(2Dyt0>8A+N+55Qo?&Ui(*FW(XxegCenB<_^J*ny%XvvaxfS!FNsC$T_uH#i>QZB1r7dl&8f(_{9r z?y=q044qs+hhpxUpn}|C&$xuyDm6Cjw{Z&N&)oTlrdvO5HM%}Ps&_li&JTAtk=wmG zG92ah8DU{ZIW2^J{oBjqW{i6ncXo!c1y1bI)k-+LCSI4CcJlF!TaPKsR0~%ZZmw;D&o=}%ISabTi)XIuR)hPXw zu+~?ULut2xWi%>oVyej!Y(6dWBUk9Dhg}GXvC;GmZcWNh9LyJp`UJ^RsI32fY5(au z|33N8nCySMzZMANh#>&pn?M+c5!V6?IG`t#CxD0of`{!x8}X$|1goHmLM8!Q{{5Ff z==Jpf4`P-i(`VrVd449yM6HfC@`?&cO@UC*uH%IV!lFOAu1N<#?uuVa*N(a@X12>u zH?Yx9p%A6L6bkx2@n8ZK9gmYku2Fr(!g`rT${l~Ev52}AQkDw|)AN#%_fZykl05+J z{Izsd=sBBtpEm5&St|2wmKo)(@ET=uBZVx9mh+=|xb0irX>exP5CoLdKN_AFSrHGV z#hPAAH*7ez)4k?EloHE9;`yS_chI#c^o4)vlRK<`o1+*sn?&VhE>4;45<$=bqt9*i zr0!G8#hkR(s7WQ*hl)+A{)-x>-!9Iy_;|uq8f+D~Ap|(UTP)ka=i=-|?us}Ml7hb@KA>(@%b=?f$rBa-TBpV0&$aRN`I-L)}Duoeooy zMtR+MZ`?^tH!!K^AiUSeuFoo?eY)StnEswH^y2jm+)jK0_`2s5gs`*3WIEr--L-RA90)voMpZCb}GB zorT_>y>O(@4T!vabU>Yrf^NpX1=VTjRy(4M8ljMjWh`B zyzi=ggn5}ZRo#jVeBx?tL3f!Q$vzz^KaPvT%>MM__u*mlQn1#2J2z<+fIN!(1)}a| zTI%ycuJ|r#FcD=lZ>;c6y&6QM^w;u)rKZvUsHP!-sGxNF6GfY##Cwd3T?ODQp1b{u zx-%lFb;b#)!<6q+hpVlq+lzlhlZ~v7uLTdfFsROAgj}FavxI~3@wnp&4xB625H)@* zsxZXK(>N{8Z|L3p?l&yyghr;xe(SkO z;;>9Ux-gNxXuh(D7hl}Un^IiPnh*4;uUGYVD?WdKBcD>dzsfKJu_^5<8xmHzPC(}; zsk&Buun=OtQoerZk>vGdzTVn-(duo9cD1wI3v(w7Dks*hI8~oMQVjvf`YDpU-aTus z4)53B#568$E$&qQ^ph-(&wre=Fs9&cpW7A4N^hKiHOE9^#gUc)5Ggp6VZqATjbQPJ zmRHSz_*QK3eN!E9t65ieDQ#r+J&TNW#JTkRmLa98(BxJjAK%6_EaNR{oVIgPm0)O4HY%ouUS;Ix71 z_>$uZHe!G^viohRS*TrGn+Ll~>pEp#QFQ3W_kw=TBdU(k(h0PYSm+ zU(m1@il!V+zb;jFXh56vQjd}^VA?026w%_OAZ}cz%b>=PCu4T4;Eq+?jT)~P z|ANl%->W-81)b6T!93?oIDRg)NeE!V|NCFaXQ>Io$O&NX{2_Q6^X~jC08?vK@!HIo z&JO^}{xTyZqx~m@Z0iZ2FDf(wLQdTAOqMryEU)f-gYoc+{y$-ke@(l8bq;YLL3OhS zdUF6`Hi_R&`{W>R3Y3|k3BuT;TuETn93B1z>IR<+&2tDko!pcFf2aX(Z-lII;WMsH z{rx74@TuiS>F3@-F3kO3pp#?p(HbBeRR6ap=CAesg`YG3??0GzE`%fmtK)&EvS74A z?{%|2NqRI4h|lFAU;+Qj3WNH$Iu8L{DKzBAo=%*_XKI?h5AIEmcZEwyTh}P%ezFD$ z*F82LbGDD|h|tnL(5dPXs-F1STxs|>br!cER)L^8s(bG83slJ3?z{#0XPK6^b>hzq znn*w=Y5Mwi567UTKkbdT(QTb-GWW09KSVe>gxk@u*SGcw3$BM#Uy|`HcQ(s}7Vey~ z)>L{h6z3LcOP_rH$P*{cVsEbq0*&xjurH5hc|4edEOD`!k5m&z2-l)@S_6K7Uzx3} z$1SSc@C`*B9@FU1cMXDd~eO*rrErJ%Qp@u_gF z0~J7!O8n_K1Yv`*ZVq58R{aHf903dV^+x&z8mb`fWqvGlwst~W#{f2F2g%L&_|8tp58diF$NPdqw(*2gdkO1HgheYMlwY`#0%4+C2pcBtOW>TY!D;c~J}h-jiP*F8 zkqoeE9G%=;zxJcHqtR9CKuH+Q2*uZ9*6M?z34CjI$FK(6*Z7c{p(ETc5Nu|DP#6i= zbC}&I#g~WJx0a};vi<_~FBlO414XTIm&&nQJnNfSv>$37lZsDQ;sxw~P$7MZk9E4x z4Dd{?8#Z4K57=}3R~>{!<~*)vB(k)<@JGHQUq2uS1y8N93D(q8WAhb!=qZ^~Kyn=RE~F2Zca%Vpdc|6&^RaU=XP zLW$l#0yEo*C4+;RakuMH88wmlSl?bMxw|tqZ8?u;tG)LOUVXN`S6{gNCjKL{?U|{c zY=AUGxDawvcYzJ*5FbpBy=sWEkFR!m`O5cXw= zQ5}}uoSfmqRDP=dktXh^?%+}6B2E7aD_LW-N#y6u4_C(AJxCHM(Hk}|O!dN>NjLkR zI4~f=O|?BxQrtt7K#Zabq9fPL0R@X{GS3l}W!sL>cF740D2WSr^3Xk%i&-JG2NW(z zJ+$wHLiR%`U=9;B{vm^mTNCE(fn7S7nLO83j9&&1_Y)owRk`>7i?;U+YAS4_ML`rq zs#F01Y0`U>me^<_q9VOS1f&x>K|?~3-UI{$1f+>dlU_}vE4@icfRG?XYN8SYgn0IM z=gj$Y&&>VK+JG%QP-JMN_^mTv8&wKSZ^b`kriU@$XpG(nl_}&C9P3>93%15(7xXxt{B;sg`BkK7Y@6)Cg8DLK59;A+ijWuqsofNKCh8t4NU> z#pH0rg%abAte-7>snv$u8b+Ed%1dFPnb+BxRR%n>HxOl8k!eJZzJiGt08S{>CnDD2 zP-|>H>8rRenQoZFpdkNCGVxC5pi1)U%bpud1&70w=c_|WKTh+&fF+tPbg%_&evf>p z0rMrKIyw#newYX}sBMxB%uwRwNu|EVrpxaO4x2foiSSlYnThcwq=bIl<og)~{w65dliDVwC{_|LDxknB$#^c*4- zUmALS@P6j2FmI!^g;pBPm3rkuom@5@%BL-eHXi^E>4`&RFBIuAjg?s0VL>t1T=3g0 z-X~l&%s$Z_6H7NbWB6DyGs-fH-Rh3np$8zpLTVy=lJ<*B&Y>7_5xE$p49S=tU!}b) zJ)V$wV>QRy(aRP2W?TcyuNx+=HaEZW9|#Q|1H05G0CNZMm!BwE%Fx}WIruG-{DbeI z!rt5DWofUxz3l5^M}3IRzrJ`~_c3?cXtBU^cOVa)X#6b587wN_vR@*4ao_rF@ote4 z!`xaU^-Uo0>iPs}J;Tyb`O8Gc3jb-QzWfK;1X5&eHsm>=9PiD)_ttU9RkL4rqbO8w zf+u(HLT7?UX8PriQNxw7308;7i>L!jqI48Wjy5aG+q_fD4i@kZ2T2J&A1G|s@VT~t zsg`CMbq~A1uBO#S-yVdj-#=?lnOZH0#x)J?=Deq{SWoXByp2@+Q>3M%xTcM%YY7xm zP^;@ z#>3^W*Ttg6OxSuZ)<7Q9rXo(u(H_F0gp4omvYpzA`h zc@ke?Kicu;cKDEDuczpiYc=c~`y?!vUu%}pU*2HHl`1*_{OIEq(?|r}WEJyaf=a+51 zpf7=a&=;uBC=Y^(&sX1-eB3VKghMZQse4W@jB$IJ>YUlDs|>Ym9TNGol0ICq?<=Eu zEDh-N^uDBUd_i0$8g`>X5F*pQA*!oiXIh0ODq*lhsA?9W3lD)V zk~gh8rVt`9vzvg44#CINygQE;ILgN%v+klwuo+r$Iu*E|akiT@-)pY@B@dxNoZqeT zs;0^{o5rD&+>-~C_8&5O&aGlc7*@^;Bpm;Jne))}2XDRm_dlL_Q6hHmprWo@D+~a;%gR*xjST_E{uZ^1}Q0i_-|A> zzie~xV*Q2NWSpNv?`=Qso7x{}ItVL;^TB0{V!~}b=7uOXswu^Fa6dq5V}8`9kA3@ ztN7!!TeyI8&e0Sx!}>cynNmoG5mA}=G3dQkigEeyid@%sjU(UE7&7)=@}Ll`*y@a_ zh`Yk0APK#OU!O!P5%QCYR2zJxYwx`8L$)WqI~F-n-yU@)mAR%<*rv8e6dm?;l94=p{|)LLVV*f*d(m zvW8B!A2>)}pMK=qVfMW6wcGQ%ZoP76?;*eM0E@iWSjBfh_Rf(sI{WVv9VvZQm1}xH+N*H&k z;E1aoSCd1&c5`-04Ph-Gs_Z`K`ugj3wU+1@yW7M#JwkqoDn{a3Bb%STqKPh1JsZB) zx12Yu%hYTwIFFX>Nq@=DDODsJLVYZt2r4ufCU_ad(X3cy z>-{Vcm26=2G<&q`*FxNitLnL>igKe%kLO2p4`R?>3us?aW-t4Mem@Z;?>D@BM{Ve% zDOU$iU%rU5FE!Cd;l3}A)-nce&NaF|FEZZaB}w$EA{IK?Q`W|~{?QHc6<;J`mSN$2 zf_|l+i-BTOH+5}ORdhL%xA7<+*|i=|*T##b>XDdwMUzCETT?#ltXw4V_d=6_L3FTG zYku%$zTD2k)NkS_vh4(>yJDqJ#O{lv`jPQS_L@T1qV+Dd?O{a%^(%jM`;7ySagmRxX2~$$gZ(wS%~@Pgsh0->tSuO}(z$ zw!4R5&WdmHX6%!^qYs#jL$^)*Z$}p zxde*llO0S}jWah2)U>bBKT>f_?XU}@&}R)0t|$+5ay(8MMEs|ae9=?TyHP3`B7s-WA50+g8g5Lt$+X8OiQXLq)0GV zyt?Lo<2p9+GdsT%CDlQ?-miHFI*~* zx!)Moi;DO^FD7LSV;daS)(;XvT(lmL05Pnsy7n`<(zO)kb03|AniOkozdtW8bldh$ z5>#j)XZ+7M;T!cJl0`pq@xX>+?z)=60~a9KBp|pPQ+xpNcdvK1SRD34FGAwwrUx5e zijM1H9{2M^4p^AgBgT>3EjWtwcpP!sTccaog?{!T$_i!sjR>94|G+B<} z<*Jb?W?}$><-peuOvDP-_d@7ApP?$(4tRdW)L;`0+B#F#S^v3pBXRM4#4-ZP9%M$Nu2*wv5A(eX~-fg!z11Ec-TM}MBDsd_A|HB$!l)s4_+`aWDN=Qjy|dl zY@0m2SC%Y)22hQ8%c{(?~3|VGx7IRuj7?Cx%$(tz$%7Lx&?*UZA+WJee`PUu zG|f$StZ1m=8a%OkZFE9Tr&k!-oH!46IIRODu7?Q9akR^#7d$&5G2IRyy(H|uzb!V( z6^cj=BRBM23~;-B^Y@*;vnJ6uUj}deqhq1z0@mgLEHEhKXMt}?+sG#(Z#Ne1Vcu1` zeL}UpH&NvYLwTyzJlMBUczaovqb=w{`3XNDtpiy@pXMMr0bL$1tB)41onyPLNYJ(U zerSr|K`(f5+knHOjdBH|f zQ~HEga`2GEf&y5^P0|?$^9bMHoteQt(l4`2>e6v?dwP#N;@qV_P?$eVkS55vB#S+% zGOxd3hzrfcCD6smdZjg=u7+~-$u?FIaK zjB6>hF%vy_(LENIs{U@jGZ@oY*|S+=SH56-;c`G*?{@lWX4U);m}Cl}RZI0O z{@9+vf&jOM^4(vm+Rvtpkzb_Kl< zs%O*T^`tXN>S%48oHqL>OG|<-O4q=0sMBJ%>ckRwiv}P(E*%X-ivb5exgCr7@)(D9 zzk}xXyJ`-1#f)F_sp+LM#4SeMkc#+^YCCVpK`O4TID5^4&2D)B-$ImHPS1=C_b1~p z0X;znQnRKqcKYQCwSu_}dK`2==oPi5`((UUiR_FqRr9NxFN2|NSc7EKSC7ds2XSUiAG?&|da9O} zy)dY(0Ew5E=I{kK*&z&%mp|==x;QHDjxffpWnf|laFn|tB>k57!2rd2*@3Y{BmP!Kw}PAMnd@mcn{;U|I}>THA+U)sCM z&;Klbo=vKd56gPhyh46oFGzRZ9M6%0Y#ADaT%sBh(S5OabAB_TO-iV_q>pYh_t)t@ zsA~Gk+_fi4tci)vUbc^uIAtEPLr(N4Cjj@573~R00W-ma<^^pMsUB<3_n_C)9lW{= zPxLCX+&wqWyI#7z-G64tJL^j{76HsdfALcQ#VU75KloVCGS7Pc@$K9aPR*ilLe<{I zRiP7eRmE<=j7+5`+{aU_yTfN$cKzj&Sx0KLZRRC#AZ(-i*6QXE_8%PsVid=M;DalC z%IHV)=$lq8v8kJlKW>Oxp6EQL#^|?8(7j|nM~t|@EIgEe{P6?qeQ?4bB6_N>2_GOP ztR5sGxB<6o(Y-*Tu3id2p|rDKF(WJs+S$$6P8F=rJxaQMBzQK?RxbAMt+erIr$q;d z@>ivaE`&7ImeRNC31=gQ_dfXPe3jC&CbN-cwupc3#5cGy3+?F4(hOG4&BtE)rr6wY zu0hC^5>7x5O~m1Nsft7_Io6!XZn`^U#(oR)H-S)q+dWQY?#3<+$oAOLpHchBelG~| z7!CZZY{VwQN(ZrzTsilr`X3!PRj$yieOmu|$Wc}Lj&Wwuiom;cjA14`zi8U8HX~0| z%a!#YPSanGRWD9ZLEr zbHg2BEZc~t`3>|Q2mTUZ)(ORc=2t~AA_h!fiZ7wRA9}eyIpZT(12T_k1*db8?!Da% z$~*hG;FM=xvsSOK;A$yB_=yYDr4lptJXAg;oh3xgWN6XKw0;D+h$V;3q6|FkH~07n z$jh+#p3eGyMepNdJt*sT%Dd8;(wwqZ(D=2fY9z6ERvBDYFlykGv&h|&tItxIiouT9rJO)KmfuWIf{{d%TM7f=L#kRB5 zjHZ}W&Fhkz4XpuFH+jdgxl5`N@NN-#pD(#!?meUn2lv?8XA4u*v=WG45B7`=v|{3~ z=m&1RI=rmcU?(Z_MBqN1+)DXnEDtzK4blT+g7SQRNNW@cE)YcyWci* z7(Xe|9nzv|{DxP?;u4+Q#-HjVN4Qvae=S88%jU$UTc$%jQI zeh}Geak))h!@Fd{w_lcicEY#$`pe8rCRWp@9z7aUP>{520P#okG)Nq ze|`d{dJFRISH0g-+d&D>YrrbwnQ!~MdR8Tk2UVzwUB9ACVmu2&?haML;Sh`s;V z!SV8QpNlttP1T`B)Nj_{dTYhsyKb3#QKZT1l<-xH7X^U1r$v=_CftHJUc{Ir9ZTy8 zYSXsQd1H1)?he31zdTwRtzc)>Zgh?H8u|L-ADax21ROSt5QZ5)q!_HK6ibmzsZQ-)UTlQ!u(Cag^|arVNjygaR-invrH;j;{@xAF`fr^m)0P!86LW*0?=vjskCg z75T2JeP^JJ;$|mg+3K9$o1(^`bggQW}9{{c5c5n z&o(DU6(t)F%MZ5T5oO z7<(=`{_K_~O;kkj6p;D!RKCz0FIGd5H=P-cdTF_5{X}u`a;pEhp>*A8R29BH8Qf|- zq{sz$Bllpz%v&Oy5mkbWdG$j9$LZBj-*wh(eYXmPm-TsuD_;l02-X;&iuS0-A%-vq zLr7+?DKC)RqW2K^AB=ZYepLVzGae4{v9ta$!ceF5MZfpc~(=x$)TK%KU5CNKY}qGp2I? zC6pw0dsUg10}9momi#FW=C7#afNkB{gdCwdepf&9e$Gpb^idL?@Q-Al_jS)RGEgeC z1qgdL3)9f@b8})g><+kb8A5U9ZTGu3Z_$;>%d*UMv5v>2>}KqfhOb8Vef~(B&hCZQ z%1zidN@8)?fna8XyTLM{&jNUEg6fH_8KfYdc*-nmUIB_pb>&y~3IuePCU!Y&R8x=JfjI zWk1&Fgt_~u8(8Y$c|0;1+e0^Fje0veK{2NS&DD)lWuR^n1CAchp}oNMApeL?|Dz+S ziPDrha1=|RmIK-@2%wQV1hfwy!FUU*`ail-1h6&(07Qgp$Z|yHL6H;i;FRAlRTh`j z*g7tm7G>TF<;l`wyvJ*s9mRZXeHehT=!2ZudiFxMF1y?T>x9j6&C&LM_~pZ(ZTb!I zu7YvLw!e35wt;!RNiWbjpZWjl`mf0w{~a+80Fw`n4}j-X-=4qwtmyQxF5fly1H?qU zwK-`sf5I?bQ(+Vl#SJMz2~#Rho=|-zl>ru{Xan(G5?(qNNiqJDhLBH~4R!Ddcl-Sm zR_JCfFMFOrd@}}k-A_seQNTe03^MVSVu?Pw?i(c=XKq-u+$8yb{oxuGq*Fg$9|KrP zl|+H)s4}e-9nweK{Ym}MRnN*9a3kMf#P~b$Fs)zqW?ULlPal31Sf=;=BxNFX!>g=I z$bg@)30S9l^nw{^!c?Pas?gOmLOmC(ZsgW%w`TQi(kOhO6UU=)av`$x?Jb^~3b|`v zr8S!f9LYEl0Q|Z(PZNWOLOFIYanxKskiaBd{VZwiQJ0!>reu@wcuB~5xatMUrYFed zB(J@x$*RS<17psg0tlf)xpJ1OMwW9x10uCYk%Z%duatJV)+T zuA+G;Rrsel1m$x-Cu+P`7)VzO316ERCMLo~iZ+;Ct$J3lk_tR$hP*B?i<#Sb7F=8h zD(uper*O_mKY)7e)JV)l<7M7OQDRLdUE9sg%v#$6irtjOe*IA8qwfh9SknuZJCPI> z(l=(>GpK;8qo13?g#rIlq#wl}FD|RM(i?8Zt>b&`7w`JuRMg0P!O_r~@tz;?WDVEb zg^R_V^E(vfgslxu8CTZ5By(e1-$;f2{?VEHh%+wk#<|SJN2^&pT-rz*o z)qax4xn1BFci2?*Mk?~Fdn*_7)wKM-vRt|hVDmbhM2w9-O2-~5^B zp5Gm#}0&y>~d6GZf7M@oGa{ z7L5FoXOU&*kxuq{=Q&4z?qgmM_II4XgK=dnth$HBcbbT})Ye~e)?&?q2?CJ%FbgmE zXd|t@C2eZ&)t=~IR#W5bXWQva@%p&U)JfH!{YU3x&OL;&&Le@aeF#NjZkwM*){e;K zvFe}dW$_lO{=)iOlH=cheP23VYr6!^LtO+iu{Kr9rvGcjJXQ0w9LgV$>u*dEpcdBZ z_gqZZ)4;v12tuFNR8Am^HiKhAN*0FtL6YC~0fQokL3^vO-H{iDM;?1F z2`zkId)@H3VqdEFy-Th&Ik7tu;K;?`+BnkRQBvmxt@8S7!F{bO!k@Kf%=|)w&j#9S z7@17Pv=!VlJ$l62ARwUVgZ(6Uyb1II7!TmqY|*a_&~BK;i0ic(@#WM0{C0EVIk|&E z)iN8I7jE~D>Cc#*bicoCvY;XvqxYF%$oX2+=?Az0v1(vyD=!a8td;nFXmD?OWTZX& z0e>xPHS1`2?Fads)aVImrsz1LV+O@f6vI#Z+${wd+TsmKqC}D~nD*@!^5>j=Ztlu0 zefib!A%HA=krGZail|+m>o%)}JCLMG61u@2x!tn|_Igr}4DXLNRIB`!?748Bj^Ew- zSbjkC5=fPLnWA2?1HM?(yoV$}Q#BnTC2mcIw0Eb-Ko5F;DXza99yCmpRr`AR%!1(+ z1d(b?oFIpN*AK4*7WTdqdym&FD3y4Qq+|T#(nyL=qA#_>d8!{Sj;3swc$0uhW zavHCzq2bnB`s`w+j+$+GThB-yw+ESaz@qAZwhsQ^-~T(ZuyYkM(&wG+(zea?`Py3X zh>hSW*EBPA(YI&kb72|%B~O6Tp^qldv5Nyf6G!n805uSVz>zI5h?x?kyyg;Yrf+Qk z#XjFH=k_bU>7BC|?Xe`!$s=XH-E<>u4~c>~AH&lSXUIH(pa<|u!wDICDWv)v-INw0 zVx+e~`bDuF;Abp4tx2g9eem6{b~$@2pWv6NQB!e+HCEprnyJ$aKm=U?@5r}BBK=ym}&61G9kf#TD)<| zTTmd{e`ZwSc1lY{_7zsP&(G#nPwXf@))Y-*3LY{5W&OCkjbl`5#@cweCN&?erVoaA z^!S>I_jX8>bI-@FiD(d^iKuh5VI&jk+7>AS0B)TtLig^NQo>UPTxhddp9GdWZN+q$ zs&ottdFEHyO3b!!E!MSOWmG7omf-2qP6YRzx_R24)oR#n@9t`IVeQ&@`gla)S6@R6 z_2ZA#HQo)#MSXyhdW)#nkLHAjy5RLPIJRk`pHGnSyAKJ%mgb*Ots%c()OWD9_TG@3 zYPz;iL%%#difgJ*JmjEAzX7vr=tU^Ot=`)@zzR&9(Eq!9T2JC8FH?d^9IMiaR55(D z`Mpg7dmDadPwSvB)}o#3=Py%V(#n{|nBbQyEf4n{5CP?KI(=r4P?p)b8PqlJe{^Sn zW$uzV!J!0&-TlLQPQ%JA-C*yB8rFO>%N6yTON}|8hYB7NL5Jf3Y|q2{#w^IqQ-Eu= z7m|CgTbqDm_6eIYRcgSGVo=$-GH$>5@H68vclRKQP7^D7f$_v@C@&1$i)-NM5sg;Vsv=`)YT^a$v{kYd)|f8cstv`&wuv$b?aX|Gu{IhI@xkaYOjA@{|hF{!Hi#=l^A+9V6L$0>%^{stCNoWq{xRc~9 zh`3WQ%eFiigr^!1e2Z##`|WRrLX57ZJ|oEq+*<a!3 zdI_-DQi}ewqX-ZDKTdJCb6S3JcaS%eK`L-p3b0LWI){+3^TGfm3EU;`)?=fDw?6|T z`0nFyu|FI}#Bx$oI3K#dymszW^7T_Z;qV|C*P{JJq6{{%)L&vnY0 zQ3zJDN(Zkr?w)^K*c5O4U{h@o@dc!ao`kCc95G$srwJn+y5gm$YwKI8tsCRovwV`2 z+-##>obFY;znsf5c0v9lOG$IpwY6Hr1FF;{fIsA&Hi9Jc4}n2rYn!_l{yT|nenDDg z$?MlGmKtjlNQm;f46AL968%8r&qxxwx4>d>S$dTxSGU~f*}KfEwdXJn@iWusyL(zT zl)JUWp@lBy12$nB1HelUJu>)5mp;@+wuwXkN!A_bH$CPVLtpa7wOS-o!|S~uY|S_} zihS>}#QB;Q(To0F?Q=r@@UL@=m9}pskzCauU*2;Fl1_zXuQ`7vm6MeyUCODxHM{!e zcvEGnLG{(*_1%r)DLg1dC`Bc$@9~+j;Vky^481MF(AA=Y0dNu@q?KGtFg?Uta4st+ z{Nazh>jf>_AINV^9(aWK{Z?VPMyp{YU+_I#g^z)J>+~ICPQ}<;J7lln`^ZAm4%Q|w zB5l*XCOSn0#((jX}j?WGfNe~Cc1)2ebjmX$a{hjerF0UN=h)9*0;fomxV340GqRz&xx3eU+x`Y8 z1=pg?F4fG0$JNwZA~?J#=A;+Lhq$^`e3l|s=>$XHEs`pM%r7cwoEV7kI8Cj4w6bYr zU49RF>6Xg<+b_O(iv9RaYc&Z9Y`*jX&dvzV(<1J^W90-Y3k-9wst%T{^Ui0?UU9{j z@7wtRF7Y!R@^6F}f5>iwxT$c`IJz8eM1=HzmYXo8WDut@rqJApV6V0Yv$NUuPS=G~ z3nd?&dsUoTwZ7b-55^x1l&~O%XkbbXac2#RX*QScFP1@*pb46#J_hS8hplBi8d7i5 zjk)^P#aoS6r1gxZF~|#*vjBTFdo5v4UZgPi9SqWs5TOkar@Ab8+Q_YZbyA(GZ-mpg z-f0=Ut|u1w%eO}5-}(aKL;7W;Kp6J`N)U*H$!qSD{gOFv(Jnui(~k1fUkan8w#HB) zHJ&6E#-~oBc-xC)=ofHu1Kf{t3y)5k!ldxe`TbDGp0Rt<(VDZjX(gRi?0eTze{ay| z>pwcz`XdcdMvmhb&j09s8V)=~_J9%r81gO=avJjeAKjnLP)j|#;~3Bcz-ADSdBfpq zUKS-;Rv?)7pXJW~4MOw(E7J0`DO3>{*gj{}A9?Ooc{erfYh1kXJ42YoZUYGngfI{t z#e-mxLK{16sAjvp6q&2e1Kw(z*ZSGQqADtBRve+Dd0<~zI;%0#bkguef9bIL+?JSK(7v61+=B=$cI~E~%Q6H@;FKAR) zxarjIx75|f@qnn+aN^=6qC#9k=_m9e)QK61L2dIO0Y#`%x}CP<_Pny-k^@8P9!`RF zPvC;+hD9_=dI~Q6A5Yk+P!3+02yi-|`Q15YbG;iSuc2k}{+|8r2Wy2Z?$$y9!wY`H z^zL}L&9W|t%?ZMhk_DGMP!?({b8|9DN*nr3d=J$G zf(ma$a=gF^futq~^#W8u%81K52N=yxj94q1pH{m?Z`SL-SV@5q+A_4y=1DA z4&^tYs;@p8&4KiS3hk7%uxGr_xB$cNX)3c(k};9j?fU{U{kogm`PeV(yxdT+YAuWX z;%@*UKb=N;e75K>)+2d*0Wg%D!^OoFkSq?D214+eKuxJG%e6yR< z>V-hZa@0Fu7YRqwBezqI@HiIu?e^^6XB;nR3sc+Y_BONr(b>eaeBi>ry*{WHdS3t4 zi2v^gZ`MuhPg(2Jz>iH`6UaA-3NyMxf^6>jucJOPRzJ@&U8RQrG1VAo#*Z%m{mANV zB-P5plHkSW3(FV;s(RXFE+#z|4~e1)&v;~8t80}K6#XHTyq{j2!yjU#f3KLT1oQ|P zGq7b@jsl^_h4QT&4r@OxM(Bc~KYH`q3(PkcL2lT&a0uRU_4F6ZE`M3mM;{hPQ~6S# zftUx0Pv@;cWA;EQJI5Q@#Cv}YOGeu#*V`S;iUQs9RGkgVnp2A(zWeU@Nk=|<D`l3XRl&T5dUodv$)A_2J6mq)Sr0m(HRY|oD@mr@fy`A^|IvkS)17t z9NCRhPpD6^H_lLo+mNB^eZ{(S`g-nU+tgdT*0TOn&~t?$`I&9n0&B@636kC#{{T9! zM7ZWp%9vp9K@Uxq#2(GCWdC&vmEyvZaFh3&wo=uZdpsiFH;_ySeV8Q~LP{8b#)jwgd09Ebu?exyQ zNU*~^+?C*-ZSg9N{I@M^q?1uXBFN-~{o2>k!THDe4JWd8aEn;--K?Df`{L|id{Vbm zx%rnW>%Zmv@uM{UPR=HIxO6ZV#X1tvCMI^vD1OY$xca0 zlg+DkU)rls##-iLiE4khs{6Nqn)83^7hMTeF90NbG4?*im?uxGScPa2uX#=L^VMG% zpNLu$?F-CG(f44(F?P&-bUqmLlZ+!x4tnH*F3|Gbsj8B8+wY9g*+F8qF_1+MBg%27 zgrkq{PF;?B+4Upt9jJb8HCKbqMUBknBJA*?H(vh%$(YCM?$!2Z{yvil^W9fyJRBfVhl0KC1*`B}> zLj3%BqXinyt;eB0p5+CP{_(r0W-VZwU#a${Ht!-CH+YaNA{~C?};Xd|d398%z^^w@5ZRh};tl7WuEA@O$N;&4cQ`VDK8Eu0IYh7(^Al4{PJy6@Z=_uvxQfQt?+L-W zwP;eWY$tv!du^Og4P1Oj9gvBYv->7=G${Xbf{|*MkMvYdx93Cqy<6NuottUa!#{_5 zOMK1}s9_r&+;|+UlEL)&il4Lm*C(XE3A78eC1>42f}W$7HG~V;u4Bi-!v0{*6x10;5j;M7;g*d`Z8^<;jr#mszEPzl}U^ajAb% z%9nnltFuZnNOiiYaqFQ-SnZgCl`F|DTuTWElL_ zvoq>JdK9c7Me4)_rnkn?FBa^+dV)T;?8)>f8RPT16y@-t?##6~;l|;SD0*p~L3;68 zkFqWK;!2VSVRK;QAej$L4?2VKGADTcX_;%;gF4u;m%OvniwOK^d{OE5@F`CWokR?a zh9AX-6inDpBgI=pm5BO<HcW$qw@fo!06T1B!%gS1WP9L|!{h8Z~S9BAoxiWJ_7k^Q%q;I%;Yi>#t=lT$+$u z7ij~VdzK}CdHesc70vJ!ZcG3-AbVW^LPY`@3Vb}MeZcC^ZV4EABE1Lpnn353cprW! zDvSGJf_ZAFAaS$wP4vt1K&x+CYS$0NyYv351?sw;L1n^us#u*VUZu89sW1%lIN(Cz z6iWnM%=w}GHXYuYxs>Cr?!3dl?J2Vq9|);_4+Gb%r&`j+h#oIOYI&9RSBZnw8%wwe zACHdLK-G2xa!W4hS`?S(0$etL$@3gh@A+cz#Zgu_K9%>Kkw$fUG z3dN~M%7|{2i|GbLYD;%$cc_l4-q}g%FIFJU4{68KWHp5CT0A;4tSrUL%8b{s6{=Cf zu}x}MbR5%SXZ8lct|g1H;6IklC8r9rJI)U0Cc1VJV%}M_#b+gb{7o}9=4}*2=htq& zkDA=tSVF>x&zpUfb3yQK*Ko}r#iEp^lSgm_ZH~10#e^zf3KJauT;qct&3LYH^woP3fxf`;3&O9M{sTJ^bBh~Dp9@ji`zVeQP zzqsb16u9(>etrK$B8chpRJZrvk+(hgZ@g>#&$=hpzqoj*m^Y($w9hQuAFf#sg0BsT z@*sVcql-mbC=H}!Y_IOYi?#MvL0Vp^aUd@(2O26qC>d|cY^>HFU(|3BDTiGD4bL_#0q9_H`;sXad1l55HQ>2{_0%NOY*-|{Hf${x); zKvJaVnq1%gM6yvY5&#SLdh7O>WqoC6M6JVe|9Ic%?}`G*l?eS!pKD9HaU<2KHZEF` z*(99JJV*;*JfU}|@P1D=jfv~D#1(lGqV(~GQ2rmJ`nQ;AS=C<(2hq|W8#mdkTx)E=g+lti+5IS#qnmG!{0$?mEh(Wrelx*g_Zxv(;?1e}Q1q;(`^S{ng)uh+>L zhnG$P@x$ivOE&fvy@29K<(@RLX zp?(0&O*J?zDxYjlllamomD^HJiI;uqkoF+j)yL=ZZE8bw5{uG}O^J1m-yXdqr%*zA z5}>^&*hFkg)Bqw({IgxbiDZx2=AV9wHQ)y82Nwj~>FxFf1_wk{_8Hj?qGTkry!jj><$$DQMgg^=p5;r_z1TQ{hi_$t@Jn7?2l6aA{nRw zlngvNfu=VHU^o*j!W{Q0&m?nw_LOvxO`2Vg>!wDknkgfy_v6fnqm`|EGALE1ekiv3 z5%CJ;XVp(<_LLi03p<>!o3}gt9-7O0Wd^HU(pKaXun8Cs{-nKM{oy;+fnb4^U)3HE z=I*8Obxi#+dyN{wn;RX6#hX7f^Y~5eVHpt3WHIFuZwP1Wj>lNV1sq%K%@cPFDYuwn z4~4;28HD(f%DPmz*lB){Kg23tS?s<_V!uQxv zU$q_8VzN%zMM?BqG1=iHH%0Ew23Xq#WAgQy^oL_1^5=haSqUc~PdJ-N z2n5h=Y4+$trWdnQ{791&SDPu6SnZ!@z?LzgJ$kop*Tv3WoBK^8*KoOB(vnaBX2g*S zV0u9PoFPO-Qc{Szy8*gK)X}fRhZ0I?N zk?oh+uMViyn&zQSt){v~%U5HowwY!iXAx@D2YCeN&qR*3!ICQJ)R0v^&_TUUGy%l4kot`#fZV})-uv>`fRNeS1LlEzVQ|} zJO$4_417MIfh6 z!kS;r!O2)uF39=n#q2D40mep@1og>jErRK10Th_(CgnPFbr2of<|ch~`Chd#-Jjm8 z!+Bo}7Gu`<&@TV!9P8@~h4wXO@>EKLB|Ha5~PuPx3g0{{$aH zpvH3M@}Z(;MHOg%Dg=m4m`>d4-z3ymxFP|~-dc&TP9(^Jv3siI!tm@sF2tT>UYyX4 z8{?*xGbklW-vGGf=?7v)-_2Q=MGxkzcJY;>GG#sQylyPEqVQAfaA@}ao817DI)3ux z4d|D*v&%oobqHcE7`^=b@L?ATX}&ty<P!H~Xr8m`X&0QS>L-p9051W86Q#|py@2~8 z%%N}63F*6dONW7P)U2YO55M7F!Eo6Deav!)eYgNSZ1>t;y^klID%=*V473 zK9MiXovIVjDQ6b?n&of48*SJ2lJ1E1;K>1*MhUI^Y42P}%)b2{?y|OQ?Ws85`*ejc z{M_zRv^K`yo>|N=$|G1TGe}3S>-Dt(>|@`3ggVuWQh?)XwunO0HJ^eY{M*kQd@$*i zbu}@4rqi*nb5^eXql39eTzBNv3zv}#Usp#7!y%LjKn*7K8S)DnBaSof>LM8w4Q$54 zZ@iVvbZ{z^@={XVOn2nXadld>qI2UY43LPYR1$Q+9u}B%jtr1?Lp$gk2^m*Lq*Z-b z9Q^B3=^gf)`Tp1U@fK3knpV9ryZvkOu|+OxwesY;(<+1rr5qo^uZ=oSvEi$Zc)#$*{AmAAD2KDFpp&jSd=5AtA|ilv)x4Av_wvH-vZ6n(q<0 z(%FzkxlgUl|1^#cm7>~GAk}0jxpOicY&$$w_kj}hHs|3E{)#& zgu$9=O`9w&d^=`GiJwLff;fB@0p8mT0GCdEfcVc@T4$S7{D-dw2)A7Szg_?3RQ>aR zC1GaWoP#^WP5q;T1gb9_3g7t_YM{GwFTy?Azch7eIS-WT&g}B)7Apz5RLK&HcUTqW9%dOd=hce+S_CbwKyLMe+Sd zH=7pxkFGLkz9o|&XQa6`=)6;eFtufH)m-ce*kMvc_?ZD1 zx`2Do`rCv34B}wa_B(GrY-yBZ)V`IbOBuo+mh@ZVGcek{e7|8@W{)Bn`U9~`X5yoG zI7Jf1oXNiKnm8WzF{?uBw&)oRQ4ZJyVTNi{tGRzPy=eeLI>-B-Q`HFep6Ei+xHgxLDI@`MTk=HvQ& zN!aqdp@+NtVzs=;|6uPupqkp+wb39=>7euysY*u#K|}%~O+s@`Wo2cqx#oP^eBb9e z%YpHup`pMYBs1*ZtX<5}9yD{WO0=FQ)+Ob&syo>&>QtsN54BHMmtIr&Lv~)d(XYc4 zFo{t@A2L_>Xs}N=$AsGu{4CN62@dOt@lOR^2p*q%AsE`wCb;g~zd{JRi+u&@N@R3; zj`i)};AruhnP(E=*nZen_uR?2>REzSD35Nc^iq6x=98dMU_tnH{s1vx;d-%a1w)Hl zc-psWeDw|0S=4-Uw79yMo7@`x&iCmJZ(mz(y7p4GE0SQajhA0fyS4UnoPM)D%GItY zchU#75YcNX9D=Ho(`B^*7=`468 zy|;4ze2rRC(oM8BfUAbKxaR*7mD8u0>A5904O68oqJ zF+aN?{i2#Kx!^n*sKfZsEv}t%V&g2iLL!^MvELAV^qe6(=u%7kqE-e<{KDNZ#@FRn zn{;wW=xbt{ggZBYb>avCZLN?_u6^!{E$Lr3F=Mh<>B^p){9gF^@~PZPbL}7`kZ5nN zZ(`9vGrk?L)4L(Hq}}nP^oDPRAVXK<>B#7 zx2JH1U}~8AxGX1nWsNs3!1t-`w2*NZGSJWK^LR2H^U>gE?F>T4URsM!?x|$dTU(sU zMrcx=*-fc_>R4d$woAfpYDOZ+>b4VUu$3E5dJ{q@uYrpEiO&i8LK|vacOwkM-uE(9 zUKk)x1sgxaX-^zL!C$~clEvQS2wHP{ry$;w&WtPj+NpOY7#7KyUT!*=rkDX(G<_f5 zdhnwB z1jn+lBmFXZ8sl5L;a#YpU+C)qM%;P7PXO+-)@sjT!P08L| zOQc;`-e$3$=mpQevCzAu_RzrL;zo}mZ#RwdV$x@sv>s^W3Oil`CsB`8Wb>JiiaMl5 z-B#31y}AQFm7^h_>r19j_IYMaukR9)EWNCvkLiBcfT0K6N9qK|dA^)7m|V^E6-OVw zh2hkxy<|0@bfFl%AZ*uUs%3Ag44l9t!mDb_Lvio%aL}wm-{_epWWHZHV*3p zCP+Ewl@H%+(xo#VeK)cAuBJsGTyHe^<({l>GPAFM^fkEUf0@1}DmT4^1rV>9F`H49IR16^8=MokuG&Z6L`;qq}{M)+jL4c*Gu289M-n21f5%z`GW)+CM;wMNtT}lM|3WZx5in zG^6wIQJU27)fpgvK4JFN4^THJet6~JfrKcI^ap4gQ1TQ}r`O@*(qjlT7|1i%-DND< zYcZ(G-=3j$Y+*+Mb!>8b0vi*0SH`=z-jh@*<8oQC`{H-TmFQpor_bkwcYXo85(xfd;_Q^2-#$0wCq>9V|H+PaZJtre zrOZ{hn=||XB}$x-q3BwQn$v}-B46`|zmxSUe@U$0`~ze#?O3|_161Z{PZkU~CrKWY zcpy9FOJ8Mrb2cgbeKQa&a)BRM8EWVnt_K$=t|wo7{K**31m8VTUtzv6 z+ugwE;$7+>CNec079rLzl#`Myy+|id>I07mdwX~y2$SP0Ad9KE;vk%TI9t2b0#J33 zdB54xH;mmn3l^*#y;Gl(l9gdcl3movUSCn?L?PCd!<`_(s;_TIpfBG+7$Puo$w0Va zcSNTl8bEARBzr$we(0j8mNlt31+Q_lp8IU>f5G#!%VU${2X`7i6Z>zyKB@@dFLIH8 zUt2rdphM}Cw#~s|0#GNc-+ADhsOQPv3QX}#2h@HljC>PJY$(otp(s#8~ z3(M?K%?aUddM`V5paUv4pI=tfL8>Md#NJ|m!C-pW`Sm(V_b>ZX<+IX;{{rJMd1EjM z>YaO5(}<#@! zD(NcM+!)_40F1Z}K_Z(6y*O93VzbBf@UOQigvKO@WphMvEyPUN#esbX zrAq|JY?gK+tjfAi+9QT~_rQE7W42N6T&EVjz7?%WS2l_^9Z`LkvUk*^ps;d6YTocQ z1S%z8KHV&_cZK@v7!hqOO1;}sa0+B`1hR;v=%qDrS7V}Tdx2J{Jv9mbHDI_e7! zCo1uW7-YQ15)_sGwl<-|wD$dQzDdt;5=!SHng2r8^_cB1x%pNs(n~2z^sg=ms1E4( zN#AZN8dn1SV_+8kF)&5XsEL3In+o-x3A9QePEZ_&LSaAK)xWZr*nIYieHv*|DEY$`-ec-m?52>a*9e)L40ambnDTg~+45TO%jL@C1 zP*XQyn)mM*#(JKLlwC|k@z#pdrX-{seffVb6|Ssh@|VMg*Yb-4%8G5Ik7V^?N=xbG zK@=cq5Sj5GBYuuQClYy`zQ;*`qjXj5=P4l|G3j%uF`zKy%=|7yV3%p*et3ftmADKW zjXyo)0r4d*LJId}YNL>Bv$ip2HxrT#wEJXh6jS!v~6X(tf~ z_~VyAg(#g)v=l)|;Ob=Yn{zL#`{F*765b?^X5vY>c~~_5hnGX6q%x8C+xM3biF7Svu5ue$C?!ZR>C4m0AAlYU+`Ia7@_~2&RI_ewY3`hpN#OdI zljr9j>Nr@cBtx2Z-qf63U24{Z)Kutm>{Jgjf*iifkoIrQr`WkH!OA~+v(Qwoe1ujL zc!0@MyzR*|aX3qwd!G9nQth8- z*b_|C{fB|mJ!X+&0lEKN=fydVVRN#reiJ+cx3urXWfh&v{&}zGWZehizp^?|h+hx8 zl^75t^|vb$88nRD8X&sXxBt3TAVMfejs36RB<}bSI5Fw_^Xduef&SJ2G`ou5(`&U? zg`OM=sJ_PuIQ}`HmubVb6^Vc+X7X=OY&Br=k6tANItAwM?^>!oqw#s46RDyYp5*JFa^>L-EpYXB6^{#a9E`EH~t6H z$bvk-%1rd_fsZ~rr_w6 zk?X3c7B%K}Tj>v^O!Oa1ORwG~&{qZ#f(W)AI*T2sD7Y!PdC2$hUEOZp~Jb5 zkq{%Q2Qt<_MF?4_u#4rZUG7MURL%CUZ?0Pbi%$1XsYcM>{qgapLA2BX8=-h;D0F}d*Y8H(+A$pP?9r9JVT@VOC0$o!_4$Uz ziy1j|7h-nAU04Sb7FvFaT);$$RQKcaN;Vo_=5A(wL02?&aqLXM@hYg8Zf1r*3n^`- zX8ltN-MFpFEP4A9!KZ8{Jh`9LIy`a>z*dYUo^G3A6bvf(8UX79Y_bP!@^>`du6|&$ z%R5&TrYz6hQ;uiEe>7*UPgEOk7qd@CYm}y>HZLIE-HX9}CxxZ>9gscAa4Qj2e zmp>C~^#tpd;hBH!L%TJ&&7G>+Lwo%yE&oT>n-&DzH!EkH z{6utzn&Nryhu2Suz5nvq(NVyaKr1NyW1jn5juy4Z%S924CA$29hAq)S3^7#QVzT?O}?c_kVY!S z@ScwmE6oEDd?dJkDv8KGs^XVLwaSj<1ur)(&2mgj{^YWW0ex3LdIIe0SFPWEkM+;p zZs7|>kLoqlYxr2C(fNhhCaexfXu%M6s@8GJ%~yOB?F4+X3+v3l4*&v=M{n%W!u64_ zTqrZk`HwBbh-mx5=YSbeq;%upt&u#i?8%-AuO_IZOONwBXPwg{arPQudmT76r9)8p zl#A(;)?hcWku^;qtwto1%eoQpZ{3_;i&*=BFedpQbVL97|APPh*);h!y$Rs%i4<2| zPoeNA_Hr%lzKkaUti3<@2|%C@B#;D3;_v=F%XJ*V>T9*pZ)!L3^W)wG30rHeav<8? z$rErg`SyC&L7f&MhxDiZmpKj3{!r)~$Sh?)3BYQ-#+@K`*YOga8rikvfb5dLOpN~! zO#N2@)_*$2_TLnCxf#CnVE_xoKUg&gqr>sa@h12s#DSStcY&wa-@Kxy2M5rkWFXzO zyzi%-_%HwRDtNDM%Y%PRp5bzzc@_Lox=j6Ajth7FEC=AiYt4jqfSG|jB+79c)l_zF zJgo~vZ~q~UVB@@9k~REVr!(#TCSj;41ji4ZU&kjX{s0NN012N7v+fwiwQSS{q$d61 zS3C$i3WRE0V+HQM-2$Uy9Zrgp--nvDPs+w}e@`H{NKBJvBLgC!YxnT8-~$ivcPj@7 z&ZkaOV|EFEi+}!Ql*$;}+Qk7%05dq&U{|1%E>}{KN6UlkaxVAuM7el;#v7lrrYx|; zchHHe4ph3WBKi=dK%GIYUu@TiaQ(>Z!b$xJH^xE4q$tg^u|=in2MY5`OoWSK974h5 z_?f{Akh%oWr{}AG_IwxsuyhM=zr2m8Z?DCODq#>fzGc=);VTn34Wz1z(lV1euHPMxVT`QO` z*$QT*@Ca{BAKTb-uVr+Vq`k`J|Chnz4cIp$56td--rYsv2CVxwme-|0RD=X$`cSN5 z+sz*!x$N%@ns|YVtKRS^9Gx3?VQzEw-#$tFTPrhX>1+jkXCHMI)UToB2|-8sdE$d0 z`$E|`eekahhA7`-cqjQ#V4-wyzsvl=)?5B|57G5ZSe2#G{RR%REy zrVN47`}4k0kj=>-Ag%!b1Pcf-{Jm}O3-`s*w6(&a?vvW4qd3lGwjZEuOZTjIC1rv2Nz{Atbq4;t_~ zU{dU3_)rmE={dknnLD z=Aie(OV);hfY+7w>)roz`*+9x@Ogia`0uImFJ#Z}#re-p=KrUpipXBTXUG~Idh;I= z{BI3ms=ZwR0E98kZF^T{q%X6j`P$l_68xvuh$(`1aj&iXTQIBQ7lA(=zV(1|+w>)% z58!_Uu+)G6mTvzO*sbNC;jEu6z`poHjch6OdgOI+{3+|70--BL%|CQi)IW69uL4~4 zW&xl^Xn+dLf72sHiGNd@zbcZ+$xxIj;_rd5|H8e|SMnt6#Ir&6|DkeA;A>R>J~V$D z4aYw;>fiM9f2pr4?eH{v|K4e!I`Ws+ucpBNN#HS7vGo+O8u5AI-*zh%Oo@tWT=;s2GHAW)x~ z*^up=n)>u}FNaU1TA$jLWVNr3BeuAhpGo!7(U4E}(+JeU50KLAeHp{+q_}vN#$3QXn=+P6*m6%;` zfENbHihd%cl)`1?m55cUJJTJomaklK$Wlte^%K8U8G21c3`8T*1#qXtlbh7I>bh+F zEvVJF{)Zo+d_gv;$Tr~$mDQ_loEUCnDAS6D)9u2d;`-MC9xFVbyKR?A_-Xb(a+3M? z1*CsO14Rl_t8i)~tZtW#7mGnsVGn10U87lbU-Q7RP*3u(nysZ8PqI@Ekk<#~-CX`T z2D05i3dqKvDIo5_zmyZSURMfz!2V}BLC7!ZAiDCpXkT1xYW5LOZJ{jbH9d^Ig;yE^ za9ja;1(p`abOh_60GJH8cJ0-liCtH7n}y;1!F1?`+FU<)kIV}LDLi+&dXPB3q9xKO zELDE(9{=|#P_Hi?XaHH6d2=dFh<+t4wF=GU%}qQaWwW{AU8k+2@aH3-PpUF^oDY6} zdpW8I?quFyJ6QW|Vqs))Rcgohj~Gy6>bUuGfwXW2>r6UTKGb8O{1YStf#4dVI9 z^Y|NrP4^zswcqrCgN!!t#Yj$xE_=Q_zL0aC_l37KY>S7q2#0jZ^=wKazMRvU$|yZ| zuyjCR=gnH$a3VEEoH^xMy0Dey;kJKFiCt>smOkt+0GTc+f30Yb|L4=btjII?YPXcR zKauM!)e0aRiUT&mBQ(;lP3~>}6cQE&8wc1#b>)?rjE3S2hOSC>Koq zt7Dx1c=O-wVbLbv50L2NmG}jZ>xrfTy2pQw$-muf`G|_?_<=j^^j<~zlaU&3PjRJp z?->1=<+?(or2dQ1$SJKn(K;Y-mXwv$qt+pLL#|M=iYy~3QPd(1aacvZA;~8Rxk4(T zOHedM6tWRxA#nooI4sg7CCUD!KpRNpcajrq_?gI$-UF!T{z&Bil8Ybv=Dr!U3QOe9 zMr2}<>4q15WKOQ;KI{5dSeO6X$3964|I;MQ{P#&no%H7I853a%Ne+L z-F~bMo38`bC;qXb{;K==r&P%Q>*zc0*Oe2ImPZrKFaNG5 z@16vRz8@g}H_9A9jr?YSzG#s{8+vqK5i98mKx|)GY9EGEI!U$Pj&-*oRE8Fz{8b_Sj^E zRJ}|MsI(FCb-qI1B>T`sFQjO7?>nO~1XYEPbKEL>^>nXR{iWca1 z>?CqiWOili`Kqo~W)`@*?K7OSXP>+U@0c)mF zi4rR)I2qL82k7Gu&;s5KaK-5M>VpzT7X+kEcH%RxA*ybkWt%;D53E)~j*s!?X5 zM^WDns~Qhnq;>$bD2AM~#3Rv$vnV_t#PJ)vPPQ0;&?y<+l}&6ObNk@523@$`foH`& z$9y{qL_=ax>EBeQD{<cr!?O-&@=L zVmF^vs;%;{Yxgtv*9r1fF$kNg^Dv*O9hmnU?5%amsPIEG!QS*TrxqbRYh8PbNzr2# z)Tb<^7yV+;7ti!u1gI|w-Zr7sEN#Dxvqxw5xy>;muO!G`aQ8ePt}yLV=~8L9b37lk zBbJPQ5SlQcdl}tBqd*k1PaO$qu!)LjC-;*>Qb*w>Fjt~*H`kWCPkbxmrqNmdw^Zzf@Q4dWoleX|>^W)GP7 zF5;?Ndp67leU;B;HV?Uu1PPx?`<<>uRP8)n(+Ec5`>3hEWU<7|8h>M!ZK@Q`SqNk+ zIXixK%bDAAkBG3zrY?D*7_8x^*&7VTj7HY&F=BO&ZmXzHS4?b7Y;f-nu%5EfTX-<5 zQk0*+Orr#QcWUnExekw(C9Z4?ku@yBT6HzZaZHIyzEMx<_*8T&&#w`8G}OHTiUx<=o-1-T+KZuTT$9 z++cztZGCN=W&0y++UYec^%}f09*Q*Vfkdc{2Q;pG+w}XJ zJB=6>V+>?xZ56=|GoEtUIlQfW(`A1DNEH<^o8~TLuz;CITYD6j zKplA~nh3y-90s{QlvOG*PbB|12Yr_>!yEB>!ldVsDqdH-rAeqGywRQb)zd@xTx%bk zeiIAFK-Sn%*x5EubRYg$X+o0q7-ZguxjD(xWYv`YiVC@qFihAS%18ZCurHl26HNgy zdsPV^px|qLd1VeQsDhpn*7@v)QOL{Hq-cbnE_`V*?)o!F@Eo}TfU<%_Bp}$iQ(SOT zNXW(La<`&Km&E7nt5pj(g+sUmMUa~b=dTF3>$Eo#`2%rwfUV$+y9QgOy-X(~IX==RNZ!%l!>ce@&U+KEvtb(D!X#5K}vYu}M?H7RC) zb>rnwOYu74qYu8+64|Z?liV0lM>ZW22Hk+=m3NyKyLyoG5lv3A3Am_Cyxex*%Jj^j`pbV3`OL|E{@SW+|rVHF{Ao zq|BR*NNqp#WuJ+V0>m7fVOEcBj68I^2<3Nj;p*GK+vtW_HN+QKTv(UZg=TQD%^W~4 zIzg%%;@4W=i`JW6S4c(f?bHY*IykxIDo}Qf)MX3FMq71T2}K0NoKa%a)&_8o(CfYC zboI;`CgYOqGS^z&Mt$9Q)JI)SsvJK!nC1ru!r0F;*3Sxq*%K48SzwBlh*+5Uv0=;I zRK|T1#WxFXeiaersy@~Nk>4Z9o}FK6&S=JJV&KT$6#%DRL~!8Kv>X>qI1P%%yc6I} z-B?$Tt24Z%>Lz~IppWUIpvpH_A+;TZ6?KdpUGv#12~{8@uyDT_tyF$u`;Kz4jC>1a z#T`Exc{#W4k;#>*gg3Lpa-^8XINbG90a(CUP8;#1hFNnlOlnz~{qq#o^~qgPuExLu z-SHgi8{*RT`wHjkd|iqbRc?8rS5`l#?X-eX^bQzq1290lT5UBQi8y=5ZPwnPch75` z^rc>?`%53^WzeEpr{r;J&goqT#03ClAB>FZ`%?Aj-K@|-Y~ZKr`ft`O@u;dyPWw&; zmiUC>>-+1DkFg>h1eSyp?ih zVUSx_SldR^+ncapj5(zh0BH#6fyAGrX67$`ZFtKwYh3qszT5pVuUBK5IDO)9lj@8G z$xWV+Yh5Yn-@|S<_6OfWZ+0gVJ1#>o8vS!#nH=Mln;v341pB%Co#LuJT%tNVq`J^F zIH(eTbsO3Mj%w$^sW+$3uOq<`^}@lEN+Njkj3PI&hl+KX&HGk{r*Cj`kJ{=3p{ST>D6+$&jVqax^6gc4&HdRr1v&)3TkPqIj+5;D-S-D&r-gfT?o(F>-{ z(UJHMH89*b75RH{YRY3+wLrvPVYoF1%UNDKr#)b>6=27a%+^g9Qy))<8N=Grv@FAR zCswB-116t%RUaYhms-y=rxkm^)%7b8!L*AwjR{#3q$GAAe=ELXq_UwvDBGdEQPGn( z@9wab*maV4g+tVWM={?L6IL$ZFXOB+ zMNe=dlChcKwSpScC2Wem>+ubKZH-8t%Y6d?6*3-g9{#SC&4<-syE^Qe8IB&y3KvL&eWm0z|k;2dL!C5B43GjukU^Pk|b^Pr5 zWcUg^E3iIa_tig2blR{bI{Aas&5#%GMapUN&^~`gT8dLUdwmFxgI}t@?X(V#{sf_P zE?*5-MDM;T*0ip9Feo>9cn_&yq zW!1{fg<`hss3|$J9SJxe#X3eVbkl=uv<0ntIry-&nByKffwK&l|HVb9y~mtJV1fAv zU)HQiM;5b-b)^006unEf^U6{pYa_a@$9H5+jvh91Fkvx(6~-8XQ}RW+MHv%UW_#Nn z8`_?Ey}P$+sV?nGh5T}--O&BKRpv zp@-)Nt);GpP#$tYv;{;RoA_fxgx`IUoPeB1&p;4d;I~1xFK=9Oq2sA-rAzp z#_p9i0uQobT5M#PRI44DkFVF){xD;}t5>akI34UCJRpYky?^!wf6E?Db{~qaL{%O< z70#=-bmp8kXJmA;C%6{zjj+tQgMeFmpQvhVez5SfFi@3S%&e|EB`gsyvu%KYi_8yR z5aEN_IlJ@wNFRY_H>A3#pZKmc6lMluR@Oh%mJY2gneTrElVeRZ-zCrV4GzxOJsG$v zFE#RxY}fQ+T`j|68F&j4bD)V;g9(@WdHThk8fv!GEC-0rbJ>6EmvtS1X`Ye*WVl>d zeQ*a5dianIjc*4ptvIx#rg#}J4+fP!q*I+r+Te=%IQ)*;!_P)I-!*rBQ8Va4;#yRf zXe@-F{hEniV3$ln39{-53+lz*PF9Y%Q4Kh`L2U&gb#O<*02m~ zbzj&h3wPyvt%RE_EYJ!(BpRdWD3m?`EXo3t#YDx`p;(RTW?&awZud2>ncbnUpK*CY zTUT`a;3Ma>$)oo?B}631w$`J^Q(o^b9;IN9*Wh#-m*fPe>W9qkjol~mShC;XJB6gQ zrWxr2Pz%aNZ2E4*Be{N)M<~qMUW73~l|9svIuCiu^W=i?<}`2fout~T!4C~zwf0p% z4ouNd>A&SzKqk(+b#gGCWdX<`_GPh7W$`TdiM|bTrZ~8hgJ`}gF2P7;YR-uV$L z^STJe4Rvi5aREm(84MY4@C_{ZdUWE|5D?Vf?a$K^%M}e0x;Px`=|+GEt@`h zG=?E%mGVkA%Sv3EOUbh8Bwnmbm!)*AYnrAbLcn@~Ch?e6F+ed=zp0R30! z?UaP-weJU`gis^Ld4_6o6Vo}Uir2nNvg`|&an*!`{9R>sD*0VGy00>}p{H&*r|~vJ ziO1W)oYm;VnXqrL$n^(}^>gC#CVMWPOg5xK|gR|V^p<{mU8cU?b3UJ*ZUJGX~CB)iZh@J!QSmDp62XLn|kqr##)8Z zRxk@1eiZAFI$BidW3C)+<@A)VYv7rhzI&_33-W`;uF)q@8id_DtKOA4me0qrKZ_J> zB#&ZqmX~fXH@cN{w5HE5Wl6?$%Y@PR=TSEbChxlMO03M;9d*vgssSYobl70QL^`b8 zi3`_vQI(_MYT5?N*7f9Ns3a_1tOJQ0k8Q&EV-G<{So0S;I`cJcZ^Rx%>P#hp?=e)-D7o#B$}F z-$H+y=i-oL{>+hqJ6P@qNT)5Zr020o&P`u8&j_|;P`MkBsypyLczWeXasH|cyZ752h(SV z_Q|tL+i#ua9Y7+@3C3jg*Ift=>Sx;?Y?Gv{vFas!Gih!LPCB0#)S7bdm015Hi`UI$ z9&#-BsdUjeoHuDVnAuOa2TYCAg*(p%xTHl3&+trH#xcNa@0BaI2qX{6caRc2lmFg$ zlq$zL4RHjAw{xSj6NF&gkIKHtM6`z^nRhs+g?e{7U!}k{Xg0oH;8I<9e6xdSx7TqS zK%Hp=c7Dmb*E|3g#BT-LEW6K38wzs1l&qBn3YHa^Wjn;FyNG<5F`9L?{{G+sLCk9v zA!kOrEy`f0;Dr_RE1Wr|C=vn~5|NF`3y#`b0oifhQW0~i>e9RkT?|(h&iNlJduEnn z+Np?xpSR}QPpEd%64=@Tr~>&}9fqH(I@eCs0c6EY4Ea$yRw#=SKZ3bYz!y=Zj_gBR zhudt~&~ZCA#MX1a5MY*Kd!>aIQ`eBJ=ojf<&aM^h1!GO2gl+umuRhT^GBT(;l^k(v z)$);tsc5&~6?p^P7TE&!3MO0`ySAE*eIOyonkhGnn)Tt(m{SxvRoS0wSGMWqP?5y+ z?}T4TkfVh;VxvwWI4u^N_Pk1~ei`e4Tlc&c%^_(%sqF#f8JE607I$+G1{+aMH=mMW z7rNw_vD8%`v9U%qlUD#rfch$wS8FEc4X2G)gzwqHXeu8sT_B=Txb&I0;>oKq*xj?@ zy~Dk^(LMxCJFB0sDPus;a_t(%-R;vWuYvN4rG$bjALJY3!?MKZxMO?w8B_4kq$>O*&DY}3?VzgsF(?rqqW|IVqo$H-V|Kz)9^n5!V%iV)b zyN4#R`tQOuUM!kc)PEX#?;|Vrs8Mk3!JT8!>r%}P#u~W|^a?6I-xQm8cdVTYOWvDJ z?Sj*M+>m~wsA?|Sc~^v|BY~Oi#-rr>xSUY-0mAexyg=|Y$0e*jMs9ZPHa@h{DPT7* zx4&#_=0vh(Nj+eHQO&hsT;-j~@Hu{7TbJVMoLjXa!KTbV~vz%MR9jwV8A+O8p~NwI}NB4#G{!j|W~!-vpq9!eq@-^lNG^GR9N zUyHh4U%?L0L);Ki6K}}&v5b20A0I!Yb9kt52uhYeECsx&l%;ZTJt>O4NK>HSo3Cu` zdotrKv-KOb@q^Snuf)aOeZG~m84MT=~-__1KS!Yk#dsI4^+v0!inqmmMlxwF>r+Zt3>}84+19Z=mfjRw85Op?P1FcGtjGr-{JGb@7_H6-Ia6 z`>YK?3NToHNIjuSbiiCTTilZQP+c_OX7$Lyfu$wGWz4izHE=YcAj(bUQ6j^OJx$OMOSA`FnL>j-C27u_q^HtXCwZr zBb=xSWwMEK7aEU{^~XAo-6xuzOm0K9&PoyXWt0Rlj%jkllbkgc;!4A*oR-q;k3VTm z1o{wG%|Kj$hY0k0o6e6Euv21jo@=Aj502*3qU&za-pHzAkX_*%vb2d~tF=*H$+&gi z^DCYo2q1ENfr2*9a=ol>Al91J>z}FERlBO2F7`WG*(AN-NmAqEF}TU9X?`8pyR4Rq z#SxS4)UI_p1lko9MY-%+%<9;wYGficxIfGiH0+4B4i9-7u+4VQI$i-{ufZ^fnS-Wb zIo26ipzv{&)&8(!i`Ccp0F}2iO&VW1C@5%xLyMJKiRX?I3Qj$+x+)ADT+=Y}b#e&7 zSE&nbq_LZmJprCiO`JVT)4ox*o_+El6yGn_q(9ox>6KNJrK(Zkic--{v3c}NfsIB* z5eg2TW$;PD_hkvys%j~aL={D^cg%@8>+8a-c=rnnr zyMg&?lMPy!7XY9i!auj;%fT1zkByJw<byU42s(h z{F;2pAvCYaFaX{m))R$5zl8U4o)rKupyu`(g!|Ow{Q`dMRBEmowPDrnG`ld-7TyyK z#Ko>Xn`@da|!?OdXJ0Dvw* zX}2K_D^WVf4*?eQ5S-b%8wJ+KU-(dz_KT02Tvipe_)DgyZ^_q&mgxl_65*8336e#uLua@{XQ`B6t*1=b?hfF0YZ{}n$cJv7mz8qxBxy@- z>2a<^rm8ea2|U(nhmB@18;}(88}B%8%X$J^8^UP2t`#zvwMz3eKpXPTVC8<~*J-ht zKK;!6Wcvl`Xv(%&uB)O=7KGYZ_)*rRNE<&A3dSCH$#J4dBfZE217C{5l+G=v74!C? zpAvDtiYs^l3TaR;f{0bUM%V|z*P`NsFX9+xg6WMHt~{y23)+`Cr=A2l%QGk3KBpjnWjBI?1~g$wmLngH`ATZtf#FwO0dn zGc-$oG@v34ytCfAU$_%(UD|EM) zP?Pcm-*Lz`}46C{l z8XeO*Ub45`ywM;!rC^UQ)n>4Zz_t^7e%-tg-mtyQIV;+x`-$H+eYRJSd!g06Dc^xi z8USNHeQjr_4C!B(Bv}-bLn;R#8Q}iuX;9K?QRBCe{UJ6;7O?K!c z9<>3;Zc>W;p07cl?(w1-c_xo+)(ijaUcx$gI+a}!1w=w!eoaRZ8 zG{6yoo?MrT45ki#-wwhc;`3WuE;{%aq|O`_yNbG1*-==9@$!%)bya_VNkKT`0&~Xf zbqiL_3HG#{Wqt-|74*^NN9p&=hvWQ#~~>Zr0lkmUnY!6Yz=J5lJs zZa9ss4xXz0<(3E5%^;c%y-izIejB7Cwt4Fn=yc&l<((QQ*Ed15tD^G>-932Ow^+}0 zO%lJv4r5@qvynyW=&Yre>dj?>`~)e=p1~;hJ5(}sOvP^Jv2LeoFs&JgLn1TQNgM4J zQ#irH!rR6o8%v5)B^vLmSu%Zu=FV_W6Bzb68l|tz$KAzlqdnKbp?D^k;jDyav7Us0&*CAK_b1E7?2M3Fgg>%hgAJSKUBX%MZA~@hx4i3wI=Z5`AANm7S zYP@pdl^V;NyF+qi2Z5o!gO=(}jFS_`Y?K|{7F5NiAh~&ahiaYUb;fw?Z`#^g)pMJs zT7_JYL^WjBRYeL1Qw?ES`%WGdtZ7_Ga27tKWu6ip2lz`~TBtxIHqVS}&*?ErCvH{^ zE>IKsojAEM;U1|z!azgYNHK;F5mPu;fd-L#-<7`}Hmq4+yK6~S$*xCgdBe@{r2D7= zlakm2jRKS6`TSUWXg>Nq!aXW7ldIw_UFt3z9Nebt9j5ZJobHJga_ew=@vYM%##tmV zDhlp&Ca~EfBk~kO+R-k6rbIloGcg0}%vKN?_%hO2s9Z{56?^~vyW+W9$)u8p$FHC- z;cV^9IHeg`)}k#4Gu%FiR|2p$>SX+Z{A=@>8(F9aSQgTTm+E`Xsz1$ZNa6WmTE)y^ z&;TK`TodZyh)B57sCc4y>0Vxt{E)c~hmHP<@(HMZLwiHt?7-~}`TxC#s6{ahVWRLg z5n!KR{Zs{bN#QMnRgS8X8W)2yc0L|`ySDt!dJx3(nqVp&vqJL);tbqZBc5Lr1xA5) zR=z*=2hX=FuN+0qwT~paU1#4e!<@APl0=iv=!=l9Zu5j_ZY^MI4RvhOc5Fv+)n~Lo zXO%Y3g2}j>zul-hb;JgVddDUb`!V*mUq{bIZ3YIZ^vLk0Ygkk`f<6l9uEaW#`?zpW2V?PwiLwR`L_Hj^rJBvM-wqPw50Ecd2;Zm9}!} zK)+EvkYp0|sk1G?@~x~k8#CcKpGOG+fX*6oCmMH94@~y38-586yu^ z{X`zU!%&dBo`jjYoqu+R`Q_k4`STYByf@QV>#7#)5&X`_6&>vF+fG?P6#iz$c=PUfwMUa zvFM>zSgR+i*u$6Uz5H#RLw8nRCMuooH+kdDGX42&YvtIEM*L(fOzq|dS|c% zb_od&4RB`UFY~ipDoWl0wB%~fqld||*IY2NovIes>!Vir-W>7y06f$weT21iDjA5c}ESiE-R>(y=d>&y-VK( z9v0SP?z}(RU3BGVxsw1{2o_fz($XLv9bdY56pc2oD2J)kx2Sn7aj(4|a4X%G5(=A8 zYq)hU$%S|5j#k+@aib6d9>d{f*|VCuJvx{m=Juy{LQF!$TBfJcl(SdWC3B;lnq=h0 z{M`oItHa~{5^-g0AvL=e;y1bbB%#E9>9hC?3rJ16`|*5@>rS6A3H6^#L?xsGp3u3H z7Hhk)c}iJGd4I}&iCsBh=OzwA%K(w2m$FzCrC*E3pD}3EeZV2{=ReO&b>2d?wmVw=lvs-{Iipt zz4yDGwbt{j!kNunvNL*gcYv;21=vQK%i83*j|Dw+Z;ThL$db9RyAsSV^Q39{qou1F zRs{8cGSN2xH}Y2*949VLu@koTH%ZR|ub0M*U$%u_IuY}@uCWV_5l>8} zKfX`-(O1Mqg~VW@0$2hx5L>j+6!EK98O_83M3Zwl$Z=wiWYlgi>EcOa2}Np0na7++ z1o?CdynALsTm{a){`I7bxSM8Z+;8Fyu^%DlAd$hjr$QYpdo9y(rw!Bq2q}>e6>=ST zS_TYkD=UTS!fZZHKU|c(``!Fhv}F7f(WHe;7L~K4e!gu%HLU3IIGj&2gXrFe7MVne zk}I2%nUfLB8B*OKrF%jnsHVkE2zBQBH_yRF@y8^{9gjn{X zwxok~`nXKkRW!xcl|`I|U`7eMJhqib-Ccg8u3R6V1&3U;{b1AuF|zjhc|L6Gi>9`Q zvU``rxuXg?wA$B2d`2T9NhA?JyKkhj&CuM`@PhPCtMO`$CGpNsz>4d(_OtX$2XG*< z1Sv}D?*lo@JsX-tZYk;}l{=ffHrITk(wj#^tnrc>F{=)y)^#d>{{P(jaL`RX?v-D) z9q!clbBP2rGX+9$26@H1l!qy^pA^?btEcDVGYQ;D3az2H#gpbbolEmU?cA#As0^j% zM+t+cEozU4s-E?}6>=X@ku+L@&Nwc`pVawV4qcym$@At@Z?t|8R{W^`cXct>&o=p9 z$Vs5O3yi-m^nVlub7|tf_sz-diI~;phj{59Yiwt>O~qyskEa*a8^Cs;74Q!39b-hs zigL0+pJ{BAPpx7cTOZBcbH3mD>B;D@Lu;028o<6=gw#Ompe_NaHArpCakTpJm&2Rh z5!e#%M|rOK6 zEDBa<@}Bs!*;Yhz=sdVnL_Oec{I(!R*NkcEgbWw6q0;RMRt!vIHP-1_2V(afWSdp8Mwps zd4&D79(p--DdVLVUNo6 z@HAUZ^)mFMO8I*q0}Wt?q#WU0LXDwrmsdK=w5I!|U0LzLg$Hl#{)XHJ)em4=miIf zdXgp;7k?~{9CG@qEV+k?r0Ht-`9lL>eV$&dioLCmwdhGT>U6QF=w-MVGLozs2UdcB z?aG#eZ9_nd);Kq&`E_hvr_I+Vw&E|j;p*tmVa=5^DZpaR?G7K&<;}Ppv(QjTuv6Aj zkh~`6CfAQ+VY}`sOOvUX12FG1_iLF(&89}w8^C`m>&n6R-X|T9tJbcocb^a#3|@2k`tzNT<%{|L;y+s;b|L?Zn}GaZ zxQS{o|C=-hBBFlBz8Ig#ks612+ZRR#EW22u-*vqY|HX${P25b6}{DG!DG3%aav*b zGp35UHus~hbxFv5pwRfHR31eF4_~rng~)I;h;g(AD}tlNW?T9UPP825>gme}HivN` zeaFAEN69`)nsX*7WdsITFPEVH7HiwMMotnGozsduX$~kiN@5b0lP&>tlA^%hKoV{R zK;?1hF;|w5!+aU3^&a;PdY`-Jqi)^j&qVfFq4V0;TBt5h-U9Po2C9^REOK?lW>XZx zsR0&wue=~>`nJr2MD&eI*(bhrTl46_4^n2(0>BRvq}$w`WL{f^ymkj@cq`ix_HT9~ z1|j{jww=I&Hx=Ujz^t?3QVqthG8jV{fB#DQOQJqVl<{AHjNZ?T6yv$H;~-O*8yAt$ z2PfL$!Ax)CG9=H~wP}?53cIhsC(M^etU*DKng>nyz7I$^U9V;c>|c|Kd6T8xjUZ|p z0^PM6XtuU5p~YvAE%-{YmP3j5fOD-}H?Nw#J(o$%Hj%mT_X$JgslW2Q;I$Mj*kMC6 zk?(@U5z`Zw|8DB(X%^IT`A$a%biU9jwYfOkvwEY8r|ik{mYeA;BXXxJ)jS+_)Tw7y zhAilRN)~AJTRxq7XNqT#U0?b&+yT;fM)}n{2`hg2*V}F!XG-6EGCC~6d(r}b9!sZM zXLP|iQ10aREuP)=d8?eW4q#h;@;=3 z;7v9Kmc#QWvHFuu{_a*sSx_H8PR<+K&BgqhuvfLqPB~uwq2&Ww476$y`Ir44CCdi{ zHe)vrzeXb*Qm=Qul$~03P&xVo}|F`xKfgV#)b5zL6P*gBjt|gYP4%wM`py?hyA+`4>!|m3qpI?lO!9s~N>cDG7QJk9ooUzVI3$ zUp@}hg#-z3j#cXQx9mK7y;`xNu=a#5Q`UsxyE^9-)c4Qvun5!6;x3}KP>MiS<*y>) zaRbfcuMsA*s{2EtX(G}jNBh#&Nh#Sk7dxAJ3@6jN;{L|Se`h!@wlITl;0Q*z>LPlfNTj(TgYbo}Pc55? zp%YRN0@upDEN_7<#oAMiGpm(3&p!0T266_`LZSyMQCGp#GZ^$prRBX3jtk9aLKB-u z<~t5?lQbv}b9#-CzoJ zGaH+5c=RS^5$I`Olno5dj+a)jW5}$zrk?OOwP%SJEkjp4dWmKLP8&VFnbBLM-{z-l zez%vqpz7_A{oN%L&SVa zy*(j^aUK)Z=BasN&|3>9QvZz^K|lWzXHw9 zruHZ9cLK)y&)?>J-jLwIv*lcV#!)$$1WnBkCuGFIg+S?N!pbMYx#j7$oykmxA!$Y0 z=MU7+Ez9X@m?;WaOAFR&8NM5=a?^UZnrU>#^r%%&Kg1xh3drk{xJc=L+F=&N-dsQ~ zv>lO}cvWY)?eVfEZOvH4&}4`i{u1>jYbW2bFG|n~n6E>z=J%|R*^O(YMg@qzx*1h; zIO>)(!Xb)w&pOar);TS9768GG9I!@{qw9k1`)8Zl_2X{VS2=M&9HzX|lOsKydyw7J(8+4uBl$!rf;iyH?&I6Zc>Z`t+? zOl##Z*ETsS*E>;ROjWg=oQ{&e3bj~K84muPqW)S6m~q?}PeW%ea3wZnw3{kZ)nN^}I;NyOd%&FAX2D z_(?3!%aN*5umTn2RBBwfx2~-_5O^AXp|-`teNB&JWFpDwFvsGkP49}__&!1irBBU^ zqeE&(#I#(_Pt}}?2$Pc@%noBiRg|9McXi_aJQ!Ym!E0{K{&F|uueN=-Ap@1!SCWMH>zLNWo%lwEJo*JuN zG0n5P8&88|zSB)HYdF5M%cK-|Lb@k(MA7C0@QNnvBcWh^SXh)+WrF;uA{^j4{;;uC zBK%#wd>yIi!g<1m>*S%-#zED%o*HHF581MJ=?pTlyG&E9>{q^A$=PT>-wD$sYN|cs zvlncJ11D~_$n)=>-qNAnasuW_#~CDXM0b%Q5MH|oB${+i zyenhD7lW_A`KOpTeb|p*5{dR&5(FB?Ratx%r6*mnFYeQlRJTjw?1!YeY>cj43b=fh zuQ`xKY>Cci(p$tM!9dY^5)_2c!bFpg)b}isogMCjl#Th7n2@#mQ!HXU8^C4RN1JR% z0${%7Nzm2!-*$?g{IAddm1LP{F#it&OCtRaNSwfl@VVkW-d!lBBMrC3*%(zIvG_pu zd#A5YNpt+Rinv>ftjhMPLRH0pOc4WPw)tb#B)ZPQ5^xJj&Nv z4>wTnIBM_ESH_l+5iBSjYB}gyd^aGqh%D;qM&sAIi?!@q+IG?}vOI7rxH{x7HpNLS z?|1NehKA5NsO3*pS95O8U}ceRXLN#8a-%Qg&0Lxll+j6}~xMmg^J}-T}iK^97g3_nRryNV(1KivZHS1XMM#oge$CIAqv_I%WQ?MJ1 zjf3UXll&i&uuACin?=cVLa&`FCF7wAUg4v-1$$}wvY3b^Ab;FWYUiBm;pF@_#+3ev zlxAX^+Dmb|LeR&|b-eoXE#X|ox984V{h#f0?k4*HA8SFqTS=V2?7wn25 zxQ;mgQ+8prx9BkVJWkZ z(H>R{nvHmoZ&enQ7rHkG?E+R}6_)xr6X86X^>GvOeU?PfJa&2}|LdtOlA~MJXI zHg(6b@7lv9EjN(2%_I#qCZ#7;4k0&>zrY3QAtgW#9?E3Eiuc#f=y)Joq&qaVr>x-y$z{CIKsfx=Ix@(4{2yvcgiw7=f?KX|;sjOw^Wpl#q?(MUz3Z7{~Oo zq>OR2?C~T~KDHx79DaUHIShr*eSAu- zPrz*P_7<~7dmz}5h}+F=Gp4+{Ul}F_LvGx0ilpV3#vA%5mxGFR%i7N{NSh&^USZ*J3FCxVY?TveZC>t*)g4 z?8dDStz~z$t#4x>6;@=^8S~RX`ClL!%?g|nZqMgX!<)wuorH!ZGg60vVVxJ33s#R0|&h^%5jS(C%R+fF0AQmtzA3Rv` zI&HXQ4t5?Y3oG@V#x;y>j+7${Suy>+wGzfDHhOc;PQL0_YdCLzxso;S!?=j8IciY$ z55P*I$6~+Bg^CKI(UF0cp zjWylMeIN*CVSn2#@g`IL<$9TO^Jgv|yYGxlFy@}u8NA1H2BKe%rNPEBi8PQ=;|B5w zSV+;LP}7mrg1q17?}?+?f%7pbLMM!~icddEZQ{;W!}-X<0UyL%+bz_JJ@sV5P6DRo z^P!lXI7Qlp(wVr`P2Dh>d><_KodMR@_sv*y9S(j9 z8e{?&XvV>|_wqgRsyp zXwIkT!qh{7CCl9J@`G8ExL0CU=NG{cL(7+M7*@!3DY`g7&MRiC&Tb^dl27Jg+UN7c zsaeI}=Vpk}l-qzC^kZU*dMd5DR;Isy0UGcG`FlC*x5i(o!r1K@{YCtWOL8c6%nD!+ zFJGARJ&4e7*ed%*Fc^vU-b^~S5NiIp>Q;JDc(yn2d@C^Zw!R+*kD0y_HML!HD7`V$ zlEp_;PWuodqV&n1ws63}@N+$KX0#adTpguLwd<)T27FO3kJCi{&fvQ84}(B*O@^FF z4y{MP{X;a`iIyDg!3{|Zg(l-L5=}#5=*!dZo5#IgZ*qH!sJO;|oShY_7Ue%?~|i!yX`Eb;QI(&>4sz(u}aZhgZsO&c<900OcPZ2c;vuE zl`^tlpVT4mPd1m@vn{a5QuW_{^jYOrNCh%gl2zr)LZJ0i_%#qfzoV#L2i#AmqNUca znD4~y!y8%Ml^Cs>JNNE6oL~nX0}r}SBux63go`oBoK+yc`BXryK1imNcc-R7jPfid z>37J*T#f9Ccp{(F#_d+qZq*C7(i&7I_JS=qPMjqKW4VqeBqV@ha`jGP#Nv}0K(x=6 zixr&clyCx}KT;_pT>Db&W{Qa(hmP=VQ_wl80cSs6`nrJp(C;OHqil;>vciIkZuwFd znDeLgmzfG!rTs~{7T-|I!dTUH5w9eue@5&TXxv(ge zP-k4#lO*CeW5#RG-P-t&lBsBaeGXM#puQUfV1lW7_v!(d)u)Ee#;-NgKe&jQwZWq` zMmM%{(*ixhthCZGMl%P$DB&p@XZAA^Bu-Nk(*h)0XcqNe?|r(k>3V&Z3R^9?dj;<5 zGA<8RMUx#6n;EARsk#U8pRDgF6?3Ubd-V?w7Tv#X`9`TX%G{8~N}M-zr>2{_na&>z zyubu&_Tp#d{J>jA{^dg|g5S@JiZ+a1 zvFkyzj$`G$;h5%EoV{Z_#&z&@7rwUk-I{kuC4YBb4L`O!4Xf<&E&Ob-kemV9ckHbh z=<08j_CE}6nq$YgLoU-M_bO(}JiRO&=HSL(x3MM}1>+XhzRtfc?@!pxSN3lhh(;4x z4`QhqPdfZ6mkdeJlSCgX{;h+>baj+g30Lm-*ClN0t>+^7x}84w6?2@zF+sh<0pa() zGZDq{bi)!b-qWYKW#ZM^go@i^#@_UAe*>~~-7`qrEI#yb(#|R5(h6ZMF|Na|iVg+x z-urx2nhESpn73}sls>n+8rZ^o@oJX>a#gF#E*@}RR+d{jsEsUyICW4%!GJrn?^J=# z$cxXhWf8Zy<|~Zu=(S#o7oJbB3T}m5FJmFevJ6xxT-Xinl=bvkLPR*cFI?E1%3$fc zO}G)55)$e^HqzGK;g4$<7x5jO(SJZ&W`0M7^}EPY1^Wu-hYBTCY?ts?%+u(Zj*fGL z*G{G%HVq=1MYBy;dGOvgM|l{38x>Ua@{OrF%n@tP73znt`=SGSzi!8Akwu*{7=K|frk|DbqVN$mXT;8l0FaQRl0 zHpS#AxECwT_n?K4D-*wGiTAc;vS34!qGhdxhXHQtmJBDJ#4~Wp3ntfqO1@XhqOV?N za~5ptvChM`!7XgwZ%S)~rTAC^QSaOM@q^>BVwI!ZY-j&9cvD>>)%_j?T?fjQiu#QB z>3rp_>B=PMebI!Lv{kk1%kk+t+(wNjg~0J1V$idwtF55aBL1t$z%4-K_YONjM(!>y zbhy-*gZ?^q&pABOt`21cJ|cNhd{i`sG-5PkJ+ZB)Tm9G0HbjPk9rCehZsRFuJEKRr zq4-@Hfj`Vkj&_ClUouO3|H+bb);Z~mM^l)cniCA9(@jLV^o{-UDyDkA;@za4+jy6k z73PPxFYU~ZiALC`V18jf}fq!bPpb@I#YB1+# z=5J^BMnVXSS|5(Gv4XR{#Mf;a66YtCn*6=&IZ#9X0^tSjI{|i~A0?G1yrqHaIn-?a z?}Co!3d9MsNB$La-ZfZOT?3aN&ubIk-SK{1xkyE{x$H02?U2XUkK%#cW!y=+=oh-? z3hv4A`Oa2q=ys($e+{gvfJA0`9iM5={on>$x$Kk?+lsJa#<*oIIvC{#s8aHlP4J%$ z6i|xTJUsUN*R|#xScl_Z6=+kwiT!HYyQ~EnyX03dZ&bBHv1HJ$~bw?o1rSLeb+4ew^(ICDWgE3l-3^2~;On3IeH-jiUq!$IG9sZw-Y7>u!>V1l&du`FAzd;FO z_h_aYFN##Cs(97Jy!@XNbjFp(+hvpcqOdsodaE-l*~AlpEO*3)yEulOO=*}OlqC?d zjF=nhT?EZx-S<4l^$e^0UgX~*sxO)aw_)NZ+-`pz-Mx%gVCaft!voEko@OSjChT&P zpwS9SgMsVPzl~NcSuIB;2Z%=Z`Qd)lOubzukby4-8J{@( zF{qz!scxxmj{Qyk3n4E4ZziifXK*Ia*>x8!3c7@pCfzHN7{9%PDps`}pR?VaAABW? zP-=m6SgWF|smmNKFK^)San}jsI#exMwf*kp?~SmA%yboSQt*WJQ4&I z;OM2F(LLoa^oI<-ylurL7V%GZ@Gc)g@gle+O-{arxyOqSYODDD+KaWka#1}U=q;xk zxXp^X@sb$uRQ&%M;MTFU!rAMuND}N>;zPlv%S>xK^xr$Va9-N(7;KGI{Zsa`)bDuW JEW Date: Tue, 15 Nov 2022 00:10:58 +0530 Subject: [PATCH 069/103] upgrade to 8.1 as vis failing --- .../data_stream/result/sample_event.json | 33 +- packages/osquery/docs/README.md | 33 +- ...-69f5ae20-eb02-11e7-8f04-51231daa5b05.json | 816 +++++++++--------- ...-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json | 510 +++++------ packages/osquery/manifest.yml | 3 +- 5 files changed, 703 insertions(+), 692 deletions(-) diff --git a/packages/osquery/data_stream/result/sample_event.json b/packages/osquery/data_stream/result/sample_event.json index 17537b08178..a698f04bc47 100644 --- a/packages/osquery/data_stream/result/sample_event.json +++ b/packages/osquery/data_stream/result/sample_event.json @@ -1,11 +1,12 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "agent": { - "ephemeral_id": "b33539a4-b177-41fd-9c97-5664d8bd5120", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "a893e713-eedc-4ae1-8951-0a0ca7f783de", + "hostname": "docker-fleet-agent", + "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "7.17.0" }, "data_stream": { "dataset": "osquery.result", @@ -16,39 +17,39 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", "snapshot": false, - "version": "8.0.0-beta1" + "version": "7.17.0" }, "event": { "action": "added", "agent_id_status": "verified", - "created": "2022-01-02T05:31:42.889Z", + "created": "2022-11-14T15:11:13.595Z", "dataset": "osquery.result", - "ingested": "2022-01-02T05:31:43Z", + "ingested": "2022-11-14T15:11:17Z", "kind": "event", "type": "info" }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "ubuntu-xenial", "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "ip": [ - "172.18.0.5" + "192.168.128.7" ], "mac": [ - "02:42:ac:12:00:05" + "02:42:c0:a8:80:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-43-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/osquery/docs/README.md b/packages/osquery/docs/README.md index da4ba9f9583..1d63fb34aaa 100644 --- a/packages/osquery/docs/README.md +++ b/packages/osquery/docs/README.md @@ -26,11 +26,12 @@ An example event for `result` looks as following: { "@timestamp": "2018-01-08T14:51:55.000Z", "agent": { - "ephemeral_id": "b33539a4-b177-41fd-9c97-5664d8bd5120", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "a893e713-eedc-4ae1-8951-0a0ca7f783de", + "hostname": "docker-fleet-agent", + "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "7.17.0" }, "data_stream": { "dataset": "osquery.result", @@ -41,39 +42,39 @@ An example event for `result` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", "snapshot": false, - "version": "8.0.0-beta1" + "version": "7.17.0" }, "event": { "action": "added", "agent_id_status": "verified", - "created": "2022-01-02T05:31:42.889Z", + "created": "2022-11-14T15:11:13.595Z", "dataset": "osquery.result", - "ingested": "2022-01-02T05:31:43Z", + "ingested": "2022-11-14T15:11:17Z", "kind": "event", "type": "info" }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "ubuntu-xenial", "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "ip": [ - "172.18.0.5" + "192.168.128.7" ], "mac": [ - "02:42:ac:12:00:05" + "02:42:c0:a8:80:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-43-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json index 32d6c2b96af..3b0d9806e33 100644 --- a/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json +++ b/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json @@ -1,433 +1,437 @@ { - "id": "osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T21:53:46.434Z", - "version": "WzYzMSwxXQ==", - "attributes": { - "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:osquery.result" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "1", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.11.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Mounts by type [Logs Osquery]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "osquery.result.columns.path", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "osquery.result.columns.type", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { + "id": "osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T16:57:04.133Z", + "version": "WzU3OSwxXQ==", + "attributes": { + "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], + "highlightAll": true, "query": { - "language": "kuery", - "query": "" - } - } + "language": "kuery", + "query": "data_stream.dataset:osquery.result" + }, + "version": true } - } }, - "gridData": { - "h": 15, - "i": "2", - "w": 28, - "x": 20, - "y": 0 + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "2", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "3", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.11.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "OS versions [Logs Osquery]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "osquery.result.host_identifier" - }, - "schema": "metric", - "type": "cardinality" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "4", - "params": { - "field": "osquery.result.columns.platform_like", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 16, + "i": "1", + "w": 24, + "x": 24, + "y": 15 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "osquery.result.columns.name", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "osquery.result.columns.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 11, - "i": "4", - "w": 11, - "x": 0, - "y": 4 - }, - "panelIndex": "4", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.11.0-SNAPSHOT" }, - "legendOpen": false - }, - "savedVis": { - "title": "Number of Kernel integrations [Logs Osquery]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "2", + "w": 28, + "x": 20, + "y": 0 + }, + "panelIndex": "2", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Mounts by type [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.path", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" } - } }, - "params": { - "addLegend": true, - "addTooltip": true, - "gauge": { - "alignment": "horizontal", - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "extendRange": true, - "gaugeColorMode": "Labels", - "gaugeStyle": "Full", - "gaugeType": "Arc", - "invertColors": false, - "labels": { - "color": "black", - "show": true + { + "embeddableConfig": { + "enhancements": {} }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": true + "gridData": { + "h": 16, + "i": "3", + "w": 24, + "x": 0, + "y": 15 }, - "style": { - "bgColor": false, - "bgFill": "#eee", - "bgMask": false, - "bgWidth": 0.9, - "fontSize": 60, - "labelColor": true, - "mask": false, - "maskBars": 50, - "subText": "", - "width": 0.9 - }, - "type": "meter" - }, - "isDisplayWarning": false, - "type": "gauge" + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.11.0-SNAPSHOT" }, - "type": "gauge", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Live Kernel integrations", - "field": "osquery.result.columns.name" - }, - "schema": "metric", - "type": "cardinality" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "4", + "w": 11, + "x": 0, + "y": 4 + }, + "panelIndex": "4", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "OS versions [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "osquery.result.host_identifier" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "osquery.result.columns.platform_like", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "5", + "w": 9, + "x": 11, + "y": 4 + }, + "panelIndex": "5", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "osquery.result.columns.status", - "negate": false, - "params": { - "query": "Live", - "type": "phrase" - }, - "type": "phrase", - "value": "Live" + "savedVis": { + "title": "Number of Kernel integrations [Logs Osquery]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "gauge": { + "alignment": "horizontal", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": true + }, + "style": { + "bgColor": false, + "bgFill": "#eee", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 + }, + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "type": "gauge", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Live Kernel integrations", + "field": "osquery.result.columns.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.columns.status", + "negate": false, + "params": { + "query": "Live", + "type": "phrase" + }, + "type": "phrase", + "value": "Live" + }, + "query": { + "match": { + "osquery.result.columns.status": { + "query": "Live", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } }, - "query": { - "match": { - "osquery.result.columns.status": { - "query": "Live", - "type": "phrase" + "type": "visualization" + } + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "6", + "w": 20, + "x": 0, + "y": 0 + }, + "panelIndex": "6", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + }, + "type": "visualization" } - } } - } + ], + "timeRestore": false, + "title": "[Logs Osquery] Compliance pack", + "version": 1 + }, + "references": [ + { + "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05", + "name": "panel_0", + "type": "search" }, - "gridData": { - "h": 11, - "i": "5", - "w": 9, - "x": 11, - "y": 4 + { + "id": "osquery-3824b080-eb02-11e7-8f04-51231daa5b05", + "name": "panel_2", + "type": "search" }, - "panelIndex": "5", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Navigation [Logs Osquery]", - "description": "", - "uiState": {}, - "params": { - "fontSize": 10, - "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": {} - } - } + { + "type": "search", + "name": "2:search_0", + "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05" }, - "gridData": { - "h": 4, - "i": "6", - "w": 20, - "x": 0, - "y": 0 + { + "type": "search", + "name": "4:search_0", + "id": "osquery-b5d6baa0-eb02-11e7-8f04-51231daa5b05" }, - "panelIndex": "6", - "version": "7.17.0", - "type": "visualization" - } + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "osquery-f59e21e0-eb03-11e7-8f04-51231daa5b05" + } ], - "timeRestore": false, - "title": "[Logs Osquery] Compliance pack", - "version": 1 - }, - "references": [ - { - "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05", - "name": "panel_0", - "type": "search" - }, - { - "id": "osquery-3824b080-eb02-11e7-8f04-51231daa5b05", - "name": "panel_2", - "type": "search" - }, - { - "type": "search", - "name": "2:search_0", - "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05" - }, - { - "type": "search", - "name": "4:search_0", - "id": "osquery-b5d6baa0-eb02-11e7-8f04-51231daa5b05" - }, - { - "type": "index-pattern", - "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "5:search_0", - "id": "osquery-f59e21e0-eb03-11e7-8f04-51231daa5b05" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json index cfc058cfc33..d74a812e641 100644 --- a/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json +++ b/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json @@ -1,271 +1,275 @@ { - "id": "osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T21:53:46.434Z", - "version": "WzYzMiwxXQ==", - "attributes": { - "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:osquery.result" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Info OSSEC rootkit [Logs Osquery]", - "description": "", - "uiState": {}, - "params": { - "fontSize": 12, - "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 4, - "i": "1", - "w": 10, - "x": 19, - "y": 0 - }, - "panelIndex": "1", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Number of rootkits found [Logs Osquery]", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Rootkits", - "field": "osquery.result.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { + "id": "osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T16:57:04.133Z", + "version": "WzU4MCwxXQ==", + "attributes": { + "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], + "highlightAll": true, "query": { - "language": "kuery", - "query": "" - } - } + "language": "kuery", + "query": "data_stream.dataset:osquery.result" + }, + "version": true } - } }, - "gridData": { - "h": 5, - "i": "2", - "w": 6, - "x": 37, - "y": 0 + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "2", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Number of hosts infected [Logs Osquery]", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true + "panelsJSON": [ + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "1", + "w": 10, + "x": 19, + "y": 0 }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" + "panelIndex": "1", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Info OSSEC rootkit [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} + } + }, + "type": "visualization" + } + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "2", + "w": 6, + "x": 37, + "y": 0 }, - "useRanges": false - }, - "type": "metric" + "panelIndex": "2", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Number of rootkits found [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Rootkits", + "field": "osquery.result.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Hosts", - "field": "agent.name" - }, - "schema": "metric", - "type": "cardinality" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "3", + "w": 6, + "x": 31, + "y": 0 + }, + "panelIndex": "3", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Number of hosts infected [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "agent.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "4", + "w": 19, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} + } + }, + "type": "visualization" } - } - } - } - }, - "gridData": { - "h": 5, - "i": "3", - "w": 6, - "x": 31, - "y": 0 - }, - "panelIndex": "3", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Navigation [Logs Osquery]", - "description": "", - "uiState": {}, - "params": { - "fontSize": 10, - "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": {} + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 20, + "i": "5", + "w": 43, + "x": 0, + "y": 5 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.11.0-SNAPSHOT" } - } - }, - "gridData": { - "h": 4, - "i": "4", - "w": 19, - "x": 0, - "y": 0 - }, - "panelIndex": "4", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + ], + "timeRestore": false, + "title": "[Logs Osquery] OSSEC rootkit pack", + "version": 1 + }, + "references": [ + { + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", + "name": "panel_4", + "type": "search" }, - "gridData": { - "h": 20, - "i": "5", - "w": 43, - "x": 0, - "y": 5 + { + "type": "search", + "name": "2:search_0", + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.11.0-SNAPSHOT" - } + { + "type": "search", + "name": "3:search_0", + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" + } ], - "timeRestore": false, - "title": "[Logs Osquery] OSSEC rootkit pack", - "version": 1 - }, - "references": [ - { - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "panel_4", - "type": "search" - }, - { - "type": "search", - "name": "2:search_0", - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "3:search_0", - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index bb03ed5291d..f78b8359b63 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -15,7 +15,8 @@ categories: - security - os_system conditions: - kibana.version: ^7.17.0 || ^8.0.0 + # kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-osquery-compatibility.png title: kibana osquery compatibility From 106eda600de986110db60ae2b3bc66bafa63a74b Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 15 Nov 2022 00:47:39 +0530 Subject: [PATCH 070/103] upgrade okta to minimum 8.1.0 --- .../okta/data_stream/system/sample_event.json | 16 +- packages/okta/docs/README.md | 16 +- ...-749203a0-67b1-11ea-a76f-bf44814e437d.json | 923 +++++++++--------- packages/okta/manifest.yml | 2 +- 4 files changed, 481 insertions(+), 476 deletions(-) diff --git a/packages/okta/data_stream/system/sample_event.json b/packages/okta/data_stream/system/sample_event.json index 32189360c38..d3a3a0dc534 100644 --- a/packages/okta/data_stream/system/sample_event.json +++ b/packages/okta/data_stream/system/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2020-02-14T20:18:57.718Z", "agent": { - "ephemeral_id": "3347d5a2-0d81-41c5-8cbf-a69aebcdb56a", - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", + "ephemeral_id": "77828d7c-b45f-46a7-ae95-601b4c1bb310", + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.2.1" + "version": "8.1.0" }, "client": { "geo": { @@ -32,9 +32,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", - "snapshot": true, - "version": "8.2.1" + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", + "snapshot": false, + "version": "8.1.0" }, "event": { "action": "user.session.start", @@ -43,10 +43,10 @@ "authentication", "session" ], - "created": "2022-05-18T08:57:39.484Z", + "created": "2022-11-14T19:14:59.223Z", "dataset": "okta.system", "id": "3aeede38-4f67-11ea-abd3-1f5d113f2546", - "ingested": "2022-05-18T08:57:40Z", + "ingested": "2022-11-14T19:15:00Z", "kind": "event", "original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "outcome": "success", diff --git a/packages/okta/docs/README.md b/packages/okta/docs/README.md index 31ab567ef75..01d1739a89b 100644 --- a/packages/okta/docs/README.md +++ b/packages/okta/docs/README.md @@ -14,11 +14,11 @@ An example event for `system` looks as following: { "@timestamp": "2020-02-14T20:18:57.718Z", "agent": { - "ephemeral_id": "3347d5a2-0d81-41c5-8cbf-a69aebcdb56a", - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", + "ephemeral_id": "77828d7c-b45f-46a7-ae95-601b4c1bb310", + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.2.1" + "version": "8.1.0" }, "client": { "geo": { @@ -45,9 +45,9 @@ An example event for `system` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", - "snapshot": true, - "version": "8.2.1" + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", + "snapshot": false, + "version": "8.1.0" }, "event": { "action": "user.session.start", @@ -56,10 +56,10 @@ An example event for `system` looks as following: "authentication", "session" ], - "created": "2022-05-18T08:57:39.484Z", + "created": "2022-11-14T19:14:59.223Z", "dataset": "okta.system", "id": "3aeede38-4f67-11ea-abd3-1f5d113f2546", - "ingested": "2022-05-18T08:57:40Z", + "ingested": "2022-11-14T19:15:00Z", "kind": "event", "original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "outcome": "success", diff --git a/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json index 90320894781..d9f27196be6 100644 --- a/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json +++ b/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json @@ -1,482 +1,487 @@ { - "id": "okta-749203a0-67b1-11ea-a76f-bf44814e437d", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T21:35:59.512Z", - "version": "WzYzMiwxXQ==", - "attributes": { - "description": "Logs Okta integration Kibana dashboard", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "7.14.0", - "type": "map", - "gridData": { - "h": 22, - "i": "8013824b-5a66-494c-acc5-3df8b7678879", - "w": 48, - "x": 0, - "y": 0 + "id": "okta-749203a0-67b1-11ea-a76f-bf44814e437d", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T19:11:12.643Z", + "version": "WzU3MCwxXQ==", + "attributes": { + "description": "Logs Okta integration Kibana dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "panelIndex": "8013824b-5a66-494c-acc5-3df8b7678879", - "embeddableConfig": { - "hiddenLayers": [], - "isLayerTOCOpen": false, - "mapCenter": { - "lat": 26.54701, - "lon": -44.69098, - "zoom": 2.75 - }, - "openTOCDetails": [], - "enhancements": {}, - "attributes": { - "title": "Geolocation [Logs Okta]", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"center\":{\"lat\":26.54701,\"lon\":-44.69098},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"okta.system\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"okta.system\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"zoom\":2.75,\"settings\":{\"autoFitToDataBounds\":false}}", - "layerListJSON": "[{\"alpha\":1,\"id\":\"6908e81b-1695-4445-aee4-8bc8c9f65600\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"dc52e707-92d7-4de7-becf-a3a8bfaa2c2d\",\"label\":\"Okta \",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"okta.system\\\" \"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":false,\"geoField\":\"client.geo.location\",\"id\":\"4b8bd321-4b90-4d97-83e0-2b12bf091f66\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" - } - } - }, - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 11, - "i": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", - "w": 10, - "x": 0, - "y": 22 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Event Outcome [Logs Okta]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 22, + "i": "8013824b-5a66-494c-acc5-3df8b7678879", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" + "panelIndex": "8013824b-5a66-494c-acc5-3df8b7678879", + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 26.54701, + "lon": -44.69098, + "zoom": 2.75 }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" + "openTOCDetails": [], + "enhancements": {}, + "attributes": { + "title": "Geolocation [Logs Okta]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":26.54701,\"lon\":-44.69098},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"okta.system\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"okta.system\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"zoom\":2.75,\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"6908e81b-1695-4445-aee4-8bc8c9f65600\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"dc52e707-92d7-4de7-becf-a3a8bfaa2c2d\",\"label\":\"Okta \",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"okta.system\\\" \"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":false,\"geoField\":\"client.geo.location\",\"id\":\"4b8bd321-4b90-4d97-83e0-2b12bf091f66\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" + "type": "map" } - } - } - } - } - }, - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 11, - "i": "195db901-dc2b-4b7d-80c3-742e2712ac2a", - "w": 9, - "x": 10, - "y": 22 - }, - "panelIndex": "195db901-dc2b-4b7d-80c3-742e2712ac2a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Transaction Types [Logs Okta]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", + "w": 10, + "x": 0, + "y": 22 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "okta.transaction.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" + "panelIndex": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Outcome [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" + "type": "visualization" } - } - } - } - } - }, - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 11, - "i": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", - "w": 19, - "x": 29, - "y": 22 - }, - "panelIndex": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Time Series [Logs Okta]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "bar_color_rules": [ - { - "id": "abd68650-67c6-11ea-8c7d-ed286611413e" - } - ], - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"okta.system\"" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false, - "drop_last_bucket": 1 - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - } - }, - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 11, - "i": "a25a43ed-3262-486c-a482-1fac52f26128", - "w": 10, - "x": 19, - "y": 22 - }, - "panelIndex": "a25a43ed-3262-486c-a482-1fac52f26128", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Actor Types [Logs Okta]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "195db901-dc2b-4b7d-80c3-742e2712ac2a", + "w": 9, + "x": 10, + "y": 22 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "okta.actor.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "panelIndex": "195db901-dc2b-4b7d-80c3-742e2712ac2a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Transaction Types [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.transaction.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", + "w": 19, + "x": 29, + "y": 22 + }, + "panelIndex": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Time Series [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "abd68650-67c6-11ea-8c7d-ed286611413e" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "data_stream.dataset : \"okta.system\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" + "type": "visualization" + } + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 11, + "i": "a25a43ed-3262-486c-a482-1fac52f26128", + "w": 10, + "x": 19, + "y": 22 + }, + "panelIndex": "a25a43ed-3262-486c-a482-1fac52f26128", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Actor Types [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.actor.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" + "type": "visualization" } - } + }, + { + "version": "8.0.0-SNAPSHOT", + "type": "search", + "gridData": { + "h": 16, + "i": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "w": 48, + "x": 0, + "y": 33 + }, + "panelIndex": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "embeddableConfig": { + "enhancements": {} + }, + "panelRefName": "panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9" } - } - } - }, - { - "version": "8.0.0-SNAPSHOT", - "type": "search", - "gridData": { - "h": 16, - "i": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", - "w": 48, - "x": 0, - "y": 33 + ], + "timeRestore": false, + "title": "[Logs Okta] Overview", + "version": 1 + }, + "references": [ + { + "name": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9:panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "type": "search", + "id": "okta-21028750-67ca-11ea-a76f-bf44814e437d" + }, + { + "type": "index-pattern", + "name": "8013824b-5a66-494c-acc5-3df8b7678879:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", - "embeddableConfig": { - "enhancements": {} + { + "type": "index-pattern", + "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelRefName": "panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9" - } + { + "type": "index-pattern", + "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Logs Okta] Overview", - "version": 1 - }, - "references": [ - { - "name": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9:panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", - "type": "search", - "id": "okta-21028750-67ca-11ea-a76f-bf44814e437d" - }, - { - "type": "index-pattern", - "name": "8013824b-5a66-494c-acc5-3df8b7678879:layer_1_source_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index ae57749f464..3fa6d9f1458 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: [security] conditions: - kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 icons: - src: /img/okta-logo.svg title: Okta From 97b2e9f32fa5e5d82b4ee5f46fe04c09fe55d168 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 15 Nov 2022 01:05:09 +0530 Subject: [PATCH 071/103] upgrade o365 to 8.1 for failing vis --- .../o365/data_stream/audit/sample_event.json | 12 +- packages/o365/docs/README.md | 12 +- ...-712e2c00-685d-11ea-8d6a-292ef5d68366.json | 1453 +++++++++-------- packages/o365/manifest.yml | 2 +- 4 files changed, 742 insertions(+), 737 deletions(-) diff --git a/packages/o365/data_stream/audit/sample_event.json b/packages/o365/data_stream/audit/sample_event.json index 15d4498a337..c469684f957 100644 --- a/packages/o365/data_stream/audit/sample_event.json +++ b/packages/o365/data_stream/audit/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2020-02-07T16:43:53.000Z", "agent": { - "ephemeral_id": "14ad310a-30bb-45d4-9dd4-20f22267fbd5", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "2bdc8c46-c1e5-40ff-b8a4-249988bae0a1", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "client": { "address": "213.97.47.133", @@ -20,9 +20,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "PageViewed", @@ -33,7 +33,7 @@ "code": "SharePoint", "dataset": "o365.audit", "id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", - "ingested": "2022-01-02T03:51:15Z", + "ingested": "2022-11-14T19:23:46Z", "kind": "event", "original": "{\"ListItemUniqueId\": \"59a8433d-9bb8-cfef-6edc-4c0fc8b86875\", \"ItemType\": \"Page\", \"Workload\": \"OneDrive\", \"OrganizationId\": \"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\", \"UserId\": \"asr@testsiem.onmicrosoft.com\", \"CreationTime\": \"2020-02-07T16:43:53\", \"Site\": \"d5180cfc-3479-44d6-b410-8c985ac894e3\", \"ClientIP\": \"213.97.47.133\", \"WebId\": \"8c5c94bb-8396-470c-87d7-8999f440cd30\", \"UserType\": 0, \"Version\": 1, \"EventSource\": \"SharePoint\", \"UserAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\", \"UserKey\": \"i:0h.f|membership|1003200096971f55@live.com\", \"CustomUniqueId\": true, \"Operation\": \"PageViewed\", \"ObjectId\": \"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx\", \"Id\": \"99d005e6-a4c6-46fd-117c-08d7abeceab5\", \"CorrelationId\": \"622b339f-4000-a000-f25f-92b3478c7a25\", \"RecordType\": 4}", "outcome": "success", diff --git a/packages/o365/docs/README.md b/packages/o365/docs/README.md index 1354e3431d3..47f76203263 100644 --- a/packages/o365/docs/README.md +++ b/packages/o365/docs/README.md @@ -33,11 +33,11 @@ An example event for `audit` looks as following: { "@timestamp": "2020-02-07T16:43:53.000Z", "agent": { - "ephemeral_id": "14ad310a-30bb-45d4-9dd4-20f22267fbd5", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "2bdc8c46-c1e5-40ff-b8a4-249988bae0a1", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "client": { "address": "213.97.47.133", @@ -52,9 +52,9 @@ An example event for `audit` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "PageViewed", @@ -65,7 +65,7 @@ An example event for `audit` looks as following: "code": "SharePoint", "dataset": "o365.audit", "id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", - "ingested": "2022-01-02T03:51:15Z", + "ingested": "2022-11-14T19:23:46Z", "kind": "event", "original": "{\"ListItemUniqueId\": \"59a8433d-9bb8-cfef-6edc-4c0fc8b86875\", \"ItemType\": \"Page\", \"Workload\": \"OneDrive\", \"OrganizationId\": \"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\", \"UserId\": \"asr@testsiem.onmicrosoft.com\", \"CreationTime\": \"2020-02-07T16:43:53\", \"Site\": \"d5180cfc-3479-44d6-b410-8c985ac894e3\", \"ClientIP\": \"213.97.47.133\", \"WebId\": \"8c5c94bb-8396-470c-87d7-8999f440cd30\", \"UserType\": 0, \"Version\": 1, \"EventSource\": \"SharePoint\", \"UserAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\", \"UserKey\": \"i:0h.f|membership|1003200096971f55@live.com\", \"CustomUniqueId\": true, \"Operation\": \"PageViewed\", \"ObjectId\": \"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx\", \"Id\": \"99d005e6-a4c6-46fd-117c-08d7abeceab5\", \"CorrelationId\": \"622b339f-4000-a000-f25f-92b3478c7a25\", \"RecordType\": 4}", "outcome": "success", diff --git a/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json index e0cc5427e25..f08bfe63ab5 100644 --- a/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json +++ b/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json @@ -1,755 +1,760 @@ { - "id": "o365-712e2c00-685d-11ea-8d6a-292ef5d68366", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T21:27:54.577Z", - "version": "WzYzMiwxXQ==", - "attributes": { - "description": "Sample dashboard for Office 365 Management Activity events", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 6, - "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Audit Event Count [Logs o365]", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "dimensions": { - "metrics": [ - { - "accessor": 0, - "format": { - "id": "number", - "params": {} - }, - "type": "vis_dimension" - } - ] - }, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000, - "type": "range" - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "id": "o365-712e2c00-685d-11ea-8d6a-292ef5d68366", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T19:20:20.599Z", + "version": "WzY3MiwxXQ==", + "attributes": { + "description": "Sample dashboard for Office 365 Management Activity events", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" } - ], - "searchSource": {} } - } }, - "title": "Total audit events" - }, - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 14, - "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", - "w": 38, - "x": 10, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events Histogram [Logs o365]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "dimensions": { - "series": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" + "panelsJSON": [ + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 6, + "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Audit Event Count [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": {} } - } }, - "label": "event.code: Descending", - "params": {} - } - ], - "x": { - "accessor": 1, - "aggType": "date_histogram", - "format": { - "id": "date", - "params": { - "pattern": "YYYY-MM-DD HH:mm" - } - }, - "label": "@timestamp per 12 hours", - "params": { - "bounds": { - "max": "2020-02-29T10:59:01.067Z", - "min": "2020-02-05T03:25:59.045Z" - }, - "date": true, - "format": "YYYY-MM-DD HH:mm", - "interval": "PT12H", - "intervalESUnit": "h", - "intervalESValue": 12 - } + "type": "visualization" }, - "y": [ - { - "accessor": 2, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - ] - }, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1", - "circlesRadius": 1 - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "isVislibVis": true, - "detailedTooltip": true + "title": "Total audit events" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "group", - "type": "terms" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "w": 38, + "x": 10, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "2020-02-05T03:25:59.045Z", - "to": "2020-02-29T10:59:01.067Z" + "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events Histogram [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.code: Descending", + "params": {} + } + ], + "x": { + "accessor": 1, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "label": "@timestamp per 12 hours", + "params": { + "bounds": { + "max": "2020-02-29T10:59:01.067Z", + "min": "2020-02-05T03:25:59.045Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H", + "intervalESUnit": "h", + "intervalESValue": 12 + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2020-02-05T03:25:59.045Z", + "to": "2020-02-29T10:59:01.067Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": {} + } }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": {} - } - } - }, - "title": "Event histogram by service" - }, - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 8, - "i": "70ab7239-c65c-41da-8242-da61750745d7", - "w": 10, - "x": 0, - "y": 6 - }, - "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", - "embeddableConfig": { - "colors": { - "alert": "#EF843C", - "event": "#7EB26D" - }, - "legendOpen": true, - "vis": { - "colors": { - "alert": "#E24D42", - "event": "#7EB26D" - }, - "legendOpen": true - }, - "enhancements": {}, - "savedVis": { - "title": "Audit Event Type [Logs o365]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - }, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "type": "visualization" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.kind", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": {} - } - } - }, - "title": "Events by type" - }, - { - "version": "7.17.0", - "type": "visualization", - "gridData": { - "h": 17, - "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", - "w": 10, - "x": 0, - "y": 14 - }, - "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", - "embeddableConfig": { - "colors": { - "failure": "#E24D42", - "success": "#629E51" - }, - "legendOpen": false, - "vis": { - "colors": { - "failure": "#E24D42", - "success": "#629E51" + "title": "Event histogram by service" }, - "legendOpen": true - }, - "enhancements": {}, - "savedVis": { - "title": "Top Authentication Failures [Logs o365]", - "description": "", - "uiState": { - "vis": { - "colors": { - "failure": "#E24D42", - "success": "#629E51" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 8, + "i": "70ab7239-c65c-41da-8242-da61750745d7", + "w": 10, + "x": 0, + "y": 6 }, - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": false, - "style": {}, - "title": {}, - "type": "category" - } - ], - "dimensions": { - "series": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } + "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", + "embeddableConfig": { + "colors": { + "alert": "#EF843C", + "event": "#7EB26D" }, - "label": "event.outcome: Ascending", - "params": {} - } - ], - "splitRow": [ - { - "accessor": 1, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } + "legendOpen": true, + "vis": { + "colors": { + "alert": "#E24D42", + "event": "#7EB26D" + }, + "legendOpen": true }, - "label": "user.name: Descending", - "params": {} - } - ], - "x": null, - "y": [ - { - "accessor": 2, - "aggType": "count", - "format": { - "id": "number" + "enhancements": {}, + "savedVis": { + "title": "Audit Event Type [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.kind", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": {} + } }, - "label": "Count", - "params": {} - } - ] - }, - "grid": { - "categoryLines": false, - "valueAxis": "" - }, - "labels": { - "show": true - }, - "legendPosition": "bottom", - "orderBucketsBySum": true, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1", - "circlesRadius": 1 - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": false, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": false, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "isVislibVis": true, - "detailedTooltip": true + "type": "visualization" + }, + "title": "Events by type" }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "w": 10, + "x": 0, + "y": 14 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 2 - }, - "schema": "group", - "type": "terms" + "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", + "embeddableConfig": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": false, + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + }, + "enhancements": {}, + "savedVis": { + "title": "Top Authentication Failures [Logs o365]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": false, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.outcome: Ascending", + "params": {} + } + ], + "splitRow": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "user.name: Descending", + "params": {} + } + ], + "x": null, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false, + "valueAxis": "" + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "orderBucketsBySum": true, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": false, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": false, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "split", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "split", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" + "title": "Top users by authentication failures" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 17, + "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "w": 38, + "x": 10, + "y": 14 + }, + "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 42.68781, + "lon": -48.94209, + "zoom": 1.88 }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "authentication" - }, - "type": "phrase" + "openTOCDetails": [], + "enhancements": {}, + "attributes": { + "title": "Client Geo Map [Logs o365 audit]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":30.87292,\"lon\":16.67387},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:\\\"o365.audit\\\" \"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"2020-02-05T03:25:59.045Z\",\"to\":\"2020-02-29T10:59:01.067Z\"},\"zoom\":2.88,\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"0b910b6c-77c8-4223-892a-1ebf69b0ccb4\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"acc53b7b-3411-406b-9371-6fa62b6b9365\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"geoField\":\"source.geo.location\",\"id\":\"3ba31ffc-7051-44bf-96a0-a684020cd2a3\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"requestType\":\"point\",\"resolution\":\"FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"airfield\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"maxSize\":32,\"minSize\":8},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}},\"type\":\"DYNAMIC\"},\"lineColor\":{\"options\":{\"color\":\"#FFF\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":0},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" }, - "query": { - "match_phrase": { - "event.category": "authentication" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + "type": "map" + }, + "title": "Client geolocation map" + }, + { + "version": "7.6.0", + "type": "search", + "gridData": { + "h": 13, + "i": "481f1778-caad-4971-b598-bb61c94bf998", + "w": 48, + "x": 0, + "y": 31 + }, + "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998", + "embeddableConfig": { + "enhancements": {} + }, + "title": "Data Loss Prevention alerts", + "panelRefName": "panel_481f1778-caad-4971-b598-bb61c94bf998" } - } + ], + "timeRestore": false, + "title": "[Logs o365] Audit Dashboard", + "version": 1 + }, + "references": [ + { + "name": "481f1778-caad-4971-b598-bb61c94bf998:panel_481f1778-caad-4971-b598-bb61c94bf998", + "type": "search", + "id": "o365-8b8e5a10-6886-11ea-8d6a-292ef5d68366" }, - "title": "Top users by authentication failures" - }, - { - "version": "7.14.0", - "type": "map", - "gridData": { - "h": 17, - "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", - "w": 38, - "x": 10, - "y": 14 + { + "type": "search", + "name": "b6942e2a-81dc-40e4-a932-8b7a864b28bc:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" }, - "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", - "embeddableConfig": { - "hiddenLayers": [], - "isLayerTOCOpen": false, - "mapCenter": { - "lat": 42.68781, - "lon": -48.94209, - "zoom": 1.88 - }, - "openTOCDetails": [], - "enhancements": {}, - "attributes": { - "title": "Client Geo Map [Logs o365 audit]", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"center\":{\"lat\":30.87292,\"lon\":16.67387},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:\\\"o365.audit\\\" \"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"2020-02-05T03:25:59.045Z\",\"to\":\"2020-02-29T10:59:01.067Z\"},\"zoom\":2.88,\"settings\":{\"autoFitToDataBounds\":false}}", - "layerListJSON": "[{\"alpha\":1,\"id\":\"0b910b6c-77c8-4223-892a-1ebf69b0ccb4\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"acc53b7b-3411-406b-9371-6fa62b6b9365\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"geoField\":\"source.geo.location\",\"id\":\"3ba31ffc-7051-44bf-96a0-a684020cd2a3\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"requestType\":\"point\",\"resolution\":\"FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"airfield\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"maxSize\":32,\"minSize\":8},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}},\"type\":\"DYNAMIC\"},\"lineColor\":{\"options\":{\"color\":\"#FFF\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":0},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" - } + { + "type": "search", + "name": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" }, - "title": "Client geolocation map" - }, - { - "version": "7.6.0", - "type": "search", - "gridData": { - "h": 13, - "i": "481f1778-caad-4971-b598-bb61c94bf998", - "w": 48, - "x": 0, - "y": 31 + { + "type": "search", + "name": "70ab7239-c65c-41da-8242-da61750745d7:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" }, - "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998", - "embeddableConfig": { - "enhancements": {} + { + "type": "index-pattern", + "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "title": "Data Loss Prevention alerts", - "panelRefName": "panel_481f1778-caad-4971-b598-bb61c94bf998" - } + { + "type": "search", + "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" + }, + { + "type": "index-pattern", + "name": "15fe975b-6b8b-4445-872d-e06c041e2c31:layer_1_source_index_pattern", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Logs o365] Audit Dashboard", - "version": 1 - }, - "references": [ - { - "name": "481f1778-caad-4971-b598-bb61c94bf998:panel_481f1778-caad-4971-b598-bb61c94bf998", - "type": "search", - "id": "o365-8b8e5a10-6886-11ea-8d6a-292ef5d68366" - }, - { - "type": "search", - "name": "b6942e2a-81dc-40e4-a932-8b7a864b28bc:search_0", - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" - }, - { - "type": "search", - "name": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272:search_0", - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" - }, - { - "type": "search", - "name": "70ab7239-c65c-41da-8242-da61750745d7:search_0", - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" - }, - { - "type": "index-pattern", - "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:search_0", - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "15fe975b-6b8b-4445-872d-e06c041e2c31:layer_1_source_index_pattern", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index 4038fa708bb..b66be9b07fc 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: [security] conditions: - kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 icons: - src: /img/logo-integrations-microsoft-365.svg title: Microsoft Office 365 From 72ea215a0f65d53482fbcbd90358a55f8a1643e5 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 15 Nov 2022 01:22:35 +0530 Subject: [PATCH 072/103] upgrade microsoft_defender_endpoint to 8.1.0 --- .../data_stream/log/sample_event.json | 14 +- .../docs/README.md | 14 +- ...-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json | 2226 +++++++++-------- 3 files changed, 1128 insertions(+), 1126 deletions(-) diff --git a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json index 7286c5cdc9f..291068c5404 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-02T01:30:05.670Z", + "@timestamp": "2022-11-14T19:50:59.768Z", "agent": { - "ephemeral_id": "9cc31363-7ffb-4763-9bec-cef372647d15", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "93e5742b-8836-464d-a718-bd7fdb13c1e1", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "cloud": { "account": { @@ -25,9 +25,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "Execution", @@ -40,7 +40,7 @@ "duration": 101466100, "end": "2021-01-26T20:31:33.0577322Z", "id": "da637472900382838869_1364969609", - "ingested": "2022-01-02T01:30:06Z", + "ingested": "2022-11-14T19:51:03Z", "kind": "alert", "provider": "defender_endpoint", "severity": 2, diff --git a/packages/microsoft_defender_endpoint/docs/README.md b/packages/microsoft_defender_endpoint/docs/README.md index 02343be890b..868a5f0c067 100644 --- a/packages/microsoft_defender_endpoint/docs/README.md +++ b/packages/microsoft_defender_endpoint/docs/README.md @@ -47,13 +47,13 @@ An example event for `log` looks as following: ```json { - "@timestamp": "2022-01-02T01:30:05.670Z", + "@timestamp": "2022-11-14T19:50:59.768Z", "agent": { - "ephemeral_id": "9cc31363-7ffb-4763-9bec-cef372647d15", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "93e5742b-8836-464d-a718-bd7fdb13c1e1", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "cloud": { "account": { @@ -73,9 +73,9 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "Execution", @@ -88,7 +88,7 @@ An example event for `log` looks as following: "duration": 101466100, "end": "2021-01-26T20:31:33.0577322Z", "id": "da637472900382838869_1364969609", - "ingested": "2022-01-02T01:30:06Z", + "ingested": "2022-11-14T19:51:03Z", "kind": "alert", "provider": "defender_endpoint", "severity": 2, diff --git a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json index 0857817c507..564c12986cd 100644 --- a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json +++ b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json @@ -1,1149 +1,1151 @@ { - "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T20:22:12.627Z", - "version": "WzYzNCwxXQ==", - "attributes": { - "description": "Microsoft Defender for Endpoint Alert Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset:microsoft_defender_endpoint.log" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "New Incidents Counter [Microsoft Defender for Endpoint]", - "description": "Microsoft Defender for Endpoint Counter for new incidents", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 1 - }, - { - "from": 1, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "New Incidents", - "field": "microsoft.defender_endpoint.incidentId" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "attributes": { + "description": "Microsoft Defender for Endpoint Alert Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + "language": "kuery", + "query": "data_stream.dataset:microsoft_defender_endpoint.log" } - } } - } }, - "gridData": { - "h": 6, - "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "w": 4, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { - "columnOrder": [ - "19ade524-0042-4ecd-ac59-9696c8c2e225", - "677e5501-ca31-435c-8eab-38b5297e54c2", - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "columns": { - "19ade524-0042-4ecd-ac59-9696c8c2e225": { - "dataType": "number", - "isBucketed": true, - "label": "Top values of event.severity", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", - "type": "column" - }, - "orderDirection": "desc", - "size": 6 - }, - "scale": "ordinal", - "sourceField": "event.severity" - }, - "27212c7c-83ee-4292-a4c6-396d9b77dce6": { - "dataType": "number", - "isBucketed": false, - "label": "Number of incidents", - "operationType": "unique_count", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "New Incidents", + "field": "microsoft.defender_endpoint.incidentId" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } } - }, - "scale": "ratio", - "sourceField": "microsoft.defender_endpoint.incidentId" }, - "677e5501-ca31-435c-8eab-38b5297e54c2": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "24h" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" + "description": "Microsoft Defender for Endpoint Counter for new incidents", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 1 + }, + { + "from": 1, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "New Incidents Counter [Microsoft Defender for Endpoint]", + "type": "metric", + "uiState": {} }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } + "type": "visualization" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", - "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2", - "layerType": "data" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 6, + "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "w": 4, + "x": 0, + "y": 0 }, - "preferredSeriesType": "line" - } + "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "type": "visualization", + "version": "8.1.0" }, - "title": "New Incidents [Microsoft Defender for Endpoint]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 24, - "i": "74d36139-4d22-44d4-bfc8-020c575febb1", - "w": 25, - "x": 4, - "y": 0 - }, - "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", - "version": "7.16.0", - "type": "lens" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f93e2634-0dd5-4aec-b6de-45284dd39630": { - "columnOrder": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", - "0f67be87-cc6f-48e7-8afd-d9401037d006" - ], - "columns": { - "0f67be87-cc6f-48e7-8afd-d9401037d006": { - "dataType": "number", - "isBucketed": false, - "label": "Number of techniques", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { - "dataType": "string", - "isBucketed": true, - "label": "Related MITRE attach techniques", - "operationType": "terms", - "params": { - "orderBy": { - "type": "alphabetical" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "asc", - "size": 10 - }, - "scale": "ordinal", - "sourceField": "threat.technique.name" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { + "columnOrder": [ + "19ade524-0042-4ecd-ac59-9696c8c2e225", + "677e5501-ca31-435c-8eab-38b5297e54c2", + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "columns": { + "19ade524-0042-4ecd-ac59-9696c8c2e225": { + "dataType": "number", + "isBucketed": true, + "label": "Top values of event.severity", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", + "type": "column" + }, + "orderDirection": "desc", + "size": 6 + }, + "scale": "ordinal", + "sourceField": "event.severity" + }, + "27212c7c-83ee-4292-a4c6-396d9b77dce6": { + "dataType": "number", + "isBucketed": false, + "label": "Number of incidents", + "operationType": "unique_count", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "microsoft.defender_endpoint.incidentId" + }, + "677e5501-ca31-435c-8eab-38b5297e54c2": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "24h" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-0", + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", + "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line" + } + }, + "title": "New Incidents [Microsoft Defender for Endpoint]", + "visualizationType": "lnsXY" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" - ], - "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", - "legendDisplay": "default", - "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", - "nestedLegend": false, - "numberDisplay": "percent", - "layerType": "data" - } - ], - "shape": "treemap" - } - }, - "title": "Techniques [Microsoft Defender for Endpoint]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 24, - "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "w": 19, - "x": 29, - "y": 0 - }, - "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "title": "Techniques [Microsoft Defender for Endpoint]", - "version": "7.16.0", - "type": "lens" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Domains Counter [Microsoft Defender for Endpoint]", - "description": "Microsoft Defender for Endpoint counter for related domains", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true + "enhancements": {}, + "type": "lens" }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" + "gridData": { + "h": 24, + "i": "74d36139-4d22-44d4-bfc8-020c575febb1", + "w": 25, + "x": 4, + "y": 0 }, - "useRanges": false - }, - "type": "metric" + "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", + "type": "lens", + "version": "8.1.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Domains", - "field": "microsoft.defender_endpoint.evidence.domainName" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f93e2634-0dd5-4aec-b6de-45284dd39630": { + "columnOrder": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", + "0f67be87-cc6f-48e7-8afd-d9401037d006" + ], + "columns": { + "0f67be87-cc6f-48e7-8afd-d9401037d006": { + "dataType": "number", + "isBucketed": false, + "label": "Number of techniques", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { + "dataType": "string", + "isBucketed": true, + "label": "Related MITRE attach techniques", + "operationType": "terms", + "params": { + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "asc", + "size": 10 + }, + "scale": "ordinal", + "sourceField": "threat.technique.name" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-0", + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" + ], + "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", + "layerType": "data", + "legendDisplay": "default", + "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "treemap" + } + }, + "title": "Techniques [Microsoft Defender for Endpoint]", + "visualizationType": "lnsPie" }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - } - } - }, - "gridData": { - "h": 6, - "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "w": 4, - "x": 0, - "y": 6 - }, - "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", - "description": "Microsoft Defender for Endpoint counter for related IP Addresses", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true + "enhancements": {}, + "type": "lens" }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" + "gridData": { + "h": 24, + "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "w": 19, + "x": 29, + "y": 0 }, - "useRanges": false - }, - "type": "metric" + "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "title": "Techniques [Microsoft Defender for Endpoint]", + "type": "lens", + "version": "8.1.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Networks", - "field": "microsoft.defender_endpoint.evidence.ipAddress" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Domains", + "field": "microsoft.defender_endpoint.evidence.domainName" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + }, + "description": "Microsoft Defender for Endpoint counter for related domains", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Domains Counter [Microsoft Defender for Endpoint]", + "type": "metric", + "uiState": {} }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - } - } - }, - "gridData": { - "h": 6, - "i": "16e7059b-70a5-4ea4-b622-9015d7430419", - "w": 4, - "x": 0, - "y": 12 - }, - "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Related Users Counter [Microsoft Defender for Endpoint]", - "description": "Microsoft Defender for Endpoint counter for related Users", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true + "type": "visualization" }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" + "gridData": { + "h": 6, + "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "w": 4, + "x": 0, + "y": 6 }, - "useRanges": false - }, - "type": "metric" + "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "type": "visualization", + "version": "8.1.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Users", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Networks", + "field": "microsoft.defender_endpoint.evidence.ipAddress" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + }, + "description": "Microsoft Defender for Endpoint counter for related IP Addresses", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", + "type": "metric", + "uiState": {} }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - } - } - }, - "gridData": { - "h": 6, - "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "w": 4, - "x": 0, - "y": 18 - }, - "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "version": "7.17.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Incident Table [Microsoft Defender for Endpoint]", - "description": "Microsoft Defender for Endpoint Incident Table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum", - "showToolbar": true - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "aggregate": "concat", - "field": "@timestamp", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" + "type": "visualization" }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Incident ID", - "field": "microsoft.defender_endpoint.incidentId", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 6, + "i": "16e7059b-70a5-4ea4-b622-9015d7430419", + "w": 4, + "x": 0, + "y": 12 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Current Status", - "field": "microsoft.defender_endpoint.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Assigned To", - "field": "microsoft.defender_endpoint.assignedTo", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" + "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", + "type": "visualization", + "version": "8.1.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Users", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + }, + "description": "Microsoft Defender for Endpoint counter for related Users", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Related Users Counter [Microsoft Defender for Endpoint]", + "type": "metric", + "uiState": {} + }, + "type": "visualization" }, - { - "enabled": true, - "id": "9", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 6, + "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "w": 4, + "x": 0, + "y": 18 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" + "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "type": "visualization", + "version": "8.1.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "aggregate": "concat", + "field": "@timestamp", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Incident ID", + "field": "microsoft.defender_endpoint.incidentId", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Current Status", + "field": "microsoft.defender_endpoint.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Assigned To", + "field": "microsoft.defender_endpoint.assignedTo", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Severity", + "field": "event.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Hostname", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "10", + "params": { + "customLabel": "Category", + "field": "threat.technique.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Description", + "field": "rule.description", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "Microsoft Defender for Endpoint Incident Table", + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Incident Table [Microsoft Defender for Endpoint]", + "type": "table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "type": "visualization" }, - { - "enabled": true, - "id": "10", - "params": { - "customLabel": "Category", - "field": "threat.technique.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 16, + "i": "cb8de6bb-1096-427d-834e-210963aad3e5", + "w": 48, + "x": 0, + "y": 24 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Description", - "field": "rule.description", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", + "type": "visualization", + "version": "8.1.0" } - } + ], + "timeRestore": false, + "title": "[Microsoft Defender for Endpoint] Overview", + "version": 1 + }, + "coreMigrationVersion": "8.1.0", + "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", + "migrationVersion": { + "dashboard": "8.1.0" + }, + "references": [ + { + "id": "logs-*", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-1", + "type": "index-pattern" }, - "gridData": { - "h": 16, - "i": "cb8de6bb-1096-427d-834e-210963aad3e5", - "w": 48, - "x": 0, - "y": 24 + { + "id": "logs-*", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", - "version": "7.17.0", - "type": "visualization" - } + { + "id": "logs-*", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Microsoft Defender for Endpoint] Overview", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-0", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-1", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-0", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-1", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file From 1598ded172f1d5a0e91fe88575540e6d99861d45 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Sat, 19 Nov 2022 01:30:05 +0530 Subject: [PATCH 073/103] auditd upgraded to 8.1.0 as agg failed --- .../auditd/data_stream/log/sample_event.json | 17 +- packages/auditd/docs/README.md | 17 +- ...-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json | 681 +++++++++--------- packages/auditd/manifest.yml | 2 +- 4 files changed, 358 insertions(+), 359 deletions(-) diff --git a/packages/auditd/data_stream/log/sample_event.json b/packages/auditd/data_stream/log/sample_event.json index f902582b263..d642a6e9620 100644 --- a/packages/auditd/data_stream/log/sample_event.json +++ b/packages/auditd/data_stream/log/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2016-01-03T00:37:51.394Z", "agent": { - "ephemeral_id": "ef6d17d9-f955-48be-a4c5-6b4ea1fe9772", - "hostname": "docker-fleet-agent", - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "ephemeral_id": "d1c11b5c-1d3d-406c-a19f-372451326efa", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.1.0" }, "auditd": { "log": { @@ -23,15 +22,15 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "snapshot": false, - "version": "7.17.0" + "version": "8.1.0" }, "event": { "action": "proctitle", "agent_id_status": "verified", "dataset": "auditd.log", - "ingested": "2022-04-13T05:23:36Z", + "ingested": "2022-11-18T19:50:55Z", "kind": "event" }, "host": { @@ -39,10 +38,10 @@ "containerized": false, "hostname": "docker-fleet-agent", "ip": [ - "172.19.0.7" + "192.168.16.7" ], "mac": [ - "02:42:ac:13:00:07" + "02:42:c0:a8:10:07" ], "name": "docker-fleet-agent", "os": { diff --git a/packages/auditd/docs/README.md b/packages/auditd/docs/README.md index b87580092de..f56e214053a 100644 --- a/packages/auditd/docs/README.md +++ b/packages/auditd/docs/README.md @@ -16,12 +16,11 @@ An example event for `log` looks as following: { "@timestamp": "2016-01-03T00:37:51.394Z", "agent": { - "ephemeral_id": "ef6d17d9-f955-48be-a4c5-6b4ea1fe9772", - "hostname": "docker-fleet-agent", - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "ephemeral_id": "d1c11b5c-1d3d-406c-a19f-372451326efa", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.1.0" }, "auditd": { "log": { @@ -38,15 +37,15 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "snapshot": false, - "version": "7.17.0" + "version": "8.1.0" }, "event": { "action": "proctitle", "agent_id_status": "verified", "dataset": "auditd.log", - "ingested": "2022-04-13T05:23:36Z", + "ingested": "2022-11-18T19:50:55Z", "kind": "event" }, "host": { @@ -54,10 +53,10 @@ An example event for `log` looks as following: "containerized": false, "hostname": "docker-fleet-agent", "ip": [ - "172.19.0.7" + "192.168.16.7" ], "mac": [ - "02:42:ac:13:00:07" + "02:42:c0:a8:10:07" ], "name": "docker-fleet-agent", "os": { diff --git a/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json b/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json index 4a746834a7c..954f6e65b68 100644 --- a/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json +++ b/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json @@ -1,361 +1,362 @@ { - "id": "auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:01:54.874Z", - "version": "WzYzMSwxXQ==", - "attributes": { - "description": "Dashboard for the Auditd Logs integration", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:auditd.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Event types breakdown [Logs Auditd]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { + "id": "auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T19:35:54.269Z", + "version": "WzU4MSwxXQ==", + "attributes": { + "description": "Dashboard for the Auditd Logs integration", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "highlightAll": true, "query": { - "language": "kuery", - "query": "" - } - } + "language": "kuery", + "query": "data_stream.dataset:auditd.log" + }, + "version": true } - } }, - "gridData": { - "h": 16, - "i": "1", - "w": 16, - "x": 0, - "y": 0 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top Exec Commands [Logs Auditd]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event types breakdown [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "1", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Exec Commands [Logs Auditd]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Command (arg 0)", + "field": "auditd.log.a0", + "order": "desc", + "orderBy": "1", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.action:\"EXECVE\" or event.action:\"execve\"" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "2", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Results [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(q=\"data_stream.dataset:auditd.log NOT event.outcome:failure\").label(\"Success\"), .es(q=\"event.outcome:failed\").label(\"Failure\").title(\"Audit Event Results\")", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Command (arg 0)", - "field": "auditd.log.a0", - "order": "desc", - "orderBy": "1", - "size": 30 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.action:\"EXECVE\" or event.action:\"execve\"" - } - } - } - } - }, - "gridData": { - "h": 16, - "i": "2", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Event Results [Logs Auditd]", - "description": "", - "uiState": {}, - "params": { - "expression": ".es(q=\"data_stream.dataset:auditd.log NOT event.outcome:failure\").label(\"Success\"), .es(q=\"event.outcome:failed\").label(\"Failure\").title(\"Audit Event Results\")", - "interval": "auto" + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" }, - "type": "timelion", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 16 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Event Account Tag Cloud [Logs Auditd]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 42, - "minFontSize": 15, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Account Tag Cloud [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 42, + "minFontSize": 15, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "6", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "columns": [ + "event.action", + "auditd.log.sequence", + "user.name" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" + "gridData": { + "h": 12, + "i": "7", + "w": 48, + "x": 0, + "y": 28 + }, + "panelIndex": "7", + "panelRefName": "panel_7", + "type": "search", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "09f4ba02-a62c-410f-8d43-31e9e5278826", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "09f4ba02-a62c-410f-8d43-31e9e5278826", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"623a62b9-8745-4fec-8738-bbe6fb8c16aa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"efef3e71-f9ce-4a8e-8c27-68ad0d047d9b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Event Address Geo Location [Logs Auditd]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"8155deb8-6760-42ad-b14a-dd20958bcb52\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Event Address Geo Location [Logs Auditd]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - } } - } - }, - "gridData": { - "h": 16, - "i": "6", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "columns": [ - "event.action", - "auditd.log.sequence", - "user.name" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] + ], + "timeRestore": false, + "title": "[Logs Auditd] Audit Events", + "version": 1 + }, + "references": [ + { + "id": "auditd-4ac0a370-0a11-11e7-8b04-eb22a5669f27", + "name": "7:panel_7", + "type": "search" }, - "gridData": { - "h": 12, - "i": "7", - "w": 48, - "x": 0, - "y": 28 + { + "id": "logs-*", + "name": "09f4ba02-a62c-410f-8d43-31e9e5278826:layer_1_source_index_pattern", + "type": "index-pattern" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "search", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"623a62b9-8745-4fec-8738-bbe6fb8c16aa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"efef3e71-f9ce-4a8e-8c27-68ad0d047d9b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Event Address Geo Location [Logs Auditd]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"8155deb8-6760-42ad-b14a-dd20958bcb52\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Event Address Geo Location [Logs Auditd]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "gridData": { - "h": 12, - "i": "09f4ba02-a62c-410f-8d43-31e9e5278826", - "w": 24, - "x": 24, - "y": 16 + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "09f4ba02-a62c-410f-8d43-31e9e5278826", - "type": "map", - "version": "8.0.0" - } + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Logs Auditd] Audit Events", - "version": 1 - }, - "references": [ - { - "id": "auditd-4ac0a370-0a11-11e7-8b04-eb22a5669f27", - "name": "7:panel_7", - "type": "search" - }, - { - "id": "logs-*", - "name": "09f4ba02-a62c-410f-8d43-31e9e5278826:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "1:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index 4d7e4ebeeea..4a5ff88c65e 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -14,7 +14,7 @@ license: basic categories: - os_system conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-audit-auditd.png title: Auditd Kibana Dashboard From 976d4502fab182e9cc971dbfe46279cd209bb341 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Sat, 19 Nov 2022 02:43:33 +0530 Subject: [PATCH 074/103] auth0 upgraded to 8.1.0 as agg failed even in 7.17 --- .../auth0/data_stream/logs/sample_event.json | 13 +- packages/auth0/docs/README.md | 13 +- ...-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json | 2128 +++++++++-------- 3 files changed, 1079 insertions(+), 1075 deletions(-) diff --git a/packages/auth0/data_stream/logs/sample_event.json b/packages/auth0/data_stream/logs/sample_event.json index 7e3f82cf69b..e480633d481 100644 --- a/packages/auth0/data_stream/logs/sample_event.json +++ b/packages/auth0/data_stream/logs/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2021-11-03T03:25:28.923Z", "agent": { - "ephemeral_id": "3c2232a0-df0e-48e0-8440-96d5500ce25c", - "hostname": "docker-fleet-agent", - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "ephemeral_id": "d1c0e886-ddc2-44b4-903a-9bf026566c0c", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.2" + "version": "8.1.0" }, "auth0": { "logs": { @@ -87,9 +86,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "snapshot": false, - "version": "7.16.2" + "version": "8.1.0" }, "event": { "action": "successful-login", @@ -100,7 +99,7 @@ ], "dataset": "auth0.logs", "id": "90020211103032530111223343147286033102509916061341581378", - "ingested": "2022-01-20T05:57:05Z", + "ingested": "2022-11-18T20:59:34Z", "kind": "event", "original": "{\"data\":{\"client_id\":\"aI61p8I8aFjmYRliLWgvM9ev97kCCNDB\",\"client_name\":\"Default App\",\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"date\":\"2021-11-03T03:25:28.923Z\",\"details\":{\"completedAt\":1635909928922,\"elapsedTime\":1110091,\"initiatedAt\":1635908818831,\"prompts\":[{\"completedAt\":1635909903693,\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"elapsedTime\":null,\"identity\":\"6182002f34f4dd006b05b5c7\",\"name\":\"prompt-authenticate\",\"stats\":{\"loginsCount\":1},\"strategy\":\"auth0\"},{\"completedAt\":1635909903745,\"elapsedTime\":1084902,\"flow\":\"universal-login\",\"initiatedAt\":1635908818843,\"name\":\"login\",\"timers\":{\"rules\":5},\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},{\"completedAt\":1635909928352,\"elapsedTime\":23378,\"flow\":\"consent\",\"grantInfo\":{\"audience\":\"https://dev-yoj8axza.au.auth0.com/userinfo\",\"expiration\":null,\"id\":\"618201284369c9b4f9cd6d52\",\"scope\":\"openid profile\"},\"initiatedAt\":1635909904974,\"name\":\"consent\"}],\"session_id\":\"1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc\",\"stats\":{\"loginsCount\":1}},\"hostname\":\"dev-yoj8axza.au.auth0.com\",\"ip\":\"81.2.69.143\",\"log_id\":\"90020211103032530111223343147286033102509916061341581378\",\"strategy\":\"auth0\",\"strategy_type\":\"database\",\"type\":\"s\",\"user_agent\":\"Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0\",\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},\"log_id\":\"90020211103032530111223343147286033102509916061341581378\"}", "outcome": "success", diff --git a/packages/auth0/docs/README.md b/packages/auth0/docs/README.md index 98f76ada030..a1926e73a5e 100644 --- a/packages/auth0/docs/README.md +++ b/packages/auth0/docs/README.md @@ -174,12 +174,11 @@ An example event for `logs` looks as following: { "@timestamp": "2021-11-03T03:25:28.923Z", "agent": { - "ephemeral_id": "3c2232a0-df0e-48e0-8440-96d5500ce25c", - "hostname": "docker-fleet-agent", - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "ephemeral_id": "d1c0e886-ddc2-44b4-903a-9bf026566c0c", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.2" + "version": "8.1.0" }, "auth0": { "logs": { @@ -260,9 +259,9 @@ An example event for `logs` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "snapshot": false, - "version": "7.16.2" + "version": "8.1.0" }, "event": { "action": "successful-login", @@ -273,7 +272,7 @@ An example event for `logs` looks as following: ], "dataset": "auth0.logs", "id": "90020211103032530111223343147286033102509916061341581378", - "ingested": "2022-01-20T05:57:05Z", + "ingested": "2022-11-18T20:59:34Z", "kind": "event", "original": "{\"data\":{\"client_id\":\"aI61p8I8aFjmYRliLWgvM9ev97kCCNDB\",\"client_name\":\"Default App\",\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"date\":\"2021-11-03T03:25:28.923Z\",\"details\":{\"completedAt\":1635909928922,\"elapsedTime\":1110091,\"initiatedAt\":1635908818831,\"prompts\":[{\"completedAt\":1635909903693,\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"elapsedTime\":null,\"identity\":\"6182002f34f4dd006b05b5c7\",\"name\":\"prompt-authenticate\",\"stats\":{\"loginsCount\":1},\"strategy\":\"auth0\"},{\"completedAt\":1635909903745,\"elapsedTime\":1084902,\"flow\":\"universal-login\",\"initiatedAt\":1635908818843,\"name\":\"login\",\"timers\":{\"rules\":5},\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},{\"completedAt\":1635909928352,\"elapsedTime\":23378,\"flow\":\"consent\",\"grantInfo\":{\"audience\":\"https://dev-yoj8axza.au.auth0.com/userinfo\",\"expiration\":null,\"id\":\"618201284369c9b4f9cd6d52\",\"scope\":\"openid profile\"},\"initiatedAt\":1635909904974,\"name\":\"consent\"}],\"session_id\":\"1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc\",\"stats\":{\"loginsCount\":1}},\"hostname\":\"dev-yoj8axza.au.auth0.com\",\"ip\":\"81.2.69.143\",\"log_id\":\"90020211103032530111223343147286033102509916061341581378\",\"strategy\":\"auth0\",\"strategy_type\":\"database\",\"type\":\"s\",\"user_agent\":\"Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0\",\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},\"log_id\":\"90020211103032530111223343147286033102509916061341581378\"}", "outcome": "success", diff --git a/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json b/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json index 3af479954cf..24a20bd5d71 100644 --- a/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json +++ b/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json @@ -1,1098 +1,1104 @@ { - "id": "auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:20:35.737Z", - "version": "WzYwOCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "c9215ac0-57f7-4fbb-af81-9f5bb365a238": { - "columnOrder": [ - "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31", - "becf928d-1e95-4cf0-a37f-e4eb735dcc27" - ], - "columns": { - "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.category" - }, - "becf928d-1e95-4cf0-a37f-e4eb735dcc27": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } + "id": "auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T20:58:16.014Z", + "version": "WzU3NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31" - ], - "layerId": "c9215ac0-57f7-4fbb-af81-9f5bb365a238", - "layerType": "data", - "legendDisplay": "default", - "metric": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + } }, - "gridData": { - "h": 10, - "i": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", - "w": 15, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", - "title": "Auth0 Log Stream Event Types", - "type": "lens", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35": { - "columnOrder": [ - "234dec72-0dd2-42cb-b486-059fa3e0a077", - "9fb2da13-fb8b-4041-b60e-0840068dc570" - ], - "columns": { - "234dec72-0dd2-42cb-b486-059fa3e0a077": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c9215ac0-57f7-4fbb-af81-9f5bb365a238": { + "columnOrder": [ + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31", + "becf928d-1e95-4cf0-a37f-e4eb735dcc27" + ], + "columns": { + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.category" + }, + "becf928d-1e95-4cf0-a37f-e4eb735dcc27": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31" + ], + "layerId": "c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "layerType": "data", + "legendDisplay": "default", + "metric": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "9fb2da13-fb8b-4041-b60e-0840068dc570": { - "dataType": "number", - "isBucketed": false, - "label": "Unique count of event.type", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "event.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "9fb2da13-fb8b-4041-b60e-0840068dc570" - ], - "layerId": "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "234dec72-0dd2-42cb-b486-059fa3e0a077" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 10, - "i": "6089a77e-3c96-4414-9932-eda55ced3d07", - "w": 14, - "x": 15, - "y": 0 - }, - "panelIndex": "6089a77e-3c96-4414-9932-eda55ced3d07", - "title": "Rate of events", - "type": "lens", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Failure" - } - } - } - ], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "" - } - } + "title": "Auth0 Log Stream Event Types" }, - "description": "", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "6089a77e-3c96-4414-9932-eda55ced3d07", + "w": 14, + "x": 15, + "y": 0 }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "", - "type": "metric", - "uiState": {} - } - }, - "gridData": { - "h": 10, - "i": "5124c723-8890-477e-aad5-bc4fd529bd46", - "w": 9, - "x": 29, - "y": 0 - }, - "panelIndex": "5124c723-8890-477e-aad5-bc4fd529bd46", - "title": "Number of Failed Logins", - "type": "visualization", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "event.category", - "negate": false, - "params": { - "query": "Signup - Success" - }, - "type": "phrase" + "panelIndex": "6089a77e-3c96-4414-9932-eda55ced3d07", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35": { + "columnOrder": [ + "234dec72-0dd2-42cb-b486-059fa3e0a077", + "9fb2da13-fb8b-4041-b60e-0840068dc570" + ], + "columns": { + "234dec72-0dd2-42cb-b486-059fa3e0a077": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "9fb2da13-fb8b-4041-b60e-0840068dc570": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of event.type", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "event.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "9fb2da13-fb8b-4041-b60e-0840068dc570" + ], + "layerId": "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "234dec72-0dd2-42cb-b486-059fa3e0a077" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "query": { - "match_phrase": { - "event.category": "Signup - Success" - } - } - } - ], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "useRanges": false - }, - "type": "metric" + "title": "Rate of events" }, - "title": "", - "type": "metric", - "uiState": {} - } - }, - "gridData": { - "h": 10, - "i": "cb337534-d263-480b-b6a3-80cc4f14d73b", - "w": 10, - "x": 38, - "y": 0 - }, - "panelIndex": "cb337534-d263-480b-b6a3-80cc4f14d73b", - "title": "Number of Successful Signups", - "type": "visualization", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e7270679-c5d0-496a-9fd2-7409b402bdb0": { - "columnOrder": [ - "60724141-ecf4-4f42-b263-d12cd64fe1a3", - "14ed1312-1743-452e-89e9-52018d6db787" - ], - "columns": { - "14ed1312-1743-452e-89e9-52018d6db787": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 10, + "i": "5124c723-8890-477e-aad5-bc4fd529bd46", + "w": 9, + "x": 29, + "y": 0 + }, + "panelIndex": "5124c723-8890-477e-aad5-bc4fd529bd46", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "" + } + } }, - "60724141-ecf4-4f42-b263-d12cd64fe1a3": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" + "description": "", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "", + "type": "metric", + "uiState": {} }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } + "type": "visualization" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Success" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Success" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Number of Failed Logins" + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 10, + "i": "cb337534-d263-480b-b6a3-80cc4f14d73b", + "w": 10, + "x": 38, + "y": 0 }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "cb337534-d263-480b-b6a3-80cc4f14d73b", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "event.category", + "negate": false, + "params": { + "query": "Signup - Success" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Signup - Success" + } + } + } + ], + "index": "logs-*", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "", + "type": "metric", + "uiState": {} + }, + "type": "visualization" }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "title": "Number of Successful Signups" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 12, + "i": "d00429d4-502f-41d8-8a2b-7300859930ea", + "w": 15, + "x": 0, + "y": 10 }, - "layers": [ - { - "accessors": [ - "14ed1312-1743-452e-89e9-52018d6db787" - ], - "layerId": "e7270679-c5d0-496a-9fd2-7409b402bdb0", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "60724141-ecf4-4f42-b263-d12cd64fe1a3" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "panelIndex": "d00429d4-502f-41d8-8a2b-7300859930ea", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e7270679-c5d0-496a-9fd2-7409b402bdb0": { + "columnOrder": [ + "60724141-ecf4-4f42-b263-d12cd64fe1a3", + "14ed1312-1743-452e-89e9-52018d6db787" + ], + "columns": { + "14ed1312-1743-452e-89e9-52018d6db787": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "60724141-ecf4-4f42-b263-d12cd64fe1a3": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Success" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "event.category": "Login - Success" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "14ed1312-1743-452e-89e9-52018d6db787" + ], + "layerId": "e7270679-c5d0-496a-9fd2-7409b402bdb0", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "60724141-ecf4-4f42-b263-d12cd64fe1a3" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Rate of Successful Logins" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 12, + "i": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", + "w": 14, + "x": 15, + "y": 10 }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "panelIndex": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e": { + "columnOrder": [ + "56478895-2ad9-4541-9b3c-debffe3de81d", + "d8ee79e4-d617-4809-9065-217bcd1f628c" + ], + "columns": { + "56478895-2ad9-4541-9b3c-debffe3de81d": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d8ee79e4-d617-4809-9065-217bcd1f628c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "d8ee79e4-d617-4809-9065-217bcd1f628c" + ], + "layerId": "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "56478895-2ad9-4541-9b3c-debffe3de81d" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Rate of Failed Logins" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "d00429d4-502f-41d8-8a2b-7300859930ea", - "w": 15, - "x": 0, - "y": 10 - }, - "panelIndex": "d00429d4-502f-41d8-8a2b-7300859930ea", - "title": "Rate of Successful Logins", - "type": "lens", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e": { - "columnOrder": [ - "56478895-2ad9-4541-9b3c-debffe3de81d", - "d8ee79e4-d617-4809-9065-217bcd1f628c" - ], - "columns": { - "56478895-2ad9-4541-9b3c-debffe3de81d": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Addresses of failed logins", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "default", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - "d8ee79e4-d617-4809-9065-217bcd1f628c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auth0.logs.data.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Failure" } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "d8ee79e4-d617-4809-9065-217bcd1f628c" - ], - "layerId": "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "56478895-2ad9-4541-9b3c-debffe3de81d" - } - ], - "legend": { - "isVisible": true, - "position": "right" }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 12, + "i": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", + "w": 19, + "x": 29, + "y": 10 }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", - "w": 14, - "x": 15, - "y": 10 - }, - "panelIndex": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", - "title": "Rate of Failed Logins", - "type": "lens", - "version": "7.15.1" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "IP Addresses of failed logins", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "default", - "type": "palette" - }, - "scale": "linear", - "showLabel": true + "panelIndex": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "2", - "params": { - "field": "auth0.logs.data.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Failure" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 11, + "i": "253f1007-1537-4012-a663-48bccf233f4c", + "w": 48, + "x": 0, + "y": 22 + }, + "panelIndex": "253f1007-1537-4012-a663-48bccf233f4c", + "panelRefName": "panel_253f1007-1537-4012-a663-48bccf233f4c", + "type": "search", + "version": "7.15.1" } - } + ], + "timeRestore": false, + "title": "Auth0", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 12, - "i": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "w": 19, - "x": 29, - "y": 10 + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "type": "index-pattern" }, - "panelIndex": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "type": "visualization", - "version": "7.14.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:filter-index-pattern-0", + "type": "index-pattern" }, - "gridData": { - "h": 11, - "i": "253f1007-1537-4012-a663-48bccf233f4c", - "w": 48, - "x": 0, - "y": 22 + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" }, - "panelIndex": "253f1007-1537-4012-a663-48bccf233f4c", - "panelRefName": "panel_253f1007-1537-4012-a663-48bccf233f4c", - "type": "search", - "version": "7.15.1" - } + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf", + "name": "253f1007-1537-4012-a663-48bccf233f4c:panel_253f1007-1537-4012-a663-48bccf233f4c", + "type": "search" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "Auth0", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6089a77e-3c96-4414-9932-eda55ced3d07:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5124c723-8890-477e-aad5-bc4fd529bd46:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf", - "name": "253f1007-1537-4012-a663-48bccf233f4c:panel_253f1007-1537-4012-a663-48bccf233f4c", - "type": "search" - }, - { - "type": "index-pattern", - "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file From bef62f56b355c8631b7970d0fb0855926b2c99ac Mon Sep 17 00:00:00 2001 From: kcreddy Date: Sat, 19 Nov 2022 03:14:20 +0530 Subject: [PATCH 075/103] revert carbon_black_cloud as crest updated it --- packages/carbon_black_cloud/changelog.yml | 6 +- ...-06a8d7f0-3b04-11ed-a8e8-41eb8778c6de.json | 1639 +++++++++ ...-0954fb80-3a5c-11ed-a8e8-41eb8778c6de.json | 3001 +++++++++++++++++ ...-44209d90-3a7b-11ed-a8e8-41eb8778c6de.json | 407 +++ ...-4d08ffd0-3b19-11ed-a8e8-41eb8778c6de.json | 1835 ++++++++++ ...-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json | 2909 ---------------- ...-869252c0-8d71-11ec-ac12-4bc77fa14e95.json | 310 -- ...-a1f898e0-3a72-11ed-a8e8-41eb8778c6de.json | 980 ++++++ ...-a94cd3a0-962a-11ec-864c-3332b2a355f7.json | 1345 -------- ...-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json | 777 ----- ...-e226d530-9554-11ec-96f0-8de26c63c826.json | 1384 -------- ...4ab86f30-3b10-11ed-a8e8-41eb8778c6de.json} | 6 +- ...9a5bb310-3a7c-11ed-a8e8-41eb8778c6de.json} | 6 +- ...b23c6730-3a6e-11ed-a8e8-41eb8778c6de.json} | 8 +- ...d6f70aa0-3b20-11ed-a8e8-41eb8778c6de.json} | 6 +- ...e16671a0-3a77-11ed-a8e8-41eb8778c6de.json} | 8 +- packages/carbon_black_cloud/manifest.yml | 10 +- 17 files changed, 7887 insertions(+), 6750 deletions(-) create mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-06a8d7f0-3b04-11ed-a8e8-41eb8778c6de.json create mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-0954fb80-3a5c-11ed-a8e8-41eb8778c6de.json create mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-44209d90-3a7b-11ed-a8e8-41eb8778c6de.json create mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-4d08ffd0-3b19-11ed-a8e8-41eb8778c6de.json delete mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json delete mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json create mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a1f898e0-3a72-11ed-a8e8-41eb8778c6de.json delete mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json delete mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json delete mode 100644 packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json rename packages/carbon_black_cloud/kibana/search/{carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7.json => carbon_black_cloud-4ab86f30-3b10-11ed-a8e8-41eb8778c6de.json} (82%) rename packages/carbon_black_cloud/kibana/search/{carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf.json => carbon_black_cloud-9a5bb310-3a7c-11ed-a8e8-41eb8778c6de.json} (79%) rename packages/carbon_black_cloud/kibana/search/{carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95.json => carbon_black_cloud-b23c6730-3a6e-11ed-a8e8-41eb8778c6de.json} (80%) rename packages/carbon_black_cloud/kibana/search/{carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826.json => carbon_black_cloud-d6f70aa0-3b20-11ed-a8e8-41eb8778c6de.json} (83%) rename packages/carbon_black_cloud/kibana/search/{carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95.json => carbon_black_cloud-e16671a0-3a77-11ed-a8e8-41eb8778c6de.json} (79%) diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 66becdab0e3..a8a58c9e707 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,9 +1,9 @@ # newer versions go on top -- version: "1.4.1" +- version: "1.5.0" changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + - description: Update Aggregation visualizations to Lens, Add an on_failure processor to the convert and date processors and update the pagination termination condition. type: enhancement - link: https://github.com/elastic/integrations/pull/4516 + link: https://github.com/elastic/integrations/pull/4635 - version: "1.4.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-06a8d7f0-3b04-11ed-a8e8-41eb8778c6de.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-06a8d7f0-3b04-11ed-a8e8-41eb8778c6de.json new file mode 100644 index 00000000000..72b4d4ad363 --- /dev/null +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-06a8d7f0-3b04-11ed-a8e8-41eb8778c6de.json @@ -0,0 +1,1639 @@ +{ + "attributes": { + "description": "This dashboard shows endpoint event logs collected by the Carbon Black Cloud integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "carbon_black_cloud.endpoint_event" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "carbon_black_cloud.endpoint_event" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-131af0e0-e836-4934-ba2e-d987f4bf5d53", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "131af0e0-e836-4934-ba2e-d987f4bf5d53": { + "columnOrder": [ + "f55c0d31-d3b9-4059-b2e1-123fe68473a9", + "4f65c910-6417-44a5-a0ff-abae317a8c1c" + ], + "columns": { + "4f65c910-6417-44a5-a0ff-abae317a8c1c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "f55c0d31-d3b9-4059-b2e1-123fe68473a9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4f65c910-6417-44a5-a0ff-abae317a8c1c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f55c0d31-d3b9-4059-b2e1-123fe68473a9" + ], + "layerId": "131af0e0-e836-4934-ba2e-d987f4bf5d53", + "layerType": "data", + "legendDisplay": "default", + "metric": "4f65c910-6417-44a5-a0ff-abae317a8c1c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "7fdf17ff-0e81-44e3-9f32-da167cc57223", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "7fdf17ff-0e81-44e3-9f32-da167cc57223", + "title": "Top 10 Event Types [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fdf14012-4ef7-41cb-9da2-b8c86270aa66", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fdf14012-4ef7-41cb-9da2-b8c86270aa66": { + "columnOrder": [ + "93438b11-384f-4bdc-bdc2-c1e39d22b447", + "aeb984aa-be91-41cb-b53f-16761e27c632" + ], + "columns": { + "93438b11-384f-4bdc-bdc2-c1e39d22b447": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Device OS", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "aeb984aa-be91-41cb-b53f-16761e27c632", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.device.os" + }, + "aeb984aa-be91-41cb-b53f-16761e27c632": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "93438b11-384f-4bdc-bdc2-c1e39d22b447" + ], + "layerId": "fdf14012-4ef7-41cb-9da2-b8c86270aa66", + "layerType": "data", + "legendDisplay": "default", + "metric": "aeb984aa-be91-41cb-b53f-16761e27c632", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d076b6e4-32e7-444c-a1f1-99723393be3e", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "d076b6e4-32e7-444c-a1f1-99723393be3e", + "title": "Distribution of Endpoint Events by OS [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-29cab3f8-baa2-414a-8987-7ce353a7e375", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "29cab3f8-baa2-414a-8987-7ce353a7e375": { + "columnOrder": [ + "8c30c44c-0cae-45cc-80b6-58249618a206", + "9e097a22-9a02-4aa6-8304-57653cf3e9a9" + ], + "columns": { + "8c30c44c-0cae-45cc-80b6-58249618a206": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Actions", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9e097a22-9a02-4aa6-8304-57653cf3e9a9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.action" + }, + "9e097a22-9a02-4aa6-8304-57653cf3e9a9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "9e097a22-9a02-4aa6-8304-57653cf3e9a9" + ], + "layerId": "29cab3f8-baa2-414a-8987-7ce353a7e375", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "8c30c44c-0cae-45cc-80b6-58249618a206" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2e4615f2-7535-465f-9e15-45b93f1ca02a", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "2e4615f2-7535-465f-9e15-45b93f1ca02a", + "title": "Top 10 Actions [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ea7b26ab-b3c7-494a-9823-e75bc5048835", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ea7b26ab-b3c7-494a-9823-e75bc5048835": { + "columnOrder": [ + "031c6a20-e430-4ec8-9792-a8dbb593931a", + "1e998bec-2022-4196-add8-4ad290bcc188" + ], + "columns": { + "031c6a20-e430-4ec8-9792-a8dbb593931a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sensor Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1e998bec-2022-4196-add8-4ad290bcc188", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.sensor_action" + }, + "1e998bec-2022-4196-add8-4ad290bcc188": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "1e998bec-2022-4196-add8-4ad290bcc188" + ], + "layerId": "ea7b26ab-b3c7-494a-9823-e75bc5048835", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "031c6a20-e430-4ec8-9792-a8dbb593931a" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "9e903638-5647-44df-8746-8610cb03f93b", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "9e903638-5647-44df-8746-8610cb03f93b", + "title": "Distribution of Endpoint Events by Sensor Actions [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6d51c1ba-026a-4f57-bf8a-216bf775ef29", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6d51c1ba-026a-4f57-bf8a-216bf775ef29": { + "columnOrder": [ + "1fdf85b2-d5e2-4704-88af-b26535f42f4e", + "b55177da-0fbe-4a80-b9f3-b2cbc7315f57" + ], + "columns": { + "1fdf85b2-d5e2-4704-88af-b26535f42f4e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Origin", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b55177da-0fbe-4a80-b9f3-b2cbc7315f57", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.event_origin" + }, + "b55177da-0fbe-4a80-b9f3-b2cbc7315f57": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "b55177da-0fbe-4a80-b9f3-b2cbc7315f57" + ], + "layerId": "6d51c1ba-026a-4f57-bf8a-216bf775ef29", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "1fdf85b2-d5e2-4704-88af-b26535f42f4e" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "58ed6b85-4008-497e-8b00-4a57a2c36426", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "58ed6b85-4008-497e-8b00-4a57a2c36426", + "title": "Distribution of Endpoint Events by Event Origin [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ea0edcdf-9dd1-4a75-83e5-2b42a400a109", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ea0edcdf-9dd1-4a75-83e5-2b42a400a109": { + "columnOrder": [ + "3bbd2635-9668-4143-bcc1-7c8f176c35e9", + "2e19c3ca-5e46-461c-9b83-79b4ddd36e2a" + ], + "columns": { + "2e19c3ca-5e46-461c-9b83-79b4ddd36e2a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "3bbd2635-9668-4143-bcc1-7c8f176c35e9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Device Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2e19c3ca-5e46-461c-9b83-79b4ddd36e2a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.hostname" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "3bbd2635-9668-4143-bcc1-7c8f176c35e9", + "isTransposed": false + }, + { + "columnId": "2e19c3ca-5e46-461c-9b83-79b4ddd36e2a", + "isTransposed": false + } + ], + "layerId": "ea0edcdf-9dd1-4a75-83e5-2b42a400a109", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "39d387e0-fd8b-44a5-8ed7-cec9b93c7af1", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "39d387e0-fd8b-44a5-8ed7-cec9b93c7af1", + "title": "Top 10 Devices [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e48c1e01-a2c8-4be9-9d6b-510cf94c7cc9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e48c1e01-a2c8-4be9-9d6b-510cf94c7cc9": { + "columnOrder": [ + "c72ea363-099d-4e21-baef-c01cd328368b", + "f17e55ae-249f-4923-966e-943a750a4e25" + ], + "columns": { + "c72ea363-099d-4e21-baef-c01cd328368b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Device External IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f17e55ae-249f-4923-966e-943a750a4e25", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.device.external_ip" + }, + "f17e55ae-249f-4923-966e-943a750a4e25": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "c72ea363-099d-4e21-baef-c01cd328368b" + }, + { + "columnId": "f17e55ae-249f-4923-966e-943a750a4e25" + } + ], + "layerId": "e48c1e01-a2c8-4be9-9d6b-510cf94c7cc9", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a125e42e-70ef-4ce7-a14c-8a1c04e3356a", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "a125e42e-70ef-4ce7-a14c-8a1c04e3356a", + "title": "Top 10 Device External IP [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ed49d960-27d9-4019-af08-f7fc2439f7ef", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ed49d960-27d9-4019-af08-f7fc2439f7ef": { + "columnOrder": [ + "02347744-64cb-4489-ad4a-3313d3fb55ed", + "d6471650-42db-4bbe-9916-b93e39694b68" + ], + "columns": { + "02347744-64cb-4489-ad4a-3313d3fb55ed": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Process Publisher Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d6471650-42db-4bbe-9916-b93e39694b68", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.process.publisher.name" + }, + "d6471650-42db-4bbe-9916-b93e39694b68": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "02347744-64cb-4489-ad4a-3313d3fb55ed", + "isTransposed": false + }, + { + "columnId": "d6471650-42db-4bbe-9916-b93e39694b68", + "isTransposed": false + } + ], + "layerId": "ed49d960-27d9-4019-af08-f7fc2439f7ef", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "07c613bc-549f-49ef-a118-b208956c2941", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "07c613bc-549f-49ef-a118-b208956c2941", + "title": "Top 10 Process Publisher Name [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0ed965d2-025c-4df9-a396-77e60557da92", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0ed965d2-025c-4df9-a396-77e60557da92": { + "columnOrder": [ + "69768a31-e5db-4550-a55f-c6d5288e8e49", + "b58f9e4c-be2f-496e-b7a5-3bc9d980de28" + ], + "columns": { + "69768a31-e5db-4550-a55f-c6d5288e8e49": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Child Process Publisher Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b58f9e4c-be2f-496e-b7a5-3bc9d980de28", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.childproc.publisher.name" + }, + "b58f9e4c-be2f-496e-b7a5-3bc9d980de28": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "69768a31-e5db-4550-a55f-c6d5288e8e49", + "isTransposed": false + }, + { + "columnId": "b58f9e4c-be2f-496e-b7a5-3bc9d980de28", + "isTransposed": false + } + ], + "layerId": "0ed965d2-025c-4df9-a396-77e60557da92", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "dd74b369-4003-426a-8ac4-a21b554f72a7", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "dd74b369-4003-426a-8ac4-a21b554f72a7", + "title": "Top 10 Child Process Publisher Name [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2ac0f01d-7ae5-4a35-949f-df59d2ddaefc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2ac0f01d-7ae5-4a35-949f-df59d2ddaefc": { + "columnOrder": [ + "736aaa5e-8064-49b4-944e-fe6d327fa098", + "a5979d1b-495d-4f80-bcfe-1410c4410f37" + ], + "columns": { + "736aaa5e-8064-49b4-944e-fe6d327fa098": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Process Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5979d1b-495d-4f80-bcfe-1410c4410f37", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.process.username" + }, + "a5979d1b-495d-4f80-bcfe-1410c4410f37": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "736aaa5e-8064-49b4-944e-fe6d327fa098", + "isTransposed": false + }, + { + "columnId": "a5979d1b-495d-4f80-bcfe-1410c4410f37", + "isTransposed": false + } + ], + "layerId": "2ac0f01d-7ae5-4a35-949f-df59d2ddaefc", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "4b188f98-268e-485d-8fb4-673d2f9885d9", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "4b188f98-268e-485d-8fb4-673d2f9885d9", + "title": "Top 10 Process Username [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f454daba-b1d5-4919-be64-84da2fef572d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f454daba-b1d5-4919-be64-84da2fef572d": { + "columnOrder": [ + "535e7a79-31ef-4415-8065-7d2ad52debb4", + "cbd131cc-0a57-4b55-8260-710fb691279e" + ], + "columns": { + "535e7a79-31ef-4415-8065-7d2ad52debb4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Child Process Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "cbd131cc-0a57-4b55-8260-710fb691279e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.childproc.username" + }, + "cbd131cc-0a57-4b55-8260-710fb691279e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "535e7a79-31ef-4415-8065-7d2ad52debb4", + "isTransposed": false + }, + { + "columnId": "cbd131cc-0a57-4b55-8260-710fb691279e", + "isTransposed": false + } + ], + "layerId": "f454daba-b1d5-4919-be64-84da2fef572d", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "709eaefe-2eb1-43fb-a4f7-d9a55e7ea7b5", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "709eaefe-2eb1-43fb-a4f7-d9a55e7ea7b5", + "title": "Top 10 Child Process Username [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-971116a5-80be-4ac6-ab5d-9353bfbe62c0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "971116a5-80be-4ac6-ab5d-9353bfbe62c0": { + "columnOrder": [ + "27f2cc18-f2cd-4a22-a62f-dfa9e63e4733", + "f4e57897-0b9a-472b-a66b-58e094828e7c" + ], + "columns": { + "27f2cc18-f2cd-4a22-a62f-dfa9e63e4733": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Process Publisher State", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f4e57897-0b9a-472b-a66b-58e094828e7c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.process.publisher.state" + }, + "f4e57897-0b9a-472b-a66b-58e094828e7c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "27f2cc18-f2cd-4a22-a62f-dfa9e63e4733", + "isTransposed": false + }, + { + "columnId": "f4e57897-0b9a-472b-a66b-58e094828e7c", + "isTransposed": false + } + ], + "layerId": "971116a5-80be-4ac6-ab5d-9353bfbe62c0", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "218d1fe9-673b-4369-a3d2-968a20984665", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "218d1fe9-673b-4369-a3d2-968a20984665", + "title": "Top 10 Process Publisher State [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-75e34cb8-bb9c-4da5-92dd-0ca8d276ccee", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "75e34cb8-bb9c-4da5-92dd-0ca8d276ccee": { + "columnOrder": [ + "a2dba247-a26c-47b8-9357-4a354b51e84f", + "198a9398-ffbe-4368-bd55-e5d4f33f6da4" + ], + "columns": { + "198a9398-ffbe-4368-bd55-e5d4f33f6da4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "a2dba247-a26c-47b8-9357-4a354b51e84f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Child Process Publisher State", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "198a9398-ffbe-4368-bd55-e5d4f33f6da4", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.childproc.publisher.state" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "a2dba247-a26c-47b8-9357-4a354b51e84f", + "isTransposed": false + }, + { + "columnId": "198a9398-ffbe-4368-bd55-e5d4f33f6da4", + "isTransposed": false + } + ], + "layerId": "75e34cb8-bb9c-4da5-92dd-0ca8d276ccee", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "cbeb7e49-5d44-4ed6-b808-abf57fa5895a", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "cbeb7e49-5d44-4ed6-b808-abf57fa5895a", + "title": "Top 10 Child Process Publisher State [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cb291365-79bc-435b-9e5c-f33e047612fd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cb291365-79bc-435b-9e5c-f33e047612fd": { + "columnOrder": [ + "fd524319-b937-4a95-8182-9748c3c3d192", + "810f20df-3784-4b79-9452-7121c36487ac" + ], + "columns": { + "810f20df-3784-4b79-9452-7121c36487ac": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fd524319-b937-4a95-8182-9748c3c3d192": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Effective Reputation of Loaded Module", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "810f20df-3784-4b79-9452-7121c36487ac", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.endpoint_event.modload.effective_reputation" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "fd524319-b937-4a95-8182-9748c3c3d192", + "isTransposed": false + }, + { + "columnId": "810f20df-3784-4b79-9452-7121c36487ac", + "isTransposed": false + } + ], + "layerId": "cb291365-79bc-435b-9e5c-f33e047612fd", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "4ca25b12-b071-4433-95e3-2f823dcf1dea", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "4ca25b12-b071-4433-95e3-2f823dcf1dea", + "title": "Top 10 Effective Reputation of Loaded Modules [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "334db67e-d8a5-48ce-9bc7-9a7abf735819", + "w": 48, + "x": 0, + "y": 105 + }, + "panelIndex": "334db67e-d8a5-48ce-9bc7-9a7abf735819", + "panelRefName": "panel_334db67e-d8a5-48ce-9bc7-9a7abf735819", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Carbon Black Cloud] Endpoint Event", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "carbon_black_cloud-06a8d7f0-3b04-11ed-a8e8-41eb8778c6de", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7fdf17ff-0e81-44e3-9f32-da167cc57223:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7fdf17ff-0e81-44e3-9f32-da167cc57223:indexpattern-datasource-layer-131af0e0-e836-4934-ba2e-d987f4bf5d53", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d076b6e4-32e7-444c-a1f1-99723393be3e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d076b6e4-32e7-444c-a1f1-99723393be3e:indexpattern-datasource-layer-fdf14012-4ef7-41cb-9da2-b8c86270aa66", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2e4615f2-7535-465f-9e15-45b93f1ca02a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2e4615f2-7535-465f-9e15-45b93f1ca02a:indexpattern-datasource-layer-29cab3f8-baa2-414a-8987-7ce353a7e375", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9e903638-5647-44df-8746-8610cb03f93b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9e903638-5647-44df-8746-8610cb03f93b:indexpattern-datasource-layer-ea7b26ab-b3c7-494a-9823-e75bc5048835", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58ed6b85-4008-497e-8b00-4a57a2c36426:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58ed6b85-4008-497e-8b00-4a57a2c36426:indexpattern-datasource-layer-6d51c1ba-026a-4f57-bf8a-216bf775ef29", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "39d387e0-fd8b-44a5-8ed7-cec9b93c7af1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "39d387e0-fd8b-44a5-8ed7-cec9b93c7af1:indexpattern-datasource-layer-ea0edcdf-9dd1-4a75-83e5-2b42a400a109", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a125e42e-70ef-4ce7-a14c-8a1c04e3356a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a125e42e-70ef-4ce7-a14c-8a1c04e3356a:indexpattern-datasource-layer-e48c1e01-a2c8-4be9-9d6b-510cf94c7cc9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07c613bc-549f-49ef-a118-b208956c2941:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07c613bc-549f-49ef-a118-b208956c2941:indexpattern-datasource-layer-ed49d960-27d9-4019-af08-f7fc2439f7ef", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dd74b369-4003-426a-8ac4-a21b554f72a7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dd74b369-4003-426a-8ac4-a21b554f72a7:indexpattern-datasource-layer-0ed965d2-025c-4df9-a396-77e60557da92", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4b188f98-268e-485d-8fb4-673d2f9885d9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4b188f98-268e-485d-8fb4-673d2f9885d9:indexpattern-datasource-layer-2ac0f01d-7ae5-4a35-949f-df59d2ddaefc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "709eaefe-2eb1-43fb-a4f7-d9a55e7ea7b5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "709eaefe-2eb1-43fb-a4f7-d9a55e7ea7b5:indexpattern-datasource-layer-f454daba-b1d5-4919-be64-84da2fef572d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "218d1fe9-673b-4369-a3d2-968a20984665:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "218d1fe9-673b-4369-a3d2-968a20984665:indexpattern-datasource-layer-971116a5-80be-4ac6-ab5d-9353bfbe62c0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cbeb7e49-5d44-4ed6-b808-abf57fa5895a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cbeb7e49-5d44-4ed6-b808-abf57fa5895a:indexpattern-datasource-layer-75e34cb8-bb9c-4da5-92dd-0ca8d276ccee", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4ca25b12-b071-4433-95e3-2f823dcf1dea:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4ca25b12-b071-4433-95e3-2f823dcf1dea:indexpattern-datasource-layer-cb291365-79bc-435b-9e5c-f33e047612fd", + "type": "index-pattern" + }, + { + "id": "carbon_black_cloud-4ab86f30-3b10-11ed-a8e8-41eb8778c6de", + "name": "334db67e-d8a5-48ce-9bc7-9a7abf735819:panel_334db67e-d8a5-48ce-9bc7-9a7abf735819", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-0954fb80-3a5c-11ed-a8e8-41eb8778c6de.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-0954fb80-3a5c-11ed-a8e8-41eb8778c6de.json new file mode 100644 index 00000000000..3a117b23b96 --- /dev/null +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-0954fb80-3a5c-11ed-a8e8-41eb8778c6de.json @@ -0,0 +1,3001 @@ +{ + "attributes": { + "description": "This dashboard shows alert logs collected by the Carbon Black Cloud integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "carbon_black_cloud.alert" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "carbon_black_cloud.alert" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3a59266a-6775-483f-99a4-806d42c20187", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3a59266a-6775-483f-99a4-806d42c20187": { + "columnOrder": [ + "79bce1a2-29ed-420e-8688-ed757ffe9cde", + "23c359ea-ee4d-4afe-a765-7c2ee5eafca5" + ], + "columns": { + "23c359ea-ee4d-4afe-a765-7c2ee5eafca5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "79bce1a2-29ed-420e-8688-ed757ffe9cde": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "23c359ea-ee4d-4afe-a765-7c2ee5eafca5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "79bce1a2-29ed-420e-8688-ed757ffe9cde" + ], + "layerId": "3a59266a-6775-483f-99a4-806d42c20187", + "layerType": "data", + "legendDisplay": "default", + "metric": "23c359ea-ee4d-4afe-a765-7c2ee5eafca5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2fdf6d77-fb2b-4d45-9fe0-1b1395b51cad", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "2fdf6d77-fb2b-4d45-9fe0-1b1395b51cad", + "title": "Distribution of Alerts by Category [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5d228926-1588-4273-83fb-e1e030db620d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5d228926-1588-4273-83fb-e1e030db620d": { + "columnOrder": [ + "c9a9a7ec-ae0f-4cc2-88b6-cf78a3b9c6da", + "e485f3cc-7c94-4ef8-9886-fdb85e5655e7" + ], + "columns": { + "c9a9a7ec-ae0f-4cc2-88b6-cf78a3b9c6da": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Alert Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e485f3cc-7c94-4ef8-9886-fdb85e5655e7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.type" + }, + "e485f3cc-7c94-4ef8-9886-fdb85e5655e7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c9a9a7ec-ae0f-4cc2-88b6-cf78a3b9c6da" + ], + "layerId": "5d228926-1588-4273-83fb-e1e030db620d", + "layerType": "data", + "legendDisplay": "default", + "legendPosition": "right", + "metric": "e485f3cc-7c94-4ef8-9886-fdb85e5655e7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "824ac716-7b3f-4aab-80e3-6eb2e2eba0c3", + "w": 16, + "x": 17, + "y": 0 + }, + "panelIndex": "824ac716-7b3f-4aab-80e3-6eb2e2eba0c3", + "title": "Distribution of Alerts by Alert Type [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4860b265-1a18-4665-bfa6-d5b45d2b4698", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4860b265-1a18-4665-bfa6-d5b45d2b4698": { + "columnOrder": [ + "115ca755-f7fb-4f28-8163-e4ae35441458", + "ca0cb05e-bc44-46c4-94bc-70691765a3ea" + ], + "columns": { + "115ca755-f7fb-4f28-8163-e4ae35441458": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Target Value", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ca0cb05e-bc44-46c4-94bc-70691765a3ea", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.target_value" + }, + "ca0cb05e-bc44-46c4-94bc-70691765a3ea": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "115ca755-f7fb-4f28-8163-e4ae35441458" + ], + "layerId": "4860b265-1a18-4665-bfa6-d5b45d2b4698", + "layerType": "data", + "legendDisplay": "default", + "metric": "ca0cb05e-bc44-46c4-94bc-70691765a3ea", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "7428974e-7e40-44ed-ae98-d5f70484cc74", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "7428974e-7e40-44ed-ae98-d5f70484cc74", + "title": "Distribution of Alerts by Target Value [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9df0b783-d395-42ed-91d4-245d42a3ce75", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9df0b783-d395-42ed-91d4-245d42a3ce75": { + "columnOrder": [ + "efded0e8-6180-4e56-96ef-5c1411d227c0", + "2a0913e6-8139-4915-a0b1-c531f4a2d79b" + ], + "columns": { + "2a0913e6-8139-4915-a0b1-c531f4a2d79b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "efded0e8-6180-4e56-96ef-5c1411d227c0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sensor Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2a0913e6-8139-4915-a0b1-c531f4a2d79b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.sensor_action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2a0913e6-8139-4915-a0b1-c531f4a2d79b" + ], + "layerId": "9df0b783-d395-42ed-91d4-245d42a3ce75", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "efded0e8-6180-4e56-96ef-5c1411d227c0" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "68904d73-a00c-4e08-9bfb-521ae79562db", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "68904d73-a00c-4e08-9bfb-521ae79562db", + "title": "Distribution of Alerts by Sensor Action [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dec17f01-e97d-46b5-9a93-68a8160b77fc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dec17f01-e97d-46b5-9a93-68a8160b77fc": { + "columnOrder": [ + "98e5bff9-a563-4a35-8af2-5a8081b85e47", + "c99e3a9a-a964-4239-92bd-ecdae12b4622" + ], + "columns": { + "98e5bff9-a563-4a35-8af2-5a8081b85e47": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Cause Reputation", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c99e3a9a-a964-4239-92bd-ecdae12b4622", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.threat_cause.reputation" + }, + "c99e3a9a-a964-4239-92bd-ecdae12b4622": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "c99e3a9a-a964-4239-92bd-ecdae12b4622" + ], + "layerId": "dec17f01-e97d-46b5-9a93-68a8160b77fc", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "98e5bff9-a563-4a35-8af2-5a8081b85e47" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a8013a95-c2ed-45fa-a431-ab322e09732c", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "a8013a95-c2ed-45fa-a431-ab322e09732c", + "title": "Distribution of Alerts by Threat Cause Reputation [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c0723707-2be7-4bf2-9464-b3224ff13091", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c0723707-2be7-4bf2-9464-b3224ff13091": { + "columnOrder": [ + "c93f85fc-58fe-4998-827c-e8dbb3dc2258", + "16541012-3218-4763-b15e-cb4785ced3aa" + ], + "columns": { + "16541012-3218-4763-b15e-cb4785ced3aa": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c93f85fc-58fe-4998-827c-e8dbb3dc2258": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Severity", + "operationType": "range", + "params": { + "maxBars": "auto", + "ranges": [ + { + "from": 0, + "label": "", + "to": 1000 + } + ], + "type": "histogram" + }, + "scale": "interval", + "sourceField": "event.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c93f85fc-58fe-4998-827c-e8dbb3dc2258" + ], + "layerId": "c0723707-2be7-4bf2-9464-b3224ff13091", + "layerType": "data", + "legendDisplay": "default", + "metric": "16541012-3218-4763-b15e-cb4785ced3aa", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "21f1c122-4d3a-4d58-a2e5-dc2552fe00ae", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "21f1c122-4d3a-4d58-a2e5-dc2552fe00ae", + "title": "Distribution of Alerts by Severity [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-426b4ce4-ce18-408c-a33c-304a2e9cf80b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "426b4ce4-ce18-408c-a33c-304a2e9cf80b": { + "columnOrder": [ + "866522b1-4e0a-4719-b846-b0ebcba978c9", + "5698f6ca-3444-4e78-aedd-29bc8a23c782" + ], + "columns": { + "5698f6ca-3444-4e78-aedd-29bc8a23c782": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "866522b1-4e0a-4719-b846-b0ebcba978c9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Source of the Threat Cause", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5698f6ca-3444-4e78-aedd-29bc8a23c782", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.threat_cause.vector" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "5698f6ca-3444-4e78-aedd-29bc8a23c782" + ], + "layerId": "426b4ce4-ce18-408c-a33c-304a2e9cf80b", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "866522b1-4e0a-4719-b846-b0ebcba978c9" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "c1e08938-2991-41e4-995d-da5f05f118b0", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "c1e08938-2991-41e4-995d-da5f05f118b0", + "title": "Distribution of Alerts by Source of the Threat Cause [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5d41bec8-a673-495e-9c69-de61f95d6e2e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5d41bec8-a673-495e-9c69-de61f95d6e2e": { + "columnOrder": [ + "39ad8495-e3d0-4ada-9fbb-f8d083d3210c", + "c7dd51f0-84bd-47dc-8305-0bfb4cef9710", + "4126abe1-b198-4465-89f8-57922eb6f60e" + ], + "columns": { + "39ad8495-e3d0-4ada-9fbb-f8d083d3210c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4126abe1-b198-4465-89f8-57922eb6f60e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.type" + }, + "4126abe1-b198-4465-89f8-57922eb6f60e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c7dd51f0-84bd-47dc-8305-0bfb4cef9710": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4126abe1-b198-4465-89f8-57922eb6f60e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.version" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "39ad8495-e3d0-4ada-9fbb-f8d083d3210c", + "c7dd51f0-84bd-47dc-8305-0bfb4cef9710" + ], + "layerId": "5d41bec8-a673-495e-9c69-de61f95d6e2e", + "layerType": "data", + "legendDisplay": "default", + "metric": "4126abe1-b198-4465-89f8-57922eb6f60e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "62a0100e-29b4-4859-b753-61348d6f929a", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "62a0100e-29b4-4859-b753-61348d6f929a", + "title": "Distribution of Alerts by OS, OS version [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7e1a90ba-d9e5-4d05-9d1a-b3045457cdde", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7e1a90ba-d9e5-4d05-9d1a-b3045457cdde": { + "columnOrder": [ + "3317b2ef-ab63-474f-863f-340a03a4a12b", + "62f14203-b3e6-4052-a6db-3d6ae5615fff" + ], + "columns": { + "3317b2ef-ab63-474f-863f-340a03a4a12b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Not Blocked Threat Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "62f14203-b3e6-4052-a6db-3d6ae5615fff", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.not_blocked_threat_category" + }, + "62f14203-b3e6-4052-a6db-3d6ae5615fff": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "62f14203-b3e6-4052-a6db-3d6ae5615fff" + ], + "layerId": "7e1a90ba-d9e5-4d05-9d1a-b3045457cdde", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "3317b2ef-ab63-474f-863f-340a03a4a12b" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3cbc86a0-75d0-4ac0-a333-53a5ad59864b", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "3cbc86a0-75d0-4ac0-a333-53a5ad59864b", + "title": "Distribution of Alerts by Not Blocked Threat Category [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c4488e42-0b97-4a33-8c9f-aa9265ac19e6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c4488e42-0b97-4a33-8c9f-aa9265ac19e6": { + "columnOrder": [ + "461d22d4-1252-4ccf-9b0e-6c83ca34075a", + "df4f21de-8b16-4f2c-bb91-6057f2daab26" + ], + "columns": { + "461d22d4-1252-4ccf-9b0e-6c83ca34075a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Category of the Threat Cause", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "df4f21de-8b16-4f2c-bb91-6057f2daab26", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.threat_cause.threat_category" + }, + "df4f21de-8b16-4f2c-bb91-6057f2daab26": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "df4f21de-8b16-4f2c-bb91-6057f2daab26" + ], + "layerId": "c4488e42-0b97-4a33-8c9f-aa9265ac19e6", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "461d22d4-1252-4ccf-9b0e-6c83ca34075a" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a2652673-86ef-402c-aa80-c9ca5e0fe287", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "a2652673-86ef-402c-aa80-c9ca5e0fe287", + "title": "Distribution of Alerts by Category of the Threat Cause [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2e00b48b-7d5b-469f-9613-3503131f7a3f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2e00b48b-7d5b-469f-9613-3503131f7a3f": { + "columnOrder": [ + "4b7a5cce-e4a9-4cac-b81d-a140d25fe60a", + "3ef96a91-1826-43b7-b4a7-47acf52b1cf0" + ], + "columns": { + "3ef96a91-1826-43b7-b4a7-47acf52b1cf0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "4b7a5cce-e4a9-4cac-b81d-a140d25fe60a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Run State", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3ef96a91-1826-43b7-b4a7-47acf52b1cf0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.run_state" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "4b7a5cce-e4a9-4cac-b81d-a140d25fe60a" + ], + "layerId": "2e00b48b-7d5b-469f-9613-3503131f7a3f", + "layerType": "data", + "legendDisplay": "default", + "metric": "3ef96a91-1826-43b7-b4a7-47acf52b1cf0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a9b9f69f-e15c-4ad7-aed4-50baa5bc16fb", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "a9b9f69f-e15c-4ad7-aed4-50baa5bc16fb", + "title": "Distribution of Alerts by Run State [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fd36c613-af8d-4ef9-8744-a6b267e26bc1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fd36c613-af8d-4ef9-8744-a6b267e26bc1": { + "columnOrder": [ + "f85d52dd-6da6-4523-a03e-46f8932eeb44", + "e1679e5e-d758-478e-bf0c-086c9b4888e7" + ], + "columns": { + "e1679e5e-d758-478e-bf0c-086c9b4888e7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "f85d52dd-6da6-4523-a03e-46f8932eeb44": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Blocked Threat Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1679e5e-d758-478e-bf0c-086c9b4888e7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.blocked_threat_category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "e1679e5e-d758-478e-bf0c-086c9b4888e7" + ], + "layerId": "fd36c613-af8d-4ef9-8744-a6b267e26bc1", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "f85d52dd-6da6-4523-a03e-46f8932eeb44" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "26d88e12-2e3a-4760-b63f-1f92528b652a", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "26d88e12-2e3a-4760-b63f-1f92528b652a", + "title": "Distribution of Alerts by Blocked Threat Category [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fc3bcaa9-a33b-44c4-8d08-5643bf9665ae", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fc3bcaa9-a33b-44c4-8d08-5643bf9665ae": { + "columnOrder": [ + "15936f2f-ec61-4701-90cd-8155470c607f", + "d6153110-e0a6-4c04-b50d-c7b37629079a" + ], + "columns": { + "15936f2f-ec61-4701-90cd-8155470c607f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Policy Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d6153110-e0a6-4c04-b50d-c7b37629079a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.policy.name" + }, + "d6153110-e0a6-4c04-b50d-c7b37629079a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "15936f2f-ec61-4701-90cd-8155470c607f", + "isTransposed": false + }, + { + "columnId": "d6153110-e0a6-4c04-b50d-c7b37629079a", + "isTransposed": false + } + ], + "layerId": "fc3bcaa9-a33b-44c4-8d08-5643bf9665ae", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3cbcaaf0-9ba1-4536-8192-28427cdcb8a0", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "3cbcaaf0-9ba1-4536-8192-28427cdcb8a0", + "title": "Top 10 Policy Names [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2d5596cc-8954-4cf3-b056-235b6aa9efa8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2d5596cc-8954-4cf3-b056-235b6aa9efa8": { + "columnOrder": [ + "6d4ed73e-d5ee-46d1-b6c1-27f13184569f", + "e30488e7-8423-4a65-bcb7-dd2f99b7eee4" + ], + "columns": { + "6d4ed73e-d5ee-46d1-b6c1-27f13184569f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Watchlist Hit", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e30488e7-8423-4a65-bcb7-dd2f99b7eee4", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.watchlists.name" + }, + "e30488e7-8423-4a65-bcb7-dd2f99b7eee4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "e30488e7-8423-4a65-bcb7-dd2f99b7eee4" + ], + "layerId": "2d5596cc-8954-4cf3-b056-235b6aa9efa8", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "6d4ed73e-d5ee-46d1-b6c1-27f13184569f" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "68b6d1b6-b955-4b8e-8649-98404fc4e871", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "68b6d1b6-b955-4b8e-8649-98404fc4e871", + "title": "Distribution of Alerts by Watchlist Hit [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-08b18428-bc7f-4e09-8277-56b698796abf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "08b18428-bc7f-4e09-8277-56b698796abf": { + "columnOrder": [ + "1a9eb0d1-f838-4c0d-b8c6-aafeec300d04", + "eaca1473-4252-4094-ac92-d11f9c59feeb" + ], + "columns": { + "1a9eb0d1-f838-4c0d-b8c6-aafeec300d04": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "IOC Field", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "eaca1473-4252-4094-ac92-d11f9c59feeb", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.ioc.field" + }, + "eaca1473-4252-4094-ac92-d11f9c59feeb": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "eaca1473-4252-4094-ac92-d11f9c59feeb" + ], + "layerId": "08b18428-bc7f-4e09-8277-56b698796abf", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "1a9eb0d1-f838-4c0d-b8c6-aafeec300d04" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "4ba78728-d819-4a52-9bfb-d3cdf9a8cdbd", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "4ba78728-d819-4a52-9bfb-d3cdf9a8cdbd", + "title": "Distribution of Alerts by IOC field [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c595f8ee-2027-4013-9e5f-8761f03a0e50", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c595f8ee-2027-4013-9e5f-8761f03a0e50": { + "columnOrder": [ + "5b59064d-7111-4c36-b053-2e01e2edc89e", + "de35e845-0662-4d2f-95e7-c63ac9869d73" + ], + "columns": { + "5b59064d-7111-4c36-b053-2e01e2edc89e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Policy Applied", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "de35e845-0662-4d2f-95e7-c63ac9869d73", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.policy.applied" + }, + "de35e845-0662-4d2f-95e7-c63ac9869d73": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "5b59064d-7111-4c36-b053-2e01e2edc89e" + ], + "layerId": "c595f8ee-2027-4013-9e5f-8761f03a0e50", + "layerType": "data", + "legendDisplay": "default", + "metric": "de35e845-0662-4d2f-95e7-c63ac9869d73", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "9944eade-0fb2-43c6-bb07-7013276204bd", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "9944eade-0fb2-43c6-bb07-7013276204bd", + "title": "Distribution of Alerts by Policy Applied [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f4d3ca9c-1cdc-485c-84c8-dc6576838cf2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f4d3ca9c-1cdc-485c-84c8-dc6576838cf2": { + "columnOrder": [ + "99f69caa-f364-4b62-bdcd-9737f5646dcb", + "c984bc20-53ab-4d99-b212-bfb86427b9bb" + ], + "columns": { + "99f69caa-f364-4b62-bdcd-9737f5646dcb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Workflow State", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c984bc20-53ab-4d99-b212-bfb86427b9bb", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.workflow.state" + }, + "c984bc20-53ab-4d99-b212-bfb86427b9bb": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "99f69caa-f364-4b62-bdcd-9737f5646dcb" + ], + "layerId": "f4d3ca9c-1cdc-485c-84c8-dc6576838cf2", + "layerType": "data", + "legendDisplay": "default", + "metric": "c984bc20-53ab-4d99-b212-bfb86427b9bb", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "441f493c-7ead-42b8-940d-2d1ef599ce56", + "w": 24, + "x": 24, + "y": 120 + }, + "panelIndex": "441f493c-7ead-42b8-940d-2d1ef599ce56", + "title": "Distribution of Alerts by Workflow State [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5b33df3c-e952-4285-af67-3ffb4f50d53f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5b33df3c-e952-4285-af67-3ffb4f50d53f": { + "columnOrder": [ + "13cd1e9f-b2d7-4148-b0aa-248304fdaa39", + "1379a65d-f0af-4020-8f4b-a3064c018d93" + ], + "columns": { + "1379a65d-f0af-4020-8f4b-a3064c018d93": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "13cd1e9f-b2d7-4148-b0aa-248304fdaa39": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Process Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1379a65d-f0af-4020-8f4b-a3064c018d93", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "process.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "1379a65d-f0af-4020-8f4b-a3064c018d93" + ], + "layerId": "5b33df3c-e952-4285-af67-3ffb4f50d53f", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "13cd1e9f-b2d7-4148-b0aa-248304fdaa39" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "4103b75e-506f-48d5-ac42-38c4f2063b16", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "4103b75e-506f-48d5-ac42-38c4f2063b16", + "title": "Distribution of Alerts by Process Name [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-15dfbaf6-974c-4236-bdb5-45f708c73c36", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "15dfbaf6-974c-4236-bdb5-45f708c73c36": { + "columnOrder": [ + "625766df-0169-4855-b2b2-dcdc79745f19", + "2113f826-3766-4711-b24a-6ccf31db4eb5" + ], + "columns": { + "2113f826-3766-4711-b24a-6ccf31db4eb5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "625766df-0169-4855-b2b2-dcdc79745f19": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Indicators TTPS", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2113f826-3766-4711-b24a-6ccf31db4eb5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.threat_indicators.ttps" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "2113f826-3766-4711-b24a-6ccf31db4eb5" + ], + "layerId": "15dfbaf6-974c-4236-bdb5-45f708c73c36", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "625766df-0169-4855-b2b2-dcdc79745f19" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a38f5bf4-59a4-434f-a12b-c6355e71b3e3", + "w": 24, + "x": 24, + "y": 135 + }, + "panelIndex": "a38f5bf4-59a4-434f-a12b-c6355e71b3e3", + "title": "Distribution of Alerts by Threat Indicators TTPS [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e1103238-07bd-44c2-83cd-0b72c2e327b2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e1103238-07bd-44c2-83cd-0b72c2e327b2": { + "columnOrder": [ + "4c3c52e1-4abc-4047-a258-cd82895956f4", + "0f1b1306-d3f4-4558-b46b-fd37b93ad2d5" + ], + "columns": { + "0f1b1306-d3f4-4558-b46b-fd37b93ad2d5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "4c3c52e1-4abc-4047-a258-cd82895956f4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Kill Chain Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0f1b1306-d3f4-4558-b46b-fd37b93ad2d5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.kill_chain_status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "0f1b1306-d3f4-4558-b46b-fd37b93ad2d5" + ], + "layerId": "e1103238-07bd-44c2-83cd-0b72c2e327b2", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "4c3c52e1-4abc-4047-a258-cd82895956f4" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "1fbb5a14-c5fe-4881-a2d1-1ead024cac71", + "w": 24, + "x": 0, + "y": 120 + }, + "panelIndex": "1fbb5a14-c5fe-4881-a2d1-1ead024cac71", + "title": "Distribution of Alerts by Kill Chain Status [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fd06a4f8-b0db-44c0-8cf7-d5c80233ab8c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fd06a4f8-b0db-44c0-8cf7-d5c80233ab8c": { + "columnOrder": [ + "91aa5d6a-c860-40ad-8d56-cb292d4a0cd5", + "12f152c7-a887-4c9a-9a3f-71a3c6e60e9b" + ], + "columns": { + "12f152c7-a887-4c9a-9a3f-71a3c6e60e9b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "91aa5d6a-c860-40ad-8d56-cb292d4a0cd5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Reason Codes", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "12f152c7-a887-4c9a-9a3f-71a3c6e60e9b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.reason_code" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "91aa5d6a-c860-40ad-8d56-cb292d4a0cd5", + "isTransposed": false + }, + { + "columnId": "12f152c7-a887-4c9a-9a3f-71a3c6e60e9b", + "isTransposed": false + } + ], + "layerId": "fd06a4f8-b0db-44c0-8cf7-d5c80233ab8c", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ccd8a34c-d68c-4471-aca6-d41e1185f176", + "w": 24, + "x": 24, + "y": 150 + }, + "panelIndex": "ccd8a34c-d68c-4471-aca6-d41e1185f176", + "title": "Top 10 Reason Codes [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-48c8290b-b387-4b56-a430-d49851725caa", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "48c8290b-b387-4b56-a430-d49851725caa": { + "columnOrder": [ + "ef64b3a4-8de3-4669-a35f-1ecc9e29ce2c", + "d1d440ef-ba5c-4b3f-85a8-da4e8014c1af" + ], + "columns": { + "d1d440ef-ba5c-4b3f-85a8-da4e8014c1af": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "ef64b3a4-8de3-4669-a35f-1ecc9e29ce2c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Cause Actor Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d1d440ef-ba5c-4b3f-85a8-da4e8014c1af", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.threat_cause.actor.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "ef64b3a4-8de3-4669-a35f-1ecc9e29ce2c", + "isTransposed": false + }, + { + "columnId": "d1d440ef-ba5c-4b3f-85a8-da4e8014c1af", + "isTransposed": false + } + ], + "layerId": "48c8290b-b387-4b56-a430-d49851725caa", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "4e0459b0-fe4a-4199-8846-8a59e854e277", + "w": 24, + "x": 0, + "y": 135 + }, + "panelIndex": "4e0459b0-fe4a-4199-8846-8a59e854e277", + "title": "Top 10 Threat Cause Actor Name [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-811141f4-f8d2-4a91-9702-0341d0efa27c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "811141f4-f8d2-4a91-9702-0341d0efa27c": { + "columnOrder": [ + "c5ab6ff0-1969-48a0-9f14-7afe2506527b", + "ddc99f56-464c-45cb-9c13-530c4c9488cc" + ], + "columns": { + "c5ab6ff0-1969-48a0-9f14-7afe2506527b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "IOC Hit", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ddc99f56-464c-45cb-9c13-530c4c9488cc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.ioc.hit" + }, + "ddc99f56-464c-45cb-9c13-530c4c9488cc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "c5ab6ff0-1969-48a0-9f14-7afe2506527b", + "isTransposed": false + }, + { + "columnId": "ddc99f56-464c-45cb-9c13-530c4c9488cc", + "isTransposed": false + } + ], + "layerId": "811141f4-f8d2-4a91-9702-0341d0efa27c", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "07a8d03f-6b85-46c4-8fce-9bf5a09b5139", + "w": 24, + "x": 24, + "y": 165 + }, + "panelIndex": "07a8d03f-6b85-46c4-8fce-9bf5a09b5139", + "title": "Top 10 IOC Hit [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a754e5d3-8c59-44be-9431-ecba97548823", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a754e5d3-8c59-44be-9431-ecba97548823": { + "columnOrder": [ + "e70a2d5f-e544-4da5-b796-4f1a028470ea", + "69db9731-3d82-4086-b12c-885a7088cdc0" + ], + "columns": { + "69db9731-3d82-4086-b12c-885a7088cdc0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e70a2d5f-e544-4da5-b796-4f1a028470ea": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "69db9731-3d82-4086-b12c-885a7088cdc0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e70a2d5f-e544-4da5-b796-4f1a028470ea", + "isTransposed": false + }, + { + "columnId": "69db9731-3d82-4086-b12c-885a7088cdc0", + "isTransposed": false + } + ], + "layerId": "a754e5d3-8c59-44be-9431-ecba97548823", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "477eae84-de2f-49ba-acd3-b7cb615d0009", + "w": 24, + "x": 0, + "y": 150 + }, + "panelIndex": "477eae84-de2f-49ba-acd3-b7cb615d0009", + "title": "Top 10 Device Username [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c5b0e0b1-a53b-4f7c-a3d9-0a06916c7a90", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c5b0e0b1-a53b-4f7c-a3d9-0a06916c7a90": { + "columnOrder": [ + "5103934e-b85c-4709-8f68-f0637d34958d", + "a4139c61-df94-40ac-b796-1b4cf24b61e2" + ], + "columns": { + "5103934e-b85c-4709-8f68-f0637d34958d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threat Indicators Process Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a4139c61-df94-40ac-b796-1b4cf24b61e2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.alert.threat_indicators.process_name" + }, + "a4139c61-df94-40ac-b796-1b4cf24b61e2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "5103934e-b85c-4709-8f68-f0637d34958d" + }, + { + "columnId": "a4139c61-df94-40ac-b796-1b4cf24b61e2", + "isTransposed": false + } + ], + "layerId": "c5b0e0b1-a53b-4f7c-a3d9-0a06916c7a90", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2f1d33f1-e407-4d8f-a353-9fe102116a03", + "w": 24, + "x": 0, + "y": 165 + }, + "panelIndex": "2f1d33f1-e407-4d8f-a353-9fe102116a03", + "title": "Top 10 Threat Indicators Process Name [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 23, + "i": "f561888f-9762-4031-9f49-7c49e436849d", + "w": 48, + "x": 0, + "y": 180 + }, + "panelIndex": "f561888f-9762-4031-9f49-7c49e436849d", + "panelRefName": "panel_f561888f-9762-4031-9f49-7c49e436849d", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Carbon Black Cloud] Alert", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "carbon_black_cloud-0954fb80-3a5c-11ed-a8e8-41eb8778c6de", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2fdf6d77-fb2b-4d45-9fe0-1b1395b51cad:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2fdf6d77-fb2b-4d45-9fe0-1b1395b51cad:indexpattern-datasource-layer-3a59266a-6775-483f-99a4-806d42c20187", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "824ac716-7b3f-4aab-80e3-6eb2e2eba0c3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "824ac716-7b3f-4aab-80e3-6eb2e2eba0c3:indexpattern-datasource-layer-5d228926-1588-4273-83fb-e1e030db620d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7428974e-7e40-44ed-ae98-d5f70484cc74:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7428974e-7e40-44ed-ae98-d5f70484cc74:indexpattern-datasource-layer-4860b265-1a18-4665-bfa6-d5b45d2b4698", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "68904d73-a00c-4e08-9bfb-521ae79562db:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "68904d73-a00c-4e08-9bfb-521ae79562db:indexpattern-datasource-layer-9df0b783-d395-42ed-91d4-245d42a3ce75", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a8013a95-c2ed-45fa-a431-ab322e09732c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a8013a95-c2ed-45fa-a431-ab322e09732c:indexpattern-datasource-layer-dec17f01-e97d-46b5-9a93-68a8160b77fc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "21f1c122-4d3a-4d58-a2e5-dc2552fe00ae:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "21f1c122-4d3a-4d58-a2e5-dc2552fe00ae:indexpattern-datasource-layer-c0723707-2be7-4bf2-9464-b3224ff13091", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1e08938-2991-41e4-995d-da5f05f118b0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1e08938-2991-41e4-995d-da5f05f118b0:indexpattern-datasource-layer-426b4ce4-ce18-408c-a33c-304a2e9cf80b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62a0100e-29b4-4859-b753-61348d6f929a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "62a0100e-29b4-4859-b753-61348d6f929a:indexpattern-datasource-layer-5d41bec8-a673-495e-9c69-de61f95d6e2e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3cbc86a0-75d0-4ac0-a333-53a5ad59864b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3cbc86a0-75d0-4ac0-a333-53a5ad59864b:indexpattern-datasource-layer-7e1a90ba-d9e5-4d05-9d1a-b3045457cdde", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a2652673-86ef-402c-aa80-c9ca5e0fe287:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a2652673-86ef-402c-aa80-c9ca5e0fe287:indexpattern-datasource-layer-c4488e42-0b97-4a33-8c9f-aa9265ac19e6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a9b9f69f-e15c-4ad7-aed4-50baa5bc16fb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a9b9f69f-e15c-4ad7-aed4-50baa5bc16fb:indexpattern-datasource-layer-2e00b48b-7d5b-469f-9613-3503131f7a3f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26d88e12-2e3a-4760-b63f-1f92528b652a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26d88e12-2e3a-4760-b63f-1f92528b652a:indexpattern-datasource-layer-fd36c613-af8d-4ef9-8744-a6b267e26bc1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3cbcaaf0-9ba1-4536-8192-28427cdcb8a0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3cbcaaf0-9ba1-4536-8192-28427cdcb8a0:indexpattern-datasource-layer-fc3bcaa9-a33b-44c4-8d08-5643bf9665ae", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "68b6d1b6-b955-4b8e-8649-98404fc4e871:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "68b6d1b6-b955-4b8e-8649-98404fc4e871:indexpattern-datasource-layer-2d5596cc-8954-4cf3-b056-235b6aa9efa8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4ba78728-d819-4a52-9bfb-d3cdf9a8cdbd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4ba78728-d819-4a52-9bfb-d3cdf9a8cdbd:indexpattern-datasource-layer-08b18428-bc7f-4e09-8277-56b698796abf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9944eade-0fb2-43c6-bb07-7013276204bd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9944eade-0fb2-43c6-bb07-7013276204bd:indexpattern-datasource-layer-c595f8ee-2027-4013-9e5f-8761f03a0e50", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "441f493c-7ead-42b8-940d-2d1ef599ce56:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "441f493c-7ead-42b8-940d-2d1ef599ce56:indexpattern-datasource-layer-f4d3ca9c-1cdc-485c-84c8-dc6576838cf2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4103b75e-506f-48d5-ac42-38c4f2063b16:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4103b75e-506f-48d5-ac42-38c4f2063b16:indexpattern-datasource-layer-5b33df3c-e952-4285-af67-3ffb4f50d53f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a38f5bf4-59a4-434f-a12b-c6355e71b3e3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a38f5bf4-59a4-434f-a12b-c6355e71b3e3:indexpattern-datasource-layer-15dfbaf6-974c-4236-bdb5-45f708c73c36", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1fbb5a14-c5fe-4881-a2d1-1ead024cac71:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1fbb5a14-c5fe-4881-a2d1-1ead024cac71:indexpattern-datasource-layer-e1103238-07bd-44c2-83cd-0b72c2e327b2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ccd8a34c-d68c-4471-aca6-d41e1185f176:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ccd8a34c-d68c-4471-aca6-d41e1185f176:indexpattern-datasource-layer-fd06a4f8-b0db-44c0-8cf7-d5c80233ab8c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e0459b0-fe4a-4199-8846-8a59e854e277:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e0459b0-fe4a-4199-8846-8a59e854e277:indexpattern-datasource-layer-48c8290b-b387-4b56-a430-d49851725caa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07a8d03f-6b85-46c4-8fce-9bf5a09b5139:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07a8d03f-6b85-46c4-8fce-9bf5a09b5139:indexpattern-datasource-layer-811141f4-f8d2-4a91-9702-0341d0efa27c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "477eae84-de2f-49ba-acd3-b7cb615d0009:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "477eae84-de2f-49ba-acd3-b7cb615d0009:indexpattern-datasource-layer-a754e5d3-8c59-44be-9431-ecba97548823", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2f1d33f1-e407-4d8f-a353-9fe102116a03:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2f1d33f1-e407-4d8f-a353-9fe102116a03:indexpattern-datasource-layer-c5b0e0b1-a53b-4f7c-a3d9-0a06916c7a90", + "type": "index-pattern" + }, + { + "id": "carbon_black_cloud-b23c6730-3a6e-11ed-a8e8-41eb8778c6de", + "name": "f561888f-9762-4031-9f49-7c49e436849d:panel_f561888f-9762-4031-9f49-7c49e436849d", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-44209d90-3a7b-11ed-a8e8-41eb8778c6de.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-44209d90-3a7b-11ed-a8e8-41eb8778c6de.json new file mode 100644 index 00000000000..1f84dd42537 --- /dev/null +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-44209d90-3a7b-11ed-a8e8-41eb8778c6de.json @@ -0,0 +1,407 @@ +{ + "attributes": { + "description": "This dashboard shows audit logs collected by the Carbon Black Cloud integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "carbon_black_cloud.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "carbon_black_cloud.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cf51460d-9819-4407-bfea-6f99bb609c73", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cf51460d-9819-4407-bfea-6f99bb609c73": { + "columnOrder": [ + "ef3f6624-0d88-4c5b-b7ba-149fa718eff7", + "a768dadd-114b-407b-92d4-e12ed59d3772" + ], + "columns": { + "a768dadd-114b-407b-92d4-e12ed59d3772": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "ef3f6624-0d88-4c5b-b7ba-149fa718eff7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "URL", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a768dadd-114b-407b-92d4-e12ed59d3772", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "url.original" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "ef3f6624-0d88-4c5b-b7ba-149fa718eff7", + "isTransposed": false + }, + { + "columnId": "a768dadd-114b-407b-92d4-e12ed59d3772", + "isTransposed": false + } + ], + "layerId": "cf51460d-9819-4407-bfea-6f99bb609c73", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 17, + "i": "ac48d15f-174e-44ab-8e66-de2bedb6d091", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "ac48d15f-174e-44ab-8e66-de2bedb6d091", + "title": "Top 10 Request URLs [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ea4134c8-ddf1-4749-904e-6217bbc77651", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ea4134c8-ddf1-4749-904e-6217bbc77651": { + "columnOrder": [ + "e5ec5b18-c4e8-4078-a5bc-f0c6f1b6766e", + "07722e4d-f374-4c04-a7b5-79d9dde852be" + ], + "columns": { + "07722e4d-f374-4c04-a7b5-79d9dde852be": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e5ec5b18-c4e8-4078-a5bc-f0c6f1b6766e": { + "customLabel": true, + "dataType": "boolean", + "isBucketed": true, + "label": "Flagged", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "07722e4d-f374-4c04-a7b5-79d9dde852be", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.audit.flagged" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "e5ec5b18-c4e8-4078-a5bc-f0c6f1b6766e" + ], + "layerId": "ea4134c8-ddf1-4749-904e-6217bbc77651", + "layerType": "data", + "legendDisplay": "default", + "metric": "07722e4d-f374-4c04-a7b5-79d9dde852be", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "54590e23-86ba-4166-94d7-d9e67c7890c7", + "w": 24, + "x": 0, + "y": 17 + }, + "panelIndex": "54590e23-86ba-4166-94d7-d9e67c7890c7", + "title": "Distribution of Audit Logs by Flag Status [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b1891e64-ddb4-4ddc-b8f3-b0fb62fd014c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b1891e64-ddb4-4ddc-b8f3-b0fb62fd014c": { + "columnOrder": [ + "5490d7a2-d070-4ae5-93e7-cea6e671b1ba", + "45cfe3e3-abef-42a9-96a6-1129ae7ea7e7" + ], + "columns": { + "45cfe3e3-abef-42a9-96a6-1129ae7ea7e7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "5490d7a2-d070-4ae5-93e7-cea6e671b1ba": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Client IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "45cfe3e3-abef-42a9-96a6-1129ae7ea7e7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "5490d7a2-d070-4ae5-93e7-cea6e671b1ba" + }, + { + "columnId": "45cfe3e3-abef-42a9-96a6-1129ae7ea7e7", + "isTransposed": false + } + ], + "layerId": "b1891e64-ddb4-4ddc-b8f3-b0fb62fd014c", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ed2f0832-20f7-4402-9087-a89be5779b2a", + "w": 24, + "x": 24, + "y": 17 + }, + "panelIndex": "ed2f0832-20f7-4402-9087-a89be5779b2a", + "title": "Top 10 Client IPs [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 25, + "i": "a1d883f7-93af-4fd2-ac0a-a654b92f3322", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "a1d883f7-93af-4fd2-ac0a-a654b92f3322", + "panelRefName": "panel_a1d883f7-93af-4fd2-ac0a-a654b92f3322", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Carbon Black Cloud] Audit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "carbon_black_cloud-44209d90-3a7b-11ed-a8e8-41eb8778c6de", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ac48d15f-174e-44ab-8e66-de2bedb6d091:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ac48d15f-174e-44ab-8e66-de2bedb6d091:indexpattern-datasource-layer-cf51460d-9819-4407-bfea-6f99bb609c73", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54590e23-86ba-4166-94d7-d9e67c7890c7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54590e23-86ba-4166-94d7-d9e67c7890c7:indexpattern-datasource-layer-ea4134c8-ddf1-4749-904e-6217bbc77651", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed2f0832-20f7-4402-9087-a89be5779b2a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ed2f0832-20f7-4402-9087-a89be5779b2a:indexpattern-datasource-layer-b1891e64-ddb4-4ddc-b8f3-b0fb62fd014c", + "type": "index-pattern" + }, + { + "id": "carbon_black_cloud-e16671a0-3a77-11ed-a8e8-41eb8778c6de", + "name": "a1d883f7-93af-4fd2-ac0a-a654b92f3322:panel_a1d883f7-93af-4fd2-ac0a-a654b92f3322", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-4d08ffd0-3b19-11ed-a8e8-41eb8778c6de.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-4d08ffd0-3b19-11ed-a8e8-41eb8778c6de.json new file mode 100644 index 00000000000..94b722ee6c7 --- /dev/null +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-4d08ffd0-3b19-11ed-a8e8-41eb8778c6de.json @@ -0,0 +1,1835 @@ +{ + "attributes": { + "description": "This dashboard shows watchlist hit logs collected by the Carbon Black Cloud integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "carbon_black_cloud.watchlist_hit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "carbon_black_cloud.watchlist_hit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3217deee-e05e-4924-8a78-8da868b5ead4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3217deee-e05e-4924-8a78-8da868b5ead4": { + "columnOrder": [ + "0fce6095-fb8d-4375-8e6d-6df4e4e63a75", + "2ca9cb31-c7b2-42e8-b6f6-9a74fbab5314" + ], + "columns": { + "0fce6095-fb8d-4375-8e6d-6df4e4e63a75": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Device Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2ca9cb31-c7b2-42e8-b6f6-9a74fbab5314", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.hostname" + }, + "2ca9cb31-c7b2-42e8-b6f6-9a74fbab5314": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "0fce6095-fb8d-4375-8e6d-6df4e4e63a75", + "isTransposed": false + }, + { + "columnId": "2ca9cb31-c7b2-42e8-b6f6-9a74fbab5314", + "isTransposed": false + } + ], + "layerId": "3217deee-e05e-4924-8a78-8da868b5ead4", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "35c0ecd4-e63c-4db6-99af-f07e7e186ff1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "35c0ecd4-e63c-4db6-99af-f07e7e186ff1", + "title": "Top 10 Device Names [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a14a0edd-2f46-4fb6-94f1-924f432f0aa8", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a14a0edd-2f46-4fb6-94f1-924f432f0aa8": { + "columnOrder": [ + "8d7d2b57-55f1-4f6f-acd4-986b7ce4c0f9", + "3cd362a6-b931-4c5e-9b33-5b0f115234cf" + ], + "columns": { + "3cd362a6-b931-4c5e-9b33-5b0f115234cf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "8d7d2b57-55f1-4f6f-acd4-986b7ce4c0f9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Device External IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3cd362a6-b931-4c5e-9b33-5b0f115234cf", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.device.external_ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "8d7d2b57-55f1-4f6f-acd4-986b7ce4c0f9", + "isTransposed": false + }, + { + "columnId": "3cd362a6-b931-4c5e-9b33-5b0f115234cf", + "isTransposed": false + } + ], + "layerId": "a14a0edd-2f46-4fb6-94f1-924f432f0aa8", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "230d46fe-a268-42c2-8d88-aca0fc0dfae0", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "230d46fe-a268-42c2-8d88-aca0fc0dfae0", + "title": "Top 10 Device External IPs [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5402681-4dae-403b-9b4b-3f5d4c3e4f89", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a5402681-4dae-403b-9b4b-3f5d4c3e4f89": { + "columnOrder": [ + "a68ab84a-6617-4536-a752-d2b907ba0928", + "4a20e99f-31bf-4187-bd79-66e4a50a7a83" + ], + "columns": { + "4a20e99f-31bf-4187-bd79-66e4a50a7a83": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "a68ab84a-6617-4536-a752-d2b907ba0928": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Watchlist Hit", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4a20e99f-31bf-4187-bd79-66e4a50a7a83", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.watchlists.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "a68ab84a-6617-4536-a752-d2b907ba0928", + "isTransposed": false + }, + { + "columnId": "4a20e99f-31bf-4187-bd79-66e4a50a7a83", + "isTransposed": false + } + ], + "layerId": "a5402681-4dae-403b-9b4b-3f5d4c3e4f89", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2afa480c-9bb3-4c48-837f-10ea8e2ac7b0", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "2afa480c-9bb3-4c48-837f-10ea8e2ac7b0", + "title": "Top 10 Watchlist Hit Names [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5a222a6d-86db-471b-9c24-d1a22f2ab501", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5a222a6d-86db-471b-9c24-d1a22f2ab501": { + "columnOrder": [ + "42cc8a6d-f364-4b2b-976e-933593ef4586", + "0d9ddce5-6ad9-40a8-b044-36b7221df2a3" + ], + "columns": { + "0d9ddce5-6ad9-40a8-b044-36b7221df2a3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "42cc8a6d-f364-4b2b-976e-933593ef4586": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0d9ddce5-6ad9-40a8-b044-36b7221df2a3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "42cc8a6d-f364-4b2b-976e-933593ef4586" + ], + "layerId": "5a222a6d-86db-471b-9c24-d1a22f2ab501", + "layerType": "data", + "legendDisplay": "default", + "metric": "0d9ddce5-6ad9-40a8-b044-36b7221df2a3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "1bbac035-f225-446f-ac89-9e953e6b8b6b", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "1bbac035-f225-446f-ac89-9e953e6b8b6b", + "title": "Distribution of Watchlist Hit by Severity [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2d4cc39f-3cb1-4cef-a457-be656986cb23", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2d4cc39f-3cb1-4cef-a457-be656986cb23": { + "columnOrder": [ + "d122fb4c-5597-49d4-b943-42d51e60ac04", + "5cfae199-aa1a-44d3-9dc7-19799c5abe5e" + ], + "columns": { + "5cfae199-aa1a-44d3-9dc7-19799c5abe5e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "d122fb4c-5597-49d4-b943-42d51e60ac04": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Process Reputation", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5cfae199-aa1a-44d3-9dc7-19799c5abe5e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.reputation" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d122fb4c-5597-49d4-b943-42d51e60ac04" + ], + "layerId": "2d4cc39f-3cb1-4cef-a457-be656986cb23", + "layerType": "data", + "legendDisplay": "default", + "metric": "5cfae199-aa1a-44d3-9dc7-19799c5abe5e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d70d94eb-1a08-484f-a0dc-810d0faf3e2c", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "d70d94eb-1a08-484f-a0dc-810d0faf3e2c", + "title": "Distribution of Watchlist Hit by Process Reputation [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e2449b19-bfdf-4a5a-ab57-80cfd802b809", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e2449b19-bfdf-4a5a-ab57-80cfd802b809": { + "columnOrder": [ + "4d2c1409-3603-401d-ab9c-168c149dd9b1", + "91a16f8c-bbb7-4269-915d-bb511007b6c2" + ], + "columns": { + "4d2c1409-3603-401d-ab9c-168c149dd9b1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Parent Process Reputation", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "91a16f8c-bbb7-4269-915d-bb511007b6c2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.parent.reputation" + }, + "91a16f8c-bbb7-4269-915d-bb511007b6c2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "4d2c1409-3603-401d-ab9c-168c149dd9b1" + ], + "layerId": "e2449b19-bfdf-4a5a-ab57-80cfd802b809", + "layerType": "data", + "legendDisplay": "default", + "metric": "91a16f8c-bbb7-4269-915d-bb511007b6c2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "afddb1ce-d642-4265-8ddd-edd86af3547b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "afddb1ce-d642-4265-8ddd-edd86af3547b", + "title": "Distribution of Watchlist Hit by Parent Process Reputation [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a93030ae-db37-4bc1-ae3e-2f400c114a75", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a93030ae-db37-4bc1-ae3e-2f400c114a75": { + "columnOrder": [ + "b4859b4e-c072-4e6b-8adc-b61851f2b9f0", + "1edf5e1c-5e7b-4759-957f-ed3b5adb7038" + ], + "columns": { + "1edf5e1c-5e7b-4759-957f-ed3b5adb7038": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "b4859b4e-c072-4e6b-8adc-b61851f2b9f0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Top 10 Process Publisher Names", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1edf5e1c-5e7b-4759-957f-ed3b5adb7038", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.publisher.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b4859b4e-c072-4e6b-8adc-b61851f2b9f0", + "isTransposed": false + }, + { + "columnId": "1edf5e1c-5e7b-4759-957f-ed3b5adb7038", + "isTransposed": false + } + ], + "layerId": "a93030ae-db37-4bc1-ae3e-2f400c114a75", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "f212017e-2ff2-4432-abb8-38e7d97fd2ca", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "f212017e-2ff2-4432-abb8-38e7d97fd2ca", + "title": "Top 10 Process Publisher Names [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d7675455-3c90-4ef8-8b59-34bbb9eb3337", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d7675455-3c90-4ef8-8b59-34bbb9eb3337": { + "columnOrder": [ + "fae4a4de-9054-4b3d-adfc-9076569863e4", + "208044ce-8431-43c3-a57e-6cbb0b061f96" + ], + "columns": { + "208044ce-8431-43c3-a57e-6cbb0b061f96": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "fae4a4de-9054-4b3d-adfc-9076569863e4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Parent Process Publisher Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "208044ce-8431-43c3-a57e-6cbb0b061f96", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.parent.publisher.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "fae4a4de-9054-4b3d-adfc-9076569863e4", + "isTransposed": false + }, + { + "columnId": "208044ce-8431-43c3-a57e-6cbb0b061f96", + "isTransposed": false + } + ], + "layerId": "d7675455-3c90-4ef8-8b59-34bbb9eb3337", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a1866989-db26-4bad-9370-db438cdc23c3", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "a1866989-db26-4bad-9370-db438cdc23c3", + "title": "Top 10 Parent Process Publisher Names [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e35d4dc4-b040-44a3-b4d1-ea153154d413", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e35d4dc4-b040-44a3-b4d1-ea153154d413": { + "columnOrder": [ + "81e4760a-d337-4422-bc32-7ceaa9d73965", + "7db8dfc2-3e67-4c75-80ca-f26be9a3948f" + ], + "columns": { + "7db8dfc2-3e67-4c75-80ca-f26be9a3948f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "81e4760a-d337-4422-bc32-7ceaa9d73965": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Process Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7db8dfc2-3e67-4c75-80ca-f26be9a3948f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.username" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "81e4760a-d337-4422-bc32-7ceaa9d73965", + "isTransposed": false + }, + { + "columnId": "7db8dfc2-3e67-4c75-80ca-f26be9a3948f", + "isTransposed": false + } + ], + "layerId": "e35d4dc4-b040-44a3-b4d1-ea153154d413", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "49d81cf9-410c-4ec9-965c-fd97fc3c8ad6", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "49d81cf9-410c-4ec9-965c-fd97fc3c8ad6", + "title": "Top 10 Process Usernames [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ca5b990d-6d22-4285-ab69-7ec5ae6aa569", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ca5b990d-6d22-4285-ab69-7ec5ae6aa569": { + "columnOrder": [ + "8439267a-7d8c-436d-85b6-19e40b056f2d", + "693c8157-bbbb-4a67-939d-5ad006762ebe" + ], + "columns": { + "693c8157-bbbb-4a67-939d-5ad006762ebe": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "8439267a-7d8c-436d-85b6-19e40b056f2d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Parent Process Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "693c8157-bbbb-4a67-939d-5ad006762ebe", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.parent.username" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "8439267a-7d8c-436d-85b6-19e40b056f2d", + "isTransposed": false + }, + { + "columnId": "693c8157-bbbb-4a67-939d-5ad006762ebe", + "isTransposed": false + } + ], + "layerId": "ca5b990d-6d22-4285-ab69-7ec5ae6aa569", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "375f19ac-08e8-464b-a741-fa973c8f447c", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "375f19ac-08e8-464b-a741-fa973c8f447c", + "title": "Top 10 Parent Process Usernames [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1fc9a3d0-2911-4f76-addc-b817ec90134a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1fc9a3d0-2911-4f76-addc-b817ec90134a": { + "columnOrder": [ + "cdcfda2f-6698-4ab1-b9bf-5989ccdd4531", + "76db7887-cb3f-4bb5-bd26-7cc841d39285" + ], + "columns": { + "76db7887-cb3f-4bb5-bd26-7cc841d39285": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "cdcfda2f-6698-4ab1-b9bf-5989ccdd4531": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "76db7887-cb3f-4bb5-bd26-7cc841d39285", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.device.os" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "cdcfda2f-6698-4ab1-b9bf-5989ccdd4531" + ], + "layerId": "1fc9a3d0-2911-4f76-addc-b817ec90134a", + "layerType": "data", + "legendDisplay": "default", + "metric": "76db7887-cb3f-4bb5-bd26-7cc841d39285", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ca027d81-57fa-415d-af52-fb9d23394f20", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "ca027d81-57fa-415d-af52-fb9d23394f20", + "title": "Distribution of Watchlist Hit by OS [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ba16a583-8c53-402c-ac20-4fb90aebab32", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ba16a583-8c53-402c-ac20-4fb90aebab32": { + "columnOrder": [ + "2517cfff-d3c2-436b-8930-68785bc28e27", + "970ddd6c-2698-4069-b85e-290906807974" + ], + "columns": { + "2517cfff-d3c2-436b-8930-68785bc28e27": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "IOC Hit", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "970ddd6c-2698-4069-b85e-290906807974", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.ioc.hit" + }, + "970ddd6c-2698-4069-b85e-290906807974": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2517cfff-d3c2-436b-8930-68785bc28e27", + "isTransposed": false + }, + { + "columnId": "970ddd6c-2698-4069-b85e-290906807974", + "isTransposed": false + } + ], + "layerId": "ba16a583-8c53-402c-ac20-4fb90aebab32", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3975ba99-95f1-4525-bf3d-e0df9e4f59b1", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "3975ba99-95f1-4525-bf3d-e0df9e4f59b1", + "title": "Top 10 IOC Hits [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d15659b3-c333-4c80-837c-5c2e2b08b392", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d15659b3-c333-4c80-837c-5c2e2b08b392": { + "columnOrder": [ + "4a31794d-90e1-4ba5-b374-4aea88e50fd5", + "f8a4c112-e4ab-489d-be64-76fde23b665b" + ], + "columns": { + "4a31794d-90e1-4ba5-b374-4aea88e50fd5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Report Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f8a4c112-e4ab-489d-be64-76fde23b665b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.report.name" + }, + "f8a4c112-e4ab-489d-be64-76fde23b665b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "4a31794d-90e1-4ba5-b374-4aea88e50fd5", + "isTransposed": false + }, + { + "columnId": "f8a4c112-e4ab-489d-be64-76fde23b665b", + "isTransposed": false + } + ], + "layerId": "d15659b3-c333-4c80-837c-5c2e2b08b392", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "addf663c-77af-410a-b4b6-a644db0525a9", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "addf663c-77af-410a-b4b6-a644db0525a9", + "title": "Top 10 Report Names [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3ecf3417-7655-4a2c-841c-8ebf71aafefb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3ecf3417-7655-4a2c-841c-8ebf71aafefb": { + "columnOrder": [ + "9a0ee32f-65aa-42ac-ba3c-9e8464f5fd7a", + "9b4fe50f-e081-4498-9c36-9b35669472ac" + ], + "columns": { + "9a0ee32f-65aa-42ac-ba3c-9e8464f5fd7a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Watchlist Hit by Report Tag", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9b4fe50f-e081-4498-9c36-9b35669472ac", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.report.tags" + }, + "9b4fe50f-e081-4498-9c36-9b35669472ac": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "9b4fe50f-e081-4498-9c36-9b35669472ac" + ], + "layerId": "3ecf3417-7655-4a2c-841c-8ebf71aafefb", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "9a0ee32f-65aa-42ac-ba3c-9e8464f5fd7a" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "0f6693d6-80bb-46e5-ad4f-5cb5f266185c", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "0f6693d6-80bb-46e5-ad4f-5cb5f266185c", + "title": "Distribution of Watchlist Hit by Report Tags [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2a55ef8f-a11d-4245-a71f-87f68095a9ee", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2a55ef8f-a11d-4245-a71f-87f68095a9ee": { + "columnOrder": [ + "be9755d5-bccb-4cfa-9a56-c928379a5d36", + "f8707f04-42d4-4d5d-a937-2a06c23ac5d1" + ], + "columns": { + "be9755d5-bccb-4cfa-9a56-c928379a5d36": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Process Publisher State", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f8707f04-42d4-4d5d-a937-2a06c23ac5d1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.publisher.state" + }, + "f8707f04-42d4-4d5d-a937-2a06c23ac5d1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "be9755d5-bccb-4cfa-9a56-c928379a5d36", + "isTransposed": false + }, + { + "columnId": "f8707f04-42d4-4d5d-a937-2a06c23ac5d1", + "isTransposed": false + } + ], + "layerId": "2a55ef8f-a11d-4245-a71f-87f68095a9ee", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "0aad7600-216d-4897-9fc3-b693a3d75fe4", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "0aad7600-216d-4897-9fc3-b693a3d75fe4", + "title": "Top 10 Process Publisher States [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0ea1185c-6cc6-4a1f-bb93-1aed31846b90", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0ea1185c-6cc6-4a1f-bb93-1aed31846b90": { + "columnOrder": [ + "2c7ad16e-1c85-482d-ae1f-a1ca4d6ba1fb", + "5d18f32c-f3fa-4b51-b54f-d3744d50b960" + ], + "columns": { + "2c7ad16e-1c85-482d-ae1f-a1ca4d6ba1fb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Parent Process Publisher State", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5d18f32c-f3fa-4b51-b54f-d3744d50b960", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.watchlist_hit.process.parent.publisher.state" + }, + "5d18f32c-f3fa-4b51-b54f-d3744d50b960": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2c7ad16e-1c85-482d-ae1f-a1ca4d6ba1fb", + "isTransposed": false + }, + { + "columnId": "5d18f32c-f3fa-4b51-b54f-d3744d50b960", + "isTransposed": false + } + ], + "layerId": "0ea1185c-6cc6-4a1f-bb93-1aed31846b90", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "168f17ab-a503-4fc0-ad33-d15bcb29d9dc", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "168f17ab-a503-4fc0-ad33-d15bcb29d9dc", + "title": "Top 10 Parent Process Publisher States [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 22, + "i": "ae947730-e292-4563-8e0f-0dde108c7540", + "w": 48, + "x": 0, + "y": 120 + }, + "panelIndex": "ae947730-e292-4563-8e0f-0dde108c7540", + "panelRefName": "panel_ae947730-e292-4563-8e0f-0dde108c7540", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Carbon Black Cloud] Watchlist Hit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "carbon_black_cloud-4d08ffd0-3b19-11ed-a8e8-41eb8778c6de", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35c0ecd4-e63c-4db6-99af-f07e7e186ff1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35c0ecd4-e63c-4db6-99af-f07e7e186ff1:indexpattern-datasource-layer-3217deee-e05e-4924-8a78-8da868b5ead4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "230d46fe-a268-42c2-8d88-aca0fc0dfae0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "230d46fe-a268-42c2-8d88-aca0fc0dfae0:indexpattern-datasource-layer-a14a0edd-2f46-4fb6-94f1-924f432f0aa8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2afa480c-9bb3-4c48-837f-10ea8e2ac7b0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2afa480c-9bb3-4c48-837f-10ea8e2ac7b0:indexpattern-datasource-layer-a5402681-4dae-403b-9b4b-3f5d4c3e4f89", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bbac035-f225-446f-ac89-9e953e6b8b6b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1bbac035-f225-446f-ac89-9e953e6b8b6b:indexpattern-datasource-layer-5a222a6d-86db-471b-9c24-d1a22f2ab501", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d70d94eb-1a08-484f-a0dc-810d0faf3e2c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d70d94eb-1a08-484f-a0dc-810d0faf3e2c:indexpattern-datasource-layer-2d4cc39f-3cb1-4cef-a457-be656986cb23", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "afddb1ce-d642-4265-8ddd-edd86af3547b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "afddb1ce-d642-4265-8ddd-edd86af3547b:indexpattern-datasource-layer-e2449b19-bfdf-4a5a-ab57-80cfd802b809", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f212017e-2ff2-4432-abb8-38e7d97fd2ca:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f212017e-2ff2-4432-abb8-38e7d97fd2ca:indexpattern-datasource-layer-a93030ae-db37-4bc1-ae3e-2f400c114a75", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a1866989-db26-4bad-9370-db438cdc23c3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a1866989-db26-4bad-9370-db438cdc23c3:indexpattern-datasource-layer-d7675455-3c90-4ef8-8b59-34bbb9eb3337", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "49d81cf9-410c-4ec9-965c-fd97fc3c8ad6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "49d81cf9-410c-4ec9-965c-fd97fc3c8ad6:indexpattern-datasource-layer-e35d4dc4-b040-44a3-b4d1-ea153154d413", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "375f19ac-08e8-464b-a741-fa973c8f447c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "375f19ac-08e8-464b-a741-fa973c8f447c:indexpattern-datasource-layer-ca5b990d-6d22-4285-ab69-7ec5ae6aa569", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ca027d81-57fa-415d-af52-fb9d23394f20:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ca027d81-57fa-415d-af52-fb9d23394f20:indexpattern-datasource-layer-1fc9a3d0-2911-4f76-addc-b817ec90134a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3975ba99-95f1-4525-bf3d-e0df9e4f59b1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3975ba99-95f1-4525-bf3d-e0df9e4f59b1:indexpattern-datasource-layer-ba16a583-8c53-402c-ac20-4fb90aebab32", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "addf663c-77af-410a-b4b6-a644db0525a9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "addf663c-77af-410a-b4b6-a644db0525a9:indexpattern-datasource-layer-d15659b3-c333-4c80-837c-5c2e2b08b392", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0f6693d6-80bb-46e5-ad4f-5cb5f266185c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0f6693d6-80bb-46e5-ad4f-5cb5f266185c:indexpattern-datasource-layer-3ecf3417-7655-4a2c-841c-8ebf71aafefb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0aad7600-216d-4897-9fc3-b693a3d75fe4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0aad7600-216d-4897-9fc3-b693a3d75fe4:indexpattern-datasource-layer-2a55ef8f-a11d-4245-a71f-87f68095a9ee", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "168f17ab-a503-4fc0-ad33-d15bcb29d9dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "168f17ab-a503-4fc0-ad33-d15bcb29d9dc:indexpattern-datasource-layer-0ea1185c-6cc6-4a1f-bb93-1aed31846b90", + "type": "index-pattern" + }, + { + "id": "carbon_black_cloud-d6f70aa0-3b20-11ed-a8e8-41eb8778c6de", + "name": "ae947730-e292-4563-8e0f-0dde108c7540:panel_ae947730-e292-4563-8e0f-0dde108c7540", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json deleted file mode 100644 index 2f661b37b33..00000000000 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b.json +++ /dev/null @@ -1,2909 +0,0 @@ -{ - "id": "carbon_black_cloud-7e095a40-e325-11ec-8642-e7f3d8b25a9b", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:26:25.990Z", - "version": "WzY4NSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Category", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category", - "field": "carbon_black_cloud.alert.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "c54d9223-56ad-42b4-9452-a44657dbcd6e", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "c54d9223-56ad-42b4-9452-a44657dbcd6e", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Alert Type", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Type", - "field": "carbon_black_cloud.alert.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "d3728fd5-5390-4448-8f26-277521569f30", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "d3728fd5-5390-4448-8f26-277521569f30", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Target Value", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target Value", - "field": "carbon_black_cloud.alert.target_value", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Sensor Action", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sensor Action", - "field": "carbon_black_cloud.alert.sensor_action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "5f57acd4-74a8-4d97-9e7b-d7b069efc867", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "5f57acd4-74a8-4d97-9e7b-d7b069efc867", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - }, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Severity", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "909c2914-4695-42dd-aa36-93e043a5c025", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "909c2914-4695-42dd-aa36-93e043a5c025", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Cause Reputation", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Cause Reputation", - "field": "carbon_black_cloud.alert.threat_cause.reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by OS, OS version", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": true, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS", - "field": "host.os.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Version", - "field": "host.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "9e320d15-f9df-4aea-9564-ac1c4257b51b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "9e320d15-f9df-4aea-9564-ac1c4257b51b", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Source of the Threat Cause", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source of the Threat Cause", - "field": "carbon_black_cloud.alert.threat_cause.vector", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Category of the Threat Cause", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Category of the Threat Cause", - "field": "carbon_black_cloud.alert.threat_cause.threat_category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Not Blocked Threat Category", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Not Blocked Threat Category", - "field": "carbon_black_cloud.alert.not_blocked_threat_category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "ed2de824-c493-4240-a6b5-329889c40c43", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "ed2de824-c493-4240-a6b5-329889c40c43", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Blocked Threat Category", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Blocked Threat Category", - "field": "carbon_black_cloud.alert.blocked_threat_category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Run State", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Run State", - "field": "carbon_black_cloud.alert.run_state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "bf749130-3138-45fe-a010-5b30b4636e7b", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "bf749130-3138-45fe-a010-5b30b4636e7b", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Watchlist Hit", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Watchlist Hit", - "field": "carbon_black_cloud.alert.watchlists.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "44ed553e-d5cc-4841-85e9-0d8af122086a", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "44ed553e-d5cc-4841-85e9-0d8af122086a", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Policy Names", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Name", - "field": "carbon_black_cloud.alert.policy.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "cd3cb74e-b13e-4a52-a48c-82d13a59421a", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "cd3cb74e-b13e-4a52-a48c-82d13a59421a", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Policy Applied", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Policy Applied", - "field": "carbon_black_cloud.alert.policy.applied", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "42b64f1c-9526-4430-8f62-cc6596cf07d7", - "w": 24, - "x": 24, - "y": 90 - }, - "panelIndex": "42b64f1c-9526-4430-8f62-cc6596cf07d7", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by IOC field", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IOC Field", - "field": "carbon_black_cloud.alert.ioc.field", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494", - "w": 24, - "x": 0, - "y": 105 - }, - "panelIndex": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Process Name", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Name", - "field": "process.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "ef6af3c0-10e9-46af-933c-a032464bdecf", - "w": 24, - "x": 24, - "y": 105 - }, - "panelIndex": "ef6af3c0-10e9-46af-933c-a032464bdecf", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Workflow State", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Workflow State", - "field": "carbon_black_cloud.alert.workflow.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", - "w": 24, - "x": 0, - "y": 120 - }, - "panelIndex": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Kill Chain Status", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Kill Chain Status", - "field": "carbon_black_cloud.alert.kill_chain_status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "247ad399-6383-4bf0-910e-9cb6767781c3", - "w": 24, - "x": 24, - "y": 120 - }, - "panelIndex": "247ad399-6383-4bf0-910e-9cb6767781c3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Alerts by Threat Indicators TTPS", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Indicators TTPS", - "field": "carbon_black_cloud.alert.threat_indicators.ttps", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "5c60fc1b-5ad1-4036-8adc-ce9adf455758", - "w": 24, - "x": 0, - "y": 135 - }, - "panelIndex": "5c60fc1b-5ad1-4036-8adc-ce9adf455758", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Threat Cause Actor Name", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Cause Actor Name", - "field": "carbon_black_cloud.alert.threat_cause.actor.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "0a228399-6f69-4803-b4cd-65f30dca5890", - "w": 24, - "x": 24, - "y": 135 - }, - "panelIndex": "0a228399-6f69-4803-b4cd-65f30dca5890", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Reason Codes", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Reason Codes", - "field": "carbon_black_cloud.alert.reason_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "5b015940-3fee-411a-be82-661078ead366", - "w": 24, - "x": 0, - "y": 150 - }, - "panelIndex": "5b015940-3fee-411a-be82-661078ead366", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Device Username", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Username", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "655bc1d2-5c31-4a38-9759-ab72f88bdb92", - "w": 24, - "x": 24, - "y": 150 - }, - "panelIndex": "655bc1d2-5c31-4a38-9759-ab72f88bdb92", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 IOC Hit", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IOC Hit", - "field": "carbon_black_cloud.alert.ioc.hit", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "8cdf7cdc-1858-4561-9e3b-5b5c73498586", - "w": 24, - "x": 0, - "y": 165 - }, - "panelIndex": "8cdf7cdc-1858-4561-9e3b-5b5c73498586", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Threat Indicators Process Name", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threat Indicators Process Name", - "field": "carbon_black_cloud.alert.threat_indicators.process_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c", - "w": 24, - "x": 24, - "y": 165 - }, - "panelIndex": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 23, - "i": "bc34dc1a-ba27-489e-a950-90a978974351", - "w": 48, - "x": 0, - "y": 180 - }, - "panelIndex": "bc34dc1a-ba27-489e-a950-90a978974351", - "panelRefName": "panel_bc34dc1a-ba27-489e-a950-90a978974351", - "type": "search", - "version": "7.17.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-1h", - "timeRestore": true, - "timeTo": "now", - "title": "[Carbon Black Cloud] Alert", - "version": 1 - }, - "references": [ - { - "id": "carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95", - "name": "bc34dc1a-ba27-489e-a950-90a978974351:panel_bc34dc1a-ba27-489e-a950-90a978974351", - "type": "search" - }, - { - "type": "index-pattern", - "name": "c54d9223-56ad-42b4-9452-a44657dbcd6e:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d3728fd5-5390-4448-8f26-277521569f30:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f1a29b4b-19d4-4ce2-84ac-d82761bd0e2c:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5f57acd4-74a8-4d97-9e7b-d7b069efc867:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "909c2914-4695-42dd-aa36-93e043a5c025:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c1ebdebc-a37b-48db-b2b1-6bcbcebea6d5:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "9e320d15-f9df-4aea-9564-ac1c4257b51b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5eb1ba4d-7c85-44c2-9d82-0ff45b8a3d1c:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "7da33ed3-29d9-4fe1-87a9-4debfc7bdd24:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ed2de824-c493-4240-a6b5-329889c40c43:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a6d4e61e-57bc-413a-8c68-5f55ab59e16a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "bf749130-3138-45fe-a010-5b30b4636e7b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "44ed553e-d5cc-4841-85e9-0d8af122086a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cd3cb74e-b13e-4a52-a48c-82d13a59421a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "42b64f1c-9526-4430-8f62-cc6596cf07d7:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b2fe20be-cad5-4bfa-abd1-c9b069fd2494:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ef6af3c0-10e9-46af-933c-a032464bdecf:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f9aeff58-ece5-4b1d-80e2-83cc30cf4bbc:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "247ad399-6383-4bf0-910e-9cb6767781c3:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5c60fc1b-5ad1-4036-8adc-ce9adf455758:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "0a228399-6f69-4803-b4cd-65f30dca5890:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5b015940-3fee-411a-be82-661078ead366:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "655bc1d2-5c31-4a38-9759-ab72f88bdb92:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "8cdf7cdc-1858-4561-9e3b-5b5c73498586:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "2d6c60e3-32cc-4746-bc7d-3fa40b80447c:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json deleted file mode 100644 index e74d2d94997..00000000000 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95.json +++ /dev/null @@ -1,310 +0,0 @@ -{ - "id": "carbon_black_cloud-869252c0-8d71-11ec-ac12-4bc77fa14e95", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:26:25.990Z", - "version": "WzY4NiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "table": null, - "vis": { - "params": { - "colWidth": [ - { - "colIndex": 0, - "width": 831 - } - ] - } - }, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Request URLs", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "URL", - "field": "url.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "c8d90872-b3b3-447d-a9fc-ada6409efeb2", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "c8d90872-b3b3-447d-a9fc-ada6409efeb2", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Client IPs", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client IPs", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "16128cf1-2134-46a9-9fd3-19889a2a6c9e", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "16128cf1-2134-46a9-9fd3-19889a2a6c9e", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Audit Logs by Flag Status", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Flagged", - "field": "carbon_black_cloud.audit.flagged", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "84a10ea8-959c-4fe7-852d-835b3786ed17", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "84a10ea8-959c-4fe7-852d-835b3786ed17", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "cd3e5a79-3640-47ff-95cd-c54debb5ee2d", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "cd3e5a79-3640-47ff-95cd-c54debb5ee2d", - "panelRefName": "panel_3", - "type": "search", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Audit Logs", - "version": 1 - }, - "references": [ - { - "id": "carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95", - "name": "panel_3", - "type": "search" - }, - { - "type": "index-pattern", - "name": "c8d90872-b3b3-447d-a9fc-ada6409efeb2:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "16128cf1-2134-46a9-9fd3-19889a2a6c9e:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "84a10ea8-959c-4fe7-852d-835b3786ed17:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a1f898e0-3a72-11ed-a8e8-41eb8778c6de.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a1f898e0-3a72-11ed-a8e8-41eb8778c6de.json new file mode 100644 index 00000000000..22bb75526db --- /dev/null +++ b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a1f898e0-3a72-11ed-a8e8-41eb8778c6de.json @@ -0,0 +1,980 @@ +{ + "attributes": { + "description": "This dashboard shows asset vulnerability summary logs collected by the Carbon Black Cloud integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "carbon_black_cloud.asset_vulnerability_summary" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "carbon_black_cloud.asset_vulnerability_summary" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5410ddca-ab93-430a-9a08-eaf11b6fa40e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5410ddca-ab93-430a-9a08-eaf11b6fa40e": { + "columnOrder": [ + "817c9a54-a0c4-4904-a899-16ca9794d5ca", + "2dd8c9fb-9d34-432c-80df-7cb665eecc1b", + "eef310bd-29ea-4b1c-b2a8-e148b4e8dac9" + ], + "columns": { + "2dd8c9fb-9d34-432c-80df-7cb665eecc1b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "eef310bd-29ea-4b1c-b2a8-e148b4e8dac9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.version" + }, + "817c9a54-a0c4-4904-a899-16ca9794d5ca": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "eef310bd-29ea-4b1c-b2a8-e148b4e8dac9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.os.type" + }, + "eef310bd-29ea-4b1c-b2a8-e148b4e8dac9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "817c9a54-a0c4-4904-a899-16ca9794d5ca", + "2dd8c9fb-9d34-432c-80df-7cb665eecc1b" + ], + "layerId": "5410ddca-ab93-430a-9a08-eaf11b6fa40e", + "layerType": "data", + "legendDisplay": "default", + "metric": "eef310bd-29ea-4b1c-b2a8-e148b4e8dac9", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "46f96a64-2e39-4868-98f5-7bc2b30d9598", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "46f96a64-2e39-4868-98f5-7bc2b30d9598", + "title": "Distribution of Asset Vulnerability Summary by OS Type, OS Version [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17527759-8e2e-4057-bb4d-c33239b0ca1e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17527759-8e2e-4057-bb4d-c33239b0ca1e": { + "columnOrder": [ + "9bac6de2-4a17-4404-9931-23a351b5d073", + "b052ce4d-e4be-42a0-9800-ac303d104caa" + ], + "columns": { + "9bac6de2-4a17-4404-9931-23a351b5d073": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sync Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b052ce4d-e4be-42a0-9800-ac303d104caa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.asset_vulnerability_summary.sync.status" + }, + "b052ce4d-e4be-42a0-9800-ac303d104caa": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9bac6de2-4a17-4404-9931-23a351b5d073" + ], + "layerId": "17527759-8e2e-4057-bb4d-c33239b0ca1e", + "layerType": "data", + "legendDisplay": "default", + "metric": "b052ce4d-e4be-42a0-9800-ac303d104caa", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "cff100e5-fee3-40ba-a77b-e4951edb41ec", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "cff100e5-fee3-40ba-a77b-e4951edb41ec", + "title": "Distribution of Asset Vulnerability Summary by Sync Status [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ec4d2a4e-96d6-49d4-b5d0-3e252d303d31", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ec4d2a4e-96d6-49d4-b5d0-3e252d303d31": { + "columnOrder": [ + "43f04c80-f33e-4fba-9a58-4c5281e7d52e", + "818effeb-b6d0-4448-8ec5-33a4e43f3a9b" + ], + "columns": { + "43f04c80-f33e-4fba-9a58-4c5281e7d52e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "818effeb-b6d0-4448-8ec5-33a4e43f3a9b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "vulnerability.severity" + }, + "818effeb-b6d0-4448-8ec5-33a4e43f3a9b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "43f04c80-f33e-4fba-9a58-4c5281e7d52e" + ], + "layerId": "ec4d2a4e-96d6-49d4-b5d0-3e252d303d31", + "layerType": "data", + "legendDisplay": "default", + "metric": "818effeb-b6d0-4448-8ec5-33a4e43f3a9b", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ff10ba8c-0a15-4703-aa5a-e496442cea3d", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "ff10ba8c-0a15-4703-aa5a-e496442cea3d", + "title": "Distribution of Asset Vulnerability Summary by Severity [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5e87b3e1-f055-4931-a720-8a63f4704fc5", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5e87b3e1-f055-4931-a720-8a63f4704fc5": { + "columnOrder": [ + "c6f6e6ff-9e2f-4874-b28d-b7be22e51ca2", + "5dfefeb9-0a85-4bef-9910-96faf4071f6a" + ], + "columns": { + "5dfefeb9-0a85-4bef-9910-96faf4071f6a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Vulnerability Count", + "operationType": "max", + "scale": "ratio", + "sourceField": "carbon_black_cloud.asset_vulnerability_summary.vuln_count" + }, + "c6f6e6ff-9e2f-4874-b28d-b7be22e51ca2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Hostname", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5dfefeb9-0a85-4bef-9910-96faf4071f6a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.hostname" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "5dfefeb9-0a85-4bef-9910-96faf4071f6a", + "isTransposed": false + }, + { + "columnId": "c6f6e6ff-9e2f-4874-b28d-b7be22e51ca2", + "isTransposed": false + } + ], + "layerId": "5e87b3e1-f055-4931-a720-8a63f4704fc5", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ee3d53af-a3b0-4290-af9e-eba45d3b33c1", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ee3d53af-a3b0-4290-af9e-eba45d3b33c1", + "title": "Top 10 Hosts with Highest Vulnerability Count [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4ff587ff-f38b-4ef3-8be2-7567e7e41305", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4ff587ff-f38b-4ef3-8be2-7567e7e41305": { + "columnOrder": [ + "ebc5952a-cd17-43aa-8f7d-ed543bb4ab18", + "01330c4f-3c15-46e4-8769-c4ba9bbb35a8" + ], + "columns": { + "01330c4f-3c15-46e4-8769-c4ba9bbb35a8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "ebc5952a-cd17-43aa-8f7d-ed543bb4ab18": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sync type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "01330c4f-3c15-46e4-8769-c4ba9bbb35a8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.asset_vulnerability_summary.sync.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "ebc5952a-cd17-43aa-8f7d-ed543bb4ab18" + ], + "layerId": "4ff587ff-f38b-4ef3-8be2-7567e7e41305", + "layerType": "data", + "legendDisplay": "default", + "metric": "01330c4f-3c15-46e4-8769-c4ba9bbb35a8", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "f069bf59-be88-46db-ad3b-f1c823386510", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "f069bf59-be88-46db-ad3b-f1c823386510", + "title": "Distribution of Asset Vulnerability Summary by Sync Type [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-659ce632-aebe-494a-8013-a4fdad0a9313", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "659ce632-aebe-494a-8013-a4fdad0a9313": { + "columnOrder": [ + "990c3a55-4eb9-471a-9096-b795187d52cf", + "91c2d582-2502-4e4a-8ba1-c2f1ee1ba5a5" + ], + "columns": { + "91c2d582-2502-4e4a-8ba1-c2f1ee1ba5a5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Risk Score", + "operationType": "max", + "scale": "ratio", + "sourceField": "vulnerability.score.base" + }, + "990c3a55-4eb9-471a-9096-b795187d52cf": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Hostname", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "91c2d582-2502-4e4a-8ba1-c2f1ee1ba5a5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.hostname" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "91c2d582-2502-4e4a-8ba1-c2f1ee1ba5a5", + "isTransposed": false + }, + { + "columnId": "990c3a55-4eb9-471a-9096-b795187d52cf", + "isTransposed": false + } + ], + "layerId": "659ce632-aebe-494a-8013-a4fdad0a9313", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "378c0f46-2a7e-4d96-8f70-46e028943759", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "378c0f46-2a7e-4d96-8f70-46e028943759", + "title": "Top 10 Hosts with Highest Risk Score [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d43d103e-d5e3-48eb-b9e9-7fc3909060cf", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d43d103e-d5e3-48eb-b9e9-7fc3909060cf": { + "columnOrder": [ + "97f13bc4-cd6f-4923-9740-86ca1642e09f", + "22c9ca1c-4280-4bbf-873b-bea095c59022" + ], + "columns": { + "22c9ca1c-4280-4bbf-873b-bea095c59022": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "97f13bc4-cd6f-4923-9740-86ca1642e09f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "22c9ca1c-4280-4bbf-873b-bea095c59022", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "carbon_black_cloud.asset_vulnerability_summary.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "97f13bc4-cd6f-4923-9740-86ca1642e09f" + ], + "layerId": "d43d103e-d5e3-48eb-b9e9-7fc3909060cf", + "layerType": "data", + "legendDisplay": "default", + "metric": "22c9ca1c-4280-4bbf-873b-bea095c59022", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "38f5d709-b07e-4d85-ac32-868a03e9a615", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "38f5d709-b07e-4d85-ac32-868a03e9a615", + "title": "Distribution of Asset Vulnerability Summary by Type [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-277fed86-7a32-4e07-ad5a-fef07f50cf11", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "277fed86-7a32-4e07-ad5a-fef07f50cf11": { + "columnOrder": [ + "b2c7bef2-a0cc-413a-81d4-3a9ca838b16d", + "ab64ff03-dabb-4af9-8c70-b09b341af478" + ], + "columns": { + "ab64ff03-dabb-4af9-8c70-b09b341af478": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "b2c7bef2-a0cc-413a-81d4-3a9ca838b16d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ab64ff03-dabb-4af9-8c70-b09b341af478", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.os.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b2c7bef2-a0cc-413a-81d4-3a9ca838b16d" + }, + { + "columnId": "ab64ff03-dabb-4af9-8c70-b09b341af478", + "isTransposed": false + } + ], + "layerId": "277fed86-7a32-4e07-ad5a-fef07f50cf11", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2acccc15-c5c5-40c4-a54a-8881e3bc8877", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "2acccc15-c5c5-40c4-a54a-8881e3bc8877", + "title": "Top 10 OS Names [Logs Carbon Black Cloud]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 32, + "i": "0c99f90d-a14f-4998-952e-93d8a89d67db", + "w": 48, + "x": 0, + "y": 60 + }, + "panelIndex": "0c99f90d-a14f-4998-952e-93d8a89d67db", + "panelRefName": "panel_0c99f90d-a14f-4998-952e-93d8a89d67db", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Carbon Black Cloud] Asset Vulnerability Summary", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "carbon_black_cloud-a1f898e0-3a72-11ed-a8e8-41eb8778c6de", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46f96a64-2e39-4868-98f5-7bc2b30d9598:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46f96a64-2e39-4868-98f5-7bc2b30d9598:indexpattern-datasource-layer-5410ddca-ab93-430a-9a08-eaf11b6fa40e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cff100e5-fee3-40ba-a77b-e4951edb41ec:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cff100e5-fee3-40ba-a77b-e4951edb41ec:indexpattern-datasource-layer-17527759-8e2e-4057-bb4d-c33239b0ca1e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff10ba8c-0a15-4703-aa5a-e496442cea3d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff10ba8c-0a15-4703-aa5a-e496442cea3d:indexpattern-datasource-layer-ec4d2a4e-96d6-49d4-b5d0-3e252d303d31", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ee3d53af-a3b0-4290-af9e-eba45d3b33c1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ee3d53af-a3b0-4290-af9e-eba45d3b33c1:indexpattern-datasource-layer-5e87b3e1-f055-4931-a720-8a63f4704fc5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f069bf59-be88-46db-ad3b-f1c823386510:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f069bf59-be88-46db-ad3b-f1c823386510:indexpattern-datasource-layer-4ff587ff-f38b-4ef3-8be2-7567e7e41305", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "378c0f46-2a7e-4d96-8f70-46e028943759:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "378c0f46-2a7e-4d96-8f70-46e028943759:indexpattern-datasource-layer-659ce632-aebe-494a-8013-a4fdad0a9313", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "38f5d709-b07e-4d85-ac32-868a03e9a615:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "38f5d709-b07e-4d85-ac32-868a03e9a615:indexpattern-datasource-layer-d43d103e-d5e3-48eb-b9e9-7fc3909060cf", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2acccc15-c5c5-40c4-a54a-8881e3bc8877:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2acccc15-c5c5-40c4-a54a-8881e3bc8877:indexpattern-datasource-layer-277fed86-7a32-4e07-ad5a-fef07f50cf11", + "type": "index-pattern" + }, + { + "id": "carbon_black_cloud-9a5bb310-3a7c-11ed-a8e8-41eb8778c6de", + "name": "0c99f90d-a14f-4998-952e-93d8a89d67db:panel_0c99f90d-a14f-4998-952e-93d8a89d67db", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json deleted file mode 100644 index fcf427f8b59..00000000000 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7.json +++ /dev/null @@ -1,1345 +0,0 @@ -{ - "id": "carbon_black_cloud-a94cd3a0-962a-11ec-864c-3332b2a355f7", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:26:25.990Z", - "version": "WzY4NywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "carbon_black_cloud.endpoint_event.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8", - "title": "[Carbon Black Cloud] Top 10 Event Types", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by OS", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device OS", - "field": "carbon_black_cloud.endpoint_event.device.os", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "bee43023-c427-4176-ba31-2c4831cbc44e", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "bee43023-c427-4176-ba31-2c4831cbc44e", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Actions", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Actions", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "1727b9fb-4ba0-4f78-aa54-0d52db62b624", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "1727b9fb-4ba0-4f78-aa54-0d52db62b624", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Sensor Actions", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sensor Action", - "field": "carbon_black_cloud.endpoint_event.sensor_action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "10a11498-6416-4b72-adc6-78a5d7937428", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "10a11498-6416-4b72-adc6-78a5d7937428", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Endpoint Events by Event Origin", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Origin", - "field": "carbon_black_cloud.endpoint_event.event_origin", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "719006b6-32b2-4ed0-aecd-a1a1f37b471b", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "719006b6-32b2-4ed0-aecd-a1a1f37b471b", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Devices", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Name", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "735f366c-91c5-4f33-961f-4db200acc05c", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "735f366c-91c5-4f33-961f-4db200acc05c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Device External IP", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device External IP", - "field": "carbon_black_cloud.endpoint_event.device.external_ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "14a95a5a-61e8-459c-95bc-d1b11eed9054", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "14a95a5a-61e8-459c-95bc-d1b11eed9054", - "title": "[Carbon Black Cloud] Top 10 Device External IP", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher Name", - "field": "carbon_black_cloud.endpoint_event.process.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "3cc67760-3bba-4282-b91e-db120e8abe4e", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "3cc67760-3bba-4282-b91e-db120e8abe4e", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Child Process Publisher Name", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Child Process Publisher Name", - "field": "carbon_black_cloud.endpoint_event.childproc.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 8 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "9df5251e-52af-4509-b30e-d62f8ef9a3a3", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "9df5251e-52af-4509-b30e-d62f8ef9a3a3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Process Username", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Username", - "field": "carbon_black_cloud.endpoint_event.process.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "04d664de-8814-4314-8f6e-2774b11ab572", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "04d664de-8814-4314-8f6e-2774b11ab572", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Child Process Username", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Child Process Username", - "field": "carbon_black_cloud.endpoint_event.childproc.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 9 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Process Publisher State", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher State", - "field": "carbon_black_cloud.endpoint_event.process.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "f57a7bf6-bc25-433b-8019-6489124907b6", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "f57a7bf6-bc25-433b-8019-6489124907b6", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Child Process Publisher State", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Child Process Publisher State", - "field": "carbon_black_cloud.endpoint_event.childproc.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "c9984aec-8f3f-456a-aa80-b1fc314eb681", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "c9984aec-8f3f-456a-aa80-b1fc314eb681", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Effective reputation of the loaded modules", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Effective Reputation of Loaded Modules", - "field": "carbon_black_cloud.endpoint_event.modload.effective_reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "3232147b-0914-4432-ba42-0c6c03414e4b", - "w": 24, - "x": 24, - "y": 90 - }, - "panelIndex": "3232147b-0914-4432-ba42-0c6c03414e4b", - "title": "[Carbon Black Cloud] Top 10 Effective Reputation of Loaded Modules", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "391470e2-57a0-46c7-86bd-f66c6eb2ed66", - "w": 48, - "x": 0, - "y": 105 - }, - "panelIndex": "391470e2-57a0-46c7-86bd-f66c6eb2ed66", - "panelRefName": "panel_13", - "type": "search", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Endpoint Event", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "f19543f7-04f5-42dd-849b-5f2fd8ca15f8:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7", - "name": "panel_13", - "type": "search" - }, - { - "type": "index-pattern", - "name": "bee43023-c427-4176-ba31-2c4831cbc44e:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1727b9fb-4ba0-4f78-aa54-0d52db62b624:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "10a11498-6416-4b72-adc6-78a5d7937428:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "719006b6-32b2-4ed0-aecd-a1a1f37b471b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "735f366c-91c5-4f33-961f-4db200acc05c:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "14a95a5a-61e8-459c-95bc-d1b11eed9054:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "3cc67760-3bba-4282-b91e-db120e8abe4e:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "9df5251e-52af-4509-b30e-d62f8ef9a3a3:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "04d664de-8814-4314-8f6e-2774b11ab572:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c80e4ab0-c5b5-4916-9025-d006a37aa7ba:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f57a7bf6-bc25-433b-8019-6489124907b6:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c9984aec-8f3f-456a-aa80-b1fc314eb681:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "3232147b-0914-4432-ba42-0c6c03414e4b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json deleted file mode 100644 index c4a99142a69..00000000000 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf.json +++ /dev/null @@ -1,777 +0,0 @@ -{ - "id": "carbon_black_cloud-db61a3d0-9534-11ec-8b9d-35e42c3f7fcf", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:26:25.990Z", - "version": "WzY4OCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": true - }, - "savedVis": { - "title": "Distribution of Asset Vulnerability Summary by OS Type, OS Version", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Type", - "field": "host.os.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Version", - "field": "host.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "604c7824-2086-4750-bd55-42ffffa9fc11", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "604c7824-2086-4750-bd55-42ffffa9fc11", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by OS Type, OS Version", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Distribution of Asset Vulnerability Summary by Sync Status", - "description": "", - "uiState": { - "vis": { - "legendOpen": false - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sync Status", - "field": "carbon_black_cloud.asset_vulnerability_summary.sync.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "bd12665d-43af-45c1-b05e-556ed72556fa", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "bd12665d-43af-45c1-b05e-556ed72556fa", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Sync Status", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Distribution of Asset Vulnerability Summary by Severity", - "description": "", - "uiState": { - "vis": { - "legendOpen": false - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "vulnerability.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "fab676af-f870-4fd6-ac5d-3e17a224aaa8", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "fab676af-f870-4fd6-ac5d-3e17a224aaa8", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Severity", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Top 10 Hosts with Highest Vulnerability Count", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Vulnerability Count", - "field": "carbon_black_cloud.asset_vulnerability_summary.vuln_count" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "e3d4c200-17e9-4303-9073-b9dc8c95a790", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "e3d4c200-17e9-4303-9073-b9dc8c95a790", - "title": "[Carbon Black Cloud] Top 10 Hosts with Highest Vulnerability Count", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "table": null, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Distribution of Asset Vulnerability Summary by Sync Type", - "description": "", - "uiState": { - "vis": { - "legendOpen": false - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sync type", - "field": "carbon_black_cloud.asset_vulnerability_summary.sync.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "624500b9-5f23-4c1c-b84b-83c5f20b72bb", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "624500b9-5f23-4c1c-b84b-83c5f20b72bb", - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Sync Type", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Top 10 Hosts with Highest Risk Score", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Risk Score", - "field": "vulnerability.score.base" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "0ec67461-93e2-49df-bcd9-3407fabd5832", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "0ec67461-93e2-49df-bcd9-3407fabd5832", - "title": "[Carbon Black Cloud] Top 10 Hosts with Highest Risk Score", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Top 10 OS Names", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "row": false, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Names", - "field": "host.os.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "66d4f664-5644-48c9-b179-ddd94e1a3e46", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "66d4f664-5644-48c9-b179-ddd94e1a3e46", - "title": "[Carbon Black Cloud] Top 10 OS Names", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 20, - "i": "6e5579cc-cd91-4f7b-a221-e9bed77aa2b5", - "w": 48, - "x": 0, - "y": 60 - }, - "panelIndex": "6e5579cc-cd91-4f7b-a221-e9bed77aa2b5", - "panelRefName": "panel_7", - "title": "[Carbon Black Cloud] Asset Vulnerability Assessment Essential Details", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Asset Vulnerability Summary by Type", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Type", - "field": "carbon_black_cloud.asset_vulnerability_summary.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "244dc3ee-7810-4f22-b915-bc0a8118fb2a", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "244dc3ee-7810-4f22-b915-bc0a8118fb2a", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Asset Vulnerability Summary", - "version": 1 - }, - "references": [ - { - "id": "carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf", - "name": "panel_7", - "type": "search" - }, - { - "type": "index-pattern", - "name": "604c7824-2086-4750-bd55-42ffffa9fc11:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "bd12665d-43af-45c1-b05e-556ed72556fa:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "fab676af-f870-4fd6-ac5d-3e17a224aaa8:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "e3d4c200-17e9-4303-9073-b9dc8c95a790:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "624500b9-5f23-4c1c-b84b-83c5f20b72bb:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "0ec67461-93e2-49df-bcd9-3407fabd5832:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "66d4f664-5644-48c9-b179-ddd94e1a3e46:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "244dc3ee-7810-4f22-b915-bc0a8118fb2a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json deleted file mode 100644 index 65affa24f81..00000000000 --- a/packages/carbon_black_cloud/kibana/dashboard/carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826.json +++ /dev/null @@ -1,1384 +0,0 @@ -{ - "id": "carbon_black_cloud-e226d530-9554-11ec-96f0-8de26c63c826", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:26:25.990Z", - "version": "WzY4OSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Device Names", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Name", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "8dc3cf12-046a-4901-b213-c29985291e77", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "8dc3cf12-046a-4901-b213-c29985291e77", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device External IP", - "field": "carbon_black_cloud.watchlist_hit.device.external_ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "", - "type": "table", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4", - "title": "[Carbon Black Cloud] Top 10 Device External IPs", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Watchlist Hit Name", - "field": "carbon_black_cloud.watchlist_hit.watchlists.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "[Carbon Black Cloud] Top 10 Watchlist Hit Names", - "type": "table", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "3d454d18-6baa-40de-aa94-4ebfaee9a759", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "3d454d18-6baa-40de-aa94-4ebfaee9a759", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Severity", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "b0289aae-02bb-472e-8a22-07ff9f5d2372", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "b0289aae-02bb-472e-8a22-07ff9f5d2372", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Reputation", - "field": "carbon_black_cloud.watchlist_hit.process.reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "d29f5a98-736d-4f47-877e-b4552d15f889", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "d29f5a98-736d-4f47-877e-b4552d15f889", - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Process Reputation", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Reputation", - "field": "carbon_black_cloud.watchlist_hit.process.parent.reputation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "index": "logs-*", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - }, - "description": "", - "id": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Process Reputation", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - }, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b", - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Parent Process Reputation", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Process Publisher Name", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher Name", - "field": "carbon_black_cloud.watchlist_hit.process.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0", - "title": "[Carbon Black Cloud] Top 10 Process Publisher Names", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher Names", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Publisher Name", - "field": "carbon_black_cloud.watchlist_hit.process.parent.publisher.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "5271fb1f-64a6-461e-b2de-4abc76736af6", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "5271fb1f-64a6-461e-b2de-4abc76736af6", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Process Usernames", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Username", - "field": "carbon_black_cloud.watchlist_hit.process.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "9c2fdcbe-43cb-4070-88ef-03e6e5082636", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "9c2fdcbe-43cb-4070-88ef-03e6e5082636", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Parent Process Usernames", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Username", - "field": "carbon_black_cloud.watchlist_hit.process.parent.username", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - }, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by OS", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS", - "field": "carbon_black_cloud.watchlist_hit.device.os", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "d02cda3a-ceef-4766-b25b-456733be2a66", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "d02cda3a-ceef-4766-b25b-456733be2a66", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 IOC Hits", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IOC Hit", - "field": "carbon_black_cloud.watchlist_hit.ioc.hit", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "5b66a72e-ce08-441c-8705-bb632b896745", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "5b66a72e-ce08-441c-8705-bb632b896745", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Report Names", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Report Name", - "field": "carbon_black_cloud.watchlist_hit.report.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "6bff08c7-8ffb-423e-87de-f7585aa6bc86", - "w": 24, - "x": 0, - "y": 90 - }, - "panelIndex": "6bff08c7-8ffb-423e-87de-f7585aa6bc86", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Carbon Black Cloud] Distribution of Watchlist Hit by Report Tags", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": {}, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Watchlist Hit by Report Tag", - "field": "carbon_black_cloud.watchlist_hit.report.tags", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "437c123b-c447-476e-a28b-f3d965a50968", - "w": 24, - "x": 24, - "y": 90 - }, - "panelIndex": "437c123b-c447-476e-a28b-f3d965a50968", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Process Publisher State", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process Publisher State", - "field": "carbon_black_cloud.watchlist_hit.process.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "33d80097-0089-4b48-8fd9-5dcda9e58e48", - "w": 24, - "x": 0, - "y": 105 - }, - "panelIndex": "33d80097-0089-4b48-8fd9-5dcda9e58e48", - "title": "[Carbon Black Cloud] Top 10 Process Publisher States", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher State", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Parent Process Publisher State", - "field": "carbon_black_cloud.watchlist_hit.process.parent.publisher.state", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.watchlist_hit\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "50a006ac-7108-47e5-adef-876c15fc8b44", - "w": 24, - "x": 24, - "y": 105 - }, - "panelIndex": "50a006ac-7108-47e5-adef-876c15fc8b44", - "title": "[Carbon Black Cloud] Top 10 Parent Process Publisher States", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 31, - "i": "cfec84cb-87af-4b98-b855-17372eee70c8", - "w": 48, - "x": 0, - "y": 120 - }, - "panelIndex": "cfec84cb-87af-4b98-b855-17372eee70c8", - "panelRefName": "panel_11", - "type": "search", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Carbon Black Cloud] Watchlist Hit", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "4f7b5cef-a7e9-44a9-8769-44d5326a8df4:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3d454d18-6baa-40de-aa94-4ebfaee9a759:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0289aae-02bb-472e-8a22-07ff9f5d2372:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d29f5a98-736d-4f47-877e-b4552d15f889:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ae5c96d5-b7d6-45f8-b57b-42cc190f990b:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826", - "name": "panel_11", - "type": "search" - }, - { - "type": "index-pattern", - "name": "8dc3cf12-046a-4901-b213-c29985291e77:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f3ba83bc-4f34-4131-9a0c-bac18ec92ac0:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5271fb1f-64a6-461e-b2de-4abc76736af6:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "9c2fdcbe-43cb-4070-88ef-03e6e5082636:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "bc0503e7-6c6d-4edf-a76e-17a74f7d0957:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d02cda3a-ceef-4766-b25b-456733be2a66:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5b66a72e-ce08-441c-8705-bb632b896745:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "6bff08c7-8ffb-423e-87de-f7585aa6bc86:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "437c123b-c447-476e-a28b-f3d965a50968:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "33d80097-0089-4b48-8fd9-5dcda9e58e48:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "50a006ac-7108-47e5-adef-876c15fc8b44:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" -} \ No newline at end of file diff --git a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7.json b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-4ab86f30-3b10-11ed-a8e8-41eb8778c6de.json similarity index 82% rename from packages/carbon_black_cloud/kibana/search/carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7.json rename to packages/carbon_black_cloud/kibana/search/carbon_black_cloud-4ab86f30-3b10-11ed-a8e8-41eb8778c6de.json index 1a538c0f9c8..bef699c686d 100644 --- a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7.json +++ b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-4ab86f30-3b10-11ed-a8e8-41eb8778c6de.json @@ -18,7 +18,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.endpoint_event\"" + "query": "" } } }, @@ -28,10 +28,10 @@ "desc" ] ], - "title": "[Carbon Black Cloud] Endpoint Events Essential Details" + "title": "Endpoint Events Essential Details [Logs Carbon Black Cloud]" }, "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-6494a7e0-9640-11ec-864c-3332b2a355f7", + "id": "carbon_black_cloud-4ab86f30-3b10-11ed-a8e8-41eb8778c6de", "migrationVersion": { "search": "7.9.3" }, diff --git a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf.json b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-9a5bb310-3a7c-11ed-a8e8-41eb8778c6de.json similarity index 79% rename from packages/carbon_black_cloud/kibana/search/carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf.json rename to packages/carbon_black_cloud/kibana/search/carbon_black_cloud-9a5bb310-3a7c-11ed-a8e8-41eb8778c6de.json index 0554b5e6767..d4670c55641 100644 --- a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf.json +++ b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-9a5bb310-3a7c-11ed-a8e8-41eb8778c6de.json @@ -15,7 +15,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.asset_vulnerability_summary\"" + "query": "" } } }, @@ -25,10 +25,10 @@ "desc" ] ], - "title": "[Carbon Black Cloud] Asset Vulnerability Assessment Essential Details" + "title": "Asset Vulnerability Assessment Essential Details [Logs Carbon Black Cloud]" }, "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-dcc2d650-90a6-11ec-8b9d-35e42c3f7fcf", + "id": "carbon_black_cloud-9a5bb310-3a7c-11ed-a8e8-41eb8778c6de", "migrationVersion": { "search": "7.9.3" }, diff --git a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-b23c6730-3a6e-11ed-a8e8-41eb8778c6de.json similarity index 80% rename from packages/carbon_black_cloud/kibana/search/carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95.json rename to packages/carbon_black_cloud/kibana/search/carbon_black_cloud-b23c6730-3a6e-11ed-a8e8-41eb8778c6de.json index 690c864292a..912042368dd 100644 --- a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95.json +++ b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-b23c6730-3a6e-11ed-a8e8-41eb8778c6de.json @@ -9,14 +9,14 @@ ], "description": "", "grid": {}, - "hideChart": true, + "hideChart": false, "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.alert\"" + "query": "" } } }, @@ -26,10 +26,10 @@ "desc" ] ], - "title": "[Carbon Black Cloud] Alerts Essential Details" + "title": "Alerts Essential Details [Logs Carbon Black Cloud]" }, "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-6e41bd70-8d8d-11ec-ac12-4bc77fa14e95", + "id": "carbon_black_cloud-b23c6730-3a6e-11ed-a8e8-41eb8778c6de", "migrationVersion": { "search": "7.9.3" }, diff --git a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826.json b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-d6f70aa0-3b20-11ed-a8e8-41eb8778c6de.json similarity index 83% rename from packages/carbon_black_cloud/kibana/search/carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826.json rename to packages/carbon_black_cloud/kibana/search/carbon_black_cloud-d6f70aa0-3b20-11ed-a8e8-41eb8778c6de.json index c5c1e127454..027489df8cf 100644 --- a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826.json +++ b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-d6f70aa0-3b20-11ed-a8e8-41eb8778c6de.json @@ -18,7 +18,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "data_stream.dataset: \"carbon_black_cloud.watchlist_hit\"" + "query": "" } } }, @@ -28,10 +28,10 @@ "desc" ] ], - "title": "[Carbon Black Cloud] Watchlist Hit Essential Details" + "title": "Watchlist Hit Essential Details [Logs Carbon Black Cloud]" }, "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-3ea9c2a0-955e-11ec-96f0-8de26c63c826", + "id": "carbon_black_cloud-d6f70aa0-3b20-11ed-a8e8-41eb8778c6de", "migrationVersion": { "search": "7.9.3" }, diff --git a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95.json b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-e16671a0-3a77-11ed-a8e8-41eb8778c6de.json similarity index 79% rename from packages/carbon_black_cloud/kibana/search/carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95.json rename to packages/carbon_black_cloud/kibana/search/carbon_black_cloud-e16671a0-3a77-11ed-a8e8-41eb8778c6de.json index 2d8f2395429..c041334b473 100644 --- a/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95.json +++ b/packages/carbon_black_cloud/kibana/search/carbon_black_cloud-e16671a0-3a77-11ed-a8e8-41eb8778c6de.json @@ -8,14 +8,14 @@ ], "description": "", "grid": {}, - "hideChart": true, + "hideChart": false, "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "data_stream.dataset : \"carbon_black_cloud.audit\"" + "query": "" } } }, @@ -25,10 +25,10 @@ "desc" ] ], - "title": "[Carbon Black Cloud] Audit Essential Details" + "title": "Audit Essential Details [Logs Carbon Black Cloud]" }, "coreMigrationVersion": "7.17.0", - "id": "carbon_black_cloud-4272e690-8d71-11ec-ac12-4bc77fa14e95", + "id": "carbon_black_cloud-e16671a0-3a77-11ed-a8e8-41eb8778c6de", "migrationVersion": { "search": "7.9.3" }, diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index e9d72f03ea0..6beb9c8251b 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.4.1" +version: "1.5.0" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration @@ -23,11 +23,11 @@ icons: policy_templates: - name: carbon_black_cloud title: Carbon Black Cloud - description: Collect Logs from Carbon Black Cloud + description: Collect Logs from Carbon Black Cloud. inputs: - type: httpjson title: Collect Carbon Black Cloud logs via API - description: Collect Carbon Black Cloud logs via API + description: Collect Carbon Black Cloud logs via API. vars: - name: hostname type: text @@ -47,7 +47,7 @@ policy_templates: - name: custom_api_secret_key type: password title: Custom API Secret Key - description: API Secret Key with Custom Access Level type + description: API Secret Key with Custom Access Level type. required: true - name: api_id type: text @@ -57,7 +57,7 @@ policy_templates: - name: api_secret_key type: password title: API Secret Key - description: API Secret Key with API Access Level type + description: API Secret Key with API Access Level type. required: true - name: proxy_url type: text From 9f618585acf23c33869f749b229158d84dfb382f Mon Sep 17 00:00:00 2001 From: kcreddy Date: Sat, 19 Nov 2022 04:11:51 +0530 Subject: [PATCH 076/103] cef upgraded to 8.1.0 as agg failed --- ...-04749697-de8d-49b3-8eca-c873ab2c5ac9.json | 2224 +++++----- ...-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json | 3170 +++++++-------- ...-56428e01-0c47-4770-8ba4-9345a029ea41.json | 2688 ++++++------ ...-607f756e-288d-499a-8f8a-33791354ffaf.json | 2688 ++++++------ ...-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json | 3198 +++++++-------- ...-9e352900-89c3-4c1b-863e-249e24d0dac9.json | 3198 +++++++-------- ...-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json | 2067 +++++----- ...-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json | 2763 ++++++------- ...-db1e1aca-279e-4ecc-b84e-fe58644f7619.json | 2530 ++++++------ ...-dd0bc9af-2e89-4150-9b42-62517ea56b71.json | 3620 +++++++++-------- packages/cef/manifest.yml | 2 +- 11 files changed, 14079 insertions(+), 14069 deletions(-) diff --git a/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json b/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json index ea79ce357b7..b9e44f63c89 100644 --- a/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json +++ b/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json @@ -1,1150 +1,1150 @@ { - "id": "cef-04749697-de8d-49b3-8eca-c873ab2c5ac9", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc0NSwxXQ==", - "attributes": { - "description": "Suspicious network activity overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Addresses": "#E0752D", - "Destination Ports": "#E24D42" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Unique Destinations and Ports by Source [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Addresses" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Addresses" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Destination Ports" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Addresses" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Ports" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "id": "cef-04749697-de8d-49b3-8eca-c873ab2c5ac9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzY5OCwxXQ==", + "attributes": { + "description": "Suspicious network activity overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } + "version": true } - } }, - "gridData": { - "h": 12, - "i": "1", - "w": 48, - "x": 0, - "y": 28 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 5 Sources by Destination Addresses [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Addresses": "#E0752D", + "Destination Ports": "#E24D42" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Unique Destinations and Ports by Source [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + "gridData": { + "h": 12, + "i": "1", + "w": 48, + "x": 0, + "y": 28 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "2", - "w": 16, - "x": 0, - "y": 40 - }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 5 Sources by Destination Ports [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 16, - "x": 16, - "y": 40 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Severity [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "hide_last_value_indicator": true, - "id": "c39a76e5-f613-41a9-8335-c442747791e0", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "0.0[0]a", - "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", - "label": "Event by Severities", - "line_width": 1, - "metrics": [ - { - "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "type": "count" - }, - { - "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", - "sigma": "", - "type": "sum_bucket" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,204,202,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Low\" OR severity:\"0\"" - }, - "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", - "label": "LOW" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Medium\"" - }, - "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", - "label": "MEDIUM" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"High\"" - }, - "id": "e142c55b-6ee5-416a-8bd3-d10398044864", - "label": "HIGH" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Very-High\"" - }, - "id": "4b05b562-c419-4214-b814-d4c242251521", - "label": "VERY HIGH" + "savedVis": { + "title": "Top 5 Sources by Destination Addresses [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "top_n", - "use_kibana_indexes": false + }, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 40 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Source Addresses [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "117fde19-e227-4fcb-8019-e82e6677c340", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" + "savedVis": { + "title": "Top 5 Sources by Destination Ports [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostmessage", - "terms_order_by": null, - "value_template": "{{value}}" }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "0.5", - "formatter": "number", - "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", - "label": "Top Source Addresses", - "line_width": "0", - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "source.ip", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "11", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Source Addresses [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 40 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Severity [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "hide_last_value_indicator": true, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Low\" OR severity:\"0\"" + }, + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Medium\"" + }, + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"High\"" + }, + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Very-High\"" + }, + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "12", - "w": 24, - "x": 0, - "y": 52 - }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Addresses [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 24, - "y": 52 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Ports [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + "gridData": { + "h": 8, + "i": "11", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "14", - "w": 16, - "x": 32, - "y": 40 - }, - "panelIndex": "14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + "gridData": { + "h": 16, + "i": "12", + "w": 24, + "x": 0, + "y": 52 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } - }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "Device Metrics Overview [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Ports [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "gridData": { + "h": 12, + "i": "14", + "w": 16, + "x": 32, + "y": 40 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "16", + "w": 40, + "x": 0, + "y": 4 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 50": "rgb(255,255,204)", + "100 - 200": "rgb(253,141,60)", + "200 - 300": "rgb(227,27,28)", + "300 - 400": "rgb(128,0,38)", + "50 - 100": "rgb(254,217,118)" + } + }, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" } - } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 }, - "gridData": { - "h": 8, - "i": "16", - "w": 40, - "x": 0, - "y": 4 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Network Suspicious Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "panelIndex": "16", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 50": "rgb(255,255,204)", - "100 - 200": "rgb(253,141,60)", - "200 - 300": "rgb(227,27,28)", - "300 - 400": "rgb(128,0,38)", - "50 - 100": "rgb(254,217,118)" - } - }, - "savedVis": { - "title": "Network - Event Throughput [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" - }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } + { + "type": "search", + "name": "2:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "gridData": { - "h": 8, - "i": "17", - "w": 8, - "x": 40, - "y": 4 + { + "type": "search", + "name": "12:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "panelIndex": "17", - "type": "visualization", - "version": "8.0.0" - } + { + "type": "search", + "name": "13:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "16:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + } ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Network Suspicious Activity Dashboard", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "1:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "2:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "3:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "12:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "14:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "16:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json b/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json index 53c77416a12..8da7af6f098 100644 --- a/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json +++ b/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json @@ -1,1644 +1,1646 @@ { - "id": "cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc0NiwxXQ==", - "attributes": { - "description": "Network data overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Application Protocols [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "id": "cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzY5OSwxXQ==", + "attributes": { + "description": "Network data overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.application", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } + "version": true } - } }, - "gridData": { - "h": 8, - "i": "1", - "w": 48, - "x": 0, - "y": 32 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Bandwidth Utilization [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "" - }, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "d27f09dc-b07e-493f-a223-a85033ad6548", - "label": "Inbound", - "line_width": 1, - "metrics": [ - { - "field": "source.bytes", - "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", - "type": "sum" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Application Protocols [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_order_by": "_count" }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", - "label": "Outbound", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "type": "sum" - }, - { - "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", - "script": "params.outbound > 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", - "name": "outbound" + "gridData": { + "h": 8, + "i": "1", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bandwidth Utilization [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ] } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0 - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 8, + "i": "2", + "w": 48, + "x": 0, + "y": 56 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "2", - "w": 48, - "x": 0, - "y": 56 - }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Source [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "0c929603-fc92-4ebc-a963-fe2795417d89", - "label": "Firewall Events" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" - }, - "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", - "label": "Intrusion Detection Events" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", - "label": "VPN" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "split_mode": "filters", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": "0.5", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Device Hosts", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Outcome [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "bar_color": null, - "id": "23db5bf6-f787-474e-86ab-76362432e984", - "value": 0 - } - ], - "drilldown_url": "", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", - "label": "Firewall" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcome [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "event.outcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "split_mode": "filter", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "1", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Event Outcome", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,188,0,0.35)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", - "label": "Success" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", - "label": "Failure" + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false }, - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "2ff1e859-b178-4824-a0f2-69a115932b98", - "label": "Attempt" + "savedVis": { + "title": "Device Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "stacked", - "terms_field": "event.outcome", - "terms_size": "3" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 48 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Device Metrics Overview [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51", + "unknown": "#0A50A1" + } + }, + "savedVis": { + "title": "Destination Ports by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 12, + "i": "11", + "w": 16, + "x": 16, + "y": 20 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Devices by Bandwidth [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 12, + "i": "13", + "w": 16, + "x": 0, + "y": 20 }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51", - "unknown": "#0A50A1" - } - }, - "savedVis": { - "title": "Destination Ports by Outcome [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51" - } - } + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Protocols" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Devices by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocols", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "15", + "w": 16, + "x": 32, + "y": 20 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "11", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Devices by Bandwidth [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source(s)", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device Types [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination(s)", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "17", + "w": 48, + "x": 0, + "y": 40 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Events [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bandwidth (Incoming)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" + "gridData": { + "h": 16, + "i": "18", + "w": 24, + "x": 0, + "y": 64 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bandwidth (Outgoing)", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "13", - "w": 16, - "x": 0, - "y": 20 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Devices by Outcome [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - } - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 6, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": true, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" }, - "type": "heatmap", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 20 Source Countries [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Host Names", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 16, + "i": "19", + "w": 24, + "x": 24, + "y": 64 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "15", - "w": 16, - "x": 32, - "y": 20 - }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Device Types [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": "", - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", - "label": "Firewall" + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(251,158,0,1)", - "fill": 0.5, - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Top Device Types by Mvg Averages", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.extensions.categoryDeviceType", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "17", - "w": 48, - "x": 0, - "y": 40 - }, - "panelIndex": "17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Source Countries by Events [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" + "gridData": { + "h": 8, + "i": "20", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 4, + "i": "21", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "w": 24, + "x": 0, + "y": 80 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "18", - "w": 24, - "x": 0, - "y": 64 - }, - "panelIndex": "18", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 20 Source Countries [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "w": 24, + "x": 24, + "y": 80 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "19", - "w": 24, - "x": 24, - "y": 64 - }, - "panelIndex": "19", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Network - Event Throughput [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" + "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Source Locations by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" + "openTOCDetails": [], + "type": "map" } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} } - } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "gridData": { - "h": 8, - "i": "20", - "w": 8, - "x": 40, - "y": 4 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Network Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", + "type": "index-pattern" }, - "panelIndex": "20", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } + { + "id": "logs-*", + "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 4, - "i": "21", - "w": 48, - "x": 0, - "y": 0 + { + "type": "search", + "name": "1:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "panelIndex": "21", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "7:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "gridData": { - "h": 24, - "i": "49de47fb-1382-4009-89d2-b96a4161e12d", - "w": 24, - "x": 0, - "y": 80 + { + "type": "search", + "name": "11:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", - "type": "map", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Source Locations by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "13:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "gridData": { - "h": 24, - "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "w": 24, - "x": 24, - "y": 80 + { + "type": "search", + "name": "15:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, - "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "type": "map", - "version": "8.0.0" - } + { + "type": "search", + "name": "18:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Network Overview Dashboard", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "search", - "name": "1:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "7:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "11:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "15:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - }, - { - "type": "search", - "name": "18:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "19:search_0", - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json b/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json index 7888256bb31..4f1513e8a4d 100644 --- a/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json +++ b/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json @@ -1,1393 +1,1395 @@ { - "id": "cef-56428e01-0c47-4770-8ba4-9345a029ea41", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc0NywxXQ==", - "attributes": { - "description": "Overview of Microsoft DNS activity via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "DNS - Event Throughput [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "type": "cumulative_sum" - }, - { - "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "gamma": 0.3, - "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} + "id": "cef-56428e01-0c47-4770-8ba4-9345a029ea41", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMCwxXQ==", + "attributes": { + "description": "Overview of Microsoft DNS activity via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true } - } }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "DNS Metrics Overview [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DNS - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "32", - "labelColor": false, - "subText": "" + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "type": "gauge" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threads", - "field": "cef.extensions.deviceCustomString1" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "DNS Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OpCodes", - "field": "cef.extensions.deviceCustomString2" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "3", + "w": 40, + "x": 0, + "y": 4 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Activity Types", - "field": "cef.device.event_class_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "3", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - } - } + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Blues", - "colorsNumber": 10, - "colorsRange": [ - { - "from": 0, - "to": null - } - ], - "enableHover": true, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "type": "heatmap", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"0\"" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" }, - "label": "Inbound" - }, - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"1\"" + "legendOpen": false + }, + "savedVis": { + "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - "label": "Outbound" - } - ] - }, - "schema": "segment", - "type": "filters" + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "5", - "w": 24, - "x": 0, - "y": 32 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Event Types [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 50, - "minFontSize": 12, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 0, + "y": 32 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 48 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Event Types by Size [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "colors": { - "Count": "#64B0C8", - "Total (Bytes)": "#E24D42" - } - } + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Type" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "legendPosition": "right", - "orderBucketsBySum": false, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Event Types [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "data": { - "id": "3", - "label": "Total (Bytes)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": false, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (Bytes)" - }, - "type": "value" - } - ] + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Types by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 32 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total (Bytes)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "7", - "w": 24, - "x": 24, - "y": 32 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events Types by Severity [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", - "label": "Cumulative Bytes", - "line_width": "3", - "metrics": [ - { - "field": "source.bytes", - "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", - "type": "count" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events Types by Severity [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" + }, + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" + }, + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" + }, + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" - }, - "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", - "label": "HIGH" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" - }, - "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", - "label": "MEDIUM" + }, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" - }, - "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", - "label": "LOW" + "savedVis": { + "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none" }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", - "label": "Count by Event Type", - "line_width": 1, - "metrics": [ - { - "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.device.event_class_id", - "terms_size": "20" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "9", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "9", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destinations", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 16, + "i": "11", + "w": 24, + "x": 24, + "y": 56 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 4, + "i": "12", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "11", - "w": 24, - "x": 24, - "y": 56 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } - }, - "gridData": { - "h": 4, - "i": "12", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Sources by Size [Logs CEF ArcSight]", - "description": "", - "uiState": { - "P-11": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-13": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Sources by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } - } - } - }, - "P-2": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-3": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-4": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-5": { - "vis": { - "defaultColors": { - "0 - 18,000": "rgb(247,251,255)", - "108,000 - 126,000": "rgb(74,152,201)", - "126,000 - 144,000": "rgb(46,126,188)", - "144,000 - 162,000": "rgb(23,100,171)", - "162,000 - 180,000": "rgb(8,74,145)", - "18,000 - 36,000": "rgb(227,238,249)", - "36,000 - 54,000": "rgb(208,225,242)", - "54,000 - 72,000": "rgb(182,212,233)", - "72,000 - 90,000": "rgb(148,196,223)", - "90,000 - 108,000": "rgb(107,174,214)" - }, - "legendOpen": false - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sources", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destinations", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 0, + "y": 56 }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 0, - "y": 56 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Direction [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "be556a57-cd1c-496c-8714-0bd210947c85", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "filter": { - "language": "lucene", - "query": "device" - }, - "formatter": "number", - "id": "9aae7344-9de9-4378-b21d-296cb964f93b", - "label": "Inbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", - "label": "Inbound Requests" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Direction [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "split_mode": "filters", - "stacked": "none" }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "formatter": "number", - "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", - "label": "Outbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "type": "count" - }, - { - "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", - "script": "params.outbound > 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", - "name": "outbound" + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Size [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(211,49,21,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", - "label": "Outbound Requests" } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 12, - "i": "14", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Size [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "6e634117-6b30-411c-b74c-75510befe42f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "formatter": "bytes", - "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", - "label": "Inbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", - "type": "sum" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "w": 24, + "x": 0, + "y": 72 }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "formatter": "bytes", - "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", - "label": "Outbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "type": "sum" + "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Sources by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" }, - { - "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", - "script": "params.outbound_bytes >= 0 ? params.outbound_bytes * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", - "name": "outbound_bytes" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "w": 24, + "x": 24, + "y": 72 + }, + "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destinations by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" + } } - } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "gridData": { - "h": 12, - "i": "15", - "w": 24, - "x": 24, - "y": 20 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Microsoft DNS Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", + "type": "index-pattern" }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Sources by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "id": "logs-*", + "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 12, - "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "w": 24, - "x": 0, - "y": 72 + { + "type": "search", + "name": "3:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, - "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "type": "map", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destinations by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "5:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, - "gridData": { - "h": 12, - "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "w": 24, - "x": 24, - "y": 72 + { + "type": "search", + "name": "6:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, - "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "type": "map", - "version": "8.0.0" - } + { + "type": "search", + "name": "7:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Microsoft DNS Overview", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "search", - "name": "3:search_0", - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" - }, - { - "type": "search", - "name": "5:search_0", - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" - }, - { - "type": "search", - "name": "6:search_0", - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" - }, - { - "type": "search", - "name": "7:search_0", - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" - }, - { - "type": "search", - "name": "11:search_0", - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json b/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json index 8ac247b7848..272ccf4cbc1 100644 --- a/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json +++ b/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json @@ -1,1393 +1,1395 @@ { - "id": "cef-607f756e-288d-499a-8f8a-33791354ffaf", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc0OCwxXQ==", - "attributes": { - "description": "Overview of Microsoft DNS activity", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "DNS - Event Throughput [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "type": "cumulative_sum" - }, - { - "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "gamma": 0.3, - "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} + "id": "cef-607f756e-288d-499a-8f8a-33791354ffaf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMSwxXQ==", + "attributes": { + "description": "Overview of Microsoft DNS activity", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" + }, + "version": true } - } }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "DNS Metrics Overview [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DNS - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "32", - "labelColor": false, - "subText": "" + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "type": "gauge" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threads", - "field": "cef.extensions.deviceCustomString1" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "DNS Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OpCodes", - "field": "cef.extensions.deviceCustomString2" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "3", + "w": 40, + "x": 0, + "y": 4 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Activity Types", - "field": "cef.device.event_class_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "3", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Top Destinations by Traffic Size [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - } - } + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Blues", - "colorsNumber": 10, - "colorsRange": [ - { - "from": 0, - "to": null - } - ], - "enableHover": true, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "type": "heatmap", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"0\"" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" }, - "label": "Inbound" - }, - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"1\"" + "legendOpen": false + }, + "savedVis": { + "title": "Top Destinations by Traffic Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - "label": "Outbound" - } - ] - }, - "schema": "segment", - "type": "filters" + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "5", - "w": 24, - "x": 0, - "y": 32 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Event Types [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 50, - "minFontSize": 12, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "gridData": { + "h": 16, + "i": "5", + "w": 24, + "x": 0, + "y": 32 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 48 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Event Types by Size [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "colors": { - "Count": "#64B0C8", - "Total (Bytes)": "#E24D42" - } - } + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Type" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "legendPosition": "right", - "orderBucketsBySum": false, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Event Types [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "data": { - "id": "3", - "label": "Total (Bytes)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": false, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 48 }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (Bytes)" - }, - "type": "value" - } - ] + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Types by Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 32 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total (Bytes)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "7", - "w": 24, - "x": 24, - "y": 32 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events Types by Severity [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", - "label": "Cumulative Bytes", - "line_width": "3", - "metrics": [ - { - "field": "source.bytes", - "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", - "type": "count" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events Types by Severity [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" + }, + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" + }, + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" + }, + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" - }, - "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", - "label": "HIGH" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" - }, - "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", - "label": "MEDIUM" + }, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" - }, - "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", - "label": "LOW" + "savedVis": { + "title": "Top 10 Destinations by Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none" }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", - "label": "Count by Event Type", - "line_width": 1, - "metrics": [ - { - "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.device.event_class_id", - "terms_size": "20" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "9", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "9", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Destinations by Size [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destinations", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 16, + "i": "11", + "w": 24, + "x": 24, + "y": 56 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 4, + "i": "12", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "11", - "w": 24, - "x": 24, - "y": 56 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } - }, - "gridData": { - "h": 4, - "i": "12", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Sources by Size [Logs CEF]", - "description": "", - "uiState": { - "P-11": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-13": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Sources by Size [Logs CEF]", + "description": "", + "uiState": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } - } - } - }, - "P-2": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-3": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-4": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-5": { - "vis": { - "defaultColors": { - "0 - 18,000": "rgb(247,251,255)", - "108,000 - 126,000": "rgb(74,152,201)", - "126,000 - 144,000": "rgb(46,126,188)", - "144,000 - 162,000": "rgb(23,100,171)", - "162,000 - 180,000": "rgb(8,74,145)", - "18,000 - 36,000": "rgb(227,238,249)", - "36,000 - 54,000": "rgb(208,225,242)", - "54,000 - 72,000": "rgb(182,212,233)", - "72,000 - 90,000": "rgb(148,196,223)", - "90,000 - 108,000": "rgb(107,174,214)" - }, - "legendOpen": false - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sources", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destinations", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 0, + "y": 56 }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 0, - "y": 56 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Direction [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "be556a57-cd1c-496c-8714-0bd210947c85", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "filter": { - "language": "lucene", - "query": "device" - }, - "formatter": "number", - "id": "9aae7344-9de9-4378-b21d-296cb964f93b", - "label": "Inbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", - "label": "Inbound Requests" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Direction [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "split_mode": "filters", - "stacked": "none" }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "formatter": "number", - "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", - "label": "Outbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "type": "count" - }, - { - "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", - "script": "params.outbound > 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", - "name": "outbound" + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Size [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(211,49,21,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", - "label": "Outbound Requests" } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 12, - "i": "14", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Size [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "6e634117-6b30-411c-b74c-75510befe42f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "formatter": "bytes", - "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", - "label": "Inbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", - "type": "sum" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "w": 24, + "x": 0, + "y": 72 }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "formatter": "bytes", - "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", - "label": "Outbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "type": "sum" + "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Sources by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" }, - { - "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", - "script": "params.outbound_bytes >= 0 ? params.outbound_bytes * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", - "name": "outbound_bytes" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "w": 24, + "x": 24, + "y": 72 + }, + "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destinations by Events [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" + } } - } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "gridData": { - "h": 12, - "i": "15", - "w": 24, - "x": 24, - "y": 20 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Microsoft DNS Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", + "type": "index-pattern" }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Sources by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "id": "logs-*", + "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 12, - "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "w": 24, - "x": 0, - "y": 72 + { + "type": "search", + "name": "3:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, - "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "type": "map", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destinations by Events [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "5:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, - "gridData": { - "h": 12, - "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "w": 24, - "x": 24, - "y": 72 + { + "type": "search", + "name": "6:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, - "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "type": "map", - "version": "8.0.0" - } + { + "type": "search", + "name": "7:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Microsoft DNS Overview", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "search", - "name": "3:search_0", - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" - }, - { - "type": "search", - "name": "5:search_0", - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" - }, - { - "type": "search", - "name": "6:search_0", - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" - }, - { - "type": "search", - "name": "7:search_0", - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" - }, - { - "type": "search", - "name": "11:search_0", - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json b/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json index 05fc740159a..9d844b71a62 100644 --- a/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json +++ b/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json @@ -1,1659 +1,1659 @@ { - "id": "cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc0OSwxXQ==", - "attributes": { - "description": "Operating system activity from endpoints", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Count": "#64B0C8", - "Destination User Names": "#E24D42", - "Event Types": "#EF843C" - }, - "legendOpen": true - }, - "savedVis": { - "title": "Source Users by Event Type and Destination Users [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Users" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" + "id": "cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMiwxXQ==", + "attributes": { + "description": "Operating system activity from endpoints", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "data": { - "id": "3", - "label": "Event Types" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Count": "#64B0C8", + "Destination User Names": "#E24D42", + "Event Types": "#EF843C" + }, + "legendOpen": true + }, + "savedVis": { + "title": "Source Users by Event Type and Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "event.action" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "data": { - "id": "4", - "label": "Destination User Names" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 28 }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint OS Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "event.action" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "event.outcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Types", - "field": "event.action" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "4", + "w": 40, + "x": 0, + "y": 4 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination User Names", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 28 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "Endpoint OS Metrics Overview [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 55k": "rgb(255,255,204)", + "110k - 165k": "rgb(254,225,135)", + "165k - 220k": "rgb(254,201,101)", + "220k - 275k": "rgb(254,171,73)", + "275k - 330k": "rgb(253,141,60)", + "330k - 385k": "rgb(252,91,46)", + "385k - 440k": "rgb(237,47,34)", + "440k - 495k": "rgb(212,16,32)", + "495k - 550k": "rgb(176,0,38)", + "55k - 110k": "rgb(255,241,170)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Behaviors by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "20", - "labelColor": false, - "subText": "" + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 28 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcomes [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "event.outcome", + "terms_size": "3" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Event Types", - "field": "event.action" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "7", + "w": 48, + "x": 0, + "y": 20 }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Outcomes", - "field": "event.outcome" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "4", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "4", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 55k": "rgb(255,255,204)", - "110k - 165k": "rgb(254,225,135)", - "165k - 220k": "rgb(254,201,101)", - "220k - 275k": "rgb(254,171,73)", - "275k - 330k": "rgb(253,141,60)", - "330k - 385k": "rgb(252,91,46)", - "385k - 440k": "rgb(237,47,34)", - "440k - 495k": "rgb(212,16,32)", - "495k - 550k": "rgb(176,0,38)", - "55k - 110k": "rgb(255,241,170)" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" }, - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Behaviors by Outcome [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 9,000": "rgb(255,255,204)", - "18,000 - 27,000": "rgb(254,225,135)", - "27,000 - 36,000": "rgb(254,201,101)", - "36,000 - 45,000": "rgb(254,171,73)", - "45,000 - 54,000": "rgb(253,141,60)", - "54,000 - 63,000": "rgb(252,91,46)", - "63,000 - 72,000": "rgb(237,47,34)", - "72,000 - 81,000": "rgb(212,16,32)", - "81,000 - 90,000": "rgb(176,0,38)", - "9,000 - 18,000": "rgb(255,241,170)" - } - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "type": "heatmap", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#7EB26D", + "unknown": "#447EBC" + } + }, + "savedVis": { + "title": "Top 20 Behaviors by Outcome [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 24, + "y": 52 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "5", - "w": 24, - "x": 24, - "y": 28 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Outcomes [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "formatter": "number", - "hide_in_legend": 0, - "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", - "label": "Event Outcomes", - "line_width": "3", - "metrics": [ - { - "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", - "label": "Failure" - }, - { - "color": "rgba(104,188,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "31564794-9278-4f2e-bb20-557f5cfbea79", - "label": "Success" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "color": "rgba(251,158,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", - "label": "Attempt" + "savedVis": { + "title": "Top 15 Event Types by Events [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none", - "terms_field": "event.outcome", - "terms_size": "3" }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,182,204,1)", - "fill": 0.5, - "formatter": "number", - "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", - "label": "Event Count", - "line_width": 1, - "metrics": [ - { - "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#E24D42", - "success": "#7EB26D", - "unknown": "#447EBC" - } - }, - "savedVis": { - "title": "Top 20 Behaviors by Outcome [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "gridData": { + "h": 24, + "i": "9", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Vendors by Product [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Behavior", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 24, + "y": 40 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "8", - "w": 24, - "x": 24, - "y": 52 - }, - "panelIndex": "8", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 15 Event Types by Events [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "perPage": 15, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Types", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 4, + "i": "11", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint - Average EPS [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "12", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 24, - "i": "9", - "w": 24, - "x": 0, - "y": 40 - }, - "panelIndex": "9", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Vendors by Product [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Users": "#E24D42", + "Event Count": "#64B0C8" + } + }, + "savedVis": { + "title": "Events by Source and Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Vendor", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 8, + "i": "13", + "w": 48, + "x": 0, + "y": 12 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Product", - "field": "cef.device.product", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "10", - "w": 24, - "x": 24, - "y": 40 - }, - "panelIndex": "10", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } - }, - "gridData": { - "h": 4, - "i": "11", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Endpoint - Average EPS [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "type": "cumulative_sum" - }, - { - "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "gamma": 0.3, - "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" + "savedVis": { + "title": "Top 10 Sources by Destinations [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "offset_time": "1m", - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "12", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Users": "#E24D42", - "Event Count": "#64B0C8" - } - }, - "savedVis": { - "title": "Events by Source and Destination Users [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Timestamp" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Event Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" }, - { - "data": { - "id": "3", - "label": "Source Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" + "gridData": { + "h": 20, + "i": "14", + "w": 16, + "x": 32, + "y": 64 }, - { - "data": { - "id": "4", - "label": "Destination Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Count" - }, - "type": "value" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Source Users by Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 24, + "i": "15", + "w": 16, + "x": 32, + "y": 84 }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destinations [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 12, + "i": "16", + "w": 32, + "x": 0, + "y": 80 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "13", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Sources by Destinations [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "gridData": { + "h": 8, + "i": "17", + "w": 32, + "x": 0, + "y": 100 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Sources [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Host", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 16, + "i": "18", + "w": 32, + "x": 0, + "y": 64 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Host", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 20, - "i": "14", - "w": 16, - "x": 32, - "y": 64 - }, - "panelIndex": "14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Source Users by Destination Users [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 8, + "i": "19", + "w": 32, + "x": 0, + "y": 92 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" } - } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 }, - "gridData": { - "h": 24, - "i": "15", - "w": 16, - "x": 32, - "y": 84 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Endpoint Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "3:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destinations [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "4:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "gridData": { - "h": 12, - "i": "16", - "w": 32, - "x": 0, - "y": 80 + { + "type": "search", + "name": "5:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "panelIndex": "16", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Users [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "8:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "gridData": { - "h": 8, - "i": "17", - "w": 32, - "x": 0, - "y": 100 + { + "type": "search", + "name": "9:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "panelIndex": "17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Sources [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "10:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "gridData": { - "h": 16, - "i": "18", - "w": 32, - "x": 0, - "y": 64 + { + "type": "search", + "name": "13:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "panelIndex": "18", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Source Users [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "14:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "gridData": { - "h": 8, - "i": "19", - "w": 32, - "x": 0, - "y": 92 + { + "type": "search", + "name": "16:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, - "panelIndex": "19", - "type": "visualization", - "version": "8.0.0" - } + { + "type": "search", + "name": "17:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + } ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Endpoint Activity Dashboard", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "3:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "4:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "5:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "8:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "9:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "10:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "14:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "15:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "16:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "17:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - }, - { - "type": "search", - "name": "18:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "19:search_0", - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json b/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json index f4c6290c0f3..e008417f5f7 100644 --- a/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json +++ b/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json @@ -1,1659 +1,1659 @@ { - "id": "cef-9e352900-89c3-4c1b-863e-249e24d0dac9", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc1MCwxXQ==", - "attributes": { - "description": "Operating system activity from endpoints via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Count": "#64B0C8", - "Destination User Names": "#E24D42", - "Event Types": "#EF843C" - }, - "legendOpen": true - }, - "savedVis": { - "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Users" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" + "id": "cef-9e352900-89c3-4c1b-863e-249e24d0dac9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMywxXQ==", + "attributes": { + "description": "Operating system activity from endpoints via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "data": { - "id": "3", - "label": "Event Types" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Count": "#64B0C8", + "Destination User Names": "#E24D42", + "Event Types": "#EF843C" + }, + "legendOpen": true + }, + "savedVis": { + "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "data": { - "id": "4", - "label": "Destination User Names" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 28 }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "cef.extensions.categoryOutcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "4", + "w": 40, + "x": 0, + "y": 4 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination User Names", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 28 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 55k": "rgb(255,255,204)", + "110k - 165k": "rgb(254,225,135)", + "165k - 220k": "rgb(254,201,101)", + "220k - 275k": "rgb(254,171,73)", + "275k - 330k": "rgb(253,141,60)", + "330k - 385k": "rgb(252,91,46)", + "385k - 440k": "rgb(237,47,34)", + "440k - 495k": "rgb(212,16,32)", + "495k - 550k": "rgb(176,0,38)", + "55k - 110k": "rgb(255,241,170)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "20", - "labelColor": false, - "subText": "" + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 28 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcomes [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "7", + "w": 48, + "x": 0, + "y": 20 }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Outcomes", - "field": "cef.extensions.categoryOutcome" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "4", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "4", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 55k": "rgb(255,255,204)", - "110k - 165k": "rgb(254,225,135)", - "165k - 220k": "rgb(254,201,101)", - "220k - 275k": "rgb(254,171,73)", - "275k - 330k": "rgb(253,141,60)", - "330k - 385k": "rgb(252,91,46)", - "385k - 440k": "rgb(237,47,34)", - "440k - 495k": "rgb(212,16,32)", - "495k - 550k": "rgb(176,0,38)", - "55k - 110k": "rgb(255,241,170)" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" }, - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 9,000": "rgb(255,255,204)", - "18,000 - 27,000": "rgb(254,225,135)", - "27,000 - 36,000": "rgb(254,201,101)", - "36,000 - 45,000": "rgb(254,171,73)", - "45,000 - 54,000": "rgb(253,141,60)", - "54,000 - 63,000": "rgb(252,91,46)", - "63,000 - 72,000": "rgb(237,47,34)", - "72,000 - 81,000": "rgb(212,16,32)", - "81,000 - 90,000": "rgb(176,0,38)", - "9,000 - 18,000": "rgb(255,241,170)" - } - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "type": "heatmap", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#447EBC", + "/Failure": "#E24D42", + "/Success": "#7EB26D" + } + }, + "savedVis": { + "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 24, + "y": 52 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "5", - "w": 24, - "x": 24, - "y": 28 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Outcomes [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" - }, - "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "formatter": "number", - "hide_in_legend": 0, - "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", - "label": "Event Outcomes", - "line_width": "3", - "metrics": [ - { - "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", - "label": "Failure" - }, - { - "color": "rgba(104,188,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "31564794-9278-4f2e-bb20-557f5cfbea79", - "label": "Success" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "color": "rgba(251,158,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", - "label": "Attempt" + "savedVis": { + "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none", - "terms_field": "cef.extensions.categoryOutcome", - "terms_size": "3" }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,182,204,1)", - "fill": 0.5, - "formatter": "number", - "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", - "label": "Event Count", - "line_width": 1, - "metrics": [ - { - "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#447EBC", - "/Failure": "#E24D42", - "/Success": "#7EB26D" - } - }, - "savedVis": { - "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "gridData": { + "h": 24, + "i": "9", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Behavior", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "10", + "w": 24, + "x": 24, + "y": 40 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "8", - "w": 24, - "x": 24, - "y": 52 - }, - "panelIndex": "8", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "perPage": 15, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 4, + "i": "11", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "12", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 24, - "i": "9", - "w": 24, - "x": 0, - "y": 40 - }, - "panelIndex": "9", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Users": "#E24D42", + "Event Count": "#64B0C8" + } + }, + "savedVis": { + "title": "Events by Source and Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Vendor", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 8, + "i": "13", + "w": 48, + "x": 0, + "y": 12 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Product", - "field": "cef.device.product", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "10", - "w": 24, - "x": 24, - "y": 40 - }, - "panelIndex": "10", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } - }, - "gridData": { - "h": 4, - "i": "11", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "type": "cumulative_sum" - }, - { - "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "gamma": 0.3, - "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" + "savedVis": { + "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "offset_time": "1m", - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "12", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Users": "#E24D42", - "Event Count": "#64B0C8" - } - }, - "savedVis": { - "title": "Events by Source and Destination Users [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Timestamp" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Event Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" }, - { - "data": { - "id": "3", - "label": "Source Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" + "gridData": { + "h": 20, + "i": "14", + "w": 16, + "x": 32, + "y": 64 }, - { - "data": { - "id": "4", - "label": "Destination Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Count" - }, - "type": "value" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 24, + "i": "15", + "w": 16, + "x": 32, + "y": 84 }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destinations [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 12, + "i": "16", + "w": 32, + "x": 0, + "y": 80 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "13", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "gridData": { + "h": 8, + "i": "17", + "w": 32, + "x": 0, + "y": 100 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Sources [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Host", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 16, + "i": "18", + "w": 32, + "x": 0, + "y": 64 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Host", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 20, - "i": "14", - "w": 16, - "x": 32, - "y": 64 - }, - "panelIndex": "14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 8, + "i": "19", + "w": 32, + "x": 0, + "y": 92 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" } - } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 }, - "gridData": { - "h": 24, - "i": "15", - "w": 16, - "x": 32, - "y": 84 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Endpoint OS Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "3:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destinations [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "4:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "gridData": { - "h": 12, - "i": "16", - "w": 32, - "x": 0, - "y": 80 + { + "type": "search", + "name": "5:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "panelIndex": "16", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Users [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "8:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "gridData": { - "h": 8, - "i": "17", - "w": 32, - "x": 0, - "y": 100 + { + "type": "search", + "name": "9:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "panelIndex": "17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Sources [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "10:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "gridData": { - "h": 16, - "i": "18", - "w": 32, - "x": 0, - "y": 64 + { + "type": "search", + "name": "13:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "panelIndex": "18", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Source Users [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } + { + "type": "search", + "name": "14:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "gridData": { - "h": 8, - "i": "19", - "w": 32, - "x": 0, - "y": 92 + { + "type": "search", + "name": "16:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, - "panelIndex": "19", - "type": "visualization", - "version": "8.0.0" - } + { + "type": "search", + "name": "17:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + } ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Endpoint OS Activity Dashboard", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "3:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "4:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "5:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "8:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "9:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "10:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "14:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "15:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "16:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "17:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - }, - { - "type": "search", - "name": "18:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "19:search_0", - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json b/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json index 8e1dd799188..ac0f8bd7fee 100644 --- a/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json +++ b/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json @@ -1,1073 +1,1074 @@ { - "id": "cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc1MSwxXQ==", - "attributes": { - "description": "Summary of endpoint event data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Endpoint Average EPS [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "type": "cumulative_sum" - }, - { - "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "id": "215c5225-5368-40e6-8fcd-2b0026babba0", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "215c5225-5368-40e6-8fcd-2b0026babba0", - "gamma": 0.3, - "id": "f4dfe09a-e397-4287-ab99-3206516cded3", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51", - "unknown": "#0A50A1" - } - }, - "savedVis": { - "title": "Destination Ports by Outcomes [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "destination.port: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "id": "cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNCwxXQ==", + "attributes": { + "description": "Summary of endpoint event data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } + "version": true } - } }, - "gridData": { - "h": 12, - "i": "2", - "w": 24, - "x": 24, - "y": 20 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51", - "unknown": "#0A50A1" - } - }, - "savedVis": { - "title": "Outcomes Breakdown [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "colors": { - "failure": "#BF1B00", - "unknown": "#3F2B5B" - }, - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Time" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "type": "area", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint Average EPS [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Time", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Device [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(254,37,37,1)", - "fill": "0", - "formatter": "number", - "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "gamma": 0.3, - "id": "59675e84-1a8e-41df-9f63-875109bd795a", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " - }, - "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", - "label": "Operating System" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" - }, - "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", - "label": "Host IDS" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51", + "unknown": "#0A50A1" + } }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", - "label": "Application" + "savedVis": { + "title": "Destination Ports by Outcomes [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none" }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", - "label": "Moving Average by Device HostNames", - "line_width": 1, - "metrics": [ - { - "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "type": "count" + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51", + "unknown": "#0A50A1" + } }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "gamma": 0.3, - "id": "9765367a-0fc2-45ba-88a8-e87991210edd", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" + "savedVis": { + "title": "Outcomes Breakdown [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "unknown": "#3F2B5B" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Port [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "6", - "w": 24, - "x": 24, - "y": 32 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "Endpoint Metrics Overview [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 20 }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " + }, + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" + }, + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Port [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 32 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Port", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "columns": [ - "cef.extensions.categoryDeviceGroup", - "cef.extensions.categoryTechnique", - "event.outcome", - "event.category", - "event.type", - "cef.extensions.categoryObject", - "event.action", - "cef.extensions.categoryDeviceType" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] - }, - "gridData": { - "h": 20, - "i": "9", - "w": 48, - "x": 0, - "y": 72 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "search", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Source Countries [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "event.outcome", + "event.category", + "event.type", + "cef.extensions.categoryObject", + "event.action", + "cef.extensions.categoryDeviceType" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "10", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Source Countries by Event [Logs CEF]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "gridData": { + "h": 20, + "i": "9", + "w": 48, + "x": 0, + "y": 72 + }, + "panelIndex": "9", + "panelRefName": "panel_9", + "type": "search", + "version": "8.0.0" }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Source Countries [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Event [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 35 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 20, + "i": "12", + "w": 24, + "x": 0, + "y": 32 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 20, + "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "w": 48, + "x": 0, + "y": 52 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Event [Logs CEF]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -180 + }, + "mapCenter": { + "lat": 20.86831, + "lon": -12.2843, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - ], - "searchSource": { - "filter": [] - } } - } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "gridData": { - "h": 20, - "i": "12", - "w": 24, - "x": 0, - "y": 32 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF] Endpoint Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", + "name": "9:panel_9", + "type": "search" }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } + { + "id": "logs-*", + "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 + { + "type": "search", + "name": "2:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Event [Logs CEF]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -180 - }, - "mapCenter": { - "lat": 20.86831, - "lon": -12.2843, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "3:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, - "gridData": { - "h": 20, - "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "w": 48, - "x": 0, - "y": 52 + { + "type": "search", + "name": "6:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, - "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "type": "map", - "version": "8.0.0" - } + { + "type": "search", + "name": "7:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF] Endpoint Overview Dashboard", - "version": 1 - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "9:panel_9", - "type": "search" - }, - { - "id": "logs-*", - "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "search", - "name": "2:search_0", - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" - }, - { - "type": "search", - "name": "3:search_0", - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" - }, - { - "type": "search", - "name": "6:search_0", - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" - }, - { - "type": "search", - "name": "7:search_0", - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" - }, - { - "type": "search", - "name": "10:search_0", - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "12:search_0", - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json b/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json index a1c46341d5a..770e63ca13e 100644 --- a/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json +++ b/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json @@ -1,1431 +1,1432 @@ { - "id": "cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc1MiwxXQ==", - "attributes": { - "description": "Summary of ArcSight endpoint event data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Endpoint Average EPS [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "type": "cumulative_sum" - }, - { - "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "id": "215c5225-5368-40e6-8fcd-2b0026babba0", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "215c5225-5368-40e6-8fcd-2b0026babba0", - "gamma": 0.3, - "id": "f4dfe09a-e397-4287-ab99-3206516cded3", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "1", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - }, - "savedVis": { - "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "destination.port: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "id": "cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNSwxXQ==", + "attributes": { + "description": "Summary of ArcSight endpoint event data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } + "version": true } - } }, - "gridData": { - "h": 12, - "i": "2", - "w": 24, - "x": 24, - "y": 32 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - }, - "savedVis": { - "title": "Outcomes Breakdown [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "colors": { - "/Attempt": "#3F2B5B", - "/Failure": "#BF1B00" - }, - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Time" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "type": "area", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Endpoint Average EPS [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Time", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 8, + "i": "1", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 24, - "x": 0, - "y": 32 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Device [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(254,37,37,1)", - "fill": "0", - "formatter": "number", - "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "gamma": 0.3, - "id": "59675e84-1a8e-41df-9f63-875109bd795a", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " - }, - "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", - "label": "Operating System" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" - }, - "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", - "label": "Host IDS" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", - "label": "Application" + "savedVis": { + "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none" }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", - "label": "Moving Average by Device HostNames", - "line_width": 1, - "metrics": [ - { - "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "type": "count" + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "gamma": 0.3, - "id": "9765367a-0fc2-45ba-88a8-e87991210edd", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" + "savedVis": { + "title": "Outcomes Breakdown [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Attempt": "#3F2B5B", + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Port [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "6", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true + "gridData": { + "h": 12, + "i": "3", + "w": 24, + "x": 0, + "y": 32 }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " + }, + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" + }, + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Port [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 12, + "i": "6", + "w": 24, + "x": 24, + "y": 44 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Port", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - }, - "savedVis": { - "title": "Outcomes by Device Type [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "colors": { - "/Failure": "#BF1B00" + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 }, - "legendOpen": true - } + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "cef.extensions.categoryDeviceType: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Outcomes by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "cef.extensions.categoryDeviceType: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "8", + "w": 24, + "x": 0, + "y": 44 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "8", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "8", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "columns": [ - "cef.extensions.categoryDeviceGroup", - "cef.extensions.categoryTechnique", - "cef.extensions.categoryOutcome", - "cef.extensions.categorySignificance", - "cef.extensions.categoryObject", - "cef.extensions.categoryBehavior", - "cef.extensions.categoryDeviceType" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] - }, - "gridData": { - "h": 20, - "i": "9", - "w": 48, - "x": 0, - "y": 76 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "search", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 5 Source Countries [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "columns": [ + "cef.extensions.categoryDeviceGroup", + "cef.extensions.categoryTechnique", + "cef.extensions.categoryOutcome", + "cef.extensions.categorySignificance", + "cef.extensions.categoryObject", + "cef.extensions.categoryBehavior", + "cef.extensions.categoryDeviceType" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 24, - "y": 56 - }, - "panelIndex": "10", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Anti-Virus": "#EAB839", - "Database": "#629E51", - "Host-based IDS/IPS": "#E0752D", - "Operating System": "#BF1B00", - "Security Mangement": "#64B0C8" - } - }, - "savedVis": { - "title": "Device Types by Vendor [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "gridData": { + "h": 20, + "i": "9", + "w": 48, + "x": 0, + "y": 76 + }, + "panelIndex": "9", + "panelRefName": "panel_9", + "type": "search", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 5 Source Countries [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "Network-based IDS/IPS", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 56 }, - { - "enabled": true, - "id": "3", - "params": { - "exclude": "", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "11", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 35 - }, - "schema": "bucket", - "type": "terms" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Operating System": "#BF1B00", + "Security Mangement": "#64B0C8" + } + }, + "savedVis": { + "title": "Device Types by Vendor [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "exclude": "", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 12, + "i": "11", + "w": 24, + "x": 0, + "y": 20 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 20, - "i": "12", - "w": 24, - "x": 0, - "y": 56 - }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Informational": "#7EB26D", - "/Informational/Warning": "#EF843C", - "/Success": "#629E51", - "Anti-Virus": "#EAB839", - "Database": "#629E51", - "Host-based IDS/IPS": "#E0752D", - "Log Consolidator": "#E0F9D7", - "Operating System": "#BF1B00", - "Recon": "#BF1B00", - "Security Mangement": "#64B0C8" - } - }, - "savedVis": { - "title": "Outcomes by User Names [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "colors": { - "/Informational": "#7EB26D", - "/Informational/Warning": "#EF843C", - "/Success": "#64B0C8", - "Anti-Virus": "#B7DBAB", - "Host-based IDS/IPS": "#629E51", - "Log Consolidator": "#E0F9D7", - "Operating System": "#3F6833", - "Recon": "#BF1B00", - "Security Mangement": "#CFFAFF" + "gridData": { + "h": 20, + "i": "12", + "w": 24, + "x": 0, + "y": 56 }, - "legendOpen": true - } + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#629E51", + "Anti-Virus": "#EAB839", + "Database": "#629E51", + "Host-based IDS/IPS": "#E0752D", + "Log Consolidator": "#E0F9D7", + "Operating System": "#BF1B00", + "Recon": "#BF1B00", + "Security Mangement": "#64B0C8" + } + }, + "savedVis": { + "title": "Outcomes by User Names [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#64B0C8", + "Anti-Virus": "#B7DBAB", + "Host-based IDS/IPS": "#629E51", + "Log Consolidator": "#E0F9D7", + "Operating System": "#3F6833", + "Recon": "#BF1B00", + "Security Mangement": "#CFFAFF" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "14", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "Network-based IDS/IPS", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "w": 24, + "x": 24, + "y": 64 }, - { - "enabled": true, - "id": "6", - "params": { - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Event [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - ], - "searchSource": { - "filter": [] - } } - } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "gridData": { - "h": 12, - "i": "14", - "w": 24, - "x": 24, - "y": 20 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Endpoint Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "9:panel_9", + "type": "search" }, - "panelIndex": "14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } + { + "id": "logs-*", + "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 + { + "type": "search", + "name": "7:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Event [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "8:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, - "gridData": { - "h": 12, - "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "w": 24, - "x": 24, - "y": 64 + { + "type": "search", + "name": "10:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, - "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "type": "map", - "version": "8.0.0" - } + { + "type": "search", + "name": "11:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Endpoint Overview Dashboard", - "version": 1 - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "9:panel_9", - "type": "search" - }, - { - "id": "logs-*", - "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "search", - "name": "2:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - }, - { - "type": "search", - "name": "3:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - }, - { - "type": "search", - "name": "6:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - }, - { - "type": "search", - "name": "7:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - }, - { - "type": "search", - "name": "8:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - }, - { - "type": "search", - "name": "10:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - }, - { - "type": "search", - "name": "11:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - }, - { - "type": "search", - "name": "12:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "14:search_0", - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json b/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json index b9489652183..2552ae7017f 100644 --- a/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json +++ b/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json @@ -1,1306 +1,1306 @@ { - "id": "cef-db1e1aca-279e-4ecc-b84e-fe58644f7619", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc1MywxXQ==", - "attributes": { - "description": "Suspicious network activity overview via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Destination Addresses": "#E0752D", - "Destination Ports": "#E24D42" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Addresses" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Addresses" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Destination Ports" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Addresses" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Ports" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" + "id": "cef-db1e1aca-279e-4ecc-b84e-fe58644f7619", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNiwxXQ==", + "attributes": { + "description": "Suspicious network activity overview via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } + "version": true } - } }, - "gridData": { - "h": 12, - "i": "1", - "w": 32, - "x": 0, - "y": 28 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Destination Addresses": "#E0752D", + "Destination Ports": "#E24D42" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + "gridData": { + "h": 12, + "i": "1", + "w": 32, + "x": 0, + "y": 28 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "2", - "w": 16, - "x": 0, - "y": 40 - }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 16, - "x": 16, - "y": 40 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Severity [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "hide_last_value_indicator": true, - "id": "c39a76e5-f613-41a9-8335-c442747791e0", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "0.0[0]a", - "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", - "label": "Event by Severities", - "line_width": 1, - "metrics": [ - { - "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", - "sigma": "", - "type": "sum_bucket" + "savedVis": { + "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,204,202,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Low\" OR severity:\"0\"" - }, - "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", - "label": "LOW" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Medium\"" - }, - "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", - "label": "MEDIUM" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"High\"" - }, - "id": "e142c55b-6ee5-416a-8bd3-d10398044864", - "label": "HIGH" + }, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 40 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Very-High\"" - }, - "id": "4b05b562-c419-4214-b814-d4c242251521", - "label": "VERY HIGH" + "savedVis": { + "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "top_n", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - }, - "savedVis": { - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Firewall Types" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "orderBucketsBySum": true, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 40 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "9", - "w": 16, - "x": 32, - "y": 28 - }, - "panelIndex": "9", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Source Addresses [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "117fde19-e227-4fcb-8019-e82e6677c340", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Severity [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "hide_last_value_indicator": true, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Low\" OR severity:\"0\"" + }, + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Medium\"" + }, + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"High\"" + }, + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Very-High\"" + }, + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostmessage", - "terms_order_by": null, - "value_template": "{{value}}" }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "0.5", - "formatter": "number", - "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", - "label": "Top Source Addresses", - "line_width": "0", - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" + "savedVis": { + "title": "Outcome by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "source.ip", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "11", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Source Addresses [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "12", - "w": 24, - "x": 0, - "y": 52 - }, - "panelIndex": "12", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 32, + "y": 28 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "13", - "w": 24, - "x": 24, - "y": 52 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Destination Ports [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" + "gridData": { + "h": 8, + "i": "11", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "14", - "w": 16, - "x": 32, - "y": 40 - }, - "panelIndex": "14", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + "gridData": { + "h": 16, + "i": "12", + "w": 24, + "x": 0, + "y": 52 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } - }, - "gridData": { - "h": 4, - "i": "15", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - }, - "savedVis": { - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "13", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Ports [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 12, + "i": "14", + "w": 16, + "x": 32, + "y": 40 }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" + "gridData": { + "h": 4, + "i": "15", + "w": 48, + "x": 0, + "y": 0 }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "16", + "w": 40, + "x": 0, + "y": 4 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 50": "rgb(255,255,204)", + "100 - 200": "rgb(253,141,60)", + "200 - 300": "rgb(227,27,28)", + "300 - 400": "rgb(128,0,38)", + "50 - 100": "rgb(254,217,118)" + } + }, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "17", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" } - } + ], + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 }, - "gridData": { - "h": 8, - "i": "16", - "w": 40, - "x": 0, - "y": 4 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Network Suspicious Activity Dashboard", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "panelIndex": "16", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 50": "rgb(255,255,204)", - "100 - 200": "rgb(253,141,60)", - "200 - 300": "rgb(227,27,28)", - "300 - 400": "rgb(128,0,38)", - "50 - 100": "rgb(254,217,118)" - } - }, - "savedVis": { - "title": "Network - Event Throughput [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" - }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } + { + "type": "search", + "name": "2:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "gridData": { - "h": 8, - "i": "17", - "w": 8, - "x": 40, - "y": 4 + { + "type": "search", + "name": "12:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "panelIndex": "17", - "type": "visualization", - "version": "8.0.0" - } + { + "type": "search", + "name": "13:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "14:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "16:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + } ], - "refreshInterval": { - "display": "Off", - "pause": false, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Network Suspicious Activity Dashboard", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "1:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "2:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "3:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "9:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "12:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "14:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "16:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json b/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json index dd92694ea92..b33c963b0bd 100644 --- a/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json +++ b/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json @@ -1,1875 +1,1877 @@ { - "id": "cef-dd0bc9af-2e89-4150-9b42-62517ea56b71", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-25T18:51:20.968Z", - "version": "Wzc1NCwxXQ==", - "attributes": { - "description": "Network data overview via ArcSight", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "data_stream.dataset:cef.log" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Application Protocols [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "id": "cef-dd0bc9af-2e89-4150-9b42-62517ea56b71", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNywxXQ==", + "attributes": { + "description": "Network data overview via ArcSight", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "data_stream.dataset:cef.log" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.application", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } + "version": true } - } }, - "gridData": { - "h": 8, - "i": "1", - "w": 48, - "x": 0, - "y": 44 + "optionsJSON": { + "darkTheme": false }, - "panelIndex": "1", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Bandwidth Utilization [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "" - }, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "d27f09dc-b07e-493f-a223-a85033ad6548", - "label": "Inbound", - "line_width": 1, - "metrics": [ - { - "field": "source.bytes", - "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", - "type": "sum" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Application Protocols [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_order_by": "_count" }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", - "label": "Outbound", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "type": "sum" - }, - { - "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", - "script": "params.outbound > 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", - "name": "outbound" + "gridData": { + "h": 8, + "i": "1", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bandwidth Utilization [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ] } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0 - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 8, + "i": "2", + "w": 48, + "x": 0, + "y": 68 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "2", - "w": 48, - "x": 0, - "y": 68 - }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Source [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "0c929603-fc92-4ebc-a963-fe2795417d89", - "label": "Firewall Events" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" - }, - "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", - "label": "Intrusion Detection Events" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", - "label": "VPN" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Source [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "split_mode": "filters", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": "0.5", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Device Hosts", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" + "gridData": { + "h": 8, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 8, + "i": "6", + "w": 48, + "x": 0, + "y": 60 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "5", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Outcome [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "bar_color": null, - "id": "23db5bf6-f787-474e-86ab-76362432e984", - "value": 0 - } - ], - "drilldown_url": "", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", - "label": "Firewall" + "savedVis": { + "title": "Device Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filter", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "1", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Event Outcome", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,188,0,0.35)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", - "label": "Success" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", - "label": "Failure" + "gridData": { + "h": 8, + "i": "7", + "w": 40, + "x": 0, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } }, - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "2ff1e859-b178-4824-a0f2-69a115932b98", - "label": "Attempt" + "savedVis": { + "title": "Outcome by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } - ], - "split_mode": "filters", - "stacked": "stacked", - "terms_field": "cef.extensions.categoryOutcome", - "terms_size": "3" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "6", - "w": 48, - "x": 0, - "y": 60 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 + "gridData": { + "h": 12, + "i": "9", + "w": 16, + "x": 0, + "y": 20 }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "/Attempt": "#0A50A1", + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + }, + "savedVis": { + "title": "Destination Ports by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 12, + "i": "11", + "w": 16, + "x": 16, + "y": 20 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 12, + "i": "13", + "w": 32, + "x": 0, + "y": 32 }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 8, - "i": "7", - "w": 40, - "x": 0, - "y": 4 - }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - }, - "savedVis": { - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Firewall Types" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "orderBucketsBySum": true, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "15", + "w": 16, + "x": 32, + "y": 32 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "9", - "w": 16, - "x": 0, - "y": 20 - }, - "panelIndex": "9", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "/Attempt": "#0A50A1", - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - }, - "savedVis": { - "title": "Destination Ports by Outcome [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Protocols" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "Anti-Virus": "#EF843C", + "Content Security": "#7EB26D", + "Firewall": "#E24D42", + "Integrated Security": "#962D82", + "Network-based IDS/IPS": "#1F78C1", + "Operating System": "#1F78C1", + "VPN": "#EAB839" + } + }, + "savedVis": { + "title": "Device Type Breakdown [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocols", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 12, + "i": "16", + "w": 16, + "x": 32, + "y": 20 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "11", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "11", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source(s)", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events by Device Types [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination(s)", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 8, + "i": "17", + "w": 48, + "x": 0, + "y": 52 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bandwidth (Incoming)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" + "gridData": { + "h": 16, + "i": "18", + "w": 24, + "x": 0, + "y": 76 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bandwidth (Outgoing)", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "13", - "w": 32, - "x": 0, - "y": 32 - }, - "panelIndex": "13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - }, - "legendOpen": false - }, - "savedVis": { - "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - } - } + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" }, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 6, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": true, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "type": "heatmap", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 20 Source Countries [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Host Names", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 16, + "i": "19", + "w": 24, + "x": 24, + "y": 76 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "15", - "w": 16, - "x": 32, - "y": 32 - }, - "panelIndex": "15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "Anti-Virus": "#EF843C", - "Content Security": "#7EB26D", - "Firewall": "#E24D42", - "Integrated Security": "#962D82", - "Network-based IDS/IPS": "#1F78C1", - "Operating System": "#1F78C1", - "VPN": "#EAB839" - } - }, - "savedVis": { - "title": "Device Type Breakdown [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 12, - "i": "16", - "w": 16, - "x": 32, - "y": 20 - }, - "panelIndex": "16", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Events by Device Types [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": "", - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", - "label": "Firewall" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } - ], - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(251,158,0,1)", - "fill": 0.5, - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Top Device Types by Mvg Averages", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.extensions.categoryDeviceType", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } - }, - "gridData": { - "h": 8, - "i": "17", - "w": 48, - "x": 0, - "y": 52 - }, - "panelIndex": "17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - }, - "savedVis": { - "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" + "gridData": { + "h": 8, + "i": "20", + "w": 8, + "x": 40, + "y": 4 }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" + "gridData": { + "h": 4, + "i": "21", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "w": 24, + "x": 0, + "y": 92 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" + "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Destination Locations by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "18", - "w": 24, - "x": 0, - "y": 76 - }, - "panelIndex": "18", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 20 Source Countries [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" }, - "type": "tagcloud", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "w": 24, + "x": 24, + "y": 92 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [] - } - } - } - }, - "gridData": { - "h": 16, - "i": "19", - "w": 24, - "x": 24, - "y": 76 - }, - "panelIndex": "19", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Network - Event Throughput [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" + "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Source Locations by Events [Logs CEF ArcSight]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" + "openTOCDetails": [], + "type": "map" } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} } - } + ], + "refreshInterval": { + "pause": true, + "value": 0 }, - "gridData": { - "h": 8, - "i": "20", - "w": 8, - "x": 40, - "y": 4 + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[Logs CEF ArcSight] Network Overview Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", + "type": "index-pattern" }, - "panelIndex": "20", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "description": "", - "uiState": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - } - } + { + "id": "logs-*", + "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "gridData": { - "h": 4, - "i": "21", - "w": 48, - "x": 0, - "y": 0 + { + "type": "search", + "name": "9:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "panelIndex": "21", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Destination Locations by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "11:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "gridData": { - "h": 24, - "i": "49de47fb-1382-4009-89d2-b96a4161e12d", - "w": 24, - "x": 0, - "y": 92 + { + "type": "search", + "name": "13:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", - "type": "map", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Source Locations by Events [Logs CEF ArcSight]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "type": "search", + "name": "15:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "gridData": { - "h": 24, - "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "w": 24, - "x": 24, - "y": 92 + { + "type": "search", + "name": "16:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, - "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "type": "map", - "version": "8.0.0" - } + { + "type": "search", + "name": "18:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + }, + { + "type": "search", + "name": "19:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h", - "timeRestore": true, - "timeTo": "now", - "title": "[Logs CEF ArcSight] Network Overview Dashboard", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "search", - "name": "1:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "7:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "9:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "11:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "13:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "15:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "16:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - }, - { - "type": "search", - "name": "18:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "19:search_0", - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" - } - ], - "migrationVersion": { - "dashboard": "8.0.0" - }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index a75abcd900b..b6d32236a7d 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -10,7 +10,7 @@ categories: - network - security conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 policy_templates: - name: cef title: CEF logs From cc5b250913630cb3a9f5b22ab4d2794b244368fa Mon Sep 17 00:00:00 2001 From: kcreddy Date: Mon, 21 Nov 2022 13:43:42 +0530 Subject: [PATCH 077/103] revert cisco as its deprecated --- packages/cisco/changelog.yml | 5 - packages/cisco/docs/README.md | 42 +- ...-a555b160-4987-11e9-b8ce-ed898b5ef295.json | 922 +++--------------- ...-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json | 79 ++ ...-118da960-4987-11e9-b8ce-ed898b5ef295.json | 85 ++ ...-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json | 85 ++ ...-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json | 126 +++ ...-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json | 139 +++ ...-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json | 78 ++ ...-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json | 105 ++ packages/cisco/manifest.yml | 2 +- 11 files changed, 868 insertions(+), 800 deletions(-) create mode 100644 packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json create mode 100644 packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json create mode 100644 packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json create mode 100644 packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json create mode 100644 packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json create mode 100644 packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json create mode 100644 packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json diff --git a/packages/cisco/changelog.yml b/packages/cisco/changelog.yml index d32feba08e8..ed20c974cd2 100644 --- a/packages/cisco/changelog.yml +++ b/packages/cisco/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "0.13.4" - changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load - type: enhancement - link: https://github.com/elastic/integrations/pull/4516 - version: "0.13.3" changes: - description: Update readme file diff --git a/packages/cisco/docs/README.md b/packages/cisco/docs/README.md index 1b440cf6289..9d9e0d39f36 100644 --- a/packages/cisco/docs/README.md +++ b/packages/cisco/docs/README.md @@ -25,12 +25,12 @@ An example event for `asa` looks as following: { "@timestamp": "2018-10-10T12:34:56.000Z", "agent": { - "ephemeral_id": "a548620b-0623-4130-b586-fe233f00e6e5", + "ephemeral_id": "d5a5a712-c503-48de-96df-7b5d93813de2", "hostname": "docker-fleet-agent", - "id": "3c803d12-46a2-48a4-a206-8fd3630cc2a9", + "id": "4df1fcdb-08e4-4f17-a523-5159ada47cb0", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.14.0" + "version": "7.16.0" }, "cisco": { "asa": { @@ -44,17 +44,17 @@ An example event for `asa` looks as following: "type": "logs" }, "destination": { - "address": "100.66.98.44", - "ip": "100.66.98.44", + "address": "192.168.98.44", + "ip": "192.168.98.44", "port": 8256 }, "ecs": { - "version": "1.10.0" + "version": "1.12.0" }, "elastic_agent": { - "id": "3c803d12-46a2-48a4-a206-8fd3630cc2a9", - "snapshot": true, - "version": "7.14.0" + "id": "4df1fcdb-08e4-4f17-a523-5159ada47cb0", + "snapshot": false, + "version": "7.16.0" }, "event": { "action": "firewall-rule", @@ -64,9 +64,9 @@ An example event for `asa` looks as following: ], "code": "305011", "dataset": "cisco.asa", - "ingested": "2021-07-19T08:54:36.436846422Z", + "ingested": "2022-11-21T07:43:12Z", "kind": "event", - "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256\n", + "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:192.168.98.44/8256", "severity": 6, "timezone": "+00:00", "type": [ @@ -74,17 +74,17 @@ An example event for `asa` looks as following: ] }, "host": { - "hostname": "localhost", - "name": "docker-fleet-agent" + "hostname": "localhost" }, "input": { - "type": "udp" + "type": "log" }, "log": { + "file": { + "path": "/tmp/service_logs/test-asa.log" + }, "level": "informational", - "source": { - "address": "172.23.0.4:59451" - } + "offset": 0 }, "network": { "iana_number": "6", @@ -116,7 +116,7 @@ An example event for `asa` looks as following: ], "ip": [ "172.31.98.44", - "100.66.98.44" + "192.168.98.44" ] }, "source": { @@ -504,7 +504,7 @@ An example event for `ftd` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco.ftd.assigned_ip | The IP address assigned to a VPN client successfully connecting | ip | | cisco.ftd.burst.avg_rate | The current average burst rate seen | keyword | | cisco.ftd.burst.configured_avg_rate | The current configured average burst rate allowed | keyword | @@ -808,7 +808,7 @@ An example event for `ios` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco.ios.access_list | Name of the IP access list. | keyword | | cisco.ios.action | Action taken by the device | keyword | | cisco.ios.facility | The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. | keyword | @@ -991,7 +991,7 @@ An example event for `nexus` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| @timestamp | Event timestamp. | date | | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | diff --git a/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json index cb0404f4078..8a983e2f8de 100644 --- a/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco/kibana/dashboard/cisco-a555b160-4987-11e9-b8ce-ed898b5ef295.json @@ -1,800 +1,176 @@ { - "id": "cisco-a555b160-4987-11e9-b8ce-ed898b5ef295", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:00:38.417Z", - "version": "WzYzMiwxXQ==", - "attributes": { - "description": "Sample dashboard for Cisco ASA Firewall devices", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Destination Port and Transport [Cisco]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { + "attributes": { + "description": "Sample dashboard for Cisco ASA Firewall devices", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "1", - "w": 12, - "x": 12, - "y": 15 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "1", - "title": "Destination Port and Transport", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "Source Port and Transport [Cisco]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie", - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "distinctColors": true - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 15, + "i": "1", + "w": 12, + "x": 12, + "y": 15 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "2", - "w": 12, - "x": 0, - "y": 15 - }, - "panelIndex": "2", - "title": "Source Port and Transport", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "ASA Events Over Time [Cisco]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100, - "filter": true - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "isVislibVis": true, - "detailedTooltip": true + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Destination Port and Transport", + "version": "7.0.0-SNAPSHOT" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" + "gridData": { + "h": 15, + "i": "2", + "w": 12, + "x": 0, + "y": 15 }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "3", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "3", - "title": "ASA Firewall Events Over Time", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "ASA Flows by Network Bytes [Cisco]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100, - "filter": true - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "3", - "label": "Total bytes" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Total bytes" - }, - "type": "value" - } - ], - "palette": { - "type": "palette", - "name": "kibana_palette" - }, - "isVislibVis": true, - "detailedTooltip": true + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Source Port and Transport", + "version": "7.0.0-SNAPSHOT" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "4", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "4", - "title": "ASA Flows by Network Bytes", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "savedVis": { - "title": "ASA Firewall Blocked by Source [Cisco]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "ASA Firewall Events Over Time", + "version": "7.0.0-SNAPSHOT" }, - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum", - "showToolbar": true + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "ASA Flows by Network Bytes", + "version": "7.0.0-SNAPSHOT" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 24, + "y": 15 }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "5", - "w": 12, - "x": 24, - "y": 15 - }, - "panelIndex": "5", - "title": "Blocked by Source", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "savedVis": { - "title": "ASA Top ACL by Blocked [Cisco]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Blocked by Source", + "version": "7.0.0-SNAPSHOT" }, - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum", - "showToolbar": true + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "8", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "8", + "panelRefName": "panel_5", + "title": "Top ACL by Blocked", + "version": "7.0.0-SNAPSHOT" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "9", + "w": 48, + "x": 0, + "y": 30 }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ACL ID", - "field": "cisco.asa.rule_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.outcome:\"deny\"" - } - } + "panelIndex": "9", + "panelRefName": "panel_6", + "version": "7.0.0-SNAPSHOT" } - } + ], + "timeRestore": false, + "title": "[Cisco] ASA Firewall", + "version": 1 + }, + "id": "cisco-a555b160-4987-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-118da960-4987-11e9-b8ce-ed898b5ef295", + "name": "panel_0", + "type": "visualization" }, - "gridData": { - "h": 15, - "i": "8", - "w": 12, - "x": 36, - "y": 15 + { + "id": "cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295", + "name": "panel_1", + "type": "visualization" }, - "panelIndex": "8", - "title": "Top ACL by Blocked", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "savedVis": { - "title": "Top ASA Messages [Cisco]", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": 1, - "direction": "desc" - } - } - } - }, - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum", - "showToolbar": true - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ID", - "field": "cisco.asa.message_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "aggregate": "concat", - "customLabel": "Severity", - "field": "log.level", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Sample message", - "field": "event.original", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "id": "cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", + "name": "panel_2", + "type": "visualization" }, - "gridData": { - "h": 12, - "i": "9", - "w": 48, - "x": 0, - "y": 30 + { + "id": "cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", + "name": "panel_3", + "type": "visualization" }, - "panelIndex": "9", - "version": "7.14.0", - "type": "visualization" - } + { + "id": "cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", + "name": "panel_6", + "type": "visualization" + } ], - "timeRestore": false, - "title": "[Cisco] ASA Firewall", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "1:search_0", - "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295" - }, - { - "type": "search", - "name": "2:search_0", - "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295" - }, - { - "type": "search", - "name": "3:search_0", - "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295" - }, - { - "type": "search", - "name": "4:search_0", - "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295" - }, - { - "type": "search", - "name": "5:search_0", - "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295" - }, - { - "type": "search", - "name": "8:search_0", - "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295" - }, - { - "type": "search", - "name": "9:search_0", - "id": "cisco-14fce5e0-498f-11e9-b8ce-ed898b5ef295" - } - ], - "migrationVersion": { - "dashboard": "7.16.0" - }, - "coreMigrationVersion": "7.16.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..52662f52adb --- /dev/null +++ b/packages/cisco/kibana/visualization/cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.outcome:\"deny\"" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Top ACL by Blocked [Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ACL ID", + "field": "cisco.asa.rule_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ASA Top ACL by Blocked [Cisco]", + "type": "table" + } + }, + "id": "cisco-08ef4d90-499b-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..e1febb0f087 --- /dev/null +++ b/packages/cisco/kibana/visualization/cisco-118da960-4987-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Port and Transport [Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Destination Port and Transport [Cisco]", + "type": "pie" + } + }, + "id": "cisco-118da960-4987-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..17925dd7046 --- /dev/null +++ b/packages/cisco/kibana/visualization/cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Port and Transport [Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Source Port and Transport [Cisco]", + "type": "pie" + } + }, + "id": "cisco-5d0322d0-4987-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..42de397939d --- /dev/null +++ b/packages/cisco/kibana/visualization/cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,126 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Flows by Network Bytes [Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "3", + "label": "Total bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total bytes" + }, + "type": "value" + } + ] + }, + "title": "ASA Flows by Network Bytes [Cisco]", + "type": "histogram" + } + }, + "id": "cisco-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-753406e0-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..6bbd768adec --- /dev/null +++ b/packages/cisco/kibana/visualization/cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,139 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Events Over Time [Cisco]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "ASA Events Over Time [Cisco]", + "type": "histogram" + } + }, + "id": "cisco-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..4f3206ffe6c --- /dev/null +++ b/packages/cisco/kibana/visualization/cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "ASA Firewall Blocked by Source [Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ASA Firewall Blocked by Source [Cisco]", + "type": "table" + } + }, + "id": "cisco-d05cdf60-498b-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-96c6ff60-4986-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json b/packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json new file mode 100644 index 00000000000..9a4cbdf1957 --- /dev/null +++ b/packages/cisco/kibana/visualization/cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json @@ -0,0 +1,105 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top ASA Messages [Cisco]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ID", + "field": "cisco.asa.message_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Severity", + "field": "log.level", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Sample message", + "field": "event.original", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top ASA Messages [Cisco]", + "type": "table" + } + }, + "id": "cisco-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", + "references": [ + { + "id": "cisco-14fce5e0-498f-11e9-b8ce-ed898b5ef295", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco/manifest.yml b/packages/cisco/manifest.yml index 64b166a5d54..2b4ec970c68 100644 --- a/packages/cisco/manifest.yml +++ b/packages/cisco/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco title: Cisco -version: 0.13.4 +version: 0.13.3 license: basic description: Deprecated. Use a specific Cisco package instead. type: integration From 09528dda6f5d290889754acd85107b23e5b0a190 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Mon, 21 Nov 2022 14:29:58 +0530 Subject: [PATCH 078/103] cisco_asa upgraded to 7.17.7 & 8.1.0 as agg failed --- packages/cisco_asa/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 0e46731bc97..f5cb5d44773 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -10,7 +10,7 @@ categories: - security release: ga conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: "^7.17.7 || ^8.1.0" screenshots: - src: /img/kibana-cisco-asa.png title: kibana cisco asa From cad2e95500c4143f4b6f141a7c513c7beec235aa Mon Sep 17 00:00:00 2001 From: kcreddy Date: Mon, 21 Nov 2022 14:58:39 +0530 Subject: [PATCH 079/103] cisco_asa upgraded to 8.1.0 as agg failed --- ...-a555b160-4987-11e9-b8ce-ed898b5ef295.json | 28 ++++++++++--------- packages/cisco_asa/manifest.yml | 2 +- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json index 9d1263e7354..460345ec5a2 100644 --- a/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:02:02.521Z", - "version": "WzY0NCwxXQ==", + "updated_at": "2022-11-21T09:18:19.740Z", + "version": "WzU4NSwxXQ==", "attributes": { "description": "Sample dashboard for Cisco ASA Firewall devices", "hits": 0, @@ -112,7 +112,7 @@ }, "panelIndex": "1", "title": "Destination Port and Transport", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -204,7 +204,7 @@ }, "panelIndex": "2", "title": "Source Port and Transport", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -253,7 +253,8 @@ "show": "true", "showCircles": true, "type": "histogram", - "valueAxis": "ValueAxis-1" + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 } ], "times": [], @@ -352,7 +353,7 @@ }, "panelIndex": "3", "title": "ASA Firewall Events Over Time", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -401,7 +402,8 @@ "show": true, "showCircles": true, "type": "histogram", - "valueAxis": "ValueAxis-1" + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 } ], "times": [], @@ -487,7 +489,7 @@ }, "panelIndex": "4", "title": "ASA Flows by Network Bytes", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -565,7 +567,7 @@ }, "panelIndex": "5", "title": "Blocked by Source", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -644,7 +646,7 @@ }, "panelIndex": "8", "title": "Top ACL by Blocked", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -748,7 +750,7 @@ "y": 30 }, "panelIndex": "9", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" } ], @@ -794,7 +796,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index f5cb5d44773..345a986e752 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -10,7 +10,7 @@ categories: - security release: ga conditions: - kibana.version: "^7.17.7 || ^8.1.0" + kibana.version: "^8.1.0" screenshots: - src: /img/kibana-cisco-asa.png title: kibana cisco asa From 45124e7c94320498582b37804460044d54a0c741 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 22 Nov 2022 00:23:26 +0530 Subject: [PATCH 080/103] cisco_duo upgraded to 8.1.0 as agg failed --- ...-2eb22f90-34c3-11ed-81dc-5d9e1bd8e06a.json | 740 +++++++++ ...-6b585210-0faa-11ec-8b4b-67126a72b1d4.json | 479 ------ ...-7e997350-34c9-11ed-81dc-5d9e1bd8e06a.json | 401 +++++ ...-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json | 313 ---- ...-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json | 1104 ------------- ...-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json | 627 -------- ...-f4c25e10-3420-11ed-a766-d751fb2ca0fe.json | 492 ++++++ ...-fc635930-342f-11ed-8943-5bb82a29aed1.json | 1407 +++++++++++++++++ 8 files changed, 3040 insertions(+), 2523 deletions(-) create mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-2eb22f90-34c3-11ed-81dc-5d9e1bd8e06a.json delete mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json create mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-7e997350-34c9-11ed-81dc-5d9e1bd8e06a.json delete mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json delete mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json create mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-f4c25e10-3420-11ed-a766-d751fb2ca0fe.json create mode 100644 packages/cisco_duo/kibana/dashboard/cisco_duo-fc635930-342f-11ed-8943-5bb82a29aed1.json diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-2eb22f90-34c3-11ed-81dc-5d9e1bd8e06a.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-2eb22f90-34c3-11ed-81dc-5d9e1bd8e06a.json new file mode 100644 index 00000000000..dc4b0d9265c --- /dev/null +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-2eb22f90-34c3-11ed-81dc-5d9e1bd8e06a.json @@ -0,0 +1,740 @@ +{ + "id": "cisco_duo-2eb22f90-34c3-11ed-81dc-5d9e1bd8e06a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T09:57:15.457Z", + "version": "WzU4MywxXQ==", + "attributes": { + "description": "This dashboard shows offline enrollment logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_duo.offline_enrollment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_duo.offline_enrollment" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "7b809536-a834-4eb3-aed0-cefa61cd3c21", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "7b809536-a834-4eb3-aed0-cefa61cd3c21", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-02874d02-f771-41cc-a01e-019bdaefe5e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "02874d02-f771-41cc-a01e-019bdaefe5e7": { + "columnOrder": [ + "151a56f6-8bd8-4c92-b90f-bb2b958694ad" + ], + "columns": { + "151a56f6-8bd8-4c92-b90f-bb2b958694ad": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Integration Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "cisco_duo.offline_enrollment.object" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "151a56f6-8bd8-4c92-b90f-bb2b958694ad", + "layerId": "02874d02-f771-41cc-a01e-019bdaefe5e7", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Integration Count [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "b53df0c5-658b-4856-812d-c85e63cada33", + "w": 12, + "x": 12, + "y": 0 + }, + "panelIndex": "b53df0c5-658b-4856-812d-c85e63cada33", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-010c28dc-70fb-494b-80fe-e82f2052cac9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "010c28dc-70fb-494b-80fe-e82f2052cac9": { + "columnOrder": [ + "7244d707-1b68-4dfb-9d00-48943bee2307" + ], + "columns": { + "7244d707-1b68-4dfb-9d00-48943bee2307": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Action Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "cisco_duo.offline_enrollment.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "7244d707-1b68-4dfb-9d00-48943bee2307", + "layerId": "010c28dc-70fb-494b-80fe-e82f2052cac9", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Action Count [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "5159139d-2c1e-48e8-926b-01b980b12a67", + "w": 12, + "x": 24, + "y": 0 + }, + "panelIndex": "5159139d-2c1e-48e8-926b-01b980b12a67", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d581f4a8-527d-4222-bfea-8460aee2a075", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d581f4a8-527d-4222-bfea-8460aee2a075": { + "columnOrder": [ + "cfc1b810-c5e9-4a19-8f3e-7edcc8dfbb19" + ], + "columns": { + "cfc1b810-c5e9-4a19-8f3e-7edcc8dfbb19": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique User Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "cfc1b810-c5e9-4a19-8f3e-7edcc8dfbb19", + "layerId": "d581f4a8-527d-4222-bfea-8460aee2a075", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique User Count [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "30541431-2761-42f6-ab92-23c470b97d9d", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "30541431-2761-42f6-ab92-23c470b97d9d", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-04b82c04-b596-4d12-8a0d-37af27e64a86", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "04b82c04-b596-4d12-8a0d-37af27e64a86": { + "columnOrder": [ + "ce43f9aa-5a2d-495c-ab0f-f509bc69598a" + ], + "columns": { + "ce43f9aa-5a2d-495c-ab0f-f509bc69598a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Hostname Count", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "cisco_duo.offline_enrollment.description.hostname" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "ce43f9aa-5a2d-495c-ab0f-f509bc69598a", + "layerId": "04b82c04-b596-4d12-8a0d-37af27e64a86", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Hostname Count [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "95604399-93ea-4592-8ba4-6c8eeb63d608", + "w": 24, + "x": 0, + "y": 10 + }, + "panelIndex": "95604399-93ea-4592-8ba4-6c8eeb63d608", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a892e2ed-02b6-462d-8ea3-1a0cf0326448", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a892e2ed-02b6-462d-8ea3-1a0cf0326448": { + "columnOrder": [ + "fa72f23a-460e-4e3e-a705-969716f7813a", + "e8e28e12-7c01-4073-9f16-2a5f2d805906" + ], + "columns": { + "e8e28e12-7c01-4073-9f16-2a5f2d805906": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "fa72f23a-460e-4e3e-a705-969716f7813a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Factor", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e8e28e12-7c01-4073-9f16-2a5f2d805906", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.offline_enrollment.description.factor" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "fa72f23a-460e-4e3e-a705-969716f7813a" + ], + "layerId": "a892e2ed-02b6-462d-8ea3-1a0cf0326448", + "layerType": "data", + "legendDisplay": "default", + "metric": "e8e28e12-7c01-4073-9f16-2a5f2d805906", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Factor Used for Offline Enrollment [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "3441f8fd-719d-4a60-a44c-1e2d238425cf", + "w": 24, + "x": 24, + "y": 10 + }, + "panelIndex": "3441f8fd-719d-4a60-a44c-1e2d238425cf", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7e7e8256-99ca-4524-a785-9977f4505134", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7e7e8256-99ca-4524-a785-9977f4505134": { + "columnOrder": [ + "0a7e362f-59b5-4ada-a455-dd58d93da2e1", + "26c53ac9-5886-4d98-8899-116d23e69df8" + ], + "columns": { + "0a7e362f-59b5-4ada-a455-dd58d93da2e1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "26c53ac9-5886-4d98-8899-116d23e69df8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.offline_enrollment.action" + }, + "26c53ac9-5886-4d98-8899-116d23e69df8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Username", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "cisco_duo.offline_enrollment.user.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "0a7e362f-59b5-4ada-a455-dd58d93da2e1" + }, + { + "columnId": "26c53ac9-5886-4d98-8899-116d23e69df8" + } + ], + "layerId": "7e7e8256-99ca-4524-a785-9977f4505134", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Offline Enrollment Actions by User [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "58649ad7-84cd-4a90-98e4-4817d39c429a", + "w": 48, + "x": 0, + "y": 25 + }, + "panelIndex": "58649ad7-84cd-4a90-98e4-4817d39c429a", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2554e0ca-ffec-4a0c-8813-137409a317b9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2554e0ca-ffec-4a0c-8813-137409a317b9": { + "columnOrder": [ + "dbb5522b-f4fb-4806-91ff-a5aadefe0bd5", + "6c2c7376-b556-48e4-a264-414977807570", + "6a87c0fe-886c-409e-a008-a40479903069", + "ad4a0105-5c5b-426a-8a27-55e2a94e70f2" + ], + "columns": { + "6a87c0fe-886c-409e-a008-a40479903069": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of Unique Integrations", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "cisco_duo.offline_enrollment.object" + }, + "6c2c7376-b556-48e4-a264-414977807570": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of Unique Hosts", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "cisco_duo.offline_enrollment.description.hostname" + }, + "ad4a0105-5c5b-426a-8a27-55e2a94e70f2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Count of Action Execution", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "dbb5522b-f4fb-4806-91ff-a5aadefe0bd5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6c2c7376-b556-48e4-a264-414977807570", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.offline_enrollment.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "dbb5522b-f4fb-4806-91ff-a5aadefe0bd5" + }, + { + "columnId": "6c2c7376-b556-48e4-a264-414977807570", + "isTransposed": false + }, + { + "columnId": "6a87c0fe-886c-409e-a008-a40479903069", + "isTransposed": false + }, + { + "columnId": "ad4a0105-5c5b-426a-8a27-55e2a94e70f2", + "isTransposed": false + } + ], + "layerId": "2554e0ca-ffec-4a0c-8813-137409a317b9", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Offline Enrollment Actions [Logs Cisco Duo]" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Duo] Offline Enrollment", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7b809536-a834-4eb3-aed0-cefa61cd3c21:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7b809536-a834-4eb3-aed0-cefa61cd3c21:indexpattern-datasource-layer-02874d02-f771-41cc-a01e-019bdaefe5e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b53df0c5-658b-4856-812d-c85e63cada33:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b53df0c5-658b-4856-812d-c85e63cada33:indexpattern-datasource-layer-010c28dc-70fb-494b-80fe-e82f2052cac9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5159139d-2c1e-48e8-926b-01b980b12a67:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5159139d-2c1e-48e8-926b-01b980b12a67:indexpattern-datasource-layer-d581f4a8-527d-4222-bfea-8460aee2a075", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "30541431-2761-42f6-ab92-23c470b97d9d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "30541431-2761-42f6-ab92-23c470b97d9d:indexpattern-datasource-layer-04b82c04-b596-4d12-8a0d-37af27e64a86", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95604399-93ea-4592-8ba4-6c8eeb63d608:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95604399-93ea-4592-8ba4-6c8eeb63d608:indexpattern-datasource-layer-a892e2ed-02b6-462d-8ea3-1a0cf0326448", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3441f8fd-719d-4a60-a44c-1e2d238425cf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3441f8fd-719d-4a60-a44c-1e2d238425cf:indexpattern-datasource-layer-7e7e8256-99ca-4524-a785-9977f4505134", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58649ad7-84cd-4a90-98e4-4817d39c429a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "58649ad7-84cd-4a90-98e4-4817d39c429a:indexpattern-datasource-layer-2554e0ca-ffec-4a0c-8813-137409a317b9", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index bd71fa8279f..00000000000 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,479 +0,0 @@ -{ - "id": "cisco_duo-6b585210-0faa-11ec-8b4b-67126a72b1d4", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:16:56.550Z", - "version": "WzY1MiwxXQ==", - "attributes": { - "description": "This dashboard shows summary logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cisco_duo.summary" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cisco_duo.summary" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Remaining telephony credits over time", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "gauge_color_rules": [ - { - "id": "f05fb810-0fa8-11ec-8382-e117c2442b42" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "4a31a4d0-81c1-4705-879d-f5d196dacbd2", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_bars": 30, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "94a8c66d-6999-46aa-a647-20789ed9bdc1", - "label": "Remaining telephony credits", - "line_width": 1, - "metrics": [ - { - "agg_with": "avg", - "field": "cisco_duo.summary.telephony_credits_remaining", - "id": "ef27c46b-0bb7-44cc-b819-331c4abb7798", - "order": "desc", - "order_by": "@timestamp", - "size": 1, - "type": "top_hit" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": true - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.summary\"" - } - } - } - } - }, - "gridData": { - "h": 13, - "i": "3b33c381-80ab-4111-ab09-fcc73e3f9a0b", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "3b33c381-80ab-4111-ab09-fcc73e3f9a0b", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Admin Count", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Number of Admin", - "field": "cisco_duo.summary.admin_count", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 9, - "i": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c", - "w": 12, - "x": 0, - "y": 13 - }, - "panelIndex": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "[Cisco Duo] Number of Integration", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Number of Integrations", - "field": "cisco_duo.summary.integration_count", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 9, - "i": "b31e0b4a-7166-421d-bb0a-e02cc3def401", - "w": 12, - "x": 12, - "y": 13 - }, - "panelIndex": "b31e0b4a-7166-421d-bb0a-e02cc3def401", - "title": "[Cisco Duo] Integrations Count", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] User Count", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Number of Users", - "field": "cisco_duo.summary.user_count", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 9, - "i": "85c0ed49-374f-448d-a9b4-88f4600d6ad8", - "w": 12, - "x": 24, - "y": 13 - }, - "panelIndex": "85c0ed49-374f-448d-a9b4-88f4600d6ad8", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Telephony credits remaining", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Telephony Credits remaining", - "field": "cisco_duo.summary.telephony_credits_remaining", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 9, - "i": "80fb20e4-3445-450f-8b05-bcf29c015d7a", - "w": 12, - "x": 36, - "y": 13 - }, - "panelIndex": "80fb20e4-3445-450f-8b05-bcf29c015d7a", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Cisco Duo] Summary Logs", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "e6ac6ace-57bd-4d11-b92b-a051cece0d4c:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b31e0b4a-7166-421d-bb0a-e02cc3def401:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "85c0ed49-374f-448d-a9b4-88f4600d6ad8:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "80fb20e4-3445-450f-8b05-bcf29c015d7a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.2" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-7e997350-34c9-11ed-81dc-5d9e1bd8e06a.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-7e997350-34c9-11ed-81dc-5d9e1bd8e06a.json new file mode 100644 index 00000000000..386e43c7132 --- /dev/null +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-7e997350-34c9-11ed-81dc-5d9e1bd8e06a.json @@ -0,0 +1,401 @@ +{ + "id": "cisco_duo-7e997350-34c9-11ed-81dc-5d9e1bd8e06a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T09:57:15.457Z", + "version": "WzU4NCwxXQ==", + "attributes": { + "description": "This dashboard shows telephony logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_duo.telephony" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_duo.telephony" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "28df95dc-7f16-4be5-a857-0087f0aafd79", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "28df95dc-7f16-4be5-a857-0087f0aafd79", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2895cd64-3005-4aa0-8806-aebfcec6337b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2895cd64-3005-4aa0-8806-aebfcec6337b": { + "columnOrder": [ + "9e1f961e-ec9b-4d87-b039-aee519938af0", + "df5605f4-cf9a-4300-a04e-0d27bd93403c" + ], + "columns": { + "9e1f961e-ec9b-4d87-b039-aee519938af0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Phone Number", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "df5605f4-cf9a-4300-a04e-0d27bd93403c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.telephony.phone_number" + }, + "df5605f4-cf9a-4300-a04e-0d27bd93403c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Credits", + "operationType": "sum", + "scale": "ratio", + "sourceField": "cisco_duo.telephony.credits" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9e1f961e-ec9b-4d87-b039-aee519938af0" + ], + "layerId": "2895cd64-3005-4aa0-8806-aebfcec6337b", + "layerType": "data", + "legendDisplay": "default", + "metric": "df5605f4-cf9a-4300-a04e-0d27bd93403c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Telephony Credits Used by Users [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "88a04f06-323e-499a-9363-60c4e44525ed", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "88a04f06-323e-499a-9363-60c4e44525ed", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f766bfa8-25c9-4c13-9c4f-56f8beb93ee7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f766bfa8-25c9-4c13-9c4f-56f8beb93ee7": { + "columnOrder": [ + "9fb9934c-f735-4c3b-901a-93787ce0803d", + "aedb9709-f0cf-43bc-b817-ff690c268236" + ], + "columns": { + "9fb9934c-f735-4c3b-901a-93787ce0803d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Event Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "aedb9709-f0cf-43bc-b817-ff690c268236", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.telephony.event_type" + }, + "aedb9709-f0cf-43bc-b817-ff690c268236": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Credits", + "operationType": "sum", + "scale": "ratio", + "sourceField": "cisco_duo.telephony.credits" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9fb9934c-f735-4c3b-901a-93787ce0803d" + ], + "layerId": "f766bfa8-25c9-4c13-9c4f-56f8beb93ee7", + "layerType": "data", + "legendDisplay": "default", + "metric": "aedb9709-f0cf-43bc-b817-ff690c268236", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Telephony Credits Used by Types of Telephony Event [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "2b83f76d-c315-4d49-bf76-967e4d9ef49d", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "2b83f76d-c315-4d49-bf76-967e4d9ef49d", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-35bad298-cb1d-478f-823e-55e8450f4624", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "35bad298-cb1d-478f-823e-55e8450f4624": { + "columnOrder": [ + "dd0d8160-4e51-425e-8a87-211cedb6ec4f", + "dc6eb145-963d-412d-97eb-f1bb3dbca717" + ], + "columns": { + "dc6eb145-963d-412d-97eb-f1bb3dbca717": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Credits", + "operationType": "sum", + "scale": "ratio", + "sourceField": "cisco_duo.telephony.credits" + }, + "dd0d8160-4e51-425e-8a87-211cedb6ec4f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "dc6eb145-963d-412d-97eb-f1bb3dbca717", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.telephony.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "dd0d8160-4e51-425e-8a87-211cedb6ec4f" + ], + "layerId": "35bad298-cb1d-478f-823e-55e8450f4624", + "layerType": "data", + "legendDisplay": "default", + "metric": "dc6eb145-963d-412d-97eb-f1bb3dbca717", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Telephony Credits Used by Telephony Type [Logs Cisco Duo]" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Duo] Telephony", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28df95dc-7f16-4be5-a857-0087f0aafd79:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "28df95dc-7f16-4be5-a857-0087f0aafd79:indexpattern-datasource-layer-2895cd64-3005-4aa0-8806-aebfcec6337b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "88a04f06-323e-499a-9363-60c4e44525ed:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "88a04f06-323e-499a-9363-60c4e44525ed:indexpattern-datasource-layer-f766bfa8-25c9-4c13-9c4f-56f8beb93ee7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2b83f76d-c315-4d49-bf76-967e4d9ef49d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2b83f76d-c315-4d49-bf76-967e4d9ef49d:indexpattern-datasource-layer-35bad298-cb1d-478f-823e-55e8450f4624", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 8c7ef4ec7c9..00000000000 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,313 +0,0 @@ -{ - "id": "cisco_duo-a48b1130-0fb4-11ec-8b4b-67126a72b1d4", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:16:56.550Z", - "version": "WzY1MywxXQ==", - "attributes": { - "description": "This dashboard shows telephony logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Telephony credits used by Users", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Telephony credits used by user", - "field": "cisco_duo.telephony.credits" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.telephony.phone_number", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "4109bbba-072c-4f73-8530-39f86d6b732d", - "w": 25, - "x": 0, - "y": 0 - }, - "panelIndex": "4109bbba-072c-4f73-8530-39f86d6b732d", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Telephony credits used by types of telephony event", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cisco_duo.telephony.credits" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.telephony.event_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "afbddd10-9ee9-4e14-b984-cf15e057b9ce", - "w": 23, - "x": 25, - "y": 0 - }, - "panelIndex": "afbddd10-9ee9-4e14-b984-cf15e057b9ce", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Telephony credits used by telephony type", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cisco_duo.telephony.credits" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.telephony.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.telephony\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "fd25e144-12c2-4668-ac09-eadf51b0acfb", - "w": 25, - "x": 0, - "y": 18 - }, - "panelIndex": "fd25e144-12c2-4668-ac09-eadf51b0acfb", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Cisco Duo] Telephony Logs", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "4109bbba-072c-4f73-8530-39f86d6b732d:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "afbddd10-9ee9-4e14-b984-cf15e057b9ce:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "fd25e144-12c2-4668-ac09-eadf51b0acfb:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.2" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index 1d31955d084..00000000000 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,1104 +0,0 @@ -{ - "id": "cisco_duo-bd7d4870-0fbe-11ec-8b4b-67126a72b1d4", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:16:56.550Z", - "version": "WzY1NCwxXQ==", - "attributes": { - "description": "This dashboard shows authentication logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cisco_duo.auth" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cisco_duo.auth" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 180, - "minLat": -85.05113, - "minLon": -180 - }, - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 0.99 - }, - "openTOCDetails": [], - "attributes": { - "title": "[Cisco Duo] Failed Login attempts", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset : \\\"cisco_duo.auth\\\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":true},\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"browserLocation\":{\"zoom\":2},\"disableInteractive\":false,\"disableTooltipControl\":false,\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"hideLayerControl\":false,\"hideToolbarOverlay\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"zoom\":0.99}", - "layerListJSON": "[{\"alpha\":1,\"id\":\"ce0cde1e-240f-4a56-bc83-60374450e029\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"4e14ab8b-6ac0-4c0d-92e4-56b7074b28f6\",\"includeInFitToBounds\":true,\"label\":\"Failed login attempts\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"768d716e-4cb1-435c-b301-f26d08954838\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]" - } - }, - "gridData": { - "h": 20, - "i": "25031c05-54c2-4d92-a275-1fa3a2bdf399", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "25031c05-54c2-4d92-a275-1fa3a2bdf399", - "type": "map", - "version": "7.14.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Authentication Failed login attempts by Source IP", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "rotate": 0, - "show": false, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "valueAxis": "" - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "orderBucketsBySum": true, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "5", - "label": "Number of failed attempts" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Number of failed attempts" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Number of failed attempts" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Source IPs", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "5", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Source IPs", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "5", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "14cc4daa-2411-4927-be9d-20fc287bd46f", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "14cc4daa-2411-4927-be9d-20fc287bd46f", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Login Attempts by OS", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": true, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.os.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "user_agent.os.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "988a5cf4-cba9-4437-9323-fe7f37e2beba", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "988a5cf4-cba9-4437-9323-fe7f37e2beba", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Top 10 Failed login attempts by username", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Number of failed attempts" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Username", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "410d1a65-1a7a-4680-95a9-1ecac80433b2", - "w": 24, - "x": 0, - "y": 37 - }, - "panelIndex": "410d1a65-1a7a-4680-95a9-1ecac80433b2", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Top 10 successful login attempts by Application name", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Successful Login attempts" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Application Name", - "field": "cisco_duo.auth.application.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.outcome", - "negate": false, - "params": { - "query": "success" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "success" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", - "w": 24, - "x": 24, - "y": 37 - }, - "panelIndex": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Failed login attempts by reason over time", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "d8f092a5-ae66-4065-b008-32c860c6981a", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.auth\" and event.outcome : \"failure\"" - }, - "formatter": "number", - "id": "28cb790c-2e1a-4805-84aa-1ed88babbed1", - "label": "", - "line_width": 1, - "metrics": [ - { - "id": "14432c40-0fd5-11ec-921c-81166521206e", - "type": "count" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_duo.auth\"" - }, - "id": "f284b6f0-0fd4-11ec-921c-81166521206e", - "label": "" - } - ], - "split_mode": "terms", - "stacked": "none", - "terms_field": "event.reason", - "terms_size": "100", - "time_range_mode": "entire_time_range", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": true - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "90ee91c4-ebe8-4a2e-898b-e3492f302162", - "w": 24, - "x": 0, - "y": 54 - }, - "panelIndex": "90ee91c4-ebe8-4a2e-898b-e3492f302162", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Login attempts by authentication factor", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "row": true, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 2 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Factor of authentication", - "field": "cisco_duo.auth.factor", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Others", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", - "w": 24, - "x": 24, - "y": 54 - }, - "panelIndex": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Encryption enabled in user devices", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.auth.access_device.is_encryption_enabled", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "2c3d7bcf-27ad-4fa0-9db2-a19282133333", - "w": 24, - "x": 0, - "y": 71 - }, - "panelIndex": "2c3d7bcf-27ad-4fa0-9db2-a19282133333", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Firewall enabled in user devices", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "", - "field": "cisco_duo.auth.access_device.is_firewall_enabled", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", - "w": 24, - "x": 24, - "y": 71 - }, - "panelIndex": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Password set in user devices", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cisco_duo.auth.access_device.is_password_set", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff", - "w": 24, - "x": 0, - "y": 88 - }, - "panelIndex": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Cisco Duo] Authentication Logs", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "25031c05-54c2-4d92-a275-1fa3a2bdf399:layer_1_source_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "14cc4daa-2411-4927-be9d-20fc287bd46f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "988a5cf4-cba9-4437-9323-fe7f37e2beba:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "410d1a65-1a7a-4680-95a9-1ecac80433b2:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "410d1a65-1a7a-4680-95a9-1ecac80433b2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f56f5a11-3d30-4a6a-bdf1-0b32c7e26547:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d676d2bc-e5cc-41c5-ab3d-d380e7cf24ae:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "2c3d7bcf-27ad-4fa0-9db2-a19282133333:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "42f72b64-1bbf-49bd-909a-af8fcbc4c4e9:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "bbabe39a-d588-40c3-81d5-fcfe6448b0ff:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.2" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json deleted file mode 100644 index a102b85c423..00000000000 --- a/packages/cisco_duo/kibana/dashboard/cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4.json +++ /dev/null @@ -1,627 +0,0 @@ -{ - "id": "cisco_duo-f2277ef0-0fd8-11ec-8b4b-67126a72b1d4", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:16:56.550Z", - "version": "WzY1NSwxXQ==", - "attributes": { - "description": "This dashboard shows offline enrollment logs collected by the Cisco Duo integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cisco_duo.offline_enrollment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cisco_duo.offline_enrollment" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Unique integration count", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique integration count", - "field": "cisco_duo.offline_enrollment.object" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "9e1a3121-6df9-41a0-b167-3f837016650a", - "w": 9, - "x": 0, - "y": 0 - }, - "panelIndex": "9e1a3121-6df9-41a0-b167-3f837016650a", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Unique action count", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique action count", - "field": "cisco_duo.offline_enrollment.action" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", - "w": 9, - "x": 9, - "y": 0 - }, - "panelIndex": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "[Cisco Duo] Factor used for offline enrollment", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": true, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Factor", - "field": "cisco_duo.offline_enrollment.description.factor", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "73433d45-2afb-45aa-b823-e048841115c2", - "w": 12, - "x": 18, - "y": 0 - }, - "panelIndex": "73433d45-2afb-45aa-b823-e048841115c2", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Unique user count", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique user count", - "field": "cisco_duo.offline_enrollment.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "a0546004-8d4b-444d-af9d-23a249df93e3", - "w": 9, - "x": 30, - "y": 0 - }, - "panelIndex": "a0546004-8d4b-444d-af9d-23a249df93e3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Top 10 Offline Enrollment actions", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Action", - "field": "cisco_duo.offline_enrollment.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Number of unique hosts", - "field": "cisco_duo.offline_enrollment.description.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Number of unique integrations", - "field": "cisco_duo.offline_enrollment.object" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total count of action execution" - }, - "schema": "metric", - "type": "count" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Unique hostname count", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique hostname count", - "field": "cisco_duo.offline_enrollment.description.hostname" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3", - "w": 9, - "x": 39, - "y": 0 - }, - "panelIndex": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Cisco Duo] Top 10 Offline Enrollment Actions by user", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Username", - "field": "cisco_duo.offline_enrollment.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Action", - "field": "cisco_duo.offline_enrollment.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Cisco Duo] Offline Enrollment Logs", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "9e1a3121-6df9-41a0-b167-3f837016650a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "fd1a3e7c-5e1b-4fa1-8796-45abfa64e536:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "73433d45-2afb-45aa-b823-e048841115c2:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a0546004-8d4b-444d-af9d-23a249df93e3:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "68f7d41f-43dd-49d6-88ac-afa36a19ebeb:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cc8c06d5-4825-4b25-9d69-e6fec23d07b3:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "91d1ac3b-5cec-4e60-9179-18aaf7ce6198:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.2" -} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-f4c25e10-3420-11ed-a766-d751fb2ca0fe.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-f4c25e10-3420-11ed-a766-d751fb2ca0fe.json new file mode 100644 index 00000000000..db07a2f0675 --- /dev/null +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-f4c25e10-3420-11ed-a766-d751fb2ca0fe.json @@ -0,0 +1,492 @@ +{ + "id": "cisco_duo-f4c25e10-3420-11ed-a766-d751fb2ca0fe", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T09:57:15.457Z", + "version": "WzU4NSwxXQ==", + "attributes": { + "description": "This dashboard shows summary logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_duo.summary" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_duo.summary" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "875823d5-4d16-4ef0-b463-9a99298b8ed9", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "875823d5-4d16-4ef0-b463-9a99298b8ed9", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "f05fb810-0fa8-11ec-8382-e117c2442b42" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "4a31a4d0-81c1-4705-879d-f5d196dacbd2", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_bars": 30, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "94a8c66d-6999-46aa-a647-20789ed9bdc1", + "label": "Remaining Telephony Credits", + "line_width": 1, + "metrics": [ + { + "agg_with": "avg", + "field": "cisco_duo.summary.telephony_credits_remaining", + "id": "ef27c46b-0bb7-44cc-b819-331c4abb7798", + "order": "desc", + "order_by": "@timestamp", + "size": 1, + "type": "top_hit" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "[Cisco Duo] Remaining telephony credits over time", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "Remaining Telephony Credits Over Time [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "99e70c63-9d54-4124-b897-ff8d35031b1a", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "99e70c63-9d54-4124-b897-ff8d35031b1a", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8979948f-f9ce-405f-bb6f-abd720b767a2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8979948f-f9ce-405f-bb6f-abd720b767a2": { + "columnOrder": [ + "9f30a138-3d45-4360-b3d3-93c4aa165eff" + ], + "columns": { + "9f30a138-3d45-4360-b3d3-93c4aa165eff": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of Integrations", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "cisco_duo.summary.integration_count" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "9f30a138-3d45-4360-b3d3-93c4aa165eff", + "layerId": "8979948f-f9ce-405f-bb6f-abd720b767a2", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Integrations Count [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "b17843de-0101-4a6c-a884-34cbeef1cfa0", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "b17843de-0101-4a6c-a884-34cbeef1cfa0", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6e6732b0-cdfb-4221-b378-1e7c30e66935", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6e6732b0-cdfb-4221-b378-1e7c30e66935": { + "columnOrder": [ + "260fdf2b-8937-4ade-830b-203f7e634931" + ], + "columns": { + "260fdf2b-8937-4ade-830b-203f7e634931": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of Admin", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "cisco_duo.summary.admin_count" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "260fdf2b-8937-4ade-830b-203f7e634931", + "layerId": "6e6732b0-cdfb-4221-b378-1e7c30e66935", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Admin Count [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "07a76b39-2500-4493-94ee-31277eb2a97a", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "07a76b39-2500-4493-94ee-31277eb2a97a", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7fb24c40-44ba-48a1-8055-ce664b16df4c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7fb24c40-44ba-48a1-8055-ce664b16df4c": { + "columnOrder": [ + "1810b5ff-6980-46f4-9890-7061f2956e70" + ], + "columns": { + "1810b5ff-6980-46f4-9890-7061f2956e70": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of Users", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "cisco_duo.summary.user_count" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "1810b5ff-6980-46f4-9890-7061f2956e70", + "layerId": "7fb24c40-44ba-48a1-8055-ce664b16df4c", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "User Count [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "70d33225-16eb-492f-a2fa-3e8ae6ac2065", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "70d33225-16eb-492f-a2fa-3e8ae6ac2065", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d3843af6-1a73-455d-ab46-d5d4573ebbcd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d3843af6-1a73-455d-ab46-d5d4573ebbcd": { + "columnOrder": [ + "1b4cda72-50dd-4f90-b2e9-a0976c4c1fff" + ], + "columns": { + "1b4cda72-50dd-4f90-b2e9-a0976c4c1fff": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Telephony Credits Remaining", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "cisco_duo.summary.telephony_credits_remaining" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "1b4cda72-50dd-4f90-b2e9-a0976c4c1fff", + "layerId": "d3843af6-1a73-455d-ab46-d5d4573ebbcd", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Telephony Credits Remaining [Logs Cisco Duo]" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Duo] Summary", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "99e70c63-9d54-4124-b897-ff8d35031b1a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "99e70c63-9d54-4124-b897-ff8d35031b1a:indexpattern-datasource-layer-8979948f-f9ce-405f-bb6f-abd720b767a2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b17843de-0101-4a6c-a884-34cbeef1cfa0:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b17843de-0101-4a6c-a884-34cbeef1cfa0:indexpattern-datasource-layer-6e6732b0-cdfb-4221-b378-1e7c30e66935", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07a76b39-2500-4493-94ee-31277eb2a97a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "07a76b39-2500-4493-94ee-31277eb2a97a:indexpattern-datasource-layer-7fb24c40-44ba-48a1-8055-ce664b16df4c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70d33225-16eb-492f-a2fa-3e8ae6ac2065:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "70d33225-16eb-492f-a2fa-3e8ae6ac2065:indexpattern-datasource-layer-d3843af6-1a73-455d-ab46-d5d4573ebbcd", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file diff --git a/packages/cisco_duo/kibana/dashboard/cisco_duo-fc635930-342f-11ed-8943-5bb82a29aed1.json b/packages/cisco_duo/kibana/dashboard/cisco_duo-fc635930-342f-11ed-8943-5bb82a29aed1.json new file mode 100644 index 00000000000..375854877f4 --- /dev/null +++ b/packages/cisco_duo/kibana/dashboard/cisco_duo-fc635930-342f-11ed-8943-5bb82a29aed1.json @@ -0,0 +1,1407 @@ +{ + "id": "cisco_duo-fc635930-342f-11ed-8943-5bb82a29aed1", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T09:57:15.457Z", + "version": "WzU4NiwxXQ==", + "attributes": { + "description": "This dashboard shows authentication logs collected by the Cisco Duo integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_duo.auth" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_duo.auth" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "818ff904-2b6d-44ba-9de3-2d908faf4fe4", + "w": 24, + "x": 0, + "y": 19 + }, + "panelIndex": "818ff904-2b6d-44ba-9de3-2d908faf4fe4", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f54144b0-13ad-42da-8000-f50af854cc52", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f54144b0-13ad-42da-8000-f50af854cc52": { + "columnOrder": [ + "c1ab2cb1-e12b-4dfe-afff-d295db5ff65f", + "c5d221ac-54c5-45fa-8d09-e95e1d705917" + ], + "columns": { + "c1ab2cb1-e12b-4dfe-afff-d295db5ff65f": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IPs", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c5d221ac-54c5-45fa-8d09-e95e1d705917", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "c5d221ac-54c5-45fa-8d09-e95e1d705917": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of failed attempts", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "c5d221ac-54c5-45fa-8d09-e95e1d705917" + ], + "layerId": "f54144b0-13ad-42da-8000-f50af854cc52", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "c1ab2cb1-e12b-4dfe-afff-d295db5ff65f" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Authentication Failed Login Attempts by Source IP [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "22c8c310-56b7-4097-9fa9-a495af55a8c7", + "w": 24, + "x": 24, + "y": 19 + }, + "panelIndex": "22c8c310-56b7-4097-9fa9-a495af55a8c7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7c32a803-2a73-4db0-86af-ede2d3eb74b7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7c32a803-2a73-4db0-86af-ede2d3eb74b7": { + "columnOrder": [ + "1c43c117-2d48-4245-937e-a9435d027365", + "1c1e4aeb-4361-4703-9c3f-39d4c6d6d2b7", + "df9a7ec9-12f4-4fbc-b5cc-9866e1511032" + ], + "columns": { + "1c1e4aeb-4361-4703-9c3f-39d4c6d6d2b7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operating System Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "df9a7ec9-12f4-4fbc-b5cc-9866e1511032", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.version" + }, + "1c43c117-2d48-4245-937e-a9435d027365": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Operating System", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "df9a7ec9-12f4-4fbc-b5cc-9866e1511032", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.name" + }, + "df9a7ec9-12f4-4fbc-b5cc-9866e1511032": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "1c43c117-2d48-4245-937e-a9435d027365", + "1c1e4aeb-4361-4703-9c3f-39d4c6d6d2b7" + ], + "layerId": "7c32a803-2a73-4db0-86af-ede2d3eb74b7", + "layerType": "data", + "legendDisplay": "default", + "metric": "df9a7ec9-12f4-4fbc-b5cc-9866e1511032", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Login Attempts by OS [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "51dd4756-cff1-475b-96b8-98d3fcf7c5e8", + "w": 24, + "x": 0, + "y": 34 + }, + "panelIndex": "51dd4756-cff1-475b-96b8-98d3fcf7c5e8", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e1b0ed4b-f945-43ac-9f08-85b3ae396239", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e1b0ed4b-f945-43ac-9f08-85b3ae396239": { + "columnOrder": [ + "3f89f982-6876-4f85-8e02-5bd78823313e", + "62067742-d1f6-4516-aef7-e20243d5a663" + ], + "columns": { + "3f89f982-6876-4f85-8e02-5bd78823313e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "62067742-d1f6-4516-aef7-e20243d5a663", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "62067742-d1f6-4516-aef7-e20243d5a663": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of Failed Attempts", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "3f89f982-6876-4f85-8e02-5bd78823313e" + }, + { + "columnId": "62067742-d1f6-4516-aef7-e20243d5a663" + } + ], + "layerId": "e1b0ed4b-f945-43ac-9f08-85b3ae396239", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Failed Login Attempts by Username [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "7acb2d14-3660-4613-a3f5-609bc84eae4d", + "w": 24, + "x": 24, + "y": 34 + }, + "panelIndex": "7acb2d14-3660-4613-a3f5-609bc84eae4d", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a12c19bd-f6ef-4379-ba4f-20f78350271b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a12c19bd-f6ef-4379-ba4f-20f78350271b": { + "columnOrder": [ + "688de5c3-896c-4f9a-aa26-cf41001878fb", + "9707bf56-92ed-4ae6-b485-e3fa6c5d7cb0" + ], + "columns": { + "688de5c3-896c-4f9a-aa26-cf41001878fb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9707bf56-92ed-4ae6-b485-e3fa6c5d7cb0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.auth.application.name" + }, + "9707bf56-92ed-4ae6-b485-e3fa6c5d7cb0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Successful Login Attempts", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.outcome", + "negate": false, + "params": { + "query": "success" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.outcome": "success" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "688de5c3-896c-4f9a-aa26-cf41001878fb", + "isTransposed": false + }, + { + "columnId": "9707bf56-92ed-4ae6-b485-e3fa6c5d7cb0", + "isTransposed": false + } + ], + "layerId": "a12c19bd-f6ef-4379-ba4f-20f78350271b", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Successful Login Attempts by Application Name [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "d87fb839-2a81-404c-bfbe-8a00255756e9", + "w": 24, + "x": 0, + "y": 49 + }, + "panelIndex": "d87fb839-2a81-404c-bfbe-8a00255756e9", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "d8f092a5-ae66-4065-b008-32c860c6981a", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.auth\" and event.outcome : \"failure\"" + }, + "formatter": "number", + "id": "28cb790c-2e1a-4805-84aa-1ed88babbed1", + "label": "Failed Login Attempts", + "line_width": 1, + "metrics": [ + { + "id": "14432c40-0fd5-11ec-921c-81166521206e", + "type": "count" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "kuery", + "query": "data_stream.dataset : \"cisco_duo.auth\"" + }, + "id": "f284b6f0-0fd4-11ec-921c-81166521206e", + "label": "" + } + ], + "split_mode": "terms", + "stacked": "none", + "terms_field": "event.reason", + "terms_size": "100", + "time_range_mode": "entire_time_range", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "[Cisco Duo] Failed login attempts by reason over time", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "Failed Login Attempts by Reason Over Time [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "a3d0f019-eea7-4378-95c9-20841a6136e1", + "w": 24, + "x": 0, + "y": 64 + }, + "panelIndex": "a3d0f019-eea7-4378-95c9-20841a6136e1", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ee60d920-e863-40bd-8838-544eb257deb6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ee60d920-e863-40bd-8838-544eb257deb6": { + "columnOrder": [ + "999a537c-b73e-4246-bb00-4437d229edc4", + "6ed7b42e-40ca-4c6c-b681-9114f7492243" + ], + "columns": { + "6ed7b42e-40ca-4c6c-b681-9114f7492243": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Username", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "user.name" + }, + "999a537c-b73e-4246-bb00-4437d229edc4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Encryption Enabled", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6ed7b42e-40ca-4c6c-b681-9114f7492243", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.auth.access_device.is_encryption_enabled" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "999a537c-b73e-4246-bb00-4437d229edc4" + ], + "layerId": "ee60d920-e863-40bd-8838-544eb257deb6", + "layerType": "data", + "legendDisplay": "default", + "metric": "6ed7b42e-40ca-4c6c-b681-9114f7492243", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Encryption Enabled in User Devices [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "268b0b87-2daa-432c-8abc-fc31368a3f24", + "w": 24, + "x": 24, + "y": 49 + }, + "panelIndex": "268b0b87-2daa-432c-8abc-fc31368a3f24", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8b629203-8568-42cf-8f8d-076234fa1e80", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8b629203-8568-42cf-8f8d-076234fa1e80": { + "columnOrder": [ + "c8880d3e-ddf8-4fdd-a2db-a62cef721233", + "ebe9dd6c-1aec-4b8f-bc43-db3f72e03caf" + ], + "columns": { + "c8880d3e-ddf8-4fdd-a2db-a62cef721233": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Firewall Enabled", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ebe9dd6c-1aec-4b8f-bc43-db3f72e03caf", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.auth.access_device.is_firewall_enabled" + }, + "ebe9dd6c-1aec-4b8f-bc43-db3f72e03caf": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Username", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c8880d3e-ddf8-4fdd-a2db-a62cef721233" + ], + "layerId": "8b629203-8568-42cf-8f8d-076234fa1e80", + "layerType": "data", + "legendDisplay": "default", + "metric": "ebe9dd6c-1aec-4b8f-bc43-db3f72e03caf", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Firewall Enabled in User Devices [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "2fc646fa-5152-441e-8cfa-9466d97f38a5", + "w": 24, + "x": 24, + "y": 64 + }, + "panelIndex": "2fc646fa-5152-441e-8cfa-9466d97f38a5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5a02ce05-fb02-44ed-a440-921646f93e28", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5a02ce05-fb02-44ed-a440-921646f93e28": { + "columnOrder": [ + "407c26d4-a100-44be-b267-09a4397ce62f", + "d71774fb-92c5-4803-bf7f-b6bf0484c371" + ], + "columns": { + "407c26d4-a100-44be-b267-09a4397ce62f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Password Set", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d71774fb-92c5-4803-bf7f-b6bf0484c371", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.auth.access_device.is_password_set" + }, + "d71774fb-92c5-4803-bf7f-b6bf0484c371": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Username", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "407c26d4-a100-44be-b267-09a4397ce62f" + ], + "layerId": "5a02ce05-fb02-44ed-a440-921646f93e28", + "layerType": "data", + "legendDisplay": "default", + "metric": "d71774fb-92c5-4803-bf7f-b6bf0484c371", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Password Set in User Devices [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "1e7cca3e-e9ff-461b-aa54-d68e4724a10c", + "w": 24, + "x": 0, + "y": 79 + }, + "panelIndex": "1e7cca3e-e9ff-461b-aa54-d68e4724a10c", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a27579ed-2c14-4688-8abd-eebb621a1488", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "a27579ed-2c14-4688-8abd-eebb621a1488": { + "columnOrder": [ + "f5303345-19ce-4123-87f5-abdc29652cfb", + "8e5fb845-afb2-4d7f-8e16-ba9ab246a8e3" + ], + "columns": { + "8e5fb845-afb2-4d7f-8e16-ba9ab246a8e3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "f5303345-19ce-4123-87f5-abdc29652cfb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Factor", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "8e5fb845-afb2-4d7f-8e16-ba9ab246a8e3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.auth.factor" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.outcome", + "negate": false, + "params": { + "query": "success" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.outcome": "success" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "f5303345-19ce-4123-87f5-abdc29652cfb" + ], + "layerId": "a27579ed-2c14-4688-8abd-eebb621a1488", + "layerType": "data", + "legendDisplay": "default", + "metric": "8e5fb845-afb2-4d7f-8e16-ba9ab246a8e3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Success Login Attempts by Authentication Factor [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "a754afca-bd5d-4135-bc61-d4009e4657bb", + "w": 24, + "x": 24, + "y": 79 + }, + "panelIndex": "a754afca-bd5d-4135-bc61-d4009e4657bb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f6dd2418-f99a-425f-bf65-2837cb4a3a6c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f6dd2418-f99a-425f-bf65-2837cb4a3a6c": { + "columnOrder": [ + "27fa1ab5-471e-47cc-9add-9ed20c8f2b9b", + "106f69af-66b6-4931-bf03-0cfdeb819341" + ], + "columns": { + "106f69af-66b6-4931-bf03-0cfdeb819341": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "27fa1ab5-471e-47cc-9add-9ed20c8f2b9b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Authentication Factor", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "106f69af-66b6-4931-bf03-0cfdeb819341", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_duo.auth.factor" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "27fa1ab5-471e-47cc-9add-9ed20c8f2b9b" + ], + "layerId": "f6dd2418-f99a-425f-bf65-2837cb4a3a6c", + "layerType": "data", + "legendDisplay": "default", + "metric": "106f69af-66b6-4931-bf03-0cfdeb819341", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Failure Login Attempts by Authentication Factor [Logs Cisco Duo]" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 19, + "i": "26f5ca91-aee7-4afb-9c3d-0ce30815989c", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "26f5ca91-aee7-4afb-9c3d-0ce30815989c", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"ce0cde1e-240f-4a56-bc83-60374450e029\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"4e14ab8b-6ac0-4c0d-92e4-56b7074b28f6\",\"includeInFitToBounds\":true,\"label\":\"Failed login attempts\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"768d716e-4cb1-435c-b301-f26d08954838\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":0.99,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 180, + "minLat": -85.05113, + "minLon": -180 + }, + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 0.99 + }, + "openTOCDetails": [], + "type": "map" + }, + "title": "Failed Login Attempts [Logs Cisco Duo]" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Duo] Authentication", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "818ff904-2b6d-44ba-9de3-2d908faf4fe4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "818ff904-2b6d-44ba-9de3-2d908faf4fe4:indexpattern-datasource-layer-f54144b0-13ad-42da-8000-f50af854cc52", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "818ff904-2b6d-44ba-9de3-2d908faf4fe4:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "22c8c310-56b7-4097-9fa9-a495af55a8c7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "22c8c310-56b7-4097-9fa9-a495af55a8c7:indexpattern-datasource-layer-7c32a803-2a73-4db0-86af-ede2d3eb74b7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "51dd4756-cff1-475b-96b8-98d3fcf7c5e8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "51dd4756-cff1-475b-96b8-98d3fcf7c5e8:indexpattern-datasource-layer-e1b0ed4b-f945-43ac-9f08-85b3ae396239", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "51dd4756-cff1-475b-96b8-98d3fcf7c5e8:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7acb2d14-3660-4613-a3f5-609bc84eae4d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7acb2d14-3660-4613-a3f5-609bc84eae4d:indexpattern-datasource-layer-a12c19bd-f6ef-4379-ba4f-20f78350271b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7acb2d14-3660-4613-a3f5-609bc84eae4d:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3d0f019-eea7-4378-95c9-20841a6136e1:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a3d0f019-eea7-4378-95c9-20841a6136e1:indexpattern-datasource-layer-ee60d920-e863-40bd-8838-544eb257deb6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "268b0b87-2daa-432c-8abc-fc31368a3f24:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "268b0b87-2daa-432c-8abc-fc31368a3f24:indexpattern-datasource-layer-8b629203-8568-42cf-8f8d-076234fa1e80", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2fc646fa-5152-441e-8cfa-9466d97f38a5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2fc646fa-5152-441e-8cfa-9466d97f38a5:indexpattern-datasource-layer-5a02ce05-fb02-44ed-a440-921646f93e28", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1e7cca3e-e9ff-461b-aa54-d68e4724a10c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1e7cca3e-e9ff-461b-aa54-d68e4724a10c:indexpattern-datasource-layer-a27579ed-2c14-4688-8abd-eebb621a1488", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1e7cca3e-e9ff-461b-aa54-d68e4724a10c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a754afca-bd5d-4135-bc61-d4009e4657bb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a754afca-bd5d-4135-bc61-d4009e4657bb:indexpattern-datasource-layer-f6dd2418-f99a-425f-bf65-2837cb4a3a6c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a754afca-bd5d-4135-bc61-d4009e4657bb:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26f5ca91-aee7-4afb-9c3d-0ce30815989c:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file From 41bebc99b632973744d188a1f9600b483e52464d Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 22 Nov 2022 01:17:41 +0530 Subject: [PATCH 081/103] cisco_ise upgraded to 8.1.0 as agg failed --- ...-04d54380-a100-11ec-a0a2-1598702abf83.json | 16 ++++---- ...-1eaf5e30-a114-11ec-a0a2-1598702abf83.json | 14 +++---- ...-2506b030-a100-11ec-a0a2-1598702abf83.json | 16 ++++---- ...-92227880-a0ff-11ec-a0a2-1598702abf83.json | 30 +++++++-------- ...-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json | 38 +++++++++---------- ...-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json | 26 ++++++------- ...-d320a780-a0ff-11ec-a0a2-1598702abf83.json | 18 ++++----- ...-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json | 12 +++--- packages/cisco_ise/manifest.yml | 2 +- 9 files changed, 86 insertions(+), 86 deletions(-) diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json index acd6549f2e9..3e7c792ef8c 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY3OCwxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYyNSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -143,7 +143,7 @@ }, "panelIndex": "3d8fa06f-bd70-438d-bbcb-778dc278d228", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -228,7 +228,7 @@ }, "panelIndex": "7dd60577-882f-4428-adf4-9ec7048032dc", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -296,7 +296,7 @@ }, "panelIndex": "db158b71-11fd-4950-b0e4-e9e4893aaebb", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -381,7 +381,7 @@ }, "panelIndex": "c6007a66-0f97-4948-a6f9-313a47c00f42", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -444,7 +444,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json index 0f521a729b5..34f895ecb1e 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY3OSwxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYyNywxXQ==", "attributes": { "description": "", "hits": 0, @@ -112,7 +112,7 @@ }, "panelIndex": "22a9db51-a883-4947-b41b-2c06ce7e492e", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -197,7 +197,7 @@ }, "panelIndex": "03ebbffc-5648-4560-9510-5f27f7c59da9", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -282,7 +282,7 @@ }, "panelIndex": "ca7116cf-93be-4a75-99e2-3ee133c367aa", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -335,7 +335,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json index 3eb1fc0246c..60fa1f4be4d 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY4MCwxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYyOCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -129,7 +129,7 @@ }, "panelIndex": "d7a85d7c-eb7a-4f92-8f90-205c60ed892b", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -210,7 +210,7 @@ }, "panelIndex": "0674168e-3642-43ed-8251-3a03f5880371", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -291,7 +291,7 @@ }, "panelIndex": "57265bb8-6c32-4d2f-a3e3-376d5ab35a8d", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -373,7 +373,7 @@ }, "panelIndex": "b3238d64-db19-4274-ae79-e2870bf314e4", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -388,7 +388,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json index 453e559374e..c245699ac5e 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY4MSwxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYyOSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -126,7 +126,7 @@ "panelIndex": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd", "title": "Top 10 Device IP Address [Logs Cisco ISE]", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -215,7 +215,7 @@ }, "panelIndex": "4232cb43-a1cb-45e2-8f8b-e523232e41bc", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -284,7 +284,7 @@ "panelIndex": "a41df091-467a-48a5-a4c4-bfdda2c964ae", "title": "Top 10 Network Device Names [Logs Cisco ISE]", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -352,7 +352,7 @@ }, "panelIndex": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -420,7 +420,7 @@ }, "panelIndex": "85db9e7a-7390-4797-bef4-98b487427c43", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -566,7 +566,7 @@ }, "panelIndex": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -652,7 +652,7 @@ }, "panelIndex": "1f6e0bdd-f67b-431e-8634-1299c4e5a605", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -798,7 +798,7 @@ }, "panelIndex": "64f258c3-4824-4d67-b083-e8e02ba926cc", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -884,7 +884,7 @@ "panelIndex": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d", "title": " Distribution of Events by User Type [Logs Cisco ISE]", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -969,7 +969,7 @@ }, "panelIndex": "cc4bf643-08b2-4500-841d-ad8216532309", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1037,7 +1037,7 @@ }, "panelIndex": "5b616616-c8a5-44ed-ac39-cf94acf2d625", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1130,7 +1130,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json index 8412c8b3303..27c68b31e91 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY4MiwxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYzMCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -173,7 +173,7 @@ }, "panelIndex": "a711fab4-5b3c-4772-be34-ba329076bbc3", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -241,7 +241,7 @@ }, "panelIndex": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -326,7 +326,7 @@ }, "panelIndex": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -411,7 +411,7 @@ }, "panelIndex": "d10d59ee-c92b-4e28-81c4-1017be59bdfb", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -479,7 +479,7 @@ }, "panelIndex": "0e3b4705-dd8a-42d7-9992-eefe9239160b", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -547,7 +547,7 @@ }, "panelIndex": "251e4695-f4fb-4f6d-98e0-4a822942b58d", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -615,7 +615,7 @@ }, "panelIndex": "94954f66-f728-4b2e-b7d3-024a4d21559a", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -683,7 +683,7 @@ }, "panelIndex": "1156a6e4-bf5a-4628-97c1-1d48296960e2", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -829,7 +829,7 @@ }, "panelIndex": "3db21693-851e-4584-8e01-92706e033703", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -975,7 +975,7 @@ }, "panelIndex": "17cdfe86-a58c-4490-b253-7276fac9a458", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1060,7 +1060,7 @@ }, "panelIndex": "457e1c7e-32ae-4969-af38-81a02e0b0341", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1145,7 +1145,7 @@ }, "panelIndex": "efaff3d9-6694-4adc-9b22-edd21d590852", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1230,7 +1230,7 @@ }, "panelIndex": "68e83de8-a2b3-4531-9e7a-80812495ef75", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1315,7 +1315,7 @@ }, "panelIndex": "9246074a-85cc-4cc3-a2df-6ebfe2db993e", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1383,7 +1383,7 @@ }, "panelIndex": "49bb018b-cab3-41c8-91b7-cdc8e30453dc", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -1478,7 +1478,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json index 0d3bad3c0db..b89cc50eea7 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY4MywxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYzMSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -125,7 +125,7 @@ }, "panelIndex": "c9b722c7-e508-4447-8112-230e3858b5b8", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -210,7 +210,7 @@ }, "panelIndex": "216c30b3-1a72-498f-939b-11462bb0adb7", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -295,7 +295,7 @@ }, "panelIndex": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -363,7 +363,7 @@ }, "panelIndex": "b6b0bc79-1ddb-461b-97c4-f814c1267e58", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -431,7 +431,7 @@ }, "panelIndex": "77492870-ccbf-400a-ae2e-97fe9f39cd0d", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -499,7 +499,7 @@ }, "panelIndex": "9abde76e-d49b-409c-924b-dd9c81c1dcea", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -567,7 +567,7 @@ }, "panelIndex": "ec663b72-467e-4ec0-ae7f-f023109ea50f", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -652,7 +652,7 @@ }, "panelIndex": "044c8085-11e7-40e3-a09b-bd994ce198aa", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -720,7 +720,7 @@ }, "panelIndex": "6e5ca98d-df46-45a1-8014-cf16a3028dc2", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -803,7 +803,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json index 8c94c50b3ab..32904131ec7 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY4NCwxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYzMiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -208,7 +208,7 @@ }, "panelIndex": "973be120-1985-476b-939a-b0b82e570d33", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -276,7 +276,7 @@ }, "panelIndex": "755e7622-d79b-4ffc-a60f-df3b3dddeb86", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -363,7 +363,7 @@ }, "panelIndex": "e63be268-5af1-469b-aba7-89d3d43e2d00", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -453,7 +453,7 @@ "panelIndex": "09a67f64-cb54-4976-a2a4-3fe6d891a44b", "title": " Distribution of Events by Failure Flag [Logs Cisco ISE]", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -538,7 +538,7 @@ }, "panelIndex": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -583,7 +583,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json index b8f295fcffc..86fb0294b97 100644 --- a/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T09:29:36.506Z", - "version": "WzY4NSwxXQ==", + "updated_at": "2022-11-21T19:47:17.164Z", + "version": "WzYzMywxXQ==", "attributes": { "description": "", "hits": 0, @@ -108,7 +108,7 @@ }, "panelIndex": "5864db90-ff57-40e6-b605-b6d86b7fea43", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -144,7 +144,7 @@ }, "panelIndex": "06cec002-64bd-4f18-a966-1b6fc2bfd4cf", "type": "visualization", - "version": "7.17.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -169,7 +169,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 6a2036dfe0b..ed6be503c61 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/cisco-ise-screenshot.png title: Cisco ISE dashboard screenshot From f76cd72205f1c80755acf5a259c735a04ceb5963 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 22 Nov 2022 01:32:54 +0530 Subject: [PATCH 082/103] revert cisco_secure_email_gateway done by crest --- .../cisco_secure_email_gateway/changelog.yml | 6 +- ...-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json | 1399 ++++----- ...-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json | 1467 ++++----- ...-97ab0d40-b63e-11ec-b665-f79f0daaad54.json | 1080 ++++--- ...-a1060e90-b025-11ec-8a45-8d83ac55242a.json | 1567 +++++----- ...-b9591cf0-b640-11ec-b665-f79f0daaad54.json | 1409 +++++---- ...-be7e9c00-b055-11ec-8a45-8d83ac55242a.json | 2767 +++++++++-------- ...-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json | 2104 +++++++------ ...-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json | 967 +++--- .../cisco_secure_email_gateway/manifest.yml | 2 +- 10 files changed, 6649 insertions(+), 6119 deletions(-) diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index 08b7c657b84..7721ea2f540 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,9 +1,9 @@ # newer versions go on top -- version: "1.2.1" +- version: "1.3.0" changes: - - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + - description: Add an on_failure processor to the date processor. type: enhancement - link: https://github.com/elastic/integrations/pull/4516 + link: https://github.com/elastic/integrations/pull/4626 - version: "1.2.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json index feae768c292..773159a3305 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a.json @@ -1,723 +1,728 @@ { - "id": "cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc0NiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "status" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "status" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "1af71592-86d8-4efb-b424-d6ecf7944ace", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "b509ab9e-7f7b-44f2-8ee6-258b88e17dfa", - "label": "Count", - "line_width": 1, - "metrics": [ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } + } + }, { - "field": "cisco_secure_email_gateway.log.cpu.utilization", - "id": "4deb212e-daed-4c60-b947-aa33baeaa2a9", - "type": "avg" + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "status" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "status" + } + } } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "terms_field": "cisco_secure_email_gateway.log.cpu.utilization", - "terms_order_by": "_count", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], + ], "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 14, - "i": "95a6ae87-13d5-4ada-bd77-bec597a81714", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "95a6ae87-13d5-4ada-bd77-bec597a81714", - "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "ba00a756-2315-4580-8c44-8daa6a4fe42c", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "a579bc05-7302-4698-a465-cc9c33326c93", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.disk_io", - "id": "bfc3259d-32c5-4aea-9581-14ae6945e2b0", - "type": "avg" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1af71592-86d8-4efb-b424-d6ecf7944ace", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "b509ab9e-7f7b-44f2-8ee6-258b88e17dfa", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.cpu.utilization", + "id": "4deb212e-daed-4c60-b947-aa33baeaa2a9", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "terms_field": "cisco_secure_email_gateway.log.cpu.utilization", + "terms_order_by": "_count", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "CPU Utilization Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 14, + "i": "c89cfeb0-dada-414f-bff9-f8d88cfbcf22", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "c89cfeb0-dada-414f-bff9-f8d88cfbcf22", + "type": "visualization", + "version": "7.17.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - } - } - }, - "gridData": { - "h": 14, - "i": "fac9251f-8b75-46fa-94ff-2a004fd15099", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "fac9251f-8b75-46fa-94ff-2a004fd15099", - "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Ram Utilization Over Time [Logs Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "f3f0956a-14bb-45c8-b03d-9bae49240821", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "cbb2c4b6-0c49-4fc3-814e-68a7c117ad7b", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.ram.utilization", - "id": "d665c81d-8a7d-48fd-9ff4-697bbd4dbceb", - "type": "avg" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "ba00a756-2315-4580-8c44-8daa6a4fe42c", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "a579bc05-7302-4698-a465-cc9c33326c93", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.disk_io", + "id": "bfc3259d-32c5-4aea-9581-14ae6945e2b0", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Disk I/O Utilization Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 14, + "i": "c683c27c-67a8-4290-b081-a9b1f39bb2e3", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "c683c27c-67a8-4290-b081-a9b1f39bb2e3", + "type": "visualization", + "version": "7.17.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "de2943f1-1708-4fd3-bb0d-99903395cc32", - "w": 24, - "x": 0, - "y": 14 - }, - "panelIndex": "de2943f1-1708-4fd3-bb0d-99903395cc32", - "title": "RAM Utilization Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Sophos Anti-Virus Scanning Over Time [Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "e8547150-1b72-456e-abb0-1f63a4c82e4a", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "4e1b5734-d731-4efe-85f7-cb7a6812819b", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.sophos_ld", - "id": "5b85a7fb-52f0-4f23-a808-07a23ae8157d", - "type": "avg" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "f3f0956a-14bb-45c8-b03d-9bae49240821", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "cbb2c4b6-0c49-4fc3-814e-68a7c117ad7b", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.ram.utilization", + "id": "d665c81d-8a7d-48fd-9ff4-697bbd4dbceb", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "RAM Utilization Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 15, + "i": "e91098aa-f3d4-41b0-9d0b-5d9fad190090", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "e91098aa-f3d4-41b0-9d0b-5d9fad190090", + "type": "visualization", + "version": "7.17.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "3ff28fc7-0158-4901-baf2-797e2686c180", - "w": 24, - "x": 24, - "y": 14 - }, - "panelIndex": "3ff28fc7-0158-4901-baf2-797e2686c180", - "title": "Sophos Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "0f2aec48-9a36-4fe0-a4ad-5922a129b4c3", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "2c4e6b49-e60c-4d4d-b2c4-c443928f93d7", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.mcafee_ld", - "id": "4a343f0d-2f6d-437d-a702-9707ee05de91", - "type": "avg" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "e8547150-1b72-456e-abb0-1f63a4c82e4a", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "4e1b5734-d731-4efe-85f7-cb7a6812819b", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.sophos_ld", + "id": "5b85a7fb-52f0-4f23-a808-07a23ae8157d", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Sophos Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 15, + "i": "b10f96f1-92f1-4ea3-a2a6-a57b44197481", + "w": 24, + "x": 24, + "y": 14 + }, + "panelIndex": "b10f96f1-92f1-4ea3-a2a6-a57b44197481", + "type": "visualization", + "version": "7.17.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "01d7f54a-0bfd-444a-99ca-ea799c11d342", - "w": 24, - "x": 0, - "y": 29 - }, - "panelIndex": "01d7f54a-0bfd-444a-99ca-ea799c11d342", - "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "1ca757e4-9986-4109-82f8-a18e8f68cd35", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "c9ea79ff-857a-4c19-8864-dd32d5ecb80d", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.case_ld", - "id": "633c2888-96a2-4c24-a93b-e647ced942ed", - "type": "avg" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "0f2aec48-9a36-4fe0-a4ad-5922a129b4c3", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "2c4e6b49-e60c-4d4d-b2c4-c443928f93d7", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.mcafee_ld", + "id": "4a343f0d-2f6d-437d-a702-9707ee05de91", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "McAfee Anti-Virus Scanning Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 15, + "i": "0d7142fc-d5b0-43c5-86e7-3bc98d6cec30", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "0d7142fc-d5b0-43c5-86e7-3bc98d6cec30", + "type": "visualization", + "version": "7.17.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "cc5ddff9-fb90-4f24-a98c-3a2b3957f8c6", - "w": 24, - "x": 24, - "y": 29 - }, - "panelIndex": "cc5ddff9-fb90-4f24-a98c-3a2b3957f8c6", - "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Reporting Process Over Time [Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "706b3574-bdb3-4b5e-b60c-535ecba9d3ea", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "6a5040fa-12e2-4a8f-a1da-51c6a6dcf2cb", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.reporting_load", - "id": "4c616f23-37ef-433f-9642-8bf6502b479a", - "type": "avg" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1ca757e4-9986-4109-82f8-a18e8f68cd35", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "c9ea79ff-857a-4c19-8864-dd32d5ecb80d", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.case_ld", + "id": "633c2888-96a2-4c24-a93b-e647ced942ed", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "CASE Scanning Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 15, + "i": "ea8a6307-fc13-46e3-a76d-910b68cb9616", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "ea8a6307-fc13-46e3-a76d-910b68cb9616", + "type": "visualization", + "version": "7.17.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "0ef7de46-c487-40c7-856a-3bbd89bbcf7b", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "0ef7de46-c487-40c7-856a-3bbd89bbcf7b", - "title": "Reporting Process Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "867a9950-5f15-460a-98b4-9bb0eeec0d8d", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "e6a4bd49-6b02-49dc-8204-b4e4cee693b0", - "label": "Count", - "line_width": 1, - "metrics": [ - { - "field": "cisco_secure_email_gateway.log.quarantine.load", - "id": "ad8aab01-a047-4608-9587-73f25a02c850", - "type": "avg" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "706b3574-bdb3-4b5e-b60c-535ecba9d3ea", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "6a5040fa-12e2-4a8f-a1da-51c6a6dcf2cb", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.reporting_load", + "id": "4c616f23-37ef-433f-9642-8bf6502b479a", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Reporting Process Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "timeseries", - "use_kibana_indexes": false + }, + "gridData": { + "h": 15, + "i": "5992541c-8021-4e82-9763-7e43d4a3a1e8", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "5992541c-8021-4e82-9763-7e43d4a3a1e8", + "type": "visualization", + "version": "7.17.0" }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "867a9950-5f15-460a-98b4-9bb0eeec0d8d", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "e6a4bd49-6b02-49dc-8204-b4e4cee693b0", + "label": "Count", + "line_width": 1, + "metrics": [ + { + "field": "cisco_secure_email_gateway.log.quarantine.load", + "id": "ad8aab01-a047-4608-9587-73f25a02c850", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 15, + "i": "d7812c11-fb15-4b86-ab17-f77fc145d4b2", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "d7812c11-fb15-4b86-ab17-f77fc145d4b2", + "type": "visualization", + "version": "7.17.0" } - } - }, - "gridData": { - "h": 15, - "i": "7ce2069e-5789-451a-8980-5c1efa0ea8b9", - "w": 24, - "x": 24, - "y": 44 + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Status", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-3e3a4de0-b00b-11ec-8a45-8d83ac55242a", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "panelIndex": "7ce2069e-5789-451a-8980-5c1efa0ea8b9", - "title": "Quarantine Process Over Time [Logs Cisco Secure Email Gateway]", - "type": "visualization", - "version": "7.17.0" - } + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Status", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json index 753325ca1dc..03a886de5b0 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b.json @@ -1,752 +1,779 @@ { - "id": "cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc0NywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "amp" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "amp" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc": { - "columnOrder": [ - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285", - "40ee8622-c392-4ec5-bc21-d912f381c282" - ], - "columns": { - "40ee8622-c392-4ec5-bc21-d912f381c282": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "40ee8622-c392-4ec5-bc21-d912f381c282", - "type": "column" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.content_type" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285" - ], - "layerId": "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", - "layerType": "data", - "legendDisplay": "default", - "metric": "40ee8622-c392-4ec5-bc21-d912f381c282", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", - "type": "index-pattern" - } - ] - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "9dee5b6f-f892-4227-9472-22fb7d514271", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "9dee5b6f-f892-4227-9472-22fb7d514271", - "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "da50ed80-3cbc-4559-bef0-e3db5de2fb16": { - "columnOrder": [ - "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", - "722a910a-7f85-47f2-9eea-8a13c4faaed5" - ], - "columns": { - "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Malware Threat", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", - "type": "column" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "amp" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.malware" + "type": "phrase" }, - "722a910a-7f85-47f2-9eea-8a13c4faaed5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "amp" + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", - "isTransposed": false - }, - { - "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", - "isTransposed": false - } ], - "layerId": "da50ed80-3cbc-4559-bef0-e3db5de2fb16", - "layerType": "data" - } - }, - "title": "Top 10 Malware Threat [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-da50ed80-3cbc-4559-bef0-e3db5de2fb16", - "type": "index-pattern" - } - ] - } + "query": { + "language": "kuery", + "query": "" + } + } }, - "gridData": { - "h": 13, - "i": "dc47e71b-52ce-41ad-bbba-60c0b7205f20", - "w": 24, - "x": 24, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "dc47e71b-52ce-41ad-bbba-60c0b7205f20", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc97ded6-1926-428a-a6d3-d13b3b47b8ba": { - "columnOrder": [ - "50f68a81-af9c-4a46-8f31-49957891f03e", - "536e9932-8f25-4096-a1f1-cc40da5e099b" - ], - "columns": { - "50f68a81-af9c-4a46-8f31-49957891f03e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Spy Name ", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc": { + "columnOrder": [ + "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285", + "40ee8622-c392-4ec5-bc21-d912f381c282" + ], + "columns": { + "40ee8622-c392-4ec5-bc21-d912f381c282": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "40ee8622-c392-4ec5-bc21-d912f381c282", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.content_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.spy_name" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "cfaa9bc5-46c5-4cf4-968f-419ea5d8e285" + ], + "layerId": "42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", + "layerType": "data", + "legendDisplay": "default", + "metric": "40ee8622-c392-4ec5-bc21-d912f381c282", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "536e9932-8f25-4096-a1f1-cc40da5e099b": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "50f68a81-af9c-4a46-8f31-49957891f03e", - "isTransposed": false - }, - { - "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", - "isTransposed": false - } - ], - "layerId": "cc97ded6-1926-428a-a6d3-d13b3b47b8ba", - "layerType": "data" - } + "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "8d2945d3-3cf7-4371-92ec-c80a7c0aad1a", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "8d2945d3-3cf7-4371-92ec-c80a7c0aad1a", + "title": "Distribution of AMP Engine Events by File Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Spy Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc97ded6-1926-428a-a6d3-d13b3b47b8ba", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 13, - "i": "ca17fa14-0065-4dc5-87e2-3166254da30a", - "w": 24, - "x": 0, - "y": 13 - }, - "panelIndex": "ca17fa14-0065-4dc5-87e2-3166254da30a", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8b6d5f6d-b1c9-4860-917a-ecac06f34b10": { - "columnOrder": [ - "a3111dae-5b02-4296-88ff-61197bd0f3f9", - "c3597c7d-4468-4194-8f2d-a453ced98438" - ], - "columns": { - "a3111dae-5b02-4296-88ff-61197bd0f3f9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "File Mime Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c3597c7d-4468-4194-8f2d-a453ced98438", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-da50ed80-3cbc-4559-bef0-e3db5de2fb16", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "da50ed80-3cbc-4559-bef0-e3db5de2fb16": { + "columnOrder": [ + "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", + "722a910a-7f85-47f2-9eea-8a13c4faaed5" + ], + "columns": { + "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Malware Threat", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.malware" + }, + "722a910a-7f85-47f2-9eea-8a13c4faaed5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.attachments.file.mime_type" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2782b4e2-ba8c-4aaf-8747-8d7297b3ec41", + "isTransposed": false + }, + { + "columnId": "722a910a-7f85-47f2-9eea-8a13c4faaed5", + "isTransposed": false + } + ], + "layerId": "da50ed80-3cbc-4559-bef0-e3db5de2fb16", + "layerType": "data" + } }, - "c3597c7d-4468-4194-8f2d-a453ced98438": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "a3111dae-5b02-4296-88ff-61197bd0f3f9" - ], - "layerId": "8b6d5f6d-b1c9-4860-917a-ecac06f34b10", - "layerType": "data", - "legendDisplay": "default", - "metric": "c3597c7d-4468-4194-8f2d-a453ced98438", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Malware Threat [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "cfcfa193-5688-4013-b9a3-0a69af3c9e2b", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "cfcfa193-5688-4013-b9a3-0a69af3c9e2b", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8b6d5f6d-b1c9-4860-917a-ecac06f34b10", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 13, - "i": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1", - "w": 24, - "x": 24, - "y": 13 - }, - "panelIndex": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1", - "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "209d92c9-a130-4ba9-8e21-35662ea8c98e": { - "columnOrder": [ - "1a4f6e44-23c6-4726-988a-6706f595eda1", - "6fa0fc6c-efc2-42b1-96a1-78623735199e" - ], - "columns": { - "1a4f6e44-23c6-4726-988a-6706f595eda1": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Upload Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6fa0fc6c-efc2-42b1-96a1-78623735199e", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.upload.action" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc97ded6-1926-428a-a6d3-d13b3b47b8ba", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc97ded6-1926-428a-a6d3-d13b3b47b8ba": { + "columnOrder": [ + "50f68a81-af9c-4a46-8f31-49957891f03e", + "536e9932-8f25-4096-a1f1-cc40da5e099b" + ], + "columns": { + "50f68a81-af9c-4a46-8f31-49957891f03e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Spy Name ", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.spy_name" + }, + "536e9932-8f25-4096-a1f1-cc40da5e099b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "50f68a81-af9c-4a46-8f31-49957891f03e", + "isTransposed": false + }, + { + "columnId": "536e9932-8f25-4096-a1f1-cc40da5e099b", + "isTransposed": false + } + ], + "layerId": "cc97ded6-1926-428a-a6d3-d13b3b47b8ba", + "layerType": "data" + } }, - "6fa0fc6c-efc2-42b1-96a1-78623735199e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Top 10 Spy Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 13, + "i": "41bfdbe3-f024-4b84-b200-f1864aa19fcb", + "w": 24, + "x": 0, + "y": 13 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "41bfdbe3-f024-4b84-b200-f1864aa19fcb", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8b6d5f6d-b1c9-4860-917a-ecac06f34b10", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8b6d5f6d-b1c9-4860-917a-ecac06f34b10": { + "columnOrder": [ + "a3111dae-5b02-4296-88ff-61197bd0f3f9", + "c3597c7d-4468-4194-8f2d-a453ced98438" + ], + "columns": { + "a3111dae-5b02-4296-88ff-61197bd0f3f9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "File Mime Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c3597c7d-4468-4194-8f2d-a453ced98438", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.attachments.file.mime_type" + }, + "c3597c7d-4468-4194-8f2d-a453ced98438": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "a3111dae-5b02-4296-88ff-61197bd0f3f9" + ], + "layerId": "8b6d5f6d-b1c9-4860-917a-ecac06f34b10", + "layerType": "data", + "legendDisplay": "default", + "metric": "c3597c7d-4468-4194-8f2d-a453ced98438", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "6fa0fc6c-efc2-42b1-96a1-78623735199e" - ], - "layerId": "209d92c9-a130-4ba9-8e21-35662ea8c98e", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "1a4f6e44-23c6-4726-988a-6706f595eda1" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 13, + "i": "c64cb45b-8706-4ab8-9879-e42f24664945", + "w": 24, + "x": 24, + "y": 13 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "c64cb45b-8706-4ab8-9879-e42f24664945", + "title": "Distribution of AMP Engine Events by File MIME Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-209d92c9-a130-4ba9-8e21-35662ea8c98e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "209d92c9-a130-4ba9-8e21-35662ea8c98e": { + "columnOrder": [ + "1a4f6e44-23c6-4726-988a-6706f595eda1", + "6fa0fc6c-efc2-42b1-96a1-78623735199e" + ], + "columns": { + "1a4f6e44-23c6-4726-988a-6706f595eda1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Upload Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6fa0fc6c-efc2-42b1-96a1-78623735199e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.upload.action" + }, + "6fa0fc6c-efc2-42b1-96a1-78623735199e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "6fa0fc6c-efc2-42b1-96a1-78623735199e" + ], + "layerId": "209d92c9-a130-4ba9-8e21-35662ea8c98e", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "1a4f6e44-23c6-4726-988a-6706f595eda1" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 13, + "i": "6897e2ac-c676-4042-8a6b-e6516e1fb32f", + "w": 24, + "x": 0, + "y": 26 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "6897e2ac-c676-4042-8a6b-e6516e1fb32f", + "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-209d92c9-a130-4ba9-8e21-35662ea8c98e", - "type": "index-pattern" - } - ] - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-52251872-020b-4855-9c01-fbebd4df0064", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "52251872-020b-4855-9c01-fbebd4df0064": { + "columnOrder": [ + "585842e9-697b-43a6-99cb-e905245ce2e2", + "1c89cec4-799f-407c-a53c-d4f2332d7966" + ], + "columns": { + "1c89cec4-799f-407c-a53c-d4f2332d7966": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "585842e9-697b-43a6-99cb-e905245ce2e2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1c89cec4-799f-407c-a53c-d4f2332d7966", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "585842e9-697b-43a6-99cb-e905245ce2e2" + ], + "layerId": "52251872-020b-4855-9c01-fbebd4df0064", + "layerType": "data", + "legendDisplay": "default", + "metric": "1c89cec4-799f-407c-a53c-d4f2332d7966", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "9c09c0da-3772-4316-8471-ae711384a696", + "w": 24, + "x": 24, + "y": 26 + }, + "panelIndex": "9c09c0da-3772-4316-8471-ae711384a696", + "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] AMP Engine", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-6a11cbc0-b513-11ec-aa3c-afc0e710666b", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "gridData": { - "h": 13, - "i": "38a471f6-9731-4071-9d91-b3ec1564349b", - "w": 24, - "x": 0, - "y": 26 + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" }, - "panelIndex": "38a471f6-9731-4071-9d91-b3ec1564349b", - "title": "Distribution of AMP Engine Events by Upload Action [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "52251872-020b-4855-9c01-fbebd4df0064": { - "columnOrder": [ - "585842e9-697b-43a6-99cb-e905245ce2e2", - "1c89cec4-799f-407c-a53c-d4f2332d7966" - ], - "columns": { - "1c89cec4-799f-407c-a53c-d4f2332d7966": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "585842e9-697b-43a6-99cb-e905245ce2e2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1c89cec4-799f-407c-a53c-d4f2332d7966", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "585842e9-697b-43a6-99cb-e905245ce2e2" - ], - "layerId": "52251872-020b-4855-9c01-fbebd4df0064", - "layerType": "data", - "legendDisplay": "default", - "metric": "1c89cec4-799f-407c-a53c-d4f2332d7966", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-52251872-020b-4855-9c01-fbebd4df0064", - "type": "index-pattern" - } - ] - } + { + "id": "logs-*", + "name": "8d2945d3-3cf7-4371-92ec-c80a7c0aad1a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d2945d3-3cf7-4371-92ec-c80a7c0aad1a:indexpattern-datasource-layer-42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfcfa193-5688-4013-b9a3-0a69af3c9e2b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfcfa193-5688-4013-b9a3-0a69af3c9e2b:indexpattern-datasource-layer-da50ed80-3cbc-4559-bef0-e3db5de2fb16", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41bfdbe3-f024-4b84-b200-f1864aa19fcb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41bfdbe3-f024-4b84-b200-f1864aa19fcb:indexpattern-datasource-layer-cc97ded6-1926-428a-a6d3-d13b3b47b8ba", + "type": "index-pattern" }, - "gridData": { - "h": 13, - "i": "aa7dfa01-c596-466e-8296-1608d666cd1e", - "w": 24, - "x": 24, - "y": 26 + { + "id": "logs-*", + "name": "c64cb45b-8706-4ab8-9879-e42f24664945:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "aa7dfa01-c596-466e-8296-1608d666cd1e", - "title": "Distribution of AMP Engine Events by Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - } + { + "id": "logs-*", + "name": "c64cb45b-8706-4ab8-9879-e42f24664945:indexpattern-datasource-layer-8b6d5f6d-b1c9-4860-917a-ecac06f34b10", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6897e2ac-c676-4042-8a6b-e6516e1fb32f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6897e2ac-c676-4042-8a6b-e6516e1fb32f:indexpattern-datasource-layer-209d92c9-a130-4ba9-8e21-35662ea8c98e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9c09c0da-3772-4316-8471-ae711384a696:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9c09c0da-3772-4316-8471-ae711384a696:indexpattern-datasource-layer-52251872-020b-4855-9c01-fbebd4df0064", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] AMP Engine", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "9dee5b6f-f892-4227-9472-22fb7d514271:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "9dee5b6f-f892-4227-9472-22fb7d514271:indexpattern-datasource-layer-42e2b65e-cb47-40bb-9c1b-57ffe421f4dc", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "dc47e71b-52ce-41ad-bbba-60c0b7205f20:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "dc47e71b-52ce-41ad-bbba-60c0b7205f20:indexpattern-datasource-layer-da50ed80-3cbc-4559-bef0-e3db5de2fb16", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ca17fa14-0065-4dc5-87e2-3166254da30a:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ca17fa14-0065-4dc5-87e2-3166254da30a:indexpattern-datasource-layer-cc97ded6-1926-428a-a6d3-d13b3b47b8ba", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5878a629-052a-4cb5-95bf-8e0fc6ec5ec1:indexpattern-datasource-layer-8b6d5f6d-b1c9-4860-917a-ecac06f34b10", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "38a471f6-9731-4071-9d91-b3ec1564349b:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "38a471f6-9731-4071-9d91-b3ec1564349b:indexpattern-datasource-layer-209d92c9-a130-4ba9-8e21-35662ea8c98e", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "aa7dfa01-c596-466e-8296-1608d666cd1e:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "aa7dfa01-c596-466e-8296-1608d666cd1e:indexpattern-datasource-layer-52251872-020b-4855-9c01-fbebd4df0064", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json index 2709c96afb5..02f94a10d69 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54.json @@ -1,482 +1,638 @@ { - "id": "cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc0OCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6a329d99-3de7-4396-9481-07cff7118b75": { - "columnOrder": [ - "94df3128-28b6-4f27-897f-bcb44d3c7196", - "2eeef2a5-4721-49f0-bdf3-e39e05c95999" - ], - "columns": { - "2eeef2a5-4721-49f0-bdf3-e39e05c95999": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "94df3128-28b6-4f27-897f-bcb44d3c7196": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", - "type": "column" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"antispam\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "94df3128-28b6-4f27-897f-bcb44d3c7196" - ], - "layerId": "6a329d99-3de7-4396-9481-07cff7118b75", - "layerType": "data", - "legendDisplay": "default", - "metric": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-6a329d99-3de7-4396-9481-07cff7118b75", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "7cc45c02-44e8-438c-aa38-a007d252b940", - "w": 23, - "x": 0, - "y": 0 - }, - "panelIndex": "7cc45c02-44e8-438c-aa38-a007d252b940", - "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d11b7b35-4452-4d96-aedb-cfa76248e087": { - "columnOrder": [ - "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885", - "9d948240-967b-4c51-828f-3b950b5beca5" - ], - "columns": { - "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9d948240-967b-4c51-828f-3b950b5beca5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object_category" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": [ + "antispam", + "authentication" + ], + "type": "phrases" }, - "9d948240-967b-4c51-828f-3b950b5beca5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "antispam" + } + }, + { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "authentication" + } + } + ] + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"antispam\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885" - ], - "layerId": "d11b7b35-4452-4d96-aedb-cfa76248e087", - "layerType": "data", - "legendDisplay": "default", - "metric": "9d948240-967b-4c51-828f-3b950b5beca5", - "nestedLegend": false, - "numberDisplay": "percent" - } ], - "shape": "pie" - } - }, - "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d11b7b35-4452-4d96-aedb-cfa76248e087", - "type": "index-pattern" - } - ] - } + "query": { + "language": "kuery", + "query": "" + } + } }, - "gridData": { - "h": 15, - "i": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3", - "w": 25, - "x": 23, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3", - "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3580df6b-ad09-48fd-a1a5-82f760b16cdd": { - "columnOrder": [ - "eeafffce-6abd-40c9-9615-6707e18801b6", - "31ca0397-55c6-4109-a00c-b79e85754ffa" - ], - "columns": { - "31ca0397-55c6-4109-a00c-b79e85754ffa": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6a329d99-3de7-4396-9481-07cff7118b75", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "6a329d99-3de7-4396-9481-07cff7118b75": { + "columnOrder": [ + "94df3128-28b6-4f27-897f-bcb44d3c7196", + "2eeef2a5-4721-49f0-bdf3-e39e05c95999" + ], + "columns": { + "2eeef2a5-4721-49f0-bdf3-e39e05c95999": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "94df3128-28b6-4f27-897f-bcb44d3c7196": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "antispam" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "antispam" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "94df3128-28b6-4f27-897f-bcb44d3c7196" + ], + "layerId": "6a329d99-3de7-4396-9481-07cff7118b75", + "layerType": "data", + "legendDisplay": "default", + "metric": "2eeef2a5-4721-49f0-bdf3-e39e05c95999", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "eeafffce-6abd-40c9-9615-6707e18801b6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Username", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", - "type": "column" + "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3c5b2b73-ddb2-4b3a-8c28-b90377888c45", + "w": 23, + "x": 0, + "y": 0 + }, + "panelIndex": "3c5b2b73-ddb2-4b3a-8c28-b90377888c45", + "title": "Distribution of Anti-Spam Events by Object [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"authentication\"" - }, - "visualization": { - "columns": [ - { - "columnId": "eeafffce-6abd-40c9-9615-6707e18801b6", - "isTransposed": false - }, - { - "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", - "isTransposed": false - } - ], - "layerId": "3580df6b-ad09-48fd-a1a5-82f760b16cdd", - "layerType": "data" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d11b7b35-4452-4d96-aedb-cfa76248e087", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d11b7b35-4452-4d96-aedb-cfa76248e087": { + "columnOrder": [ + "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885", + "9d948240-967b-4c51-828f-3b950b5beca5" + ], + "columns": { + "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9d948240-967b-4c51-828f-3b950b5beca5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object_category" + }, + "9d948240-967b-4c51-828f-3b950b5beca5": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "antispam" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "antispam" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "8ea28f8c-d6b1-4857-9581-6f6a2fd9a885" + ], + "layerId": "d11b7b35-4452-4d96-aedb-cfa76248e087", + "layerType": "data", + "legendDisplay": "default", + "metric": "9d948240-967b-4c51-828f-3b950b5beca5", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "35898193-7d16-4fee-aca7-8b49b3c78414", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "35898193-7d16-4fee-aca7-8b49b3c78414", + "title": "Distribution of Anti-Spam Events by Object Category [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3580df6b-ad09-48fd-a1a5-82f760b16cdd", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "d14a4980-fa97-483e-ad10-ad6ff134dd23", - "w": 23, - "x": 0, - "y": 15 - }, - "panelIndex": "d14a4980-fa97-483e-ad10-ad6ff134dd23", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0c19b962-3c1b-47bd-b455-08fe74f0d713": { - "columnOrder": [ - "5633dc67-ee99-44e0-9fc9-1eeb069871a7", - "df66b654-83dc-4985-830d-a241adefbc2c" - ], - "columns": { - "5633dc67-ee99-44e0-9fc9-1eeb069871a7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "df66b654-83dc-4985-830d-a241adefbc2c", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3580df6b-ad09-48fd-a1a5-82f760b16cdd", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3580df6b-ad09-48fd-a1a5-82f760b16cdd": { + "columnOrder": [ + "eeafffce-6abd-40c9-9615-6707e18801b6", + "31ca0397-55c6-4109-a00c-b79e85754ffa" + ], + "columns": { + "31ca0397-55c6-4109-a00c-b79e85754ffa": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "eeafffce-6abd-40c9-9615-6707e18801b6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.outcome" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "eeafffce-6abd-40c9-9615-6707e18801b6", + "isTransposed": false + }, + { + "columnId": "31ca0397-55c6-4109-a00c-b79e85754ffa", + "isTransposed": false + } + ], + "layerId": "3580df6b-ad09-48fd-a1a5-82f760b16cdd", + "layerType": "data" + } }, - "df66b654-83dc-4985-830d-a241adefbc2c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"authentication\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "5633dc67-ee99-44e0-9fc9-1eeb069871a7" - ], - "layerId": "0c19b962-3c1b-47bd-b455-08fe74f0d713", - "layerType": "data", - "legendDisplay": "default", - "metric": "df66b654-83dc-4985-830d-a241adefbc2c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "7fc58b16-a952-4d35-84c0-45945e8ec6f6", + "w": 23, + "x": 0, + "y": 15 + }, + "panelIndex": "7fc58b16-a952-4d35-84c0-45945e8ec6f6", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0c19b962-3c1b-47bd-b455-08fe74f0d713", - "type": "index-pattern" - } - ] - } + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0c19b962-3c1b-47bd-b455-08fe74f0d713", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0c19b962-3c1b-47bd-b455-08fe74f0d713": { + "columnOrder": [ + "5633dc67-ee99-44e0-9fc9-1eeb069871a7", + "df66b654-83dc-4985-830d-a241adefbc2c" + ], + "columns": { + "5633dc67-ee99-44e0-9fc9-1eeb069871a7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Outcome", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "df66b654-83dc-4985-830d-a241adefbc2c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.outcome" + }, + "df66b654-83dc-4985-830d-a241adefbc2c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "authentication" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "5633dc67-ee99-44e0-9fc9-1eeb069871a7" + ], + "layerId": "0c19b962-3c1b-47bd-b455-08fe74f0d713", + "layerType": "data", + "legendDisplay": "default", + "metric": "df66b654-83dc-4985-830d-a241adefbc2c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "c34b2ca9-8602-459f-a5d1-c549c9d9484f", + "w": 25, + "x": 23, + "y": 15 + }, + "panelIndex": "c34b2ca9-8602-459f-a5d1-c549c9d9484f", + "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Anti-Spam and Authentication", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-97ab0d40-b63e-11ec-b665-f79f0daaad54", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c5b2b73-ddb2-4b3a-8c28-b90377888c45:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c5b2b73-ddb2-4b3a-8c28-b90377888c45:indexpattern-datasource-layer-6a329d99-3de7-4396-9481-07cff7118b75", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c5b2b73-ddb2-4b3a-8c28-b90377888c45:filter-index-pattern-0", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "1db1d475-764a-431d-abb5-9ab291f69e33", - "w": 25, - "x": 23, - "y": 15 + { + "id": "logs-*", + "name": "35898193-7d16-4fee-aca7-8b49b3c78414:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "1db1d475-764a-431d-abb5-9ab291f69e33", - "title": "Distribution of Authentication Events by Outcome [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - } + { + "id": "logs-*", + "name": "35898193-7d16-4fee-aca7-8b49b3c78414:indexpattern-datasource-layer-d11b7b35-4452-4d96-aedb-cfa76248e087", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "35898193-7d16-4fee-aca7-8b49b3c78414:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7fc58b16-a952-4d35-84c0-45945e8ec6f6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7fc58b16-a952-4d35-84c0-45945e8ec6f6:indexpattern-datasource-layer-3580df6b-ad09-48fd-a1a5-82f760b16cdd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c34b2ca9-8602-459f-a5d1-c549c9d9484f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c34b2ca9-8602-459f-a5d1-c549c9d9484f:indexpattern-datasource-layer-0c19b962-3c1b-47bd-b455-08fe74f0d713", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c34b2ca9-8602-459f-a5d1-c549c9d9484f:filter-index-pattern-0", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Anti-Spam and Authentication", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "7cc45c02-44e8-438c-aa38-a007d252b940:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "7cc45c02-44e8-438c-aa38-a007d252b940:indexpattern-datasource-layer-6a329d99-3de7-4396-9481-07cff7118b75", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f8fe013f-8aa5-4f0e-84ff-45ec811766a3:indexpattern-datasource-layer-d11b7b35-4452-4d96-aedb-cfa76248e087", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d14a4980-fa97-483e-ad10-ad6ff134dd23:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d14a4980-fa97-483e-ad10-ad6ff134dd23:indexpattern-datasource-layer-3580df6b-ad09-48fd-a1a5-82f760b16cdd", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1db1d475-764a-431d-abb5-9ab291f69e33:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1db1d475-764a-431d-abb5-9ab291f69e33:indexpattern-datasource-layer-0c19b962-3c1b-47bd-b455-08fe74f0d713", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json index fb24fc01d6d..e5824f06590 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a.json @@ -1,804 +1,831 @@ { - "id": "cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc0OSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "gui_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "gui_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "deefc302-2a9c-4c62-8b64-db0656a1e201": { - "columnOrder": [ - "1a75a065-b075-4708-974f-e4460b593062", - "47d341a9-66d9-478c-83ed-faf1b8e6142f" - ], - "columns": { - "1a75a065-b075-4708-974f-e4460b593062": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Host IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", - "type": "column" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "gui_logs" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.ip" + "type": "phrase" }, - "47d341a9-66d9-478c-83ed-faf1b8e6142f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "gui_logs" + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "1a75a065-b075-4708-974f-e4460b593062", - "isTransposed": false - }, - { - "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", - "isTransposed": false - } ], - "layerId": "deefc302-2a9c-4c62-8b64-db0656a1e201", - "layerType": "data" - } - }, - "title": "Top 10 Host IP [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-deefc302-2a9c-4c62-8b64-db0656a1e201", - "type": "index-pattern" - } - ] - } + "query": { + "language": "kuery", + "query": "" + } + } }, - "gridData": { - "h": 15, - "i": "1dd36832-31f8-43d2-a00c-49d24108eaa4", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "1dd36832-31f8-43d2-a00c-49d24108eaa4", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "92246eb5-8cb8-441e-b9fe-ff56c6ff0997": { - "columnOrder": [ - "172c29b9-e8bc-48f2-aa9c-796d076a7895", - "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" - ], - "columns": { - "172c29b9-e8bc-48f2-aa9c-796d076a7895": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Request", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "5ea232ac-12df-4c6e-af79-0d1b41d3e34c", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "http.request.method" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-deefc302-2a9c-4c62-8b64-db0656a1e201", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "deefc302-2a9c-4c62-8b64-db0656a1e201": { + "columnOrder": [ + "1a75a065-b075-4708-974f-e4460b593062", + "47d341a9-66d9-478c-83ed-faf1b8e6142f" + ], + "columns": { + "1a75a065-b075-4708-974f-e4460b593062": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Host IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.ip" + }, + "47d341a9-66d9-478c-83ed-faf1b8e6142f": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "1a75a065-b075-4708-974f-e4460b593062", + "isTransposed": false + }, + { + "columnId": "47d341a9-66d9-478c-83ed-faf1b8e6142f", + "isTransposed": false + } + ], + "layerId": "deefc302-2a9c-4c62-8b64-db0656a1e201", + "layerType": "data" + } }, - "5ea232ac-12df-4c6e-af79-0d1b41d3e34c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Top 10 Host IP [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "96f88494-bd1e-4a17-a027-3010e6beabf6", + "w": 24, + "x": 0, + "y": 0 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "96f88494-bd1e-4a17-a027-3010e6beabf6", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-92246eb5-8cb8-441e-b9fe-ff56c6ff0997", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "92246eb5-8cb8-441e-b9fe-ff56c6ff0997": { + "columnOrder": [ + "172c29b9-e8bc-48f2-aa9c-796d076a7895", + "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" + ], + "columns": { + "172c29b9-e8bc-48f2-aa9c-796d076a7895": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Request", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5ea232ac-12df-4c6e-af79-0d1b41d3e34c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "http.request.method" + }, + "5ea232ac-12df-4c6e-af79-0d1b41d3e34c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" + ], + "layerId": "92246eb5-8cb8-441e-b9fe-ff56c6ff0997", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "172c29b9-e8bc-48f2-aa9c-796d076a7895" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "5ea232ac-12df-4c6e-af79-0d1b41d3e34c" - ], - "layerId": "92246eb5-8cb8-441e-b9fe-ff56c6ff0997", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "172c29b9-e8bc-48f2-aa9c-796d076a7895" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "c4fc50c1-7b4c-4be2-9d6b-482077137e18", + "w": 24, + "x": 24, + "y": 0 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "c4fc50c1-7b4c-4be2-9d6b-482077137e18", + "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-316330ba-0c74-48a8-a005-a83d62b22825", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "316330ba-0c74-48a8-a005-a83d62b22825": { + "columnOrder": [ + "49ecc95f-4e3e-4886-b6a9-f877f37aa93d", + "190364eb-0f7a-4409-b39e-761d5f9bd865" + ], + "columns": { + "190364eb-0f7a-4409-b39e-761d5f9bd865": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "49ecc95f-4e3e-4886-b6a9-f877f37aa93d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Response Status Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "190364eb-0f7a-4409-b39e-761d5f9bd865", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "http.response.status_code" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "190364eb-0f7a-4409-b39e-761d5f9bd865" + ], + "layerId": "316330ba-0c74-48a8-a005-a83d62b22825", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "49ecc95f-4e3e-4886-b6a9-f877f37aa93d" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "20c35389-641a-48a4-aeda-8bbe53a2eea4", + "w": 24, + "x": 0, + "y": 15 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "20c35389-641a-48a4-aeda-8bbe53a2eea4", + "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-92246eb5-8cb8-441e-b9fe-ff56c6ff0997", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5", - "title": "Distribution of GUI Events by Request [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "316330ba-0c74-48a8-a005-a83d62b22825": { - "columnOrder": [ - "49ecc95f-4e3e-4886-b6a9-f877f37aa93d", - "190364eb-0f7a-4409-b39e-761d5f9bd865" - ], - "columns": { - "190364eb-0f7a-4409-b39e-761d5f9bd865": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "49ecc95f-4e3e-4886-b6a9-f877f37aa93d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Response Status Code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "190364eb-0f7a-4409-b39e-761d5f9bd865", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "http.response.status_code" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0c3a1ff3-eb26-42fd-8196-49c12251bd49", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0c3a1ff3-eb26-42fd-8196-49c12251bd49": { + "columnOrder": [ + "cebc1213-bb3f-4000-b747-5f0b0c608b4b", + "e1416011-657e-40b0-9af8-ff3bcbdf0617" + ], + "columns": { + "cebc1213-bb3f-4000-b747-5f0b0c608b4b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Agent Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1416011-657e-40b0-9af8-ff3bcbdf0617", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.name" + }, + "e1416011-657e-40b0-9af8-ff3bcbdf0617": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "cebc1213-bb3f-4000-b747-5f0b0c608b4b" + ], + "layerId": "0c3a1ff3-eb26-42fd-8196-49c12251bd49", + "layerType": "data", + "legendDisplay": "default", + "metric": "e1416011-657e-40b0-9af8-ff3bcbdf0617", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of GUI Events by User Agent Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "af146862-e3c8-4fa7-931b-dcc87acdb9f5", + "w": 24, + "x": 24, + "y": 15 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "af146862-e3c8-4fa7-931b-dcc87acdb9f5", + "title": "Distribution of GUI Events by User Agent [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-57751ffc-a4b1-4c64-88ce-1e692814b206", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "57751ffc-a4b1-4c64-88ce-1e692814b206": { + "columnOrder": [ + "23017c0a-ce72-475c-a40c-9f98f6036ea5", + "43da0051-67fe-4cab-9dcd-acd44e8eede1" + ], + "columns": { + "23017c0a-ce72-475c-a40c-9f98f6036ea5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "43da0051-67fe-4cab-9dcd-acd44e8eede1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "23017c0a-ce72-475c-a40c-9f98f6036ea5", + "isTransposed": false + }, + { + "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", + "isTransposed": false + } + ], + "layerId": "57751ffc-a4b1-4c64-88ce-1e692814b206", + "layerType": "data" + } + }, + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "190364eb-0f7a-4409-b39e-761d5f9bd865" - ], - "layerId": "316330ba-0c74-48a8-a005-a83d62b22825", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "49ecc95f-4e3e-4886-b6a9-f877f37aa93d" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "ec0a1f4d-3ec5-41f3-ba2b-f424d228eeb6", + "w": 24, + "x": 0, + "y": 30 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "ec0a1f4d-3ec5-41f3-ba2b-f424d228eeb6", + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-58c79990-e129-4e1d-a7c5-2f663c86109f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "58c79990-e129-4e1d-a7c5-2f663c86109f": { + "columnOrder": [ + "7e1dc911-a513-41bd-9e56-5366699d06e0", + "9a441fcb-5153-497e-85dc-6d3efb3b54cc", + "1abb990c-1e38-4ba3-b160-b0cea323aefc" + ], + "columns": { + "1abb990c-1e38-4ba3-b160-b0cea323aefc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "7e1dc911-a513-41bd-9e56-5366699d06e0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.name" + }, + "9a441fcb-5153-497e-85dc-6d3efb3b54cc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.version" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7e1dc911-a513-41bd-9e56-5366699d06e0", + "9a441fcb-5153-497e-85dc-6d3efb3b54cc" + ], + "layerId": "58c79990-e129-4e1d-a7c5-2f663c86109f", + "layerType": "data", + "legendDisplay": "default", + "metric": "1abb990c-1e38-4ba3-b160-b0cea323aefc", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "c46e5206-2b8a-4351-a047-d0156fc567bb", + "w": 24, + "x": 24, + "y": 30 }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-316330ba-0c74-48a8-a005-a83d62b22825", - "type": "index-pattern" - } - ] - } + "panelIndex": "c46e5206-2b8a-4351-a047-d0156fc567bb", + "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] GUI", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-a1060e90-b025-11ec-8a45-8d83ac55242a", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "ac4a3508-065d-4610-8358-684e5d9e82c2", - "w": 24, - "x": 0, - "y": 15 + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" }, - "panelIndex": "ac4a3508-065d-4610-8358-684e5d9e82c2", - "title": "Distribution of GUI Events by Response Status Code [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0c3a1ff3-eb26-42fd-8196-49c12251bd49": { - "columnOrder": [ - "cebc1213-bb3f-4000-b747-5f0b0c608b4b", - "e1416011-657e-40b0-9af8-ff3bcbdf0617" - ], - "columns": { - "cebc1213-bb3f-4000-b747-5f0b0c608b4b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Agent Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1416011-657e-40b0-9af8-ff3bcbdf0617", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user_agent.name" - }, - "e1416011-657e-40b0-9af8-ff3bcbdf0617": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "cebc1213-bb3f-4000-b747-5f0b0c608b4b" - ], - "layerId": "0c3a1ff3-eb26-42fd-8196-49c12251bd49", - "layerType": "data", - "legendDisplay": "default", - "metric": "e1416011-657e-40b0-9af8-ff3bcbdf0617", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of GUI Events by User Agent Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0c3a1ff3-eb26-42fd-8196-49c12251bd49", - "type": "index-pattern" - } - ] - } + { + "id": "logs-*", + "name": "96f88494-bd1e-4a17-a027-3010e6beabf6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe", - "w": 24, - "x": 24, - "y": 15 + { + "id": "logs-*", + "name": "96f88494-bd1e-4a17-a027-3010e6beabf6:indexpattern-datasource-layer-deefc302-2a9c-4c62-8b64-db0656a1e201", + "type": "index-pattern" }, - "panelIndex": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe", - "title": "Distribution of GUI Events by User Agent [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "57751ffc-a4b1-4c64-88ce-1e692814b206": { - "columnOrder": [ - "23017c0a-ce72-475c-a40c-9f98f6036ea5", - "43da0051-67fe-4cab-9dcd-acd44e8eede1" - ], - "columns": { - "23017c0a-ce72-475c-a40c-9f98f6036ea5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" - }, - "43da0051-67fe-4cab-9dcd-acd44e8eede1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "23017c0a-ce72-475c-a40c-9f98f6036ea5", - "isTransposed": false - }, - { - "columnId": "43da0051-67fe-4cab-9dcd-acd44e8eede1", - "isTransposed": false - } - ], - "layerId": "57751ffc-a4b1-4c64-88ce-1e692814b206", - "layerType": "data" - } - }, - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-57751ffc-a4b1-4c64-88ce-1e692814b206", - "type": "index-pattern" - } - ] - } + { + "id": "logs-*", + "name": "c4fc50c1-7b4c-4be2-9d6b-482077137e18:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "b6700711-d823-4afa-9ce0-b119917ed1b8", - "w": 24, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "c4fc50c1-7b4c-4be2-9d6b-482077137e18:indexpattern-datasource-layer-92246eb5-8cb8-441e-b9fe-ff56c6ff0997", + "type": "index-pattern" }, - "panelIndex": "b6700711-d823-4afa-9ce0-b119917ed1b8", - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "58c79990-e129-4e1d-a7c5-2f663c86109f": { - "columnOrder": [ - "7e1dc911-a513-41bd-9e56-5366699d06e0", - "9a441fcb-5153-497e-85dc-6d3efb3b54cc", - "1abb990c-1e38-4ba3-b160-b0cea323aefc" - ], - "columns": { - "1abb990c-1e38-4ba3-b160-b0cea323aefc": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7e1dc911-a513-41bd-9e56-5366699d06e0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user_agent.os.name" - }, - "9a441fcb-5153-497e-85dc-6d3efb3b54cc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "OS Version", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1abb990c-1e38-4ba3-b160-b0cea323aefc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user_agent.os.version" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "7e1dc911-a513-41bd-9e56-5366699d06e0", - "9a441fcb-5153-497e-85dc-6d3efb3b54cc" - ], - "layerId": "58c79990-e129-4e1d-a7c5-2f663c86109f", - "layerType": "data", - "legendDisplay": "default", - "metric": "1abb990c-1e38-4ba3-b160-b0cea323aefc", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-58c79990-e129-4e1d-a7c5-2f663c86109f", - "type": "index-pattern" - } - ] - } + { + "id": "logs-*", + "name": "20c35389-641a-48a4-aeda-8bbe53a2eea4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "79ad4619-4274-4344-925b-281f6c35df63", - "w": 24, - "x": 24, - "y": 30 + { + "id": "logs-*", + "name": "20c35389-641a-48a4-aeda-8bbe53a2eea4:indexpattern-datasource-layer-316330ba-0c74-48a8-a005-a83d62b22825", + "type": "index-pattern" }, - "panelIndex": "79ad4619-4274-4344-925b-281f6c35df63", - "title": "Distribution of GUI Events by OS, OS Version [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - } + { + "id": "logs-*", + "name": "af146862-e3c8-4fa7-931b-dcc87acdb9f5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "af146862-e3c8-4fa7-931b-dcc87acdb9f5:indexpattern-datasource-layer-0c3a1ff3-eb26-42fd-8196-49c12251bd49", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ec0a1f4d-3ec5-41f3-ba2b-f424d228eeb6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ec0a1f4d-3ec5-41f3-ba2b-f424d228eeb6:indexpattern-datasource-layer-57751ffc-a4b1-4c64-88ce-1e692814b206", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46e5206-2b8a-4351-a047-d0156fc567bb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c46e5206-2b8a-4351-a047-d0156fc567bb:indexpattern-datasource-layer-58c79990-e129-4e1d-a7c5-2f663c86109f", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] GUI", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "1dd36832-31f8-43d2-a00c-49d24108eaa4:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1dd36832-31f8-43d2-a00c-49d24108eaa4:indexpattern-datasource-layer-deefc302-2a9c-4c62-8b64-db0656a1e201", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "17df4ae4-3f35-46d2-9516-26dfdfe5f3b5:indexpattern-datasource-layer-92246eb5-8cb8-441e-b9fe-ff56c6ff0997", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ac4a3508-065d-4610-8358-684e5d9e82c2:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ac4a3508-065d-4610-8358-684e5d9e82c2:indexpattern-datasource-layer-316330ba-0c74-48a8-a005-a83d62b22825", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "e028cf94-3b68-4e0e-bff8-3e2d32e049fe:indexpattern-datasource-layer-0c3a1ff3-eb26-42fd-8196-49c12251bd49", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b6700711-d823-4afa-9ce0-b119917ed1b8:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b6700711-d823-4afa-9ce0-b119917ed1b8:indexpattern-datasource-layer-57751ffc-a4b1-4c64-88ce-1e692814b206", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "79ad4619-4274-4344-925b-281f6c35df63:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "79ad4619-4274-4344-925b-281f6c35df63:indexpattern-datasource-layer-58c79990-e129-4e1d-a7c5-2f663c86109f", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json index d387a3dcd7e..e930a3b5b37 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54.json @@ -1,617 +1,844 @@ { - "id": "cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc1MCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "818edf56-0abd-4454-a40a-9c48a9ccb60b": { - "columnOrder": [ - "30d4769c-2c7b-492d-bd13-dbd0be6331ae", - "4b2b840d-b0c8-4b5d-838a-6419d2679e57" - ], - "columns": { - "30d4769c-2c7b-492d-bd13-dbd0be6331ae": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipient", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", - "type": "column" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" + "type": "phrase" }, - "4b2b840d-b0c8-4b5d-838a-6419d2679e57": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"error_logs\"" - }, - "visualization": { - "columns": [ - { - "columnId": "30d4769c-2c7b-492d-bd13-dbd0be6331ae", - "isTransposed": false - }, - { - "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", - "isTransposed": false - } - ], - "layerId": "818edf56-0abd-4454-a40a-9c48a9ccb60b", - "layerType": "data" - } - }, - "title": "Top 10 Recipients [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-818edf56-0abd-4454-a40a-9c48a9ccb60b", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b6923de3-cac2-47e3-b36f-2bd1f4821098": { - "columnOrder": [ - "2002d5eb-0345-4f25-88e9-cac1c904bc99", - "d61dcbdd-2a90-4b16-85f1-070dc0ba109d" - ], - "columns": { - "2002d5eb-0345-4f25-88e9-cac1c904bc99": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Username", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.name" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": [ + "error_logs", + "content_scanner", + "system" + ], + "type": "phrases" }, - "d61dcbdd-2a90-4b16-85f1-070dc0ba109d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "error_logs" + } + }, + { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "content_scanner" + } + }, + { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "system" + } + } + ] + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"system\"" - }, - "visualization": { - "columns": [ - { - "columnId": "2002d5eb-0345-4f25-88e9-cac1c904bc99", - "isTransposed": false - }, - { - "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", - "isTransposed": false - } ], - "layerId": "b6923de3-cac2-47e3-b36f-2bd1f4821098", - "layerType": "data" - } - }, - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b6923de3-cac2-47e3-b36f-2bd1f4821098", - "type": "index-pattern" - } - ] - } + "query": { + "language": "kuery", + "query": "" + } + } }, - "gridData": { - "h": 15, - "i": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b", - "w": 24, - "x": 24, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b", - "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "29be06db-aa85-4914-8578-266c2829069c": { - "columnOrder": [ - "4b6916be-5bf4-49da-80ec-16fab2491238", - "d135bce7-6aed-4a4b-9550-6d1bcfa5b134" - ], - "columns": { - "4b6916be-5bf4-49da-80ec-16fab2491238": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Vendor Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-818edf56-0abd-4454-a40a-9c48a9ccb60b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "818edf56-0abd-4454-a40a-9c48a9ccb60b": { + "columnOrder": [ + "30d4769c-2c7b-492d-bd13-dbd0be6331ae", + "4b2b840d-b0c8-4b5d-838a-6419d2679e57" + ], + "columns": { + "30d4769c-2c7b-492d-bd13-dbd0be6331ae": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipient", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + }, + "4b2b840d-b0c8-4b5d-838a-6419d2679e57": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "error_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "error_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.vendor_action" + "visualization": { + "columns": [ + { + "columnId": "30d4769c-2c7b-492d-bd13-dbd0be6331ae", + "isTransposed": false + }, + { + "columnId": "4b2b840d-b0c8-4b5d-838a-6419d2679e57", + "isTransposed": false + } + ], + "layerId": "818edf56-0abd-4454-a40a-9c48a9ccb60b", + "layerType": "data" + } }, - "d135bce7-6aed-4a4b-9550-6d1bcfa5b134": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"content_scanner\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "4b6916be-5bf4-49da-80ec-16fab2491238" - ], - "layerId": "29be06db-aa85-4914-8578-266c2829069c", - "layerType": "data", - "legendDisplay": "default", - "metric": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Recipients [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "318a4088-897f-430a-a0a1-5b93ee6adfcc", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "318a4088-897f-430a-a0a1-5b93ee6adfcc", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Content Scanner Events by Vendor Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-29be06db-aa85-4914-8578-266c2829069c", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 16, - "i": "f4b68a6e-421b-42b1-866c-100f504735d4", - "w": 16, - "x": 0, - "y": 15 - }, - "panelIndex": "f4b68a6e-421b-42b1-866c-100f504735d4", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8cc04732-d3e2-4b65-aeac-fee7492adee6": { - "columnOrder": [ - "64ec49a9-78fd-4cb4-8c2b-e183f50b0526", - "4b3854d5-8b24-4472-a3b3-e2484749d658" - ], - "columns": { - "4b3854d5-8b24-4472-a3b3-e2484749d658": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "64ec49a9-78fd-4cb4-8c2b-e183f50b0526": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4b3854d5-8b24-4472-a3b3-e2484749d658", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object_category" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"content_scanner\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "64ec49a9-78fd-4cb4-8c2b-e183f50b0526" - ], - "layerId": "8cc04732-d3e2-4b65-aeac-fee7492adee6", - "layerType": "data", - "legendDisplay": "default", - "metric": "4b3854d5-8b24-4472-a3b3-e2484749d658", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Content Scanner Events by Object Category [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8cc04732-d3e2-4b65-aeac-fee7492adee6", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 16, - "i": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46", - "w": 15, - "x": 16, - "y": 15 - }, - "panelIndex": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b": { - "columnOrder": [ - "c6d33863-6a91-474c-891b-0a0930325222", - "08f66015-bfdb-489f-aea0-65ba4323e2f0" - ], - "columns": { - "08f66015-bfdb-489f-aea0-65ba4323e2f0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c6d33863-6a91-474c-891b-0a0930325222": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Alert Category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "08f66015-bfdb-489f-aea0-65ba4323e2f0", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b6923de3-cac2-47e3-b36f-2bd1f4821098", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.alert_category" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"error_logs\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b6923de3-cac2-47e3-b36f-2bd1f4821098": { + "columnOrder": [ + "2002d5eb-0345-4f25-88e9-cac1c904bc99", + "d61dcbdd-2a90-4b16-85f1-070dc0ba109d" + ], + "columns": { + "2002d5eb-0345-4f25-88e9-cac1c904bc99": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "d61dcbdd-2a90-4b16-85f1-070dc0ba109d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "system" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2002d5eb-0345-4f25-88e9-cac1c904bc99", + "isTransposed": false + }, + { + "columnId": "d61dcbdd-2a90-4b16-85f1-070dc0ba109d", + "isTransposed": false + } + ], + "layerId": "b6923de3-cac2-47e3-b36f-2bd1f4821098", + "layerType": "data" + } + }, + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "c73d9ef8-7341-4efb-a916-b13dfe88e1f3", + "w": 24, + "x": 24, + "y": 0 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "c73d9ef8-7341-4efb-a916-b13dfe88e1f3", + "title": "Top 10 User Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-29be06db-aa85-4914-8578-266c2829069c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "29be06db-aa85-4914-8578-266c2829069c": { + "columnOrder": [ + "4b6916be-5bf4-49da-80ec-16fab2491238", + "d135bce7-6aed-4a4b-9550-6d1bcfa5b134" + ], + "columns": { + "4b6916be-5bf4-49da-80ec-16fab2491238": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Vendor Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.vendor_action" + }, + "d135bce7-6aed-4a4b-9550-6d1bcfa5b134": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "content_scanner" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "content_scanner" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "4b6916be-5bf4-49da-80ec-16fab2491238" + ], + "layerId": "29be06db-aa85-4914-8578-266c2829069c", + "layerType": "data", + "legendDisplay": "default", + "metric": "d135bce7-6aed-4a4b-9550-6d1bcfa5b134", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Content Scanner Events by Vendor Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "layers": [ - { - "accessors": [ - "08f66015-bfdb-489f-aea0-65ba4323e2f0" - ], - "layerId": "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "c6d33863-6a91-474c-891b-0a0930325222" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 16, + "i": "2395eb0d-5c4d-45e4-b0b4-6da41b2d5fcc", + "w": 16, + "x": 0, + "y": 15 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "2395eb0d-5c4d-45e4-b0b4-6da41b2d5fcc", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8cc04732-d3e2-4b65-aeac-fee7492adee6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8cc04732-d3e2-4b65-aeac-fee7492adee6": { + "columnOrder": [ + "64ec49a9-78fd-4cb4-8c2b-e183f50b0526", + "4b3854d5-8b24-4472-a3b3-e2484749d658" + ], + "columns": { + "4b3854d5-8b24-4472-a3b3-e2484749d658": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "64ec49a9-78fd-4cb4-8c2b-e183f50b0526": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4b3854d5-8b24-4472-a3b3-e2484749d658", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object_category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "content_scanner" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "content_scanner" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "64ec49a9-78fd-4cb4-8c2b-e183f50b0526" + ], + "layerId": "8cc04732-d3e2-4b65-aeac-fee7492adee6", + "layerType": "data", + "legendDisplay": "default", + "metric": "4b3854d5-8b24-4472-a3b3-e2484749d658", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Content Scanner Events by Object Category [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {} }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 16, + "i": "afde2989-6876-49ae-8762-6c05aca509f4", + "w": 15, + "x": 16, + "y": 15 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "afde2989-6876-49ae-8762-6c05aca509f4", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", - "type": "index-pattern" - } - ] - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b": { + "columnOrder": [ + "c6d33863-6a91-474c-891b-0a0930325222", + "08f66015-bfdb-489f-aea0-65ba4323e2f0" + ], + "columns": { + "08f66015-bfdb-489f-aea0-65ba4323e2f0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c6d33863-6a91-474c-891b-0a0930325222": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Alert Category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "08f66015-bfdb-489f-aea0-65ba4323e2f0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.alert_category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "error_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "error_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "08f66015-bfdb-489f-aea0-65ba4323e2f0" + ], + "layerId": "d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "c6d33863-6a91-474c-891b-0a0930325222" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "44ea8ab5-ed7f-4eb3-b222-ccda2db21f18", + "w": 17, + "x": 31, + "y": 15 + }, + "panelIndex": "44ea8ab5-ed7f-4eb3-b222-ccda2db21f18", + "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Error, Content Scanner and System", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-b9591cf0-b640-11ec-b665-f79f0daaad54", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "318a4088-897f-430a-a0a1-5b93ee6adfcc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "318a4088-897f-430a-a0a1-5b93ee6adfcc:indexpattern-datasource-layer-818edf56-0abd-4454-a40a-9c48a9ccb60b", + "type": "index-pattern" }, - "gridData": { - "h": 16, - "i": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e", - "w": 17, - "x": 31, - "y": 15 + { + "id": "logs-*", + "name": "318a4088-897f-430a-a0a1-5b93ee6adfcc:filter-index-pattern-0", + "type": "index-pattern" }, - "panelIndex": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e", - "title": "Distribution of Error Events by Alert Category [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - } + { + "id": "logs-*", + "name": "c73d9ef8-7341-4efb-a916-b13dfe88e1f3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c73d9ef8-7341-4efb-a916-b13dfe88e1f3:indexpattern-datasource-layer-b6923de3-cac2-47e3-b36f-2bd1f4821098", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c73d9ef8-7341-4efb-a916-b13dfe88e1f3:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2395eb0d-5c4d-45e4-b0b4-6da41b2d5fcc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2395eb0d-5c4d-45e4-b0b4-6da41b2d5fcc:indexpattern-datasource-layer-29be06db-aa85-4914-8578-266c2829069c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2395eb0d-5c4d-45e4-b0b4-6da41b2d5fcc:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "afde2989-6876-49ae-8762-6c05aca509f4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "afde2989-6876-49ae-8762-6c05aca509f4:indexpattern-datasource-layer-8cc04732-d3e2-4b65-aeac-fee7492adee6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "afde2989-6876-49ae-8762-6c05aca509f4:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "44ea8ab5-ed7f-4eb3-b222-ccda2db21f18:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "44ea8ab5-ed7f-4eb3-b222-ccda2db21f18:indexpattern-datasource-layer-d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "44ea8ab5-ed7f-4eb3-b222-ccda2db21f18:filter-index-pattern-0", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Error, Content Scanner and System", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "945d4b9c-86fa-42cd-b512-1a1bd70b6d97:indexpattern-datasource-layer-818edf56-0abd-4454-a40a-9c48a9ccb60b", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "103fbc3c-7c0e-48cd-bd68-b67a615aad7b:indexpattern-datasource-layer-b6923de3-cac2-47e3-b36f-2bd1f4821098", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f4b68a6e-421b-42b1-866c-100f504735d4:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f4b68a6e-421b-42b1-866c-100f504735d4:indexpattern-datasource-layer-29be06db-aa85-4914-8578-266c2829069c", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "8d6507ea-1c20-4fcc-bbb9-daadecd72f46:indexpattern-datasource-layer-8cc04732-d3e2-4b65-aeac-fee7492adee6", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ca178e69-d36c-47fe-bea1-3f4aeb07c33e:indexpattern-datasource-layer-d10ac2c6-458d-45cf-95cd-b75b40a3cc6b", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json index 5b878fe6dd5..498e02f0745 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a.json @@ -1,1413 +1,1446 @@ { - "id": "cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc1MSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "consolidated_event" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "consolidated_event" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0fcbd198-453c-4d42-9e5d-4920321e8cbb": { - "columnOrder": [ - "da5e80d9-05f2-4ffe-a208-fb3cb59702c7", - "63a10371-dab3-4bcc-8c94-9deb9ad801db" - ], - "columns": { - "63a10371-dab3-4bcc-8c94-9deb9ad801db": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "da5e80d9-05f2-4ffe-a208-fb3cb59702c7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Listener Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "63a10371-dab3-4bcc-8c94-9deb9ad801db", - "type": "column" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.direction" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "da5e80d9-05f2-4ffe-a208-fb3cb59702c7" - ], - "layerId": "0fcbd198-453c-4d42-9e5d-4920321e8cbb", - "layerType": "data", - "legendDisplay": "default", - "metric": "63a10371-dab3-4bcc-8c94-9deb9ad801db", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0fcbd198-453c-4d42-9e5d-4920321e8cbb", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "b11261c4-5064-4f70-9297-35e354c35e59", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "b11261c4-5064-4f70-9297-35e354c35e59", - "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5534c705-73de-4482-818b-4b48acea0af1": { - "columnOrder": [ - "11a0d6ef-3389-4d51-9658-7ae3d39462a8", - "50ecfbc3-6f73-409e-8445-c8254e49b032" - ], - "columns": { - "11a0d6ef-3389-4d51-9658-7ae3d39462a8": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Outbreak Filters Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "50ecfbc3-6f73-409e-8445-c8254e49b032", - "type": "column" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "consolidated_event" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.outbreak_filter_verdict" + "type": "phrase" }, - "50ecfbc3-6f73-409e-8445-c8254e49b032": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "consolidated_event" + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "11a0d6ef-3389-4d51-9658-7ae3d39462a8" - ], - "layerId": "5534c705-73de-4482-818b-4b48acea0af1", - "layerType": "data", - "legendDisplay": "default", - "metric": "50ecfbc3-6f73-409e-8445-c8254e49b032", - "nestedLegend": false, - "numberDisplay": "percent" - } ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5534c705-73de-4482-818b-4b48acea0af1", - "type": "index-pattern" - } - ] - } + "query": { + "language": "kuery", + "query": "" + } + } }, - "gridData": { - "h": 15, - "i": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad", - "w": 24, - "x": 24, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad", - "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77": { - "columnOrder": [ - "764bb009-19ef-4869-aa16-a7eb988b2fa5", - "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" - ], - "columns": { - "764bb009-19ef-4869-aa16-a7eb988b2fa5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Mail Flow Policy Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0fcbd198-453c-4d42-9e5d-4920321e8cbb", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0fcbd198-453c-4d42-9e5d-4920321e8cbb": { + "columnOrder": [ + "da5e80d9-05f2-4ffe-a208-fb3cb59702c7", + "63a10371-dab3-4bcc-8c94-9deb9ad801db" + ], + "columns": { + "63a10371-dab3-4bcc-8c94-9deb9ad801db": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "da5e80d9-05f2-4ffe-a208-fb3cb59702c7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Listener Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "63a10371-dab3-4bcc-8c94-9deb9ad801db", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.direction" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.mail_flow_policy" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "da5e80d9-05f2-4ffe-a208-fb3cb59702c7" + ], + "layerId": "0fcbd198-453c-4d42-9e5d-4920321e8cbb", + "layerType": "data", + "legendDisplay": "default", + "metric": "63a10371-dab3-4bcc-8c94-9deb9ad801db", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "764bb009-19ef-4869-aa16-a7eb988b2fa5" - }, - { - "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" - } - ], - "layerId": "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", - "layerType": "data" - } + "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "0d9e9cc1-a955-40e0-8eb9-db0acf6fa6cd", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "0d9e9cc1-a955-40e0-8eb9-db0acf6fa6cd", + "title": "Distribution of Consolidated Events by Listener Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Mail Flow Policy Name [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "14f54d7b-75bc-44eb-a15f-c79876f5edb4", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "14f54d7b-75bc-44eb-a15f-c79876f5edb4", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "266b7fe0-231d-4c2a-973a-fc88a87f6b0e": { - "columnOrder": [ - "65aa90e8-5709-41df-aa29-56880e3b66a3", - "a2f6bdea-fd70-4b8d-9452-416c7b5840c7" - ], - "columns": { - "65aa90e8-5709-41df-aa29-56880e3b66a3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Helo Domain IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5534c705-73de-4482-818b-4b48acea0af1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5534c705-73de-4482-818b-4b48acea0af1": { + "columnOrder": [ + "11a0d6ef-3389-4d51-9658-7ae3d39462a8", + "50ecfbc3-6f73-409e-8445-c8254e49b032" + ], + "columns": { + "11a0d6ef-3389-4d51-9658-7ae3d39462a8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Outbreak Filters Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "50ecfbc3-6f73-409e-8445-c8254e49b032", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.outbreak_filter_verdict" + }, + "50ecfbc3-6f73-409e-8445-c8254e49b032": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.helo.ip" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "11a0d6ef-3389-4d51-9658-7ae3d39462a8" + ], + "layerId": "5534c705-73de-4482-818b-4b48acea0af1", + "layerType": "data", + "legendDisplay": "default", + "metric": "50ecfbc3-6f73-409e-8445-c8254e49b032", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "a2f6bdea-fd70-4b8d-9452-416c7b5840c7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "65aa90e8-5709-41df-aa29-56880e3b66a3", - "isTransposed": false - }, - { - "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", - "isTransposed": false - } - ], - "layerId": "266b7fe0-231d-4c2a-973a-fc88a87f6b0e", - "layerType": "data" - } + "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "43148847-d35c-4bf1-94b6-32533515a353", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "43148847-d35c-4bf1-94b6-32533515a353", + "title": "Distribution of Consolidated Events by Outbreak Filters Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Helo Domain IP [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-266b7fe0-231d-4c2a-973a-fc88a87f6b0e", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ef2e966e-52e1-4aa5-97d4-4f415bd80272": { - "columnOrder": [ - "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a", - "f4642514-e457-4c19-a2f4-802311e3a3fa" - ], - "columns": { - "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Graymail Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f4642514-e457-4c19-a2f4-802311e3a3fa", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.graymail_verdict" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77": { + "columnOrder": [ + "764bb009-19ef-4869-aa16-a7eb988b2fa5", + "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" + ], + "columns": { + "764bb009-19ef-4869-aa16-a7eb988b2fa5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Mail Flow Policy Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.mail_flow_policy" + }, + "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "764bb009-19ef-4869-aa16-a7eb988b2fa5" + }, + { + "columnId": "ab96a3d6-1f5f-472e-8ad7-ea84cde4d565" + } + ], + "layerId": "fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", + "layerType": "data" + } }, - "f4642514-e457-4c19-a2f4-802311e3a3fa": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a" - ], - "layerId": "ef2e966e-52e1-4aa5-97d4-4f415bd80272", - "layerType": "data", - "legendDisplay": "default", - "metric": "f4642514-e457-4c19-a2f4-802311e3a3fa", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Mail Flow Policy Name [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "cf00baab-16b5-4bf4-9474-8495907dc0d7", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "cf00baab-16b5-4bf4-9474-8495907dc0d7", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ef2e966e-52e1-4aa5-97d4-4f415bd80272", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf", - "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9d0f1c67-8726-4c33-8c99-5c6616fd273c": { - "columnOrder": [ - "1e49a823-db00-4ed1-bdfd-63c58746120c", - "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0" - ], - "columns": { - "1e49a823-db00-4ed1-bdfd-63c58746120c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "AMP Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-266b7fe0-231d-4c2a-973a-fc88a87f6b0e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "266b7fe0-231d-4c2a-973a-fc88a87f6b0e": { + "columnOrder": [ + "65aa90e8-5709-41df-aa29-56880e3b66a3", + "a2f6bdea-fd70-4b8d-9452-416c7b5840c7" + ], + "columns": { + "65aa90e8-5709-41df-aa29-56880e3b66a3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Helo Domain IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.helo.ip" + }, + "a2f6bdea-fd70-4b8d-9452-416c7b5840c7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.amp_verdict" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "65aa90e8-5709-41df-aa29-56880e3b66a3", + "isTransposed": false + }, + { + "columnId": "a2f6bdea-fd70-4b8d-9452-416c7b5840c7", + "isTransposed": false + } + ], + "layerId": "266b7fe0-231d-4c2a-973a-fc88a87f6b0e", + "layerType": "data" + } }, - "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "1e49a823-db00-4ed1-bdfd-63c58746120c" - ], - "layerId": "9d0f1c67-8726-4c33-8c99-5c6616fd273c", - "layerType": "data", - "legendDisplay": "default", - "metric": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Top 10 Helo Domain IP [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "ae5619c3-27cf-4057-a20a-e62c31d60a04", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "ae5619c3-27cf-4057-a20a-e62c31d60a04", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9d0f1c67-8726-4c33-8c99-5c6616fd273c", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "fc2be34f-5ce2-48cc-a36d-8102d13f888f", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "fc2be34f-5ce2-48cc-a36d-8102d13f888f", - "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f": { - "columnOrder": [ - "d67f2de8-71ad-40c1-97da-732f12742c77", - "7599b0e8-574e-48da-8274-d0c65d2ee992" - ], - "columns": { - "7599b0e8-574e-48da-8274-d0c65d2ee992": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d67f2de8-71ad-40c1-97da-732f12742c77": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "AS Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7599b0e8-574e-48da-8274-d0c65d2ee992", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.as_verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "d67f2de8-71ad-40c1-97da-732f12742c77" - ], - "layerId": "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", - "layerType": "data", - "legendDisplay": "default", - "metric": "7599b0e8-574e-48da-8274-d0c65d2ee992", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "a0228300-da78-48a7-9d70-cc93670887b5", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "a0228300-da78-48a7-9d70-cc93670887b5", - "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "11172da2-6f42-47a4-b1f4-cdbf8afdedd0": { - "columnOrder": [ - "567678aa-a7e3-4e65-93eb-68015622fc6a", - "4ce98a9d-67cd-44cc-96b8-b3d08f750b84" - ], - "columns": { - "4ce98a9d-67cd-44cc-96b8-b3d08f750b84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "567678aa-a7e3-4e65-93eb-68015622fc6a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "AV Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ef2e966e-52e1-4aa5-97d4-4f415bd80272", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ef2e966e-52e1-4aa5-97d4-4f415bd80272": { + "columnOrder": [ + "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a", + "f4642514-e457-4c19-a2f4-802311e3a3fa" + ], + "columns": { + "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Graymail Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f4642514-e457-4c19-a2f4-802311e3a3fa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.graymail_verdict" + }, + "f4642514-e457-4c19-a2f4-802311e3a3fa": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.av_verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "567678aa-a7e3-4e65-93eb-68015622fc6a" - ], - "layerId": "11172da2-6f42-47a4-b1f4-cdbf8afdedd0", - "layerType": "data", - "legendDisplay": "default", - "metric": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-11172da2-6f42-47a4-b1f4-cdbf8afdedd0", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "0e21c3d8-a107-4c45-bb9e-c91763054347", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "0e21c3d8-a107-4c45-bb9e-c91763054347", - "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "17b5a5b0-ab60-4ac9-918d-1471b17fc36a": { - "columnOrder": [ - "84b418b7-2bd5-473f-a0a9-6a15c5864123", - "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d" - ], - "columns": { - "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "84b418b7-2bd5-473f-a0a9-6a15c5864123": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "DLP Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", - "type": "column" + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.dlp_verdict" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "84b418b7-2bd5-473f-a0a9-6a15c5864123" - ], - "layerId": "17b5a5b0-ab60-4ac9-918d-1471b17fc36a", - "layerType": "data", - "legendDisplay": "default", - "metric": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c60a5e2f-a5aa-47b7-964f-ade43eae9d5a" + ], + "layerId": "ef2e966e-52e1-4aa5-97d4-4f415bd80272", + "layerType": "data", + "legendDisplay": "default", + "metric": "f4642514-e457-4c19-a2f4-802311e3a3fa", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "cdbfe062-7db9-4a80-81a4-aeac8613aa0d", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "cdbfe062-7db9-4a80-81a4-aeac8613aa0d", + "title": "Distribution of Consolidated Events by Graymail Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-17b5a5b0-ab60-4ac9-918d-1471b17fc36a", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "466b3df7-c128-470a-b24e-c83257b58e86", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "466b3df7-c128-470a-b24e-c83257b58e86", - "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cd9e61a8-35d1-4605-b150-d09bf82d3f00": { - "columnOrder": [ - "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5", - "31cee9bf-5352-45fa-8574-6cec1a2790c3" - ], - "columns": { - "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Content Filters Verdict", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "31cee9bf-5352-45fa-8574-6cec1a2790c3", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9d0f1c67-8726-4c33-8c99-5c6616fd273c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9d0f1c67-8726-4c33-8c99-5c6616fd273c": { + "columnOrder": [ + "1e49a823-db00-4ed1-bdfd-63c58746120c", + "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0" + ], + "columns": { + "1e49a823-db00-4ed1-bdfd-63c58746120c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "AMP Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.amp_verdict" + }, + "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.esa.content_filter_verdict" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "1e49a823-db00-4ed1-bdfd-63c58746120c" + ], + "layerId": "9d0f1c67-8726-4c33-8c99-5c6616fd273c", + "layerType": "data", + "legendDisplay": "default", + "metric": "22dbf62a-c96a-4237-b7aa-7a85dbbb56f0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "31cee9bf-5352-45fa-8574-6cec1a2790c3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5" - ], - "layerId": "cd9e61a8-35d1-4605-b150-d09bf82d3f00", - "layerType": "data", - "legendDisplay": "default", - "metric": "31cee9bf-5352-45fa-8574-6cec1a2790c3", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "baccb893-b03f-49aa-98ae-c1b1cacf52e4", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "baccb893-b03f-49aa-98ae-c1b1cacf52e4", + "title": "Distribution of Consolidated Events by AMP Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cd9e61a8-35d1-4605-b150-d09bf82d3f00", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "dca786a1-5cf1-432b-b645-65378e3c4249", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "dca786a1-5cf1-432b-b645-65378e3c4249", - "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1f0830ca-67f7-48e3-8356-4495026c941d": { - "columnOrder": [ - "350b5032-a217-4f5b-afe2-13d5ed62a26e", - "6769baa6-3cdd-4ba5-a406-b5b10ae1a427" - ], - "columns": { - "350b5032-a217-4f5b-afe2-13d5ed62a26e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Appliance vendor", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f": { + "columnOrder": [ + "d67f2de8-71ad-40c1-97da-732f12742c77", + "7599b0e8-574e-48da-8274-d0c65d2ee992" + ], + "columns": { + "7599b0e8-574e-48da-8274-d0c65d2ee992": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "d67f2de8-71ad-40c1-97da-732f12742c77": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "AS Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7599b0e8-574e-48da-8274-d0c65d2ee992", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.as_verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.appliance.vendor" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d67f2de8-71ad-40c1-97da-732f12742c77" + ], + "layerId": "aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", + "layerType": "data", + "legendDisplay": "default", + "metric": "7599b0e8-574e-48da-8274-d0c65d2ee992", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "6769baa6-3cdd-4ba5-a406-b5b10ae1a427": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "350b5032-a217-4f5b-afe2-13d5ed62a26e", - "isTransposed": false - }, - { - "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", - "isTransposed": false - } - ], - "layerId": "1f0830ca-67f7-48e3-8356-4495026c941d", - "layerType": "data" - } + "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "8c13cc4d-f29b-4138-93ea-0e0f50cc6202", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "8c13cc4d-f29b-4138-93ea-0e0f50cc6202", + "title": "Distribution of Consolidated Events by AS Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Appliance vendor [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1f0830ca-67f7-48e3-8356-4495026c941d", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f", - "title": "Top 10 Appliance Vendor [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4315e942-ba49-474d-af76-6710ec550ad6": { - "columnOrder": [ - "e083e8f2-9f3a-4a86-9da1-5d14ac1653db", - "08e67d54-9697-4721-9ddc-ac4846ab92e6" - ], - "columns": { - "08e67d54-9697-4721-9ddc-ac4846ab92e6": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-11172da2-6f42-47a4-b1f4-cdbf8afdedd0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "11172da2-6f42-47a4-b1f4-cdbf8afdedd0": { + "columnOrder": [ + "567678aa-a7e3-4e65-93eb-68015622fc6a", + "4ce98a9d-67cd-44cc-96b8-b3d08f750b84" + ], + "columns": { + "4ce98a9d-67cd-44cc-96b8-b3d08f750b84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "567678aa-a7e3-4e65-93eb-68015622fc6a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "AV Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.av_verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "567678aa-a7e3-4e65-93eb-68015622fc6a" + ], + "layerId": "11172da2-6f42-47a4-b1f4-cdbf8afdedd0", + "layerType": "data", + "legendDisplay": "default", + "metric": "4ce98a9d-67cd-44cc-96b8-b3d08f750b84", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "e083e8f2-9f3a-4a86-9da1-5d14ac1653db": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Message Final Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "08e67d54-9697-4721-9ddc-ac4846ab92e6", - "type": "column" + "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "9e478140-ef7d-4e32-9aed-9992d835627b", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "9e478140-ef7d-4e32-9aed-9992d835627b", + "title": "Distribution of Consolidated Events by AV Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.act" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-17b5a5b0-ab60-4ac9-918d-1471b17fc36a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "17b5a5b0-ab60-4ac9-918d-1471b17fc36a": { + "columnOrder": [ + "84b418b7-2bd5-473f-a0a9-6a15c5864123", + "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d" + ], + "columns": { + "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "84b418b7-2bd5-473f-a0a9-6a15c5864123": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "DLP Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.dlp_verdict" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "84b418b7-2bd5-473f-a0a9-6a15c5864123" + ], + "layerId": "17b5a5b0-ab60-4ac9-918d-1471b17fc36a", + "layerType": "data", + "legendDisplay": "default", + "metric": "1f0c2ff3-8fb0-4767-8b5c-1289cc7c461d", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "ad2c20ac-625e-41db-bae9-acd643a6d0da", + "w": 24, + "x": 0, + "y": 60 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "ad2c20ac-625e-41db-bae9-acd643a6d0da", + "title": "Distribution of Consolidated Events by DLP Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cd9e61a8-35d1-4605-b150-d09bf82d3f00", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cd9e61a8-35d1-4605-b150-d09bf82d3f00": { + "columnOrder": [ + "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5", + "31cee9bf-5352-45fa-8574-6cec1a2790c3" + ], + "columns": { + "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Content Filters Verdict", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "31cee9bf-5352-45fa-8574-6cec1a2790c3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.esa.content_filter_verdict" + }, + "31cee9bf-5352-45fa-8574-6cec1a2790c3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "11d65fa4-175f-4cf6-8886-d85e8a9ed8f5" + ], + "layerId": "cd9e61a8-35d1-4605-b150-d09bf82d3f00", + "layerType": "data", + "legendDisplay": "default", + "metric": "31cee9bf-5352-45fa-8574-6cec1a2790c3", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "layers": [ - { - "accessors": [ - "08e67d54-9697-4721-9ddc-ac4846ab92e6" - ], - "layerId": "4315e942-ba49-474d-af76-6710ec550ad6", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "e083e8f2-9f3a-4a86-9da1-5d14ac1653db" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "08a50e9f-a5c4-4b81-aef1-41e510edcf2a", + "w": 24, + "x": 24, + "y": 60 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "08a50e9f-a5c4-4b81-aef1-41e510edcf2a", + "title": "Distribution of Consolidated Events by Content Filters Verdict [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1f0830ca-67f7-48e3-8356-4495026c941d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1f0830ca-67f7-48e3-8356-4495026c941d": { + "columnOrder": [ + "350b5032-a217-4f5b-afe2-13d5ed62a26e", + "6769baa6-3cdd-4ba5-a406-b5b10ae1a427" + ], + "columns": { + "350b5032-a217-4f5b-afe2-13d5ed62a26e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Appliance vendor", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.appliance.vendor" + }, + "6769baa6-3cdd-4ba5-a406-b5b10ae1a427": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "350b5032-a217-4f5b-afe2-13d5ed62a26e", + "isTransposed": false + }, + { + "columnId": "6769baa6-3cdd-4ba5-a406-b5b10ae1a427", + "isTransposed": false + } + ], + "layerId": "1f0830ca-67f7-48e3-8356-4495026c941d", + "layerType": "data" + } + }, + "title": "Top 10 Appliance vendor [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "a5137e26-7eb3-4ca3-a71c-76ae02c4d87e", + "w": 24, + "x": 0, + "y": 75 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "a5137e26-7eb3-4ca3-a71c-76ae02c4d87e", + "title": "Top 10 Appliance Vendor [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4315e942-ba49-474d-af76-6710ec550ad6", - "type": "index-pattern" - } - ] - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4315e942-ba49-474d-af76-6710ec550ad6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4315e942-ba49-474d-af76-6710ec550ad6": { + "columnOrder": [ + "e083e8f2-9f3a-4a86-9da1-5d14ac1653db", + "08e67d54-9697-4721-9ddc-ac4846ab92e6" + ], + "columns": { + "08e67d54-9697-4721-9ddc-ac4846ab92e6": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e083e8f2-9f3a-4a86-9da1-5d14ac1653db": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Message Final Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "08e67d54-9697-4721-9ddc-ac4846ab92e6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.act" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "08e67d54-9697-4721-9ddc-ac4846ab92e6" + ], + "layerId": "4315e942-ba49-474d-af76-6710ec550ad6", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "e083e8f2-9f3a-4a86-9da1-5d14ac1653db" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "be9c0fc3-1504-436e-83cb-785090ed450e", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "be9c0fc3-1504-436e-83cb-785090ed450e", + "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Consolidated Event", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-be7e9c00-b055-11ec-8a45-8d83ac55242a", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0d9e9cc1-a955-40e0-8eb9-db0acf6fa6cd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "ab44d98a-a6f9-46db-93b5-8d982bb8164d", - "w": 24, - "x": 24, - "y": 75 + { + "id": "logs-*", + "name": "0d9e9cc1-a955-40e0-8eb9-db0acf6fa6cd:indexpattern-datasource-layer-0fcbd198-453c-4d42-9e5d-4920321e8cbb", + "type": "index-pattern" }, - "panelIndex": "ab44d98a-a6f9-46db-93b5-8d982bb8164d", - "title": "Distribution of Consolidated Events by Message Final Action [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - } + { + "id": "logs-*", + "name": "43148847-d35c-4bf1-94b6-32533515a353:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "43148847-d35c-4bf1-94b6-32533515a353:indexpattern-datasource-layer-5534c705-73de-4482-818b-4b48acea0af1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cf00baab-16b5-4bf4-9474-8495907dc0d7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cf00baab-16b5-4bf4-9474-8495907dc0d7:indexpattern-datasource-layer-fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae5619c3-27cf-4057-a20a-e62c31d60a04:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae5619c3-27cf-4057-a20a-e62c31d60a04:indexpattern-datasource-layer-266b7fe0-231d-4c2a-973a-fc88a87f6b0e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cdbfe062-7db9-4a80-81a4-aeac8613aa0d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cdbfe062-7db9-4a80-81a4-aeac8613aa0d:indexpattern-datasource-layer-ef2e966e-52e1-4aa5-97d4-4f415bd80272", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "baccb893-b03f-49aa-98ae-c1b1cacf52e4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "baccb893-b03f-49aa-98ae-c1b1cacf52e4:indexpattern-datasource-layer-9d0f1c67-8726-4c33-8c99-5c6616fd273c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8c13cc4d-f29b-4138-93ea-0e0f50cc6202:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8c13cc4d-f29b-4138-93ea-0e0f50cc6202:indexpattern-datasource-layer-aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9e478140-ef7d-4e32-9aed-9992d835627b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9e478140-ef7d-4e32-9aed-9992d835627b:indexpattern-datasource-layer-11172da2-6f42-47a4-b1f4-cdbf8afdedd0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad2c20ac-625e-41db-bae9-acd643a6d0da:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad2c20ac-625e-41db-bae9-acd643a6d0da:indexpattern-datasource-layer-17b5a5b0-ab60-4ac9-918d-1471b17fc36a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "08a50e9f-a5c4-4b81-aef1-41e510edcf2a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "08a50e9f-a5c4-4b81-aef1-41e510edcf2a:indexpattern-datasource-layer-cd9e61a8-35d1-4605-b150-d09bf82d3f00", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a5137e26-7eb3-4ca3-a71c-76ae02c4d87e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a5137e26-7eb3-4ca3-a71c-76ae02c4d87e:indexpattern-datasource-layer-1f0830ca-67f7-48e3-8356-4495026c941d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "be9c0fc3-1504-436e-83cb-785090ed450e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "be9c0fc3-1504-436e-83cb-785090ed450e:indexpattern-datasource-layer-4315e942-ba49-474d-af76-6710ec550ad6", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Consolidated Event", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "b11261c4-5064-4f70-9297-35e354c35e59:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b11261c4-5064-4f70-9297-35e354c35e59:indexpattern-datasource-layer-0fcbd198-453c-4d42-9e5d-4920321e8cbb", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "eaaaa9e9-fc9b-448c-88a6-9404e44b45ad:indexpattern-datasource-layer-5534c705-73de-4482-818b-4b48acea0af1", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "14f54d7b-75bc-44eb-a15f-c79876f5edb4:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "14f54d7b-75bc-44eb-a15f-c79876f5edb4:indexpattern-datasource-layer-fe14132b-14b3-40e4-9b9e-7c4b3d3d2b77", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "bb7a6391-3a3a-40c2-b32d-9b7bc3b5916f:indexpattern-datasource-layer-266b7fe0-231d-4c2a-973a-fc88a87f6b0e", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "507ca4af-c48a-43e3-9aa2-79ff68ba7eaf:indexpattern-datasource-layer-ef2e966e-52e1-4aa5-97d4-4f415bd80272", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "fc2be34f-5ce2-48cc-a36d-8102d13f888f:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "fc2be34f-5ce2-48cc-a36d-8102d13f888f:indexpattern-datasource-layer-9d0f1c67-8726-4c33-8c99-5c6616fd273c", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a0228300-da78-48a7-9d70-cc93670887b5:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a0228300-da78-48a7-9d70-cc93670887b5:indexpattern-datasource-layer-aba8c8ac-6e7f-4be4-8ea7-adb3c00a711f", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "0e21c3d8-a107-4c45-bb9e-c91763054347:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "0e21c3d8-a107-4c45-bb9e-c91763054347:indexpattern-datasource-layer-11172da2-6f42-47a4-b1f4-cdbf8afdedd0", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "466b3df7-c128-470a-b24e-c83257b58e86:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "466b3df7-c128-470a-b24e-c83257b58e86:indexpattern-datasource-layer-17b5a5b0-ab60-4ac9-918d-1471b17fc36a", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "dca786a1-5cf1-432b-b645-65378e3c4249:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "dca786a1-5cf1-432b-b645-65378e3c4249:indexpattern-datasource-layer-cd9e61a8-35d1-4605-b150-d09bf82d3f00", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d895fb3d-f0c0-42b3-81c9-b41e0de21b8f:indexpattern-datasource-layer-1f0830ca-67f7-48e3-8356-4495026c941d", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ab44d98a-a6f9-46db-93b5-8d982bb8164d:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ab44d98a-a6f9-46db-93b5-8d982bb8164d:indexpattern-datasource-layer-4315e942-ba49-474d-af76-6710ec550ad6", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json index 67c8f0b3f27..2e8d028f55c 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a.json @@ -1,1077 +1,1107 @@ { - "id": "cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc1MiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "mail_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "mail_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "779692f9-3e0c-4c4b-833f-ab67b6d44a95": { - "columnOrder": [ - "011d4b64-1db3-447f-896e-a198dd74186c", - "ae49f917-e61b-4cd6-b8fc-998b0802347d" - ], - "columns": { - "011d4b64-1db3-447f-896e-a198dd74186c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ae49f917-e61b-4cd6-b8fc-998b0802347d", - "type": "column" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.severity" + "type": "phrase" }, - "ae49f917-e61b-4cd6-b8fc-998b0802347d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "011d4b64-1db3-447f-896e-a198dd74186c" - ], - "layerId": "779692f9-3e0c-4c4b-833f-ab67b6d44a95", - "layerType": "data", - "legendDisplay": "default", - "metric": "ae49f917-e61b-4cd6-b8fc-998b0802347d", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-779692f9-3e0c-4c4b-833f-ab67b6d44a95", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "964bf5b0-a59e-4378-856a-850bdfbad7bc", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "964bf5b0-a59e-4378-856a-850bdfbad7bc", - "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "28af0ace-bcd2-4e99-89aa-b01cac4be65f": { - "columnOrder": [ - "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", - "02da5f04-8364-4341-b24b-4e381bde6404" - ], - "columns": { - "02da5f04-8364-4341-b24b-4e381bde6404": { - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + }, + { + "$state": { + "store": "appState" }, - "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Receiver", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", - "type": "column" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "mail_logs" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "mail_logs" + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "columns": [ - { - "columnId": "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", - "isTransposed": false - }, - { - "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", - "isTransposed": false - } ], - "layerId": "28af0ace-bcd2-4e99-89aa-b01cac4be65f", - "layerType": "data" - } - }, - "title": "Top 10 Receivers [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-28af0ace-bcd2-4e99-89aa-b01cac4be65f", - "type": "index-pattern" - } - ] - } + "query": { + "language": "kuery", + "query": "" + } + } }, - "gridData": { - "h": 15, - "i": "a86df19f-3670-4f11-8c65-6f2a15ce360e", - "w": 24, - "x": 24, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "a86df19f-3670-4f11-8c65-6f2a15ce360e", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791": { - "columnOrder": [ - "775a45ba-8734-4350-9286-e0de448cbae2", - "e60ae8dd-f8ee-4d28-9051-64158ea09998" - ], - "columns": { - "775a45ba-8734-4350-9286-e0de448cbae2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object Attribute", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e60ae8dd-f8ee-4d28-9051-64158ea09998", - "type": "column" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-779692f9-3e0c-4c4b-833f-ab67b6d44a95", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "779692f9-3e0c-4c4b-833f-ab67b6d44a95": { + "columnOrder": [ + "011d4b64-1db3-447f-896e-a198dd74186c", + "ae49f917-e61b-4cd6-b8fc-998b0802347d" + ], + "columns": { + "011d4b64-1db3-447f-896e-a198dd74186c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ae49f917-e61b-4cd6-b8fc-998b0802347d", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.severity" + }, + "ae49f917-e61b-4cd6-b8fc-998b0802347d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object_attr" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "011d4b64-1db3-447f-896e-a198dd74186c" + ], + "layerId": "779692f9-3e0c-4c4b-833f-ab67b6d44a95", + "layerType": "data", + "legendDisplay": "default", + "metric": "ae49f917-e61b-4cd6-b8fc-998b0802347d", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "e60ae8dd-f8ee-4d28-9051-64158ea09998": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "gridData": { + "h": 15, + "i": "84658986-805d-4e91-b0f6-b5b24a74872f", + "w": 24, + "x": 0, + "y": 0 }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "panelIndex": "84658986-805d-4e91-b0f6-b5b24a74872f", + "title": "Distribution of Text Mail Events by Severity [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-28af0ace-bcd2-4e99-89aa-b01cac4be65f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "28af0ace-bcd2-4e99-89aa-b01cac4be65f": { + "columnOrder": [ + "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", + "02da5f04-8364-4341-b24b-4e381bde6404" + ], + "columns": { + "02da5f04-8364-4341-b24b-4e381bde6404": { + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Receiver", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "a5bedf0e-5e8a-4fb3-9be5-0980e2e39cca", + "isTransposed": false + }, + { + "columnId": "02da5f04-8364-4341-b24b-4e381bde6404", + "isTransposed": false + } + ], + "layerId": "28af0ace-bcd2-4e99-89aa-b01cac4be65f", + "layerType": "data" + } + }, + "title": "Top 10 Receivers [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - "layers": [ - { - "accessors": [ - "e60ae8dd-f8ee-4d28-9051-64158ea09998" - ], - "layerId": "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "775a45ba-8734-4350-9286-e0de448cbae2" - } - ], - "legend": { - "isVisible": true, - "position": "right" + "gridData": { + "h": 15, + "i": "8b9ae093-afa8-401b-afde-821faf2eb1c4", + "w": 24, + "x": 24, + "y": 0 }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "panelIndex": "8b9ae093-afa8-401b-afde-821faf2eb1c4", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791": { + "columnOrder": [ + "775a45ba-8734-4350-9286-e0de448cbae2", + "e60ae8dd-f8ee-4d28-9051-64158ea09998" + ], + "columns": { + "775a45ba-8734-4350-9286-e0de448cbae2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Attribute", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e60ae8dd-f8ee-4d28-9051-64158ea09998", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object_attr" + }, + "e60ae8dd-f8ee-4d28-9051-64158ea09998": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e60ae8dd-f8ee-4d28-9051-64158ea09998" + ], + "layerId": "dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "775a45ba-8734-4350-9286-e0de448cbae2" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "gridData": { + "h": 15, + "i": "e40b010c-c48f-4b2b-8b81-b6a34702b7f6", + "w": 24, + "x": 0, + "y": 15 }, - "yRightExtent": { - "mode": "full" - } - } + "panelIndex": "e40b010c-c48f-4b2b-8b81-b6a34702b7f6", + "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsXY", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "61bc30e5-ddc7-4603-ae82-1b9da098f1be", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "61bc30e5-ddc7-4603-ae82-1b9da098f1be", - "title": "Distribution of Text Mail Events by Object Attribute [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "28922e0d-d6e4-4a94-95f2-102ec6f181ac": { - "columnOrder": [ - "8a344e0b-f642-4c42-b815-60433dfbfbb9", - "c229ce5c-eb61-4540-853d-6cc2098ca1d2" - ], - "columns": { - "8a344e0b-f642-4c42-b815-60433dfbfbb9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Vendor Action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-28922e0d-d6e4-4a94-95f2-102ec6f181ac", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "28922e0d-d6e4-4a94-95f2-102ec6f181ac": { + "columnOrder": [ + "8a344e0b-f642-4c42-b815-60433dfbfbb9", + "c229ce5c-eb61-4540-853d-6cc2098ca1d2" + ], + "columns": { + "8a344e0b-f642-4c42-b815-60433dfbfbb9": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Vendor Action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.vendor_action" + }, + "c229ce5c-eb61-4540-853d-6cc2098ca1d2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.vendor_action" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "8a344e0b-f642-4c42-b815-60433dfbfbb9" + ], + "layerId": "28922e0d-d6e4-4a94-95f2-102ec6f181ac", + "layerType": "data", + "legendDisplay": "default", + "metric": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "c229ce5c-eb61-4540-853d-6cc2098ca1d2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "8a344e0b-f642-4c42-b815-60433dfbfbb9" - ], - "layerId": "28922e0d-d6e4-4a94-95f2-102ec6f181ac", - "layerType": "data", - "legendDisplay": "default", - "metric": "c229ce5c-eb61-4540-853d-6cc2098ca1d2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "98979b0e-0141-46ac-9255-ff35331f8fce", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "98979b0e-0141-46ac-9255-ff35331f8fce", + "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-28922e0d-d6e4-4a94-95f2-102ec6f181ac", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "836dd851-3cec-4eb5-8995-651105e410f9", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "836dd851-3cec-4eb5-8995-651105e410f9", - "title": "Distribution of Text Mail Events by Vendor Action [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": null, - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "103310a0-a5d9-4d8c-b1da-a8c57e13a563": { - "columnOrder": [ - "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa", - "1a58cfa2-a182-4a3f-8636-14e9474aa0ea" - ], - "columns": { - "1a58cfa2-a182-4a3f-8636-14e9474aa0ea": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Connection Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": null, + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.connection_status" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa" - ], - "layerId": "103310a0-a5d9-4d8c-b1da-a8c57e13a563", - "layerType": "data", - "legendDisplay": "default", - "metric": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-103310a0-a5d9-4d8c-b1da-a8c57e13a563", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 16, - "i": "941b0a19-c57b-4888-bfc5-766bc30fe2fb", - "w": 17, - "x": 0, - "y": 30 - }, - "panelIndex": "941b0a19-c57b-4888-bfc5-766bc30fe2fb", - "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "71b0750f-93db-4016-9294-b408f583b750": { - "columnOrder": [ - "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b", - "45bb21c7-aa5f-4d67-a537-c878b32f0f23" - ], - "columns": { - "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Message Status", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-103310a0-a5d9-4d8c-b1da-a8c57e13a563", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "103310a0-a5d9-4d8c-b1da-a8c57e13a563": { + "columnOrder": [ + "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa", + "1a58cfa2-a182-4a3f-8636-14e9474aa0ea" + ], + "columns": { + "1a58cfa2-a182-4a3f-8636-14e9474aa0ea": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connection Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.connection_status" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.message_status" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "76d8af3a-1ff0-49d6-91a8-0b1cc16ce6fa" + ], + "layerId": "103310a0-a5d9-4d8c-b1da-a8c57e13a563", + "layerType": "data", + "legendDisplay": "default", + "metric": "1a58cfa2-a182-4a3f-8636-14e9474aa0ea", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "45bb21c7-aa5f-4d67-a537-c878b32f0f23": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b" - ], - "layerId": "71b0750f-93db-4016-9294-b408f583b750", - "layerType": "data", - "legendDisplay": "default", - "metric": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "052d31f8-d750-4a0f-abb7-36976428b14c", + "w": 17, + "x": 0, + "y": 30 + }, + "panelIndex": "052d31f8-d750-4a0f-abb7-36976428b14c", + "title": "Distribution of Text Mail Events by Connection Status [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-71b0750f-93db-4016-9294-b408f583b750", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 16, - "i": "c550d9bb-f49b-420d-a583-96785a91f1d4", - "w": 15, - "x": 17, - "y": 30 - }, - "panelIndex": "c550d9bb-f49b-420d-a583-96785a91f1d4", - "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4": { - "columnOrder": [ - "90afc0e9-dee1-46ee-8e96-31602ed929cb", - "f0096080-5bb8-4acd-b43d-a5d459fbae24" - ], - "columns": { - "90afc0e9-dee1-46ee-8e96-31602ed929cb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Network Protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f0096080-5bb8-4acd-b43d-a5d459fbae24", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-71b0750f-93db-4016-9294-b408f583b750", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "71b0750f-93db-4016-9294-b408f583b750": { + "columnOrder": [ + "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b", + "45bb21c7-aa5f-4d67-a537-c878b32f0f23" + ], + "columns": { + "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Message Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.message_status" + }, + "45bb21c7-aa5f-4d67-a537-c878b32f0f23": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "13a1a6db-99d0-4b3d-a4cb-81539ecc9e0b" + ], + "layerId": "71b0750f-93db-4016-9294-b408f583b750", + "layerType": "data", + "legendDisplay": "default", + "metric": "45bb21c7-aa5f-4d67-a537-c878b32f0f23", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "f0096080-5bb8-4acd-b43d-a5d459fbae24": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "90afc0e9-dee1-46ee-8e96-31602ed929cb" - ], - "layerId": "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", - "layerType": "data", - "legendDisplay": "default", - "metric": "f0096080-5bb8-4acd-b43d-a5d459fbae24", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "fab8ddc8-7043-402c-b109-6a9a4f5b6693", + "w": 15, + "x": 17, + "y": 30 + }, + "panelIndex": "fab8ddc8-7043-402c-b109-6a9a4f5b6693", + "title": "Distribution of Text Mail Events by Message Status [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 16, - "i": "9421e841-9470-45c7-a3d4-7d4130a5c758", - "w": 16, - "x": 32, - "y": 30 - }, - "panelIndex": "9421e841-9470-45c7-a3d4-7d4130a5c758", - "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "78976d98-602b-49ed-9fad-c111e8dd5d9c": { - "columnOrder": [ - "1246cdaf-b072-4a40-9ecc-4f0a83910265", - "a46515d5-4b24-47ee-bb4e-673b0c46d4db" - ], - "columns": { - "1246cdaf-b072-4a40-9ecc-4f0a83910265": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "DNS Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "dns.question.name" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4": { + "columnOrder": [ + "90afc0e9-dee1-46ee-8e96-31602ed929cb", + "f0096080-5bb8-4acd-b43d-a5d459fbae24" + ], + "columns": { + "90afc0e9-dee1-46ee-8e96-31602ed929cb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Network Protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f0096080-5bb8-4acd-b43d-a5d459fbae24", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "f0096080-5bb8-4acd-b43d-a5d459fbae24": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "90afc0e9-dee1-46ee-8e96-31602ed929cb" + ], + "layerId": "cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", + "layerType": "data", + "legendDisplay": "default", + "metric": "f0096080-5bb8-4acd-b43d-a5d459fbae24", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "a46515d5-4b24-47ee-bb4e-673b0c46d4db": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "1246cdaf-b072-4a40-9ecc-4f0a83910265", - "isTransposed": false - }, - { - "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", - "isTransposed": false - } - ], - "layerId": "78976d98-602b-49ed-9fad-c111e8dd5d9c", - "layerType": "data" - } + "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 16, + "i": "85b0afb5-c33a-4335-834f-da061bafeaa9", + "w": 16, + "x": 32, + "y": 30 + }, + "panelIndex": "85b0afb5-c33a-4335-834f-da061bafeaa9", + "title": "Distribution of Text Mail Events by Network Protocol [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 DNS Host [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-78976d98-602b-49ed-9fad-c111e8dd5d9c", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c", - "w": 24, - "x": 0, - "y": 46 - }, - "panelIndex": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441": { - "columnOrder": [ - "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8", - "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" - ], - "columns": { - "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Object", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-78976d98-602b-49ed-9fad-c111e8dd5d9c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "78976d98-602b-49ed-9fad-c111e8dd5d9c": { + "columnOrder": [ + "1246cdaf-b072-4a40-9ecc-4f0a83910265", + "a46515d5-4b24-47ee-bb4e-673b0c46d4db" + ], + "columns": { + "1246cdaf-b072-4a40-9ecc-4f0a83910265": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "DNS Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "dns.question.name" + }, + "a46515d5-4b24-47ee-bb4e-673b0c46d4db": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.object" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "1246cdaf-b072-4a40-9ecc-4f0a83910265", + "isTransposed": false + }, + { + "columnId": "a46515d5-4b24-47ee-bb4e-673b0c46d4db", + "isTransposed": false + } + ], + "layerId": "78976d98-602b-49ed-9fad-c111e8dd5d9c", + "layerType": "data" + } }, - "9e9261cd-f646-4a17-acf9-b6fb69bf03e2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\" and cisco_secure_email_gateway.log.category.name : \"mail_logs\"" - }, - "visualization": { - "columns": [ - { - "columnId": "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8" - }, - { - "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" - } - ], - "layerId": "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", - "layerType": "data" - } + "title": "Top 10 DNS Host [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4d96cc3b-5e54-4578-b871-90e829db73b3", + "w": 24, + "x": 0, + "y": 46 + }, + "panelIndex": "4d96cc3b-5e54-4578-b871-90e829db73b3", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Object [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", - "type": "index-pattern" - } - ] - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441": { + "columnOrder": [ + "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8", + "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" + ], + "columns": { + "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.object" + }, + "9e9261cd-f646-4a17-acf9-b6fb69bf03e2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "79fb3bd8-2d7a-461e-8c28-0f8bec664fd8" + }, + { + "columnId": "9e9261cd-f646-4a17-acf9-b6fb69bf03e2" + } + ], + "layerId": "e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", + "layerType": "data" + } + }, + "title": "Top 10 Object [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "10dd75c7-8183-42c1-9764-ab93e45fa546", + "w": 24, + "x": 24, + "y": 46 + }, + "panelIndex": "10dd75c7-8183-42c1-9764-ab93e45fa546", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Text Mail", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-c19f7c50-b05b-11ec-8a45-8d83ac55242a", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "84658986-805d-4e91-b0f6-b5b24a74872f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "48a59710-7086-459f-abef-72604a666d20", - "w": 24, - "x": 24, - "y": 46 + { + "id": "logs-*", + "name": "84658986-805d-4e91-b0f6-b5b24a74872f:indexpattern-datasource-layer-779692f9-3e0c-4c4b-833f-ab67b6d44a95", + "type": "index-pattern" }, - "panelIndex": "48a59710-7086-459f-abef-72604a666d20", - "type": "lens", - "version": "7.16.0" - } + { + "id": "logs-*", + "name": "8b9ae093-afa8-401b-afde-821faf2eb1c4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8b9ae093-afa8-401b-afde-821faf2eb1c4:indexpattern-datasource-layer-28af0ace-bcd2-4e99-89aa-b01cac4be65f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e40b010c-c48f-4b2b-8b81-b6a34702b7f6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e40b010c-c48f-4b2b-8b81-b6a34702b7f6:indexpattern-datasource-layer-dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "98979b0e-0141-46ac-9255-ff35331f8fce:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "98979b0e-0141-46ac-9255-ff35331f8fce:indexpattern-datasource-layer-28922e0d-d6e4-4a94-95f2-102ec6f181ac", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "052d31f8-d750-4a0f-abb7-36976428b14c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "052d31f8-d750-4a0f-abb7-36976428b14c:indexpattern-datasource-layer-103310a0-a5d9-4d8c-b1da-a8c57e13a563", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fab8ddc8-7043-402c-b109-6a9a4f5b6693:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fab8ddc8-7043-402c-b109-6a9a4f5b6693:indexpattern-datasource-layer-71b0750f-93db-4016-9294-b408f583b750", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85b0afb5-c33a-4335-834f-da061bafeaa9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85b0afb5-c33a-4335-834f-da061bafeaa9:indexpattern-datasource-layer-cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4d96cc3b-5e54-4578-b871-90e829db73b3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4d96cc3b-5e54-4578-b871-90e829db73b3:indexpattern-datasource-layer-78976d98-602b-49ed-9fad-c111e8dd5d9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "10dd75c7-8183-42c1-9764-ab93e45fa546:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "10dd75c7-8183-42c1-9764-ab93e45fa546:indexpattern-datasource-layer-e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Text Mail", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "964bf5b0-a59e-4378-856a-850bdfbad7bc:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "964bf5b0-a59e-4378-856a-850bdfbad7bc:indexpattern-datasource-layer-779692f9-3e0c-4c4b-833f-ab67b6d44a95", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a86df19f-3670-4f11-8c65-6f2a15ce360e:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a86df19f-3670-4f11-8c65-6f2a15ce360e:indexpattern-datasource-layer-28af0ace-bcd2-4e99-89aa-b01cac4be65f", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "61bc30e5-ddc7-4603-ae82-1b9da098f1be:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "61bc30e5-ddc7-4603-ae82-1b9da098f1be:indexpattern-datasource-layer-dc14a7c6-0c0a-4d2d-9d1a-3ab5f9b79791", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "836dd851-3cec-4eb5-8995-651105e410f9:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "836dd851-3cec-4eb5-8995-651105e410f9:indexpattern-datasource-layer-28922e0d-d6e4-4a94-95f2-102ec6f181ac", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "941b0a19-c57b-4888-bfc5-766bc30fe2fb:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "941b0a19-c57b-4888-bfc5-766bc30fe2fb:indexpattern-datasource-layer-103310a0-a5d9-4d8c-b1da-a8c57e13a563", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c550d9bb-f49b-420d-a583-96785a91f1d4:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c550d9bb-f49b-420d-a583-96785a91f1d4:indexpattern-datasource-layer-71b0750f-93db-4016-9294-b408f583b750", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "9421e841-9470-45c7-a3d4-7d4130a5c758:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "9421e841-9470-45c7-a3d4-7d4130a5c758:indexpattern-datasource-layer-cd41a4ab-14cf-4d2d-b6b1-d02e3d1ee5a4", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "acadb1ad-19bb-41e8-9c5e-7d62b4cf8f6c:indexpattern-datasource-layer-78976d98-602b-49ed-9fad-c111e8dd5d9c", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "48a59710-7086-459f-abef-72604a666d20:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "48a59710-7086-459f-abef-72604a666d20:indexpattern-datasource-layer-e1b7b06d-61e8-4cfa-801f-e3bc0b1fa441", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json index 58df3f70e41..733498e3490 100644 --- a/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json +++ b/packages/cisco_secure_email_gateway/kibana/dashboard/cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a.json @@ -1,492 +1,517 @@ { - "id": "cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T09:31:04.682Z", - "version": "Wzc1MywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cisco_secure_email_gateway.log.category.name", - "negate": false, - "params": { - "query": "bounces" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "cisco_secure_email_gateway.log.category.name": "bounces" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f59bf14d-1826-4672-a636-96713e17bf3d": { - "columnOrder": [ - "c5045d93-c903-4f4f-a653-1ee275ee5f1f", - "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c" - ], - "columns": { - "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "c5045d93-c903-4f4f-a653-1ee275ee5f1f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Bounce Type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", - "type": "column" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cisco_secure_email_gateway.log" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cisco_secure_email_gateway.log.bounce_type" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cisco_secure_email_gateway.log" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c5045d93-c903-4f4f-a653-1ee275ee5f1f" - ], - "layerId": "f59bf14d-1826-4672-a636-96713e17bf3d", - "layerType": "data", - "legendDisplay": "default", - "metric": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Distribution of Bounce Events by Bounce type [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsPie", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f59bf14d-1826-4672-a636-96713e17bf3d", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "639d7ded-5352-4627-beb3-eb311f3318d8", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "639d7ded-5352-4627-beb3-eb311f3318d8", - "title": "Distribution of Bounce Events by Bounce Type [Logs Cisco Secure Email Gateway]", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5283a6c5-2dfa-4758-99c0-567b3c5b187c": { - "columnOrder": [ - "c606b455-7a81-4667-9520-2ae212768375", - "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe" - ], - "columns": { - "c606b455-7a81-4667-9520-2ae212768375": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Sender", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", - "type": "column" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "cisco_secure_email_gateway.log.category.name", + "negate": false, + "params": { + "query": "bounces" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.from.address" + "type": "phrase" }, - "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "query": { + "match_phrase": { + "cisco_secure_email_gateway.log.category.name": "bounces" + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "c606b455-7a81-4667-9520-2ae212768375", - "isTransposed": false - }, - { - "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", - "isTransposed": false - } ], - "layerId": "5283a6c5-2dfa-4758-99c0-567b3c5b187c", - "layerType": "data" - } - }, - "title": "Top 10 Sender [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-5283a6c5-2dfa-4758-99c0-567b3c5b187c", - "type": "index-pattern" - } - ] - } + "query": { + "language": "kuery", + "query": "" + } + } }, - "gridData": { - "h": 15, - "i": "85d72fcb-35a5-469f-b27d-1fb5e82ca891", - "w": 24, - "x": 24, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "useMargins": true }, - "panelIndex": "85d72fcb-35a5-469f-b27d-1fb5e82ca891", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1aef4ea3-e481-42a1-b355-8c667e236324": { - "columnOrder": [ - "50a245e4-241d-429f-b5c4-c7144eb4f76c", - "0ec405bd-21bc-49e3-a131-7e54edae86db" - ], - "columns": { - "0ec405bd-21bc-49e3-a131-7e54edae86db": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f59bf14d-1826-4672-a636-96713e17bf3d", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f59bf14d-1826-4672-a636-96713e17bf3d": { + "columnOrder": [ + "c5045d93-c903-4f4f-a653-1ee275ee5f1f", + "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c" + ], + "columns": { + "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c5045d93-c903-4f4f-a653-1ee275ee5f1f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Bounce Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cisco_secure_email_gateway.log.bounce_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "c5045d93-c903-4f4f-a653-1ee275ee5f1f" + ], + "layerId": "f59bf14d-1826-4672-a636-96713e17bf3d", + "layerType": "data", + "legendDisplay": "default", + "metric": "5d32e55d-1a69-4e1c-a42e-e3cc5302a77c", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - "50a245e4-241d-429f-b5c4-c7144eb4f76c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Receiver", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", - "type": "column" + "title": "Distribution of Bounce Events by Bounce type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "f6b0be38-d879-4cbe-bbbc-e4d270f7bc46", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "f6b0be38-d879-4cbe-bbbc-e4d270f7bc46", + "title": "Distribution of Bounce Events by Bounce Type [Logs Cisco Secure Email Gateway]", + "type": "lens", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "50a245e4-241d-429f-b5c4-c7144eb4f76c", - "isTransposed": false - }, - { - "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", - "isTransposed": false - } - ], - "layerId": "1aef4ea3-e481-42a1-b355-8c667e236324", - "layerType": "data" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5283a6c5-2dfa-4758-99c0-567b3c5b187c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5283a6c5-2dfa-4758-99c0-567b3c5b187c": { + "columnOrder": [ + "c606b455-7a81-4667-9520-2ae212768375", + "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe" + ], + "columns": { + "c606b455-7a81-4667-9520-2ae212768375": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Sender", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.from.address" + }, + "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "c606b455-7a81-4667-9520-2ae212768375", + "isTransposed": false + }, + { + "columnId": "f4dacf24-f68a-4415-b82a-a2a6e3a1b3fe", + "isTransposed": false + } + ], + "layerId": "5283a6c5-2dfa-4758-99c0-567b3c5b187c", + "layerType": "data" + } + }, + "title": "Top 10 Sender [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3fe190ce-7ea8-46e7-8ca2-d77517c844cf", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "3fe190ce-7ea8-46e7-8ca2-d77517c844cf", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Receiver [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1aef4ea3-e481-42a1-b355-8c667e236324", - "type": "index-pattern" - } - ] - } - }, - "gridData": { - "h": 15, - "i": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3", - "type": "lens", - "version": "7.16.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d9f68bb4-618e-4b30-814c-201e302ee9c9": { - "columnOrder": [ - "869adebc-36ff-411a-b8c0-b324b1faa097", - "e91fac87-d093-46e6-8ca9-65ed84915897" - ], - "columns": { - "869adebc-36ff-411a-b8c0-b324b1faa097": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Reason", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897", - "type": "column" + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1aef4ea3-e481-42a1-b355-8c667e236324", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1aef4ea3-e481-42a1-b355-8c667e236324": { + "columnOrder": [ + "50a245e4-241d-429f-b5c4-c7144eb4f76c", + "0ec405bd-21bc-49e3-a131-7e54edae86db" + ], + "columns": { + "0ec405bd-21bc-49e3-a131-7e54edae86db": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "50a245e4-241d-429f-b5c4-c7144eb4f76c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Receiver", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.reason" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "50a245e4-241d-429f-b5c4-c7144eb4f76c", + "isTransposed": false + }, + { + "columnId": "0ec405bd-21bc-49e3-a131-7e54edae86db", + "isTransposed": false + } + ], + "layerId": "1aef4ea3-e481-42a1-b355-8c667e236324", + "layerType": "data" + } }, - "e91fac87-d093-46e6-8ca9-65ed84915897": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"cisco_secure_email_gateway.log\"" - }, - "visualization": { - "columns": [ - { - "columnId": "869adebc-36ff-411a-b8c0-b324b1faa097" - }, - { - "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897" - } - ], - "layerId": "d9f68bb4-618e-4b30-814c-201e302ee9c9", - "layerType": "data" - } + "title": "Top 10 Receiver [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e7d34b3e-12c5-440d-9ea2-438e1352b057", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "e7d34b3e-12c5-440d-9ea2-438e1352b057", + "type": "lens", + "version": "7.17.0" }, - "title": "Top 10 Reason [Logs Cisco Secure Email Gateway]", - "visualizationType": "lnsDatatable", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d9f68bb4-618e-4b30-814c-201e302ee9c9", - "type": "index-pattern" - } - ] - } + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d9f68bb4-618e-4b30-814c-201e302ee9c9", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d9f68bb4-618e-4b30-814c-201e302ee9c9": { + "columnOrder": [ + "869adebc-36ff-411a-b8c0-b324b1faa097", + "e91fac87-d093-46e6-8ca9-65ed84915897" + ], + "columns": { + "869adebc-36ff-411a-b8c0-b324b1faa097": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Reason", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "event.reason" + }, + "e91fac87-d093-46e6-8ca9-65ed84915897": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "869adebc-36ff-411a-b8c0-b324b1faa097" + }, + { + "columnId": "e91fac87-d093-46e6-8ca9-65ed84915897" + } + ], + "layerId": "d9f68bb4-618e-4b30-814c-201e302ee9c9", + "layerType": "data" + } + }, + "title": "Top 10 Reason [Logs Cisco Secure Email Gateway]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "9adaf2b0-8019-48fa-ae57-e128c6c8923c", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "9adaf2b0-8019-48fa-ae57-e128c6c8923c", + "type": "lens", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Logs Cisco Secure Email Gateway] Bounce", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_secure_email_gateway-c94a00a0-b0a7-11ec-8a45-8d83ac55242a", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" }, - "gridData": { - "h": 15, - "i": "78094ff3-8433-4298-9b15-cde20f055619", - "w": 24, - "x": 24, - "y": 15 + { + "id": "logs-*", + "name": "f6b0be38-d879-4cbe-bbbc-e4d270f7bc46:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "78094ff3-8433-4298-9b15-cde20f055619", - "type": "lens", - "version": "7.16.0" - } + { + "id": "logs-*", + "name": "f6b0be38-d879-4cbe-bbbc-e4d270f7bc46:indexpattern-datasource-layer-f59bf14d-1826-4672-a636-96713e17bf3d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3fe190ce-7ea8-46e7-8ca2-d77517c844cf:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3fe190ce-7ea8-46e7-8ca2-d77517c844cf:indexpattern-datasource-layer-5283a6c5-2dfa-4758-99c0-567b3c5b187c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e7d34b3e-12c5-440d-9ea2-438e1352b057:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e7d34b3e-12c5-440d-9ea2-438e1352b057:indexpattern-datasource-layer-1aef4ea3-e481-42a1-b355-8c667e236324", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9adaf2b0-8019-48fa-ae57-e128c6c8923c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9adaf2b0-8019-48fa-ae57-e128c6c8923c:indexpattern-datasource-layer-d9f68bb4-618e-4b30-814c-201e302ee9c9", + "type": "index-pattern" + } ], - "timeRestore": false, - "title": "[Logs Cisco Secure Email Gateway] Bounce", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "639d7ded-5352-4627-beb3-eb311f3318d8:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "639d7ded-5352-4627-beb3-eb311f3318d8:indexpattern-datasource-layer-f59bf14d-1826-4672-a636-96713e17bf3d", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "85d72fcb-35a5-469f-b27d-1fb5e82ca891:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "85d72fcb-35a5-469f-b27d-1fb5e82ca891:indexpattern-datasource-layer-5283a6c5-2dfa-4758-99c0-567b3c5b187c", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "645dd140-f2d1-4fe1-974e-d45f57bfb3a3:indexpattern-datasource-layer-1aef4ea3-e481-42a1-b355-8c667e236324", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "78094ff3-8433-4298-9b15-cde20f055619:indexpattern-datasource-current-indexpattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "78094ff3-8433-4298-9b15-cde20f055619:indexpattern-datasource-layer-d9f68bb4-618e-4b30-814c-201e302ee9c9", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.17.0" - }, - "coreMigrationVersion": "7.17.0" + "type": "dashboard" } \ No newline at end of file diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index 07fdbec1234..6320e9129a1 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: "1.2.1" +version: "1.3.0" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration From cb61659f7d75094286086074316b3ebed684a59c Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 22 Nov 2022 14:12:09 +0530 Subject: [PATCH 083/103] hid_bravura upgraded to 8.1.0 as agg failed --- .../data_stream/log/sample_event.json | 34 +- packages/hid_bravura_monitor/docs/README.md | 34 +- ...-0665f160-f956-11eb-a1ab-1964dffd1499.json | 874 ++++---- ...-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json | 640 +++--- ...-1a431f90-fa01-11eb-a1ab-1964dffd1499.json | 432 ++-- ...-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json | 1400 ++++++------- ...-28db2060-fa02-11eb-a1ab-1964dffd1499.json | 1002 ++++----- ...-3f403100-f9f4-11eb-a1ab-1964dffd1499.json | 640 +++--- ...-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json | 894 ++++---- ...-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json | 398 ++-- ...-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json | 496 ++--- ...-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json | 810 ++++---- ...-578cb360-f9f3-11eb-a1ab-1964dffd1499.json | 582 +++--- ...-6ebde770-fa02-11eb-a1ab-1964dffd1499.json | 456 ++-- ...-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json | 1290 ++++++------ ...-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json | 536 ++--- ...-91029280-0520-11ec-853c-2bf1ec8ddeef.json | 1796 ++++++++-------- ...-a8739000-f9fd-11eb-a1ab-1964dffd1499.json | 1228 +++++------ ...-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json | 696 +++---- ...-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json | 792 +++---- ...-b66f3780-fa03-11eb-a1ab-1964dffd1499.json | 724 +++---- ...-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json | 868 ++++---- ...-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json | 1036 +++++----- ...-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json | 1144 +++++----- ...-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json | 752 +++---- ...-d3a33820-fa02-11eb-a1ab-1964dffd1499.json | 1840 ++++++++--------- ...-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json | 1480 ++++++------- ...-db22d850-fa00-11eb-a1ab-1964dffd1499.json | 660 +++--- ...-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json | 812 ++++---- ...-f8112090-fa03-11eb-a1ab-1964dffd1499.json | 796 +++---- packages/hid_bravura_monitor/manifest.yml | 2 +- 31 files changed, 12570 insertions(+), 12574 deletions(-) diff --git a/packages/hid_bravura_monitor/data_stream/log/sample_event.json b/packages/hid_bravura_monitor/data_stream/log/sample_event.json index 6fe784ec826..22d04246755 100644 --- a/packages/hid_bravura_monitor/data_stream/log/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/log/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2021-01-16T00:35:25.258Z", "agent": { - "ephemeral_id": "00124c53-af5e-4d5f-818c-ff189690109e", - "hostname": "docker-fleet-agent", - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", + "ephemeral_id": "fa387b80-fca3-4488-ac1b-460792f3a8ea", + "id": "02ab444e-ca97-437b-85dc-d580f055047c", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.0" + "version": "8.1.0" }, "data_stream": { "dataset": "hid_bravura_monitor.log", @@ -17,14 +16,14 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", - "snapshot": true, - "version": "7.16.0" + "id": "02ab444e-ca97-437b-85dc-d580f055047c", + "snapshot": false, + "version": "8.1.0" }, "event": { "agent_id_status": "verified", "dataset": "hid_bravura_monitor.log", - "ingested": "2021-10-29T18:19:35Z", + "ingested": "2022-11-22T08:13:24Z", "original": "\u00182021-01-16 00:35:25.258.7085 - [] pamlws.exe [44408,52004] Error: LWS [HID-TEST] foundcomputer record not found", "timezone": "UTC" }, @@ -36,24 +35,23 @@ }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "docker-fleet-agent", - "id": "3bfbf225479aac5f850ea38f5d9d8a02", "ip": [ - "192.168.192.7" + "172.29.0.7" ], "mac": [ - "02:42:c0:a8:c0:07" + "02:42:ac:1d:00:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.10.16.3-microsoft-standard-WSL2", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/hid_bravura_monitor/docs/README.md b/packages/hid_bravura_monitor/docs/README.md index b4d38848d76..cd712ccd4fe 100644 --- a/packages/hid_bravura_monitor/docs/README.md +++ b/packages/hid_bravura_monitor/docs/README.md @@ -155,12 +155,11 @@ An example event for `log` looks as following: { "@timestamp": "2021-01-16T00:35:25.258Z", "agent": { - "ephemeral_id": "00124c53-af5e-4d5f-818c-ff189690109e", - "hostname": "docker-fleet-agent", - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", + "ephemeral_id": "fa387b80-fca3-4488-ac1b-460792f3a8ea", + "id": "02ab444e-ca97-437b-85dc-d580f055047c", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.0" + "version": "8.1.0" }, "data_stream": { "dataset": "hid_bravura_monitor.log", @@ -171,14 +170,14 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", - "snapshot": true, - "version": "7.16.0" + "id": "02ab444e-ca97-437b-85dc-d580f055047c", + "snapshot": false, + "version": "8.1.0" }, "event": { "agent_id_status": "verified", "dataset": "hid_bravura_monitor.log", - "ingested": "2021-10-29T18:19:35Z", + "ingested": "2022-11-22T08:13:24Z", "original": "\u00182021-01-16 00:35:25.258.7085 - [] pamlws.exe [44408,52004] Error: LWS [HID-TEST] foundcomputer record not found", "timezone": "UTC" }, @@ -190,24 +189,23 @@ An example event for `log` looks as following: }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "docker-fleet-agent", - "id": "3bfbf225479aac5f850ea38f5d9d8a02", "ip": [ - "192.168.192.7" + "172.29.0.7" ], "mac": [ - "02:42:c0:a8:c0:07" + "02:42:ac:1d:00:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.10.16.3-microsoft-standard-WSL2", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json index 7ea889e4a26..d752dfe4bd3 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json @@ -1,456 +1,456 @@ { - "id": "hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzY5NCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "IDM Suite: Log issues histogram", - "description": "", - "uiState": { - "vis": { - "colors": { - "Error": "#BF1B00", - "Warning": "#E5AC0E" - } - } - }, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY2OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "IDM Suite: Errors/Warnings by node", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Log issues histogram", + "description": "", + "uiState": { + "vis": { + "colors": { + "Error": "#BF1B00", + "Warning": "#E5AC0E" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Instance", - "field": "agent.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 19, - "i": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", - "w": 16, - "x": 0, - "y": 15 - }, - "panelIndex": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "IDM Suite: Errors/Warnings by level", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "gridData": { + "h": 15, + "i": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Instance", + "field": "agent.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Level", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 19, - "i": "8b200051-1ac1-4008-b031-ba62127cb7b4", - "w": 16, - "x": 16, - "y": 15 - }, - "panelIndex": "8b200051-1ac1-4008-b031-ba62127cb7b4", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "IDM Suite: Errors/Warnings by process", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "gridData": { + "h": 19, + "i": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by level", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Level", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "8b200051-1ac1-4008-b031-ba62127cb7b4", + "w": 16, + "x": 16, + "y": 15 + }, + "panelIndex": "8b200051-1ac1-4008-b031-ba62127cb7b4", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by process", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 19, + "i": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", + "w": 16, + "x": 32, + "y": 15 + }, + "panelIndex": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Log issues - Summary", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" + }, + { + "type": "search", + "name": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" }, - "gridData": { - "h": 19, - "i": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", - "w": 16, - "x": 32, - "y": 15 + { + "type": "search", + "name": "8b200051-1ac1-4008-b031-ba62127cb7b4:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" }, - "panelIndex": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "search", + "name": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Log issues - Summary", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4:search_0", - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" - }, - { - "type": "search", - "name": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44:search_0", - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" - }, - { - "type": "search", - "name": "8b200051-1ac1-4008-b031-ba62127cb7b4:search_0", - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349:search_0", - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json index 69cd0ca9f4f..a7595635f20 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json @@ -1,335 +1,335 @@ { - "id": "hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzY5NSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Disabled Profiles", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Profile", - "field": "winlog.event_data.Profile", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "30", - "31" - ], - "type": "phrases", - "value": "30, 31" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "30" - } - }, - { - "match_phrase": { - "event.code": "31" - } - } - ] - } - } - } - ], + "id": "hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY2OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 26, - "i": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", - "w": 13, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Disabled Profiles Trend", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "line", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "30", - "31" - ], - "type": "phrases", - "value": "30, 31" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "30" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Disabled Profiles", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Profile", + "field": "winlog.event_data.Profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "30", + "31" + ], + "type": "phrases", + "value": "30, 31" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "30" + } + }, + { + "match_phrase": { + "event.code": "31" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } } - }, - { - "match_phrase": { - "event.code": "31" + } + } + }, + "gridData": { + "h": 26, + "i": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", + "w": 13, + "x": 0, + "y": 0 + }, + "panelIndex": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Disabled Profiles Trend", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "30", + "31" + ], + "type": "phrases", + "value": "30, 31" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "30" + } + }, + { + "match_phrase": { + "event.code": "31" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } } - } - ] - } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 26, + "i": "3b23d41e-170f-4423-8ba8-2971e9b68782", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "3b23d41e-170f-4423-8ba8-2971e9b68782", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Disabled Profiles", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, - "gridData": { - "h": 26, - "i": "3b23d41e-170f-4423-8ba8-2971e9b68782", - "w": 35, - "x": 13, - "y": 0 + { + "type": "index-pattern", + "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "3b23d41e-170f-4423-8ba8-2971e9b68782", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "search", + "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Disabled Profiles", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json index 78f470e0606..1ab28b10ea3 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json @@ -1,234 +1,234 @@ { - "id": "hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzY5NiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Discovery: Help", - "description": "", - "uiState": {}, - "params": { - "fontSize": 12, - "markdown": "Discovery stored procedures are involved with loading data from integrations ( Connectors and LWS ) into the product database to learn about changes in the environment we are managing Identities and Access in. \n\nSome general rules of thumbs:\n\n* LWS stored procdures need to be quick. None should take a second.\n* Iddiscover.exe stored procedures can run for much longer. Minutes to hours in large environments to process large changes in bulk. \n\nStrategies for improving the performance of these stored procedures include:\n\n* Rebuild fragmented database indexes\n* Review if database is low on RAM, CPU, or I/O bandwidth.\n\nIf you continue to encounter problems developers will require database execution plans to review the operation of these procedures. ", - "openLinksInNewTab": false - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { + "id": "hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 25, - "i": "6d898178-6f51-4199-ae7e-44bd35e60bc8", - "w": 12, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "6d898178-6f51-4199-ae7e-44bd35e60bc8", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Discovery procedures", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Discovery: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Discovery stored procedures are involved with loading data from integrations ( Connectors and LWS ) into the product database to learn about changes in the environment we are managing Identities and Access in. \n\nSome general rules of thumbs:\n\n* LWS stored procdures need to be quick. None should take a second.\n* Iddiscover.exe stored procedures can run for much longer. Minutes to hours in large environments to process large changes in bulk. \n\nStrategies for improving the performance of these stored procedures include:\n\n* Rebuild fragmented database indexes\n* Review if database is low on RAM, CPU, or I/O bandwidth.\n\nIf you continue to encounter problems developers will require database execution plans to review the operation of these procedures. ", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "gridData": { + "h": 25, + "i": "6d898178-6f51-4199-ae7e-44bd35e60bc8", + "w": 12, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "panelIndex": "6d898178-6f51-4199-ae7e-44bd35e60bc8", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Discovery procedures", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "split", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "gridData": { + "h": 25, + "i": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", + "w": 36, + "x": 12, + "y": 0 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" + "panelIndex": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 16, + "i": "70c9467e-31cb-4617-beab-2e7012046222", + "w": 48, + "x": 0, + "y": 25 }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "split", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "70c9467e-31cb-4617-beab-2e7012046222", + "panelRefName": "panel_2", + "version": "8.0.0" } - } - }, - "gridData": { - "h": 25, - "i": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", - "w": 36, - "x": 12, - "y": 0 - }, - "panelIndex": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "70c9467e-31cb-4617-beab-2e7012046222", - "w": 48, - "x": 0, - "y": 25 + ], + "timeRestore": false, + "title": "[Bravura Monitor] Database - Discovery", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa", + "name": "panel_2", + "type": "search" }, - "panelIndex": "70c9467e-31cb-4617-beab-2e7012046222", - "panelRefName": "panel_2", - "version": "8.0.0" - } + { + "type": "search", + "name": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee:search_0", + "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Discovery", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "search" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee:search_0", - "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json index 94a00f166f6..9954b580942 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json @@ -1,728 +1,728 @@ { - "id": "hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzY5NywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Problem Count", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 59, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 21, - "i": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", - "w": 10, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Problem Provider Distribution", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 59, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "field": "winlog.channel", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" + "gridData": { + "h": 21, + "i": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", + "w": 10, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 21, - "i": "31e162b4-565d-4dce-90f1-e0a43ed54a70", - "w": 38, - "x": 10, - "y": 0 - }, - "panelIndex": "31e162b4-565d-4dce-90f1-e0a43ed54a70", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "User Problem Distribution", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Provider Distribution", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "winlog.channel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "winlog.user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 21, + "i": "31e162b4-565d-4dce-90f1-e0a43ed54a70", + "w": 38, + "x": 10, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Severity", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 21, - "i": "21a44db8-a29a-4a18-b63e-ca0da9606909", - "w": 10, - "x": 0, - "y": 21 - }, - "panelIndex": "21a44db8-a29a-4a18-b63e-ca0da9606909", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Problem Heat Map", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] + "panelIndex": "31e162b4-565d-4dce-90f1-e0a43ed54a70", + "version": "8.0.0", + "type": "visualization" }, - "type": "heatmap", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Problem Distribution", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "winlog.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Severity", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 21, + "i": "21a44db8-a29a-4a18-b63e-ca0da9606909", + "w": 10, + "x": 0, + "y": 21 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 21, - "i": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", - "w": 38, - "x": 10, - "y": 21 - }, - "panelIndex": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Problem Events", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": 3, - "direction": "desc" - } - } - } - }, - "params": { - "perPage": 20, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "21a44db8-a29a-4a18-b63e-ca0da9606909", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Heat Map", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event ID", - "field": "winlog.event_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 21, + "i": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", + "w": 38, + "x": 10, + "y": 21 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Source", - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Event Log", - "field": "winlog.channel", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 27, - "i": "1494c062-2f24-4571-8e69-793a894392d7", - "w": 24, - "x": 0, - "y": 42 - }, - "panelIndex": "1494c062-2f24-4571-8e69-793a894392d7", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Problem Distribution", - "description": "", - "uiState": { - "vis": { - "colors": { - "error": "#EF843C", - "warning": "#EAB839" - } - } + "panelIndex": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Events", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 20, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event ID", + "field": "winlog.event_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Source", + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Event Log", + "field": "winlog.channel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 27, + "i": "1494c062-2f24-4571-8e69-793a894392d7", + "w": 24, + "x": 0, + "y": 42 + }, + "panelIndex": "1494c062-2f24-4571-8e69-793a894392d7", + "version": "8.0.0", + "type": "visualization" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Problem Distribution", + "description": "", + "uiState": { + "vis": { + "colors": { + "error": "#EF843C", + "warning": "#EAB839" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 27, + "i": "5fb347ad-ad70-4cfb-8023-f61468be8a07", + "w": 24, + "x": 24, + "y": 42 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "5fb347ad-ad70-4cfb-8023-f61468be8a07", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Windows Event Analysis - Problems", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" }, - "gridData": { - "h": 27, - "i": "5fb347ad-ad70-4cfb-8023-f61468be8a07", - "w": 24, - "x": 24, - "y": 42 + { + "type": "search", + "name": "31e162b4-565d-4dce-90f1-e0a43ed54a70:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" }, - "panelIndex": "5fb347ad-ad70-4cfb-8023-f61468be8a07", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "search", + "name": "21a44db8-a29a-4a18-b63e-ca0da9606909:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "1494c062-2f24-4571-8e69-793a894392d7:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "5fb347ad-ad70-4cfb-8023-f61468be8a07:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Windows Event Analysis - Problems", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f:search_0", - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "31e162b4-565d-4dce-90f1-e0a43ed54a70:search_0", - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "21a44db8-a29a-4a18-b63e-ca0da9606909:search_0", - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf:search_0", - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "1494c062-2f24-4571-8e69-793a894392d7:search_0", - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "5fb347ad-ad70-4cfb-8023-f61468be8a07:search_0", - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json index 683a8157096..14a564795c1 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json @@ -1,520 +1,520 @@ { - "id": "hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzY5OCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Discovery Runtimes", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of Duration (ms)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Sum of Duration (ms)" - }, - "type": "value" - } - ] - }, - "type": "line", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Sum of Duration (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "2021-01-11T07:00:00.000Z", - "to": "2021-01-18T07:00:00.000Z" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "psupdate.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "psupdate.exe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "27066e19-96ff-46db-989c-2ed0650bfb32", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "27066e19-96ff-46db-989c-2ed0650bfb32", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Discovery Events", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Discovery Runtimes", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of Duration (ms)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Sum of Duration (ms)" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sum of Duration (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2021-01-11T07:00:00.000Z", + "to": "2021-01-18T07:00:00.000Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psupdate.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psupdate.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "gridData": { + "h": 15, + "i": "27066e19-96ff-46db-989c-2ed0650bfb32", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "panelIndex": "27066e19-96ff-46db-989c-2ed0650bfb32", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Discovery Events", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "gridData": { + "h": 15, + "i": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", + "w": 24, + "x": 24, + "y": 15 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Discovery Runtime Table", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Runtime (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Discovery Runtime Table", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Runtime (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Discovery ID", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.exe", + "negate": false, + "params": { + "query": "psupdate.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.exe": "psupdate.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Discovery ID", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 15, + "i": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", + "w": 24, + "x": 0, + "y": 15 }, - { - "enabled": true, - "id": "4", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.exe", - "negate": false, - "params": { - "query": "psupdate.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.exe": "psupdate.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Discovery - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 15, - "i": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", - "w": 24, - "x": 0, - "y": 15 + { + "type": "search", + "name": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478:search_0", + "id": "hid_bravura_monitor-dd637750-1473-11eb-bb7b-bb041e8cf289" }, - "panelIndex": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Discovery - Summary", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478:search_0", - "id": "hid_bravura_monitor-dd637750-1473-11eb-bb7b-bb041e8cf289" - }, - { - "type": "index-pattern", - "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json index 30bc5af2fc7..c6d2adf28ad 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json @@ -1,335 +1,335 @@ { - "id": "hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzY5OSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Unlocked Profiles", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Profile", - "field": "winlog.event_data.Profile", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "32", - "33" - ], - "type": "phrases", - "value": "32, 33" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "32" - } - }, - { - "match_phrase": { - "event.code": "33" - } - } - ] - } - } - } - ], + "id": "hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 26, - "i": "292870cf-80ba-4071-ac33-6ddc10eef5ee", - "w": 13, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "292870cf-80ba-4071-ac33-6ddc10eef5ee", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Unlocked Profile Trend", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "line", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "32", - "33" - ], - "type": "phrases", - "value": "32, 33" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "32" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Unlocked Profiles", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Profile", + "field": "winlog.event_data.Profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "32", + "33" + ], + "type": "phrases", + "value": "32, 33" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "32" + } + }, + { + "match_phrase": { + "event.code": "33" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } } - }, - { - "match_phrase": { - "event.code": "33" + } + } + }, + "gridData": { + "h": 26, + "i": "292870cf-80ba-4071-ac33-6ddc10eef5ee", + "w": 13, + "x": 0, + "y": 0 + }, + "panelIndex": "292870cf-80ba-4071-ac33-6ddc10eef5ee", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unlocked Profile Trend", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "32", + "33" + ], + "type": "phrases", + "value": "32, 33" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "32" + } + }, + { + "match_phrase": { + "event.code": "33" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } } - } - ] - } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 26, + "i": "c81e1947-6ef2-4f8f-8497-c6defed48569", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "c81e1947-6ef2-4f8f-8497-c6defed48569", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Unlocked Profiles", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, - "gridData": { - "h": 26, - "i": "c81e1947-6ef2-4f8f-8497-c6defed48569", - "w": 35, - "x": 13, - "y": 0 + { + "type": "index-pattern", + "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "c81e1947-6ef2-4f8f-8497-c6defed48569", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "search", + "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Unlocked Profiles", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json index a184ad57502..8144504311c 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json @@ -1,469 +1,469 @@ { - "id": "hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwMCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Issues: Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 14, - "i": "aed09807-f936-4881-960d-30039d3fb5cd", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "aed09807-f936-4881-960d-30039d3fb5cd", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Issues: Nodes", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 20, - "i": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", - "w": 16, - "x": 0, - "y": 14 - }, - "panelIndex": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Issues: Processes", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "gridData": { + "h": 14, + "i": "aed09807-f936-4881-960d-30039d3fb5cd", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "aed09807-f936-4881-960d-30039d3fb5cd", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Nodes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", + "w": 16, + "x": 0, + "y": 14 + }, + "panelIndex": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Processes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 20, - "i": "ded4c445-2a0a-448c-9318-38b166d11d73", - "w": 16, - "x": 16, - "y": 14 - }, - "panelIndex": "ded4c445-2a0a-448c-9318-38b166d11d73", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Issues: Affected users", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "gridData": { + "h": 20, + "i": "ded4c445-2a0a-448c-9318-38b166d11d73", + "w": 16, + "x": 16, + "y": 14 + }, + "panelIndex": "ded4c445-2a0a-448c-9318-38b166d11d73", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Affected users", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Users", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "a58e223b-2453-4dcd-9de5-8a6101d9964d", + "w": 16, + "x": 32, + "y": 14 + }, + "panelIndex": "a58e223b-2453-4dcd-9de5-8a6101d9964d", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Users", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 17, + "i": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", + "w": 48, + "x": 0, + "y": 34 + }, + "panelIndex": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", + "panelRefName": "panel_4", + "version": "8.0.0" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Users - Issues", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", + "name": "panel_4", + "type": "search" }, - "gridData": { - "h": 20, - "i": "a58e223b-2453-4dcd-9de5-8a6101d9964d", - "w": 16, - "x": 32, - "y": 14 + { + "type": "search", + "name": "aed09807-f936-4881-960d-30039d3fb5cd:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" }, - "panelIndex": "a58e223b-2453-4dcd-9de5-8a6101d9964d", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" }, - "gridData": { - "h": 17, - "i": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", - "w": 48, - "x": 0, - "y": 34 + { + "type": "search", + "name": "ded4c445-2a0a-448c-9318-38b166d11d73:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" }, - "panelIndex": "4909f0f5-c8df-40f8-bc49-df24cb056b8c", - "panelRefName": "panel_4", - "version": "8.0.0" - } + { + "type": "search", + "name": "a58e223b-2453-4dcd-9de5-8a6101d9964d:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Issues", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "search" - }, - { - "type": "search", - "name": "aed09807-f936-4881-960d-30039d3fb5cd:search_0", - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6:search_0", - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "ded4c445-2a0a-448c-9318-38b166d11d73:search_0", - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "a58e223b-2453-4dcd-9de5-8a6101d9964d:search_0", - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json index a16317821b0..7e3fc33d625 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json @@ -1,216 +1,216 @@ { - "id": "hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwMSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Search: Help", - "description": "", - "uiState": {}, - "params": { - "fontSize": 12, - "markdown": "Search engines need to return quickly since users are waiting on their results. There is a direct correlation between search time and user experience.\n\nAs a general rule, Search stored procedures should take less than a second to run on average. \n\nSearch stored procedure performance is impacted by elements such as:\n\n* Data size. Larger data consumes more CPU, Ram, Disk I/O on the database server. \n* Policies such as acls, filtering, etc. \n* Indexes. Sometimes they fragment degrading overall performance. \n* Table/Index Locking with other database actions.\n\nStrategies for improving database search performance include:\n\n* Rebuild fragmented database indexes.\n* Evaluate if more RAM/CPU\n\nWhen these don't work, Developers will need database execution plans to review options.", - "openLinksInNewTab": false - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { + "id": "hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 25, - "i": "63969223-a0de-4d10-aa3a-5a7de19681c2", - "w": 13, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "63969223-a0de-4d10-aa3a-5a7de19681c2", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Search performance", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Search: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Search engines need to return quickly since users are waiting on their results. There is a direct correlation between search time and user experience.\n\nAs a general rule, Search stored procedures should take less than a second to run on average. \n\nSearch stored procedure performance is impacted by elements such as:\n\n* Data size. Larger data consumes more CPU, Ram, Disk I/O on the database server. \n* Policies such as acls, filtering, etc. \n* Indexes. Sometimes they fragment degrading overall performance. \n* Table/Index Locking with other database actions.\n\nStrategies for improving database search performance include:\n\n* Rebuild fragmented database indexes.\n* Evaluate if more RAM/CPU\n\nWhen these don't work, Developers will need database execution plans to review options.", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "gridData": { + "h": 25, + "i": "63969223-a0de-4d10-aa3a-5a7de19681c2", + "w": 13, + "x": 0, + "y": 0 + }, + "panelIndex": "63969223-a0de-4d10-aa3a-5a7de19681c2", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Search performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "gridData": { + "h": 25, + "i": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", + "w": 35, + "x": 13, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "panelIndex": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" + "gridData": { + "h": 16, + "i": "250f87a6-96dc-417f-a704-ee29e9669992", + "w": 48, + "x": 0, + "y": 25 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "250f87a6-96dc-417f-a704-ee29e9669992", + "panelRefName": "panel_2", + "version": "8.0.0" } - } - }, - "gridData": { - "h": 25, - "i": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", - "w": 35, - "x": 13, - "y": 0 - }, - "panelIndex": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "250f87a6-96dc-417f-a704-ee29e9669992", - "w": 48, - "x": 0, - "y": 25 + ], + "timeRestore": false, + "title": "[Bravura Monitor] Database - Search", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa", + "name": "panel_2", + "type": "search" }, - "panelIndex": "250f87a6-96dc-417f-a704-ee29e9669992", - "panelRefName": "panel_2", - "version": "8.0.0" - } + { + "type": "search", + "name": "37dcff04-67ca-46e6-bea3-b6be4a08bce8:search_0", + "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Search", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "search" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "37dcff04-67ca-46e6-bea3-b6be4a08bce8:search_0", - "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json index cb5fcec4720..7ab53037a87 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json @@ -1,263 +1,263 @@ { - "id": "hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwMiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { + "id": "hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "annotations": [], - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "24e4b310-069e-11ec-8d63-433b7d9c06cf" - } - ], - "bar_color_rules": [ - { - "id": "015e0b70-069f-11ec-8d63-433b7d9c06cf" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "hid_bravura_monitor.perf.kind: PerfExe AND NOT (hid_bravura_monitor.perf.exe: *plugin*)" - }, - "gauge_color_rules": [ - { - "id": "040388f0-069f-11ec-8d63-433b7d9c06cf" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_bars": 80, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { "language": "kuery", "query": "" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ - { - "field": "hid_bravura_monitor.perf.duration", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_exclude": "", - "terms_field": "hid_bravura_monitor.perf.exe", - "type": "timeseries" } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Executable Average Duration", - "type": "metrics", - "uiState": {} - }, - "type": "visualization" + } }, - "gridData": { - "h": 17, - "i": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Executables: Performance", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } + "panelsJSON": [ + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "annotations": [], + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "24e4b310-069e-11ec-8d63-433b7d9c06cf" + } + ], + "bar_color_rules": [ + { + "id": "015e0b70-069f-11ec-8d63-433b7d9c06cf" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "hid_bravura_monitor.perf.kind: PerfExe AND NOT (hid_bravura_monitor.perf.exe: *plugin*)" + }, + "gauge_color_rules": [ + { + "id": "040388f0-069f-11ec-8d63-433b7d9c06cf" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_bars": 80, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "hid_bravura_monitor.perf.duration", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_exclude": "", + "terms_field": "hid_bravura_monitor.perf.exe", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Executable Average Duration", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Executables: Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "gridData": { + "h": 25, + "i": "198257f3-2b86-41f1-83cf-2090465b56a8", + "w": 48, + "x": 0, + "y": 17 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "198257f3-2b86-41f1-83cf-2090465b56a8", + "version": "8.0.0", + "type": "visualization" } - } - }, - "gridData": { - "h": 25, - "i": "198257f3-2b86-41f1-83cf-2090465b56a8", - "w": 48, - "x": 0, - "y": 17 - }, - "panelIndex": "198257f3-2b86-41f1-83cf-2090465b56a8", - "version": "7.14.0", - "type": "visualization" - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Processes - Executables", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "198257f3-2b86-41f1-83cf-2090465b56a8:search_0", + "id": "hid_bravura_monitor-95032a30-2eab-11eb-b6a1-bdb7d768b585" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Processes - Executables", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "198257f3-2b86-41f1-83cf-2090465b56a8:search_0", - "id": "hid_bravura_monitor-95032a30-2eab-11eb-b6a1-bdb7d768b585" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json index 9b80e11123f..9e469384285 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json @@ -1,427 +1,427 @@ { - "id": "hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwMywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Workflow: Operations per Node", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 20, - "i": "2852a22c-425f-45b2-b953-6b0f3d214447", - "w": 11, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "2852a22c-425f-45b2-b953-6b0f3d214447", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Workflow: Operation Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operations per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 20, + "i": "2852a22c-425f-45b2-b953-6b0f3d214447", + "w": 11, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 20, - "i": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", - "w": 37, - "x": 11, - "y": 0 - }, - "panelIndex": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Workflow: Operations", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "2852a22c-425f-45b2-b953-6b0f3d214447", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 20, + "i": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", + "w": 37, + "x": 11, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "panelIndex": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operations", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "gridData": { + "h": 15, + "i": "c3a20836-de82-44e2-a23c-38ac861cc7df", + "w": 48, + "x": 0, + "y": 20 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "panelIndex": "c3a20836-de82-44e2-a23c-38ac861cc7df", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 15, + "i": "aa105229-2ee8-417b-a85b-ab83300357ee", + "w": 48, + "x": 0, + "y": 35 + }, + "panelIndex": "aa105229-2ee8-417b-a85b-ab83300357ee", + "panelRefName": "panel_3", + "version": "8.0.0" } - } - }, - "gridData": { - "h": 15, - "i": "c3a20836-de82-44e2-a23c-38ac861cc7df", - "w": 48, - "x": 0, - "y": 20 + ], + "timeRestore": false, + "title": "[Bravura Monitor] Workflow - Summary (Logs)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" }, - "panelIndex": "c3a20836-de82-44e2-a23c-38ac861cc7df", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "2852a22c-425f-45b2-b953-6b0f3d214447:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" }, - "gridData": { - "h": 15, - "i": "aa105229-2ee8-417b-a85b-ab83300357ee", - "w": 48, - "x": 0, - "y": 35 + { + "type": "search", + "name": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" }, - "panelIndex": "aa105229-2ee8-417b-a85b-ab83300357ee", - "panelRefName": "panel_3", - "version": "8.0.0" - } + { + "type": "search", + "name": "c3a20836-de82-44e2-a23c-38ac861cc7df:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Workflow - Summary (Logs)", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" - }, - { - "type": "search", - "name": "2852a22c-425f-45b2-b953-6b0f3d214447:search_0", - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" - }, - { - "type": "search", - "name": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac:search_0", - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "c3a20836-de82-44e2-a23c-38ac861cc7df:search_0", - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json index 91dddaec7d2..65fa2c5edb7 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json @@ -1,307 +1,307 @@ { - "id": "hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwNCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Administrative Summary Table", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Integration", - "field": "winlog.event_data.Module", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 20, - "i": "647b541e-ba69-4580-8b5c-82b99e9141db", - "w": 14, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "647b541e-ba69-4580-8b5c-82b99e9141db", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Administrative Summary", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Administrative Summary Table", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Integration", + "field": "winlog.event_data.Module", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "647b541e-ba69-4580-8b5c-82b99e9141db", + "w": 14, + "x": 0, + "y": 0 + }, + "panelIndex": "647b541e-ba69-4580-8b5c-82b99e9141db", + "version": "8.0.0", + "type": "visualization" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Administrative Summary", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 20, + "i": "3d4e7a89-9376-40e8-a110-aea6fad8704d", + "w": 34, + "x": 14, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "3d4e7a89-9376-40e8-a110-aea6fad8704d", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "c530e489-474a-4a2a-8498-860233140305", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "c530e489-474a-4a2a-8498-860233140305", + "panelRefName": "panel_2", + "version": "7.11.0" } - } - }, - "gridData": { - "h": 20, - "i": "3d4e7a89-9376-40e8-a110-aea6fad8704d", - "w": 34, - "x": 14, - "y": 0 - }, - "panelIndex": "3d4e7a89-9376-40e8-a110-aea6fad8704d", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + ], + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Summary", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", + "name": "panel_2", + "type": "search" }, - "gridData": { - "h": 19, - "i": "c530e489-474a-4a2a-8498-860233140305", - "w": 48, - "x": 0, - "y": 20 + { + "type": "search", + "name": "647b541e-ba69-4580-8b5c-82b99e9141db:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, - "panelIndex": "c530e489-474a-4a2a-8498-860233140305", - "panelRefName": "panel_2", - "version": "7.11.0" - } + { + "type": "search", + "name": "3d4e7a89-9376-40e8-a110-aea6fad8704d:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Summary", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "search" - }, - { - "type": "search", - "name": "647b541e-ba69-4580-8b5c-82b99e9141db:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "3d4e7a89-9376-40e8-a110-aea6fad8704d:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json index 9b19c88d2fe..028d77fd688 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json @@ -1,241 +1,241 @@ { - "id": "hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwNSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { + "id": "hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "hid_bravura_monitor.perf.kind: PerfExe AND hid_bravura_monitor.perf.exe: *plugin*" - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "max_bars": 70, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ - { - "field": "hid_bravura_monitor.perf.duration", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "hid_bravura_monitor.perf.exe", - "type": "timeseries" + "language": "kuery", + "query": "" } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "tooltip_mode": "show_all", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "", - "type": "metrics", - "uiState": {} - }, - "type": "visualization" + } }, - "gridData": { - "h": 17, - "i": "9f0e186d-5e7d-495b-968b-65a909a63c78", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "9f0e186d-5e7d-495b-968b-65a909a63c78", - "title": "Plugin Average Duration", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Plugin: Performance", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "9f0e186d-5e7d-495b-968b-65a909a63c78", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "panelIndex": "9f0e186d-5e7d-495b-968b-65a909a63c78", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "hid_bravura_monitor.perf.kind: PerfExe AND hid_bravura_monitor.perf.exe: *plugin*" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_bars": 70, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "hid_bravura_monitor.perf.duration", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "hid_bravura_monitor.perf.exe", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "title": "Plugin Average Duration" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Plugin: Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Plugin", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" + "gridData": { + "h": 25, + "i": "f71897e4-f55e-4fb5-93e1-8825546d3116", + "w": 48, + "x": 0, + "y": 17 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Plugin", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "f71897e4-f55e-4fb5-93e1-8825546d3116", + "version": "8.0.0", + "type": "visualization" } - } - }, - "gridData": { - "h": 25, - "i": "f71897e4-f55e-4fb5-93e1-8825546d3116", - "w": 48, - "x": 0, - "y": 17 - }, - "panelIndex": "f71897e4-f55e-4fb5-93e1-8825546d3116", - "version": "7.14.0", - "type": "visualization" - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Processes - Plugins", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "f71897e4-f55e-4fb5-93e1-8825546d3116:search_0", + "id": "hid_bravura_monitor-39072a50-2f42-11eb-b6a1-bdb7d768b585" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Processes - Plugins", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "f71897e4-f55e-4fb5-93e1-8825546d3116:search_0", - "id": "hid_bravura_monitor-39072a50-2f42-11eb-b6a1-bdb7d768b585" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json index c80a00fa3c6..35a335bd471 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json @@ -1,673 +1,673 @@ { - "id": "hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwNiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Bravura: Selector: Return Code", - "description": "", - "uiState": {}, - "params": { - "controls": [ - { - "fieldName": "hid_bravura_monitor.perf.result", - "id": "1606164462534", - "indexPatternRefName": "control_0_index_pattern", - "label": "Return Code", - "options": { - "dynamicOptions": true, - "multiselect": false, - "order": "desc", - "size": 10, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "type": "input_control_vis", - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], + "id": "hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 7, - "i": "11dfd31e-217a-468c-b9a4-1d171916550b", - "w": 12, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "11dfd31e-217a-468c-b9a4-1d171916550b", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector Return Code: Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bravura: Selector: Return Code", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "hid_bravura_monitor.perf.result", + "id": "1606164462534", + "indexPatternRefName": "control_0_index_pattern", + "label": "Return Code", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 10, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 7, + "i": "11dfd31e-217a-468c-b9a4-1d171916550b", + "w": 12, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 17, - "i": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", - "w": 36, - "x": 12, - "y": 0 - }, - "panelIndex": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector Return Code: Legend", - "description": "", - "uiState": {}, - "params": { - "fontSize": 10, - "markdown": "Success - 0\n\nUnknown Error - 1\n\nCannot Connect - 3\n\nInvalid Server - 5\n\nAccess Denied - 11\n\nVerify Failed - 14", - "openLinksInNewTab": false + "panelIndex": "11dfd31e-217a-468c-b9a4-1d171916550b", + "version": "8.0.0", + "type": "visualization" }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 10, - "i": "8e87968f-419b-416a-88b4-69575d6ca6c8", - "w": 12, - "x": 0, - "y": 7 - }, - "panelIndex": "8e87968f-419b-416a-88b4-69575d6ca6c8", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector Return Code: Operation count", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 17, + "i": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Legend", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "Success - 0\n\nUnknown Error - 1\n\nCannot Connect - 3\n\nInvalid Server - 5\n\nAccess Denied - 11\n\nVerify Failed - 14", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "8e87968f-419b-416a-88b4-69575d6ca6c8", + "w": 12, + "x": 0, + "y": 7 + }, + "panelIndex": "8e87968f-419b-416a-88b4-69575d6ca6c8", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Operation count", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation", + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation", - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 19, - "i": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", - "w": 12, - "x": 0, - "y": 17 - }, - "panelIndex": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector Return Code: Executable Count", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "gridData": { + "h": 19, + "i": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", + "w": 12, + "x": 0, + "y": 17 + }, + "panelIndex": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Executable Count", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Executable", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", + "w": 9, + "x": 12, + "y": 17 + }, + "panelIndex": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Node counts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Executable", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 19, - "i": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", - "w": 9, - "x": 12, - "y": 17 - }, - "panelIndex": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector Return Code: Node counts", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "gridData": { + "h": 19, + "i": "4e305609-b4cd-47c1-b927-9bbb1905f879", + "w": 9, + "x": 21, + "y": 17 + }, + "panelIndex": "4e305609-b4cd-47c1-b927-9bbb1905f879", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Messages", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message", + "field": "hid_bravura_monitor.perf.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 19, + "i": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", + "w": 18, + "x": 30, + "y": 17 + }, + "panelIndex": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 15, + "i": "5added44-f55b-4d64-bac0-af8514792e8c", + "w": 48, + "x": 0, + "y": 36 + }, + "panelIndex": "5added44-f55b-4d64-bac0-af8514792e8c", + "panelRefName": "panel_7", + "version": "7.11.0" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Integrations - Connector Return Code", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", + "name": "panel_7", + "type": "search" }, - "gridData": { - "h": 19, - "i": "4e305609-b4cd-47c1-b927-9bbb1905f879", - "w": 9, - "x": 21, - "y": 17 + { + "type": "index-pattern", + "name": "11dfd31e-217a-468c-b9a4-1d171916550b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "4e305609-b4cd-47c1-b927-9bbb1905f879", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector Return Code: Messages", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message", - "field": "hid_bravura_monitor.perf.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "type": "index-pattern", + "name": "11dfd31e-217a-468c-b9a4-1d171916550b:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, - "gridData": { - "h": 19, - "i": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", - "w": 18, - "x": 30, - "y": 17 + { + "type": "search", + "name": "d8250cb1-181e-4c67-8a07-2b5adaa631e1:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, - "panelIndex": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, - "gridData": { - "h": 15, - "i": "5added44-f55b-4d64-bac0-af8514792e8c", - "w": 48, - "x": 0, - "y": 36 + { + "type": "search", + "name": "4e305609-b4cd-47c1-b927-9bbb1905f879:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, - "panelIndex": "5added44-f55b-4d64-bac0-af8514792e8c", - "panelRefName": "panel_7", - "version": "7.11.0" - } + { + "type": "search", + "name": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Integrations - Connector Return Code", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "panel_7", - "type": "search" - }, - { - "type": "index-pattern", - "name": "11dfd31e-217a-468c-b9a4-1d171916550b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "11dfd31e-217a-468c-b9a4-1d171916550b:control_0_index_pattern", - "id": "logs-*" - }, - { - "type": "search", - "name": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e:search_0", - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "d8250cb1-181e-4c67-8a07-2b5adaa631e1:search_0", - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe:search_0", - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "4e305609-b4cd-47c1-b927-9bbb1905f879:search_0", - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0:search_0", - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json index 7e790377cb5..79cbe25386e 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json @@ -1,283 +1,283 @@ { - "id": "hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwNywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Dataset: Log Type Counts", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Log Type", - "field": "hid_bravura_monitor.perf.kind", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 25, - "i": "bbd62230-da7b-4a8d-8048-164a39c870a6", - "w": 12, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "bbd62230-da7b-4a8d-8048-164a39c870a6", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Dataset: Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dataset: Log Type Counts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log Type", + "field": "hid_bravura_monitor.perf.kind", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "bbd62230-da7b-4a8d-8048-164a39c870a6", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "bbd62230-da7b-4a8d-8048-164a39c870a6", + "version": "8.0.0", + "type": "visualization" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dataset: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 25, + "i": "006c196d-830d-4713-bf84-1bf393366bdc", + "w": 36, + "x": 12, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "006c196d-830d-4713-bf84-1bf393366bdc", + "version": "8.0.0", + "type": "visualization" } - } - }, - "gridData": { - "h": 25, - "i": "006c196d-830d-4713-bf84-1bf393366bdc", - "w": 36, - "x": 12, - "y": 0 + ], + "timeRestore": false, + "title": "[Bravura Monitor] Dataset - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "bbd62230-da7b-4a8d-8048-164a39c870a6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "006c196d-830d-4713-bf84-1bf393366bdc", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "search", + "name": "006c196d-830d-4713-bf84-1bf393366bdc:search_0", + "id": "hid_bravura_monitor-465760e0-25d7-11eb-abcf-effcd51852fa" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Dataset - Summary", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "bbd62230-da7b-4a8d-8048-164a39c870a6:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "006c196d-830d-4713-bf84-1bf393366bdc:search_0", - "id": "hid_bravura_monitor-465760e0-25d7-11eb-abcf-effcd51852fa" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json index 05e2c2338c8..4e2126c8c9b 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json @@ -1,922 +1,922 @@ { - "id": "hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwOCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Replication Database Connection Failures", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "6" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "6" - } - } - } - ], + "id": "hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "b525b8b8-13fc-4a51-82b0-233acc227625", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "b525b8b8-13fc-4a51-82b0-233acc227625", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Replication Database Transaction Failures", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Database Connection Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "6" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "6" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "b525b8b8-13fc-4a51-82b0-233acc227625", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "b525b8b8-13fc-4a51-82b0-233acc227625", + "version": "8.0.0", + "type": "visualization" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Database Transaction Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "8" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "8" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "8" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "8" - } + "gridData": { + "h": 15, + "i": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Queue Insert Failures", + "description": "Failed to insert data into database replication queue", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "9" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "9" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Replication Queue Insert Failures", - "description": "Failed to insert data into database replication queue", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + }, + "gridData": { + "h": 15, + "i": "c23d8833-8154-4aa8-af8e-44dccd8cc199", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "c23d8833-8154-4aa8-af8e-44dccd8cc199", + "version": "8.0.0", + "type": "visualization" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Replication Database Stored Procedure Failures", + "description": "Failed to run stored procedure on replication database.", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "10" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "10" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "9" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "9" - } + "gridData": { + "h": 15, + "i": "085c710d-1038-4a6a-be6f-21039079b15b", + "w": 16, + "x": 16, + "y": 15 + }, + "panelIndex": "085c710d-1038-4a6a-be6f-21039079b15b", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "File Replication Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "78" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "78" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "c23d8833-8154-4aa8-af8e-44dccd8cc199", - "w": 16, - "x": 0, - "y": 15 - }, - "panelIndex": "c23d8833-8154-4aa8-af8e-44dccd8cc199", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Replication Database Stored Procedure Failures", - "description": "Failed to run stored procedure on replication database.", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + }, + "gridData": { + "h": 15, + "i": "33ae3b0f-db67-48f5-abb8-192c029c5d98", + "w": 16, + "x": 32, + "y": 15 + }, + "panelIndex": "33ae3b0f-db67-48f5-abb8-192c029c5d98", + "version": "8.0.0", + "type": "visualization" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "10" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "10" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 15, + "i": "a70a3621-2a8e-48ed-8870-201731c7e08a", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "a70a3621-2a8e-48ed-8870-201731c7e08a", + "panelRefName": "panel_5", + "version": "8.0.0" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Database - Replication (Windows Event)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-9a787d10-0521-11ec-853c-2bf1ec8ddeef", + "name": "panel_5", + "type": "search" }, - "gridData": { - "h": 15, - "i": "085c710d-1038-4a6a-be6f-21039079b15b", - "w": 16, - "x": 16, - "y": 15 + { + "type": "index-pattern", + "name": "b525b8b8-13fc-4a51-82b0-233acc227625:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "085c710d-1038-4a6a-be6f-21039079b15b", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "File Replication Errors", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "78" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "78" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "type": "search", + "name": "b525b8b8-13fc-4a51-82b0-233acc227625:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 15, - "i": "33ae3b0f-db67-48f5-abb8-192c029c5d98", - "w": 16, - "x": 32, - "y": 15 + { + "type": "search", + "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" }, - "panelIndex": "33ae3b0f-db67-48f5-abb8-192c029c5d98", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "index-pattern", + "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 15, - "i": "a70a3621-2a8e-48ed-8870-201731c7e08a", - "w": 48, - "x": 0, - "y": 30 + { + "type": "search", + "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" }, - "panelIndex": "a70a3621-2a8e-48ed-8870-201731c7e08a", - "panelRefName": "panel_5", - "version": "8.0.0" - } + { + "type": "index-pattern", + "name": "085c710d-1038-4a6a-be6f-21039079b15b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "085c710d-1038-4a6a-be6f-21039079b15b:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Replication (Windows Event)", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-9a787d10-0521-11ec-853c-2bf1ec8ddeef", - "name": "panel_5", - "type": "search" - }, - { - "type": "index-pattern", - "name": "b525b8b8-13fc-4a51-82b0-233acc227625:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "b525b8b8-13fc-4a51-82b0-233acc227625:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "085c710d-1038-4a6a-be6f-21039079b15b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "085c710d-1038-4a6a-be6f-21039079b15b:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json index a149692cdb5..b3127b02a9a 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json @@ -1,640 +1,640 @@ { - "id": "hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcwOSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Pages: Help", - "description": "", - "uiState": {}, - "params": { - "fontSize": 12, - "markdown": "Transactions represent a UI page the user sees.\n\nWhat pages are people calling and what performance are they experiencing?", - "openLinksInNewTab": false - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { + "id": "hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 10, - "i": "486bc4b4-3c64-46f8-a319-01204f38c3be", - "w": 7, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "486bc4b4-3c64-46f8-a319-01204f38c3be", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Users: Summary: Node Usage", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count of unique User ID" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count of unique User ID" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count of unique User ID", - "field": "user.id" - }, - "schema": "metric", - "type": "cardinality" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Pages: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Transactions represent a UI page the user sees.\n\nWhat pages are people calling and what performance are they experiencing?", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 10, + "i": "486bc4b4-3c64-46f8-a319-01204f38c3be", + "w": 7, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hid_bravura_monitor.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hid_bravura_monitor.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 10, - "i": "b5abbb3d-eb82-45a8-a972-13b692b11c16", - "w": 41, - "x": 7, - "y": 0 - }, - "panelIndex": "b5abbb3d-eb82-45a8-a972-13b692b11c16", - "title": "Users: Pages: Node Usage", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "title": "Users: Summary: User Logins", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "486bc4b4-3c64-46f8-a319-01204f38c3be", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Name", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Users: Summary: Node Usage", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count of unique User ID" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count of unique User ID" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count of unique User ID", + "field": "user.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hid_bravura_monitor.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hid_bravura_monitor.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "psf.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "psf.exe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": false, - "params": { - "query": "C_AUTHCHAIN_LOGIN" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "f1b6be80-c65b-4d88-861a-e8a66275bd62", - "w": 10, - "x": 0, - "y": 10 - }, - "panelIndex": "f1b6be80-c65b-4d88-861a-e8a66275bd62", - "title": "Users: Pages: User Logins", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Pages: UI Transactions", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + }, + "gridData": { + "h": 10, + "i": "b5abbb3d-eb82-45a8-a972-13b692b11c16", + "w": 41, + "x": 7, + "y": 0 + }, + "panelIndex": "b5abbb3d-eb82-45a8-a972-13b692b11c16", + "title": "Users: Pages: Node Usage", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Users: Summary: User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psf.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psf.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "params": { + "query": "C_AUTHCHAIN_LOGIN" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "UI Transaction", - "field": "hid_bravura_monitor.perf.transid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 18, + "i": "f1b6be80-c65b-4d88-861a-e8a66275bd62", + "w": 10, + "x": 0, + "y": 10 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Executable", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "panelIndex": "f1b6be80-c65b-4d88-861a-e8a66275bd62", + "title": "Users: Pages: User Logins", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Pages: UI Transactions", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "UI Transaction", + "field": "hid_bravura_monitor.perf.transid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Executable", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Transaction is NULL", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": true, + "params": { + "query": "" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "hid_bravura_monitor.perf.transid" + }, + "meta": { + "alias": "Transaction exists", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "gridData": { + "h": 18, + "i": "09961de3-ede6-4ecf-a45a-ebe3040366f0", + "w": 38, + "x": 10, + "y": 10 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "panelIndex": "09961de3-ede6-4ecf-a45a-ebe3040366f0", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "gridData": { + "h": 16, + "i": "144da17a-d86d-49a2-9dfa-db606fb73c54", + "w": 48, + "x": 0, + "y": 28 }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": "Transaction is NULL", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": true, - "params": { - "query": "" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.transid": "" - } - } - }, - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "hid_bravura_monitor.perf.transid" - }, - "meta": { - "alias": "Transaction exists", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": false, - "type": "exists", - "value": "exists" - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "144da17a-d86d-49a2-9dfa-db606fb73c54", + "panelRefName": "panel_4", + "version": "7.11.0" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Users - Pages", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", + "name": "panel_4", + "type": "search" + }, + { + "type": "index-pattern", + "name": "b5abbb3d-eb82-45a8-a972-13b692b11c16:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 18, - "i": "09961de3-ede6-4ecf-a45a-ebe3040366f0", - "w": 38, - "x": 10, - "y": 10 + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" }, - "panelIndex": "09961de3-ede6-4ecf-a45a-ebe3040366f0", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 16, - "i": "144da17a-d86d-49a2-9dfa-db606fb73c54", - "w": 48, - "x": 0, - "y": 28 + { + "type": "index-pattern", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "144da17a-d86d-49a2-9dfa-db606fb73c54", - "panelRefName": "panel_4", - "version": "7.11.0" - } + { + "type": "index-pattern", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:search_0", + "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Pages", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", - "name": "panel_4", - "type": "search" - }, - { - "type": "index-pattern", - "name": "b5abbb3d-eb82-45a8-a972-13b692b11c16:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:search_0", - "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json index 9fbbd93beff..b789663f809 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json @@ -1,364 +1,364 @@ { - "id": "hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxMCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Password Resets Started", - "description": "62 - Self-service password reset\n65 - Help-desk assisted password reset", - "uiState": {}, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "62", - "65" - ], - "type": "phrases", - "value": "62, 65" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "62" - } - }, - { - "match_phrase": { - "event.code": "65" - } - } - ] - } - } - } - ], + "id": "hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 26, - "i": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", - "w": 13, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Password Resets Trend", - "description": "63 - Self-service password reset successful.\n64 - Self-service password reset failed.\n66 - Help-desk assisted password reset successful.\n67 - Help-desk assisted password reset failed.", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "line", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Password Resets Started", + "description": "62 - Self-service password reset\n65 - Help-desk assisted password reset", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "62", + "65" + ], + "type": "phrases", + "value": "62, 65" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "62" + } + }, + { + "match_phrase": { + "event.code": "65" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 26, + "i": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", + "w": 13, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "63", - "64", - "66", - "67" - ], - "type": "phrases", - "value": "63, 64, 66, 67" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "63" - } - }, - { - "match_phrase": { - "event.code": "64" - } - }, - { - "match_phrase": { - "event.code": "66" - } - }, - { - "match_phrase": { - "event.code": "67" + "panelIndex": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Password Resets Trend", + "description": "63 - Self-service password reset successful.\n64 - Self-service password reset failed.\n66 - Help-desk assisted password reset successful.\n67 - Help-desk assisted password reset failed.", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "63", + "64", + "66", + "67" + ], + "type": "phrases", + "value": "63, 64, 66, 67" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "63" + } + }, + { + "match_phrase": { + "event.code": "64" + } + }, + { + "match_phrase": { + "event.code": "66" + } + }, + { + "match_phrase": { + "event.code": "67" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } } - } - ] - } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 26, + "i": "11298d56-d098-45e3-b23a-6992c24c5652", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "11298d56-d098-45e3-b23a-6992c24c5652", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Administrative - Password Resets", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, - "gridData": { - "h": 26, - "i": "11298d56-d098-45e3-b23a-6992c24c5652", - "w": 35, - "x": 13, - "y": 0 + { + "type": "index-pattern", + "name": "11298d56-d098-45e3-b23a-6992c24c5652:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "11298d56-d098-45e3-b23a-6992c24c5652", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "search", + "name": "11298d56-d098-45e3-b23a-6992c24c5652:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Administrative - Password Resets", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "11298d56-d098-45e3-b23a-6992c24c5652:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "11298d56-d098-45e3-b23a-6992c24c5652:search_0", - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json index acd7c74ee72..955cd70cfba 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json @@ -1,415 +1,415 @@ { - "id": "hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxMSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Requesters", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Requester", - "field": "winlog.event_data.Requester", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": true, - "params": { - "query": "85" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "85" - } - } - } - ], + "id": "hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "84ac5874-8913-4514-8d51-f2b3cd522a49", - "w": 11, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "84ac5874-8913-4514-8d51-f2b3cd522a49", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Workflow Request Trend", - "description": "81 - Approved\n82 - Denied\n83 - Cancelled\n84 - Revoked\n85 - Processed", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "line", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Requesters", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Requester", + "field": "winlog.event_data.Requester", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": true, + "params": { + "query": "85" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "85" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 15, + "i": "84ac5874-8913-4514-8d51-f2b3cd522a49", + "w": 11, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 30, - "i": "9f39a308-2152-471a-911f-5bb8e316262e", - "w": 37, - "x": 11, - "y": 0 - }, - "panelIndex": "9f39a308-2152-471a-911f-5bb8e316262e", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top 10 Recipients", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" + "panelIndex": "84ac5874-8913-4514-8d51-f2b3cd522a49", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Workflow Request Trend", + "description": "81 - Approved\n82 - Denied\n83 - Cancelled\n84 - Revoked\n85 - Processed", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Recipient", - "field": "winlog.event_data.Recipient", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": true, - "params": { - "query": "85" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "85" - } + "gridData": { + "h": 30, + "i": "9f39a308-2152-471a-911f-5bb8e316262e", + "w": 37, + "x": 11, + "y": 0 + }, + "panelIndex": "9f39a308-2152-471a-911f-5bb8e316262e", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top 10 Recipients", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Recipient", + "field": "winlog.event_data.Recipient", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": true, + "params": { + "query": "85" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "85" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 15, + "i": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", + "w": 11, + "x": 0, + "y": 15 + }, + "panelIndex": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "87039932-a528-4dba-875e-bed137149330", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "87039932-a528-4dba-875e-bed137149330", + "panelRefName": "panel_3", + "version": "8.0.0" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Workflow - Summary (Windows Event)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", + "name": "panel_3", + "type": "search" }, - "gridData": { - "h": 15, - "i": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", - "w": 11, - "x": 0, - "y": 15 + { + "type": "index-pattern", + "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" }, - "gridData": { - "h": 18, - "i": "87039932-a528-4dba-875e-bed137149330", - "w": 48, - "x": 0, - "y": 30 + { + "type": "search", + "name": "9f39a308-2152-471a-911f-5bb8e316262e:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" }, - "panelIndex": "87039932-a528-4dba-875e-bed137149330", - "panelRefName": "panel_3", - "version": "8.0.0" - } + { + "type": "index-pattern", + "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Workflow - Summary (Windows Event)", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "panel_3", - "type": "search" - }, - { - "type": "index-pattern", - "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:search_0", - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" - }, - { - "type": "search", - "name": "9f39a308-2152-471a-911f-5bb8e316262e:search_0", - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:search_0", - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json index a57e52a14f4..0ffb7aa2f6a 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json @@ -1,378 +1,378 @@ { - "id": "hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxMiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Operation Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Target Performance", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target ID", - "field": "hid_bravura_monitor.perf.targetid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "gridData": { + "h": 15, + "i": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "panelIndex": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Target Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target ID", + "field": "hid_bravura_monitor.perf.targetid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "gridData": { + "h": 18, + "i": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", + "w": 48, + "x": 0, + "y": 15 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Integrations - Connector Performance", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 18, - "i": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", - "w": 48, - "x": 0, - "y": 15 + { + "type": "index-pattern", + "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "index-pattern", + "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Integrations - Connector Performance", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json index 2dc42b3728a..90034df53ca 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json @@ -1,456 +1,456 @@ { - "id": "hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxMywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Replication: Total over time", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Total (ms)" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (ms)" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 15, - "i": "f5d8eb70-30ce-4899-9905-2aa35954d01d", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "f5d8eb70-30ce-4899-9905-2aa35954d01d", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Replication: Stored Procedures", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Total over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Total (ms)" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (ms)" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 15, + "i": "f5d8eb70-30ce-4899-9905-2aa35954d01d", + "w": 48, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "panelIndex": "f5d8eb70-30ce-4899-9905-2aa35954d01d", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Stored Procedures", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "gridData": { + "h": 15, + "i": "a5499566-62cb-421c-8276-7a9398643a06", + "w": 24, + "x": 0, + "y": 15 }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 15, - "i": "a5499566-62cb-421c-8276-7a9398643a06", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "a5499566-62cb-421c-8276-7a9398643a06", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Replication: Load by queue", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "a5499566-62cb-421c-8276-7a9398643a06", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Load by queue", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Queue", + "field": "hid_bravura_monitor.perf.receivequeue", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" + "gridData": { + "h": 15, + "i": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", + "w": 24, + "x": 24, + "y": 15 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" + "panelIndex": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Queue", - "field": "hid_bravura_monitor.perf.receivequeue", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 15, + "i": "84970d7a-efbd-451d-9619-25381510ab94", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "84970d7a-efbd-451d-9619-25381510ab94", + "panelRefName": "panel_3", + "version": "8.0.0" } - } - }, - "gridData": { - "h": 15, - "i": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", - "w": 24, - "x": 24, - "y": 15 + ], + "timeRestore": false, + "title": "[Bravura Monitor] Database - Replication (Logs)", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", + "name": "panel_3", + "type": "search" }, - "panelIndex": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "f5d8eb70-30ce-4899-9905-2aa35954d01d:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" }, - "gridData": { - "h": 15, - "i": "84970d7a-efbd-451d-9619-25381510ab94", - "w": 48, - "x": 0, - "y": 30 + { + "type": "search", + "name": "a5499566-62cb-421c-8276-7a9398643a06:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" }, - "panelIndex": "84970d7a-efbd-451d-9619-25381510ab94", - "panelRefName": "panel_3", - "version": "8.0.0" - } + { + "type": "search", + "name": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Replication (Logs)", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "panel_3", - "type": "search" - }, - { - "type": "search", - "name": "f5d8eb70-30ce-4899-9905-2aa35954d01d:search_0", - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" - }, - { - "type": "search", - "name": "a5499566-62cb-421c-8276-7a9398643a06:search_0", - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8:search_0", - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json index 26be4addcdf..982f2571363 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json @@ -1,545 +1,545 @@ { - "id": "hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxNCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: API: Help", - "description": "", - "uiState": {}, - "params": { - "fontSize": 12, - "markdown": "Ajax is a REST like API used by the UI.\n\nWhat actions are people calling and what performance are they experiencing?", - "openLinksInNewTab": false - }, - "type": "markdown", - "data": { - "aggs": [], - "searchSource": { + "id": "hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4OCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 13, - "i": "f71be298-074a-43c0-a3fe-1035fd98a8a7", - "w": 6, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "f71be298-074a-43c0-a3fe-1035fd98a8a7", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: API: Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Ajax is a REST like API used by the UI.\n\nWhat actions are people calling and what performance are they experiencing?", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 13, + "i": "f71be298-074a-43c0-a3fe-1035fd98a8a7", + "w": 6, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 13, - "i": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", - "w": 42, - "x": 6, - "y": 0 - }, - "panelIndex": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: API: Users", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "f71be298-074a-43c0-a3fe-1035fd98a8a7", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "60432682-b874-48c8-9b8b-3bbf4e650385", - "w": 12, - "x": 0, - "y": 13 - }, - "panelIndex": "60432682-b874-48c8-9b8b-3bbf4e650385", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: API: Calls per Node", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "gridData": { + "h": 13, + "i": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", + "w": 42, + "x": 6, + "y": 0 }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "2af36389-5601-4930-b3ec-b44c671c56ff", - "w": 13, - "x": 12, - "y": 13 - }, - "panelIndex": "2af36389-5601-4930-b3ec-b44c671c56ff", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: API: Function Performance", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Users", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "60432682-b874-48c8-9b8b-3bbf4e650385", + "w": 12, + "x": 0, + "y": 13 + }, + "panelIndex": "60432682-b874-48c8-9b8b-3bbf4e650385", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Calls per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "gridData": { + "h": 18, + "i": "2af36389-5601-4930-b3ec-b44c671c56ff", + "w": 13, + "x": 12, + "y": 13 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "panelIndex": "2af36389-5601-4930-b3ec-b44c671c56ff", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: API: Function Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "gridData": { + "h": 18, + "i": "ed2e421f-36f7-4501-9e4e-34ddae454f07", + "w": 23, + "x": 25, + "y": 13 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" + "panelIndex": "ed2e421f-36f7-4501-9e4e-34ddae454f07", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 14, + "i": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", + "w": 48, + "x": 0, + "y": 31 + }, + "panelIndex": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", + "panelRefName": "panel_5", + "version": "8.0.0" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Users - API", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_5", + "type": "search" }, - "gridData": { - "h": 18, - "i": "ed2e421f-36f7-4501-9e4e-34ddae454f07", - "w": 23, - "x": 25, - "y": 13 + { + "type": "search", + "name": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" }, - "panelIndex": "ed2e421f-36f7-4501-9e4e-34ddae454f07", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "60432682-b874-48c8-9b8b-3bbf4e650385:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" }, - "gridData": { - "h": 14, - "i": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", - "w": 48, - "x": 0, - "y": 31 + { + "type": "search", + "name": "2af36389-5601-4930-b3ec-b44c671c56ff:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" }, - "panelIndex": "7dd049bb-de23-4838-9bec-3d66ef9c07bc", - "panelRefName": "panel_5", - "version": "8.0.0" - } + { + "type": "search", + "name": "ed2e421f-36f7-4501-9e4e-34ddae454f07:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - API", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_5", - "type": "search" - }, - { - "type": "search", - "name": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42:search_0", - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" - }, - { - "type": "search", - "name": "60432682-b874-48c8-9b8b-3bbf4e650385:search_0", - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" - }, - { - "type": "search", - "name": "2af36389-5601-4930-b3ec-b44c671c56ff:search_0", - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "ed2e421f-36f7-4501-9e4e-34ddae454f07:search_0", - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json index cdbda99c599..629be8f2a70 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json @@ -1,597 +1,597 @@ { - "id": "hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxNSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "User Logins", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4OSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 18, - "i": "5d934c5f-f909-4f75-a036-ac6253f5f974", - "w": 9, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "5d934c5f-f909-4f75-a036-ac6253f5f974", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Login Attempts", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 18, + "i": "5d934c5f-f909-4f75-a036-ac6253f5f974", + "w": 9, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "7d27410b-537a-4c95-a1d8-8a64f363b90c", - "w": 39, - "x": 9, - "y": 0 - }, - "panelIndex": "7d27410b-537a-4c95-a1d8-8a64f363b90c", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Login Activity", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "panelIndex": "5d934c5f-f909-4f75-a036-ac6253f5f974", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event ID", - "field": "winlog.event_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Category", - "field": "event.category", - "missingBucket": true, - "missingBucketLabel": "N/A", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Login Attempts", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 18, + "i": "7d27410b-537a-4c95-a1d8-8a64f363b90c", + "w": 39, + "x": 9, + "y": 0 }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "N/A", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "winlog.event_id", - "negate": false, - "params": [ - "4740", - "4728", - "4732", - "4756", - "4735", - "4624", - "4625", - "4648" - ], - "type": "phrases", - "value": "4740, 4728, 4732, 4756, 4735, 4624, 4625, 4648" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "winlog.event_id": "4740" - } - }, - { - "match_phrase": { - "winlog.event_id": "4728" - } - }, - { - "match_phrase": { - "winlog.event_id": "4732" - } - }, - { - "match_phrase": { - "winlog.event_id": "4756" - } - }, - { - "match_phrase": { - "winlog.event_id": "4735" + "panelIndex": "7d27410b-537a-4c95-a1d8-8a64f363b90c", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Login Activity", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } } - }, - { - "match_phrase": { - "winlog.event_id": "4624" + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event ID", + "field": "winlog.event_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Category", + "field": "event.category", + "missingBucket": true, + "missingBucketLabel": "N/A", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "N/A", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "winlog.event_id", + "negate": false, + "params": [ + "4740", + "4728", + "4732", + "4756", + "4735", + "4624", + "4625", + "4648" + ], + "type": "phrases", + "value": "4740, 4728, 4732, 4756, 4735, 4624, 4625, 4648" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "winlog.event_id": "4740" + } + }, + { + "match_phrase": { + "winlog.event_id": "4728" + } + }, + { + "match_phrase": { + "winlog.event_id": "4732" + } + }, + { + "match_phrase": { + "winlog.event_id": "4756" + } + }, + { + "match_phrase": { + "winlog.event_id": "4735" + } + }, + { + "match_phrase": { + "winlog.event_id": "4624" + } + }, + { + "match_phrase": { + "winlog.event_id": "4625" + } + }, + { + "match_phrase": { + "winlog.event_id": "4648" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } } - }, - { - "match_phrase": { - "winlog.event_id": "4625" + } + } + }, + "gridData": { + "h": 19, + "i": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", + "w": 30, + "x": 0, + "y": 18 + }, + "panelIndex": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Provider Login Distribution", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51" + } } - }, - { - "match_phrase": { - "winlog.event_id": "4648" + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Provider", + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Outcome", + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } } - } - ] - } + } } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 19, - "i": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", - "w": 30, - "x": 0, - "y": 18 - }, - "panelIndex": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Provider Login Distribution", - "description": "", - "uiState": { - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51" - } - } - }, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Provider", - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" + "gridData": { + "h": 19, + "i": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", + "w": 18, + "x": 30, + "y": 18 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Outcome", - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Windows Event Analysis - Logins", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "5d934c5f-f909-4f75-a036-ac6253f5f974:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" + }, + { + "type": "search", + "name": "7d27410b-537a-4c95-a1d8-8a64f363b90c:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" }, - "gridData": { - "h": 19, - "i": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", - "w": 18, - "x": 30, - "y": 18 + { + "type": "index-pattern", + "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "index-pattern", + "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4c4f5228-f158-4ccc-afa5-e90d73bca46d:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Windows Event Analysis - Logins", - "version": 1 - }, - "references": [ - { - "type": "search", - "name": "5d934c5f-f909-4f75-a036-ac6253f5f974:search_0", - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" - }, - { - "type": "search", - "name": "7d27410b-537a-4c95-a1d8-8a64f363b90c:search_0", - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" - }, - { - "type": "index-pattern", - "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "4c4f5228-f158-4ccc-afa5-e90d73bca46d:search_0", - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json index a6790adbff5..2c51728929d 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json @@ -1,391 +1,391 @@ { - "id": "hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxNiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Summary: User Logins", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Name", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "psf.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "psf.exe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": false, - "params": { - "query": "C_AUTHCHAIN_LOGIN" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 26, - "i": "b8ac330d-572e-459e-9266-bd44fc9ac283", - "w": 14, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "b8ac330d-572e-459e-9266-bd44fc9ac283", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Users: Summary: Node Usage", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count of unique User ID" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count of unique User ID" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count of unique User ID", - "field": "user.id" - }, - "schema": "metric", - "type": "cardinality" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Summary: User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psf.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psf.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "params": { + "query": "C_AUTHCHAIN_LOGIN" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 26, + "i": "b8ac330d-572e-459e-9266-bd44fc9ac283", + "w": 14, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hid_bravura_monitor.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hid_bravura_monitor.log" - } + "panelIndex": "b8ac330d-572e-459e-9266-bd44fc9ac283", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Users: Summary: Node Usage", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count of unique User ID" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count of unique User ID" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count of unique User ID", + "field": "user.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hid_bravura_monitor.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hid_bravura_monitor.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 26, + "i": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", + "w": 34, + "x": 14, + "y": 0 + }, + "panelIndex": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Users - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 26, - "i": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", - "w": 34, - "x": 14, - "y": 0 + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" }, - "panelIndex": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3316ec90-b61b-4f5a-9c43-02e7bda7604f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Summary", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "3316ec90-b61b-4f5a-9c43-02e7bda7604f:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json index 6c30fb49c07..e28638f09b4 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json @@ -1,950 +1,950 @@ { - "id": "hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxNywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Operation Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 13, - "i": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Targets", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 13, + "i": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Targets", - "field": "hid_bravura_monitor.perf.targetid" - }, - "schema": "metric", - "type": "cardinality" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Targets", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Targets", + "field": "hid_bravura_monitor.perf.targetid" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Connector", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Connector", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } + "gridData": { + "h": 16, + "i": "aea7ed7d-82b6-4939-975e-fd4deb845e39", + "w": 8, + "x": 0, + "y": 13 + }, + "panelIndex": "aea7ed7d-82b6-4939-975e-fd4deb845e39", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operations Per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 16, - "i": "aea7ed7d-82b6-4939-975e-fd4deb845e39", - "w": 8, - "x": 0, - "y": 13 - }, - "panelIndex": "aea7ed7d-82b6-4939-975e-fd4deb845e39", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Operations Per Node", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + }, + "gridData": { + "h": 16, + "i": "def5b420-7c49-4363-a30f-7c0c6c13929d", + "w": 8, + "x": 8, + "y": 13 + }, + "panelIndex": "def5b420-7c49-4363-a30f-7c0c6c13929d", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation List", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation", + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", + "w": 8, + "x": 16, + "y": 13 + }, + "panelIndex": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Return Code", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Result", + "field": "hid_bravura_monitor.perf.result", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } + "gridData": { + "h": 16, + "i": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", + "w": 8, + "x": 24, + "y": 13 + }, + "panelIndex": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector: Error Messages", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message", + "field": "hid_bravura_monitor.perf.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 16, - "i": "def5b420-7c49-4363-a30f-7c0c6c13929d", - "w": 8, - "x": 8, - "y": 13 - }, - "panelIndex": "def5b420-7c49-4363-a30f-7c0c6c13929d", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Operation List", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + }, + "gridData": { + "h": 16, + "i": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", + "w": 16, + "x": 32, + "y": 13 + }, + "panelIndex": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", + "version": "8.0.0", + "type": "visualization" }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connector List", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target ID", + "field": "hid_bravura_monitor.perf.targetid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Address", + "field": "hid_bravura_monitor.perf.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation", - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 18, + "i": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", + "panelRefName": "panel_7", + "version": "8.0.0" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Integrations - Connectors", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-bfc7f7c0-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_7", + "type": "search" }, - "gridData": { - "h": 16, - "i": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", - "w": 8, - "x": 16, - "y": 13 + { + "type": "index-pattern", + "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Return Code", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Result", - "field": "hid_bravura_monitor.perf.result", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "type": "index-pattern", + "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 16, - "i": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", - "w": 8, - "x": 24, - "y": 13 + { + "type": "index-pattern", + "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector: Error Messages", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message", - "field": "hid_bravura_monitor.perf.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "type": "index-pattern", + "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 16, - "i": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", - "w": 16, - "x": 32, - "y": 13 + { + "type": "index-pattern", + "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connector List", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target ID", - "field": "hid_bravura_monitor.perf.targetid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Address", - "field": "hid_bravura_monitor.perf.address", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - } - } + { + "type": "index-pattern", + "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 16, - "i": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", - "w": 48, - "x": 0, - "y": 29 + { + "type": "index-pattern", + "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "index-pattern", + "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 18, - "i": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", - "w": 48, - "x": 0, - "y": 45 + { + "type": "index-pattern", + "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "81a7ce31-d928-48c7-9b8d-acd00a43d08e", - "panelRefName": "panel_7", - "version": "8.0.0" - } + { + "type": "index-pattern", + "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Integrations - Connectors", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-bfc7f7c0-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_7", - "type": "search" - }, - { - "type": "index-pattern", - "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json index f732cadbb16..bb3d2b7337e 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json @@ -1,760 +1,760 @@ { - "id": "hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxOCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "User Login Success", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "2" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "2" - } - } - } - ], + "id": "hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 16, - "i": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", - "w": 24, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "User Login Failures", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "1" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "1" - } + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Login Success", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "2" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "2" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 16, - "i": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "User Login Lockout", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "3" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "3" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 16, - "i": "d68fe28e-8def-4ea8-b848-ef2b97430924", - "w": 24, - "x": 0, - "y": 16 - }, - "panelIndex": "d68fe28e-8def-4ea8-b848-ef2b97430924", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "IDAPI Login Attempts", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] + "gridData": { + "h": 16, + "i": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", + "version": "8.0.0", + "type": "visualization" }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Login Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "1" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "1" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 16, + "i": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", + "w": 24, + "x": 24, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "39", - "40" - ], - "type": "phrases", - "value": "39, 40" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "39" + "panelIndex": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "User Login Lockout", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "3" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "3" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } } - }, - { - "match_phrase": { - "event.code": "40" + } + } + }, + "gridData": { + "h": 16, + "i": "d68fe28e-8def-4ea8-b848-ef2b97430924", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "d68fe28e-8def-4ea8-b848-ef2b97430924", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IDAPI Login Attempts", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "39", + "40" + ], + "type": "phrases", + "value": "39, 40" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "39" + } + }, + { + "match_phrase": { + "event.code": "40" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } } - } - ] - } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 16, + "i": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Users - Authentication", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" }, - "gridData": { - "h": 16, - "i": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", - "w": 24, - "x": 24, - "y": 16 + { + "type": "index-pattern", + "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "panelIndex": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "search", + "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Users - Authentication", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - }, - { - "type": "index-pattern", - "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:search_0", - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json index 011aa9bd54e..0aad9022515 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json @@ -1,345 +1,345 @@ { - "id": "hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcxOSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Severity Counts", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "type": "metric", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "iddb.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "iddb.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 26, - "i": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", - "w": 11, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Log Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Severity Counts", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "iddb.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "iddb.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 26, + "i": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", + "w": 11, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "iddb.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "iddb.exe" - } + "panelIndex": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Log Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "iddb.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "iddb.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 26, + "i": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", + "w": 37, + "x": 11, + "y": 0 + }, + "panelIndex": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", + "version": "8.0.0", + "type": "visualization" } - } + ], + "timeRestore": false, + "title": "[Bravura Monitor] Database - Summary", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, - "gridData": { - "h": 26, - "i": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", - "w": 37, - "x": 11, - "y": 0 + { + "type": "index-pattern", + "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", - "version": "7.14.0", - "type": "visualization" - } + { + "type": "index-pattern", + "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Summary", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json index 11e5b87e016..b9b60a744fd 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json @@ -1,428 +1,428 @@ { - "id": "hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcyMCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Host Usage", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 18, - "i": "7fcb881a-1fac-40f3-8344-abc9d970bea0", - "w": 12, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "7fcb881a-1fac-40f3-8344-abc9d970bea0", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Stored Procedure Histogram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Host Usage", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 18, + "i": "7fcb881a-1fac-40f3-8344-abc9d970bea0", + "w": 12, + "x": 0, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", - "w": 36, - "x": 12, - "y": 0 - }, - "panelIndex": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Database: Stored Procedure Runtime Statistics", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": 5, - "direction": "desc" - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "panelIndex": "7fcb881a-1fac-40f3-8344-abc9d970bea0", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Stored Procedure Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 18, + "i": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", + "w": 36, + "x": 12, + "y": 0 }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "panelIndex": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Database: Stored Procedure Runtime Statistics", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 5, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "gridData": { + "h": 17, + "i": "67513776-5611-456a-bafd-42938542c90a", + "w": 48, + "x": 0, + "y": 18 }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "panelIndex": "67513776-5611-456a-bafd-42938542c90a", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 18, + "i": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", + "w": 48, + "x": 0, + "y": 35 + }, + "panelIndex": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", + "panelRefName": "panel_3", + "version": "8.0.0" } - } - }, - "gridData": { - "h": 17, - "i": "67513776-5611-456a-bafd-42938542c90a", - "w": 48, - "x": 0, - "y": 18 + ], + "timeRestore": false, + "title": "[Bravura Monitor] Database - Stored Procedure Performance", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" }, - "panelIndex": "67513776-5611-456a-bafd-42938542c90a", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "7fcb881a-1fac-40f3-8344-abc9d970bea0:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" }, - "gridData": { - "h": 18, - "i": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", - "w": 48, - "x": 0, - "y": 35 + { + "type": "search", + "name": "41db8b4e-a061-4e68-a8dc-4fe557771bdc:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" }, - "panelIndex": "25a4e2bd-b92e-445c-bec4-15ca828c88a8", - "panelRefName": "panel_3", - "version": "8.0.0" - } + { + "type": "search", + "name": "67513776-5611-456a-bafd-42938542c90a:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] Database - Stored Procedure Performance", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" - }, - { - "type": "search", - "name": "7fcb881a-1fac-40f3-8344-abc9d970bea0:search_0", - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" - }, - { - "type": "search", - "name": "41db8b4e-a061-4e68-a8dc-4fe557771bdc:search_0", - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "67513776-5611-456a-bafd-42938542c90a:search_0", - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json index 33cd86eba7c..932b16b8a29 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json @@ -1,419 +1,419 @@ { - "id": "hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-27T11:48:38.298Z", - "version": "WzcyMSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "API: Calls per node historgram", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { + "id": "hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 14, - "i": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "API: Calls per node", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "API: Calls per node historgram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 19, - "i": "8ffb10cd-0ea2-4036-8003-8c65e128a201", - "w": 11, - "x": 0, - "y": 14 - }, - "panelIndex": "8ffb10cd-0ea2-4036-8003-8c65e128a201", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "API: Function runtimes", - "description": "", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": 0, - "direction": "asc" - } - } - } - }, - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" + "gridData": { + "h": 14, + "i": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", + "version": "8.0.0", + "type": "visualization" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "API: Calls per node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" + "gridData": { + "h": 19, + "i": "8ffb10cd-0ea2-4036-8003-8c65e128a201", + "w": 11, + "x": 0, + "y": 14 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" + "panelIndex": "8ffb10cd-0ea2-4036-8003-8c65e128a201", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "API: Function runtimes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 0, + "direction": "asc" + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "4", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" + "gridData": { + "h": 19, + "i": "674a1c30-76cd-429f-a9e6-941aef3e982d", + "w": 37, + "x": 11, + "y": 14 }, - { - "enabled": true, - "id": "5", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" + "panelIndex": "674a1c30-76cd-429f-a9e6-941aef3e982d", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "enabled": true, - "id": "6", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "gridData": { + "h": 15, + "i": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", + "w": 48, + "x": 0, + "y": 33 + }, + "panelIndex": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", + "panelRefName": "panel_3", + "version": "8.0.0" } - } - }, - "gridData": { - "h": 19, - "i": "674a1c30-76cd-429f-a9e6-941aef3e982d", - "w": 37, - "x": 11, - "y": 14 + ], + "timeRestore": false, + "title": "[Bravura Monitor] API - Summary", + "version": 1 + }, + "references": [ + { + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" }, - "panelIndex": "674a1c30-76cd-429f-a9e6-941aef3e982d", - "version": "7.14.0", - "type": "visualization" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "type": "search", + "name": "05d010e5-934c-4b70-ad98-d3b3a191b9e2:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" }, - "gridData": { - "h": 15, - "i": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", - "w": 48, - "x": 0, - "y": 33 + { + "type": "search", + "name": "8ffb10cd-0ea2-4036-8003-8c65e128a201:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" }, - "panelIndex": "a75010c7-9c3b-44c2-bf63-676e9aebd54e", - "panelRefName": "panel_3", - "version": "8.0.0" - } + { + "type": "search", + "name": "674a1c30-76cd-429f-a9e6-941aef3e982d:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" + } ], - "timeRestore": false, - "title": "[Bravura Monitor] API - Summary", - "version": 1 - }, - "references": [ - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" - }, - { - "type": "search", - "name": "05d010e5-934c-4b70-ad98-d3b3a191b9e2:search_0", - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" - }, - { - "type": "search", - "name": "8ffb10cd-0ea2-4036-8003-8c65e128a201:search_0", - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "674a1c30-76cd-429f-a9e6-941aef3e982d:search_0", - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" - } - ], - "migrationVersion": { - "dashboard": "7.15.0" - }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index 6c8dddb0316..1c244318a49 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -12,7 +12,7 @@ icons: type: image/svg+xml conditions: kibana: - version: ^7.16.0 || ^8.0.0 + version: ^8.1.0 screenshots: - src: /img/kibana-hid_bravura_monitor-overview.png title: Kibana Hitachi ID Bravura Monitor overview From 95b2427ff6c4920241916d18806ae2dade82eaba Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 22 Nov 2022 15:15:47 +0530 Subject: [PATCH 084/103] iptables upgraded to 8.1.0 as agg failed --- ...-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json | 56 ++++++++++--------- ...-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json | 56 ++++++++++--------- packages/iptables/manifest.yml | 2 +- 3 files changed, 59 insertions(+), 55 deletions(-) diff --git a/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json b/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json index acdafa87cb7..65a894f9551 100644 --- a/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json +++ b/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T11:55:52.726Z", - "version": "WzYzNiwxXQ==", + "updated_at": "2022-11-22T09:16:22.532Z", + "version": "WzU4MiwxXQ==", "attributes": { "description": "Overview of the iptables events dashboard.", "hits": 0, @@ -483,10 +483,20 @@ "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "be0cae7a-45f7-4912-88ad-47924a84445e", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "be0cae7a-45f7-4912-88ad-47924a84445e", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"819f99c3-9bfa-4b32-b42a-eaddd3a1cafa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"515d04a8-6e07-48ea-a5c8-ca668c73f20b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"bfc1b1f2-5e9d-4e48-b6bb-c601bf895655\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"819f99c3-9bfa-4b32-b42a-eaddd3a1cafa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"515d04a8-6e07-48ea-a5c8-ca668c73f20b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"bfc1b1f2-5e9d-4e48-b6bb-c601bf895655\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Source Map [Logs Iptables]", @@ -506,24 +516,25 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 15, - "i": "be0cae7a-45f7-4912-88ad-47924a84445e", + "i": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", "w": 24, - "x": 0, + "x": 24, "y": 15 }, - "panelIndex": "be0cae7a-45f7-4912-88ad-47924a84445e", - "type": "map", - "version": "8.0.0" - }, - { + "panelIndex": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6b510351-9284-44f3-8997-27e6ad4ec559\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e9743ec6-ebc4-427d-9c20-48f1cec1fcaa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"786e2e19-4809-49b5-91ba-5cb5a740d21b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6b510351-9284-44f3-8997-27e6ad4ec559\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e9743ec6-ebc4-427d-9c20-48f1cec1fcaa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"786e2e19-4809-49b5-91ba-5cb5a740d21b\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Destination Map [Logs Iptables]", @@ -543,18 +554,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "timeRestore": false, @@ -604,7 +606,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json index a314d39003d..5f7c08418a1 100644 --- a/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json +++ b/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T11:55:52.726Z", - "version": "WzYzNywxXQ==", + "updated_at": "2022-11-22T09:16:22.532Z", + "version": "WzU4MywxXQ==", "attributes": { "description": "Overview of the Ubiquiti Firewall iptables events dashboard.", "hits": 0, @@ -511,10 +511,20 @@ "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "02e3739f-47c9-45ac-b225-0e4f92dab753", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "02e3739f-47c9-45ac-b225-0e4f92dab753", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"7f6a8971-2ac4-49df-9ed3-2a81500c5e1d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9291aa55-640f-4ca8-9341-b73eecc00855\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Allowed Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"715de528-553d-4800-91d9-12bab368b24b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"7f6a8971-2ac4-49df-9ed3-2a81500c5e1d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9291aa55-640f-4ca8-9341-b73eecc00855\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Allowed Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"715de528-553d-4800-91d9-12bab368b24b\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Allowed Traffic Map", @@ -534,24 +544,25 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 15, - "i": "02e3739f-47c9-45ac-b225-0e4f92dab753", + "i": "0cff36eb-abec-44db-9887-4ba9668d7c02", "w": 24, - "x": 0, + "x": 24, "y": 15 }, - "panelIndex": "02e3739f-47c9-45ac-b225-0e4f92dab753", - "type": "map", - "version": "8.0.0" - }, - { + "panelIndex": "0cff36eb-abec-44db-9887-4ba9668d7c02", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"3ba7d195-0d25-4f48-97a4-96e65b0e0b1b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"a6ce0882-5543-4649-9ebb-3393a06c44e6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Blocked Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"b93a08fa-124c-40a9-9171-37264d256c79\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"3ba7d195-0d25-4f48-97a4-96e65b0e0b1b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"a6ce0882-5543-4649-9ebb-3393a06c44e6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Blocked Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"b93a08fa-124c-40a9-9171-37264d256c79\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Blocked Traffic Map", @@ -571,18 +582,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "0cff36eb-abec-44db-9887-4ba9668d7c02", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "0cff36eb-abec-44db-9887-4ba9668d7c02", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "timeRestore": false, @@ -627,7 +629,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 36077ca1c01..a40e60d08a0 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -15,7 +15,7 @@ categories: - network - security conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-iptables.png title: kibana iptables From 24247e6543cf1841999f03cad9d6a505e369f8e2 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 22 Nov 2022 15:55:05 +0530 Subject: [PATCH 085/103] microsoft_defender upgraded to 8.1.0 as agg fail --- ...-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json | 2228 +++++++++-------- .../microsoft_defender_endpoint/manifest.yml | 2 +- 2 files changed, 1117 insertions(+), 1113 deletions(-) diff --git a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json index 564c12986cd..4107139502b 100644 --- a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json +++ b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json @@ -1,1151 +1,1155 @@ { - "attributes": { - "description": "Microsoft Defender for Endpoint Alert Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T10:13:20.146Z", + "version": "WzY0OSwxXQ==", + "attributes": { + "description": "Microsoft Defender for Endpoint Alert Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:microsoft_defender_endpoint.log" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "New Incidents Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint Counter for new incidents", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 1 + }, + { + "from": 1, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "New Incidents", + "field": "microsoft.defender_endpoint.incidentId" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset:microsoft_defender_endpoint.log" + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 6, + "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "w": 4, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "New Incidents", - "field": "microsoft.defender_endpoint.incidentId" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } + "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { + "columnOrder": [ + "19ade524-0042-4ecd-ac59-9696c8c2e225", + "677e5501-ca31-435c-8eab-38b5297e54c2", + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "columns": { + "19ade524-0042-4ecd-ac59-9696c8c2e225": { + "dataType": "number", + "isBucketed": true, + "label": "Top values of event.severity", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", + "type": "column" + }, + "orderDirection": "desc", + "size": 6, + "parentFormat": { + "id": "terms" } + }, + "scale": "ordinal", + "sourceField": "event.severity" }, - "description": "Microsoft Defender for Endpoint Counter for new incidents", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 1 - }, - { - "from": 1, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" + "27212c7c-83ee-4292-a4c6-396d9b77dce6": { + "dataType": "number", + "isBucketed": false, + "label": "Number of incidents", + "operationType": "unique_count", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "microsoft.defender_endpoint.incidentId" }, - "title": "New Incidents Counter [Microsoft Defender for Endpoint]", - "type": "metric", - "uiState": {} + "677e5501-ca31-435c-8eab-38b5297e54c2": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "24h" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" }, - "type": "visualization" + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } }, - "gridData": { - "h": 6, - "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "w": 4, - "x": 0, - "y": 0 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", + "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "type": "visualization", - "version": "8.1.0" + "preferredSeriesType": "line" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { - "columnOrder": [ - "19ade524-0042-4ecd-ac59-9696c8c2e225", - "677e5501-ca31-435c-8eab-38b5297e54c2", - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "columns": { - "19ade524-0042-4ecd-ac59-9696c8c2e225": { - "dataType": "number", - "isBucketed": true, - "label": "Top values of event.severity", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", - "type": "column" - }, - "orderDirection": "desc", - "size": 6 - }, - "scale": "ordinal", - "sourceField": "event.severity" - }, - "27212c7c-83ee-4292-a4c6-396d9b77dce6": { - "dataType": "number", - "isBucketed": false, - "label": "Number of incidents", - "operationType": "unique_count", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "microsoft.defender_endpoint.incidentId" - }, - "677e5501-ca31-435c-8eab-38b5297e54c2": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "24h" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "New Incidents [Microsoft Defender for Endpoint]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "74d36139-4d22-44d4-bfc8-020c575febb1", + "w": 25, + "x": 4, + "y": 0 + }, + "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", + "version": "8.1.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f93e2634-0dd5-4aec-b6de-45284dd39630": { + "columnOrder": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", + "0f67be87-cc6f-48e7-8afd-d9401037d006" + ], + "columns": { + "0f67be87-cc6f-48e7-8afd-d9401037d006": { + "dataType": "number", + "isBucketed": false, + "label": "Number of techniques", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { + "dataType": "string", + "isBucketed": true, + "label": "Related MITRE attach techniques", + "operationType": "terms", + "params": { + "orderBy": { + "type": "alphabetical" }, - "visualization": { - "layers": [ - { - "accessors": [ - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", - "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line" + "orderDirection": "asc", + "size": 10, + "parentFormat": { + "id": "terms" } - }, - "title": "New Incidents [Microsoft Defender for Endpoint]", - "visualizationType": "lnsXY" + }, + "scale": "ordinal", + "sourceField": "threat.technique.name" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" }, - "enhancements": {}, - "type": "lens" - }, - "gridData": { - "h": 24, - "i": "74d36139-4d22-44d4-bfc8-020c575febb1", - "w": 25, - "x": 4, - "y": 0 + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } }, - "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", - "type": "lens", - "version": "8.1.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f93e2634-0dd5-4aec-b6de-45284dd39630": { - "columnOrder": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", - "0f67be87-cc6f-48e7-8afd-d9401037d006" - ], - "columns": { - "0f67be87-cc6f-48e7-8afd-d9401037d006": { - "dataType": "number", - "isBucketed": false, - "label": "Number of techniques", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - }, - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { - "dataType": "string", - "isBucketed": true, - "label": "Related MITRE attach techniques", - "operationType": "terms", - "params": { - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "asc", - "size": 10 - }, - "scale": "ordinal", - "sourceField": "threat.technique.name" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" - ], - "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", - "layerType": "data", - "legendDisplay": "default", - "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "treemap" - } - }, - "title": "Techniques [Microsoft Defender for Endpoint]", - "visualizationType": "lnsPie" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" }, - "enhancements": {}, - "type": "lens" + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" + ], + "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", + "legendDisplay": "default", + "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", + "nestedLegend": false, + "numberDisplay": "percent", + "layerType": "data" + } + ], + "shape": "treemap" + } + }, + "title": "Techniques [Microsoft Defender for Endpoint]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "title": "Techniques [Microsoft Defender for Endpoint]", + "version": "8.1.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Domains Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related domains", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 24, - "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "w": 19, - "x": 29, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "title": "Techniques [Microsoft Defender for Endpoint]", - "type": "lens", - "version": "8.1.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Domains", - "field": "microsoft.defender_endpoint.evidence.domainName" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "description": "Microsoft Defender for Endpoint counter for related domains", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Domains Counter [Microsoft Defender for Endpoint]", - "type": "metric", - "uiState": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Domains", + "field": "microsoft.defender_endpoint.evidence.domainName" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" }, - "type": "visualization" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "w": 4, + "x": 0, + "y": 6 + }, + "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related IP Addresses", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 6, - "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "w": 4, - "x": 0, - "y": 6 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "type": "visualization", - "version": "8.1.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Networks", - "field": "microsoft.defender_endpoint.evidence.ipAddress" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "description": "Microsoft Defender for Endpoint counter for related IP Addresses", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", - "type": "metric", - "uiState": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Networks", + "field": "microsoft.defender_endpoint.evidence.ipAddress" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" }, - "type": "visualization" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "16e7059b-70a5-4ea4-b622-9015d7430419", + "w": 4, + "x": 0, + "y": 12 + }, + "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Related Users Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related Users", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 6, - "i": "16e7059b-70a5-4ea4-b622-9015d7430419", - "w": 4, - "x": 0, - "y": 12 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", - "type": "visualization", - "version": "8.1.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Users", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "description": "Microsoft Defender for Endpoint counter for related Users", - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Related Users Counter [Microsoft Defender for Endpoint]", - "type": "metric", - "uiState": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Users", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" }, - "type": "visualization" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "w": 4, + "x": 0, + "y": 18 + }, + "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Incident Table [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint Incident Table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "aggregate": "concat", + "field": "@timestamp", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" }, - "gridData": { - "h": 6, - "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "w": 4, - "x": 0, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Incident ID", + "field": "microsoft.defender_endpoint.incidentId", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "type": "visualization", - "version": "8.1.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "aggregate": "concat", - "field": "@timestamp", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Incident ID", - "field": "microsoft.defender_endpoint.incidentId", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Current Status", - "field": "microsoft.defender_endpoint.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Assigned To", - "field": "microsoft.defender_endpoint.assignedTo", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "9", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "10", - "params": { - "customLabel": "Category", - "field": "threat.technique.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Description", - "field": "rule.description", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "Microsoft Defender for Endpoint Incident Table", - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Incident Table [Microsoft Defender for Endpoint]", - "type": "table", - "uiState": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - }, - "type": "visualization" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Current Status", + "field": "microsoft.defender_endpoint.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 16, - "i": "cb8de6bb-1096-427d-834e-210963aad3e5", - "w": 48, - "x": 0, - "y": 24 + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Assigned To", + "field": "microsoft.defender_endpoint.assignedTo", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", - "type": "visualization", - "version": "8.1.0" + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Severity", + "field": "event.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Hostname", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "10", + "params": { + "customLabel": "Category", + "field": "threat.technique.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Description", + "field": "rule.description", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Microsoft Defender for Endpoint] Overview", - "version": 1 - }, - "coreMigrationVersion": "8.1.0", - "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "dashboard": "8.1.0" - }, - "references": [ - { - "id": "logs-*", - "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-1", - "type": "index-pattern" + } }, - { - "id": "logs-*", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 16, + "i": "cb8de6bb-1096-427d-834e-210963aad3e5", + "w": 48, + "x": 0, + "y": 24 }, - { - "id": "logs-*", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } + "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", + "version": "8.0.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Microsoft Defender for Endpoint] Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index adc4423b292..b2f36b9c9c5 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -11,7 +11,7 @@ release: ga license: basic type: integration conditions: - kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 policy_templates: - name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint From ac9ba2f4fc6031c8b0aefd1460f10e495cdf40be Mon Sep 17 00:00:00 2001 From: kcreddy Date: Tue, 22 Nov 2022 17:28:29 +0530 Subject: [PATCH 086/103] netflow upgraded to 8.1.0 as agg failed --- ...-14387a13-53bc-43a4-b9cd-63977aa8d87c.json | 8 ++--- ...-34e26884-161a-4448-9556-43b5bf2f62a2.json | 8 ++--- ...-38012abe-c611-4124-8497-381fcd85acc8.json | 8 ++--- ...-77326664-23be-4bf1-a126-6d7e60cfc024.json | 35 ++++++++++--------- ...-94972700-de4a-4272-9143-2fa8d4981365.json | 8 ++--- ...-acd7a630-0c71-4840-bc9e-4a3801374a32.json | 8 ++--- ...-c64665f9-d222-421e-90b0-c7310d944b8a.json | 8 ++--- ...-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json | 8 ++--- packages/netflow/manifest.yml | 2 +- 9 files changed, 47 insertions(+), 46 deletions(-) diff --git a/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json b/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json index 28e426b3ca8..df0e881217b 100644 --- a/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json +++ b/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcwNCwxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MCwxXQ==", "attributes": { "description": "Netflow Top N flows", "hits": 0, @@ -982,7 +982,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json b/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json index 9075f1d5635..e2b9e29acef 100644 --- a/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json +++ b/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcwNSwxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MSwxXQ==", "attributes": { "description": "Overview of Netflow", "hits": 0, @@ -1066,7 +1066,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json b/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json index 8fd20a25faa..77b599cdfaa 100644 --- a/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json +++ b/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcwNiwxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MiwxXQ==", "attributes": { "description": "Netflow traffic analysis", "hits": 0, @@ -2504,7 +2504,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json b/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json index f2a404fb3e2..fdf14e0990b 100644 --- a/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json +++ b/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcwNywxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MywxXQ==", "attributes": { "description": "Netflow geo location", "hits": 0, @@ -318,10 +318,20 @@ "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", + "w": 32, + "x": 16, + "y": 4 + }, + "panelIndex": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"9afd9bfb-ab56-4bc3-a8c6-e412c1bc7f24\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"85982ce7-be78-44ec-a692-96c118b3a187\",\"includeInFitToBounds\":true,\"label\":\"Destination Geo Location Heatmap [Logs Netflow]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"6972252f-e3a3-4886-abfb-bea957bc1c73\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"9afd9bfb-ab56-4bc3-a8c6-e412c1bc7f24\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"85982ce7-be78-44ec-a692-96c118b3a187\",\"includeInFitToBounds\":true,\"label\":\"Destination Geo Location Heatmap [Logs Netflow]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"6972252f-e3a3-4886-abfb-bea957bc1c73\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Destination Geo Location Heatmap [Logs Netflow]", @@ -341,18 +351,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 24, - "i": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", - "w": 32, - "x": 16, - "y": 4 - }, - "panelIndex": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "timeRestore": false, @@ -387,7 +388,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json b/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json index 9b36e46fc6d..3d115831250 100644 --- a/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json +++ b/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcwOCwxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NCwxXQ==", "attributes": { "description": "Netflow flow records", "hits": 0, @@ -381,7 +381,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json b/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json index ef3428132ef..f2e48c4ae60 100644 --- a/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json +++ b/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcwOSwxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NSwxXQ==", "attributes": { "description": "Netflow conversation partners", "hits": 0, @@ -527,7 +527,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json b/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json index fc0d02cd62a..05f4ca86f23 100644 --- a/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json +++ b/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcxMCwxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NiwxXQ==", "attributes": { "description": "Autonomous systems Netflow", "hits": 0, @@ -489,7 +489,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json b/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json index 4f2d19fc18d..36e5e9fffa1 100644 --- a/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json +++ b/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:40:13.944Z", - "version": "WzcxMSwxXQ==", + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NywxXQ==", "attributes": { "description": "Netflow exporters", "hits": 0, @@ -446,7 +446,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index a3d945a4ed1..1a20e8d0efb 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -10,7 +10,7 @@ categories: - security release: ga conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 policy_templates: - name: netflow title: NetFlow logs From 2fc2fbc7b67ef52575027a66a7f19dd8cef995ce Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 00:27:27 +0530 Subject: [PATCH 087/103] netskope upgraded to 8.1.0 as agg failed --- ...-0f68b070-71f8-11ec-8c4b-cb281099ee02.json | 58 +++++++-------- ...-1db9af70-71f4-11ec-8c4b-cb281099ee02.json | 46 ++++++------ ...-388b1e00-72ae-11ec-8c4b-cb281099ee02.json | 50 ++++++------- ...-4bdc8830-72af-11ec-8c4b-cb281099ee02.json | 16 ++--- ...-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json | 36 +++++----- ...-97349920-72b0-11ec-8c4b-cb281099ee02.json | 20 +++--- ...-9e55e880-72b5-11ec-8c4b-cb281099ee02.json | 44 ++++++------ ...-a03670f0-7208-11ec-8c4b-cb281099ee02.json | 70 +++++++++---------- ...-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json | 52 +++++++------- ...-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json | 56 +++++++-------- ...-e6184f90-72b6-11ec-8c4b-cb281099ee02.json | 50 ++++++------- ...-f181cba0-71d9-11ec-8c4b-cb281099ee02.json | 54 +++++++------- packages/netskope/manifest.yml | 2 +- 13 files changed, 277 insertions(+), 277 deletions(-) diff --git a/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json index c635803f0b5..272d35f6da1 100644 --- a/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-0f68b070-71f8-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcxOCwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc2MywxXQ==", "attributes": { "description": "", "hits": 0, @@ -156,7 +156,7 @@ }, "panelIndex": "6fa82f60-f04f-444f-ba2f-00773e1e6108", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -285,7 +285,7 @@ }, "panelIndex": "4652af1f-2400-4b6c-bc5e-571191e2a14f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -396,7 +396,7 @@ }, "panelIndex": "45c067c5-0e47-4988-90f8-fc788f006afd", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -506,7 +506,7 @@ }, "panelIndex": "a9793bf2-d220-4b8c-a5b5-ce31043445f9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -619,7 +619,7 @@ }, "panelIndex": "feaa25d0-fc21-4688-ad80-aac792a6f5a7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -729,7 +729,7 @@ }, "panelIndex": "366ab0ac-ca2e-42af-a6c3-ed7af9892b33", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -818,7 +818,7 @@ }, "panelIndex": "afe687dc-fbb2-4277-b415-2d63dc660034", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -928,7 +928,7 @@ }, "panelIndex": "84973327-83fa-4d3e-a605-942aa2f8d165", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1095,7 +1095,7 @@ }, "panelIndex": "b4492c2d-8d65-4ba1-88ff-477837e47ba7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1262,7 +1262,7 @@ }, "panelIndex": "1ff971d6-add3-4c2e-b392-13c5487ac4ee", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1429,7 +1429,7 @@ }, "panelIndex": "1f30c1e5-042e-48ce-99e5-5f1fc9e12d12", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1616,7 +1616,7 @@ }, "panelIndex": "e9392a59-5f4d-405d-8779-6b1400c25493", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1783,7 +1783,7 @@ }, "panelIndex": "f722efca-df82-46e8-bb4d-8217b1fac3e3", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1872,7 +1872,7 @@ }, "panelIndex": "8c4361bf-c0be-44e9-a898-0f2de9b10187", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1978,7 +1978,7 @@ }, "panelIndex": "a65412a1-13cd-40ed-900e-4fc49f388ee7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2067,7 +2067,7 @@ }, "panelIndex": "eb9e1079-4966-4ae9-abbf-e0df000f17d6", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2192,7 +2192,7 @@ }, "panelIndex": "d726178a-8c9a-465c-ac2d-974f77abb85f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2359,7 +2359,7 @@ }, "panelIndex": "5d065d8d-9b03-4707-9c50-4b655a013932", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2526,7 +2526,7 @@ }, "panelIndex": "5da4dcb5-1642-48d8-8b08-cc24ad43f53d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2693,7 +2693,7 @@ }, "panelIndex": "65a1d845-2c17-4bd6-8cd8-d8c651d89bd5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2782,7 +2782,7 @@ }, "panelIndex": "b2f14091-11cf-492c-bd71-06a8096e4cc2", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2949,7 +2949,7 @@ }, "panelIndex": "e0331a0a-3091-48e8-8591-31ed4cb1e001", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3038,7 +3038,7 @@ }, "panelIndex": "99617f89-4bf3-4426-9d51-d486cde5c8a6", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3127,7 +3127,7 @@ }, "panelIndex": "44f4cc45-f34e-4034-aa95-aab9bae9be7b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3216,7 +3216,7 @@ }, "panelIndex": "f01b8e09-267d-433e-965b-20d3483143a6", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -3506,7 +3506,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json index d969188ff70..a9b544c4e48 100644 --- a/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-1db9af70-71f4-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcxOSwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc2NCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -175,7 +175,7 @@ }, "panelIndex": "9ecea79f-aedc-4c49-a78d-113c35d00646", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -363,7 +363,7 @@ }, "panelIndex": "f7136693-69cc-43e0-b9ad-3b975bbe830a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -473,7 +473,7 @@ }, "panelIndex": "6a352e9d-2bda-4c4d-a65f-70086fe9e098", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -584,7 +584,7 @@ }, "panelIndex": "48681f61-2ad6-4dac-aafd-895b2c267d93", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -697,7 +697,7 @@ }, "panelIndex": "414e518e-6119-4905-9052-0bab7a7e53c2", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -807,7 +807,7 @@ }, "panelIndex": "f52d5fe1-0317-4341-8828-34c8eb20e6c5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -896,7 +896,7 @@ }, "panelIndex": "dedb010c-aa2b-4849-a123-01d05df8391e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1006,7 +1006,7 @@ }, "panelIndex": "769bdbcd-f96e-41c7-ba73-76bc435f8573", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1173,7 +1173,7 @@ }, "panelIndex": "c15e2f15-51e0-450b-8b65-68ad53160156", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1340,7 +1340,7 @@ }, "panelIndex": "75d0c42b-7852-4914-95e7-6d2e92b99bd0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1507,7 +1507,7 @@ }, "panelIndex": "abd95a27-a1f0-4808-88fb-3bb5f770f543", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1694,7 +1694,7 @@ }, "panelIndex": "15c3b9dc-93ee-48ca-a860-fd4f1b768c4c", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1861,7 +1861,7 @@ }, "panelIndex": "5fe16d63-f752-4c67-b033-54924d7a631a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2028,7 +2028,7 @@ }, "panelIndex": "87ee17ee-d40e-4a43-b26f-9622bf1bcbad", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2134,7 +2134,7 @@ }, "panelIndex": "802cd7a9-7704-4a53-b143-1b9a4f75cc2b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2301,7 +2301,7 @@ }, "panelIndex": "f6e061ee-b7ac-47c8-9915-3fca33a23317", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2390,7 +2390,7 @@ }, "panelIndex": "5a0acb1a-ce64-413f-a582-567d7fa79fc0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2515,7 +2515,7 @@ }, "panelIndex": "f9e38ddf-3807-4283-8612-12890da9ddbe", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2682,7 +2682,7 @@ }, "panelIndex": "4f45dac1-2a01-418a-9174-86fa1d613f5f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -2912,7 +2912,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json index ff5a991fd9b..4b944b8cb37 100644 --- a/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-388b1e00-72ae-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyMCwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc2NSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -154,7 +154,7 @@ }, "panelIndex": "de113850-0514-4327-bf4a-96fd3bff0aa1", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -285,7 +285,7 @@ }, "panelIndex": "81c7c9aa-e4bf-4f5f-81a8-8a9b2b329842", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -412,7 +412,7 @@ }, "panelIndex": "1ae18052-f555-4f33-b76c-7f425a337c95", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -543,7 +543,7 @@ }, "panelIndex": "cf91b73d-8723-4207-a9db-2f2eec6dbc83", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -775,7 +775,7 @@ }, "panelIndex": "40a99b00-0503-4360-b2ee-4758402ddbc6", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -963,7 +963,7 @@ }, "panelIndex": "c56aec99-3085-448f-b3ce-d68d4d758354", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1108,7 +1108,7 @@ }, "panelIndex": "cfbe5876-f02d-42c0-ae50-b85b43223f2d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1269,7 +1269,7 @@ }, "panelIndex": "91fb5be5-9fe1-446c-b5de-0a9844698834", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1399,7 +1399,7 @@ }, "panelIndex": "e89d1bab-dd1c-4b06-bad0-77f26fb8e217", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1560,7 +1560,7 @@ }, "panelIndex": "cafd5a6f-d702-4870-b85d-8c5619997cb6", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1670,7 +1670,7 @@ }, "panelIndex": "199442bd-7bb0-4112-ade5-3264743defd1", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1776,7 +1776,7 @@ }, "panelIndex": "90e8a139-5ac8-4a10-a5ed-802d30eca519", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1865,7 +1865,7 @@ }, "panelIndex": "3e9a0f3a-f5b1-4cc6-ba7f-645bf6f23339", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1990,7 +1990,7 @@ }, "panelIndex": "cbe6b18e-b303-4b00-b573-f9856a82e15e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2079,7 +2079,7 @@ }, "panelIndex": "68eae1da-9479-4de6-a888-790e7bee6449", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2185,7 +2185,7 @@ }, "panelIndex": "8368a6ca-b543-4adc-a9c5-624e74497329", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2352,7 +2352,7 @@ }, "panelIndex": "4b05e711-810e-4014-9b25-0bd307954aa0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2539,7 +2539,7 @@ }, "panelIndex": "893dd429-9e30-4fd6-9419-dbe51aafc104", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2706,7 +2706,7 @@ }, "panelIndex": "5c2b0e3e-3fa6-4b04-9950-0a51dd2bc0bb", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2873,7 +2873,7 @@ }, "panelIndex": "39191fce-eb15-468c-ad46-923e47f84456", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3040,7 +3040,7 @@ }, "panelIndex": "aedad988-c987-4390-b904-8ed71a118d4d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -3340,7 +3340,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json index 3d4d924bafa..3930f6d4620 100644 --- a/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-4bdc8830-72af-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyMSwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc2NiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -232,7 +232,7 @@ }, "panelIndex": "eef1d418-6eb7-4ca7-963c-376163e018cc", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -420,7 +420,7 @@ }, "panelIndex": "b8ce0876-320e-4903-919e-3101df39f199", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -530,7 +530,7 @@ }, "panelIndex": "bcd7cd0f-3d14-4165-ad36-411e407c1b3a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -715,7 +715,7 @@ }, "panelIndex": "cb25209c-af4f-46d4-8055-e0165377c186", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -780,7 +780,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json index 250d5a3906a..71ff9230f37 100644 --- a/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-93c4dce0-72a7-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyMiwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc2NywxXQ==", "attributes": { "description": "", "hits": 0, @@ -75,7 +75,7 @@ }, "panelIndex": "26fbf4d7-3b96-4d0a-a206-1c0b6c36a654", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -185,7 +185,7 @@ }, "panelIndex": "5a43e517-99d6-425a-b5cb-7ee124b327e7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -295,7 +295,7 @@ }, "panelIndex": "6a0e0f49-951b-47ca-8664-5507bae1d7f4", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -401,7 +401,7 @@ }, "panelIndex": "067dda5d-b9eb-495c-b663-5bb1eaa164da", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -490,7 +490,7 @@ }, "panelIndex": "26a44d07-f0e4-4c58-a209-ebe227dfe682", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -657,7 +657,7 @@ }, "panelIndex": "98d0578d-b4f5-46f6-8c5d-db6939548a41", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -763,7 +763,7 @@ }, "panelIndex": "1150af83-f4ee-4aa3-8b31-7d5c5dccc716", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -930,7 +930,7 @@ }, "panelIndex": "822a62d6-ed17-4a9c-bcbc-b29b25538156", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1117,7 +1117,7 @@ }, "panelIndex": "5bc67aa4-4d7f-409e-bf28-a5c3a2f5caec", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1284,7 +1284,7 @@ }, "panelIndex": "1773342f-dd53-4c10-9b38-82b4e09a7395", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1451,7 +1451,7 @@ }, "panelIndex": "e297318d-0e02-4fc2-a5dd-6b6d57f5e35b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1540,7 +1540,7 @@ }, "panelIndex": "d9355657-e78e-4edf-89b0-4f0e0698372e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1707,7 +1707,7 @@ }, "panelIndex": "82495547-fdb7-4c0c-8e55-83246013d66f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1832,7 +1832,7 @@ }, "panelIndex": "c291aef0-c76c-4c83-ae56-2c2126f817a7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -1982,7 +1982,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json index 1ada76f47d4..0f783618c4b 100644 --- a/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-97349920-72b0-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyMywxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc2OCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -175,7 +175,7 @@ }, "panelIndex": "77a59f05-8734-4361-a4ee-f0081a667f90", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -383,7 +383,7 @@ }, "panelIndex": "ba5dff68-0c84-4678-bf9b-a20767da4594", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -510,7 +510,7 @@ }, "panelIndex": "04a815f0-2d0c-4189-9382-c4b5c4455bce", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -697,7 +697,7 @@ }, "panelIndex": "1fb9cef2-f112-4a25-985e-e191d044a824", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -864,7 +864,7 @@ }, "panelIndex": "d6851ddb-5402-419a-b8e2-91e060a5a715", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1031,7 +1031,7 @@ }, "panelIndex": "8c1ee365-4a0c-4b03-858a-26c7d6652699", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -1121,7 +1121,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json index 05bb6b47809..aba086ea182 100644 --- a/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-9e55e880-72b5-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyNCwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc2OSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -175,7 +175,7 @@ }, "panelIndex": "ab32506e-cd95-4643-94f4-ff3d7f10655b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -285,7 +285,7 @@ }, "panelIndex": "f04eaee2-b656-45f0-bf2e-7db096fe5ba5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -431,7 +431,7 @@ }, "panelIndex": "85a443dc-c3dd-4198-8273-b2edbe5254a6", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -541,7 +541,7 @@ }, "panelIndex": "d8da7946-0d47-405d-b219-b3f4519ee4d9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -651,7 +651,7 @@ }, "panelIndex": "516a4ca3-23b4-4d6d-9162-50197cbfe306", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -761,7 +761,7 @@ }, "panelIndex": "ab75c7fa-d665-4ce4-b2d0-62428fd846da", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -850,7 +850,7 @@ }, "panelIndex": "e6fdc807-d7d7-4c8d-a592-584e42001712", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -956,7 +956,7 @@ }, "panelIndex": "fe337472-7a96-402a-b7e5-b8ea37e6328c", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1062,7 +1062,7 @@ }, "panelIndex": "5de4021e-f3ba-4155-83c6-d44937ad4564", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1187,7 +1187,7 @@ }, "panelIndex": "6b88f03d-4441-4081-b031-7af3644a3421", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1354,7 +1354,7 @@ }, "panelIndex": "ebf8e192-7eba-438f-96cc-5e6d80d08fd0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1443,7 +1443,7 @@ }, "panelIndex": "6a003a65-76ee-43fa-9f63-a8c96c129fd1", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1630,7 +1630,7 @@ }, "panelIndex": "942c0bf9-1f9a-4a8a-9f9c-70e32e61d1a4", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1797,7 +1797,7 @@ }, "panelIndex": "51fc9a00-6109-46eb-9264-cfb81fafbb90", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1964,7 +1964,7 @@ }, "panelIndex": "85ba4c06-11ce-4bfe-ba79-983562383efb", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2131,7 +2131,7 @@ }, "panelIndex": "2209097a-5361-4924-b89b-30cb69fc1aa9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2298,7 +2298,7 @@ }, "panelIndex": "313214f2-83b2-41eb-98f6-d2e061b84267", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2405,7 +2405,7 @@ }, "panelIndex": "18e2231e-c783-4353-a799-b41f01154e97", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -2630,7 +2630,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json index a81842ab239..eaeeca80ebe 100644 --- a/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-a03670f0-7208-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyNSwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc3MCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -232,7 +232,7 @@ }, "panelIndex": "3b340e55-d9eb-4304-a0d3-583150bd54eb", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -363,7 +363,7 @@ }, "panelIndex": "df123261-3370-4572-b118-09a2654264f2", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -494,7 +494,7 @@ }, "panelIndex": "649b0d8e-5d17-411d-9117-a63ad74960f1", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -625,7 +625,7 @@ }, "panelIndex": "92b99046-01c4-413a-84dd-93ad174171b0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -756,7 +756,7 @@ }, "panelIndex": "aa10cc62-fe46-420a-88fc-9df0b78e58c1", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -887,7 +887,7 @@ }, "panelIndex": "3d78958c-581d-4ad4-a768-346a4f234b25", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1018,7 +1018,7 @@ }, "panelIndex": "cee9c637-74f0-42bd-8a30-7c8b8cb4ed01", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1207,7 +1207,7 @@ }, "panelIndex": "9422ea18-43fb-4271-9c06-bfb40b9f9c78", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1315,7 +1315,7 @@ }, "panelIndex": "e0b7f071-f82f-457c-ad45-de3f45cd9ee8", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1457,7 +1457,7 @@ }, "panelIndex": "b205b75e-5675-49ed-90d3-f183e7b80d2f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1567,7 +1567,7 @@ }, "panelIndex": "5513d359-dd47-44a7-856b-fadc0178aa5f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1677,7 +1677,7 @@ }, "panelIndex": "ccf70172-a85b-40e1-a616-b3b1e9a6088c", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1790,7 +1790,7 @@ }, "panelIndex": "6c932713-9d4b-430a-a799-6d31b45ecacf", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1900,7 +1900,7 @@ }, "panelIndex": "c483ecaf-49f8-4dc5-b0f0-0e1339a67d22", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1989,7 +1989,7 @@ }, "panelIndex": "90096c7a-a554-4a30-89a3-7d0d63ea804c", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2156,7 +2156,7 @@ }, "panelIndex": "cd490c17-67ea-4bd1-aa9a-88f1a9c139b5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2323,7 +2323,7 @@ }, "panelIndex": "0b6ca0f2-57a6-4e90-9592-56bb052d4ca7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2510,7 +2510,7 @@ }, "panelIndex": "650391d6-5467-4b6e-b529-f89b34cacdee", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2677,7 +2677,7 @@ }, "panelIndex": "6b8089ba-e257-40d5-847f-516759ce8475", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2766,7 +2766,7 @@ }, "panelIndex": "2d4098eb-54b0-474e-81b5-75fc222cb341", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2933,7 +2933,7 @@ }, "panelIndex": "bbc3957b-53a2-47dd-9760-56f8ceb5289d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3022,7 +3022,7 @@ }, "panelIndex": "37776b9c-bfc6-4c6f-9079-2c0d23fe4a89", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3128,7 +3128,7 @@ }, "panelIndex": "690c706e-c8bc-4f19-ab9e-9ba64e268647", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3295,7 +3295,7 @@ }, "panelIndex": "3753bbb6-64ab-4b10-8526-232375c9da38", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3420,7 +3420,7 @@ }, "panelIndex": "ebec8d00-4d63-44cd-9970-4882fcf5108f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3587,7 +3587,7 @@ }, "panelIndex": "97611e00-8013-43c4-856d-54b0e78313d5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3754,7 +3754,7 @@ }, "panelIndex": "32296ddd-d26c-431a-8227-7ee72592cb3e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3843,7 +3843,7 @@ }, "panelIndex": "1394aa3a-d711-4634-9623-5dbaff400068", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3932,7 +3932,7 @@ }, "panelIndex": "4812c275-ae66-4de9-913e-4ebe6b8a7782", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -4021,7 +4021,7 @@ }, "panelIndex": "5a0aad03-2a3b-4dcf-97d0-dc6799f2cccc", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -4110,7 +4110,7 @@ }, "panelIndex": "2be4e6e2-c325-4e05-9ed7-bb4534507f5a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -4495,7 +4495,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json index 71070214409..827f42c209a 100644 --- a/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-ae3f6d70-71e3-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyNiwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc3MSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -232,7 +232,7 @@ }, "panelIndex": "baaf2231-c596-479b-b0ad-238fc8c7405f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -345,7 +345,7 @@ }, "panelIndex": "4202f297-6899-4b88-8d71-286c85369671", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -455,7 +455,7 @@ }, "panelIndex": "5a6d5d65-1709-4f03-8bfb-f8fc721c932d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -544,7 +544,7 @@ }, "panelIndex": "714f5073-96fc-4838-a2b3-987a3b62bc33", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -654,7 +654,7 @@ }, "panelIndex": "323b1896-5cd9-4382-982c-7be72721ae48", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -821,7 +821,7 @@ }, "panelIndex": "bf72a578-2949-4de8-b4de-5d56b067efd0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -988,7 +988,7 @@ }, "panelIndex": "069358fe-da68-4d45-a0f0-aa7eaa4c1db7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1155,7 +1155,7 @@ }, "panelIndex": "f4521dff-0b61-4d7c-b86d-8cd3fe341b61", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1342,7 +1342,7 @@ }, "panelIndex": "ca498f3d-dee7-4ad3-ad0b-92e9719890f6", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1509,7 +1509,7 @@ }, "panelIndex": "f7bb1094-f089-4f2d-98b2-8ad73597a045", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1598,7 +1598,7 @@ }, "panelIndex": "648b3fc0-5826-4478-a8a8-be02ec93b757", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1704,7 +1704,7 @@ }, "panelIndex": "5ac14a5f-c30a-4e76-8d13-984f21ceb9ba", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1793,7 +1793,7 @@ }, "panelIndex": "365a5a5d-0a5a-4723-935c-346fafc76c55", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1918,7 +1918,7 @@ }, "panelIndex": "8dce8a31-9c43-4a5c-afcd-a0ca9cdda312", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2085,7 +2085,7 @@ }, "panelIndex": "6bfbea77-62ee-49f6-a0c4-d38b5894a137", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2252,7 +2252,7 @@ }, "panelIndex": "fd2a100e-72d7-4432-8fdf-2b8185964894", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2419,7 +2419,7 @@ }, "panelIndex": "0a553ef7-103e-495c-9e6d-3e3fe2945fbe", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2586,7 +2586,7 @@ }, "panelIndex": "d7e9ce08-5c56-4606-a7c9-afc702edee17", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2675,7 +2675,7 @@ }, "panelIndex": "36f7a988-2b45-4ce1-b613-5a97f2708865", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2764,7 +2764,7 @@ }, "panelIndex": "cbc5ad63-8ee6-4f93-8502-60ceb118e14e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2853,7 +2853,7 @@ }, "panelIndex": "162ca71c-5ea9-44d1-9667-c48682cd7292", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2942,7 +2942,7 @@ }, "panelIndex": "4e858190-599f-4e73-8772-c8a0d3fe103f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -3187,7 +3187,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json index 29436b5bb14..08b2b772952 100644 --- a/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-e538e5c0-71ea-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyNywxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc3MiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -175,7 +175,7 @@ }, "panelIndex": "729f9e92-d075-4a1a-bcf0-db456d39e724", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -285,7 +285,7 @@ }, "panelIndex": "1c47cf4d-6ec1-48fd-9db4-237bbf50dcde", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -395,7 +395,7 @@ }, "panelIndex": "66cb1e9c-2f52-409e-9c62-0ad6b92cdfcc", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -508,7 +508,7 @@ }, "panelIndex": "e77aa5dc-d13c-47fe-b1a0-9d31fef6f43c", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -618,7 +618,7 @@ }, "panelIndex": "92b187cb-5b44-404e-890b-fa8326868e36", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -728,7 +728,7 @@ }, "panelIndex": "89cb7e35-d97e-4c2e-9d1c-49bf3825bfe9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -817,7 +817,7 @@ }, "panelIndex": "23dfb547-1341-4b1a-9011-02f307aed221", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -984,7 +984,7 @@ }, "panelIndex": "2c03ec65-55cd-4a12-8949-3e4e0bf0fc4b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1151,7 +1151,7 @@ }, "panelIndex": "faced4fb-cc57-4a4e-a51b-5b27fda57ab0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1338,7 +1338,7 @@ }, "panelIndex": "a2bf7e9f-4500-4848-b180-0a567d702d6b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1505,7 +1505,7 @@ }, "panelIndex": "55bda241-c95f-4c9f-ad5b-8a199890b163", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1594,7 +1594,7 @@ }, "panelIndex": "8eee17e1-802f-47f7-b29d-669762b68849", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1761,7 +1761,7 @@ }, "panelIndex": "9175a01c-5781-4771-b5ab-fceaf12bfcc7", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1850,7 +1850,7 @@ }, "panelIndex": "decfcd4a-6565-43ab-bccf-0ba7a992fd94", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1956,7 +1956,7 @@ }, "panelIndex": "41f74a84-f471-4895-9443-cdf02a955cd8", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2123,7 +2123,7 @@ }, "panelIndex": "ce4172c4-1b4c-498a-8ee2-65af0c6a9cd0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2248,7 +2248,7 @@ }, "panelIndex": "f3a73b11-012a-4517-9a2f-623494321346", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2415,7 +2415,7 @@ }, "panelIndex": "f43a0df7-6e17-4523-891c-04e65c22ad22", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2582,7 +2582,7 @@ }, "panelIndex": "774541fd-cefb-422b-ac26-12f4b8528e7e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2749,7 +2749,7 @@ }, "panelIndex": "38569123-9613-46c8-ae0f-10f87bee71ed", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2838,7 +2838,7 @@ }, "panelIndex": "a9d1659e-0caf-416c-8520-f96b7e765fb1", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2927,7 +2927,7 @@ }, "panelIndex": "1e02ac55-c2e1-4383-a282-129bcf97ef4f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3016,7 +3016,7 @@ }, "panelIndex": "89576865-7807-4305-abee-1b92248de9fc", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -3105,7 +3105,7 @@ }, "panelIndex": "2b3e3a8f-4689-4aad-a5ef-8380200768c0", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -3380,7 +3380,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json index a6aaf318870..7741973943b 100644 --- a/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-e6184f90-72b6-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyOCwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc3MywxXQ==", "attributes": { "description": "", "hits": 0, @@ -154,7 +154,7 @@ }, "panelIndex": "9b39019c-58f4-4613-9109-2865e86acee2", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -339,7 +339,7 @@ }, "panelIndex": "ad69cae5-30ec-424e-b6b9-44e3d3979273", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -480,7 +480,7 @@ }, "panelIndex": "8c6f7513-48aa-4457-ab23-7e528bfe1dcd", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -590,7 +590,7 @@ }, "panelIndex": "fa6b11ac-3e40-4a52-9596-52d73081690d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -700,7 +700,7 @@ }, "panelIndex": "a1e0af01-0501-4fa8-96ab-b5f8cccd50c3", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -810,7 +810,7 @@ }, "panelIndex": "ecbf5a0c-05d8-4bdc-9ad6-9f928c7d9745", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -956,7 +956,7 @@ }, "panelIndex": "b7a38f86-d6e4-45d5-a490-34a522910597", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1102,7 +1102,7 @@ }, "panelIndex": "8db6d9a0-afd6-4d8a-9e4c-d85a8b9cccc5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1263,7 +1263,7 @@ }, "panelIndex": "3729697c-99a7-44aa-b08f-956fbdd7fd52", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1424,7 +1424,7 @@ }, "panelIndex": "428a29ce-c3cf-4c1e-8884-28216396972a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1534,7 +1534,7 @@ }, "panelIndex": "8236132e-146b-46b9-80c7-8566b41ac58c", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1640,7 +1640,7 @@ }, "panelIndex": "bc8801ce-4f2e-43ee-94f9-7dbed415fa95", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1729,7 +1729,7 @@ }, "panelIndex": "87729323-edef-43f8-9ec7-b9c3212ba067", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1854,7 +1854,7 @@ }, "panelIndex": "6ae15ec6-52a8-4037-82f4-0c6d6438a301", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1960,7 +1960,7 @@ }, "panelIndex": "014d7310-feb8-4078-9ff4-4174cf8f0c7a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2049,7 +2049,7 @@ }, "panelIndex": "29065c13-ac1a-49d3-a76e-de75726936ac", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2216,7 +2216,7 @@ }, "panelIndex": "49f8d21b-3a7b-4d6e-a478-e815766c292a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2383,7 +2383,7 @@ }, "panelIndex": "13b86156-05e3-4be7-98b9-1e4b9833c411", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2570,7 +2570,7 @@ }, "panelIndex": "fb4d6560-8b66-4ed2-b848-94dcf4d1d8b8", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2737,7 +2737,7 @@ }, "panelIndex": "1aa39804-8029-4770-bc25-e2e94a29e83b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2904,7 +2904,7 @@ }, "panelIndex": "85675e54-cd8f-4ca1-b0a6-e4f2766011e2", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -3189,7 +3189,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json b/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json index d744e958607..fa77b944382 100644 --- a/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json +++ b/packages/netskope/kibana/dashboard/netskope-f181cba0-71d9-11ec-8c4b-cb281099ee02.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T20:50:18.792Z", - "version": "WzcyOSwxXQ==", + "updated_at": "2022-11-22T18:50:07.579Z", + "version": "Wzc3NCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -75,7 +75,7 @@ }, "panelIndex": "7b3d09e3-1987-4202-a3a7-6f0ea3c441d3", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -185,7 +185,7 @@ }, "panelIndex": "a6294ee5-eaed-4c98-9e3d-2ddcc1c24649", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -298,7 +298,7 @@ }, "panelIndex": "3f9bbd86-5074-4a11-82e0-dd80b2727b63", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -408,7 +408,7 @@ }, "panelIndex": "758d5f91-4e32-4dba-b9a2-78dd39a2ae33", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -575,7 +575,7 @@ }, "panelIndex": "50a67c99-45bf-4877-a02a-1c2fbabf5a7d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -685,7 +685,7 @@ }, "panelIndex": "92098d7d-bd52-4b7c-8fc2-c38f0aca5c1a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -774,7 +774,7 @@ }, "panelIndex": "e71428cd-6aa7-410e-9401-b00c6661589d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -941,7 +941,7 @@ }, "panelIndex": "5296e207-4ad5-4936-b802-7a57e9bad6f5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1108,7 +1108,7 @@ }, "panelIndex": "e6adbd85-a30a-4210-a05a-0c56c2362657", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1295,7 +1295,7 @@ }, "panelIndex": "3cbd8e3d-7d76-4ba3-8355-a23cf9465ee2", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1462,7 +1462,7 @@ }, "panelIndex": "a7581748-99c7-4a63-aa09-61a0c039fe4b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1551,7 +1551,7 @@ }, "panelIndex": "651622f6-9e33-486b-b996-6fe0a89d3ad9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1718,7 +1718,7 @@ }, "panelIndex": "454a5cbd-3538-4448-84fc-b0f83c8a1970", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1807,7 +1807,7 @@ }, "panelIndex": "bcd9b35e-19ef-42d9-847a-d7518a21b0d9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -1913,7 +1913,7 @@ }, "panelIndex": "22dad9c8-4909-4efa-9f59-02a3ca979151", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2038,7 +2038,7 @@ }, "panelIndex": "8c6ab1fd-e0c5-438b-b0c9-392d90c273b1", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2205,7 +2205,7 @@ }, "panelIndex": "a5927e76-29f1-4c6b-85e0-ed1dee3de6c9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2294,7 +2294,7 @@ }, "panelIndex": "7846948a-db42-497c-b956-ac5d7dd7383d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2461,7 +2461,7 @@ }, "panelIndex": "8cb62986-e557-4d71-8de0-6f88ec7535d8", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2628,7 +2628,7 @@ }, "panelIndex": "de6f44ab-bef8-4518-bbb0-4afde2144001", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2717,7 +2717,7 @@ }, "panelIndex": "b2e8e6c8-d585-49c1-ba49-5a8c4fab5080", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2806,7 +2806,7 @@ }, "panelIndex": "d1633b77-5ee0-42ed-995f-d5e01cef7d3b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -2895,7 +2895,7 @@ }, "panelIndex": "17fbf33c-a3be-4e8e-afae-195fb4a37fa8", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -3135,7 +3135,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index 7e686e41347..72b38e196cc 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/netskope-alerts-screenshot.png title: Netskope Alert logs screenshot From edc50c7f5bb34f629e10f5f7300f92ab383a690f Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 00:50:00 +0530 Subject: [PATCH 088/103] osquery upgraded to 8.1.0 as agg failed --- .../data_stream/result/sample_event.json | 19 +++++++++---------- packages/osquery/manifest.yml | 1 - 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/packages/osquery/data_stream/result/sample_event.json b/packages/osquery/data_stream/result/sample_event.json index a698f04bc47..b7afc34b75b 100644 --- a/packages/osquery/data_stream/result/sample_event.json +++ b/packages/osquery/data_stream/result/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "agent": { - "ephemeral_id": "a893e713-eedc-4ae1-8951-0a0ca7f783de", - "hostname": "docker-fleet-agent", - "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", + "ephemeral_id": "207a0fe6-de4f-434f-9c34-d0898df6ac96", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.1.0" }, "data_stream": { "dataset": "osquery.result", @@ -17,16 +16,16 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "snapshot": false, - "version": "7.17.0" + "version": "8.1.0" }, "event": { "action": "added", "agent_id_status": "verified", - "created": "2022-11-14T15:11:13.595Z", + "created": "2022-11-22T19:16:32.440Z", "dataset": "osquery.result", - "ingested": "2022-11-14T15:11:17Z", + "ingested": "2022-11-22T19:16:35Z", "kind": "event", "type": "info" }, @@ -36,10 +35,10 @@ "hostname": "ubuntu-xenial", "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "ip": [ - "192.168.128.7" + "172.25.0.7" ], "mac": [ - "02:42:c0:a8:80:07" + "02:42:ac:19:00:07" ], "name": "docker-fleet-agent", "os": { diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index f78b8359b63..a53624178ab 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -15,7 +15,6 @@ categories: - security - os_system conditions: - # kibana.version: ^7.17.0 || ^8.0.0 kibana.version: ^8.1.0 screenshots: - src: /img/kibana-osquery-compatibility.png From a0edaa04662ffad74e73560f06064ac255161078 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 01:37:46 +0530 Subject: [PATCH 089/103] pfsense upgraded to 8.1.0 as agg failed --- ...-986061c0-3a9a-11eb-96b2-e765737b7534.json | 22 +++++----- ...-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json | 44 +++++++++++-------- ...-c8b42350-3a9c-11eb-96b2-e765737b7534.json | 24 +++++----- packages/pfsense/manifest.yml | 2 +- 4 files changed, 49 insertions(+), 43 deletions(-) diff --git a/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json index e29b7a49118..c863dde2e29 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T22:17:02.668Z", - "version": "WzYyOCwxXQ==", + "updated_at": "2022-11-22T19:59:25.821Z", + "version": "WzY1NCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -55,7 +55,7 @@ }, "panelIndex": "73294aad-e475-4a63-97d1-fc214a83bb0a", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -130,7 +130,7 @@ }, "panelIndex": "46725bb5-e239-4fa2-8dfd-4de947863354", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -208,7 +208,7 @@ }, "panelIndex": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -274,7 +274,7 @@ }, "panelIndex": "a7662c6e-94d5-4062-85f4-0132897f3578", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -340,7 +340,7 @@ }, "panelIndex": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -497,7 +497,7 @@ }, "panelIndex": "27569da9-7531-40cf-be93-8778738b68be", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -626,7 +626,7 @@ }, "panelIndex": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -681,7 +681,7 @@ } ], "migrationVersion": { - "dashboard": "7.15.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json index 2d79473c692..cd4f30dfb54 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T22:17:02.668Z", - "version": "WzYyOSwxXQ==", + "updated_at": "2022-11-22T19:59:25.821Z", + "version": "WzY1NSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -104,7 +104,7 @@ "y": 7 }, "panelIndex": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -128,7 +128,7 @@ "label": "Count of records", "operationType": "count", "scale": "ratio", - "sourceField": "Records" + "sourceField": "___records___" }, "9d13ff42-0a6d-4cb4-bff4-bbd64836de35": { "dataType": "string", @@ -141,7 +141,10 @@ "type": "column" }, "orderDirection": "desc", - "size": 5 + "size": 5, + "parentFormat": { + "id": "terms" + } }, "scale": "ordinal", "sourceField": "destination.geo.country_name" @@ -199,7 +202,7 @@ "y": 0 }, "panelIndex": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", - "version": "7.15.0", + "version": "8.1.0", "type": "lens" }, { @@ -274,7 +277,7 @@ "y": 0 }, "panelIndex": "d2c26a96-ad50-4155-a67e-b6559246c302", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -349,7 +352,7 @@ "y": 0 }, "panelIndex": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -424,7 +427,7 @@ "y": 7 }, "panelIndex": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -449,7 +452,7 @@ "label": "Count of records", "operationType": "count", "scale": "ratio", - "sourceField": "Records" + "sourceField": "___records___" }, "440112fe-405a-4b46-840e-2b9772961acc": { "dataType": "date", @@ -473,7 +476,10 @@ "type": "column" }, "orderDirection": "desc", - "size": 5 + "size": 5, + "parentFormat": { + "id": "terms" + } }, "scale": "ordinal", "sourceField": "event.action" @@ -550,7 +556,7 @@ "y": 14 }, "panelIndex": "c2fbea99-8684-446a-a570-48bcbb9f1c39", - "version": "7.15.0", + "version": "8.1.0", "type": "lens" }, { @@ -640,7 +646,7 @@ "y": 14 }, "panelIndex": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -799,7 +805,7 @@ "y": 28 }, "panelIndex": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -874,7 +880,7 @@ "y": 28 }, "panelIndex": "60b4467b-8227-41de-b5ec-00c860793819", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -1006,7 +1012,7 @@ "y": 56 }, "panelIndex": "b5d79638-384f-411b-a5c9-0d5aea67c08f", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" }, { @@ -1113,7 +1119,7 @@ "y": 56 }, "panelIndex": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", - "version": "7.14.0", + "version": "8.0.0", "type": "visualization" } ], @@ -1209,7 +1215,7 @@ } ], "migrationVersion": { - "dashboard": "7.15.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json index b3fa8b02767..7021877e467 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-27T22:17:02.668Z", - "version": "WzYzMCwxXQ==", + "updated_at": "2022-11-22T19:59:25.821Z", + "version": "WzY1NiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -55,7 +55,7 @@ }, "panelIndex": "2b46d706-0288-4541-8880-ccb2efeeee92", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -130,7 +130,7 @@ }, "panelIndex": "6018121a-9303-4c73-9c96-d23362cdc74d", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -205,7 +205,7 @@ }, "panelIndex": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -278,7 +278,7 @@ }, "panelIndex": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -435,7 +435,7 @@ }, "panelIndex": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -508,7 +508,7 @@ }, "panelIndex": "5b500115-4722-432b-8d67-38b1a948c1d5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -581,7 +581,7 @@ }, "panelIndex": "aa85065f-1b07-468c-b264-1231b59be97b", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -738,7 +738,7 @@ }, "panelIndex": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -827,7 +827,7 @@ } ], "migrationVersion": { - "dashboard": "7.15.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 4a81e0d2d3b..f9c08f77c0e 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -15,7 +15,7 @@ categories: - network - security conditions: - kibana.version: ^7.15.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/firewall.png title: pfSense Firewall Dashboard From 082d8a61c7c9ce1df5d00cb476f767f4666dc27d Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 02:31:48 +0530 Subject: [PATCH 090/103] qnap_nas upgraded to 8.1.0 as agg failed --- .../qnap_nas/data_stream/log/sample_event.json | 16 ++++++++-------- packages/qnap_nas/docs/README.md | 16 ++++++++-------- ...s-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json | 18 +++++++++--------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/packages/qnap_nas/data_stream/log/sample_event.json b/packages/qnap_nas/data_stream/log/sample_event.json index 08213648efc..4ff670b8d66 100644 --- a/packages/qnap_nas/data_stream/log/sample_event.json +++ b/packages/qnap_nas/data_stream/log/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2022-10-30T20:24:24.000Z", "agent": { - "ephemeral_id": "b6db294f-f5fd-4570-9d9c-cd0a74001651", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "b04b6107-ca2b-4adb-90c0-2c86f2ebc578", + "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "data_stream": { "dataset": "qnap_nas.log", @@ -16,9 +16,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "create-directory", @@ -28,7 +28,7 @@ ], "created": "2022-10-30T20:24:24.000Z", "dataset": "qnap_nas.log", - "ingested": "2022-01-02T09:51:24Z", + "ingested": "2022-11-22T20:55:17Z", "kind": "event", "provider": "conn-log", "timezone": "+00:00", @@ -43,11 +43,11 @@ "name": "qnap-nas01" }, "input": { - "type": "udp" + "type": "tcp" }, "log": { "source": { - "address": "172.18.0.7:46086" + "address": "192.168.112.4:36880" }, "syslog": { "priority": 30 diff --git a/packages/qnap_nas/docs/README.md b/packages/qnap_nas/docs/README.md index ed08cb6be2e..1e5b3db81a0 100644 --- a/packages/qnap_nas/docs/README.md +++ b/packages/qnap_nas/docs/README.md @@ -14,11 +14,11 @@ An example event for `log` looks as following: { "@timestamp": "2022-10-30T20:24:24.000Z", "agent": { - "ephemeral_id": "b6db294f-f5fd-4570-9d9c-cd0a74001651", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "70560290-2c53-41c4-b32b-d4b76b6a6b18", + "id": "2d8f9f42-f276-4b2a-9082-a758a08f49f2", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "data_stream": { "dataset": "qnap_nas.log", @@ -29,9 +29,9 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "2d8f9f42-f276-4b2a-9082-a758a08f49f2", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "create-directory", @@ -41,7 +41,7 @@ An example event for `log` looks as following: ], "created": "2022-10-30T20:24:24.000Z", "dataset": "qnap_nas.log", - "ingested": "2022-01-02T09:51:24Z", + "ingested": "2022-11-22T20:22:19Z", "kind": "event", "provider": "conn-log", "timezone": "+00:00", @@ -56,11 +56,11 @@ An example event for `log` looks as following: "name": "qnap-nas01" }, "input": { - "type": "udp" + "type": "tcp" }, "log": { "source": { - "address": "172.18.0.7:46086" + "address": "192.168.80.6:41074" }, "syslog": { "priority": 30 diff --git a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json index 87ccfd6f1fd..d1262b07a51 100644 --- a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json +++ b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T06:35:10.046Z", - "version": "WzYzMCwxXQ==", + "updated_at": "2022-11-22T20:19:24.383Z", + "version": "WzU4NSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -143,7 +143,7 @@ }, "panelIndex": "08e193f5-7994-4a34-8572-62dd8fb527fd", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -247,7 +247,7 @@ }, "panelIndex": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -330,7 +330,7 @@ }, "panelIndex": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -432,7 +432,7 @@ }, "panelIndex": "20d36c90-71af-4062-94da-0374c871667e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -616,7 +616,7 @@ }, "panelIndex": "e0abcb09-b900-4d29-9146-02ab3aca914e", "type": "visualization", - "version": "7.14.0" + "version": "8.0.0" } ], "timeRestore": false, @@ -686,7 +686,7 @@ } ], "migrationVersion": { - "dashboard": "7.16.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.16.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file From 0df3a9b60eeeca5521968019a53776cacbd1cbc0 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 11:59:52 +0530 Subject: [PATCH 091/103] santa upgraded to 8.1.0 as agg failed --- ...-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json | 20 +++++++++---------- packages/santa/manifest.yml | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json index 9f1dfa75b94..d502b6edaea 100644 --- a/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json +++ b/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T06:42:21.625Z", - "version": "WzYzMSwxXQ==", + "updated_at": "2022-11-23T06:23:56.756Z", + "version": "WzU3OSwxXQ==", "attributes": { "description": "Process executions on macOS monitored by Google Santa.", "hits": 0, @@ -57,7 +57,7 @@ "y": 0 }, "panelIndex": "1", - "version": "7.17.0", + "version": "8.0.0", "type": "visualization" }, { @@ -124,7 +124,7 @@ "y": 0 }, "panelIndex": "2", - "version": "7.17.0", + "version": "8.0.0", "type": "visualization" }, { @@ -193,7 +193,7 @@ "y": 12 }, "panelIndex": "3", - "version": "7.17.0", + "version": "8.0.0", "type": "visualization" }, { @@ -290,7 +290,7 @@ "y": 12 }, "panelIndex": "4", - "version": "7.17.0", + "version": "8.0.0", "type": "visualization" }, { @@ -360,7 +360,7 @@ "y": 12 }, "panelIndex": "5", - "version": "7.17.0", + "version": "8.0.0", "type": "visualization" }, { @@ -426,7 +426,7 @@ "y": 12 }, "panelIndex": "6", - "version": "7.17.0", + "version": "8.0.0", "type": "visualization" }, { @@ -477,7 +477,7 @@ } ], "migrationVersion": { - "dashboard": "7.17.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.17.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index 6c6f1d6ab8c..a8bba434731 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -14,7 +14,7 @@ categories: - security - os_system conditions: - kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-santa-log-overview.png title: kibana santa log overview From 72794270aaf34a763d4c3b5289e605f45317a660 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 12:18:34 +0530 Subject: [PATCH 092/103] suricate upgraded to 8.1.0 as agg failed --- ...-05268ee0-86d1-11e8-b59d-21efb914e65c.json | 58 ++++++++++--------- ...-78289c40-86da-11e8-b59d-21efb914e65c.json | 8 +-- packages/suricata/manifest.yml | 2 +- 3 files changed, 35 insertions(+), 33 deletions(-) diff --git a/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json index d7358987559..e9e60eba7b9 100644 --- a/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json +++ b/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T06:54:09.400Z", - "version": "WzY0MCwxXQ==", + "updated_at": "2022-11-23T06:37:42.472Z", + "version": "WzU4OSwxXQ==", "attributes": { "description": "Overview of the Suricata Alerts dashboard.", "hits": 0, @@ -490,10 +490,20 @@ "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", + "w": 23, + "x": 0, + "y": 26 + }, + "panelIndex": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"967e2051-c2f4-49ef-bc72-d94947e45883\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"cdbf364a-7d6f-499e-9819-0ef05d687969\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Source Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"345ad34d-95d3-4e10-9850-cfd6b366fd7e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"967e2051-c2f4-49ef-bc72-d94947e45883\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"cdbf364a-7d6f-499e-9819-0ef05d687969\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Source Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"345ad34d-95d3-4e10-9850-cfd6b366fd7e\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Alert - Source Location [Logs Suricata]", @@ -513,24 +523,25 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 15, - "i": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", - "w": 23, - "x": 0, + "i": "df498f0d-f08c-48e0-9b9f-1e579824a327", + "w": 25, + "x": 23, "y": 26 }, - "panelIndex": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", - "type": "map", - "version": "8.0.0" - }, - { + "panelIndex": "df498f0d-f08c-48e0-9b9f-1e579824a327", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"20edc2ac-aae0-4f6b-8eae-405d2423b580\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9df30dd6-f660-4daf-a2b6-3691e4bd6e81\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Destination Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"09c636cb-a239-4636-aaba-abbab2ec3b02\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"20edc2ac-aae0-4f6b-8eae-405d2423b580\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9df30dd6-f660-4daf-a2b6-3691e4bd6e81\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Destination Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"09c636cb-a239-4636-aaba-abbab2ec3b02\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Alert - Destination Location [Logs Suricata]", @@ -550,18 +561,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "df498f0d-f08c-48e0-9b9f-1e579824a327", - "w": 25, - "x": 23, - "y": 26 - }, - "panelIndex": "df498f0d-f08c-48e0-9b9f-1e579824a327", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "timeRestore": false, @@ -606,7 +608,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json index 56c5681ed02..6d1b2bd39bb 100644 --- a/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json +++ b/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T06:54:09.400Z", - "version": "WzY0MSwxXQ==", + "updated_at": "2022-11-23T06:37:42.472Z", + "version": "WzU5MCwxXQ==", "attributes": { "description": "Overview of the Surcata events dashboard.", "hits": 0, @@ -913,7 +913,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index b3f9aef81bb..cfa4cb1a598 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -13,7 +13,7 @@ format_version: 1.0.0 license: basic categories: [network, security] conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/filebeat-suricata-events.png title: filebeat suricata events From 78883e341ba5ce535838b78e4980bcf63d3151e2 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 13:33:20 +0530 Subject: [PATCH 093/103] zeek upgraded to 8.1.0 as agg failed --- .../capture_loss/sample_event.json | 53 +++++++++++++++++++ ...-7cbb5410-3700-11e9-aa6d-ff445a78330c.json | 35 ++++++------ packages/zeek/manifest.yml | 2 +- 3 files changed, 72 insertions(+), 18 deletions(-) create mode 100644 packages/zeek/data_stream/capture_loss/sample_event.json diff --git a/packages/zeek/data_stream/capture_loss/sample_event.json b/packages/zeek/data_stream/capture_loss/sample_event.json new file mode 100644 index 00000000000..09e92fdb4cb --- /dev/null +++ b/packages/zeek/data_stream/capture_loss/sample_event.json @@ -0,0 +1,53 @@ +{ + "@timestamp": "2019-09-10T16:19:28.465Z", + "agent": { + "ephemeral_id": "8c254185-7ed2-4b0a-af78-e371166897c9", + "id": "df514182-bb0b-40b5-96d1-14197e409254", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.1.0" + }, + "data_stream": { + "dataset": "zeek.capture_loss", + "namespace": "ep", + "type": "logs" + }, + "ecs": { + "version": "8.5.0" + }, + "elastic_agent": { + "id": "df514182-bb0b-40b5-96d1-14197e409254", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "created": "2022-11-23T07:59:28.651Z", + "dataset": "zeek.capture_loss", + "ingested": "2022-11-23T07:59:32Z", + "kind": "metric", + "type": "info" + }, + "input": { + "type": "log" + }, + "log": { + "file": { + "path": "/tmp/service_logs/capture_loss.log" + }, + "offset": 0 + }, + "tags": [ + "forwarded", + "zeek-capture-loss" + ], + "zeek": { + "capture_loss": { + "acks": 206, + "gaps": 0, + "peer": "bro", + "percent_lost": 0, + "ts_delta": 32.282249 + } + } +} \ No newline at end of file diff --git a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json index 2b4e315dec6..b9f4f707146 100644 --- a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json +++ b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-28T07:00:14.083Z", - "version": "WzYzNCwxXQ==", + "updated_at": "2022-11-23T07:48:08.211Z", + "version": "WzU4MywxXQ==", "attributes": { "description": "Overview of Zeek", "hits": 0, @@ -604,10 +604,20 @@ "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 20, + "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Destination Geo [Logs Zeek]", @@ -627,18 +637,9 @@ "lon": 10.89865, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 20, - "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "timeRestore": false, @@ -683,7 +684,7 @@ } ], "migrationVersion": { - "dashboard": "8.0.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "8.0.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index e80fbd82f4d..af83a4e13d8 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -13,7 +13,7 @@ format_version: 1.0.0 license: basic categories: [network, monitoring, security] conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-zeek.png title: kibana zeek From 269b8b2c831ce9fc72a9655a80edaf64df33761d Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 15:44:01 +0530 Subject: [PATCH 094/103] zscalar_zpa upgraded to 8.1.0 as agg failed --- ...-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json | 366 ---- ...-34f0b8a0-3a71-11ed-9e41-155bc0d23bc2.json | 466 +++++ ...-3b709f70-3a98-11ed-9e41-155bc0d23bc2.json | 1686 +++++++++++++++++ ...-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json | 1119 ----------- ...-893ef040-3a88-11ed-9e41-155bc0d23bc2.json | 1191 ++++++++++++ ...-a0742450-3a89-11ed-9e41-155bc0d23bc2.json | 526 +++++ ...-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json | 1070 ----------- ...-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json | 387 ---- ...-d9d5e800-537b-11ec-9527-b704eaaa5c53.json | 16 +- packages/zscaler_zpa/manifest.yml | 2 +- 10 files changed, 3877 insertions(+), 2952 deletions(-) delete mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json create mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-34f0b8a0-3a71-11ed-9e41-155bc0d23bc2.json create mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-3b709f70-3a98-11ed-9e41-155bc0d23bc2.json delete mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json create mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-893ef040-3a88-11ed-9e41-155bc0d23bc2.json create mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-a0742450-3a89-11ed-9e41-155bc0d23bc2.json delete mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json delete mode 100644 packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 3fdd4606832..00000000000 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,366 +0,0 @@ -{ - "id": "zscaler_zpa-26cc19c0-4c44-11ec-9023-a76a2cb41dcd", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T07:28:45.260Z", - "version": "WzY1NiwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [] - } - }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false - }, - "panelsJSON": [ - { - "version": "7.14.0", - "type": "map", - "gridData": { - "x": 0, - "y": 0, - "w": 48, - "h": 18, - "i": "26f3b155-53ad-40e1-a01d-e469c7193d9d" - }, - "panelIndex": "26f3b155-53ad-40e1-a01d-e469c7193d9d", - "embeddableConfig": { - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 1.06 - }, - "mapBuffer": { - "minLon": -180, - "minLat": -66.51326, - "maxLon": 180, - "maxLat": 66.51326 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {}, - "attributes": { - "title": "[Zscaler][ZPA] Browser Access Events by Region", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"zoom\":0.77,\"center\":{\"lon\":35.52056,\"lat\":-0.77104},\"timeFilters\":{\"from\":\"now-5y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.browser_access\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"44962ab1-9a18-493c-a7c4-4408f7df2ca7\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"client.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 18, - "w": 16, - "h": 15, - "i": "2b16dc24-ff32-475b-8dd7-cb51f5d93954" - }, - "panelIndex": "2b16dc24-ff32-475b-8dd7-cb51f5d93954", - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - }, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of Browser Access by Exporter", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.browser_access.exporter", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Exporter" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 32, - "y": 18, - "w": 16, - "h": 15, - "i": "ac107bfb-95e0-4f77-9aec-9674891d047b" - }, - "panelIndex": "ac107bfb-95e0-4f77-9aec-9674891d047b", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of Browser Access by Browser", - "description": "", - "uiState": {}, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user_agent.name", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Browser" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 16, - "y": 18, - "w": 16, - "h": 15, - "i": "286696da-f87c-4872-b7c7-6a20f8584ea6" - }, - "panelIndex": "286696da-f87c-4872-b7c7-6a20f8584ea6", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of OS across user.", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "default" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - }, - "row": false - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "user.name" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user_agent.os.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "user_agent.os.version", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.browser_access\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] Browser Access Logs", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "26f3b155-53ad-40e1-a01d-e469c7193d9d:layer_1_source_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "2b16dc24-ff32-475b-8dd7-cb51f5d93954:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ac107bfb-95e0-4f77-9aec-9674891d047b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "286696da-f87c-4872-b7c7-6a20f8584ea6:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.16.0" - }, - "coreMigrationVersion": "7.16.0" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-34f0b8a0-3a71-11ed-9e41-155bc0d23bc2.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-34f0b8a0-3a71-11ed-9e41-155bc0d23bc2.json new file mode 100644 index 00000000000..09df76f7966 --- /dev/null +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-34f0b8a0-3a71-11ed-9e41-155bc0d23bc2.json @@ -0,0 +1,466 @@ +{ + "id": "zscaler_zpa-34f0b8a0-3a71-11ed-9e41-155bc0d23bc2", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T08:57:25.471Z", + "version": "WzU3MCwxXQ==", + "attributes": { + "description": "This dashboard shows Browser Access Logs collected by the Zscaler ZPA integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.browser_access" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.browser_access" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "f069080b-5169-4c41-b661-304e5c5dfa2d", + "w": 16, + "x": 0, + "y": 18 + }, + "panelIndex": "f069080b-5169-4c41-b661-304e5c5dfa2d", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cdda45ef-7a1f-46e6-82f5-b5b98d330527", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cdda45ef-7a1f-46e6-82f5-b5b98d330527": { + "columnOrder": [ + "7db7ef17-e874-4258-b032-bed5d1ca4d5f", + "d41f24af-68d7-4d59-9bb3-a09ddd968736" + ], + "columns": { + "7db7ef17-e874-4258-b032-bed5d1ca4d5f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Exporter", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d41f24af-68d7-4d59-9bb3-a09ddd968736", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.browser_access.exporter" + }, + "d41f24af-68d7-4d59-9bb3-a09ddd968736": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "7db7ef17-e874-4258-b032-bed5d1ca4d5f" + ], + "layerId": "cdda45ef-7a1f-46e6-82f5-b5b98d330527", + "layerType": "data", + "legendDisplay": "default", + "metric": "d41f24af-68d7-4d59-9bb3-a09ddd968736", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of Browser Access by Exporter [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "7140a23f-4aa7-43fc-a99a-bba55d790c4f", + "w": 16, + "x": 32, + "y": 18 + }, + "panelIndex": "7140a23f-4aa7-43fc-a99a-bba55d790c4f", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d25f382e-b54c-4dc5-803a-2fd115dd0c50", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d25f382e-b54c-4dc5-803a-2fd115dd0c50": { + "columnOrder": [ + "22a93c56-da24-4135-9329-3b95ceb3da3f", + "b7c7cc2c-2d63-44bd-9505-70a3d0232be0" + ], + "columns": { + "22a93c56-da24-4135-9329-3b95ceb3da3f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Browser", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b7c7cc2c-2d63-44bd-9505-70a3d0232be0", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.name" + }, + "b7c7cc2c-2d63-44bd-9505-70a3d0232be0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "22a93c56-da24-4135-9329-3b95ceb3da3f" + ], + "layerId": "d25f382e-b54c-4dc5-803a-2fd115dd0c50", + "layerType": "data", + "legendDisplay": "default", + "metric": "b7c7cc2c-2d63-44bd-9505-70a3d0232be0", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of Browser Access by Browser [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "8e452830-b278-4562-b994-fd6070cd6378", + "w": 16, + "x": 16, + "y": 18 + }, + "panelIndex": "8e452830-b278-4562-b994-fd6070cd6378", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9559af19-50aa-43e3-aef6-6ddd99985176", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9559af19-50aa-43e3-aef6-6ddd99985176": { + "columnOrder": [ + "1392dce2-163a-4359-8f11-3cd3395efc4b", + "67671e08-8621-4da6-af65-d1a9b6f66dad", + "63992bdc-dc89-4c9b-bfa4-e8ab33adfbc7" + ], + "columns": { + "1392dce2-163a-4359-8f11-3cd3395efc4b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "63992bdc-dc89-4c9b-bfa4-e8ab33adfbc7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.name" + }, + "63992bdc-dc89-4c9b-bfa4-e8ab33adfbc7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "67671e08-8621-4da6-af65-d1a9b6f66dad": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Version", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "63992bdc-dc89-4c9b-bfa4-e8ab33adfbc7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user_agent.os.version" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "1392dce2-163a-4359-8f11-3cd3395efc4b", + "67671e08-8621-4da6-af65-d1a9b6f66dad" + ], + "layerId": "9559af19-50aa-43e3-aef6-6ddd99985176", + "layerType": "data", + "legendDisplay": "default", + "metric": "63992bdc-dc89-4c9b-bfa4-e8ab33adfbc7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of OS across User [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 18, + "i": "3faea99d-8970-4c4b-8c11-16737fb1f643", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "3faea99d-8970-4c4b-8c11-16737fb1f643", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"44962ab1-9a18-493c-a7c4-4408f7df2ca7\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"client.geo.location\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":0.77,\"center\":{\"lon\":84.58721,\"lat\":30.6405},\"timeFilters\":{\"from\":\"now-5y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "[Zscaler][ZPA] Browser Access Events by Region", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 540, + "minLat": -85.05113, + "minLon": -360 + }, + "mapCenter": { + "lat": 30.6405, + "lon": 84.58721, + "zoom": 0.77 + }, + "openTOCDetails": [], + "type": "map" + }, + "title": "Browser Access Events by Region [Logs Zscaler ZPA]" + } + ], + "timeRestore": false, + "title": "[Logs Zscaler ZPA] Browser Access Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f069080b-5169-4c41-b661-304e5c5dfa2d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f069080b-5169-4c41-b661-304e5c5dfa2d:indexpattern-datasource-layer-cdda45ef-7a1f-46e6-82f5-b5b98d330527", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7140a23f-4aa7-43fc-a99a-bba55d790c4f:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7140a23f-4aa7-43fc-a99a-bba55d790c4f:indexpattern-datasource-layer-d25f382e-b54c-4dc5-803a-2fd115dd0c50", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8e452830-b278-4562-b994-fd6070cd6378:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8e452830-b278-4562-b994-fd6070cd6378:indexpattern-datasource-layer-9559af19-50aa-43e3-aef6-6ddd99985176", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3faea99d-8970-4c4b-8c11-16737fb1f643:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-3b709f70-3a98-11ed-9e41-155bc0d23bc2.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-3b709f70-3a98-11ed-9e41-155bc0d23bc2.json new file mode 100644 index 00000000000..49a61a199ea --- /dev/null +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-3b709f70-3a98-11ed-9e41-155bc0d23bc2.json @@ -0,0 +1,1686 @@ +{ + "id": "zscaler_zpa-3b709f70-3a98-11ed-9e41-155bc0d23bc2", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T08:57:25.471Z", + "version": "WzU3MSwxXQ==", + "attributes": { + "description": "This dashboard shows User Activity and Status Logs collected by the Zscaler ZPA integration.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "zscaler_zpa.user_activity", + "zscaler_zpa.user_status" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_activity" + } + }, + { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_status" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "02c9d04f-388e-4aeb-bf53-dc3c4201ac89", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "02c9d04f-388e-4aeb-bf53-dc3c4201ac89", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b057dead-b005-4462-b395-d27f7ac78327", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b057dead-b005-4462-b395-d27f7ac78327": { + "columnOrder": [ + "083be347-4383-4ce2-b466-6a93dfce867d" + ], + "columns": { + "083be347-4383-4ce2-b466-6a93dfce867d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Users", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_activity" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_activity" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "083be347-4383-4ce2-b466-6a93dfce867d", + "layerId": "b057dead-b005-4462-b395-d27f7ac78327", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Total Users [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "46efd498-aa94-46cf-943e-bcc12e74928c", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "46efd498-aa94-46cf-943e-bcc12e74928c", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f6c8b136-deb3-4b5d-ba28-8335cad05127", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f6c8b136-deb3-4b5d-ba28-8335cad05127": { + "columnOrder": [ + "efb3640b-c682-4e3c-8c3c-f81ada82c369", + "90e9028c-ca65-4690-897a-377431ca211e" + ], + "columns": { + "90e9028c-ca65-4690-897a-377431ca211e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "efb3640b-c682-4e3c-8c3c-f81ada82c369": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connection Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "90e9028c-ca65-4690-897a-377431ca211e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.user_activity.connection.status" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_activity" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_activity" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "efb3640b-c682-4e3c-8c3c-f81ada82c369" + ], + "layerId": "f6c8b136-deb3-4b5d-ba28-8335cad05127", + "layerType": "data", + "legendDisplay": "default", + "metric": "90e9028c-ca65-4690-897a-377431ca211e", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of Users by Connection Status [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "54c63d27-7daf-4370-b7ad-dccc6c5efc46", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "54c63d27-7daf-4370-b7ad-dccc6c5efc46", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-5bbce317-b56b-4695-bac0-7340665c9ff8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "5bbce317-b56b-4695-bac0-7340665c9ff8": { + "columnOrder": [ + "29ae9a72-ef14-4376-97cb-2c67d9554218", + "716118c4-a649-408e-8c7f-a481ab09bc92" + ], + "columns": { + "29ae9a72-ef14-4376-97cb-2c67d9554218": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "716118c4-a649-408e-8c7f-a481ab09bc92", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.user_status.session.status" + }, + "716118c4-a649-408e-8c7f-a481ab09bc92": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_status" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_status" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "29ae9a72-ef14-4376-97cb-2c67d9554218" + ], + "layerId": "5bbce317-b56b-4695-bac0-7340665c9ff8", + "layerType": "data", + "legendDisplay": "default", + "metric": "716118c4-a649-408e-8c7f-a481ab09bc92", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of User by Session Status [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "fc4e5d4a-ef17-4fc4-90dd-8a9869aba15c", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "fc4e5d4a-ef17-4fc4-90dd-8a9869aba15c", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-abf9ee3a-3e3e-495a-9f66-ed7b29420d77", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "abf9ee3a-3e3e-495a-9f66-ed7b29420d77": { + "columnOrder": [ + "e9f66119-f56b-41e4-aabf-bdb9361d0826", + "e9175e89-5e1e-4f11-8812-56093624bdf7" + ], + "columns": { + "e9175e89-5e1e-4f11-8812-56093624bdf7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "e9f66119-f56b-41e4-aabf-bdb9361d0826": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Client Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e9175e89-5e1e-4f11-8812-56093624bdf7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.user_status.client.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_status" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_status" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "e9f66119-f56b-41e4-aabf-bdb9361d0826" + ], + "layerId": "abf9ee3a-3e3e-495a-9f66-ed7b29420d77", + "layerType": "data", + "legendDisplay": "default", + "metric": "e9175e89-5e1e-4f11-8812-56093624bdf7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of User by Client Type [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "e21be368-485f-48b0-8772-405c6ec54236", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "e21be368-485f-48b0-8772-405c6ec54236", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-798e7ae8-6819-4df4-ab28-7cdb722c8ca5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "798e7ae8-6819-4df4-ab28-7cdb722c8ca5": { + "columnOrder": [ + "6bdd00fb-4b03-4f8e-834c-b120a71ae15e", + "13006e00-316a-4785-a9c9-3800c30805a7" + ], + "columns": { + "13006e00-316a-4785-a9c9-3800c30805a7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "6bdd00fb-4b03-4f8e-834c-b120a71ae15e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Country Code", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "13006e00-316a-4785-a9c9-3800c30805a7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.geo.country_iso_code" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_status" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_status" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "13006e00-316a-4785-a9c9-3800c30805a7" + ], + "layerId": "798e7ae8-6819-4df4-ab28-7cdb722c8ca5", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "6bdd00fb-4b03-4f8e-834c-b120a71ae15e" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Countries with Users [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "b0663650-c22b-4880-bae3-0461951511e8", + "w": 16, + "x": 0, + "y": 50 + }, + "panelIndex": "b0663650-c22b-4880-bae3-0461951511e8", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c5fb4b55-b45b-4508-937f-a05012968d5e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c5fb4b55-b45b-4508-937f-a05012968d5e": { + "columnOrder": [ + "580e8464-b469-43ad-8fcf-c53ec0040132", + "d450dcf6-dfea-4333-94f1-e9cb0939b0b1" + ], + "columns": { + "580e8464-b469-43ad-8fcf-c53ec0040132": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d450dcf6-dfea-4333-94f1-e9cb0939b0b1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "d450dcf6-dfea-4333-94f1-e9cb0939b0b1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_activity" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_activity" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "zscaler_zpa.user_activity.connection.status", + "negate": false, + "params": { + "query": "active" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "zscaler_zpa.user_activity.connection.status": "active" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "580e8464-b469-43ad-8fcf-c53ec0040132" + }, + { + "columnId": "d450dcf6-dfea-4333-94f1-e9cb0939b0b1" + } + ], + "layerId": "c5fb4b55-b45b-4508-937f-a05012968d5e", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Active Users [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "266bf198-31ab-4470-b83c-c36dddf97817", + "w": 16, + "x": 16, + "y": 50 + }, + "panelIndex": "266bf198-31ab-4470-b83c-c36dddf97817", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c78bfb28-6660-4968-ac9b-8b811d72e376", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "c78bfb28-6660-4968-ac9b-8b811d72e376": { + "columnOrder": [ + "c9d4ae8e-0907-483e-9a11-5c460a77c30a", + "9bcf224f-51d7-4b58-baa7-4505e4cdc0ab", + "4ab51e7f-3e8a-4183-8e4b-a1c74d713fd3" + ], + "columns": { + "4ab51e7f-3e8a-4183-8e4b-a1c74d713fd3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "9bcf224f-51d7-4b58-baa7-4505e4cdc0ab": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ab51e7f-3e8a-4183-8e4b-a1c74d713fd3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "user.name" + }, + "c9d4ae8e-0907-483e-9a11-5c460a77c30a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Application Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ab51e7f-3e8a-4183-8e4b-a1c74d713fd3", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.user_activity.application" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_activity" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_activity" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "4ab51e7f-3e8a-4183-8e4b-a1c74d713fd3", + "isTransposed": false + }, + { + "columnId": "c9d4ae8e-0907-483e-9a11-5c460a77c30a", + "isTransposed": false + }, + { + "columnId": "9bcf224f-51d7-4b58-baa7-4505e4cdc0ab", + "isTransposed": false + } + ], + "layerId": "c78bfb28-6660-4968-ac9b-8b811d72e376", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of Users per Application (Top 10) [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "ae90d135-6ca3-4af3-8222-dea614e5e746", + "w": 16, + "x": 32, + "y": 50 + }, + "panelIndex": "ae90d135-6ca3-4af3-8222-dea614e5e746", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f19c6fb4-8fae-40a3-adb3-ae6c447bb275", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f19c6fb4-8fae-40a3-adb3-ae6c447bb275": { + "columnOrder": [ + "ced296a3-39da-4192-bf4c-5304b0924cb1", + "7f77f4b9-ce17-4bc3-91b1-6dc78274eeb8" + ], + "columns": { + "7f77f4b9-ce17-4bc3-91b1-6dc78274eeb8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "ced296a3-39da-4192-bf4c-5304b0924cb1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "App Groups", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7f77f4b9-ce17-4bc3-91b1-6dc78274eeb8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.user_activity.app_group" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_activity" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_activity" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "ced296a3-39da-4192-bf4c-5304b0924cb1", + "isTransposed": false + }, + { + "columnId": "7f77f4b9-ce17-4bc3-91b1-6dc78274eeb8", + "isTransposed": false + } + ], + "layerId": "f19c6fb4-8fae-40a3-adb3-ae6c447bb275", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 AppGroups [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "f2485352-f2fd-4321-a629-5763dfd34dbb", + "w": 24, + "x": 0, + "y": 65 + }, + "panelIndex": "f2485352-f2fd-4321-a629-5763dfd34dbb", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "zscaler_zpa.user_activity.connector_zen_setup_time", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.connector_zen_setup_time" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "zscaler_zpa.user_activity.connection.setup_time", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.connection.setup_time" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "zscaler_zpa.user_activity.server_setup_time", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.server_setup_time" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "4ac99360-4dd5-11ec-9c7f-599fe68d9667" + } + ], + "drop_last_bucket": 0, + "id": "81cebc93-9e11-4079-9241-baa103cd5db6", + "index_pattern_ref_name": "metrics_f2485352-f2fd-4321-a629-5763dfd34dbb_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "pivot_id": "client.ip", + "pivot_label": "Client IP", + "pivot_type": "string", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "hidden": false, + "id": "a5e34d80-4dd6-11ec-9c7f-599fe68d9667", + "label": "Application Setup Time (in microseconds)", + "line_width": 1, + "metrics": [ + { + "field": "zscaler_zpa.user_activity.server_setup_time", + "id": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667", + "type": "avg" + }, + { + "field": "zscaler_zpa.user_activity.connection.setup_time", + "id": "5adf7740-4dfa-11ec-9c7f-599fe68d9667", + "type": "avg" + }, + { + "field": "zscaler_zpa.user_activity.connector_zen_setup_time", + "id": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667", + "type": "avg" + }, + { + "id": "7956fef0-4dfa-11ec-9c7f-599fe68d9667", + "script": "params.a + params.b + params.c", + "type": "math", + "variables": [ + { + "field": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667", + "id": "7ad8bcf0-4dfa-11ec-9c7f-599fe68d9667", + "name": "a" + }, + { + "field": "5adf7740-4dfa-11ec-9c7f-599fe68d9667", + "id": "80181f30-4dfa-11ec-9c7f-599fe68d9667", + "name": "b" + }, + { + "field": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667", + "id": "81c5f640-4dfa-11ec-9c7f-599fe68d9667", + "name": "c" + } + ] + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "table", + "use_kibana_indexes": true + }, + "title": "[Zscaler][ZPA] Slowest Applications", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "Slowest Applications [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "b9cc9ecc-bfcd-437f-9f5d-2d00d7bc72df", + "w": 24, + "x": 24, + "y": 65 + }, + "panelIndex": "b9cc9ecc-bfcd-437f-9f5d-2d00d7bc72df", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-fbf1c4c1-78da-42df-b707-53b37efd5309", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "fbf1c4c1-78da-42df-b707-53b37efd5309": { + "columnOrder": [ + "1c1daf85-6b9a-44e5-af1e-8c4650589559", + "a5df1c51-2292-4ddd-ab14-d3e7dc258322" + ], + "columns": { + "1c1daf85-6b9a-44e5-af1e-8c4650589559": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5df1c51-2292-4ddd-ab14-d3e7dc258322", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "client.ip" + }, + "a5df1c51-2292-4ddd-ab14-d3e7dc258322": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Server Setup Time (in microseconds)", + "operationType": "average", + "scale": "ratio", + "sourceField": "zscaler_zpa.user_activity.server_setup_time" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.user_activity" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.user_activity" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "zscaler_zpa.user_activity.server_setup_time", + "negate": false, + "type": "exists", + "index": "filter-index-pattern-1" + }, + "query": { + "exists": { + "field": "zscaler_zpa.user_activity.server_setup_time" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "a5df1c51-2292-4ddd-ab14-d3e7dc258322", + "isTransposed": false + }, + { + "columnId": "1c1daf85-6b9a-44e5-af1e-8c4650589559", + "isTransposed": false + } + ], + "layerId": "fbf1c4c1-78da-42df-b707-53b37efd5309", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Slowest Connector Server [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 20, + "i": "15fb12a8-4756-45a9-96d7-9cb7e721e5b2", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "15fb12a8-4756-45a9-96d7-9cb7e721e5b2", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"31d17945-828a-4b1e-9d63-5ff628cae1b3\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"client.geo.location\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.06,\"center\":{\"lon\":-2.31842,\"lat\":-20.26942},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "[Zscaler][ZPA] Users by region", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 360, + "minLat": -85.05113, + "minLon": -360 + }, + "mapCenter": { + "lat": -20.26942, + "lon": -2.31842, + "zoom": 1.06 + }, + "openTOCDetails": [], + "type": "map" + }, + "title": "Users by region [Logs Zscaler ZPA]" + } + ], + "timeRestore": false, + "title": "[Logs Zscaler ZPA] User Activity and Status Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02c9d04f-388e-4aeb-bf53-dc3c4201ac89:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02c9d04f-388e-4aeb-bf53-dc3c4201ac89:indexpattern-datasource-layer-b057dead-b005-4462-b395-d27f7ac78327", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02c9d04f-388e-4aeb-bf53-dc3c4201ac89:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46efd498-aa94-46cf-943e-bcc12e74928c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46efd498-aa94-46cf-943e-bcc12e74928c:indexpattern-datasource-layer-f6c8b136-deb3-4b5d-ba28-8335cad05127", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46efd498-aa94-46cf-943e-bcc12e74928c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54c63d27-7daf-4370-b7ad-dccc6c5efc46:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54c63d27-7daf-4370-b7ad-dccc6c5efc46:indexpattern-datasource-layer-5bbce317-b56b-4695-bac0-7340665c9ff8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54c63d27-7daf-4370-b7ad-dccc6c5efc46:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc4e5d4a-ef17-4fc4-90dd-8a9869aba15c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc4e5d4a-ef17-4fc4-90dd-8a9869aba15c:indexpattern-datasource-layer-abf9ee3a-3e3e-495a-9f66-ed7b29420d77", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fc4e5d4a-ef17-4fc4-90dd-8a9869aba15c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e21be368-485f-48b0-8772-405c6ec54236:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e21be368-485f-48b0-8772-405c6ec54236:indexpattern-datasource-layer-798e7ae8-6819-4df4-ab28-7cdb722c8ca5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e21be368-485f-48b0-8772-405c6ec54236:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0663650-c22b-4880-bae3-0461951511e8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0663650-c22b-4880-bae3-0461951511e8:indexpattern-datasource-layer-c5fb4b55-b45b-4508-937f-a05012968d5e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0663650-c22b-4880-bae3-0461951511e8:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0663650-c22b-4880-bae3-0461951511e8:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "266bf198-31ab-4470-b83c-c36dddf97817:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "266bf198-31ab-4470-b83c-c36dddf97817:indexpattern-datasource-layer-c78bfb28-6660-4968-ac9b-8b811d72e376", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "266bf198-31ab-4470-b83c-c36dddf97817:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae90d135-6ca3-4af3-8222-dea614e5e746:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae90d135-6ca3-4af3-8222-dea614e5e746:indexpattern-datasource-layer-f19c6fb4-8fae-40a3-adb3-ae6c447bb275", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae90d135-6ca3-4af3-8222-dea614e5e746:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2485352-f2fd-4321-a629-5763dfd34dbb:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2485352-f2fd-4321-a629-5763dfd34dbb:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2485352-f2fd-4321-a629-5763dfd34dbb:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f2485352-f2fd-4321-a629-5763dfd34dbb:metrics_f2485352-f2fd-4321-a629-5763dfd34dbb_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9cc9ecc-bfcd-437f-9f5d-2d00d7bc72df:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9cc9ecc-bfcd-437f-9f5d-2d00d7bc72df:indexpattern-datasource-layer-fbf1c4c1-78da-42df-b707-53b37efd5309", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9cc9ecc-bfcd-437f-9f5d-2d00d7bc72df:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9cc9ecc-bfcd-437f-9f5d-2d00d7bc72df:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15fb12a8-4756-45a9-96d7-9cb7e721e5b2:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 8cd7279f433..00000000000 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,1119 +0,0 @@ -{ - "id": "zscaler_zpa-7511d7f0-4c49-11ec-9023-a76a2cb41dcd", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T07:28:45.260Z", - "version": "WzY1NywxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false - }, - "panelsJSON": [ - { - "version": "7.14.0", - "type": "map", - "gridData": { - "x": 0, - "y": 0, - "w": 48, - "h": 22, - "i": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9" - }, - "panelIndex": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9", - "embeddableConfig": { - "mapCenter": { - "lat": 1.7677, - "lon": 0, - "zoom": 1.06 - }, - "mapBuffer": { - "minLon": -270, - "minLat": -85.05113, - "maxLon": 270, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {}, - "attributes": { - "title": "[Zscaler][ZPA] Users by region", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"zoom\":1.06,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.user_status\\\" OR data_stream.dataset : \\\"zscaler_zpa.user_activity\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"31d17945-828a-4b1e-9d63-5ff628cae1b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"client.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 22, - "w": 16, - "h": 14, - "i": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e" - }, - "panelIndex": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Total Users", - "description": "", - "uiState": {}, - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - }, - "type": "metric", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "user.name", - "customLabel": "Total Users" - }, - "schema": "metric" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 16, - "y": 22, - "w": 15, - "h": 14, - "i": "dc65087e-2242-4e8b-86a0-61e1c0da98f5" - }, - "panelIndex": "dc65087e-2242-4e8b-86a0-61e1c0da98f5", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of Users by Connection Status", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_activity.connection.status", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connection Status" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 31, - "y": 22, - "w": 17, - "h": 14, - "i": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5" - }, - "panelIndex": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5", - "embeddableConfig": { - "vis": { - "legendOpen": true - }, - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of User by Session Status", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_status.session.status", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Status" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 36, - "w": 24, - "h": 15, - "i": "d8929019-59a4-4158-b1f1-b769f1b8ed3c" - }, - "panelIndex": "d8929019-59a4-4158-b1f1-b769f1b8ed3c", - "embeddableConfig": { - "vis": { - "legendOpen": true - }, - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of User by Client type", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_status.client.type", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Client Type" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 24, - "y": 36, - "w": 24, - "h": 15, - "i": "8f582a11-a96d-42ab-a4af-8723737dedc0" - }, - "panelIndex": "8f582a11-a96d-42ab-a4af-8723737dedc0", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top Countries with Users", - "description": "", - "uiState": {}, - "params": { - "type": "histogram", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "left", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 200 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "bottom", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": true, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "histogram", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "interpolate": "linear", - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "temperature" - }, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 0, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "client.geo.country_iso_code", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Country Code" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 51, - "w": 16, - "h": 15, - "i": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb" - }, - "panelIndex": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top 10 Active Users", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "User Name" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\" and zscaler_zpa.user_activity.connection.status : \"active\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 16, - "y": 51, - "w": 16, - "h": 15, - "i": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a" - }, - "panelIndex": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of Users per Application (Top 10)", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_activity.application", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Application Name" - }, - "schema": "bucket" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "user.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Username" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 32, - "y": 51, - "w": 16, - "h": 15, - "i": "5fbfcc7f-07b1-4751-a569-04a0104a9806" - }, - "panelIndex": "5fbfcc7f-07b1-4751-a569-04a0104a9806", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top 10 AppGroups", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.user_activity.app_group", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "App Groups" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 66, - "w": 24, - "h": 15, - "i": "429030c5-d674-4696-8aac-9385e886ce19" - }, - "panelIndex": "429030c5-d674-4696-8aac-9385e886ce19", - "embeddableConfig": { - "savedVis": { - "title": "[Zscaler][ZPA] Slowest Applications", - "description": "", - "uiState": {}, - "params": { - "time_range_mode": "entire_time_range", - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "bar_color_rules": [ - { - "id": "4ac99360-4dd5-11ec-9c7f-599fe68d9667" - } - ], - "drop_last_bucket": 0, - "id": "81cebc93-9e11-4079-9241-baa103cd5db6", - "interval": "", - "isModelInvalid": false, - "max_lines_legend": 1, - "pivot_id": "client.ip", - "pivot_label": "Client IP", - "pivot_type": "string", - "series": [ - { - "time_range_mode": "entire_time_range", - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "hidden": false, - "id": "a5e34d80-4dd6-11ec-9c7f-599fe68d9667", - "label": "Application Setup Time (in microseconds)", - "line_width": 1, - "metrics": [ - { - "id": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "zscaler_zpa.user_activity.server_setup_time" - }, - { - "id": "5adf7740-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "zscaler_zpa.user_activity.connection.setup_time" - }, - { - "id": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667", - "type": "avg", - "field": "zscaler_zpa.user_activity.connector_zen_setup_time" - }, - { - "id": "7956fef0-4dfa-11ec-9c7f-599fe68d9667", - "type": "math", - "variables": [ - { - "id": "7ad8bcf0-4dfa-11ec-9c7f-599fe68d9667", - "name": "a", - "field": "1c4724b0-4dfa-11ec-9c7f-599fe68d9667" - }, - { - "id": "80181f30-4dfa-11ec-9c7f-599fe68d9667", - "name": "b", - "field": "5adf7740-4dfa-11ec-9c7f-599fe68d9667" - }, - { - "id": "81c5f640-4dfa-11ec-9c7f-599fe68d9667", - "name": "c", - "field": "6f1124c0-4dfa-11ec-9c7f-599fe68d9667" - } - ], - "script": "params.a + params.b + params.c" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "table", - "use_kibana_indexes": true, - "index_pattern_ref_name": "metrics_0_index_pattern" - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.connector_zen_setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.connector_zen_setup_time" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.connection.setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.connection.setup_time" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.server_setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.server_setup_time" - } - } - } - ] - } - } - }, - "enhancements": {}, - "table": { - "sort": { - "column": "_default_", - "order": "desc" - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 24, - "y": 66, - "w": 24, - "h": 15, - "i": "911a577a-4b0e-44e2-80c8-3a70407f8a22" - }, - "panelIndex": "911a577a-4b0e-44e2-80c8-3a70407f8a22", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Slowest Connector Server", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "avg", - "params": { - "field": "zscaler_zpa.user_activity.server_setup_time", - "customLabel": "Server Setup Time (in microseconds)" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "client.ip", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Host" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.user_activity\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.user_activity.server_setup_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.user_activity.server_setup_time" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] User Activity and Status Logs", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "5d6fd558-dee7-432b-9374-8d1e7eb8dbc9:layer_1_source_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "2b19f9ee-4ba4-4f5b-bddb-8be10b5d085e:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "dc65087e-2242-4e8b-86a0-61e1c0da98f5:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "ac1bbf4b-b227-4d6a-812d-f6f682a86cb5:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "d8929019-59a4-4158-b1f1-b769f1b8ed3c:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "8f582a11-a96d-42ab-a4af-8723737dedc0:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f1106d4f-52b0-4837-bd41-a0ff1f3e13bb:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "4b74af86-5ad3-4d2b-87e9-c98cb12c673a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5fbfcc7f-07b1-4751-a569-04a0104a9806:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "429030c5-d674-4696-8aac-9385e886ce19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "429030c5-d674-4696-8aac-9385e886ce19:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "429030c5-d674-4696-8aac-9385e886ce19:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "429030c5-d674-4696-8aac-9385e886ce19:metrics_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "911a577a-4b0e-44e2-80c8-3a70407f8a22:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "911a577a-4b0e-44e2-80c8-3a70407f8a22:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.16.0" - }, - "coreMigrationVersion": "7.16.0" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-893ef040-3a88-11ed-9e41-155bc0d23bc2.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-893ef040-3a88-11ed-9e41-155bc0d23bc2.json new file mode 100644 index 00000000000..1a931460e1a --- /dev/null +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-893ef040-3a88-11ed-9e41-155bc0d23bc2.json @@ -0,0 +1,1191 @@ +{ + "id": "zscaler_zpa-893ef040-3a88-11ed-9e41-155bc0d23bc2", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T08:57:25.471Z", + "version": "WzU3MiwxXQ==", + "attributes": { + "description": "This dashboard shows App Connector Status Logs collected by the Zscaler ZPA integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.app_connector_status" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.app_connector_status" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "18145f05-d996-46b0-a824-ea77aa25064a", + "w": 16, + "x": 0, + "y": 35 + }, + "panelIndex": "18145f05-d996-46b0-a824-ea77aa25064a", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-71315a2c-1062-4780-b763-c2b372d80193", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "71315a2c-1062-4780-b763-c2b372d80193": { + "columnOrder": [ + "302faced-3e0e-4499-88da-15fc6fbc2818" + ], + "columns": { + "302faced-3e0e-4499-88da-15fc6fbc2818": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "302faced-3e0e-4499-88da-15fc6fbc2818", + "layerId": "71315a2c-1062-4780-b763-c2b372d80193", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Total App Connectors [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "cd828278-e5b5-40a7-8191-dbfca4b7cff5", + "w": 16, + "x": 16, + "y": 35 + }, + "panelIndex": "cd828278-e5b5-40a7-8191-dbfca4b7cff5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-877447c2-e230-4017-8615-7e8f2c35fbad", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "877447c2-e230-4017-8615-7e8f2c35fbad": { + "columnOrder": [ + "3113d320-32bd-40f4-9f86-745409a0a9df", + "0be2092f-5215-4944-a541-994f9b78ecd4" + ], + "columns": { + "0be2092f-5215-4944-a541-994f9b78ecd4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "3113d320-32bd-40f4-9f86-745409a0a9df": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Zen", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0be2092f-5215-4944-a541-994f9b78ecd4", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.zen" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "3113d320-32bd-40f4-9f86-745409a0a9df" + }, + { + "columnId": "0be2092f-5215-4944-a541-994f9b78ecd4" + } + ], + "layerId": "877447c2-e230-4017-8615-7e8f2c35fbad", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 ZEN with Frequent Usage [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "1d31f0ac-7353-41b7-8057-56a4a2a6716b", + "w": 16, + "x": 32, + "y": 35 + }, + "panelIndex": "1d31f0ac-7353-41b7-8057-56a4a2a6716b", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1943d23c-54c2-4a13-83fa-3df1b0ccd9d4", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1943d23c-54c2-4a13-83fa-3df1b0ccd9d4": { + "columnOrder": [ + "05269e3e-f7f0-4321-95b5-4e93f444b51e", + "41c60a80-53ba-427e-b130-1018ad1e6d01" + ], + "columns": { + "05269e3e-f7f0-4321-95b5-4e93f444b51e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connector Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "41c60a80-53ba-427e-b130-1018ad1e6d01", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.connector.name" + }, + "41c60a80-53ba-427e-b130-1018ad1e6d01": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "05269e3e-f7f0-4321-95b5-4e93f444b51e" + }, + { + "columnId": "41c60a80-53ba-427e-b130-1018ad1e6d01" + } + ], + "layerId": "1943d23c-54c2-4a13-83fa-3df1b0ccd9d4", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Connectors by Name [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "cef662eb-f8b5-4998-a4b6-a9877b731e27", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "cef662eb-f8b5-4998-a4b6-a9877b731e27", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4168c43c-28f9-4ffa-a1d2-a5989c490d72", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4168c43c-28f9-4ffa-a1d2-a5989c490d72": { + "columnOrder": [ + "44efb4f4-4fed-4a12-b08d-683ea217110e", + "7e131220-f54c-469c-ad39-2c91cbc9255b", + "7119d384-28ee-4559-bad8-8c702466da14" + ], + "columns": { + "44efb4f4-4fed-4a12-b08d-683ea217110e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connector Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7119d384-28ee-4559-bad8-8c702466da14", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.connector.name" + }, + "7119d384-28ee-4559-bad8-8c702466da14": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "CPU Utilization", + "operationType": "max", + "scale": "ratio", + "sourceField": "host.cpu.usage" + }, + "7e131220-f54c-469c-ad39-2c91cbc9255b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "7119d384-28ee-4559-bad8-8c702466da14" + ], + "layerId": "4168c43c-28f9-4ffa-a1d2-a5989c490d72", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "44efb4f4-4fed-4a12-b08d-683ea217110e", + "xAccessor": "7e131220-f54c-469c-ad39-2c91cbc9255b" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "CPU Utilization by Connector Over Time [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "02d9645a-7b0a-44da-b915-58c901ea0d3c", + "w": 24, + "x": 24, + "y": 50 + }, + "panelIndex": "02d9645a-7b0a-44da-b915-58c901ea0d3c", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4168c43c-28f9-4ffa-a1d2-a5989c490d72", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4168c43c-28f9-4ffa-a1d2-a5989c490d72": { + "columnOrder": [ + "44efb4f4-4fed-4a12-b08d-683ea217110e", + "7e131220-f54c-469c-ad39-2c91cbc9255b", + "7119d384-28ee-4559-bad8-8c702466da14" + ], + "columns": { + "44efb4f4-4fed-4a12-b08d-683ea217110e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connector Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7119d384-28ee-4559-bad8-8c702466da14", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.connector.name" + }, + "7119d384-28ee-4559-bad8-8c702466da14": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Memory Utilization", + "operationType": "max", + "scale": "ratio", + "sourceField": "zscaler_zpa.app_connector_status.memory.utilization" + }, + "7e131220-f54c-469c-ad39-2c91cbc9255b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "7119d384-28ee-4559-bad8-8c702466da14" + ], + "layerId": "4168c43c-28f9-4ffa-a1d2-a5989c490d72", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "44efb4f4-4fed-4a12-b08d-683ea217110e", + "xAccessor": "7e131220-f54c-469c-ad39-2c91cbc9255b" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Memory Utilization by Connector Over Time [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "72ba98f0-08f1-486f-8150-53fad9b25fff", + "w": 24, + "x": 0, + "y": 65 + }, + "panelIndex": "72ba98f0-08f1-486f-8150-53fad9b25fff", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-963d92b1-a9e0-4c39-842e-e202f72e0110", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "963d92b1-a9e0-4c39-842e-e202f72e0110": { + "columnOrder": [ + "a5857efe-b4da-41d0-925b-6718ff199d21", + "aeaa9136-fc4b-4adc-ba28-2fcc77abe57e" + ], + "columns": { + "a5857efe-b4da-41d0-925b-6718ff199d21": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "aeaa9136-fc4b-4adc-ba28-2fcc77abe57e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.session.type" + }, + "aeaa9136-fc4b-4adc-ba28-2fcc77abe57e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "aeaa9136-fc4b-4adc-ba28-2fcc77abe57e" + ], + "layerId": "963d92b1-a9e0-4c39-842e-e202f72e0110", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "xAccessor": "a5857efe-b4da-41d0-925b-6718ff199d21" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of App Connector Status by Session Type [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 17, + "i": "ff9ec9f6-5a8b-46c3-91bb-c930c6ddd44d", + "w": 48, + "x": 0, + "y": 80 + }, + "panelIndex": "ff9ec9f6-5a8b-46c3-91bb-c930c6ddd44d", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-93b89030-71b2-419d-92c4-6023f99b1503", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "93b89030-71b2-419d-92c4-6023f99b1503": { + "columnOrder": [ + "aa3ba0e8-495f-466e-a7c9-b79202245a09", + "1ac7dc71-ce68-4e4f-95b8-6c59e89a6654", + "0ebb1ffd-671c-48df-97f3-e8de853cbab8", + "2a566ba0-2d21-4971-800e-6f073aabe8c1", + "4034f079-5a99-44af-8ce3-b1ab2a1b0c6e" + ], + "columns": { + "0ebb1ffd-671c-48df-97f3-e8de853cbab8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4034f079-5a99-44af-8ce3-b1ab2a1b0c6e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.session.type" + }, + "1ac7dc71-ce68-4e4f-95b8-6c59e89a6654": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Session Status", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4034f079-5a99-44af-8ce3-b1ab2a1b0c6e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.session.status" + }, + "2a566ba0-2d21-4971-800e-6f073aabe8c1": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "OS Platform", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4034f079-5a99-44af-8ce3-b1ab2a1b0c6e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "observer.os.platform" + }, + "4034f079-5a99-44af-8ce3-b1ab2a1b0c6e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "aa3ba0e8-495f-466e-a7c9-b79202245a09": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connector Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4034f079-5a99-44af-8ce3-b1ab2a1b0c6e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.connector.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "4034f079-5a99-44af-8ce3-b1ab2a1b0c6e", + "isTransposed": false + }, + { + "columnId": "aa3ba0e8-495f-466e-a7c9-b79202245a09", + "isTransposed": false + }, + { + "columnId": "1ac7dc71-ce68-4e4f-95b8-6c59e89a6654", + "isTransposed": false + }, + { + "columnId": "0ebb1ffd-671c-48df-97f3-e8de853cbab8", + "isTransposed": false + }, + { + "columnId": "2a566ba0-2d21-4971-800e-6f073aabe8c1", + "isTransposed": false + } + ], + "layerId": "93b89030-71b2-419d-92c4-6023f99b1503", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of App Connector by Session Type, Session Status, OS Platform [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "d5bee67f-b12a-46ee-bc91-e57386cc89f2", + "w": 24, + "x": 24, + "y": 65 + }, + "panelIndex": "d5bee67f-b12a-46ee-bc91-e57386cc89f2", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e92e1e53-f00a-4def-b2fb-50882e25d4e6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e92e1e53-f00a-4def-b2fb-50882e25d4e6": { + "columnOrder": [ + "c1e1a7cb-c9a1-48ff-b690-dfe52500e56c", + "b39c708f-4c49-42b6-a8a9-1cae6c13a3c1" + ], + "columns": { + "b39c708f-4c49-42b6-a8a9-1cae6c13a3c1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "c1e1a7cb-c9a1-48ff-b690-dfe52500e56c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Connector Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b39c708f-4c49-42b6-a8a9-1cae6c13a3c1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.app_connector_status.connector.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "c1e1a7cb-c9a1-48ff-b690-dfe52500e56c", + "isTransposed": false + }, + { + "columnId": "b39c708f-4c49-42b6-a8a9-1cae6c13a3c1", + "isTransposed": false + } + ], + "layerId": "e92e1e53-f00a-4def-b2fb-50882e25d4e6", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Connector Name [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 17, + "i": "797f632e-80e5-446f-b760-ad2682841a99", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "797f632e-80e5-446f-b760-ad2682841a99", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"3099042d-0154-49b6-8c0c-f492730c5835\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"observer.geo.location\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":0.15,\"center\":{\"lon\":-130.09157,\"lat\":0},\"timeFilters\":{\"from\":\"now-50y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "[Zscaler][ZPA] App Connectors by region", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 180, + "minLat": -85.05113, + "minLon": -540 + }, + "mapCenter": { + "lat": 0, + "lon": -130.09157, + "zoom": 0.15 + }, + "openTOCDetails": [], + "type": "map" + }, + "title": "App Connectors by Region [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 18, + "i": "11b27822-2f89-47bf-9fc0-18bd209bedcf", + "w": 48, + "x": 0, + "y": 17 + }, + "panelIndex": "11b27822-2f89-47bf-9fc0-18bd209bedcf", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"72f12276-ca0b-455c-a518-bf4493c7d673\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"includeInFitToBounds\":true,\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"observer.geo.location\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"metrics\":[{\"field\":\"zscaler_zpa.app_connector_status.connector.group\",\"type\":\"cardinality\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":0.69,\"center\":{\"lon\":-81.88323,\"lat\":20.96631},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "[Zscaler][ZPA] Connector Groups by region", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 180, + "minLat": -85.05113, + "minLon": -360 + }, + "mapCenter": { + "lat": 20.96631, + "lon": -81.88323, + "zoom": 0.69 + }, + "openTOCDetails": [], + "type": "map" + }, + "title": "Connector Groups by Region [Logs Zscaler ZPA]" + } + ], + "timeRestore": false, + "title": "[Logs Zscaler ZPA] App Connector Status Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "18145f05-d996-46b0-a824-ea77aa25064a:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "18145f05-d996-46b0-a824-ea77aa25064a:indexpattern-datasource-layer-71315a2c-1062-4780-b763-c2b372d80193", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cd828278-e5b5-40a7-8191-dbfca4b7cff5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cd828278-e5b5-40a7-8191-dbfca4b7cff5:indexpattern-datasource-layer-877447c2-e230-4017-8615-7e8f2c35fbad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1d31f0ac-7353-41b7-8057-56a4a2a6716b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1d31f0ac-7353-41b7-8057-56a4a2a6716b:indexpattern-datasource-layer-1943d23c-54c2-4a13-83fa-3df1b0ccd9d4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cef662eb-f8b5-4998-a4b6-a9877b731e27:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cef662eb-f8b5-4998-a4b6-a9877b731e27:indexpattern-datasource-layer-4168c43c-28f9-4ffa-a1d2-a5989c490d72", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02d9645a-7b0a-44da-b915-58c901ea0d3c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "02d9645a-7b0a-44da-b915-58c901ea0d3c:indexpattern-datasource-layer-4168c43c-28f9-4ffa-a1d2-a5989c490d72", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "72ba98f0-08f1-486f-8150-53fad9b25fff:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "72ba98f0-08f1-486f-8150-53fad9b25fff:indexpattern-datasource-layer-963d92b1-a9e0-4c39-842e-e202f72e0110", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff9ec9f6-5a8b-46c3-91bb-c930c6ddd44d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ff9ec9f6-5a8b-46c3-91bb-c930c6ddd44d:indexpattern-datasource-layer-93b89030-71b2-419d-92c4-6023f99b1503", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5bee67f-b12a-46ee-bc91-e57386cc89f2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5bee67f-b12a-46ee-bc91-e57386cc89f2:indexpattern-datasource-layer-e92e1e53-f00a-4def-b2fb-50882e25d4e6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "797f632e-80e5-446f-b760-ad2682841a99:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "11b27822-2f89-47bf-9fc0-18bd209bedcf:layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-a0742450-3a89-11ed-9e41-155bc0d23bc2.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-a0742450-3a89-11ed-9e41-155bc0d23bc2.json new file mode 100644 index 00000000000..82de56e4eb1 --- /dev/null +++ b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-a0742450-3a89-11ed-9e41-155bc0d23bc2.json @@ -0,0 +1,526 @@ +{ + "id": "zscaler_zpa-a0742450-3a89-11ed-9e41-155bc0d23bc2", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T08:57:25.471Z", + "version": "WzU3MywxXQ==", + "attributes": { + "description": "This dashboard shows Audit Logs collected by the Zscaler ZPA integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "zscaler_zpa.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "zscaler_zpa.audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "ba73376e-4182-4b89-9c8a-aff2bc566165", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "ba73376e-4182-4b89-9c8a-aff2bc566165", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d955d548-c620-418f-addf-a6ed1dfe5510", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d955d548-c620-418f-addf-a6ed1dfe5510": { + "columnOrder": [ + "8a4481ce-ba25-410c-bfb3-ec3e0798ad8a", + "82d2a772-2945-4c49-ac07-f9956d24f6e9" + ], + "columns": { + "82d2a772-2945-4c49-ac07-f9956d24f6e9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "8a4481ce-ba25-410c-bfb3-ec3e0798ad8a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "82d2a772-2945-4c49-ac07-f9956d24f6e9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "user.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "8a4481ce-ba25-410c-bfb3-ec3e0798ad8a" + }, + { + "columnId": "82d2a772-2945-4c49-ac07-f9956d24f6e9" + } + ], + "layerId": "d955d548-c620-418f-addf-a6ed1dfe5510", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Users with Most Activities [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "95dd5419-2d75-4e1a-87c7-ae41953a894d", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "95dd5419-2d75-4e1a-87c7-ae41953a894d", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0337d250-104e-40b7-9daa-e6fe700c426b", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0337d250-104e-40b7-9daa-e6fe700c426b": { + "columnOrder": [ + "d880e7d2-1014-46df-b6f5-a6d0f5807f35", + "7b144756-b7cc-4296-9dd8-2e61838a85e7" + ], + "columns": { + "7b144756-b7cc-4296-9dd8-2e61838a85e7": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "d880e7d2-1014-46df-b6f5-a6d0f5807f35": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Audit Operation type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7b144756-b7cc-4296-9dd8-2e61838a85e7", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.audit.operation_type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "d880e7d2-1014-46df-b6f5-a6d0f5807f35" + ], + "layerId": "0337d250-104e-40b7-9daa-e6fe700c426b", + "layerType": "data", + "legendDisplay": "default", + "metric": "7b144756-b7cc-4296-9dd8-2e61838a85e7", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of Audit Events by type of Operation [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "4a6702e2-adf1-4535-bbd2-baff2ccc73ce", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "4a6702e2-adf1-4535-bbd2-baff2ccc73ce", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-417a4f1a-6348-4b45-9a8e-9e9d63671574", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "417a4f1a-6348-4b45-9a8e-9e9d63671574": { + "columnOrder": [ + "5ed9edc5-85af-4406-a23a-366e90928f45", + "c88a9fab-24ce-4bf1-a726-bf6ad4134b81" + ], + "columns": { + "5ed9edc5-85af-4406-a23a-366e90928f45": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c88a9fab-24ce-4bf1-a726-bf6ad4134b81", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.audit.object.type" + }, + "c88a9fab-24ce-4bf1-a726-bf6ad4134b81": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "5ed9edc5-85af-4406-a23a-366e90928f45" + ], + "layerId": "417a4f1a-6348-4b45-9a8e-9e9d63671574", + "layerType": "data", + "legendDisplay": "default", + "metric": "c88a9fab-24ce-4bf1-a726-bf6ad4134b81", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Distribution of Audit Events by Object Type [Logs Zscaler ZPA]" + }, + { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "3e9e7c4d-bdfc-494e-ba7b-9480a70a88fd", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "3e9e7c4d-bdfc-494e-ba7b-9480a70a88fd", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7412c367-8e4a-4f2c-8f51-a4c51534c7a0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7412c367-8e4a-4f2c-8f51-a4c51534c7a0": { + "columnOrder": [ + "e99e9844-c523-4416-ae9a-ca2f5dbe362e", + "32fda7e1-0464-4f3f-b7cd-4dfe1dc87559" + ], + "columns": { + "32fda7e1-0464-4f3f-b7cd-4dfe1dc87559": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "e99e9844-c523-4416-ae9a-ca2f5dbe362e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Object Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "32fda7e1-0464-4f3f-b7cd-4dfe1dc87559", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "zscaler_zpa.audit.object.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e99e9844-c523-4416-ae9a-ca2f5dbe362e" + }, + { + "columnId": "32fda7e1-0464-4f3f-b7cd-4dfe1dc87559" + } + ], + "layerId": "7412c367-8e4a-4f2c-8f51-a4c51534c7a0", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top 10 Objects on which most operations are performed [Logs Zscaler ZPA]" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 19, + "i": "f34abe48-e680-4f67-a089-9338c05898e7", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "f34abe48-e680-4f67-a089-9338c05898e7", + "panelRefName": "panel_f34abe48-e680-4f67-a089-9338c05898e7", + "title": "Audit Operations Details [Logs Zscaler ZPA]", + "type": "search", + "version": "7.16.2" + } + ], + "timeRestore": false, + "title": "[Logs Zscaler ZPA] Audit Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ba73376e-4182-4b89-9c8a-aff2bc566165:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ba73376e-4182-4b89-9c8a-aff2bc566165:indexpattern-datasource-layer-d955d548-c620-418f-addf-a6ed1dfe5510", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95dd5419-2d75-4e1a-87c7-ae41953a894d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "95dd5419-2d75-4e1a-87c7-ae41953a894d:indexpattern-datasource-layer-0337d250-104e-40b7-9daa-e6fe700c426b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a6702e2-adf1-4535-bbd2-baff2ccc73ce:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a6702e2-adf1-4535-bbd2-baff2ccc73ce:indexpattern-datasource-layer-417a4f1a-6348-4b45-9a8e-9e9d63671574", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e9e7c4d-bdfc-494e-ba7b-9480a70a88fd:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e9e7c4d-bdfc-494e-ba7b-9480a70a88fd:indexpattern-datasource-layer-7412c367-8e4a-4f2c-8f51-a4c51534c7a0", + "type": "index-pattern" + }, + { + "id": "zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53", + "name": "f34abe48-e680-4f67-a089-9338c05898e7:panel_f34abe48-e680-4f67-a089-9338c05898e7", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" +} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index 4000e0b52a4..00000000000 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,1070 +0,0 @@ -{ - "id": "zscaler_zpa-fa3c3c00-4c57-11ec-9023-a76a2cb41dcd", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T07:28:45.260Z", - "version": "WzY1OCwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false - }, - "panelsJSON": [ - { - "version": "7.14.0", - "type": "map", - "gridData": { - "x": 0, - "y": 0, - "w": 48, - "h": 15, - "i": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d" - }, - "panelIndex": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d", - "embeddableConfig": { - "mapCenter": { - "lat": 0, - "lon": 115.86278, - "zoom": 0.6 - }, - "mapBuffer": { - "minLon": -360, - "minLat": -89.78601, - "maxLon": 540, - "maxLat": 89.78601 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {}, - "attributes": { - "title": "[Zscaler][ZPA] App Connectors by region", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"zoom\":0.15,\"center\":{\"lon\":-130.09157,\"lat\":0},\"timeFilters\":{\"from\":\"now-50y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.app_connector_status\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"3099042d-0154-49b6-8c0c-f492730c5835\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"observer.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" - } - } - }, - { - "version": "7.14.0", - "type": "map", - "gridData": { - "x": 0, - "y": 15, - "w": 48, - "h": 18, - "i": "304163ec-bce7-4995-99cd-7892cf6e4277" - }, - "panelIndex": "304163ec-bce7-4995-99cd-7892cf6e4277", - "embeddableConfig": { - "mapCenter": { - "lat": 20.96631, - "lon": -81.88323, - "zoom": 0.69 - }, - "mapBuffer": { - "minLon": -360, - "minLat": -85.05113, - "maxLon": 180, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {}, - "attributes": { - "title": "[Zscaler][ZPA] Connector Groups by region", - "description": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "mapStateJSON": "{\"zoom\":0.69,\"center\":{\"lon\":-81.88323,\"lat\":20.96631},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"data_stream.dataset : \\\"zscaler_zpa.app_connector_status\\\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"72f12276-ca0b-455c-a518-bf4493c7d673\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"observer.geo.location\",\"requestType\":\"heatmap\",\"id\":\"aab6b218-afd7-47cf-825f-a39f7b57b1fe\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"cardinality\",\"field\":\"zscaler_zpa.app_connector_status.connector.group\"}],\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"0a3d538b-2454-4860-aa46-46f706c738b1\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"}]" - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 33, - "w": 16, - "h": 15, - "i": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850" - }, - "panelIndex": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Total App Connectors", - "description": "", - "uiState": {}, - "params": { - "addTooltip": true, - "addLegend": false, - "type": "metric", - "metric": { - "percentageMode": false, - "useRanges": false, - "colorSchema": "Green to Red", - "metricColorMode": "None", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "labels": { - "show": true - }, - "invertColors": false, - "style": { - "bgFill": "#000", - "bgColor": false, - "labelColor": false, - "subText": "", - "fontSize": 60 - } - } - }, - "type": "metric", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "cardinality", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "customLabel": "Total App Connectors" - }, - "schema": "metric" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 16, - "y": 33, - "w": 16, - "h": 15, - "i": "a6f8c118-5b3d-4339-8037-21651b658e0a" - }, - "panelIndex": "a6f8c118-5b3d-4339-8037-21651b658e0a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top 10 ZEN with frequent usage", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.zen", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "ZEN" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 32, - "y": 33, - "w": 16, - "h": 15, - "i": "99a58fff-e3ec-42df-9f37-f69008909dc1" - }, - "panelIndex": "99a58fff-e3ec-42df-9f37-f69008909dc1", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top 10 Connectors by name", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 48, - "w": 24, - "h": 15, - "i": "f2952e7e-2165-4908-a9a6-6ebf385438e2" - }, - "panelIndex": "f2952e7e-2165-4908-a9a6-6ebf385438e2", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] CPU Utilization by Connector over time", - "description": "", - "uiState": {}, - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "CPU Utilization" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "CPU Utilization", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - }, - "type": "line", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "top_hits", - "params": { - "field": "host.cpu.usage", - "aggregate": "concat", - "size": 10, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "CPU Utilization" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-15d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "12h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {}, - "customLabel": "" - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "_key", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "group" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 24, - "y": 48, - "w": 24, - "h": 15, - "i": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1" - }, - "panelIndex": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Memory Utilization by Connector over time", - "description": "", - "uiState": {}, - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Memory Utilization" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Memory Utilization", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - }, - "type": "line", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "top_hits", - "params": { - "field": "zscaler_zpa.app_connector_status.memory.utilization", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "Memory Utilization" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-15d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "12h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {}, - "customLabel": "" - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "_key", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "group" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 63, - "w": 24, - "h": 16, - "i": "b1fccb13-65ac-413c-b600-674dfb9b42d5" - }, - "panelIndex": "b1fccb13-65ac-413c-b600-674dfb9b42d5", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of App Connector Status by Session Type", - "description": "", - "uiState": {}, - "params": { - "type": "histogram", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "left", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 200 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "bottom", - "show": true, - "scale": { - "type": "linear", - "mode": "normal" - }, - "labels": { - "show": true, - "rotate": 0, - "filter": true, - "truncate": 100 - }, - "title": { - "text": "" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "histogram", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "interpolate": "linear", - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "temperature" - }, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "truncateLegend": true, - "maxLegendLines": 1, - "labels": {}, - "radiusRatio": 0, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - }, - "type": "horizontal_bar", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.session.type", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Type" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 24, - "y": 63, - "w": 24, - "h": 16, - "i": "1d384991-def5-4620-b55f-31e9a8b3218a" - }, - "panelIndex": "1d384991-def5-4620-b55f-31e9a8b3218a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top 10 Connector with highest uptime", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "top_hits", - "params": { - "field": "zscaler_zpa.app_connector_status.connector_up_time", - "aggregate": "max", - "size": 10, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "Connector UpTime" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "_key", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "zscaler_zpa.app_connector_status.connector_up_time", - "negate": false, - "type": "exists", - "value": "exists", - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index" - }, - "query": { - "exists": { - "field": "zscaler_zpa.app_connector_status.connector_up_time" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 79, - "w": 48, - "h": 15, - "i": "cfd0d990-2314-4b7c-bad4-07b895bf4b55" - }, - "panelIndex": "cfd0d990-2314-4b7c-bad4-07b895bf4b55", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of App Connector by Session Type, Session Status, OS Platform", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false, - "row": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.connector.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Connector Name" - }, - "schema": "bucket" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.session.status", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Status" - }, - "schema": "bucket" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.app_connector_status.session.type", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Session Type" - }, - "schema": "bucket" - }, - { - "id": "5", - "enabled": true, - "type": "terms", - "params": { - "field": "observer.os.platform", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "OS Platform" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.app_connector_status\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] App Connector Status", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "d65f21eb-eb68-4cbc-abd9-d8ff48776d1d:layer_1_source_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "304163ec-bce7-4995-99cd-7892cf6e4277:layer_1_source_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b32ccd6a-9edb-47f2-829d-d9e11ad3b850:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "a6f8c118-5b3d-4339-8037-21651b658e0a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "99a58fff-e3ec-42df-9f37-f69008909dc1:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "f2952e7e-2165-4908-a9a6-6ebf385438e2:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "efcf0961-81c8-4e07-9bea-b0db4d0a5ec1:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "b1fccb13-65ac-413c-b600-674dfb9b42d5:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1d384991-def5-4620-b55f-31e9a8b3218a:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "1d384991-def5-4620-b55f-31e9a8b3218a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "cfd0d990-2314-4b7c-bad4-07b895bf4b55:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.16.0" - }, - "coreMigrationVersion": "7.16.0" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json b/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json deleted file mode 100644 index a539e249f8f..00000000000 --- a/packages/zscaler_zpa/kibana/dashboard/zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd.json +++ /dev/null @@ -1,387 +0,0 @@ -{ - "id": "zscaler_zpa-fa5b1830-4c63-11ec-9023-a76a2cb41dcd", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-10-28T07:28:45.260Z", - "version": "WzY1OSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false - }, - "panelsJSON": [ - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 0, - "w": 24, - "h": 15, - "i": "c61f1028-287d-427a-80dd-7530fe1d407b" - }, - "panelIndex": "c61f1028-287d-427a-80dd-7530fe1d407b", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top Users with most activities", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "Count" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "User" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 24, - "y": 0, - "w": 24, - "h": 15, - "i": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b" - }, - "panelIndex": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of Audit Events by type of Operation", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.audit.operation_type", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Audit Operation type" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 24, - "h": 15, - "i": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66" - }, - "panelIndex": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Distribution of Audit Events by Object Type", - "description": "", - "uiState": { - "vis": { - "legendOpen": true - } - }, - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "nestedLegend": false, - "truncateLegend": true, - "maxLegendLines": 1, - "distinctColors": false, - "isDonut": false, - "palette": { - "type": "palette", - "name": "temperature" - }, - "labels": { - "show": true, - "last_level": false, - "values": true, - "valuesFormat": "percent", - "percentDecimals": 2, - "truncate": 100, - "position": "default" - } - }, - "type": "pie", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.audit.object.type", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Object Type" - }, - "schema": "segment" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.14.0", - "type": "visualization", - "gridData": { - "x": 24, - "y": 15, - "w": 24, - "h": 15, - "i": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c" - }, - "panelIndex": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "[Zscaler][ZPA] Top 10 Objects on which most operations are performed", - "description": "", - "uiState": {}, - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "", - "autoFitRowToContent": false - }, - "type": "table", - "data": { - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "zscaler_zpa.audit.object.name", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Object Name" - }, - "schema": "bucket" - } - ], - "searchSource": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" - } - } - } - } - }, - { - "version": "7.16.0-SNAPSHOT", - "type": "search", - "gridData": { - "x": 0, - "y": 30, - "w": 48, - "h": 21, - "i": "b4f9406f-ee08-487d-924a-1012fa15442c" - }, - "panelIndex": "b4f9406f-ee08-487d-924a-1012fa15442c", - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "title": "[Zscaler][ZPA] Audit Operations Details", - "panelRefName": "panel_4" - } - ], - "timeRestore": false, - "title": "[Zscaler][ZPA] Audit Logs", - "version": 1 - }, - "references": [ - { - "id": "zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53", - "name": "panel_4", - "type": "search" - }, - { - "type": "index-pattern", - "name": "c61f1028-287d-427a-80dd-7530fe1d407b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "0c5e09b0-f4c9-41bf-9855-b6aedef7e49b:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "590bd39d-7ba8-475f-99a4-94d6fe3c7a66:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "c779f9f4-69c6-4e08-af7b-b79fed7e1b9c:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "7.16.0" - }, - "coreMigrationVersion": "7.16.0" -} \ No newline at end of file diff --git a/packages/zscaler_zpa/kibana/search/zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53.json b/packages/zscaler_zpa/kibana/search/zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53.json index a3ad60061ab..a751c35d59c 100644 --- a/packages/zscaler_zpa/kibana/search/zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53.json +++ b/packages/zscaler_zpa/kibana/search/zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53.json @@ -12,12 +12,12 @@ "hideChart": true, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "query": { - "query": "data_stream.dataset : \"zscaler_zpa.audit\"", - "language": "kuery" - }, "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index" + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } } }, "sort": [ @@ -28,7 +28,7 @@ ], "title": "[Zscaler][ZPA] Audit Operations Details" }, - "coreMigrationVersion": "7.16.0", + "coreMigrationVersion": "7.16.2", "id": "zscaler_zpa-d9d5e800-537b-11ec-9527-b704eaaa5c53", "migrationVersion": { "search": "7.9.3" @@ -40,7 +40,5 @@ "type": "index-pattern" } ], - "type": "search", - "updated_at": "2021-12-03T12:58:06.911Z", - "version": "WzM2NDQyLDFd" + "type": "search" } \ No newline at end of file diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index aa96d632024..b8cd7e18594 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: ^7.16.2 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/zscaler-zpa-screenshot.png title: Zscaler ZPA app connector status dashboard screenshot From 74d45f4c69dfde498171c6d7036732b27aab3e36 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 16:53:50 +0530 Subject: [PATCH 095/103] 1password upgraded to 8.1.0 as agg failed --- .../1password-item-usages-full-dashboard.json | 20 +++++++++---------- ...ssword-signin-attempts-full-dashboard.json | 20 +++++++++---------- packages/1password/manifest.yml | 2 +- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json b/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json index be83f27e010..d34deb3265d 100644 --- a/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json +++ b/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-25T17:55:08.573Z", - "version": "WzYxNSwxXQ==", + "updated_at": "2022-11-23T11:13:24.284Z", + "version": "WzU4NSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -41,7 +41,7 @@ "panelRefName": "panel_33e47a7b-72d2-4721-818c-8df8d710c5ea" }, { - "version": "7.14.0", + "version": "8.1.0", "type": "map", "gridData": { "x": 31, @@ -71,12 +71,12 @@ "title": "Audit item usages Source Locations [1Password]", "description": "", "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "layerListJSON": "[{\"alpha\":1,\"id\":\"11a86591-809c-4c7b-9668-0d0cc31980c9\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"55025914-752d-4a12-88f4-c9fe89ddbb9d\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.item_usages\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"ae93e398-4d52-4616-99c3-783c0f34d767\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" + "layerListJSON": "[{\"alpha\":1,\"id\":\"11a86591-809c-4c7b-9668-0d0cc31980c9\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"55025914-752d-4a12-88f4-c9fe89ddbb9d\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.item_usages\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"ae93e398-4d52-4616-99c3-783c0f34d767\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" } } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 0, @@ -220,7 +220,7 @@ } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 24, @@ -315,7 +315,7 @@ } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 24, @@ -392,7 +392,7 @@ } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 0, @@ -510,7 +510,7 @@ } ], "migrationVersion": { - "dashboard": "7.15.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json b/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json index 3a11c0e9452..6e3f9a8df7b 100644 --- a/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json +++ b/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-25T17:55:08.573Z", - "version": "WzYxNiwxXQ==", + "updated_at": "2022-11-23T11:13:24.284Z", + "version": "WzU4NiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -41,7 +41,7 @@ "panelRefName": "panel_944e346e-36df-430b-9734-5d91da79bdc1" }, { - "version": "7.14.0", + "version": "8.1.0", "type": "map", "gridData": { "x": 31, @@ -71,12 +71,12 @@ "title": "Audit sign-in attempts Source Locations [1Password]", "description": "", "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", - "layerListJSON": "[{\"alpha\":1,\"id\":\"db596930-2b43-4b31-b555-5bfb2ef9a3b3\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a912dae9-61dd-4f45-96d4-15968e14aa79\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.signin_attempts\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"98b57871-9ec7-49ce-b371-bd052adaf795\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]" + "layerListJSON": "[{\"alpha\":1,\"id\":\"db596930-2b43-4b31-b555-5bfb2ef9a3b3\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a912dae9-61dd-4f45-96d4-15968e14aa79\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.signin_attempts\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"98b57871-9ec7-49ce-b371-bd052adaf795\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" } } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 0, @@ -185,7 +185,7 @@ } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 11, @@ -329,7 +329,7 @@ } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 31, @@ -500,7 +500,7 @@ } }, { - "version": "7.14.0", + "version": "8.0.0", "type": "visualization", "gridData": { "x": 0, @@ -632,7 +632,7 @@ } ], "migrationVersion": { - "dashboard": "7.15.0" + "dashboard": "8.1.0" }, - "coreMigrationVersion": "7.15.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml index e5dd1351bd4..c8d0c66fe94 100644 --- a/packages/1password/manifest.yml +++ b/packages/1password/manifest.yml @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: ^8.1.0 screenshots: - src: /img/1password-signinattempts-screenshot.png title: Sign-in attempts From 1e4f11038d402b6f31cf9520d7b4b9d66f3ee41a Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 16:57:49 +0530 Subject: [PATCH 096/103] revert cisco --- packages/cisco/docs/README.md | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/packages/cisco/docs/README.md b/packages/cisco/docs/README.md index 9d9e0d39f36..1b440cf6289 100644 --- a/packages/cisco/docs/README.md +++ b/packages/cisco/docs/README.md @@ -25,12 +25,12 @@ An example event for `asa` looks as following: { "@timestamp": "2018-10-10T12:34:56.000Z", "agent": { - "ephemeral_id": "d5a5a712-c503-48de-96df-7b5d93813de2", + "ephemeral_id": "a548620b-0623-4130-b586-fe233f00e6e5", "hostname": "docker-fleet-agent", - "id": "4df1fcdb-08e4-4f17-a523-5159ada47cb0", + "id": "3c803d12-46a2-48a4-a206-8fd3630cc2a9", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.0" + "version": "7.14.0" }, "cisco": { "asa": { @@ -44,17 +44,17 @@ An example event for `asa` looks as following: "type": "logs" }, "destination": { - "address": "192.168.98.44", - "ip": "192.168.98.44", + "address": "100.66.98.44", + "ip": "100.66.98.44", "port": 8256 }, "ecs": { - "version": "1.12.0" + "version": "1.10.0" }, "elastic_agent": { - "id": "4df1fcdb-08e4-4f17-a523-5159ada47cb0", - "snapshot": false, - "version": "7.16.0" + "id": "3c803d12-46a2-48a4-a206-8fd3630cc2a9", + "snapshot": true, + "version": "7.14.0" }, "event": { "action": "firewall-rule", @@ -64,9 +64,9 @@ An example event for `asa` looks as following: ], "code": "305011", "dataset": "cisco.asa", - "ingested": "2022-11-21T07:43:12Z", + "ingested": "2021-07-19T08:54:36.436846422Z", "kind": "event", - "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:192.168.98.44/8256", + "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256\n", "severity": 6, "timezone": "+00:00", "type": [ @@ -74,17 +74,17 @@ An example event for `asa` looks as following: ] }, "host": { - "hostname": "localhost" + "hostname": "localhost", + "name": "docker-fleet-agent" }, "input": { - "type": "log" + "type": "udp" }, "log": { - "file": { - "path": "/tmp/service_logs/test-asa.log" - }, "level": "informational", - "offset": 0 + "source": { + "address": "172.23.0.4:59451" + } }, "network": { "iana_number": "6", @@ -116,7 +116,7 @@ An example event for `asa` looks as following: ], "ip": [ "172.31.98.44", - "192.168.98.44" + "100.66.98.44" ] }, "source": { @@ -504,7 +504,7 @@ An example event for `ftd` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| @timestamp | Event timestamp. | date | | cisco.ftd.assigned_ip | The IP address assigned to a VPN client successfully connecting | ip | | cisco.ftd.burst.avg_rate | The current average burst rate seen | keyword | | cisco.ftd.burst.configured_avg_rate | The current configured average burst rate allowed | keyword | @@ -808,7 +808,7 @@ An example event for `ios` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| @timestamp | Event timestamp. | date | | cisco.ios.access_list | Name of the IP access list. | keyword | | cisco.ios.action | Action taken by the device | keyword | | cisco.ios.facility | The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. | keyword | @@ -991,7 +991,7 @@ An example event for `nexus` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | From 816a4a476186c02d866130b888b4b58697043537 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 16:59:49 +0530 Subject: [PATCH 097/103] revert cisco_duo --- ...-158c0e80-148c-11ec-9386-31989719f9db.json | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json diff --git a/packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json b/packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json new file mode 100644 index 00000000000..5fba1321533 --- /dev/null +++ b/packages/cisco_duo/kibana/map/cisco_duo-158c0e80-148c-11ec-9386-31989719f9db.json @@ -0,0 +1,117 @@ +{ + "attributes": { + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "ce0cde1e-240f-4a56-bc83-60374450e029", + "includeInFitToBounds": true, + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": { + "type": "TILE" + }, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "4e14ab8b-6ac0-4c0d-92e4-56b7074b28f6", + "includeInFitToBounds": true, + "label": "Failed login attempts", + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "applyGlobalTime": true, + "geoField": "source.geo.location", + "id": "768d716e-4cb1-435c-b301-f26d08954838", + "indexPatternRefName": "layer_1_source_index_pattern", + "metrics": [ + { + "type": "count" + } + ], + "requestType": "heatmap", + "resolution": "COARSE", + "type": "ES_GEO_GRID" + }, + "style": { + "colorRampName": "theclassic", + "type": "HEATMAP" + }, + "type": "HEATMAP", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_duo.auth\"" + }, + "refreshConfig": { + "interval": 0, + "isPaused": true + }, + "settings": { + "autoFitToDataBounds": false, + "backgroundColor": "#ffffff", + "browserLocation": { + "zoom": 2 + }, + "disableInteractive": false, + "disableTooltipControl": false, + "fixedLocation": { + "lat": 0, + "lon": 0, + "zoom": 2 + }, + "hideLayerControl": false, + "hideToolbarOverlay": false, + "hideViewControl": false, + "initialLocation": "LAST_SAVED_LOCATION", + "maxZoom": 24, + "minZoom": 0, + "showScaleControl": false, + "showSpatialFilters": true, + "showTimesliderToggleButton": true, + "spatialFiltersAlpa": 0.3, + "spatialFiltersFillColor": "#DA8B45", + "spatialFiltersLineColor": "#DA8B45" + }, + "timeFilters": { + "from": "now-15m", + "to": "now" + }, + "zoom": 0.99 + }, + "title": "[Cisco Duo] Failed Login attempts", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "coreMigrationVersion": "7.17.2", + "id": "cisco_duo-158c0e80-148c-11ec-9386-31989719f9db", + "migrationVersion": { + "map": "7.14.0" + }, + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file From 69b808ae587f120f78872dde28548236bfd8cd1f Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 17:03:00 +0530 Subject: [PATCH 098/103] revert zscaler_zpa --- packages/zscaler_zpa/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index b2206ce63a1..cff104e139b 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: ^8.1.0 + kibana.version: ^7.16.2 || ^8.0.0 screenshots: - src: /img/zscaler-zpa-screenshot.png title: Zscaler ZPA app connector status dashboard screenshot From fbfa15c2f6a2e33040f4a97ab20d5c7dcdabc55b Mon Sep 17 00:00:00 2001 From: kcreddy Date: Wed, 23 Nov 2022 23:52:35 +0530 Subject: [PATCH 099/103] auth0 change manifest to 8.1.0 --- packages/auth0/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index 34370d8a637..51e08e725a2 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -11,7 +11,7 @@ categories: - security release: ga conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: ^8.1.0 screenshots: - src: /img/auth0-screenshot.png title: Auth0 Dashboard From d3c713bcd979ef8a45bec5062bf35bf0bacef580 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 24 Nov 2022 00:09:57 +0530 Subject: [PATCH 100/103] update osquery README --- packages/osquery/docs/README.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/packages/osquery/docs/README.md b/packages/osquery/docs/README.md index 1d63fb34aaa..aaed265d81e 100644 --- a/packages/osquery/docs/README.md +++ b/packages/osquery/docs/README.md @@ -26,12 +26,11 @@ An example event for `result` looks as following: { "@timestamp": "2018-01-08T14:51:55.000Z", "agent": { - "ephemeral_id": "a893e713-eedc-4ae1-8951-0a0ca7f783de", - "hostname": "docker-fleet-agent", - "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", + "ephemeral_id": "207a0fe6-de4f-434f-9c34-d0898df6ac96", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.1.0" }, "data_stream": { "dataset": "osquery.result", @@ -42,16 +41,16 @@ An example event for `result` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "5e42424f-8ff5-4c7b-8a60-617548fd6b6a", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "snapshot": false, - "version": "7.17.0" + "version": "8.1.0" }, "event": { "action": "added", "agent_id_status": "verified", - "created": "2022-11-14T15:11:13.595Z", + "created": "2022-11-22T19:16:32.440Z", "dataset": "osquery.result", - "ingested": "2022-11-14T15:11:17Z", + "ingested": "2022-11-22T19:16:35Z", "kind": "event", "type": "info" }, @@ -61,10 +60,10 @@ An example event for `result` looks as following: "hostname": "ubuntu-xenial", "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "ip": [ - "192.168.128.7" + "172.25.0.7" ], "mac": [ - "02:42:c0:a8:80:07" + "02:42:ac:19:00:07" ], "name": "docker-fleet-agent", "os": { From a0bc453c5d67294f1a1de2ce65fe9bfdc836c339 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 24 Nov 2022 00:15:25 +0530 Subject: [PATCH 101/103] update qnap_nas README --- packages/qnap_nas/docs/README.md | 10 +- ...-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json | 1336 ++++++++--------- 2 files changed, 673 insertions(+), 673 deletions(-) diff --git a/packages/qnap_nas/docs/README.md b/packages/qnap_nas/docs/README.md index 1e5b3db81a0..1cad84eac9d 100644 --- a/packages/qnap_nas/docs/README.md +++ b/packages/qnap_nas/docs/README.md @@ -14,8 +14,8 @@ An example event for `log` looks as following: { "@timestamp": "2022-10-30T20:24:24.000Z", "agent": { - "ephemeral_id": "70560290-2c53-41c4-b32b-d4b76b6a6b18", - "id": "2d8f9f42-f276-4b2a-9082-a758a08f49f2", + "ephemeral_id": "b04b6107-ca2b-4adb-90c0-2c86f2ebc578", + "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", "name": "docker-fleet-agent", "type": "filebeat", "version": "8.1.0" @@ -29,7 +29,7 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "2d8f9f42-f276-4b2a-9082-a758a08f49f2", + "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", "snapshot": false, "version": "8.1.0" }, @@ -41,7 +41,7 @@ An example event for `log` looks as following: ], "created": "2022-10-30T20:24:24.000Z", "dataset": "qnap_nas.log", - "ingested": "2022-11-22T20:22:19Z", + "ingested": "2022-11-22T20:55:17Z", "kind": "event", "provider": "conn-log", "timezone": "+00:00", @@ -60,7 +60,7 @@ An example event for `log` looks as following: }, "log": { "source": { - "address": "192.168.80.6:41074" + "address": "192.168.112.4:36880" }, "syslog": { "priority": 30 diff --git a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json index d1262b07a51..d2ef263eef0 100644 --- a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json +++ b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json @@ -1,692 +1,692 @@ { - "id": "qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-11-22T20:19:24.383Z", - "version": "WzU4NSwxXQ==", - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "title": "Controls [QNAP NAS]", - "description": "", - "uiState": {}, - "params": { - "controls": [ - { - "fieldName": "source.ip", - "id": "1637528635830", - "indexPatternRefName": "control_0_index_pattern", - "label": "Source IP", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "host.name", - "id": "1637528676545", - "indexPatternRefName": "control_1_index_pattern", - "label": "NAS Hostname", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.name", - "id": "1637528892452", - "indexPatternRefName": "control_2_index_pattern", - "label": "User", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "qnap.nas.connection_type", - "id": "1637530638172", - "indexPatternRefName": "control_3_index_pattern", - "label": "Connection Type", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "type": "input_control_vis", - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "qnap_nas.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "qnap_nas.log" - } - } - } - ], + "id": "qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T20:19:24.383Z", + "version": "WzU4NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 7, - "i": "08e193f5-7994-4a34-8572-62dd8fb527fd", - "w": 48, - "x": 0, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "08e193f5-7994-4a34-8572-62dd8fb527fd", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - }, - "savedVis": { - "title": "File Actions [QNAP NAS]", - "description": "", - "uiState": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "title": "Controls [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "source.ip", + "id": "1637528635830", + "indexPatternRefName": "control_0_index_pattern", + "label": "Source IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "host.name", + "id": "1637528676545", + "indexPatternRefName": "control_1_index_pattern", + "label": "NAS Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.name", + "id": "1637528892452", + "indexPatternRefName": "control_2_index_pattern", + "label": "User", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "qnap.nas.connection_type", + "id": "1637530638172", + "indexPatternRefName": "control_3_index_pattern", + "label": "Connection Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "qnap_nas.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "qnap_nas.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "file" - }, - "type": "phrase" + "gridData": { + "h": 7, + "i": "08e193f5-7994-4a34-8572-62dd8fb527fd", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "08e193f5-7994-4a34-8572-62dd8fb527fd", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false }, - "query": { - "match_phrase": { - "event.category": "file" - } + "savedVis": { + "title": "File Actions [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "file" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "file" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "w": 17, - "x": 0, - "y": 7 - }, - "panelIndex": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Connection Types [QNAP NAS]", - "description": "", - "uiState": { - "vis": { - "legendOpen": false - } - }, - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "field": "qnap.nas.connection_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "w": 15, - "x": 17, - "y": 7 - }, - "panelIndex": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "table": null, - "vis": { - "params": { - "colWidth": [ - { - "colIndex": 1, - "width": 168.5 + "gridData": { + "h": 18, + "i": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", + "w": 17, + "x": 0, + "y": 7 }, - { - "colIndex": 0, - "width": 464.5 - } - ] - } - }, - "savedVis": { - "title": "Top Accessed Files [QNAP NAS]", - "description": "", - "uiState": {}, - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" + "panelIndex": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", + "type": "visualization", + "version": "8.0.0" }, - "type": "table", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Connection Types [QNAP NAS]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "qnap.nas.connection_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "file.path", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "bucket", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.provider", - "negate": false, - "params": { - "query": "conn-log" - }, - "type": "phrase" + "gridData": { + "h": 18, + "i": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", + "w": 15, + "x": 17, + "y": 7 + }, + "panelIndex": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "table": null, + "vis": { + "params": { + "colWidth": [ + { + "colIndex": 1, + "width": 168.5 + }, + { + "colIndex": 0, + "width": 464.5 + } + ] + } }, - "query": { - "match_phrase": { - "event.provider": "conn-log" - } + "savedVis": { + "title": "Top Accessed Files [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "file.path", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "conn-log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "conn-log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - } - } - }, - "gridData": { - "h": 18, - "i": "20d36c90-71af-4062-94da-0374c871667e", - "w": 16, - "x": 32, - "y": 7 - }, - "panelIndex": "20d36c90-71af-4062-94da-0374c871667e", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Event Actions over Time", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "type": "histogram", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "1w" - }, - "schema": "segment", - "type": "date_histogram" + "gridData": { + "h": 18, + "i": "20d36c90-71af-4062-94da-0374c871667e", + "w": 16, + "x": 32, + "y": 7 }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.provider", - "negate": false, - "params": { - "query": "conn-log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.provider": "conn-log" - } + "panelIndex": "20d36c90-71af-4062-94da-0374c871667e", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Actions over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y/d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "1w" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "conn-log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "conn-log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + }, + "gridData": { + "h": 17, + "i": "e0abcb09-b900-4d29-9146-02ab3aca914e", + "w": 48, + "x": 0, + "y": 25 + }, + "panelIndex": "e0abcb09-b900-4d29-9146-02ab3aca914e", + "type": "visualization", + "version": "8.0.0" } - } + ], + "timeRestore": false, + "title": "[QNAP NAS] Access Logs", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_0_index_pattern", + "id": "logs-*" }, - "gridData": { - "h": 17, - "i": "e0abcb09-b900-4d29-9146-02ab3aca914e", - "w": 48, - "x": 0, - "y": 25 + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_1_index_pattern", + "id": "logs-*" }, - "panelIndex": "e0abcb09-b900-4d29-9146-02ab3aca914e", - "type": "visualization", - "version": "8.0.0" - } + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + }, + { + "type": "search", + "name": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + }, + { + "type": "index-pattern", + "name": "20d36c90-71af-4062-94da-0374c871667e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "20d36c90-71af-4062-94da-0374c871667e:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + }, + { + "type": "index-pattern", + "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" + } ], - "timeRestore": false, - "title": "[QNAP NAS] Access Logs", - "version": 1 - }, - "references": [ - { - "type": "index-pattern", - "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_0_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_1_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_2_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_3_index_pattern", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:search_0", - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" - }, - { - "type": "search", - "name": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62:search_0", - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" - }, - { - "type": "index-pattern", - "name": "20d36c90-71af-4062-94da-0374c871667e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" - }, - { - "type": "search", - "name": "20d36c90-71af-4062-94da-0374c871667e:search_0", - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" - }, - { - "type": "index-pattern", - "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "search", - "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:search_0", - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" - } - ], - "migrationVersion": { - "dashboard": "8.1.0" - }, - "coreMigrationVersion": "8.1.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file From b2ef07b8351601fea1af7439e832ae78839370c1 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 24 Nov 2022 14:53:03 +0530 Subject: [PATCH 102/103] qnap_nas update manifest version --- packages/qnap_nas/data_stream/log/sample_event.json | 10 +++++----- packages/qnap_nas/docs/README.md | 10 +++++----- .../qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json | 4 ++-- packages/qnap_nas/manifest.yml | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/qnap_nas/data_stream/log/sample_event.json b/packages/qnap_nas/data_stream/log/sample_event.json index 4ff670b8d66..d85f18d7ada 100644 --- a/packages/qnap_nas/data_stream/log/sample_event.json +++ b/packages/qnap_nas/data_stream/log/sample_event.json @@ -1,8 +1,8 @@ { "@timestamp": "2022-10-30T20:24:24.000Z", "agent": { - "ephemeral_id": "b04b6107-ca2b-4adb-90c0-2c86f2ebc578", - "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", + "ephemeral_id": "d78177be-a52f-47d7-ab88-ce74c24bde53", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "name": "docker-fleet-agent", "type": "filebeat", "version": "8.1.0" @@ -16,7 +16,7 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "snapshot": false, "version": "8.1.0" }, @@ -28,7 +28,7 @@ ], "created": "2022-10-30T20:24:24.000Z", "dataset": "qnap_nas.log", - "ingested": "2022-11-22T20:55:17Z", + "ingested": "2022-11-24T09:21:53Z", "kind": "event", "provider": "conn-log", "timezone": "+00:00", @@ -47,7 +47,7 @@ }, "log": { "source": { - "address": "192.168.112.4:36880" + "address": "172.24.0.4:35244" }, "syslog": { "priority": 30 diff --git a/packages/qnap_nas/docs/README.md b/packages/qnap_nas/docs/README.md index 1cad84eac9d..f287748b55f 100644 --- a/packages/qnap_nas/docs/README.md +++ b/packages/qnap_nas/docs/README.md @@ -14,8 +14,8 @@ An example event for `log` looks as following: { "@timestamp": "2022-10-30T20:24:24.000Z", "agent": { - "ephemeral_id": "b04b6107-ca2b-4adb-90c0-2c86f2ebc578", - "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", + "ephemeral_id": "d78177be-a52f-47d7-ab88-ce74c24bde53", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "name": "docker-fleet-agent", "type": "filebeat", "version": "8.1.0" @@ -29,7 +29,7 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "44d6209a-f153-4ff2-bcce-819a164c5aca", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "snapshot": false, "version": "8.1.0" }, @@ -41,7 +41,7 @@ An example event for `log` looks as following: ], "created": "2022-10-30T20:24:24.000Z", "dataset": "qnap_nas.log", - "ingested": "2022-11-22T20:55:17Z", + "ingested": "2022-11-24T09:21:53Z", "kind": "event", "provider": "conn-log", "timezone": "+00:00", @@ -60,7 +60,7 @@ An example event for `log` looks as following: }, "log": { "source": { - "address": "192.168.112.4:36880" + "address": "172.24.0.4:35244" }, "syslog": { "priority": 30 diff --git a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json index d2ef263eef0..350bbf92cf6 100644 --- a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json +++ b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json @@ -4,8 +4,8 @@ "namespaces": [ "default" ], - "updated_at": "2022-11-22T20:19:24.383Z", - "version": "WzU4NSwxXQ==", + "updated_at": "2022-11-24T08:38:18.380Z", + "version": "WzYxNiwxXQ==", "attributes": { "description": "", "hits": 0, diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index a6f779162d4..f2d56bc6da7 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: ["security"] conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: "^8.1.0" icons: - src: /img/logo.svg title: QNAP logo From 7ca13c37de5cdf32831f554e675ab162ca04fc15 Mon Sep 17 00:00:00 2001 From: kcreddy Date: Thu, 1 Dec 2022 22:58:48 +0530 Subject: [PATCH 103/103] revert cisco_ise and netskope --- packages/cisco_ise/manifest.yml | 2 +- packages/netskope/manifest.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 0dcee5495ec..f78141f59c0 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: ^8.1.0 + kibana.version: ^7.17.0 || ^8.0.0 screenshots: - src: /img/cisco-ise-screenshot.png title: Cisco ISE dashboard screenshot diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index 0cd84f3b1d0..ce53ef974c9 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: ^8.1.0 + kibana.version: ^7.17.0 || ^8.0.0 screenshots: - src: /img/netskope-alerts-screenshot.png title: Netskope Alert logs screenshot